diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
index 8e558458feb04..cb88c5b89fc91 100644
--- a/.buildkite/ftr_configs.yml
+++ b/.buildkite/ftr_configs.yml
@@ -193,8 +193,6 @@ enabled:
   - x-pack/test/api_integration/config_security_basic.ts
   - x-pack/test/api_integration/config_security_trial.ts
   - x-pack/test/api_integration/apis/aiops/config.ts
-  - x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts
-  - x-pack/test/api_integration/apis/asset_manager/config_when_enabled.ts
   - x-pack/test/api_integration/apis/cases/config.ts
   - x-pack/test/api_integration/apis/content_management/config.ts
   - x-pack/test/api_integration/apis/cloud_security_posture/config.ts
@@ -389,8 +387,10 @@ enabled:
   - x-pack/test/security_api_integration/login_selector.config.ts
   - x-pack/test/security_api_integration/oidc_implicit_flow.config.ts
   - x-pack/test/security_api_integration/oidc.config.ts
+  - x-pack/test/security_api_integration/oidc.http2.config.ts
   - x-pack/test/security_api_integration/pki.config.ts
   - x-pack/test/security_api_integration/saml.config.ts
+  - x-pack/test/security_api_integration/saml.http2.config.ts
   - x-pack/test/security_api_integration/saml_cloud.config.ts
   - x-pack/test/security_api_integration/session_idle.config.ts
   - x-pack/test/security_api_integration/session_invalidate.config.ts
@@ -401,6 +401,8 @@ enabled:
   - x-pack/test/security_functional/login_selector.config.ts
   - x-pack/test/security_functional/oidc.config.ts
   - x-pack/test/security_functional/saml.config.ts
+  - x-pack/test/security_functional/saml.http2.config.ts
+  - x-pack/test/security_functional/oidc.http2.config.ts
   - x-pack/test/security_functional/insecure_cluster_warning.config.ts
   - x-pack/test/security_functional/user_profiles.config.ts
   - x-pack/test/security_functional/expired_session.config.ts
@@ -451,6 +453,7 @@ enabled:
   - x-pack/test_serverless/functional/test_suites/security/config.examples.ts
   - x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
   - x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.essentials.ts
+  - x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts
   - x-pack/test_serverless/functional/test_suites/security/config.saved_objects_management.ts
   - x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts
   - x-pack/test_serverless/functional/test_suites/security/common_configs/config.group1.ts
diff --git a/.buildkite/package-lock.json b/.buildkite/package-lock.json
index b782b9c1d34eb..763e8fb659c9b 100644
--- a/.buildkite/package-lock.json
+++ b/.buildkite/package-lock.json
@@ -388,11 +388,11 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -660,9 +660,9 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -1980,11 +1980,11 @@
       }
     },
     "braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       }
     },
     "browser-stdout": {
@@ -2176,9 +2176,9 @@
       }
     },
     "fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "requires": {
         "to-regex-range": "^5.0.1"
       }
diff --git a/.buildkite/pipeline-resource-definitions/kibana-serverless-release-testing.yml b/.buildkite/pipeline-resource-definitions/kibana-serverless-release-testing.yml
new file mode 100644
index 0000000000000..fe3fdaf49c748
--- /dev/null
+++ b/.buildkite/pipeline-resource-definitions/kibana-serverless-release-testing.yml
@@ -0,0 +1,46 @@
+# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: bk-kibana-serverless-emergency-release-branch-testing
+  description: Runs testing for emergency release / hotfix branches
+  links:
+    - url: 'https://buildkite.com/elastic/kibana-serverless-emergency-release-branch-testing'
+      title: Pipeline link
+spec:
+  type: buildkite-pipeline
+  owner: 'group:kibana-operations'
+  system: buildkite
+  implementation:
+    apiVersion: buildkite.elastic.dev/v1
+    kind: Pipeline
+    metadata:
+      name: kibana / serverless / emergency release branch testing
+      description: Runs testing for emergency release / hotfix branches
+    spec:
+      env:
+        SLACK_NOTIFICATIONS_CHANNEL: '#kibana-mission-control'
+        ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true'
+      allow_rebuilds: true
+      branch_configuration: deploy-fix@*
+      default_branch: main
+      repository: elastic/kibana
+      pipeline_file: .buildkite/pipelines/es_serverless/emergency_release_branch_testing.yml
+      skip_intermediate_builds: false
+      provider_settings:
+        build_branches: true
+        build_pull_requests: false
+        publish_commit_status: true
+        trigger_mode: code
+        build_tags: false
+        prefix_pull_request_fork_branch_names: false
+        skip_pull_request_builds_for_existing_commits: true
+      teams:
+        everyone:
+          access_level: BUILD_AND_READ
+        kibana-operations:
+          access_level: MANAGE_BUILD_AND_READ
+        appex-qa:
+          access_level: MANAGE_BUILD_AND_READ
+        kibana-tech-leads:
+          access_level: MANAGE_BUILD_AND_READ
diff --git a/.buildkite/pipeline-resource-definitions/locations.yml b/.buildkite/pipeline-resource-definitions/locations.yml
index f9dc312a26582..55af40868bd4a 100644
--- a/.buildkite/pipeline-resource-definitions/locations.yml
+++ b/.buildkite/pipeline-resource-definitions/locations.yml
@@ -27,6 +27,7 @@ spec:
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-performance-data-set-extraction-daily.yml
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-pr.yml
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-purge-cloud-deployments.yml
+    - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-release-testing.yml
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-release.yml
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/scalability_testing-daily.yml
     - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/security-solution-ess/security-solution-ess.yml
diff --git a/.buildkite/pipeline-utils/agent_images.ts b/.buildkite/pipeline-utils/agent_images.ts
new file mode 100644
index 0000000000000..0606f036b1c64
--- /dev/null
+++ b/.buildkite/pipeline-utils/agent_images.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { dump } from 'js-yaml';
+import { BuildkiteClient, BuildkiteCommandStep } from './buildkite';
+
+type AgentImageConfig = BuildkiteCommandStep['agents'];
+
+const DEFAULT_AGENT_IMAGE_CONFIG: AgentImageConfig = {
+  provider: 'gcp',
+  image: 'family/kibana-ubuntu-2004',
+  imageProject: 'elastic-images-prod',
+};
+
+const FIPS_AGENT_IMAGE_CONFIG: AgentImageConfig = {
+  provider: 'gcp',
+  image: 'family/kibana-fips-ubuntu-2004',
+  imageProject: 'elastic-images-prod',
+};
+
+const GITHUB_PR_LABELS = process.env.GITHUB_PR_LABELS ?? '';
+const FTR_ENABLE_FIPS_AGENT = process.env.FTR_ENABLE_FIPS_AGENT?.toLowerCase() === 'true';
+
+// Narrow the return type with overloads
+function getAgentImageConfig(): AgentImageConfig;
+function getAgentImageConfig(options: { returnYaml: true }): string;
+function getAgentImageConfig({ returnYaml = false } = {}): string | AgentImageConfig {
+  const bk = new BuildkiteClient();
+  let config: AgentImageConfig;
+
+  if (FTR_ENABLE_FIPS_AGENT || GITHUB_PR_LABELS.includes('ci:enable-fips-agent')) {
+    config = FIPS_AGENT_IMAGE_CONFIG;
+
+    bk.setAnnotation(
+      'agent image config',
+      'info',
+      '#### FIPS Agents Enabled<br />\nFIPS mode can produce new test failures. If you did not intend this remove ```KBN_ENABLE_FIPS``` environment variable and/or the ```ci:enable-fips-agent``` Github label.'
+    );
+  } else {
+    config = DEFAULT_AGENT_IMAGE_CONFIG;
+  }
+
+  if (returnYaml) {
+    return dump({ agents: config });
+  }
+
+  return config;
+}
+
+export { getAgentImageConfig };
diff --git a/.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order.ts b/.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order.ts
index aa6e33f1116b4..20b2d366e6067 100644
--- a/.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order.ts
+++ b/.buildkite/pipeline-utils/ci-stats/pick_test_group_run_order.ts
@@ -16,6 +16,7 @@ import { BuildkiteClient, BuildkiteStep } from '../buildkite';
 import { CiStatsClient, TestGroupRunOrderResponse } from './client';
 
 import DISABLED_JEST_CONFIGS from '../../disabled_jest_configs.json';
+import { getAgentImageConfig } from '#pipeline-utils';
 
 type RunGroup = TestGroupRunOrderResponse['types'][0];
 
@@ -25,9 +26,7 @@ const getAgentRule = (queueName: string = 'n2-4-spot') => {
   if (process.env?.BUILDKITE_AGENT_META_DATA_QUEUE === 'gobld') {
     const [kind, cores, spot] = queueName.split('-');
     return {
-      provider: 'gcp',
-      image: 'family/kibana-ubuntu-2004',
-      imageProject: 'elastic-images-prod',
+      ...getAgentImageConfig(),
       machineType: `${kind}-standard-${cores}`,
       preemptible: spot === 'spot',
     };
diff --git a/.buildkite/pipeline-utils/index.ts b/.buildkite/pipeline-utils/index.ts
index b8da40de58f2e..b84c1e2d913d9 100644
--- a/.buildkite/pipeline-utils/index.ts
+++ b/.buildkite/pipeline-utils/index.ts
@@ -6,6 +6,7 @@
  * Side Public License, v 1.
  */
 
+export * from './agent_images';
 export * from './buildkite';
 export * as CiStats from './ci-stats';
 export * from './github';
diff --git a/.buildkite/pipelines/artifacts.yml b/.buildkite/pipelines/artifacts.yml
index cce4ae9cfc525..3f8a671a2d88a 100644
--- a/.buildkite/pipelines/artifacts.yml
+++ b/.buildkite/pipelines/artifacts.yml
@@ -92,7 +92,7 @@ steps:
         - exit_status: '*'
           limit: 1
 
-  - command: KIBANA_DOCKER_CONTEXT=chainguard .buildkite/scripts/steps/artifacts/docker_context.sh
+  - command: KIBANA_DOCKER_CONTEXT=wolfi .buildkite/scripts/steps/artifacts/docker_context.sh
     label: 'Docker Context Verification'
     agents:
       image: family/kibana-ubuntu-2004
diff --git a/.buildkite/pipelines/es_serverless/emergency_release_branch_testing.yml b/.buildkite/pipelines/es_serverless/emergency_release_branch_testing.yml
index 1952900c1aab1..b0a79427f197a 100644
--- a/.buildkite/pipelines/es_serverless/emergency_release_branch_testing.yml
+++ b/.buildkite/pipelines/es_serverless/emergency_release_branch_testing.yml
@@ -2,7 +2,10 @@
 
 ## Triggers the artifacts container image build for emergency releases
 agents:
-  queue: kibana-default
+  image: family/kibana-ubuntu-2004
+  imageProject: elastic-images-prod
+  provider: gcp
+  machineType: n2-standard-2
 
 notify:
   - slack: "#kibana-mission-control"
diff --git a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml
index 81f04f933208c..aae27bd38af0f 100644
--- a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml
+++ b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml
@@ -5,7 +5,7 @@
 # SKIP_VERIFICATION: if set to 1/true, it will skip running all tests
 # SKIP_CYPRESS: if set to 1/true, it will skip running the cypress tests
 # FTR_EXTRA_ARGS: a string argument, if passed, it will be forwarded verbatim to the FTR run script
-# ES_SERVERLESS_IMAGE: the tag for the docker image to test, in the form of docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:$TAG
+# ES_SERVERLESS_IMAGE: the full image path for the docker image to test
 # BUILDKITE_COMMIT: the commit hash of the kibana branch to test
 
 agents:
@@ -16,16 +16,7 @@ agents:
 
 steps:
   - label: "Annotate runtime parameters"
-    command: |
-      buildkite-agent annotate --context kibana-commit --style info "Kibana build hash: $BUILDKITE_BRANCH / $BUILDKITE_COMMIT"
-      cat << EOF | buildkite-agent annotate --context es-serverless-image --style info
-        ES Serverless image: \`$ES_SERVERLESS_IMAGE\`
-
-        To run this locally:
-        \`\`\`
-        node scripts/es serverless --image $ES_SERVERLESS_IMAGE
-        \`\`\`
-      EOF
+    command: .buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh
 
   - group: "(:kibana: x :elastic:) Trigger Kibana Serverless suite"
     if: "build.env('SKIP_VERIFICATION') != '1' && build.env('SKIP_VERIFICATION') != 'true'"
diff --git a/.buildkite/pipelines/fips.yml b/.buildkite/pipelines/fips.yml
index d1dde1c08bfb1..09ae10496456f 100644
--- a/.buildkite/pipelines/fips.yml
+++ b/.buildkite/pipelines/fips.yml
@@ -1,32 +1,63 @@
 env:
-  DISABLE_CI_STATS_SHIPPING: "true"
+  DISABLE_CI_STATS_SHIPPING: 'true'
+  KBN_ENABLE_FIPS: 'true'
+  TEST_BROWSER_HEADLESS: 1
+agents:
+  provider: 'gcp'
+  image: 'family/kibana-fips-ubuntu-2004'
+  imageProject: 'elastic-images-prod'
 steps:
+  - command: .buildkite/scripts/lifecycle/pre_build.sh
+    label: Pre-Build
+    key: pre-build
+    timeout_in_minutes: 10
+    agents:
+      machineType: n2-standard-2
+
+  - wait
+
   - command: .buildkite/scripts/steps/build_kibana.sh
     label: Build Kibana Distribution and Plugins
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-16
       preemptible: true
     key: build
     if: "build.env('KIBANA_BUILD_ID') == null || build.env('KIBANA_BUILD_ID') == ''"
+    depends_on: pre-build
     timeout_in_minutes: 60
     retry:
       automatic:
-        - exit_status: "-1"
+        - exit_status: '-1'
           limit: 3
 
   - wait
 
-  - command: TEST_PACKAGE=fips .buildkite/scripts/steps/package_testing/test.sh
-    label: "Smoke testing for FIPS"
+  - command: .buildkite/scripts/steps/checks/verify_fips_enabled.sh
+    label: 'Verify FIPS Enabled'
+    depends_on: build
+    timeout_in_minutes: 10
+    agents:
+      machineType: n2-standard-2
+      preemptible: true
+
+  - command: .buildkite/scripts/steps/fips/smoke_test.sh
+    label: 'Pick Smoke Test Group Run Order'
+    depends_on: build
+    timeout_in_minutes: 10
+    env:
+      FTR_CONFIGS_SCRIPT: '.buildkite/scripts/steps/test/ftr_configs.sh'
+      FTR_EXTRA_ARGS: '$FTR_EXTRA_ARGS'
+      LIMIT_CONFIG_TYPE: 'functional'
+    retry:
+      automatic:
+        - exit_status: '*'
+          limit: 1
+
+  - wait: ~
+    continue_on_failure: true
+
+  - command: .buildkite/scripts/lifecycle/post_build.sh
+    label: Post-Build
+    timeout_in_minutes: 10
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
-      enableNestedVirtualization: true
-      localSsds: 1
-      localSsdInterface: nvme
-      machineType: n2-standard-4
-    timeout_in_minutes: 600
+      machineType: n2-standard-2
diff --git a/.buildkite/pipelines/pull_request/apm_cypress.yml b/.buildkite/pipelines/pull_request/apm_cypress.yml
index e0d8b5f4db021..05194bae83e79 100644
--- a/.buildkite/pipelines/pull_request/apm_cypress.yml
+++ b/.buildkite/pipelines/pull_request/apm_cypress.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/apm_cypress.sh
     label: 'APM Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/base.yml b/.buildkite/pipelines/pull_request/base.yml
index 0af21702aedd0..8b57562c7a329 100644
--- a/.buildkite/pipelines/pull_request/base.yml
+++ b/.buildkite/pipelines/pull_request/base.yml
@@ -3,9 +3,6 @@ steps:
     label: Pre-Build
     timeout_in_minutes: 10
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
 
   - wait
@@ -13,9 +10,6 @@ steps:
   - command: .buildkite/scripts/steps/build_kibana.sh
     label: Build Kibana Distribution and Plugins
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-16
       preemptible: true
     key: build
@@ -29,9 +23,6 @@ steps:
   - command: .buildkite/scripts/steps/quick_checks.sh
     label: 'Quick Checks'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
       preemptible: true
     key: quick_checks
@@ -46,9 +37,6 @@ steps:
   - command: .buildkite/scripts/steps/ci_stats_ready.sh
     label: Mark CI Stats as ready
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
     timeout_in_minutes: 10
     depends_on:
@@ -62,9 +50,6 @@ steps:
   - command: .buildkite/scripts/steps/test/pick_test_group_run_order.sh
     label: 'Pick Test Group Run Order'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
     timeout_in_minutes: 10
     env:
@@ -79,9 +64,6 @@ steps:
   - command: .buildkite/scripts/steps/lint.sh
     label: 'Linting'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-8
       preemptible: true
     key: linting
@@ -94,9 +76,6 @@ steps:
   - command: .buildkite/scripts/steps/check_types.sh
     label: 'Check Types'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     key: check_types
@@ -109,9 +88,6 @@ steps:
   - command: .buildkite/scripts/steps/lint_with_types.sh
     label: 'Linting (with types)'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-16
       preemptible: true
     key: linting_with_types
@@ -125,9 +101,6 @@ steps:
     label: 'Checks'
     key: checks
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
       preemptible: true
     timeout_in_minutes: 60
@@ -139,9 +112,6 @@ steps:
   - command: .buildkite/scripts/steps/api_docs/build_api_docs.sh
     label: 'Build API Docs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     key: build_api_docs
diff --git a/.buildkite/pipelines/pull_request/build_project.yml b/.buildkite/pipelines/pull_request/build_project.yml
index c6ae6479effd5..2f18ff4674557 100644
--- a/.buildkite/pipelines/pull_request/build_project.yml
+++ b/.buildkite/pipelines/pull_request/build_project.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/artifacts/docker_image.sh
     label: 'Build Project Image'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-16
       preemptible: true
     timeout_in_minutes: 60
diff --git a/.buildkite/pipelines/pull_request/check_next_docs.yml b/.buildkite/pipelines/pull_request/check_next_docs.yml
index eafd8ca872392..d513de2f8fea3 100644
--- a/.buildkite/pipelines/pull_request/check_next_docs.yml
+++ b/.buildkite/pipelines/pull_request/check_next_docs.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/next_docs/build_and_validate_docs.sh
     label: 'Build and Validate Next Docs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     timeout_in_minutes: 30
diff --git a/.buildkite/pipelines/pull_request/deploy_cloud.yml b/.buildkite/pipelines/pull_request/deploy_cloud.yml
index ed174aa41facd..d520822e54f7b 100644
--- a/.buildkite/pipelines/pull_request/deploy_cloud.yml
+++ b/.buildkite/pipelines/pull_request/deploy_cloud.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/cloud/build_and_deploy.sh
     label: 'Build and Deploy to Cloud'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/deploy_project.yml b/.buildkite/pipelines/pull_request/deploy_project.yml
index 0698d9e1899e6..34333f411c80d 100644
--- a/.buildkite/pipelines/pull_request/deploy_project.yml
+++ b/.buildkite/pipelines/pull_request/deploy_project.yml
@@ -3,9 +3,6 @@ steps:
     label: 'Build Project Image'
     key: build_project_image
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-16
       preemptible: true
     timeout_in_minutes: 60
@@ -16,9 +13,6 @@ steps:
   - command: .buildkite/scripts/steps/serverless/deploy.sh
     label: 'Deploy Project'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     timeout_in_minutes: 10
diff --git a/.buildkite/pipelines/pull_request/exploratory_view_plugin.yml b/.buildkite/pipelines/pull_request/exploratory_view_plugin.yml
index 511e98321ecb7..72a2ae8ab785b 100644
--- a/.buildkite/pipelines/pull_request/exploratory_view_plugin.yml
+++ b/.buildkite/pipelines/pull_request/exploratory_view_plugin.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/exploratory_view_plugin.sh
     label: 'Exploratory View @elastic/synthetics Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/fips.yml b/.buildkite/pipelines/pull_request/fips.yml
index 5118fae835718..a136b4f91a2c5 100644
--- a/.buildkite/pipelines/pull_request/fips.yml
+++ b/.buildkite/pipelines/pull_request/fips.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/fips/build.sh
     label: 'Build FIPS Image'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/fleet_cypress.yml b/.buildkite/pipelines/pull_request/fleet_cypress.yml
index b2bf1bc3d9412..2e0365793afc0 100644
--- a/.buildkite/pipelines/pull_request/fleet_cypress.yml
+++ b/.buildkite/pipelines/pull_request/fleet_cypress.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/fleet_cypress.sh
     label: 'Fleet Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/kbn_handlebars.yml b/.buildkite/pipelines/pull_request/kbn_handlebars.yml
index 9bee1bc29f372..5da18ce31919c 100644
--- a/.buildkite/pipelines/pull_request/kbn_handlebars.yml
+++ b/.buildkite/pipelines/pull_request/kbn_handlebars.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/test/kbn_handlebars.sh
     label: 'Check @kbn/handlebars for upstream differences'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml b/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml
index 06c61b703b1e2..b5831e7bb471d 100644
--- a/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml
+++ b/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml
@@ -2,16 +2,12 @@ steps:
   - command: .buildkite/scripts/steps/functional/observability_onboarding_cypress.sh
     label: 'Observability onboarding Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
       - build
       - quick_checks
     timeout_in_minutes: 120
-    parallelism: 2
     retry:
       automatic:
         - exit_status: '-1'
diff --git a/.buildkite/pipelines/pull_request/post_build.yml b/.buildkite/pipelines/pull_request/post_build.yml
index 95764b537e5eb..f5c1a0bae19ea 100644
--- a/.buildkite/pipelines/pull_request/post_build.yml
+++ b/.buildkite/pipelines/pull_request/post_build.yml
@@ -5,7 +5,4 @@ steps:
   - command: .buildkite/scripts/lifecycle/post_build.sh
     label: Post-Build
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-2
diff --git a/.buildkite/pipelines/pull_request/profiling_cypress.yml b/.buildkite/pipelines/pull_request/profiling_cypress.yml
index 7293db65cb704..d86fc5a167db6 100644
--- a/.buildkite/pipelines/pull_request/profiling_cypress.yml
+++ b/.buildkite/pipelines/pull_request/profiling_cypress.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/profiling_cypress.sh
     label: 'Profiling Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/response_ops.yml b/.buildkite/pipelines/pull_request/response_ops.yml
index bc9f22fc8194c..60e2dc32476d5 100644
--- a/.buildkite/pipelines/pull_request/response_ops.yml
+++ b/.buildkite/pipelines/pull_request/response_ops.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/response_ops.sh
     label: 'Rules, Alerts and Exceptions ResponseOps Cypress Tests on Security Solution'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/response_ops_cases.yml b/.buildkite/pipelines/pull_request/response_ops_cases.yml
index 421e71285af4d..1e1510260436d 100644
--- a/.buildkite/pipelines/pull_request/response_ops_cases.yml
+++ b/.buildkite/pipelines/pull_request/response_ops_cases.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/response_ops_cases.sh
     label: 'Cases Cypress Tests on Security Solution'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/ai_assistant.yml b/.buildkite/pipelines/pull_request/security_solution/ai_assistant.yml
index a0dbfdb62e98d..252365ee7e4da 100644
--- a/.buildkite/pipelines/pull_request/security_solution/ai_assistant.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/ai_assistant.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_ai_assistant.sh
     label: 'Serverless AI Assistant - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_ai_assistant.sh
     label: 'AI Assistant - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/cypress_burn.yml b/.buildkite/pipelines/pull_request/security_solution/cypress_burn.yml
index d3ee6fe63f641..6d69748c6d447 100644
--- a/.buildkite/pipelines/pull_request/security_solution/cypress_burn.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/cypress_burn.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/defend_workflows_burn.sh
     label: '[Soft fail] Defend Workflows Cypress Tests, burning changed specs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       enableNestedVirtualization: true
       localSsds: 1
       localSsdInterface: nvme
@@ -21,9 +18,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/defend_workflows_serverless_burn.sh
     label: '[Soft fail] Defend Workflows Cypress Tests on Serverless, burning changed specs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       enableNestedVirtualization: true
       localSsds: 1
       localSsdInterface: nvme
@@ -40,9 +34,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_burn.sh
     label: '[Soft fail] Security Solution Cypress tests, burning changed specs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -57,9 +48,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/osquery_cypress_burn.sh
     label: '[Soft fail] Osquery Cypress Tests, burning changed specs'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml b/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml
index 2fab86d72afa2..47f0e672a8d5a 100644
--- a/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/defend_workflows.sh
     label: 'Defend Workflows Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       enableNestedVirtualization: true
       localSsds: 1
       localSsdInterface: nvme
@@ -22,9 +19,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/defend_workflows_serverless.sh
     label: 'Defend Workflows Cypress Tests on Serverless'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       enableNestedVirtualization: true
       localSsds: 1
       localSsdInterface: nvme
@@ -38,14 +32,10 @@ steps:
       automatic:
         - exit_status: '-1'
           limit: 1
-
 #   status_exception: Native role management is not enabled in this Elasticsearch instance
 #  - command: .buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh
 #    label: 'Serverless Security Defend Workflows Cypress Tests'
 #    agents:
-#      image: family/kibana-ubuntu-2004
-#      imageProject: elastic-images-prod
-#      provider: gcp
 #      machineType: n2-standard-4
 #      preemptible: true
 #    depends_on: build
diff --git a/.buildkite/pipelines/pull_request/security_solution/detection_engine.yml b/.buildkite/pipelines/pull_request/security_solution/detection_engine.yml
index b2294b33f82fe..65a9dc832e1e6 100644
--- a/.buildkite/pipelines/pull_request/security_solution/detection_engine.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/detection_engine.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_detection_engine.sh
     label: 'Serverless Detection Engine - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_detection_engine_exceptions.sh
     label: 'Serverless Detection Engine - Exceptions - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -38,9 +32,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_detection_engine.sh
     label: 'Detection Engine - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -56,9 +47,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_detection_engine_exceptions.sh
     label: 'Detection Engine - Exceptions - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/entity_analytics.yml b/.buildkite/pipelines/pull_request/security_solution/entity_analytics.yml
index bd670b4fa9324..8883f1ab9c038 100644
--- a/.buildkite/pipelines/pull_request/security_solution/entity_analytics.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/entity_analytics.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_entity_analytics.sh
     label: 'Serverless Entity Analytics - Security Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_entity_analytics.sh
     label: 'Entity Analytics - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/explore.yml b/.buildkite/pipelines/pull_request/security_solution/explore.yml
index 4f4609aca42f1..239021affcf99 100644
--- a/.buildkite/pipelines/pull_request/security_solution/explore.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/explore.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_explore.sh
     label: 'Explore - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_explore.sh
     label: 'Serverless Explore - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/investigations.yml b/.buildkite/pipelines/pull_request/security_solution/investigations.yml
index 713b1b0bc45ab..ccd469aedbdbe 100644
--- a/.buildkite/pipelines/pull_request/security_solution/investigations.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/investigations.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_investigations.sh
     label: 'Investigations - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_investigations.sh
     label: 'Serverless Investigations - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml b/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml
index 6e47721a6d671..26faa344371c9 100644
--- a/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/osquery_cypress.sh
     label: 'Osquery Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
     label: 'Serverless Osquery Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/rule_management.yml b/.buildkite/pipelines/pull_request/security_solution/rule_management.yml
index 8c84a6566eca9..30bd1bd1ff649 100644
--- a/.buildkite/pipelines/pull_request/security_solution/rule_management.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/rule_management.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_rule_management.sh
     label: 'Serverless Rule Management - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -20,9 +17,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_serverless_rule_management_prebuilt_rules.sh
     label: 'Serverless Rule Management - Prebuilt Rules - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -38,9 +32,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_rule_management.sh
     label: 'Rule Management - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
@@ -56,9 +47,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/security_solution_rule_management_prebuilt_rules.sh
     label: 'Rule Management - Prebuilt Rules - Security Solution Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/security_solution/threat_intelligence.yml b/.buildkite/pipelines/pull_request/security_solution/threat_intelligence.yml
index 5f79c21bd4938..3b4f0e6accc7f 100644
--- a/.buildkite/pipelines/pull_request/security_solution/threat_intelligence.yml
+++ b/.buildkite/pipelines/pull_request/security_solution/threat_intelligence.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/threat_intelligence.sh
     label: 'Threat Intelligence Cypress Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/slo_plugin_e2e.yml b/.buildkite/pipelines/pull_request/slo_plugin_e2e.yml
index 8dc048801c7c1..852ec2f9a0b16 100644
--- a/.buildkite/pipelines/pull_request/slo_plugin_e2e.yml
+++ b/.buildkite/pipelines/pull_request/slo_plugin_e2e.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/slo_plugin_e2e.sh
     label: 'SLO Plugin @elastic/synthetics Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/storybooks.yml b/.buildkite/pipelines/pull_request/storybooks.yml
index fe8b333f2d46f..4829f7fd91206 100644
--- a/.buildkite/pipelines/pull_request/storybooks.yml
+++ b/.buildkite/pipelines/pull_request/storybooks.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/storybooks/build_and_upload.sh
     label: 'Build Storybooks'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-8
       preemptible: true
     key: storybooks
diff --git a/.buildkite/pipelines/pull_request/synthetics_plugin.yml b/.buildkite/pipelines/pull_request/synthetics_plugin.yml
index 39467f473c08e..77f330b991ba8 100644
--- a/.buildkite/pipelines/pull_request/synthetics_plugin.yml
+++ b/.buildkite/pipelines/pull_request/synthetics_plugin.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/synthetics_plugin.sh
     label: 'Synthetics @elastic/synthetics Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/uptime_plugin.yml b/.buildkite/pipelines/pull_request/uptime_plugin.yml
index 2350767b92edf..286c760336132 100644
--- a/.buildkite/pipelines/pull_request/uptime_plugin.yml
+++ b/.buildkite/pipelines/pull_request/uptime_plugin.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/uptime_plugin.sh
     label: 'Uptime @elastic/synthetics Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/ux_plugin_e2e.yml b/.buildkite/pipelines/pull_request/ux_plugin_e2e.yml
index 747b7e813f752..a11309cffb2c2 100644
--- a/.buildkite/pipelines/pull_request/ux_plugin_e2e.yml
+++ b/.buildkite/pipelines/pull_request/ux_plugin_e2e.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/functional/ux_synthetics_e2e.sh
     label: 'UX Plugin @elastic/synthetics Tests'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     depends_on:
diff --git a/.buildkite/pipelines/pull_request/webpack_bundle_analyzer.yml b/.buildkite/pipelines/pull_request/webpack_bundle_analyzer.yml
index 03ff2bd0da693..6b265c3146a63 100644
--- a/.buildkite/pipelines/pull_request/webpack_bundle_analyzer.yml
+++ b/.buildkite/pipelines/pull_request/webpack_bundle_analyzer.yml
@@ -2,9 +2,6 @@ steps:
   - command: .buildkite/scripts/steps/webpack_bundle_analyzer/build_and_upload.sh
     label: 'Build Webpack Bundle Analyzer reports'
     agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
       machineType: n2-standard-4
       preemptible: true
     key: webpack_bundle_analyzer
diff --git a/.buildkite/scripts/build_kibana.sh b/.buildkite/scripts/build_kibana.sh
index bb86b0abf8d45..f586f1cbe3b1e 100755
--- a/.buildkite/scripts/build_kibana.sh
+++ b/.buildkite/scripts/build_kibana.sh
@@ -32,7 +32,7 @@ if is_pr_with_label "ci:build-cloud-image"; then
   --skip-docker-ubi \
   --skip-docker-fips \
   --skip-docker-ubuntu \
-  --skip-docker-chainguard \
+  --skip-docker-wolfi \
   --skip-docker-serverless \
   --skip-docker-contexts
 
diff --git a/.buildkite/scripts/common/env.sh b/.buildkite/scripts/common/env.sh
index be1101f4c2d96..a8fa9cae419d0 100755
--- a/.buildkite/scripts/common/env.sh
+++ b/.buildkite/scripts/common/env.sh
@@ -131,3 +131,17 @@ export TEST_GROUP_TYPE_FUNCTIONAL="Functional Tests"
 
 # tells the gh command what our default repo is
 export GH_REPO=github.com/elastic/kibana
+
+FTR_ENABLE_FIPS_AGENT=false
+# used by FIPS agents to link FIPS OpenSSL modules
+if [[ "${KBN_ENABLE_FIPS:-}" == "true" ]] || is_pr_with_label "ci:enable-fips-agent"; then
+  FTR_ENABLE_FIPS_AGENT=true
+  export OPENSSL_MODULES=$HOME/openssl/lib/ossl-modules
+
+  if [[ -f "$KIBANA_DIR/config/node.options" ]]; then
+    echo -e '\n--enable-fips' >>"$KIBANA_DIR/config/node.options"
+    echo "--openssl-config=$HOME/nodejs.cnf" >>"$KIBANA_DIR/config/node.options"
+  fi
+fi
+
+export FTR_ENABLE_FIPS_AGENT
diff --git a/.buildkite/scripts/common/util.sh b/.buildkite/scripts/common/util.sh
index 818d712fd2aa8..5630fed40bf93 100755
--- a/.buildkite/scripts/common/util.sh
+++ b/.buildkite/scripts/common/util.sh
@@ -33,7 +33,7 @@ check_for_changed_files() {
 
   SHOULD_AUTO_COMMIT_CHANGES="${2:-}"
   CUSTOM_FIX_MESSAGE="${3:-}"
-  GIT_CHANGES="$(git status --porcelain -- . ':!:.bazelrc')"
+  GIT_CHANGES="$(git status --porcelain -- . ':!:.bazelrc' ':!:config/node.options')"
 
   if [ "$GIT_CHANGES" ]; then
     if ! is_auto_commit_disabled && [[ "$SHOULD_AUTO_COMMIT_CHANGES" == "true" && "${BUILDKITE_PULL_REQUEST:-}" ]]; then
@@ -56,7 +56,7 @@ check_for_changed_files() {
       git config --global user.name kibanamachine
       git config --global user.email '42973632+kibanamachine@users.noreply.github.com'
       gh pr checkout "${BUILDKITE_PULL_REQUEST}"
-      git add -A -- . ':!.bazelrc'
+      git add -A -- . ':!.bazelrc' ':!config/node.options'
 
       git commit -m "$NEW_COMMIT_MESSAGE"
       git push
diff --git a/.buildkite/scripts/pipelines/pull_request/pipeline.ts b/.buildkite/scripts/pipelines/pull_request/pipeline.ts
index 38ae590f18e0b..c6b28bc20c6f3 100644
--- a/.buildkite/scripts/pipelines/pull_request/pipeline.ts
+++ b/.buildkite/scripts/pipelines/pull_request/pipeline.ts
@@ -9,7 +9,7 @@
 import { execSync } from 'child_process';
 import fs from 'fs';
 import prConfigs from '../../../pull_requests.json';
-import { areChangesSkippable, doAnyChangesMatch } from '#pipeline-utils';
+import { areChangesSkippable, doAnyChangesMatch, getAgentImageConfig } from '#pipeline-utils';
 
 const prConfig = prConfigs.jobs.find((job) => job.pipelineSlug === 'kibana-pull-request');
 
@@ -43,6 +43,7 @@ const getPipeline = (filename: string, removeSteps = true) => {
 
     const pipeline = [];
 
+    pipeline.push(getAgentImageConfig({ returnYaml: true }));
     pipeline.push(getPipeline('.buildkite/pipelines/pull_request/base.yml', false));
 
     if (await doAnyChangesMatch([/^packages\/kbn-handlebars/])) {
@@ -82,7 +83,7 @@ const getPipeline = (filename: string, removeSteps = true) => {
 
     if (
       (await doAnyChangesMatch([
-        /^x-pack\/plugins\/observability_onboarding/,
+        /^x-pack\/plugins\/observability_solution\/observability_onboarding/,
         /^x-pack\/plugins\/fleet/,
       ])) ||
       GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh
index 23231465932dd..1aede759481a5 100755
--- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh
+++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh
@@ -15,7 +15,11 @@ buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true
 source .buildkite/scripts/pipelines/security_solution_quality_gate/prepare_vault_entries.sh
 
 echo "--- Running test script $1"
-TARGET_SCRIPT=$1 node .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/start_api_ftr_execution
+
+cd x-pack/test/security_solution_api_integration
+set +e
+
+TARGET_SCRIPT=$1 node ./scripts/mki_start_api_ftr_execution
 cmd_status=$?
 echo "Exit code with status: $cmd_status"
 exit $cmd_status
diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh
index 5a47026f7cced..1491c25d079d0 100644
--- a/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh
+++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh
@@ -34,7 +34,7 @@ node scripts/build \
   --docker-namespace="kibana-ci" \
   --docker-tag="$KIBANA_IMAGE_TAG" \
   --skip-docker-ubuntu \
-  --skip-docker-chainguard \
+  --skip-docker-wolfi \
   --skip-docker-ubi \
   --skip-docker-cloud \
   --skip-docker-contexts \
diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/prepare_vault_entries.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/prepare_vault_entries.sh
index a7f1529e1fb9b..5c21851e7585f 100644
--- a/.buildkite/scripts/pipelines/security_solution_quality_gate/prepare_vault_entries.sh
+++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/prepare_vault_entries.sh
@@ -8,6 +8,13 @@ vault_get security-quality-gate/role-users data -format=json > .ftr/role_users.j
 vault_get security-quality-gate/role-users/sec-sol-auto-01 data -format=json > .ftr/sec-sol-auto-01.json
 vault_get security-quality-gate/role-users/sec-sol-auto-02 data -format=json > .ftr/sec-sol-auto-02.json
 vault_get security-quality-gate/role-users/sec-sol-auto-03 data -format=json > .ftr/sec-sol-auto-03.json
+vault_get security-quality-gate/role-users/sec-sol-auto-04 data -format=json > .ftr/sec-sol-auto-04.json
+vault_get security-quality-gate/role-users/sec-sol-auto-05 data -format=json > .ftr/sec-sol-auto-05.json
+vault_get security-quality-gate/role-users/sec-sol-auto-06 data -format=json > .ftr/sec-sol-auto-06.json
+vault_get security-quality-gate/role-users/sec-sol-auto-07 data -format=json > .ftr/sec-sol-auto-07.json
+vault_get security-quality-gate/role-users/sec-sol-auto-08 data -format=json > .ftr/sec-sol-auto-08.json
+vault_get security-quality-gate/role-users/sec-sol-auto-09 data -format=json > .ftr/sec-sol-auto-09.json
+vault_get security-quality-gate/role-users/sec-sol-auto-10 data -format=json > .ftr/sec-sol-auto-10.json
 
 # The vault entries relevant to QA Cloud
 export CLOUD_QA_API_KEY=$(vault_get security-solution-quality-gate qa_api_key)
diff --git a/.buildkite/scripts/steps/artifacts/docker_context.sh b/.buildkite/scripts/steps/artifacts/docker_context.sh
index 8ee1c0ba2a438..43a3481bb159a 100755
--- a/.buildkite/scripts/steps/artifacts/docker_context.sh
+++ b/.buildkite/scripts/steps/artifacts/docker_context.sh
@@ -20,8 +20,8 @@ case $KIBANA_DOCKER_CONTEXT in
   default)
     DOCKER_CONTEXT_FILE="kibana-$FULL_VERSION-docker-build-context.tar.gz"
   ;;
-  chainguard)
-    DOCKER_CONTEXT_FILE="kibana-chainguard-$FULL_VERSION-docker-build-context.tar.gz"
+  wolfi)
+    DOCKER_CONTEXT_FILE="kibana-wolfi-$FULL_VERSION-docker-build-context.tar.gz"
   ;;
   cloud)
     DOCKER_CONTEXT_FILE="kibana-cloud-$FULL_VERSION-docker-build-context.tar.gz"
diff --git a/.buildkite/scripts/steps/checks.sh b/.buildkite/scripts/steps/checks.sh
index 481c08f52758d..2844d8eee212f 100755
--- a/.buildkite/scripts/steps/checks.sh
+++ b/.buildkite/scripts/steps/checks.sh
@@ -5,6 +5,9 @@ set -euo pipefail
 export DISABLE_BOOTSTRAP_VALIDATION=false
 .buildkite/scripts/bootstrap.sh
 
+if [[ "${FTR_ENABLE_FIPS_AGENT:-}" == "true" ]]; then
+  .buildkite/scripts/steps/checks/verify_fips_enabled.sh
+fi
 .buildkite/scripts/steps/checks/saved_objects_compat_changes.sh
 .buildkite/scripts/steps/checks/saved_objects_definition_change.sh
 .buildkite/scripts/steps/capture_oas_snapshot.sh
diff --git a/.buildkite/scripts/steps/checks/verify_fips_enabled.sh b/.buildkite/scripts/steps/checks/verify_fips_enabled.sh
new file mode 100755
index 0000000000000..49b2864bcaa74
--- /dev/null
+++ b/.buildkite/scripts/steps/checks/verify_fips_enabled.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# This script is part of checks.sh in the PR pipeline but is called directly in the FIPS pipeline, so we need to bootstrap
+if [[ -z "${BASH_SOURCE[1]+x}" || "${BASH_SOURCE[1]}" != *"checks.sh"* ]]; then
+  export DISABLE_BOOTSTRAP_VALIDATION=false
+  .buildkite/scripts/bootstrap.sh
+fi
+
+.buildkite/scripts/download_build_artifacts.sh
+
+echo --- Verify FIPS enabled
+
+NODE_BINARY="$KIBANA_BUILD_LOCATION/node/glibc-217/bin/node"
+
+if [[ -x "$NODE_BINARY" ]]; then
+  # sed is used to remove invisible ANSI color codes from the output
+  FIPS_STATUS=$("$NODE_BINARY" --enable-fips --openssl-config="$HOME/nodejs.cnf" -p 'crypto.getFips()' | sed 's/\x1b\[[0-9;]*m//g' | tr -d \\n)
+  echo "$FIPS_STATUS" | od -c
+
+  if [[ "$FIPS_STATUS" == "1" ]]; then
+    echo "FIPS enabled successfully"
+    exit 0
+  else
+    echo "Failed to enable FIPS: $FIPS_STATUS"
+    exit 1
+  fi
+else
+  echo "Node binary not found at $NODE_BINARY"
+  exit 1
+fi
diff --git a/.buildkite/scripts/steps/cloud/build_and_deploy.sh b/.buildkite/scripts/steps/cloud/build_and_deploy.sh
index 10d18030c8811..6615d0ec4cdd4 100755
--- a/.buildkite/scripts/steps/cloud/build_and_deploy.sh
+++ b/.buildkite/scripts/steps/cloud/build_and_deploy.sh
@@ -43,7 +43,7 @@ else
     --skip-docker-ubi \
     --skip-docker-fips \
     --skip-docker-ubuntu \
-    --skip-docker-chainguard \
+    --skip-docker-wolfi \
     --skip-docker-serverless \
     --skip-docker-contexts
 fi
diff --git a/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh b/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh
new file mode 100644
index 0000000000000..c3cc571f8a4dc
--- /dev/null
+++ b/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+KIBANA_GITHUB_URL="https://github.com/elastic/kibana"
+ES_SERVERLESS_GITHUB_URL="https://github.com/elastic/elasticsearch-serverless"
+
+if [[ -z "$ES_SERVERLESS_IMAGE" ]]; then
+  echo "ES_SERVERLESS_IMAGE is not set"
+  exit 1
+elif [[ "$ES_SERVERLESS_IMAGE" != *"docker.elastic.co"* ]]; then
+  echo "ES_SERVERLESS_IMAGE should be a docker.elastic.co image"
+  exit 1
+fi
+
+# Pull the target image
+if [[ $ES_SERVERLESS_IMAGE != *":git-"* ]]; then
+  docker pull "$ES_SERVERLESS_IMAGE"
+  ES_SERVERLESS_VERSION=$(docker inspect --format='{{json .Config.Labels}}' "$ES_SERVERLESS_IMAGE" | jq -r '.["org.opencontainers.image.revision"]' | cut -c1-12)
+
+  IMAGE_WITHOUT_TAG=$(echo "$ES_SERVERLESS_IMAGE" | cut -d: -f1)
+  ES_SERVERLESS_IMAGE_FULL="${IMAGE_WITHOUT_TAG}:git-${ES_SERVERLESS_VERSION}"
+else
+  ES_SERVERLESS_IMAGE_FULL=$ES_SERVERLESS_IMAGE
+  ES_SERVERLESS_VERSION=$(echo "$ES_SERVERLESS_IMAGE_FULL" | cut -d: -f2 | cut -d- -f2)
+fi
+
+buildkite-agent annotate --context kibana-commit --style info "Kibana version: $BUILDKITE_BRANCH / [$BUILDKITE_COMMIT]($KIBANA_GITHUB_URL/commit/$BUILDKITE_COMMIT)"
+buildkite-agent annotate --context es-serverless-commit --style info "ES Serverless version: [$ES_SERVERLESS_VERSION]($ES_SERVERLESS_GITHUB_URL/commit/$ES_SERVERLESS_VERSION)"
+
+cat << EOF | buildkite-agent annotate --context es-serverless-image --style info
+  ES Serverless image: \`${ES_SERVERLESS_IMAGE_FULL}\`
+
+  To run this locally:
+  \`\`\`
+  node scripts/es serverless --image $ES_SERVERLESS_IMAGE_FULL
+  \`\`\`
+EOF
diff --git a/.buildkite/scripts/steps/fips/build.sh b/.buildkite/scripts/steps/fips/build.sh
index 0dfebdf2a6de1..e08d56758a45c 100755
--- a/.buildkite/scripts/steps/fips/build.sh
+++ b/.buildkite/scripts/steps/fips/build.sh
@@ -23,7 +23,7 @@ node scripts/build \
     --docker-push \
     --skip-docker-ubi \
     --skip-docker-ubuntu \
-    --skip-docker-chainguard \
+    --skip-docker-wolfi \
     --skip-docker-cloud \
     --skip-docker-serverless \
     --skip-docker-contexts
diff --git a/.buildkite/scripts/steps/fips/smoke_test.sh b/.buildkite/scripts/steps/fips/smoke_test.sh
index 5c70e8c2057df..685bb111ff81a 100755
--- a/.buildkite/scripts/steps/fips/smoke_test.sh
+++ b/.buildkite/scripts/steps/fips/smoke_test.sh
@@ -1,12 +1,10 @@
 #!/usr/bin/env bash
 
-if [ -z "$KIBANA_BUILD_LOCATION" ]; then
-  export KIBANA_BUILD_LOCATION="/usr/share/kibana"
-fi
-
-# a FTR failure will result in the script returning an exit code of 10
-exitCode=0
+set -euo pipefail
 
+# Limit the FTR configs for now to avoid running all the tests. Once we're
+# ready to utilize the full FTR suite in FIPS mode, we can remove this file and
+# call pick_test_group_run_order.sh directly in .buildkite/pipelines/fips.yml.
 configs=(
   "x-pack/test/reporting_functional/reporting_and_security.config.ts"
   "x-pack/test/saved_object_api_integration/security_and_spaces/config_trial.ts"
@@ -19,34 +17,8 @@ configs=(
   "x-pack/test/functional/apps/security/config.ts"
 )
 
-cd /home/vagrant/kibana
-
-for config in "${configs[@]}"; do
-  set +e
-  node /home/vagrant/kibana/scripts/functional_tests \
-    --bail \
-    --kibana-install-dir "$KIBANA_BUILD_LOCATION" \
-    --config="$config"
-  lastCode=$?
-  set -e
-
-  if [ $lastCode -ne 0 ]; then
-    exitCode=10
-    echo "FTR exited with code $lastCode"
-    echo "^^^ +++"
-
-    if [[ "$failedConfigs" ]]; then
-      failedConfigs="${failedConfigs}"$'\n'"- ${config}"
-    else
-      failedConfigs="### Failed FTR Configs"$'\n'"- ${config}"
-    fi
-  fi
-done
-
-if [[ "$failedConfigs" ]]; then
-  echo "$failedConfigs" >/home/vagrant/ftr_failed_configs
-fi
-
-echo "--- FIPS smoke test complete"
+printf -v FTR_CONFIG_PATTERNS '%s,' "${configs[@]}"
+FTR_CONFIG_PATTERNS="${FTR_CONFIG_PATTERNS%,}"
+export FTR_CONFIG_PATTERNS
 
-exit $exitCode
+.buildkite/scripts/steps/test/pick_test_group_run_order.sh
diff --git a/.buildkite/scripts/steps/package_testing/test.sh b/.buildkite/scripts/steps/package_testing/test.sh
index 4917932e05228..c16d5cf98b5f5 100755
--- a/.buildkite/scripts/steps/package_testing/test.sh
+++ b/.buildkite/scripts/steps/package_testing/test.sh
@@ -21,25 +21,17 @@ elif [[ "$TEST_PACKAGE" == "rpm" ]]; then
 elif [[ "$TEST_PACKAGE" == "docker" ]]; then
   download_artifact "kibana-$KIBANA_PKG_VERSION*-docker-image.tar.gz" . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
   KIBANA_IP_ADDRESS="192.168.56.7"
-elif [[ "$TEST_PACKAGE" == "fips" ]]; then
-  download_artifact kibana-default.tar.gz . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
-  download_artifact kibana-default-plugins.tar.gz . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
 fi
 cd ..
 
 export VAGRANT_CWD=$PWD/test/package
+vagrant up "$TEST_PACKAGE" --no-provision
 
-if [[ "$TEST_PACKAGE" == "fips" ]]; then
-  vagrant up "$TEST_PACKAGE"
-else
-  vagrant up "$TEST_PACKAGE" --no-provision
-
-  node scripts/es snapshot \
-    -E network.bind_host=127.0.0.1,192.168.56.1 \
-    -E discovery.type=single-node \
-    --license=trial &
-  while ! timeout 1 bash -c "echo > /dev/tcp/localhost/9200"; do sleep 30; done
-fi
+node scripts/es snapshot \
+  -E network.bind_host=127.0.0.1,192.168.56.1 \
+  -E discovery.type=single-node \
+  --license=trial &
+while ! timeout 1 bash -c "echo > /dev/tcp/localhost/9200"; do sleep 30; done
 
 function echoKibanaLogs {
   if [[ "$TEST_PACKAGE" == "deb" ]] || [[ "$TEST_PACKAGE" == "rpm" ]]; then
@@ -55,29 +47,13 @@ function echoKibanaLogs {
 }
 trap "echoKibanaLogs" EXIT
 
-if [[ "$TEST_PACKAGE" == "fips" ]]; then
-  set +e
-  vagrant ssh $TEST_PACKAGE -t -c "/home/vagrant/kibana/.buildkite/scripts/steps/fips/smoke_test.sh"
-  exitCode=$?
-
-  vagrant ssh $TEST_PACKAGE -t -c "cat /home/vagrant/ftr_failed_configs 2>/dev/null" >ftr_failed_configs
-  set -e
-
-  if [ -s ftr_failed_configs ]; then
-    cat ftr_failed_configs | buildkite-agent annotate --style "error"
-  fi
-
-  exit $exitCode
-else
-  vagrant provision "$TEST_PACKAGE"
+vagrant provision "$TEST_PACKAGE"
 
-  export TEST_BROWSER_HEADLESS=1
-  export TEST_KIBANA_URL="http://elastic:changeme@$KIBANA_IP_ADDRESS:5601"
-  export TEST_ES_URL="http://elastic:changeme@192.168.56.1:9200"
+export TEST_BROWSER_HEADLESS=1
+export TEST_KIBANA_URL="http://elastic:changeme@$KIBANA_IP_ADDRESS:5601"
+export TEST_ES_URL="http://elastic:changeme@192.168.56.1:9200"
 
-  echo "--- FTR - Reporting"
+cd x-pack
 
-  cd x-pack
-
-  node scripts/functional_test_runner.js --config test/functional/apps/visualize/config.ts --include-tag=smoke --quiet
-fi
+echo "--- FTR - Reporting"
+node scripts/functional_test_runner.js --config test/functional/apps/visualize/config.ts --include-tag=smoke --quiet
diff --git a/.buildkite/scripts/steps/serverless/deploy.sh b/.buildkite/scripts/steps/serverless/deploy.sh
index 68c7d285c4c8d..0c6f52b6f1982 100644
--- a/.buildkite/scripts/steps/serverless/deploy.sh
+++ b/.buildkite/scripts/steps/serverless/deploy.sh
@@ -49,7 +49,7 @@ deploy() {
   PROJECT_EXISTS_LOGS=$(mktemp --suffix ".json")
   PROJECT_INFO_LOGS=$(mktemp --suffix ".json")
 
-  curl -s \
+  curl -s --fail \
     -H "Authorization: ApiKey $PROJECT_API_KEY" \
     "${PROJECT_API_DOMAIN}/api/v1/serverless/projects/${PROJECT_TYPE}" \
     -XGET &> $PROJECT_EXISTS_LOGS
@@ -60,7 +60,7 @@ deploy() {
       echo "No project to remove"
     else
       echo "Shutting down previous project..."
-      curl -s \
+      curl -s --fail \
         -H "Authorization: ApiKey $PROJECT_API_KEY" \
         -H "Content-Type: application/json" \
         "${PROJECT_API_DOMAIN}/api/v1/serverless/projects/${PROJECT_TYPE}/${PROJECT_ID}" \
@@ -71,7 +71,7 @@ deploy() {
 
   if [ -z "${PROJECT_ID}" ] || [ "$PROJECT_ID" = 'null' ]; then
     echo "Creating project..."
-    curl -s \
+    curl -s --fail \
       -H "Authorization: ApiKey $PROJECT_API_KEY" \
       -H "Content-Type: application/json" \
       "${PROJECT_API_DOMAIN}/api/v1/serverless/projects/${PROJECT_TYPE}" \
@@ -95,15 +95,15 @@ deploy() {
 
   else
     echo "Updating project..."
-    curl -s \
+    curl -s --fail \
       -H "Authorization: ApiKey $PROJECT_API_KEY" \
       -H "Content-Type: application/json" \
       "${PROJECT_API_DOMAIN}/api/v1/serverless/projects/${PROJECT_TYPE}/${PROJECT_ID}" \
-      -XPUT -d "$PROJECT_UPDATE_CONFIGURATION" &> $PROJECT_DEPLOY_LOGS
+      -XPATCH -d "$PROJECT_UPDATE_CONFIGURATION" &> $PROJECT_DEPLOY_LOGS
   fi
 
   echo "Getting project info..."
-  curl -s \
+  curl -s --fail \
     -H "Authorization: ApiKey $PROJECT_API_KEY" \
     "${PROJECT_API_DOMAIN}/api/v1/serverless/projects/${PROJECT_TYPE}/${PROJECT_ID}" \
     -XGET &> $PROJECT_INFO_LOGS
diff --git a/.buildkite/scripts/steps/test/pick_test_group_run_order.sh b/.buildkite/scripts/steps/test/pick_test_group_run_order.sh
old mode 100644
new mode 100755
diff --git a/.eslintrc.js b/.eslintrc.js
index 09c7428599ca2..853b1549d2b93 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1017,6 +1017,7 @@ module.exports = {
         'import/no-nodejs-modules': 'error',
         'no-duplicate-imports': 'off',
         '@typescript-eslint/no-duplicate-imports': 'error',
+        '@typescript-eslint/consistent-type-imports': 'error',
         'no-restricted-imports': [
           'error',
           {
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index e06b53da0ab57..2dd7f2a8c6aee 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -47,7 +47,6 @@ packages/kbn-apm-synthtrace-client @elastic/obs-ux-infra_services-team @elastic/
 packages/kbn-apm-utils @elastic/obs-ux-infra_services-team
 test/plugin_functional/plugins/app_link_test @elastic/kibana-core
 x-pack/test/usage_collection/plugins/application_usage_test @elastic/kibana-core
-x-pack/plugins/observability_solution/asset_manager @elastic/obs-knowledge-team
 x-pack/plugins/observability_solution/assets_data_access @elastic/obs-knowledge-team
 x-pack/test/security_api_integration/plugins/audit_log @elastic/kibana-security
 packages/kbn-axe-config @elastic/kibana-qa
@@ -391,6 +390,7 @@ x-pack/examples/embedded_lens_example @elastic/kibana-visualizations
 x-pack/plugins/encrypted_saved_objects @elastic/kibana-security
 x-pack/plugins/enterprise_search @elastic/search-kibana
 x-pack/packages/kbn-entities-schema @elastic/obs-knowledge-team
+x-pack/plugins/observability_solution/entity_manager @elastic/obs-knowledge-team
 examples/error_boundary @elastic/appex-sharedux
 packages/kbn-es @elastic/kibana-operations
 packages/kbn-es-archiver @elastic/kibana-operations @elastic/appex-qa
@@ -510,6 +510,7 @@ packages/kbn-ipynb @elastic/search-kibana
 packages/kbn-jest-serializers @elastic/kibana-operations
 packages/kbn-journeys @elastic/kibana-operations @elastic/appex-qa
 packages/kbn-json-ast @elastic/kibana-operations
+x-pack/packages/ml/json_schemas @elastic/ml-ui
 test/health_gateway/plugins/status @elastic/kibana-core
 test/plugin_functional/plugins/kbn_sample_panel_action @elastic/appex-sharedux
 test/plugin_functional/plugins/kbn_top_nav @elastic/kibana-core
@@ -683,6 +684,7 @@ x-pack/test/plugin_functional/plugins/resolver_test @elastic/security-solution
 packages/response-ops/feature_flag_service @elastic/response-ops
 examples/response_stream @elastic/ml-ui
 packages/kbn-rison @elastic/kibana-operations
+x-pack/packages/rollup @elastic/kibana-management
 x-pack/plugins/rollup @elastic/kibana-management
 packages/kbn-router-to-openapispec @elastic/kibana-core
 packages/kbn-router-utils @elastic/obs-ux-logs-team
@@ -725,6 +727,8 @@ packages/kbn-search-response-warnings @elastic/kibana-data-discovery
 packages/kbn-search-types @elastic/kibana-data-discovery
 x-pack/plugins/searchprofiler @elastic/kibana-management
 x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security
+x-pack/packages/security/api_key_management @elastic/kibana-security
+x-pack/packages/security/form_components @elastic/kibana-security
 packages/kbn-security-hardening @elastic/kibana-security
 x-pack/plugins/security @elastic/kibana-security
 x-pack/packages/security/plugin_types_common @elastic/kibana-security
@@ -1348,7 +1352,7 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 
 # Enterprise Search
 /x-pack/test/functional_enterprise_search/ @elastic/search-kibana
-/x-pack/plugins/enterprise_search/public/applications/shared/doc_links @elastic/ent-search-docs-team
+/x-pack/plugins/enterprise_search/public/applications/shared/doc_links @elastic/platform-docs
 /x-pack/test_serverless/api_integration/test_suites/search/serverless_search @elastic/search-kibana
 /x-pack/test_serverless/functional/test_suites/search/ @elastic/search-kibana
 
@@ -1445,6 +1449,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/public/detections/components/alerts_info @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/flyout/document_details @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/flyout/shared @elastic/security-threat-hunting-investigations
+/x-pack/plugins/security_solution/public/notes @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/resolver @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/threat_intelligence @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/timelines @elastic/security-threat-hunting-investigations
diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml
new file mode 100644
index 0000000000000..4e8bd45fd8690
--- /dev/null
+++ b/.github/workflows/bump.yml
@@ -0,0 +1,60 @@
+name: Check & deploy API documentation
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'oas_docs/kibana.serverless.yaml'
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'oas_docs/kibana.serverless.yaml'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  deploy-doc:
+    if: ${{ github.event_name == 'push' }}
+    name: Deploy API documentation on Bump.sh
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy API documentation
+        uses: bump-sh/github-action@v1
+        with:
+          doc: serverless
+          token: ${{secrets.BUMP_TOKEN}}
+          file: oas_docs/kibana.serverless.yaml
+
+  api-diff:
+    if: ${{ github.event_name == 'pull_request' }}
+    name: Check API diff on Bump.sh
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Create Preview
+        uses: bump-sh/github-action@v1
+        with:
+          doc: serverless
+          token: ${{secrets.BUMP_TOKEN}}
+          file: oas_docs/kibana.serverless.yaml
+          command: preview
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Comment pull request with API diff
+        uses: bump-sh/github-action@v1
+        with:
+          doc: serverless
+          token: ${{secrets.BUMP_TOKEN}}
+          file: oas_docs/kibana.serverless.yaml
+          command: diff
+          fail_on_breaking: true
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx
index 246481da11766..3ac069c1b984a 100644
--- a/api_docs/actions.mdx
+++ b/api_docs/actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions
 title: "actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the actions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions']
 ---
 import actionsObj from './actions.devdocs.json';
diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx
index 467d9cf5a7b1f..5e963a9b0c035 100644
--- a/api_docs/advanced_settings.mdx
+++ b/api_docs/advanced_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings
 title: "advancedSettings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the advancedSettings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings']
 ---
 import advancedSettingsObj from './advanced_settings.devdocs.json';
diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx
index e2ebb27cfb3f1..d52e08ef1be15 100644
--- a/api_docs/ai_assistant_management_selection.mdx
+++ b/api_docs/ai_assistant_management_selection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection
 title: "aiAssistantManagementSelection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the aiAssistantManagementSelection plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection']
 ---
 import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json';
diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx
index f5e85bf416a3c..269f1a80032d5 100644
--- a/api_docs/aiops.mdx
+++ b/api_docs/aiops.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops
 title: "aiops"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the aiops plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops']
 ---
 import aiopsObj from './aiops.devdocs.json';
diff --git a/api_docs/alerting.devdocs.json b/api_docs/alerting.devdocs.json
index 51ed0ee394747..010cbaafd57b4 100644
--- a/api_docs/alerting.devdocs.json
+++ b/api_docs/alerting.devdocs.json
@@ -1546,6 +1546,27 @@
             "path": "packages/kbn-alerting-types/action_group_types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "alerting",
+            "id": "def-server.ActionGroup.severity",
+            "type": "Object",
+            "tags": [],
+            "label": "severity",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/alerting-types",
+                "scope": "common",
+                "docId": "kibKbnAlertingTypesPluginApi",
+                "section": "def-common.ActionGroupSeverity",
+                "text": "ActionGroupSeverity"
+              },
+              " | undefined"
+            ],
+            "path": "packages/kbn-alerting-types/action_group_types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -3805,10 +3826,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts"
               },
-              {
-                "plugin": "synthetics",
-                "path": "x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts"
-              },
               {
                 "plugin": "synthetics",
                 "path": "x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts"
@@ -3817,10 +3834,6 @@
                 "plugin": "synthetics",
                 "path": "x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts"
               },
-              {
-                "plugin": "synthetics",
-                "path": "x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts"
-              },
               {
                 "plugin": "ruleRegistry",
                 "path": "x-pack/plugins/rule_registry/server/utils/rule_executor.test_helpers.ts"
@@ -5397,7 +5410,7 @@
           },
           ">, \"id\" | \"snoozeSchedule\">; version?: string | undefined; }) => Promise<void>; unmuteAll: (options: { id: string; }) => Promise<void>; muteInstance: (options: Readonly<{} & { alertId: string; alertInstanceId: string; }>) => Promise<void>; unmuteInstance: (options: Readonly<{} & { alertId: string; alertInstanceId: string; }>) => Promise<void>; bulkUntrackAlerts: (options: Readonly<{ indices?: string[] | undefined; featureIds?: string[] | undefined; alertUuids?: string[] | undefined; query?: any[] | undefined; } & { isUsingQuery: boolean; }>) => Promise<void>; runSoon: (options: { id: string; }) => Promise<string | undefined>; listRuleTypes: () => Promise<Set<",
           "RegistryAlertTypeWithAuth",
-          ">>; scheduleBackfill: (params: Readonly<{ end?: string | undefined; } & { start: string; ruleId: string; }>[]) => Promise<(Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }> | Readonly<{} & { error: Readonly<{} & { error: string; message: string; }>; }>)[]>; getBackfill: (id: string) => Promise<Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>>; findBackfill: (params: Readonly<{ start?: string | undefined; end?: string | undefined; sortField?: \"start\" | \"createdAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; ruleIds?: string | undefined; } & { page: number; perPage: number; }>) => Promise<Readonly<{} & { page: number; perPage: number; total: number; data: Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>[]; }>>; deleteBackfill: (id: string) => Promise<{}>; getSpaceId: () => string | undefined; getAuthorization: () => ",
+          ">>; scheduleBackfill: (params: Readonly<{ end?: string | undefined; } & { start: string; ruleId: string; }>[]) => Promise<(Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }> | Readonly<{} & { error: Readonly<{ status?: number | undefined; } & { message: string; rule: Readonly<{ name?: string | undefined; } & { id: string; }>; }>; }>)[]>; getBackfill: (id: string) => Promise<Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>>; findBackfill: (params: Readonly<{ start?: string | undefined; end?: string | undefined; sortField?: \"start\" | \"createdAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; ruleIds?: string | undefined; } & { page: number; perPage: number; }>) => Promise<Readonly<{} & { page: number; perPage: number; total: number; data: Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record<string, any>; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>[]; }>>; deleteBackfill: (id: string) => Promise<{}>; getSpaceId: () => string | undefined; getAuthorization: () => ",
           {
             "pluginId": "alerting",
             "scope": "server",
@@ -6573,6 +6586,27 @@
             "path": "packages/kbn-alerting-types/action_group_types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "alerting",
+            "id": "def-common.ActionGroup.severity",
+            "type": "Object",
+            "tags": [],
+            "label": "severity",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/alerting-types",
+                "scope": "common",
+                "docId": "kibKbnAlertingTypesPluginApi",
+                "section": "def-common.ActionGroupSeverity",
+                "text": "ActionGroupSeverity"
+              },
+              " | undefined"
+            ],
+            "path": "packages/kbn-alerting-types/action_group_types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -14617,7 +14651,15 @@
         "label": "RecoveredActionGroup",
         "description": [],
         "signature": [
-          "{ readonly id: \"recovered\"; readonly name: string; }"
+          "{ readonly id: \"recovered\"; readonly name: string; readonly severity?: ",
+          {
+            "pluginId": "@kbn/alerting-types",
+            "scope": "common",
+            "docId": "kibKbnAlertingTypesPluginApi",
+            "section": "def-common.ActionGroupSeverity",
+            "text": "ActionGroupSeverity"
+          },
+          " | undefined; }"
         ],
         "path": "packages/kbn-alerting-types/builtin_action_groups_types.ts",
         "deprecated": false,
diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx
index 174daf92bb302..4ea6a20d9ae0c 100644
--- a/api_docs/alerting.mdx
+++ b/api_docs/alerting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting
 title: "alerting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the alerting plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting']
 ---
 import alertingObj from './alerting.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 868 | 1 | 836 | 54 |
+| 870 | 1 | 838 | 52 |
 
 ## Client
 
diff --git a/api_docs/apm.devdocs.json b/api_docs/apm.devdocs.json
index 84ad7ebed719e..6454cad9c995b 100644
--- a/api_docs/apm.devdocs.json
+++ b/api_docs/apm.devdocs.json
@@ -418,7 +418,7 @@
         "label": "APIEndpoint",
         "description": [],
         "signature": [
-          "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/index_pattern\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/assets/services\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/transactions\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/mobile-services/{serviceName}/error/http_error_rate\" | \"GET /internal/apm/mobile-services/{serviceName}/errors/groups/main_statistics\" | \"POST /internal/apm/mobile-services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/error_terms\" | \"POST /internal/apm/mobile-services/{serviceName}/crashes/groups/detailed_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/crashes/groups/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/crashes/distribution\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"GET /internal/apm/services/{serviceName}/profiling/hosts/flamegraph\" | \"GET /internal/apm/services/{serviceName}/profiling/hosts/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\""
+          "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/index_pattern\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/entities/services\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/transactions\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/mobile-services/{serviceName}/error/http_error_rate\" | \"GET /internal/apm/mobile-services/{serviceName}/errors/groups/main_statistics\" | \"POST /internal/apm/mobile-services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/error_terms\" | \"POST /internal/apm/mobile-services/{serviceName}/crashes/groups/detailed_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/crashes/groups/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/crashes/distribution\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"GET /internal/apm/services/{serviceName}/profiling/hosts/flamegraph\" | \"GET /internal/apm/services/{serviceName}/profiling/hosts/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\""
         ],
         "path": "x-pack/plugins/observability_solution/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts",
         "deprecated": false,
@@ -5661,12 +5661,32 @@
           "SavedServiceGroup",
           "[]; }>; } & ",
           "APMRouteCreateOptions",
-          "; \"GET /internal/apm/assets/services\": { endpoint: \"GET /internal/apm/assets/services\"; params?: ",
+          "; \"GET /internal/apm/entities/services\": { endpoint: \"GET /internal/apm/entities/services\"; params?: ",
           "TypeC",
           "<{ query: ",
           "IntersectionC",
           "<[",
           "TypeC",
+          "<{ environment: ",
+          "UnionC",
+          "<[",
+          "LiteralC",
+          "<\"ENVIRONMENT_NOT_DEFINED\">, ",
+          "LiteralC",
+          "<\"ENVIRONMENT_ALL\">, ",
+          "BrandC",
+          "<",
+          "StringC",
+          ", ",
+          {
+            "pluginId": "@kbn/io-ts-utils",
+            "scope": "common",
+            "docId": "kibKbnIoTsUtilsPluginApi",
+            "section": "def-common.NonEmptyStringBrand",
+            "text": "NonEmptyStringBrand"
+          },
+          ">]>; }>, ",
+          "TypeC",
           "<{ kuery: ",
           "StringC",
           "; }>, ",
@@ -5675,56 +5695,20 @@
           "Type",
           "<number, string, unknown>; end: ",
           "Type",
-          "<number, string, unknown>; }>, ",
-          "TypeC",
-          "<{ documentType: ",
-          "UnionC",
-          "<[",
-          "LiteralC",
-          "<",
-          "ApmDocumentType",
-          ".ServiceTransactionMetric>, ",
-          "LiteralC",
-          "<",
-          "ApmDocumentType",
-          ".TransactionMetric>, ",
-          "LiteralC",
-          "<",
-          "ApmDocumentType",
-          ".TransactionEvent>]>; rollupInterval: ",
-          "UnionC",
-          "<[",
-          "LiteralC",
-          "<",
-          "RollupInterval",
-          ".OneMinute>, ",
-          "LiteralC",
-          "<",
-          "RollupInterval",
-          ".TenMinutes>, ",
-          "LiteralC",
-          "<",
-          "RollupInterval",
-          ".SixtyMinutes>, ",
-          "LiteralC",
-          "<",
-          "RollupInterval",
-          ".None>]>; }>, ",
-          "TypeC",
-          "<{ useDurationSummary: ",
-          "Type",
-          "<boolean, boolean, unknown>; }>]>; }> | undefined; handler: ({}: ",
+          "<number, string, unknown>; }>]>; }> | undefined; handler: ({}: ",
           "APMRouteHandlerResources",
-          " & { params: { query: { kuery: string; } & { start: number; end: number; } & { documentType: ",
-          "ApmDocumentType",
-          ".TransactionMetric | ",
-          "ApmDocumentType",
-          ".ServiceTransactionMetric | ",
-          "ApmDocumentType",
-          ".TransactionEvent; rollupInterval: ",
-          "RollupInterval",
-          "; } & { useDurationSummary: boolean; }; }; }) => Promise<",
-          "AssetServicesResponse",
+          " & { params: { query: { environment: \"ENVIRONMENT_NOT_DEFINED\" | \"ENVIRONMENT_ALL\" | ",
+          "Branded",
+          "<string, ",
+          {
+            "pluginId": "@kbn/io-ts-utils",
+            "scope": "common",
+            "docId": "kibKbnIoTsUtilsPluginApi",
+            "section": "def-common.NonEmptyStringBrand",
+            "text": "NonEmptyStringBrand"
+          },
+          ">; } & { kuery: string; } & { start: number; end: number; }; }; }) => Promise<",
+          "EntityServicesResponse",
           ">; } & ",
           "APMRouteCreateOptions",
           "; \"GET /internal/apm/services/{serviceName}/alerts_count\": { endpoint: \"GET /internal/apm/services/{serviceName}/alerts_count\"; params?: ",
diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx
index d9ccc16a8acb4..102fed2c28af3 100644
--- a/api_docs/apm.mdx
+++ b/api_docs/apm.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm
 title: "apm"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the apm plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm']
 ---
 import apmObj from './apm.devdocs.json';
diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx
index cf0bc62f7d985..e7c24c428be48 100644
--- a/api_docs/apm_data_access.mdx
+++ b/api_docs/apm_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess
 title: "apmDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the apmDataAccess plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess']
 ---
 import apmDataAccessObj from './apm_data_access.devdocs.json';
diff --git a/api_docs/asset_manager.devdocs.json b/api_docs/asset_manager.devdocs.json
deleted file mode 100644
index dcb7aa86b3ff9..0000000000000
--- a/api_docs/asset_manager.devdocs.json
+++ /dev/null
@@ -1,165 +0,0 @@
-{
-  "id": "assetManager",
-  "client": {
-    "classes": [],
-    "functions": [],
-    "interfaces": [
-      {
-        "parentPluginId": "assetManager",
-        "id": "def-public.AssetManagerPublicPluginSetup",
-        "type": "Interface",
-        "tags": [],
-        "label": "AssetManagerPublicPluginSetup",
-        "description": [],
-        "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "assetManager",
-            "id": "def-public.AssetManagerPublicPluginSetup.publicAssetsClient",
-            "type": "Object",
-            "tags": [],
-            "label": "publicAssetsClient",
-            "description": [],
-            "signature": [
-              "IPublicAssetsClient"
-            ],
-            "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "assetManager",
-        "id": "def-public.AssetManagerPublicPluginStart",
-        "type": "Interface",
-        "tags": [],
-        "label": "AssetManagerPublicPluginStart",
-        "description": [],
-        "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "assetManager",
-            "id": "def-public.AssetManagerPublicPluginStart.publicAssetsClient",
-            "type": "Object",
-            "tags": [],
-            "label": "publicAssetsClient",
-            "description": [],
-            "signature": [
-              "IPublicAssetsClient"
-            ],
-            "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      }
-    ],
-    "enums": [],
-    "misc": [
-      {
-        "parentPluginId": "assetManager",
-        "id": "def-public.AssetManagerAppId",
-        "type": "Type",
-        "tags": [],
-        "label": "AssetManagerAppId",
-        "description": [],
-        "signature": [
-          "\"assetManager\""
-        ],
-        "path": "x-pack/plugins/observability_solution/asset_manager/public/index.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      }
-    ],
-    "objects": []
-  },
-  "server": {
-    "classes": [],
-    "functions": [],
-    "interfaces": [],
-    "enums": [],
-    "misc": [
-      {
-        "parentPluginId": "assetManager",
-        "id": "def-server.AssetManagerConfig",
-        "type": "Type",
-        "tags": [],
-        "label": "AssetManagerConfig",
-        "description": [],
-        "signature": [
-          "{ readonly alphaEnabled?: boolean | undefined; readonly sourceIndices: Readonly<{} & { logs: string; }>; }"
-        ],
-        "path": "x-pack/plugins/observability_solution/asset_manager/common/config.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "assetManager",
-        "id": "def-server.WriteSamplesPostBody",
-        "type": "Type",
-        "tags": [],
-        "label": "WriteSamplesPostBody",
-        "description": [],
-        "signature": [
-          "{ baseDateTime?: string | number | undefined; excludeEans?: string[] | undefined; refresh?: boolean | \"wait_for\" | undefined; } | null"
-        ],
-        "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      }
-    ],
-    "objects": [],
-    "setup": {
-      "parentPluginId": "assetManager",
-      "id": "def-server.AssetManagerServerPluginSetup",
-      "type": "Type",
-      "tags": [],
-      "label": "AssetManagerServerPluginSetup",
-      "description": [],
-      "signature": [
-        "{ assetClient: ",
-        "AssetClient",
-        "; } | undefined"
-      ],
-      "path": "x-pack/plugins/observability_solution/asset_manager/server/plugin.ts",
-      "deprecated": false,
-      "trackAdoption": false,
-      "lifecycle": "setup",
-      "initialIsOpen": true
-    },
-    "start": {
-      "parentPluginId": "assetManager",
-      "id": "def-server.AssetManagerServerPluginStart",
-      "type": "Type",
-      "tags": [],
-      "label": "AssetManagerServerPluginStart",
-      "description": [],
-      "signature": [
-        "{} | undefined"
-      ],
-      "path": "x-pack/plugins/observability_solution/asset_manager/server/plugin.ts",
-      "deprecated": false,
-      "trackAdoption": false,
-      "lifecycle": "start",
-      "initialIsOpen": true
-    }
-  },
-  "common": {
-    "classes": [],
-    "functions": [],
-    "interfaces": [],
-    "enums": [],
-    "misc": [],
-    "objects": []
-  }
-}
\ No newline at end of file
diff --git a/api_docs/asset_manager.mdx b/api_docs/asset_manager.mdx
deleted file mode 100644
index 64cfd25389da0..0000000000000
--- a/api_docs/asset_manager.mdx
+++ /dev/null
@@ -1,44 +0,0 @@
----
-####
-#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
-#### Reach out in #docs-engineering for more info.
-####
-id: kibAssetManagerPluginApi
-slug: /kibana-dev-docs/api/assetManager
-title: "assetManager"
-image: https://source.unsplash.com/400x175/?github
-description: API docs for the assetManager plugin
-date: 2024-06-19
-tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetManager']
----
-import assetManagerObj from './asset_manager.devdocs.json';
-
-Asset manager plugin for entity assets (inventory, topology, etc)
-
-Contact [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) for questions regarding this plugin.
-
-**Code health stats**
-
-| Public API count  | Any count | Items lacking comments | Missing exports |
-|-------------------|-----------|------------------------|-----------------|
-| 9 | 0 | 9 | 2 |
-
-## Client
-
-### Interfaces
-<DocDefinitionList data={assetManagerObj.client.interfaces}/>
-
-### Consts, variables and types
-<DocDefinitionList data={assetManagerObj.client.misc}/>
-
-## Server
-
-### Setup
-<DocDefinitionList data={[assetManagerObj.server.setup]}/>
-
-### Start
-<DocDefinitionList data={[assetManagerObj.server.start]}/>
-
-### Consts, variables and types
-<DocDefinitionList data={assetManagerObj.server.misc}/>
-
diff --git a/api_docs/assets_data_access.mdx b/api_docs/assets_data_access.mdx
index 76dad9651578f..f4f2d4ba9690e 100644
--- a/api_docs/assets_data_access.mdx
+++ b/api_docs/assets_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/assetsDataAccess
 title: "assetsDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the assetsDataAccess plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetsDataAccess']
 ---
 import assetsDataAccessObj from './assets_data_access.devdocs.json';
diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx
index 4c8b9bbe19251..f731da41ca03d 100644
--- a/api_docs/banners.mdx
+++ b/api_docs/banners.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners
 title: "banners"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the banners plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners']
 ---
 import bannersObj from './banners.devdocs.json';
diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx
index 7d4dd4fd3ca99..b61a7e6f6f87c 100644
--- a/api_docs/bfetch.mdx
+++ b/api_docs/bfetch.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch
 title: "bfetch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the bfetch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch']
 ---
 import bfetchObj from './bfetch.devdocs.json';
diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx
index 91e867a7999af..4c563fdc591bb 100644
--- a/api_docs/canvas.mdx
+++ b/api_docs/canvas.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas
 title: "canvas"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the canvas plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas']
 ---
 import canvasObj from './canvas.devdocs.json';
diff --git a/api_docs/cases.devdocs.json b/api_docs/cases.devdocs.json
index f0e42450539c8..c62a4c8d7c4c2 100644
--- a/api_docs/cases.devdocs.json
+++ b/api_docs/cases.devdocs.json
@@ -483,7 +483,7 @@
               "section": "def-common.CaseSeverity",
               "text": "CaseSeverity"
             },
-            "[] | undefined; assignees?: string | string[] | undefined; reporters?: string | string[] | undefined; defaultSearchOperator?: \"AND\" | \"OR\" | undefined; from?: string | undefined; search?: string | undefined; searchFields?: \"title\" | \"description\" | (\"title\" | \"description\")[] | undefined; sortField?: \"title\" | \"createdAt\" | \"updatedAt\" | \"status\" | \"category\" | \"severity\" | \"closedAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; to?: string | undefined; owner?: string | string[] | undefined; category?: string | string[] | undefined; } & Partial<",
+            "[] | undefined; assignees?: string | string[] | undefined; reporters?: string | string[] | undefined; defaultSearchOperator?: \"AND\" | \"OR\" | undefined; from?: string | undefined; search?: string | undefined; searchFields?: \"title\" | \"description\" | (\"title\" | \"description\")[] | undefined; sortField?: \"title\" | \"createdAt\" | \"updatedAt\" | \"status\" | \"severity\" | \"category\" | \"closedAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; to?: string | undefined; owner?: string | string[] | undefined; category?: string | string[] | undefined; } & Partial<",
             "Pagination",
             ">, signal?: AbortSignal | undefined) => Promise<",
             {
diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx
index 2beb8d47c6930..917432447179c 100644
--- a/api_docs/cases.mdx
+++ b/api_docs/cases.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases
 title: "cases"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cases plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases']
 ---
 import casesObj from './cases.devdocs.json';
diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx
index 7f1e24b9fea6d..e604c881ec242 100644
--- a/api_docs/charts.mdx
+++ b/api_docs/charts.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts
 title: "charts"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the charts plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts']
 ---
 import chartsObj from './charts.devdocs.json';
diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx
index 190013ec6c9cf..76446d2a779bc 100644
--- a/api_docs/cloud.mdx
+++ b/api_docs/cloud.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud
 title: "cloud"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloud plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud']
 ---
 import cloudObj from './cloud.devdocs.json';
diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx
index bb3b69a7c63f1..8a209d0e01c02 100644
--- a/api_docs/cloud_data_migration.mdx
+++ b/api_docs/cloud_data_migration.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration
 title: "cloudDataMigration"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudDataMigration plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration']
 ---
 import cloudDataMigrationObj from './cloud_data_migration.devdocs.json';
diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx
index 2d88f69aeec5c..1878fa665a718 100644
--- a/api_docs/cloud_defend.mdx
+++ b/api_docs/cloud_defend.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend
 title: "cloudDefend"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudDefend plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend']
 ---
 import cloudDefendObj from './cloud_defend.devdocs.json';
diff --git a/api_docs/cloud_experiments.mdx b/api_docs/cloud_experiments.mdx
index daf262ab94138..1ff538d276d3e 100644
--- a/api_docs/cloud_experiments.mdx
+++ b/api_docs/cloud_experiments.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudExperiments
 title: "cloudExperiments"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudExperiments plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudExperiments']
 ---
 import cloudExperimentsObj from './cloud_experiments.devdocs.json';
diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx
index a812d76502208..c6d039e00fe45 100644
--- a/api_docs/cloud_security_posture.mdx
+++ b/api_docs/cloud_security_posture.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture
 title: "cloudSecurityPosture"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudSecurityPosture plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture']
 ---
 import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json';
diff --git a/api_docs/console.mdx b/api_docs/console.mdx
index 8b056c595d8d8..4223612f0632a 100644
--- a/api_docs/console.mdx
+++ b/api_docs/console.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console
 title: "console"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the console plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console']
 ---
 import consoleObj from './console.devdocs.json';
diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx
index a061227fb6cae..b06453f2ab3c4 100644
--- a/api_docs/content_management.mdx
+++ b/api_docs/content_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement
 title: "contentManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the contentManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement']
 ---
 import contentManagementObj from './content_management.devdocs.json';
diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx
index 97ce881289142..549435b4d899d 100644
--- a/api_docs/controls.mdx
+++ b/api_docs/controls.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls
 title: "controls"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the controls plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls']
 ---
 import controlsObj from './controls.devdocs.json';
diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx
index aef3f276d8a1c..e10a1ec12f215 100644
--- a/api_docs/custom_integrations.mdx
+++ b/api_docs/custom_integrations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations
 title: "customIntegrations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the customIntegrations plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations']
 ---
 import customIntegrationsObj from './custom_integrations.devdocs.json';
diff --git a/api_docs/dashboard.devdocs.json b/api_docs/dashboard.devdocs.json
index d22dda4cd015b..de3639ca81e09 100644
--- a/api_docs/dashboard.devdocs.json
+++ b/api_docs/dashboard.devdocs.json
@@ -2559,7 +2559,7 @@
           "\nFor BWC reasons, dashboard state is stored with panels as an array instead of a map"
         ],
         "signature": [
-          "{ id?: string | undefined; tags?: string[] | undefined; title?: string | undefined; query?: ",
+          "{ id?: string | undefined; version?: string | undefined; tags?: string[] | undefined; title?: string | undefined; query?: ",
           {
             "pluginId": "@kbn/es-query",
             "scope": "common",
@@ -2575,7 +2575,7 @@
             "section": "def-common.Filter",
             "text": "Filter"
           },
-          "[] | undefined; description?: string | undefined; version?: string | undefined; refreshInterval?: ",
+          "[] | undefined; description?: string | undefined; refreshInterval?: ",
           {
             "pluginId": "data",
             "scope": "common",
diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx
index 96515a7692a6c..c67808a638d60 100644
--- a/api_docs/dashboard.mdx
+++ b/api_docs/dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard
 title: "dashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dashboard plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard']
 ---
 import dashboardObj from './dashboard.devdocs.json';
diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx
index 119f9b57bf172..3185563c83d40 100644
--- a/api_docs/dashboard_enhanced.mdx
+++ b/api_docs/dashboard_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced
 title: "dashboardEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dashboardEnhanced plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced']
 ---
 import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json';
diff --git a/api_docs/data.devdocs.json b/api_docs/data.devdocs.json
index 324899d1a151e..296fbccb6cc31 100644
--- a/api_docs/data.devdocs.json
+++ b/api_docs/data.devdocs.json
@@ -12018,7 +12018,7 @@
                 "section": "def-server.DataPluginStart",
                 "text": "DataPluginStart"
               },
-              ">, { bfetch, expressions, usageCollection, fieldFormats, security }: ",
+              ">, { bfetch, expressions, usageCollection, fieldFormats }: ",
               "DataPluginSetupDependencies",
               ") => { search: ",
               "ISearchSetup",
@@ -12075,7 +12075,7 @@
                 "id": "def-server.DataServerPlugin.setup.$2",
                 "type": "Object",
                 "tags": [],
-                "label": "{ bfetch, expressions, usageCollection, fieldFormats, security }",
+                "label": "{ bfetch, expressions, usageCollection, fieldFormats }",
                 "description": [],
                 "signature": [
                   "DataPluginSetupDependencies"
diff --git a/api_docs/data.mdx b/api_docs/data.mdx
index 4bc38d07ab1b5..7d39ca00d227d 100644
--- a/api_docs/data.mdx
+++ b/api_docs/data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data
 title: "data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data']
 ---
 import dataObj from './data.devdocs.json';
diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx
index c9508d873d3ce..3c6d114f6978f 100644
--- a/api_docs/data_quality.mdx
+++ b/api_docs/data_quality.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality
 title: "dataQuality"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataQuality plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality']
 ---
 import dataQualityObj from './data_quality.devdocs.json';
diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx
index 3123c6516428a..b9ce1c02694d7 100644
--- a/api_docs/data_query.mdx
+++ b/api_docs/data_query.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query
 title: "data.query"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data.query plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query']
 ---
 import dataQueryObj from './data_query.devdocs.json';
diff --git a/api_docs/data_search.devdocs.json b/api_docs/data_search.devdocs.json
index 3e3047831b93f..7f73ada1e2d7d 100644
--- a/api_docs/data_search.devdocs.json
+++ b/api_docs/data_search.devdocs.json
@@ -2414,7 +2414,7 @@
             "label": "asScopedProvider",
             "description": [],
             "signature": [
-              "({ savedObjects, elasticsearch }: ",
+              "({ security, savedObjects, elasticsearch }: ",
               {
                 "pluginId": "@kbn/core-lifecycle-server",
                 "scope": "common",
@@ -2593,7 +2593,7 @@
                 "id": "def-server.SearchSessionService.asScopedProvider.$1",
                 "type": "Object",
                 "tags": [],
-                "label": "{ savedObjects, elasticsearch }",
+                "label": "{ security, savedObjects, elasticsearch }",
                 "description": [],
                 "signature": [
                   {
diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx
index 181a37757cacb..3262af66b08d8 100644
--- a/api_docs/data_search.mdx
+++ b/api_docs/data_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search
 title: "data.search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data.search plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search']
 ---
 import dataSearchObj from './data_search.devdocs.json';
diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx
index 3af5d0fe9268a..82451f44fc756 100644
--- a/api_docs/data_view_editor.mdx
+++ b/api_docs/data_view_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor
 title: "dataViewEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewEditor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor']
 ---
 import dataViewEditorObj from './data_view_editor.devdocs.json';
diff --git a/api_docs/data_view_field_editor.devdocs.json b/api_docs/data_view_field_editor.devdocs.json
index b961c3f8fa265..68e920109e0b6 100644
--- a/api_docs/data_view_field_editor.devdocs.json
+++ b/api_docs/data_view_field_editor.devdocs.json
@@ -650,6 +650,14 @@
                 "section": "def-common.DataView",
                 "text": "DataView"
               },
+              " | ",
+              {
+                "pluginId": "dataViews",
+                "scope": "common",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-common.DataViewLazy",
+                "text": "DataViewLazy"
+              },
               "; }"
             ],
             "path": "src/plugins/data_view_field_editor/public/open_editor.tsx",
@@ -1019,7 +1027,9 @@
               "section": "def-public.OpenFieldEditorOptions",
               "text": "OpenFieldEditorOptions"
             },
-            ") => () => void"
+            ") => Promise<",
+            "CloseEditor",
+            ">"
           ],
           "path": "src/plugins/data_view_field_editor/public/types.ts",
           "deprecated": false,
@@ -1067,7 +1077,8 @@
               "section": "def-public.OpenFieldDeleteModalOptions",
               "text": "OpenFieldDeleteModalOptions"
             },
-            ") => () => void"
+            ") => ",
+            "CloseEditor"
           ],
           "path": "src/plugins/data_view_field_editor/public/types.ts",
           "deprecated": false,
diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx
index 206f19c400122..6240d9f72769c 100644
--- a/api_docs/data_view_field_editor.mdx
+++ b/api_docs/data_view_field_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor
 title: "dataViewFieldEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewFieldEditor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor']
 ---
 import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 72 | 0 | 33 | 0 |
+| 72 | 0 | 33 | 1 |
 
 ## Client
 
diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx
index b7a04fc6457ca..acd12fca3fa3c 100644
--- a/api_docs/data_view_management.mdx
+++ b/api_docs/data_view_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement
 title: "dataViewManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement']
 ---
 import dataViewManagementObj from './data_view_management.devdocs.json';
diff --git a/api_docs/data_views.devdocs.json b/api_docs/data_views.devdocs.json
index 8dad9a0ac323d..d456103f28f6c 100644
--- a/api_docs/data_views.devdocs.json
+++ b/api_docs/data_views.devdocs.json
@@ -6882,23 +6882,6 @@
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "dataViews",
-        "id": "def-public.UserIdGetter",
-        "type": "Type",
-        "tags": [],
-        "label": "UserIdGetter",
-        "description": [],
-        "signature": [
-          "() => Promise<string | undefined>"
-        ],
-        "path": "src/plugins/data_views/public/types.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "returnComment": [],
-        "children": [],
-        "initialIsOpen": false
       }
     ],
     "objects": [],
diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx
index 74c481eaad31c..611e5e8b4e2b3 100644
--- a/api_docs/data_views.mdx
+++ b/api_docs/data_views.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews
 title: "dataViews"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViews plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews']
 ---
 import dataViewsObj from './data_views.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 1159 | 0 | 402 | 3 |
+| 1158 | 0 | 401 | 3 |
 
 ## Client
 
diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx
index d432893bc384f..f59ede7952396 100644
--- a/api_docs/data_visualizer.mdx
+++ b/api_docs/data_visualizer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer
 title: "dataVisualizer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataVisualizer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer']
 ---
 import dataVisualizerObj from './data_visualizer.devdocs.json';
diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx
index 9be5bb8dcf960..a5f6be7deac5f 100644
--- a/api_docs/dataset_quality.mdx
+++ b/api_docs/dataset_quality.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality
 title: "datasetQuality"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the datasetQuality plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality']
 ---
 import datasetQualityObj from './dataset_quality.devdocs.json';
diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx
index 5c6f96d6421d7..abe9b7608961d 100644
--- a/api_docs/deprecations_by_api.mdx
+++ b/api_docs/deprecations_by_api.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi
 slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api
 title: Deprecated API usage by API
 description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by.
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
@@ -18,7 +18,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | ---------------|-----------|-----------|
 | <DocLink id="kibAlertingPluginApi" section="def-public.PluginSetupContract.registerNavigation" text="registerNavigation"/> | ml, stackAlerts | - |
 | <DocLink id="kibDataViewsPluginApi" section="def-common.AbstractDataView.title" text="title"/> | data, @kbn/search-errors, savedObjectsManagement, unifiedSearch, @kbn/unified-field-list, lens, controls, triggersActionsUi, dataVisualizer, canvas, presentationUtil, logsShared, fleet, ml, @kbn/lens-embeddable-utils, @kbn/ml-data-view-utils, enterpriseSearch, graph, visTypeTimeseries, exploratoryView, stackAlerts, infra, securitySolution, timelines, transform, upgradeAssistant, uptime, ux, maps, dataViewManagement, eventAnnotationListing, inputControlVis, visDefaultEditor, visTypeTimelion, visTypeVega | - |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginSetup.authc" text="authc"/> | encryptedSavedObjects, actions, data, ml, logstash, securitySolution, cloudChat | - |
+| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginSetup.authc" text="authc"/> | encryptedSavedObjects, actions, ml, logstash, securitySolution, cloudChat | - |
 | <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginSetup.authz" text="authz"/> | actions, savedObjectsTagging, ml, enterpriseSearch | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SimpleSavedObject" text="SimpleSavedObject"/> | @kbn/core-saved-objects-browser-internal, @kbn/core, savedObjects, visualizations, aiops, dataVisualizer, ml, dashboardEnhanced, graph, lens, securitySolution, eventAnnotation, @kbn/core-saved-objects-browser-mocks | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectAttributes" text="SavedObjectAttributes"/> | @kbn/core, savedObjects, embeddable, visualizations, canvas, graph, ml, @kbn/core-saved-objects-common, @kbn/core-saved-objects-server, actions, @kbn/alerting-types, alerting, savedSearch, enterpriseSearch, securitySolution, taskManager, @kbn/core-saved-objects-server-internal, @kbn/core-saved-objects-api-server | - |
@@ -39,7 +39,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibDataPluginApi" section="def-common.EqlSearchStrategyRequest.options" text="options"/> | securitySolution | - |
 | <DocLink id="kibFleetPluginApi" section="def-public.NewPackagePolicy.policy_id" text="policy_id"/> | cloudDefend, osquery, securitySolution, synthetics | - |
 | <DocLink id="kibFleetPluginApi" section="def-common.NewPackagePolicy.policy_id" text="policy_id"/> | cloudDefend, osquery, securitySolution, synthetics | - |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | actions, alerting, files, cases, observabilityAIAssistant, fleet, cloudDefend, cloudSecurityPosture, elasticAssistant, enterpriseSearch, lists, osquery, securitySolution, reporting, serverlessSearch, transform, upgradeAssistant, apm, synthetics, security | - |
+| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | actions, alerting, observabilityAIAssistant, fleet, cloudDefend, cloudSecurityPosture, enterpriseSearch, lists, securitySolution, serverlessSearch, transform, upgradeAssistant, apm, entityManager, observabilityOnboarding, synthetics, security | - |
 | <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.userProfiles" text="userProfiles"/> | cases, securitySolution, security | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.DeprecatedCellValueElementProps" text="DeprecatedCellValueElementProps"/> | @kbn/securitysolution-data-table, securitySolution | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.DeprecatedRowRenderer" text="DeprecatedRowRenderer"/> | @kbn/securitysolution-data-table, securitySolution | - |
@@ -50,7 +50,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibTimelinesPluginApi" section="def-common.IndexFieldsStrategyResponse" text="IndexFieldsStrategyResponse"/> | securitySolution | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObject" text="SavedObject"/> | @kbn/core-saved-objects-api-browser, @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-api-server, @kbn/core, home, savedObjectsTagging, canvas, savedObjects, @kbn/core-saved-objects-browser-mocks, @kbn/core-saved-objects-import-export-server-internal, savedObjectsTaggingOss, lists, securitySolution, upgradeAssistant, savedObjectsManagement, @kbn/core-ui-settings-server-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.convertToMultiNamespaceTypeVersion" text="convertToMultiNamespaceTypeVersion"/> | @kbn/core-saved-objects-migration-server-internal, actions, dataViews, data, alerting, lens, cases, savedSearch, canvas, savedObjectsTagging, graph, lists, maps, visualizations, securitySolution, dashboard, @kbn/core-test-helpers-so-type-serializer | - |
-| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.authc" text="authc"/> | dataViews, security, maps, imageEmbeddable, securitySolution, serverlessSearch, cloudLinks, observabilityAIAssistantApp, cases, apm | - |
+| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.authc" text="authc"/> | security, securitySolution, serverlessSearch, cloudLinks, observabilityAIAssistantApp, cases, apm | - |
 | <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.userProfiles" text="userProfiles"/> | security, cases, searchPlayground, securitySolution | - |
 | <DocLink id="kibKbnSecuritysolutionListConstantsPluginApi" section="def-common.ENDPOINT_TRUSTED_APPS_LIST_ID" text="ENDPOINT_TRUSTED_APPS_LIST_ID"/> | lists, securitySolution, @kbn/securitysolution-io-ts-list-types | - |
 | <DocLink id="kibKbnSecuritysolutionListConstantsPluginApi" section="def-common.ENDPOINT_TRUSTED_APPS_LIST_NAME" text="ENDPOINT_TRUSTED_APPS_LIST_NAME"/> | lists, securitySolution, @kbn/securitysolution-io-ts-list-types | - |
@@ -70,18 +70,18 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableSetup.registerEmbeddableFactory" text="registerEmbeddableFactory"/> | visualizations, lens, controls, dashboard, discover, links | - |
 | <DocLink id="kibSharePluginApi" section="def-public.ShareContext.shareableUrlForSavedObject" text="shareableUrlForSavedObject"/> | discover, @kbn/reporting-public | - |
 | <DocLink id="kibUiActionsPluginApi" section="def-public.UiActionsService.executeTriggerActions" text="executeTriggerActions"/> | data, discover, imageEmbeddable, embeddable | - |
-| <DocLink id="kibKbnCoreLifecycleBrowserPluginApi" section="def-common.CoreStart.savedObjects" text="savedObjects"/> | @kbn/core-plugins-browser-internal, @kbn/core-root-browser-internal, home, savedObjects, unifiedSearch, visualizations, fileUpload, dashboardEnhanced, transform, dashboard, discover, dataVisualizer | - |
+| <DocLink id="kibKbnCoreLifecycleBrowserPluginApi" section="def-common.CoreStart.savedObjects" text="savedObjects"/> | @kbn/core-plugins-browser-internal, @kbn/core-root-browser-internal, home, savedObjects, unifiedSearch, visualizations, fileUpload, dashboardEnhanced, transform, discover, dataVisualizer | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.resolve" text="resolve"/> | @kbn/core-saved-objects-browser-mocks, discover, @kbn/core-saved-objects-browser-internal | - |
 | <DocLink id="kibKbnCoreUiSettingsCommonPluginApi" section="def-common.UiSettingsParams.metric" text="metric"/> | discover, @kbn/management-settings-field-definition | - |
 | <DocLink id="kibDataPluginApi" section="def-public.syncQueryStateWithUrl" text="syncQueryStateWithUrl"/> | monitoring | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectReference" text="SavedObjectReference"/> | @kbn/core-saved-objects-api-browser, @kbn/core, savedObjects, savedObjectsManagement, visualizations, savedObjectsTagging, eventAnnotation, lens, maps, graph, dashboard, savedObjectsTaggingOss, kibanaUtils, expressions, data, embeddable, uiActionsEnhanced, controls, canvas, dashboardEnhanced, globalSearchProviders | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract" text="SavedObjectsClientContract"/> | @kbn/core-saved-objects-browser, @kbn/core-saved-objects-browser-internal, @kbn/core, home, savedObjects, visualizations, lens, visTypeTimeseries, @kbn/core-saved-objects-browser-mocks | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.create" text="create"/> | @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-browser-mocks, savedObjects, dashboard | - |
+| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.create" text="create"/> | @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-browser-mocks, savedObjects | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.bulkCreate" text="bulkCreate"/> | @kbn/core-saved-objects-browser-mocks, home, @kbn/core-saved-objects-browser-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.delete" text="delete"/> | @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-browser-mocks, savedObjects, visualizations | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.bulkDelete" text="bulkDelete"/> | @kbn/core-saved-objects-browser-mocks, @kbn/core-saved-objects-browser-internal | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.find" text="find"/> | @kbn/core-saved-objects-browser-mocks, savedObjects, dashboardEnhanced, dashboard, @kbn/core-saved-objects-browser-internal | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.get" text="get"/> | @kbn/core-saved-objects-browser-mocks, savedObjects, dashboardEnhanced, dashboard, @kbn/core-saved-objects-browser-internal | - |
+| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.find" text="find"/> | @kbn/core-saved-objects-browser-mocks, savedObjects, dashboardEnhanced, @kbn/core-saved-objects-browser-internal | - |
+| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.get" text="get"/> | @kbn/core-saved-objects-browser-mocks, savedObjects, dashboardEnhanced, @kbn/core-saved-objects-browser-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.bulkGet" text="bulkGet"/> | @kbn/core-saved-objects-browser-mocks, savedObjects, @kbn/core-saved-objects-browser-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.bulkResolve" text="bulkResolve"/> | @kbn/core-saved-objects-browser-mocks, @kbn/core-saved-objects-browser-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.update" text="update"/> | @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-browser-mocks, savedObjects | - |
@@ -117,7 +117,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableStart.getEmbeddableFactories" text="getEmbeddableFactories"/> | dashboard, canvas | - |
 | <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.apiHasLegacyLibraryTransforms" text="apiHasLegacyLibraryTransforms"/> | dashboard | - |
 | <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.HasLegacyLibraryTransforms" text="HasLegacyLibraryTransforms"/> | embeddable, dashboard | - |
-| <DocLink id="kibSecurityPluginApi" section="def-public.SecurityPluginSetup.authc" text="authc"/> | dataVisualizer, security | - |
+| <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.HasLibraryTransforms" text="HasLibraryTransforms"/> | dashboard, maps | - |
 | <DocLink id="kibDataPluginApi" section="def-common.DataView.flattenHit" text="flattenHit"/> | dataViews, maps | - |
 | <DocLink id="kibDataPluginApi" section="def-common.DataView.removeScriptedField" text="removeScriptedField"/> | dataViews, dataViewManagement | - |
 | <DocLink id="kibDataPluginApi" section="def-common.DataView.getScriptedFields" text="getScriptedFields"/> | dataViews, dataViewManagement | - |
@@ -150,21 +150,22 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibExpressionPartitionVisPluginApi" section="def-common.LabelsParams.truncate" text="truncate"/> | visTypePie | - |
 | <DocLink id="kibExpressionPartitionVisPluginApi" section="def-common.LabelsParams.last_level" text="last_level"/> | visTypePie | - |
 | <DocLink id="kibKbnCoreLoggingServerPluginApi" section="def-common.NumericRollingStrategyConfig.max" text="max"/> | @kbn/core-logging-server-internal, security | - |
+| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginSetup.authc" text="authc"/> | security | - |
 | <DocLink id="kibKibanaReactPluginApi" section="def-public.toMountPoint" text="toMountPoint"/> | observabilityShared | - |
 | <DocLink id="kibKibanaReactPluginApi" section="def-common.KibanaStyledComponentsThemeProviderDecorator" text="KibanaStyledComponentsThemeProviderDecorator"/> | @kbn/react-kibana-context-styled, kibanaReact | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectMigrationContext.convertToMultiNamespaceTypeVersion" text="convertToMultiNamespaceTypeVersion"/> | encryptedSavedObjects | - |
-| <DocLink id="kibKbnReportingExportTypesCsvPluginApi" section="def-server.CsvSearchSourceImmediateExportType" text="CsvSearchSourceImmediateExportType"/> | reporting | - |
-| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.JobParamsDownloadCSV" text="JobParamsDownloadCSV"/> | @kbn/reporting-export-types-csv, reporting | - |
-| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.CSV_SEARCHSOURCE_IMMEDIATE_TYPE" text="CSV_SEARCHSOURCE_IMMEDIATE_TYPE"/> | @kbn/reporting-export-types-csv, reporting | - |
-| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.CSV_JOB_TYPE_DEPRECATED" text="CSV_JOB_TYPE_DEPRECATED"/> | reporting | - |
-| <DocLink id="kibKbnReportingExportTypesPdfPluginApi" section="def-server.PdfV1ExportType" text="PdfV1ExportType"/> | reporting | - |
-| <DocLink id="kibKbnReportingExportTypesPdfCommonPluginApi" section="def-common.JobParamsPDFDeprecated" text="JobParamsPDFDeprecated"/> | @kbn/reporting-export-types-pdf, reporting | - |
 | <DocLink id="kibKbnContentManagementTableListViewTablePluginApi" section="def-public.TableListViewTableProps.withoutPageTemplateWrapper" text="withoutPageTemplateWrapper"/> | @kbn/content-management-table-list-view, filesManagement | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsBulkUpdateOptions" text="SavedObjectsBulkUpdateOptions"/> | @kbn/core | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsBulkResolveResponse" text="SavedObjectsBulkResolveResponse"/> | @kbn/core | - |
 | <DocLink id="kibKbnCoreSavedObjectsBrowserMocksPluginApi" section="def-common.savedObjectsServiceMock" text="savedObjectsServiceMock"/> | @kbn/core-lifecycle-browser-mocks, @kbn/core, @kbn/core-plugins-browser-internal | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectAttributeSingle" text="SavedObjectAttributeSingle"/> | @kbn/core | - |
 | <DocLink id="kibKbnCorePluginsServerPluginApi" section="def-common.PluginManifest.extraPublicDirs" text="extraPublicDirs"/> | @kbn/core-plugins-server-internal | - |
+| <DocLink id="kibKbnReportingExportTypesCsvPluginApi" section="def-server.CsvSearchSourceImmediateExportType" text="CsvSearchSourceImmediateExportType"/> | reporting | - |
+| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.JobParamsDownloadCSV" text="JobParamsDownloadCSV"/> | @kbn/reporting-export-types-csv, reporting | - |
+| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.CSV_SEARCHSOURCE_IMMEDIATE_TYPE" text="CSV_SEARCHSOURCE_IMMEDIATE_TYPE"/> | @kbn/reporting-export-types-csv, reporting | - |
+| <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.CSV_JOB_TYPE_DEPRECATED" text="CSV_JOB_TYPE_DEPRECATED"/> | reporting | - |
+| <DocLink id="kibKbnReportingExportTypesPdfPluginApi" section="def-server.PdfV1ExportType" text="PdfV1ExportType"/> | reporting | - |
+| <DocLink id="kibKbnReportingExportTypesPdfCommonPluginApi" section="def-common.JobParamsPDFDeprecated" text="JobParamsPDFDeprecated"/> | @kbn/reporting-export-types-pdf, reporting | - |
 | <DocLink id="kibKbnReportingPublicPluginApi" section="def-public.ReportingAPIClient.createImmediateReport" text="createImmediateReport"/> | @kbn/reporting-csv-share-panel | - |
 | <DocLink id="kibLicensingPluginApi" section="def-public.LicensingPluginSetup.license$" text="license$"/> | security, aiops, licenseManagement, ml, crossClusterReplication, logstash, painlessLab, searchprofiler, watcher, profiling, apm, slo | 8.8.0 |
 | <DocLink id="kibLicensingPluginApi" section="def-server.LicensingPluginSetup.license$" text="license$"/> | spaces, security, actions, alerting, aiops, remoteClusters, ml, graph, indexLifecycleManagement, mapsEms, osquery, securitySolution, painlessLab, rollup, searchprofiler, snapshotRestore, transform, upgradeAssistant | 8.8.0 |
@@ -231,6 +232,7 @@ Safe to remove.
 | <DocLink id="kibListsPluginApi" section="def-server.ListClient.setListPolicy" text="setListPolicy"/> | lists | 
 | <DocLink id="kibListsPluginApi" section="def-server.ListClient.setListItemPolicy" text="setListItemPolicy"/> | lists | 
 | <DocLink id="kibSavedObjectsPluginApi" section="def-public.SavedObjectsStart.SavedObjectClass" text="SavedObjectClass"/> | savedObjects | 
+| <DocLink id="kibSecurityPluginApi" section="def-public.SecurityPluginSetup.authc" text="authc"/> | security | 
 | <DocLink id="kibServerlessPluginApi" section="def-public.ServerlessPluginStart.setSideNavComponentDeprecated" text="setSideNavComponentDeprecated"/> | serverless | 
 | <DocLink id="kibTaskManagerPluginApi" section="def-server.ConcreteTaskInstance.interval" text="interval"/> | taskManager | 
 | <DocLink id="kibTaskManagerPluginApi" section="def-server.ConcreteTaskInstance.numSkippedRuns" text="numSkippedRuns"/> | taskManager | 
diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx
index 4752ee8c2b541..ae56cb777456e 100644
--- a/api_docs/deprecations_by_plugin.mdx
+++ b/api_docs/deprecations_by_plugin.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin
 slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin
 title: Deprecated API usage by plugin
 description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by.
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
@@ -543,7 +543,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
 | <DocLink id="kibFeaturesPluginApi" section="def-server.PluginSetupContract.getKibanaFeatures" text="getKibanaFeatures"/> | [factory.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/factory.test.ts#:~:text=getKibanaFeatures) | 8.8.0 |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/factory.ts#:~:text=authc), [factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/factory.ts#:~:text=authc) | - |
 | <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.userProfiles" text="userProfiles"/> | [email_notification_service.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts#:~:text=userProfiles), [factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/factory.ts#:~:text=userProfiles), [utils.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/cases/utils.ts#:~:text=userProfiles), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/services/user_profiles/index.ts#:~:text=userProfiles), [email_notification_service.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts#:~:text=userProfiles), [factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/factory.ts#:~:text=userProfiles), [utils.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/client/cases/utils.ts#:~:text=userProfiles), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/services/user_profiles/index.ts#:~:text=userProfiles) | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.ResolvedSimpleSavedObject" text="ResolvedSimpleSavedObject"/> | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/common/ui/types.ts#:~:text=ResolvedSimpleSavedObject), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/common/ui/types.ts#:~:text=ResolvedSimpleSavedObject), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/common/ui/types.ts#:~:text=ResolvedSimpleSavedObject), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/common/ui/types.ts#:~:text=ResolvedSimpleSavedObject) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [cases.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/saved_object_types/cases/cases.ts#:~:text=migrations), [configure.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/saved_object_types/configure.ts#:~:text=migrations), [comments.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/saved_object_types/comments.ts#:~:text=migrations), [user_actions.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/saved_object_types/user_actions.ts#:~:text=migrations), [connector_mappings.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/server/saved_object_types/connector_mappings.ts#:~:text=migrations) | - |
@@ -625,19 +624,16 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibDataPluginApi" section="def-public.DataPublicPluginStart.fieldFormats" text="fieldFormats"/> | [types.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/data/types.ts#:~:text=fieldFormats), [data_service.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/data/data_service.ts#:~:text=fieldFormats) | - |
 | <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddablePanel" text="EmbeddablePanel"/> | [dashboard_grid_item.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx#:~:text=EmbeddablePanel), [dashboard_grid_item.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx#:~:text=EmbeddablePanel) | - |
 | <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableSetup.registerEmbeddableFactory" text="registerEmbeddableFactory"/> | [plugin.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/plugin.tsx#:~:text=registerEmbeddableFactory) | - |
-| <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableStart.getEmbeddableFactory" text="getEmbeddableFactory"/> | [migrate_dashboard_input.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/dashboard_content_management/lib/migrate_dashboard_input.ts#:~:text=getEmbeddableFactory), [migrate_dashboard_input.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/dashboard_content_management/lib/migrate_dashboard_input.ts#:~:text=getEmbeddableFactory), [create_dashboard.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts#:~:text=getEmbeddableFactory), [dashboard_container.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx#:~:text=getEmbeddableFactory), [dashboard_container.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx#:~:text=getEmbeddableFactory), [dashboard_renderer.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_renderer.tsx#:~:text=getEmbeddableFactory), [embeddable.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/embeddable/embeddable.stub.ts#:~:text=getEmbeddableFactory), [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=getEmbeddableFactory), [create_dashboard.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts#:~:text=getEmbeddableFactory), [create_dashboard.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts#:~:text=getEmbeddableFactory)+ 10 more | - |
+| <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableStart.getEmbeddableFactory" text="getEmbeddableFactory"/> | [migrate_dashboard_input.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/dashboard_content_management/lib/migrate_dashboard_input.ts#:~:text=getEmbeddableFactory), [migrate_dashboard_input.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/dashboard_content_management/lib/migrate_dashboard_input.ts#:~:text=getEmbeddableFactory), [create_dashboard.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts#:~:text=getEmbeddableFactory), [dashboard_container.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx#:~:text=getEmbeddableFactory), [dashboard_container.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx#:~:text=getEmbeddableFactory), [dashboard_renderer.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_renderer.tsx#:~:text=getEmbeddableFactory), [embeddable.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/embeddable/embeddable.stub.ts#:~:text=getEmbeddableFactory), [create_dashboard.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts#:~:text=getEmbeddableFactory), [create_dashboard.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts#:~:text=getEmbeddableFactory), [create_dashboard.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts#:~:text=getEmbeddableFactory)+ 9 more | - |
 | <DocLink id="kibEmbeddablePluginApi" section="def-public.EmbeddableStart.getEmbeddableFactories" text="getEmbeddableFactories"/> | [editor_menu.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx#:~:text=getEmbeddableFactories), [embeddable.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/embeddable/embeddable.stub.ts#:~:text=getEmbeddableFactories), [embeddable.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/services/embeddable/embeddable.stub.ts#:~:text=getEmbeddableFactories) | - |
 | <DocLink id="kibSavedObjectsPluginApi" section="def-public.SavedObjectSaveModal" text="SavedObjectSaveModal"/> | [save_modal.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/overlays/save_modal.tsx#:~:text=SavedObjectSaveModal), [save_modal.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/overlays/save_modal.tsx#:~:text=SavedObjectSaveModal), [add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx#:~:text=SavedObjectSaveModal), [add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx#:~:text=SavedObjectSaveModal) | 8.8.0 |
-| <DocLink id="kibKbnCoreLifecycleBrowserPluginApi" section="def-common.CoreStart.savedObjects" text="savedObjects"/> | [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=savedObjects), [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=savedObjects) | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.create" text="create"/> | [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=create) | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.find" text="find"/> | [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=find) | - |
-| <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SavedObjectsClientContract.get" text="get"/> | [duplicate_dashboard_panel.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts#:~:text=get) | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectReference" text="SavedObjectReference"/> | [types.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/common/bwc/types.ts#:~:text=SavedObjectReference), [types.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/common/bwc/types.ts#:~:text=SavedObjectReference) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [dashboard_saved_object.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/server/dashboard_saved_object/dashboard_saved_object.ts#:~:text=migrations) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.schemas" text="schemas"/> | [dashboard_saved_object.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/server/dashboard_saved_object/dashboard_saved_object.ts#:~:text=schemas) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.convertToMultiNamespaceTypeVersion" text="convertToMultiNamespaceTypeVersion"/> | [dashboard_saved_object.ts](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/server/dashboard_saved_object/dashboard_saved_object.ts#:~:text=convertToMultiNamespaceTypeVersion) | - |
 | <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.apiHasLegacyLibraryTransforms" text="apiHasLegacyLibraryTransforms"/> | [legacy_add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_add_to_library_action.tsx#:~:text=apiHasLegacyLibraryTransforms), [legacy_add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_add_to_library_action.tsx#:~:text=apiHasLegacyLibraryTransforms), [legacy_unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_unlink_from_library_action.tsx#:~:text=apiHasLegacyLibraryTransforms), [legacy_unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_unlink_from_library_action.tsx#:~:text=apiHasLegacyLibraryTransforms) | - |
 | <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.HasLegacyLibraryTransforms" text="HasLegacyLibraryTransforms"/> | [legacy_add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_add_to_library_action.tsx#:~:text=HasLegacyLibraryTransforms), [legacy_add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_add_to_library_action.tsx#:~:text=HasLegacyLibraryTransforms), [legacy_unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_unlink_from_library_action.tsx#:~:text=HasLegacyLibraryTransforms), [legacy_unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/legacy_unlink_from_library_action.tsx#:~:text=HasLegacyLibraryTransforms) | - |
+| <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.HasLibraryTransforms" text="HasLibraryTransforms"/> | [add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx#:~:text=HasLibraryTransforms), [add_to_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx#:~:text=HasLibraryTransforms), [unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx#:~:text=HasLibraryTransforms), [unlink_from_library_action.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx#:~:text=HasLibraryTransforms) | - |
 
 
 
@@ -658,7 +654,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
 | <DocLink id="kibDataViewsPluginApi" section="def-common.AbstractDataView.title" text="title"/> | [inspector_stats.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/search_source/inspect/inspector_stats.ts#:~:text=title), [response_writer.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/tabify/response_writer.ts#:~:text=title), [field.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/param_types/field.ts#:~:text=title), [get_display_value.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/public/query/filter_manager/lib/get_display_value.ts#:~:text=title), [agg_config.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/agg_config.test.ts#:~:text=title), [_terms_other_bucket_helper.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.test.ts#:~:text=title), [multi_terms.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/buckets/multi_terms.test.ts#:~:text=title), [multi_terms.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/buckets/multi_terms.test.ts#:~:text=title), [rare_terms.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/buckets/rare_terms.test.ts#:~:text=title), [terms.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/search/aggs/buckets/terms.test.ts#:~:text=title)+ 2 more | - |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginSetup.authc" text="authc"/> | [session_service.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/server/search/session/session_service.ts#:~:text=authc) | - |
 | <DocLink id="kibUiActionsPluginApi" section="def-public.UiActionsService.executeTriggerActions" text="executeTriggerActions"/> | [data_table.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/data/public/utils/table_inspector_view/components/data_table.tsx#:~:text=executeTriggerActions), [data_table.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/data/public/utils/table_inspector_view/components/data_table.tsx#:~:text=executeTriggerActions) | - |
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectReference" text="SavedObjectReference"/> | [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/filters/persistable_state.ts#:~:text=SavedObjectReference), [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/filters/persistable_state.ts#:~:text=SavedObjectReference), [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/filters/persistable_state.ts#:~:text=SavedObjectReference), [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/persistable_state.ts#:~:text=SavedObjectReference), [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/persistable_state.ts#:~:text=SavedObjectReference), [persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/common/query/persistable_state.ts#:~:text=SavedObjectReference) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [query.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/server/saved_objects/query.ts#:~:text=migrations), [search_telemetry.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/server/saved_objects/search_telemetry.ts#:~:text=migrations), [search_session.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data/server/search/saved_objects/search_session.ts#:~:text=migrations) | - |
@@ -698,7 +693,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibDataPluginApi" section="def-server.DataView.getScriptedFields" text="getScriptedFields"/> | [data_view.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.ts#:~:text=getScriptedFields), [data_view.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.ts#:~:text=getScriptedFields), [data_view.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.ts#:~:text=getScriptedFields), [data_views.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_views.ts#:~:text=getScriptedFields), [data_view.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.test.ts#:~:text=getScriptedFields), [data_view.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.test.ts#:~:text=getScriptedFields), [data_view.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.test.ts#:~:text=getScriptedFields), [data_view.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.test.ts#:~:text=getScriptedFields), [data_view.test.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/common/data_views/data_view.test.ts#:~:text=getScriptedFields) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [data_views.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/server/saved_objects/data_views.ts#:~:text=migrations) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.convertToMultiNamespaceTypeVersion" text="convertToMultiNamespaceTypeVersion"/> | [data_views.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/server/saved_objects/data_views.ts#:~:text=convertToMultiNamespaceTypeVersion) | - |
-| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.authc" text="authc"/> | [plugin.ts](https://github.com/elastic/kibana/tree/main/src/plugins/data_views/public/plugin.ts#:~:text=authc) | - |
 
 
 
@@ -708,7 +702,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | ---------------|-----------|-----------|
 | <DocLink id="kibDataPluginApi" section="def-public.DataPublicPluginStart.fieldFormats" text="fieldFormats"/> | [document_stats.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_row/document_stats.tsx#:~:text=fieldFormats), [distinct_values.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_row/distinct_values.tsx#:~:text=fieldFormats), [top_values.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/top_values/top_values.tsx#:~:text=fieldFormats), [choropleth_map.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_expanded_row/choropleth_map.tsx#:~:text=fieldFormats), [default_value_formatter.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/data_drift/charts/default_value_formatter.ts#:~:text=fieldFormats) | - |
 | <DocLink id="kibDataViewsPluginApi" section="def-common.AbstractDataView.title" text="title"/> | [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=title) | - |
-| <DocLink id="kibSecurityPluginApi" section="def-public.SecurityPluginSetup.authc" text="authc"/> | [filebeat_config_flyout.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx#:~:text=authc), [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=authc), [filebeat_config_flyout.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx#:~:text=authc), [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=authc) | - |
 | <DocLink id="kibKbnCoreLifecycleBrowserPluginApi" section="def-common.CoreStart.savedObjects" text="savedObjects"/> | [index_data_visualizer.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx#:~:text=savedObjects) | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SimpleSavedObject" text="SimpleSavedObject"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/common/types/index.ts#:~:text=SimpleSavedObject), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/common/types/index.ts#:~:text=SimpleSavedObject) | - |
 
@@ -730,14 +723,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 
 
-## elasticAssistant
-
-| Deprecated API | Reference location(s) | Remove By |
-| ---------------|-----------|-----------|
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [request_context_factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts#:~:text=authc), [request_context_factory.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts#:~:text=authc) | - |
-
-
-
 ## embeddable
 
 | Deprecated API | Reference location(s) | Remove By |
@@ -781,6 +766,14 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 
 
+## entityManager
+
+| Deprecated API | Reference location(s) | Remove By |
+| ---------------|-----------|-----------|
+| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts#:~:text=authc) | - |
+
+
+
 ## eventAnnotation
 
 | Deprecated API | Reference location(s) | Remove By |
@@ -837,7 +830,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [create.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/routes/file_kind/create.ts#:~:text=authc), [create.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/routes/file_kind/create.ts#:~:text=authc) | - |
 | <DocLink id="kibKbnSecurityPluginTypesServerPluginApi" section="def-server.SecurityPluginSetup.audit" text="audit"/> | [file_service_factory.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/file_service/file_service_factory.ts#:~:text=audit), [file_service_factory.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/file_service/file_service_factory.ts#:~:text=audit) | - |
 
 
@@ -860,7 +852,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibDiscoverPluginApi" section="def-common.DiscoverAppLocatorParams.indexPatternId" text="indexPatternId"/> | [use_get_logs_discover_link.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/multi_page_layout/hooks/use_get_logs_discover_link.tsx#:~:text=indexPatternId) | - |
 | <DocLink id="kibLicensingPluginApi" section="def-public.PublicLicense.mode" text="mode"/> | [agent_policy_config.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/common/services/agent_policy_config.test.ts#:~:text=mode), [agent_policy_config.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/common/services/agent_policy_config.test.ts#:~:text=mode), [agent_policy_watch.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/agent_policy_watch.test.ts#:~:text=mode), [agent_policy_watch.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/agent_policy_watch.test.ts#:~:text=mode) | 8.8.0 |
 | <DocLink id="kibLicensingPluginApi" section="def-server.PublicLicense.mode" text="mode"/> | [agent_policy_config.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/common/services/agent_policy_config.test.ts#:~:text=mode), [agent_policy_config.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/common/services/agent_policy_config.test.ts#:~:text=mode), [agent_policy_watch.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/agent_policy_watch.test.ts#:~:text=mode), [agent_policy_watch.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/agent_policy_watch.test.ts#:~:text=mode) | 8.8.0 |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [security.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/security.ts#:~:text=authc), [security.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/security/security.ts#:~:text=authc), [transform_api_keys.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/epm/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/epm/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/epm/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/epm/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/epm/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts#:~:text=authc)+ 36 more | - |
+| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [security.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/security.ts#:~:text=authc), [transform_api_keys.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts#:~:text=authc), [fleet_server_policies_enrollment_keys.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts#:~:text=authc), [handlers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/setup/handlers.ts#:~:text=authc), [handlers.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/setup/handlers.test.ts#:~:text=authc), [handlers.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/setup/handlers.test.ts#:~:text=authc), [handlers.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/routes/setup/handlers.test.ts#:~:text=authc), [security.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/security.ts#:~:text=authc), [transform_api_keys.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts#:~:text=authc), [fleet_server_policies_enrollment_keys.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts#:~:text=authc)+ 4 more | - |
 | <DocLink id="kibKbnCoreApplicationBrowserPluginApi" section="def-common.AppMountParameters.appBasePath" text="appBasePath"/> | [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/public/applications/integrations/index.tsx#:~:text=appBasePath) | 8.8.0 |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/saved_objects/index.ts#:~:text=migrations), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/saved_objects/index.ts#:~:text=migrations), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/saved_objects/index.ts#:~:text=migrations), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/saved_objects/index.ts#:~:text=migrations), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/saved_objects/index.ts#:~:text=migrations) | - |
 | <DocLink id="kibKbnSecurityPluginTypesServerPluginApi" section="def-server.SecurityPluginSetup.audit" text="audit"/> | [audit_logging.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/audit_logging.ts#:~:text=audit), [audit_logging.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/fleet/server/services/audit_logging.ts#:~:text=audit) | - |
@@ -915,7 +907,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
 | <DocLink id="kibUiActionsPluginApi" section="def-public.UiActionsService.executeTriggerActions" text="executeTriggerActions"/> | [image_embeddable.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/image_embeddable/public/components/image_embeddable.tsx#:~:text=executeTriggerActions) | - |
-| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.authc" text="authc"/> | [open_image_editor.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx#:~:text=authc) | - |
 
 
 
@@ -1072,7 +1063,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" section="def-common.SavedObjectReference" text="SavedObjectReference"/> | [load_from_library.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/routes/map_page/saved_map/load_from_library.ts#:~:text=SavedObjectReference), [load_from_library.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/routes/map_page/saved_map/load_from_library.ts#:~:text=SavedObjectReference), [save_to_library.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/routes/map_page/saved_map/save_to_library.ts#:~:text=SavedObjectReference), [save_to_library.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/routes/map_page/saved_map/save_to_library.ts#:~:text=SavedObjectReference), [references.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/common/migrations/references.ts#:~:text=SavedObjectReference), [references.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/common/migrations/references.ts#:~:text=SavedObjectReference), [references.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/common/migrations/references.ts#:~:text=SavedObjectReference), [references.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/common/migrations/references.ts#:~:text=SavedObjectReference), [references.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/common/migrations/references.ts#:~:text=SavedObjectReference) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.migrations" text="migrations"/> | [setup_saved_objects.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/server/saved_objects/setup_saved_objects.ts#:~:text=migrations) | - |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" section="def-common.SavedObjectsType.convertToMultiNamespaceTypeVersion" text="convertToMultiNamespaceTypeVersion"/> | [setup_saved_objects.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/server/saved_objects/setup_saved_objects.ts#:~:text=convertToMultiNamespaceTypeVersion) | - |
-| <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" section="def-public.SecurityPluginStart.authc" text="authc"/> | [es_search_source.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx#:~:text=authc) | - |
+| <DocLink id="kibKbnPresentationPublishingPluginApi" section="def-common.HasLibraryTransforms" text="HasLibraryTransforms"/> | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/types.ts#:~:text=HasLibraryTransforms), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/types.ts#:~:text=HasLibraryTransforms), [library_transforms.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/library_transforms.ts#:~:text=HasLibraryTransforms), [library_transforms.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/library_transforms.ts#:~:text=HasLibraryTransforms) | - |
 
 
 
@@ -1129,6 +1120,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
+| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts#:~:text=authc), [route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts#:~:text=authc) | - |
 | <DocLink id="kibKbnCoreElasticsearchServerPluginApi" section="def-common.ElasticsearchServiceSetup.legacy" text="legacy"/> | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/plugin.ts#:~:text=legacy) | - |
 
 
@@ -1151,7 +1143,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibFleetPluginApi" section="def-public.NewPackagePolicy.policy_id" text="policy_id"/> | [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id) | - |
 | <DocLink id="kibFleetPluginApi" section="def-common.NewPackagePolicy.policy_id" text="policy_id"/> | [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id), [osquery_managed_policy_create_import_extension.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx#:~:text=policy_id) | - |
 | <DocLink id="kibLicensingPluginApi" section="def-server.LicensingPluginSetup.license$" text="license$"/> | [create_action_service.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/handlers/action/create_action_service.ts#:~:text=license%24) | 8.8.0 |
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [create_live_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts#:~:text=authc), [create_saved_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts#:~:text=authc), [update_saved_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts#:~:text=authc), [create_pack_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts#:~:text=authc), [update_pack_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts#:~:text=authc), [update_assets_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts#:~:text=authc), [create_live_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts#:~:text=authc), [create_saved_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts#:~:text=authc), [update_saved_query_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts#:~:text=authc), [create_pack_route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts#:~:text=authc)+ 2 more | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-public.TimelinesUIStart.getHoverActions" text="getHoverActions"/> | [add_to_timeline_button.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/osquery/public/timelines/add_to_timeline_button.tsx#:~:text=getHoverActions) | - |
 
 
@@ -1194,7 +1185,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
-| <DocLink id="kibSecurityPluginApi" section="def-server.SecurityPluginStart.authc" text="authc"/> | [get_user.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/common/get_user.ts#:~:text=authc), [get_user.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/common/get_user.ts#:~:text=authc) | - |
 | <DocLink id="kibKbnReportingExportTypesCsvPluginApi" section="def-server.CsvSearchSourceImmediateExportType" text="CsvSearchSourceImmediateExportType"/> | [core.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/core.ts#:~:text=CsvSearchSourceImmediateExportType), [core.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/core.ts#:~:text=CsvSearchSourceImmediateExportType) | - |
 | <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.JobParamsDownloadCSV" text="JobParamsDownloadCSV"/> | [csv_searchsource_immediate.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/internal/generate/csv_searchsource_immediate.ts#:~:text=JobParamsDownloadCSV), [csv_searchsource_immediate.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/internal/generate/csv_searchsource_immediate.ts#:~:text=JobParamsDownloadCSV) | - |
 | <DocLink id="kibKbnReportingExportTypesCsvCommonPluginApi" section="def-common.CSV_SEARCHSOURCE_IMMEDIATE_TYPE" text="CSV_SEARCHSOURCE_IMMEDIATE_TYPE"/> | [csv_searchsource_immediate.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/internal/generate/csv_searchsource_immediate.ts#:~:text=CSV_SEARCHSOURCE_IMMEDIATE_TYPE), [csv_searchsource_immediate.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/internal/generate/csv_searchsource_immediate.ts#:~:text=CSV_SEARCHSOURCE_IMMEDIATE_TYPE), [csv_searchsource_immediate.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/reporting/server/routes/internal/generate/csv_searchsource_immediate.ts#:~:text=CSV_SEARCHSOURCE_IMMEDIATE_TYPE) | - |
@@ -1360,8 +1350,8 @@ migrates to using the Kibana Privilege model: https://github.com/elastic/kibana/
 | <DocLink id="kibTimelinesPluginApi" section="def-common.DeprecatedCellValueElementProps" text="DeprecatedCellValueElementProps"/> | [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedCellValueElementProps), [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedCellValueElementProps) | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.DeprecatedRowRenderer" text="DeprecatedRowRenderer"/> | [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedRowRenderer), [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedRowRenderer) | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.BeatFields" text="BeatFields"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields) | - |
-| <DocLink id="kibTimelinesPluginApi" section="def-common.BrowserField" text="BrowserField"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [table_tab.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx#:~:text=BrowserField), [table_tab.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField)+ 33 more | - |
-| <DocLink id="kibTimelinesPluginApi" section="def-common.BrowserFields" text="BrowserFields"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields)+ 109 more | - |
+| <DocLink id="kibTimelinesPluginApi" section="def-common.BrowserField" text="BrowserField"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField)+ 32 more | - |
+| <DocLink id="kibTimelinesPluginApi" section="def-common.BrowserFields" text="BrowserFields"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields)+ 105 more | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.IndexFieldsStrategyRequest" text="IndexFieldsStrategyRequest"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyRequest), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyRequest) | - |
 | <DocLink id="kibTimelinesPluginApi" section="def-common.IndexFieldsStrategyResponse" text="IndexFieldsStrategyResponse"/> | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyResponse), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyResponse) | - |
 | <DocLink id="kibKbnCoreSavedObjectsApiBrowserPluginApi" section="def-common.SimpleSavedObject" text="SimpleSavedObject"/> | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/hooks/types.ts#:~:text=SimpleSavedObject), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/hooks/types.ts#:~:text=SimpleSavedObject) | - |
@@ -1453,7 +1443,7 @@ migrates to using the Kibana Privilege model: https://github.com/elastic/kibana/
 
 | Deprecated API | Reference location(s) | Remove By |
 | ---------------|-----------|-----------|
-| <DocLink id="kibAlertingPluginApi" section="def-server.RuleExecutorServices.alertFactory" text="alertFactory"/> | [common.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts#:~:text=alertFactory), [message_utils.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts#:~:text=alertFactory), [tls_rule.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts#:~:text=alertFactory), [monitor_status_rule.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts#:~:text=alertFactory) | - |
+| <DocLink id="kibAlertingPluginApi" section="def-server.RuleExecutorServices.alertFactory" text="alertFactory"/> | [message_utils.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts#:~:text=alertFactory), [tls_rule.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts#:~:text=alertFactory) | - |
 | <DocLink id="kibDiscoverPluginApi" section="def-common.DiscoverAppLocatorParams.indexPatternId" text="indexPatternId"/> | [stderr_logs.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/common/components/stderr_logs.tsx#:~:text=indexPatternId) | - |
 | <DocLink id="kibFleetPluginApi" section="def-public.NewPackagePolicy.policy_id" text="policy_id"/> | [synthetics_private_location.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/private_location/synthetics_private_location.ts#:~:text=policy_id) | - |
 | <DocLink id="kibFleetPluginApi" section="def-common.NewPackagePolicy.policy_id" text="policy_id"/> | [synthetics_private_location.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/private_location/synthetics_private_location.ts#:~:text=policy_id) | - |
diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx
index c99f47c97e352..259be3b5f4b6a 100644
--- a/api_docs/deprecations_by_team.mdx
+++ b/api_docs/deprecations_by_team.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam
 slug: /kibana-dev-docs/api-meta/deprecations-due-by-team
 title: Deprecated APIs due to be removed, by team
 description: Lists the teams that are referencing deprecated APIs with a remove by date.
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx
index 35498a89f5b17..94ab81dda7dc6 100644
--- a/api_docs/dev_tools.mdx
+++ b/api_docs/dev_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools
 title: "devTools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the devTools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools']
 ---
 import devToolsObj from './dev_tools.devdocs.json';
diff --git a/api_docs/discover.devdocs.json b/api_docs/discover.devdocs.json
index 26f8c41e05c83..7313700b71a33 100644
--- a/api_docs/discover.devdocs.json
+++ b/api_docs/discover.devdocs.json
@@ -1010,72 +1010,6 @@
         ],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "discover",
-        "id": "def-public.FlyoutContentProps",
-        "type": "Interface",
-        "tags": [],
-        "label": "FlyoutContentProps",
-        "description": [],
-        "path": "src/plugins/discover/public/customizations/customization_types/flyout_customization.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "discover",
-            "id": "def-public.FlyoutContentProps.actions",
-            "type": "Object",
-            "tags": [],
-            "label": "actions",
-            "description": [],
-            "signature": [
-              "{ filter?: ",
-              "DocViewFilterFn",
-              " | undefined; onAddColumn?: ((columnName: string) => void) | undefined; onRemoveColumn?: ((columnName: string) => void) | undefined; }"
-            ],
-            "path": "src/plugins/discover/public/customizations/customization_types/flyout_customization.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "discover",
-            "id": "def-public.FlyoutContentProps.doc",
-            "type": "Object",
-            "tags": [],
-            "label": "doc",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "@kbn/discover-utils",
-                "scope": "common",
-                "docId": "kibKbnDiscoverUtilsPluginApi",
-                "section": "def-common.DataTableRecord",
-                "text": "DataTableRecord"
-              }
-            ],
-            "path": "src/plugins/discover/public/customizations/customization_types/flyout_customization.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "discover",
-            "id": "def-public.FlyoutContentProps.renderDefaultContent",
-            "type": "Function",
-            "tags": [],
-            "label": "renderDefaultContent",
-            "description": [],
-            "signature": [
-              "() => React.ReactNode"
-            ],
-            "path": "src/plugins/discover/public/customizations/customization_types/flyout_customization.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [],
-            "returnComment": []
-          }
-        ],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "discover",
         "id": "def-public.FlyoutCustomization",
@@ -1157,13 +1091,7 @@
             "description": [],
             "signature": [
               "React.ComponentType<",
-              {
-                "pluginId": "discover",
-                "scope": "public",
-                "docId": "kibDiscoverPluginApi",
-                "section": "def-public.FlyoutContentProps",
-                "text": "FlyoutContentProps"
-              },
+              "FlyoutContentProps",
               "> | undefined"
             ],
             "path": "src/plugins/discover/public/customizations/customization_types/flyout_customization.ts",
diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx
index 64e53552a24f3..cae22d849f70f 100644
--- a/api_docs/discover.mdx
+++ b/api_docs/discover.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover
 title: "discover"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discover plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover']
 ---
 import discoverObj from './discover.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 148 | 0 | 101 | 28 |
+| 144 | 0 | 97 | 29 |
 
 ## Client
 
diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx
index 5583e7fac0809..75f3ddfc64ae8 100644
--- a/api_docs/discover_enhanced.mdx
+++ b/api_docs/discover_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced
 title: "discoverEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discoverEnhanced plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced']
 ---
 import discoverEnhancedObj from './discover_enhanced.devdocs.json';
diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx
index 00441fc0a8e03..e9746fa185df9 100644
--- a/api_docs/discover_shared.mdx
+++ b/api_docs/discover_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared
 title: "discoverShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discoverShared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared']
 ---
 import discoverSharedObj from './discover_shared.devdocs.json';
diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx
index 04dbf12c64752..45124ba5473f4 100644
--- a/api_docs/ecs_data_quality_dashboard.mdx
+++ b/api_docs/ecs_data_quality_dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard
 title: "ecsDataQualityDashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ecsDataQualityDashboard plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard']
 ---
 import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json';
diff --git a/api_docs/elastic_assistant.devdocs.json b/api_docs/elastic_assistant.devdocs.json
index e543e43a16801..a792d44c94558 100644
--- a/api_docs/elastic_assistant.devdocs.json
+++ b/api_docs/elastic_assistant.devdocs.json
@@ -1609,7 +1609,7 @@
                 "section": "def-common.KibanaRequest",
                 "text": "KibanaRequest"
               },
-              "<unknown, unknown, { actionTypeId: string; subAction: \"invokeAI\" | \"invokeStream\"; replacements: {} & { [k: string]: string; }; conversationId?: string | undefined; message?: string | undefined; model?: string | undefined; alertsIndexPattern?: string | undefined; allow?: string[] | undefined; allowReplacement?: string[] | undefined; isEnabledKnowledgeBase?: boolean | undefined; isEnabledRAGAlerts?: boolean | undefined; size?: number | undefined; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; } | { connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, any>"
+              "<unknown, unknown, { actionTypeId: string; subAction: \"invokeAI\" | \"invokeStream\"; replacements: {} & { [k: string]: string; }; conversationId?: string | undefined; message?: string | undefined; model?: string | undefined; alertsIndexPattern?: string | undefined; allow?: string[] | undefined; allowReplacement?: string[] | undefined; isEnabledKnowledgeBase?: boolean | undefined; isEnabledRAGAlerts?: boolean | undefined; size?: number | undefined; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; } | { size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, any>"
             ],
             "path": "x-pack/plugins/elastic_assistant/server/types.ts",
             "deprecated": false,
@@ -1816,11 +1816,11 @@
             "description": [],
             "signature": [
               {
-                "pluginId": "@kbn/security-plugin-types-server",
-                "scope": "server",
-                "docId": "kibKbnSecurityPluginTypesServerPluginApi",
-                "section": "def-server.SecurityPluginStart",
-                "text": "SecurityPluginStart"
+                "pluginId": "@kbn/core-security-server",
+                "scope": "common",
+                "docId": "kibKbnCoreSecurityServerPluginApi",
+                "section": "def-common.SecurityServiceStart",
+                "text": "SecurityServiceStart"
               }
             ],
             "path": "x-pack/plugins/elastic_assistant/server/types.ts",
diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx
index 2d685a960e6cc..0f973677b951c 100644
--- a/api_docs/elastic_assistant.mdx
+++ b/api_docs/elastic_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant
 title: "elasticAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the elasticAssistant plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant']
 ---
 import elasticAssistantObj from './elastic_assistant.devdocs.json';
diff --git a/api_docs/embeddable.devdocs.json b/api_docs/embeddable.devdocs.json
index 8c823689d0bd2..8219bbabc6b24 100644
--- a/api_docs/embeddable.devdocs.json
+++ b/api_docs/embeddable.devdocs.json
@@ -8940,7 +8940,7 @@
           "\nRenders a component from the React Embeddable registry into a Presentation Panel.\n\nTODO: Rename this to simply `Embeddable` when the legacy Embeddable system is removed."
         ],
         "signature": [
-          "<SerializedState extends object = object, Api extends ",
+          "<SerializedState extends object = object, RuntimeState extends object = SerializedState, Api extends ",
           {
             "pluginId": "embeddable",
             "scope": "public",
@@ -8948,7 +8948,7 @@
             "section": "def-public.DefaultEmbeddableApi",
             "text": "DefaultEmbeddableApi"
           },
-          "<SerializedState, SerializedState> = ",
+          "<SerializedState, RuntimeState> = ",
           {
             "pluginId": "embeddable",
             "scope": "public",
@@ -8956,7 +8956,7 @@
             "section": "def-public.DefaultEmbeddableApi",
             "text": "DefaultEmbeddableApi"
           },
-          "<SerializedState, SerializedState>, RuntimeState extends object = SerializedState, ParentApi extends ",
+          "<SerializedState, RuntimeState>, ParentApi extends ",
           {
             "pluginId": "@kbn/presentation-containers",
             "scope": "common",
@@ -10465,6 +10465,20 @@
               }
             ],
             "returnComment": []
+          },
+          {
+            "parentPluginId": "embeddable",
+            "id": "def-public.EmbeddableFactory.order",
+            "type": "number",
+            "tags": [],
+            "label": "order",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -12813,7 +12827,7 @@
             "section": "def-public.ReactEmbeddableFactory",
             "text": "ReactEmbeddableFactory"
           },
-          "<SerializedState, Api, RuntimeState>"
+          "<SerializedState, RuntimeState, Api>"
         ],
         "path": "src/plugins/embeddable/public/react_embeddable_system/types.ts",
         "deprecated": false,
@@ -12901,7 +12915,7 @@
             "signature": [
               "(initialState: RuntimeState, buildApi: (apiRegistration: ",
               "BuildReactEmbeddableApiRegistration",
-              "<SerializedState, Api>, comparators: ",
+              "<SerializedState, RuntimeState, Api>, comparators: ",
               {
                 "pluginId": "@kbn/presentation-publishing",
                 "scope": "common",
@@ -12909,9 +12923,17 @@
                 "section": "def-common.StateComparators",
                 "text": "StateComparators"
               },
-              "<RuntimeState>) => Api, uuid: string, parentApi: unknown, setApi: (api: ",
+              "<RuntimeState>) => Api & ",
+              {
+                "pluginId": "@kbn/presentation-containers",
+                "scope": "common",
+                "docId": "kibKbnPresentationContainersPluginApi",
+                "section": "def-common.HasSnapshottableState",
+                "text": "HasSnapshottableState"
+              },
+              "<RuntimeState>, uuid: string, parentApi: unknown, setApi: (api: ",
               "SetReactEmbeddableApiRegistration",
-              "<SerializedState, Api>) => Api) => Promise<{ Component: React.FC<{}>; api: Api; }>"
+              "<SerializedState, RuntimeState, Api>) => Api) => Promise<{ Component: React.FC<{}>; api: Api; }>"
             ],
             "path": "src/plugins/embeddable/public/react_embeddable_system/types.ts",
             "deprecated": false,
@@ -12942,7 +12964,7 @@
                 "signature": [
                   "(apiRegistration: ",
                   "BuildReactEmbeddableApiRegistration",
-                  "<SerializedState, Api>, comparators: ",
+                  "<SerializedState, RuntimeState, Api>, comparators: ",
                   {
                     "pluginId": "@kbn/presentation-publishing",
                     "scope": "common",
@@ -12950,7 +12972,15 @@
                     "section": "def-common.StateComparators",
                     "text": "StateComparators"
                   },
-                  "<RuntimeState>) => Api"
+                  "<RuntimeState>) => Api & ",
+                  {
+                    "pluginId": "@kbn/presentation-containers",
+                    "scope": "common",
+                    "docId": "kibKbnPresentationContainersPluginApi",
+                    "section": "def-common.HasSnapshottableState",
+                    "text": "HasSnapshottableState"
+                  },
+                  "<RuntimeState>"
                 ],
                 "path": "src/plugins/embeddable/public/react_embeddable_system/types.ts",
                 "deprecated": false,
@@ -12997,7 +13027,7 @@
                 "signature": [
                   "(api: ",
                   "SetReactEmbeddableApiRegistration",
-                  "<SerializedState, Api>) => Api"
+                  "<SerializedState, RuntimeState, Api>) => Api"
                 ],
                 "path": "src/plugins/embeddable/public/react_embeddable_system/types.ts",
                 "deprecated": false,
@@ -13680,6 +13710,178 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "embeddable",
+        "id": "def-public.COMMON_EMBEDDABLE_GROUPING",
+        "type": "Object",
+        "tags": [],
+        "label": "COMMON_EMBEDDABLE_GROUPING",
+        "description": [],
+        "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "embeddable",
+            "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy",
+            "type": "Object",
+            "tags": [],
+            "label": "legacy",
+            "description": [],
+            "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.id",
+                "type": "string",
+                "tags": [],
+                "label": "id",
+                "description": [],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.getDisplayName",
+                "type": "Function",
+                "tags": [],
+                "label": "getDisplayName",
+                "description": [],
+                "signature": [
+                  "() => string"
+                ],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [],
+                "returnComment": []
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.order",
+                "type": "number",
+                "tags": [],
+                "label": "order",
+                "description": [],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              }
+            ]
+          },
+          {
+            "parentPluginId": "embeddable",
+            "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation",
+            "type": "Object",
+            "tags": [],
+            "label": "annotation",
+            "description": [],
+            "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation.id",
+                "type": "string",
+                "tags": [],
+                "label": "id",
+                "description": [],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation.getDisplayName",
+                "type": "Function",
+                "tags": [],
+                "label": "getDisplayName",
+                "description": [],
+                "signature": [
+                  "() => string"
+                ],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [],
+                "returnComment": []
+              }
+            ]
+          },
+          {
+            "parentPluginId": "embeddable",
+            "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other",
+            "type": "Object",
+            "tags": [],
+            "label": "other",
+            "description": [],
+            "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.id",
+                "type": "string",
+                "tags": [],
+                "label": "id",
+                "description": [],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.getDisplayName",
+                "type": "Function",
+                "tags": [],
+                "label": "getDisplayName",
+                "description": [],
+                "signature": [
+                  "() => string"
+                ],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [],
+                "returnComment": []
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.getIconType",
+                "type": "Function",
+                "tags": [],
+                "label": "getIconType",
+                "description": [],
+                "signature": [
+                  "() => string"
+                ],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [],
+                "returnComment": []
+              },
+              {
+                "parentPluginId": "embeddable",
+                "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.order",
+                "type": "number",
+                "tags": [],
+                "label": "order",
+                "description": [],
+                "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              }
+            ]
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "embeddable",
         "id": "def-public.contextMenuTrigger",
@@ -14114,7 +14316,7 @@
             "\nRegisters an async {@link ReactEmbeddableFactory} getter."
           ],
           "signature": [
-            "<SerializedState extends object = object, Api extends ",
+            "<SerializedState extends object = object, RuntimeState extends object = SerializedState, Api extends ",
             {
               "pluginId": "embeddable",
               "scope": "public",
@@ -14122,7 +14324,7 @@
               "section": "def-public.DefaultEmbeddableApi",
               "text": "DefaultEmbeddableApi"
             },
-            "<SerializedState, SerializedState> = ",
+            "<SerializedState, RuntimeState> = ",
             {
               "pluginId": "embeddable",
               "scope": "public",
@@ -14130,7 +14332,7 @@
               "section": "def-public.DefaultEmbeddableApi",
               "text": "DefaultEmbeddableApi"
             },
-            "<SerializedState, SerializedState>, RuntimeState extends object = SerializedState>(type: string, getFactory: () => Promise<",
+            "<SerializedState, RuntimeState>>(type: string, getFactory: () => Promise<",
             {
               "pluginId": "embeddable",
               "scope": "public",
@@ -14138,7 +14340,7 @@
               "section": "def-public.ReactEmbeddableFactory",
               "text": "ReactEmbeddableFactory"
             },
-            "<SerializedState, Api, RuntimeState>>) => void"
+            "<SerializedState, RuntimeState, Api>>) => void"
           ],
           "path": "src/plugins/embeddable/public/plugin.tsx",
           "deprecated": false,
@@ -14172,7 +14374,7 @@
                   "section": "def-public.ReactEmbeddableFactory",
                   "text": "ReactEmbeddableFactory"
                 },
-                "<SerializedState, Api, RuntimeState>>"
+                "<SerializedState, RuntimeState, Api>>"
               ],
               "path": "src/plugins/embeddable/public/react_embeddable_system/react_embeddable_registry.ts",
               "deprecated": false,
@@ -14696,10 +14898,6 @@
               "plugin": "controls",
               "path": "src/plugins/controls/public/services/embeddable/embeddable.story.ts"
             },
-            {
-              "plugin": "dashboard",
-              "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-            },
             {
               "plugin": "dashboard",
               "path": "src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts"
diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx
index 6a9cebf1365b0..c0045a14e6aaa 100644
--- a/api_docs/embeddable.mdx
+++ b/api_docs/embeddable.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable
 title: "embeddable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the embeddable plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable']
 ---
 import embeddableObj from './embeddable.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 557 | 1 | 447 | 9 |
+| 571 | 1 | 461 | 9 |
 
 ## Client
 
diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx
index 345548c4b57bf..87dbd50d3a039 100644
--- a/api_docs/embeddable_enhanced.mdx
+++ b/api_docs/embeddable_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced
 title: "embeddableEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the embeddableEnhanced plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced']
 ---
 import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json';
diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx
index e9373181cd163..39b0d171a062e 100644
--- a/api_docs/encrypted_saved_objects.mdx
+++ b/api_docs/encrypted_saved_objects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects
 title: "encryptedSavedObjects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the encryptedSavedObjects plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects']
 ---
 import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json';
diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx
index c9eee95cb72b9..905d38204910a 100644
--- a/api_docs/enterprise_search.mdx
+++ b/api_docs/enterprise_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch
 title: "enterpriseSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the enterpriseSearch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch']
 ---
 import enterpriseSearchObj from './enterprise_search.devdocs.json';
diff --git a/api_docs/entity_manager.devdocs.json b/api_docs/entity_manager.devdocs.json
new file mode 100644
index 0000000000000..f8f2a8dde90aa
--- /dev/null
+++ b/api_docs/entity_manager.devdocs.json
@@ -0,0 +1,132 @@
+{
+  "id": "entityManager",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [
+      {
+        "parentPluginId": "entityManager",
+        "id": "def-public.EntityManagerPublicPluginSetup",
+        "type": "Interface",
+        "tags": [],
+        "label": "EntityManagerPublicPluginSetup",
+        "description": [],
+        "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "entityManager",
+            "id": "def-public.EntityManagerPublicPluginSetup.entityClient",
+            "type": "Object",
+            "tags": [],
+            "label": "entityClient",
+            "description": [],
+            "signature": [
+              "IEntityClient"
+            ],
+            "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "entityManager",
+        "id": "def-public.EntityManagerPublicPluginStart",
+        "type": "Interface",
+        "tags": [],
+        "label": "EntityManagerPublicPluginStart",
+        "description": [],
+        "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "entityManager",
+            "id": "def-public.EntityManagerPublicPluginStart.entityClient",
+            "type": "Object",
+            "tags": [],
+            "label": "entityClient",
+            "description": [],
+            "signature": [
+              "IEntityClient"
+            ],
+            "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "entityManager",
+        "id": "def-public.EntityManagerAppId",
+        "type": "Type",
+        "tags": [],
+        "label": "EntityManagerAppId",
+        "description": [],
+        "signature": [
+          "\"entityManager\""
+        ],
+        "path": "x-pack/plugins/observability_solution/entity_manager/public/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "entityManager",
+        "id": "def-server.EntityManagerConfig",
+        "type": "Type",
+        "tags": [],
+        "label": "EntityManagerConfig",
+        "description": [],
+        "signature": [
+          "{}"
+        ],
+        "path": "x-pack/plugins/observability_solution/entity_manager/common/config.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": [],
+    "start": {
+      "parentPluginId": "entityManager",
+      "id": "def-server.EntityManagerServerPluginStart",
+      "type": "Type",
+      "tags": [],
+      "label": "EntityManagerServerPluginStart",
+      "description": [],
+      "signature": [
+        "{}"
+      ],
+      "path": "x-pack/plugins/observability_solution/entity_manager/server/plugin.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "lifecycle": "start",
+      "initialIsOpen": true
+    }
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx
new file mode 100644
index 0000000000000..dfbe8a341020b
--- /dev/null
+++ b/api_docs/entity_manager.mdx
@@ -0,0 +1,41 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibEntityManagerPluginApi
+slug: /kibana-dev-docs/api/entityManager
+title: "entityManager"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the entityManager plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager']
+---
+import entityManagerObj from './entity_manager.devdocs.json';
+
+Entity manager plugin for entity assets (inventory, topology, etc)
+
+Contact [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 8 | 0 | 8 | 1 |
+
+## Client
+
+### Interfaces
+<DocDefinitionList data={entityManagerObj.client.interfaces}/>
+
+### Consts, variables and types
+<DocDefinitionList data={entityManagerObj.client.misc}/>
+
+## Server
+
+### Start
+<DocDefinitionList data={[entityManagerObj.server.start]}/>
+
+### Consts, variables and types
+<DocDefinitionList data={entityManagerObj.server.misc}/>
+
diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx
index e831609643e15..505bf58a9ea99 100644
--- a/api_docs/es_ui_shared.mdx
+++ b/api_docs/es_ui_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared
 title: "esUiShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the esUiShared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared']
 ---
 import esUiSharedObj from './es_ui_shared.devdocs.json';
diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx
index bd96bca5d8a5e..838b82d060adb 100644
--- a/api_docs/esql_data_grid.mdx
+++ b/api_docs/esql_data_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid
 title: "esqlDataGrid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the esqlDataGrid plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid']
 ---
 import esqlDataGridObj from './esql_data_grid.devdocs.json';
diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx
index 0f7fd892c5e5c..108723661589e 100644
--- a/api_docs/event_annotation.mdx
+++ b/api_docs/event_annotation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation
 title: "eventAnnotation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventAnnotation plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation']
 ---
 import eventAnnotationObj from './event_annotation.devdocs.json';
diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx
index 025991c1fda51..b99ba4fdea88d 100644
--- a/api_docs/event_annotation_listing.mdx
+++ b/api_docs/event_annotation_listing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing
 title: "eventAnnotationListing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventAnnotationListing plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing']
 ---
 import eventAnnotationListingObj from './event_annotation_listing.devdocs.json';
diff --git a/api_docs/event_log.devdocs.json b/api_docs/event_log.devdocs.json
index 76c10e0330333..489f4f8e7496c 100644
--- a/api_docs/event_log.devdocs.json
+++ b/api_docs/event_log.devdocs.json
@@ -1450,7 +1450,7 @@
             "label": "data",
             "description": [],
             "signature": [
-              "(Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined)[]"
+              "(Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined)[]"
             ],
             "path": "x-pack/plugins/event_log/server/es/cluster_client_adapter.ts",
             "deprecated": false,
@@ -1470,7 +1470,7 @@
         "label": "IEvent",
         "description": [],
         "signature": [
-          "DeepPartial<DeepWriteable<Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}>>> | undefined"
+          "DeepPartial<DeepWriteable<Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}>>> | undefined"
         ],
         "path": "x-pack/plugins/event_log/generated/schemas.ts",
         "deprecated": false,
@@ -1485,7 +1485,7 @@
         "label": "IValidatedEvent",
         "description": [],
         "signature": [
-          "Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined"
+          "Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined"
         ],
         "path": "x-pack/plugins/event_log/generated/schemas.ts",
         "deprecated": false,
diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx
index f1ae9dc895fd4..27ef25baf3155 100644
--- a/api_docs/event_log.mdx
+++ b/api_docs/event_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog
 title: "eventLog"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventLog plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog']
 ---
 import eventLogObj from './event_log.devdocs.json';
diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx
index 81c45d0084cff..5ccf8e68f7984 100644
--- a/api_docs/exploratory_view.mdx
+++ b/api_docs/exploratory_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView
 title: "exploratoryView"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the exploratoryView plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView']
 ---
 import exploratoryViewObj from './exploratory_view.devdocs.json';
diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx
index 6359145989bed..85f2920696311 100644
--- a/api_docs/expression_error.mdx
+++ b/api_docs/expression_error.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError
 title: "expressionError"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionError plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError']
 ---
 import expressionErrorObj from './expression_error.devdocs.json';
diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx
index 88e7721ea46a3..905c292a47f3f 100644
--- a/api_docs/expression_gauge.mdx
+++ b/api_docs/expression_gauge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge
 title: "expressionGauge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionGauge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge']
 ---
 import expressionGaugeObj from './expression_gauge.devdocs.json';
diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx
index ce962310cffe1..125fd8b22af3a 100644
--- a/api_docs/expression_heatmap.mdx
+++ b/api_docs/expression_heatmap.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap
 title: "expressionHeatmap"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionHeatmap plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap']
 ---
 import expressionHeatmapObj from './expression_heatmap.devdocs.json';
diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx
index 0dbd83678d813..c28665f5c0ee8 100644
--- a/api_docs/expression_image.mdx
+++ b/api_docs/expression_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage
 title: "expressionImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionImage plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage']
 ---
 import expressionImageObj from './expression_image.devdocs.json';
diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx
index f4b89b2c1e8fb..32a9079ec6529 100644
--- a/api_docs/expression_legacy_metric_vis.mdx
+++ b/api_docs/expression_legacy_metric_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis
 title: "expressionLegacyMetricVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionLegacyMetricVis plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis']
 ---
 import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json';
diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx
index 13f027fff7e22..65918f92a066b 100644
--- a/api_docs/expression_metric.mdx
+++ b/api_docs/expression_metric.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric
 title: "expressionMetric"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionMetric plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric']
 ---
 import expressionMetricObj from './expression_metric.devdocs.json';
diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx
index f86f46f96ef8a..df5441052fa58 100644
--- a/api_docs/expression_metric_vis.mdx
+++ b/api_docs/expression_metric_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis
 title: "expressionMetricVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionMetricVis plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis']
 ---
 import expressionMetricVisObj from './expression_metric_vis.devdocs.json';
diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx
index b13293aeedd00..25438e77d5dd6 100644
--- a/api_docs/expression_partition_vis.mdx
+++ b/api_docs/expression_partition_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis
 title: "expressionPartitionVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionPartitionVis plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis']
 ---
 import expressionPartitionVisObj from './expression_partition_vis.devdocs.json';
diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx
index 06fbe7aea3fe6..3efdbbe0171b1 100644
--- a/api_docs/expression_repeat_image.mdx
+++ b/api_docs/expression_repeat_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage
 title: "expressionRepeatImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionRepeatImage plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage']
 ---
 import expressionRepeatImageObj from './expression_repeat_image.devdocs.json';
diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx
index 896a29a9180ed..c74c9458695d1 100644
--- a/api_docs/expression_reveal_image.mdx
+++ b/api_docs/expression_reveal_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage
 title: "expressionRevealImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionRevealImage plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage']
 ---
 import expressionRevealImageObj from './expression_reveal_image.devdocs.json';
diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx
index 5f99e621e1423..75a99fec9d042 100644
--- a/api_docs/expression_shape.mdx
+++ b/api_docs/expression_shape.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape
 title: "expressionShape"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionShape plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape']
 ---
 import expressionShapeObj from './expression_shape.devdocs.json';
diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx
index b81f4fdee7ec1..4b1830c954026 100644
--- a/api_docs/expression_tagcloud.mdx
+++ b/api_docs/expression_tagcloud.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud
 title: "expressionTagcloud"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionTagcloud plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud']
 ---
 import expressionTagcloudObj from './expression_tagcloud.devdocs.json';
diff --git a/api_docs/expression_x_y.devdocs.json b/api_docs/expression_x_y.devdocs.json
index c9cf580930d20..1d66fc5d9a257 100644
--- a/api_docs/expression_x_y.devdocs.json
+++ b/api_docs/expression_x_y.devdocs.json
@@ -1067,6 +1067,55 @@
             "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "expressionXY",
+            "id": "def-common.LegendConfig.layout",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "layout",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "visualizations",
+                "scope": "common",
+                "docId": "kibVisualizationsPluginApi",
+                "section": "def-common.LegendLayout",
+                "text": "LegendLayout"
+              },
+              " | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "expressionXY",
+            "id": "def-common.LegendConfig.title",
+            "type": "string",
+            "tags": [],
+            "label": "title",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "expressionXY",
+            "id": "def-common.LegendConfig.isTitleVisible",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "isTitleVisible",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx
index 0eae0e2e002e7..d1a11d0a26b93 100644
--- a/api_docs/expression_x_y.mdx
+++ b/api_docs/expression_x_y.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY
 title: "expressionXY"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionXY plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY']
 ---
 import expressionXYObj from './expression_x_y.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 177 | 0 | 166 | 13 |
+| 180 | 0 | 169 | 13 |
 
 ## Client
 
diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx
index 0427130b0f0bf..1e5cc9df44d11 100644
--- a/api_docs/expressions.mdx
+++ b/api_docs/expressions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions
 title: "expressions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions']
 ---
 import expressionsObj from './expressions.devdocs.json';
diff --git a/api_docs/features.mdx b/api_docs/features.mdx
index bc5f7857bcc3c..b5f6ebbaccdb5 100644
--- a/api_docs/features.mdx
+++ b/api_docs/features.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features
 title: "features"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the features plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features']
 ---
 import featuresObj from './features.devdocs.json';
diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx
index 8a1e28a04bf08..5cba6d9ca3c49 100644
--- a/api_docs/field_formats.mdx
+++ b/api_docs/field_formats.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats
 title: "fieldFormats"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fieldFormats plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats']
 ---
 import fieldFormatsObj from './field_formats.devdocs.json';
diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx
index 4216234eb614b..380bd6ae46edb 100644
--- a/api_docs/fields_metadata.mdx
+++ b/api_docs/fields_metadata.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata
 title: "fieldsMetadata"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fieldsMetadata plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata']
 ---
 import fieldsMetadataObj from './fields_metadata.devdocs.json';
diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx
index 260ec37968424..48fbd09c9df3a 100644
--- a/api_docs/file_upload.mdx
+++ b/api_docs/file_upload.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload
 title: "fileUpload"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fileUpload plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload']
 ---
 import fileUploadObj from './file_upload.devdocs.json';
diff --git a/api_docs/files.mdx b/api_docs/files.mdx
index b652e97a9a80c..05bd9b6688fd7 100644
--- a/api_docs/files.mdx
+++ b/api_docs/files.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files
 title: "files"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the files plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files']
 ---
 import filesObj from './files.devdocs.json';
diff --git a/api_docs/files_management.devdocs.json b/api_docs/files_management.devdocs.json
index 5568b8b1261fa..54ee62046a588 100644
--- a/api_docs/files_management.devdocs.json
+++ b/api_docs/files_management.devdocs.json
@@ -22,6 +22,21 @@
     "interfaces": [],
     "enums": [],
     "misc": [
+      {
+        "parentPluginId": "filesManagement",
+        "id": "def-common.LIST_BREADCRUMB",
+        "type": "Array",
+        "tags": [],
+        "label": "LIST_BREADCRUMB",
+        "description": [],
+        "signature": [
+          "{ text: string; href: string; }[]"
+        ],
+        "path": "src/plugins/files_management/common/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "filesManagement",
         "id": "def-common.PLUGIN_ID",
diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx
index a557fd5e66e8a..49fcaa6454c6a 100644
--- a/api_docs/files_management.mdx
+++ b/api_docs/files_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement
 title: "filesManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the filesManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement']
 ---
 import filesManagementObj from './files_management.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 2 | 0 | 2 | 0 |
+| 3 | 0 | 3 | 0 |
 
 ## Common
 
diff --git a/api_docs/fleet.devdocs.json b/api_docs/fleet.devdocs.json
index 9106288513ae1..fec8ffac9edc5 100644
--- a/api_docs/fleet.devdocs.json
+++ b/api_docs/fleet.devdocs.json
@@ -762,6 +762,27 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-public.FleetStartServices.integrationAssistant",
+            "type": "Object",
+            "tags": [],
+            "label": "integrationAssistant",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "integrationAssistant",
+                "scope": "public",
+                "docId": "kibIntegrationAssistantPluginApi",
+                "section": "def-public.IntegrationAssistantPluginStart",
+                "text": "IntegrationAssistantPluginStart"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/plugins/fleet/public/plugin.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-public.FleetStartServices.cloud",
@@ -4210,6 +4231,22 @@
             ],
             "returnComment": []
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-public.pagePathGetters.integration_create",
+            "type": "Function",
+            "tags": [],
+            "label": "integration_create",
+            "description": [],
+            "signature": [
+              "() => [string, string]"
+            ],
+            "path": "x-pack/plugins/fleet/public/constants/page_paths.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [],
+            "returnComment": []
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-public.pagePathGetters.integration_details_overview",
@@ -21669,7 +21706,7 @@
                 "section": "def-common.PackagePolicyPackage",
                 "text": "PackagePolicyPackage"
               },
-              ", \"name\" | \"version\"> | undefined; } | undefined"
+              ", \"version\" | \"name\"> | undefined; } | undefined"
             ],
             "path": "x-pack/plugins/fleet/common/types/models/agent_policy.ts",
             "deprecated": false,
@@ -22412,6 +22449,28 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-common.Installation.additional_spaces_installed_kibana",
+            "type": "Object",
+            "tags": [],
+            "label": "additional_spaces_installed_kibana",
+            "description": [],
+            "signature": [
+              "Record<string, ",
+              {
+                "pluginId": "fleet",
+                "scope": "common",
+                "docId": "kibFleetPluginApi",
+                "section": "def-common.KibanaAssetReference",
+                "text": "KibanaAssetReference"
+              },
+              "[]> | undefined"
+            ],
+            "path": "x-pack/plugins/fleet/common/types/models/epm.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-common.Installation.installed_es",
@@ -22800,6 +22859,20 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-common.KibanaAssetReference.originId",
+            "type": "string",
+            "tags": [],
+            "label": "originId",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "x-pack/plugins/fleet/common/types/models/epm.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-common.KibanaAssetReference.type",
@@ -27651,7 +27724,7 @@
         "label": "RegistrySearchResult",
         "description": [],
         "signature": [
-          "{ type?: \"input\" | \"integration\" | undefined; name: string; title: string; description: string; version: string; path: string; download: string; internal?: boolean | undefined; icons?: (",
+          "{ type?: \"input\" | \"integration\" | undefined; version: string; name: string; title: string; description: string; path: string; download: string; internal?: boolean | undefined; icons?: (",
           {
             "pluginId": "fleet",
             "scope": "common",
@@ -29504,6 +29577,28 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-common.EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN",
+            "type": "string",
+            "tags": [],
+            "label": "INSTALL_KIBANA_ASSETS_PATTERN",
+            "description": [],
+            "path": "x-pack/plugins/fleet/common/constants/routes.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-common.EPM_API_ROUTES.DELETE_KIBANA_ASSETS_PATTERN",
+            "type": "string",
+            "tags": [],
+            "label": "DELETE_KIBANA_ASSETS_PATTERN",
+            "description": [],
+            "path": "x-pack/plugins/fleet/common/constants/routes.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-common.EPM_API_ROUTES.FILEPATH_PATTERN",
@@ -29913,6 +30008,53 @@
             ],
             "returnComment": []
           },
+          {
+            "parentPluginId": "fleet",
+            "id": "def-common.epmRouteService.getInstallKibanaAssetsPath",
+            "type": "Function",
+            "tags": [],
+            "label": "getInstallKibanaAssetsPath",
+            "description": [],
+            "signature": [
+              "(pkgName: string, pkgVersion: string) => string"
+            ],
+            "path": "x-pack/plugins/fleet/common/services/routes.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "fleet",
+                "id": "def-common.epmRouteService.getInstallKibanaAssetsPath.$1",
+                "type": "string",
+                "tags": [],
+                "label": "pkgName",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "x-pack/plugins/fleet/common/services/routes.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "fleet",
+                "id": "def-common.epmRouteService.getInstallKibanaAssetsPath.$2",
+                "type": "string",
+                "tags": [],
+                "label": "pkgVersion",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "x-pack/plugins/fleet/common/services/routes.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
           {
             "parentPluginId": "fleet",
             "id": "def-common.epmRouteService.getUpdatePath",
diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx
index 3730f61af825b..552ff0850fdce 100644
--- a/api_docs/fleet.mdx
+++ b/api_docs/fleet.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet
 title: "fleet"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fleet plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet']
 ---
 import fleetObj from './fleet.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) for questi
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 1339 | 5 | 1217 | 72 |
+| 1348 | 5 | 1226 | 72 |
 
 ## Client
 
diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx
index 627f17964ac92..cad2fc5665cfd 100644
--- a/api_docs/global_search.mdx
+++ b/api_docs/global_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch
 title: "globalSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the globalSearch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch']
 ---
 import globalSearchObj from './global_search.devdocs.json';
diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx
index 0a2c709cc164a..1a16d767bd980 100644
--- a/api_docs/guided_onboarding.mdx
+++ b/api_docs/guided_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding
 title: "guidedOnboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the guidedOnboarding plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding']
 ---
 import guidedOnboardingObj from './guided_onboarding.devdocs.json';
diff --git a/api_docs/home.mdx b/api_docs/home.mdx
index 899804f8cf78e..743470feef906 100644
--- a/api_docs/home.mdx
+++ b/api_docs/home.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home
 title: "home"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the home plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home']
 ---
 import homeObj from './home.devdocs.json';
diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx
index 7557dc6075977..d24ec2243abd7 100644
--- a/api_docs/image_embeddable.mdx
+++ b/api_docs/image_embeddable.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable
 title: "imageEmbeddable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the imageEmbeddable plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable']
 ---
 import imageEmbeddableObj from './image_embeddable.devdocs.json';
diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx
index a4fc0e4c26f98..b423218f9903b 100644
--- a/api_docs/index_lifecycle_management.mdx
+++ b/api_docs/index_lifecycle_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement
 title: "indexLifecycleManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the indexLifecycleManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement']
 ---
 import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json';
diff --git a/api_docs/index_management.devdocs.json b/api_docs/index_management.devdocs.json
index 9af93b2449330..0f1d8d9fbc6c2 100644
--- a/api_docs/index_management.devdocs.json
+++ b/api_docs/index_management.devdocs.json
@@ -1028,7 +1028,7 @@
         "label": "IndexManagementConfig",
         "description": [],
         "signature": [
-          "{ readonly ui: Readonly<{} & { enabled: boolean; }>; readonly enableIndexActions: boolean; readonly enableLegacyTemplates: boolean; readonly dev: Readonly<{} & { enableIndexDetailsPage: boolean; enableSemanticText: boolean; }>; readonly enableIndexStats: boolean; readonly editableIndexSettings: \"all\" | \"limited\"; readonly enableDataStreamsStorageColumn: boolean; readonly enableMappingsSourceFieldSection: boolean; readonly enableTogglingDataRetention: boolean; }"
+          "{ readonly ui: Readonly<{} & { enabled: boolean; }>; readonly enableIndexActions: boolean; readonly enableLegacyTemplates: boolean; readonly dev: Readonly<{} & { enableIndexDetailsPage: boolean; enableSemanticText: boolean; }>; readonly enableIndexStats: boolean; readonly enableDataStreamStats: boolean; readonly editableIndexSettings: \"all\" | \"limited\"; readonly enableMappingsSourceFieldSection: boolean; readonly enableTogglingDataRetention: boolean; }"
         ],
         "path": "x-pack/plugins/index_management/server/config.ts",
         "deprecated": false,
diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx
index cf7e4b6bd480a..1cbdfd5285f47 100644
--- a/api_docs/index_management.mdx
+++ b/api_docs/index_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement
 title: "indexManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the indexManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement']
 ---
 import indexManagementObj from './index_management.devdocs.json';
diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx
index 911075f5d65a2..35411b49bf328 100644
--- a/api_docs/infra.mdx
+++ b/api_docs/infra.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra
 title: "infra"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the infra plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra']
 ---
 import infraObj from './infra.devdocs.json';
diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx
index 4a0a9592144b9..efbbfc40229d6 100644
--- a/api_docs/ingest_pipelines.mdx
+++ b/api_docs/ingest_pipelines.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines
 title: "ingestPipelines"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ingestPipelines plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines']
 ---
 import ingestPipelinesObj from './ingest_pipelines.devdocs.json';
diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx
index ebe749551fc4d..4a3f5b7f67cac 100644
--- a/api_docs/inspector.mdx
+++ b/api_docs/inspector.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector
 title: "inspector"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the inspector plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector']
 ---
 import inspectorObj from './inspector.devdocs.json';
diff --git a/api_docs/integration_assistant.devdocs.json b/api_docs/integration_assistant.devdocs.json
index 94182a303ea0f..6611c8b640018 100644
--- a/api_docs/integration_assistant.devdocs.json
+++ b/api_docs/integration_assistant.devdocs.json
@@ -6,7 +6,68 @@
     "interfaces": [],
     "enums": [],
     "misc": [],
-    "objects": []
+    "objects": [],
+    "setup": {
+      "parentPluginId": "integrationAssistant",
+      "id": "def-public.IntegrationAssistantPluginSetup",
+      "type": "Interface",
+      "tags": [],
+      "label": "IntegrationAssistantPluginSetup",
+      "description": [],
+      "path": "x-pack/plugins/integration_assistant/public/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [],
+      "lifecycle": "setup",
+      "initialIsOpen": true
+    },
+    "start": {
+      "parentPluginId": "integrationAssistant",
+      "id": "def-public.IntegrationAssistantPluginStart",
+      "type": "Interface",
+      "tags": [],
+      "label": "IntegrationAssistantPluginStart",
+      "description": [],
+      "path": "x-pack/plugins/integration_assistant/public/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [
+        {
+          "parentPluginId": "integrationAssistant",
+          "id": "def-public.IntegrationAssistantPluginStart.CreateIntegration",
+          "type": "CompoundType",
+          "tags": [],
+          "label": "CreateIntegration",
+          "description": [],
+          "signature": [
+            "React.ComponentClass<{}, any> | React.FunctionComponent<{}>"
+          ],
+          "path": "x-pack/plugins/integration_assistant/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false
+        },
+        {
+          "parentPluginId": "integrationAssistant",
+          "id": "def-public.IntegrationAssistantPluginStart.CreateIntegrationCardButton",
+          "type": "CompoundType",
+          "tags": [],
+          "label": "CreateIntegrationCardButton",
+          "description": [],
+          "signature": [
+            "React.ComponentClass<",
+            "CreateIntegrationCardButtonProps",
+            ", any> | React.FunctionComponent<",
+            "CreateIntegrationCardButtonProps",
+            ">"
+          ],
+          "path": "x-pack/plugins/integration_assistant/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false
+        }
+      ],
+      "lifecycle": "start",
+      "initialIsOpen": true
+    }
   },
   "server": {
     "classes": [],
@@ -58,7 +119,7 @@
         "label": "BuildIntegrationRequestBody",
         "description": [],
         "signature": [
-          "{ integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "{ integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -74,7 +135,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }; }"
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/build_integration/build_integration.ts",
         "deprecated": false,
@@ -101,7 +162,7 @@
         "label": "CategorizationRequestBody",
         "description": [],
         "signature": [
-          "{ connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "{ connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -148,13 +209,25 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }"
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "integrationAssistant",
+        "id": "def-common.CHECK_PIPELINE_PATH",
+        "type": "string",
+        "tags": [],
+        "label": "CHECK_PIPELINE_PATH",
+        "description": [],
+        "path": "x-pack/plugins/integration_assistant/common/constants.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "integrationAssistant",
         "id": "def-common.CheckPipelineRequestBody",
@@ -194,7 +267,7 @@
         "label": "CheckPipelineResponse",
         "description": [],
         "signature": [
-          "{ pipelineResults: {}[]; errors?: {}[] | undefined; }"
+          "{ results: { docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/check_pipeline/check_pipeline.ts",
         "deprecated": false,
@@ -203,15 +276,15 @@
       },
       {
         "parentPluginId": "integrationAssistant",
-        "id": "def-common.Datastream",
+        "id": "def-common.DataStream",
         "type": "Type",
         "tags": [],
-        "label": "Datastream",
+        "label": "DataStream",
         "description": [
-          "\nThe datastream object."
+          "\nThe dataStream object."
         ],
         "signature": [
-          "{ name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "{ name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -227,7 +300,24 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }"
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }"
+        ],
+        "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "integrationAssistant",
+        "id": "def-common.Docs",
+        "type": "Type",
+        "tags": [],
+        "label": "Docs",
+        "description": [
+          "\nAn array of processed documents."
+        ],
+        "signature": [
+          "Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -254,7 +344,7 @@
         "label": "EcsMappingRequestBody",
         "description": [],
         "signature": [
-          "{ connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; mapping?: {} | undefined; }"
+          "{ connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; mapping?: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\"> | undefined; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts",
         "deprecated": false,
@@ -285,7 +375,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; mapping: {}; }; }"
+          "[] | undefined; }; mapping: {} & { [k: string]: unknown; }; }; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts",
         "deprecated": false,
@@ -318,10 +408,10 @@
         "tags": [],
         "label": "InputType",
         "description": [
-          "\nThe input type for the datastream to pull logs from."
+          "\nThe input type for the dataStream to pull logs from."
         ],
         "signature": [
-          "\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\""
+          "\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\""
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -338,7 +428,7 @@
           "\nThe integration object."
         ],
         "signature": [
-          "{ name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "{ name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -354,7 +444,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }"
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -471,7 +561,7 @@
         "label": "RelatedRequestBody",
         "description": [],
         "signature": [
-          "{ connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "{ connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -518,24 +608,12 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }"
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/related/related_route.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "integrationAssistant",
-        "id": "def-common.TEST_PIPELINE_PATH",
-        "type": "string",
-        "tags": [],
-        "label": "TEST_PIPELINE_PATH",
-        "description": [],
-        "path": "x-pack/plugins/integration_assistant/common/constants.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
       }
     ],
     "objects": [
@@ -547,7 +625,7 @@
         "label": "BuildIntegrationRequestBody",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ integration: Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; dataStreams: Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ integration: Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; dataStreams: Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cel\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -611,7 +689,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -627,7 +705,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -643,7 +721,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }>, \"many\">; logo: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>, \"many\">; logo: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -659,7 +737,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -675,7 +753,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -691,7 +769,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }; }, { integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }; }, { integration: { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -707,7 +785,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }; }>"
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/build_integration/build_integration.ts",
         "deprecated": false,
@@ -722,7 +800,7 @@
         "label": "CategorizationRequestBody",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ packageName: Zod.ZodString; datastreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; currentPipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ packageName: Zod.ZodString; dataStreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; currentPipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -786,7 +864,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "[] | undefined; }>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -802,7 +880,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; }, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "[] | undefined; }; }, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -833,7 +911,7 @@
         "label": "CategorizationResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ results: Zod.ZodObject<{ docs: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ results: Zod.ZodObject<{ docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -913,7 +991,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }, { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -929,7 +1007,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -945,7 +1023,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }, { results: { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -961,7 +1039,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }>"
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts",
         "deprecated": false,
@@ -1087,7 +1165,7 @@
         "label": "CheckPipelineResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ pipelineResults: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; errors: Zod.ZodOptional<Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">>; }, \"strip\", Zod.ZodTypeAny, { pipelineResults: {}[]; errors?: {}[] | undefined; }, { pipelineResults: {}[]; errors?: {}[] | undefined; }>"
+          "Zod.ZodObject<{ results: Zod.ZodObject<{ docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>; }, \"strip\", Zod.ZodTypeAny, { results: { docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }, { results: { docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/check_pipeline/check_pipeline.ts",
         "deprecated": false,
@@ -1096,13 +1174,13 @@
       },
       {
         "parentPluginId": "integrationAssistant",
-        "id": "def-common.Datastream",
+        "id": "def-common.DataStream",
         "type": "Object",
         "tags": [],
-        "label": "Datastream",
+        "label": "DataStream",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cel\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1166,7 +1244,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1182,7 +1260,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1198,7 +1276,22 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }>"
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>"
+        ],
+        "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "integrationAssistant",
+        "id": "def-common.Docs",
+        "type": "Object",
+        "tags": [],
+        "label": "Docs",
+        "description": [],
+        "signature": [
+          "Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -1213,7 +1306,7 @@
         "label": "EcsMappingRequestBody",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ packageName: Zod.ZodString; datastreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; mapping: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; mapping?: {} | undefined; }, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; mapping?: {} | undefined; }>"
+          "Zod.ZodObject<{ packageName: Zod.ZodString; dataStreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; mapping: Zod.ZodOptional<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; mapping?: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\"> | undefined; }, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; mapping?: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\"> | undefined; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts",
         "deprecated": false,
@@ -1228,7 +1321,7 @@
         "label": "EcsMappingResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ results: Zod.ZodObject<{ mapping: Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ results: Zod.ZodObject<{ mapping: Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1308,7 +1401,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; mapping: {}; }, { pipeline: { processors: ",
+          "[] | undefined; }; mapping: {} & { [k: string]: unknown; }; }, { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1324,7 +1417,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; mapping: {}; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
+          "[] | undefined; }; mapping: {} & { [k: string]: unknown; }; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1340,7 +1433,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; mapping: {}; }; }, { results: { pipeline: { processors: ",
+          "[] | undefined; }; mapping: {} & { [k: string]: unknown; }; }; }, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1356,7 +1449,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; mapping: {}; }; }>"
+          "[] | undefined; }; mapping: {} & { [k: string]: unknown; }; }; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts",
         "deprecated": false,
@@ -1402,7 +1495,7 @@
         "label": "InputType",
         "description": [],
         "signature": [
-          "Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>"
+          "Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cel\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -1417,7 +1510,7 @@
         "label": "Integration",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; dataStreams: Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; dataStreams: Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; title: Zod.ZodString; description: Zod.ZodString; inputTypes: Zod.ZodArray<Zod.ZodEnum<[\"aws_cloudwatch\", \"aws_s3\", \"azure_blob_storage\", \"azure_eventhub\", \"cel\", \"cloudfoundry\", \"filestream\", \"gcp_pubsub\", \"gcs\", \"http_endpoint\", \"journald\", \"kafka\", \"tcp\", \"udp\"]>, \"many\">; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1481,7 +1574,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }>; docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1497,7 +1590,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1513,7 +1606,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }>, \"many\">; logo: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>, \"many\">; logo: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1529,7 +1622,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }, { name: string; title: string; description: string; dataStreams: { name: string; title: string; description: string; inputTypes: (\"kafka\" | \"aws_cloudwatch\" | \"aws_s3\" | \"azure_blob_storage\" | \"azure_eventhub\" | \"cel\" | \"cloudfoundry\" | \"filestream\" | \"gcp_pubsub\" | \"gcs\" | \"http_endpoint\" | \"journald\" | \"tcp\" | \"udp\")[]; rawSamples: string[]; pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1545,7 +1638,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }[]; logo?: string | undefined; }>"
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }[]; logo?: string | undefined; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts",
         "deprecated": false,
@@ -1639,7 +1732,7 @@
         "label": "RelatedRequestBody",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ packageName: Zod.ZodString; datastreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; currentPipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ packageName: Zod.ZodString; dataStreamName: Zod.ZodString; rawSamples: Zod.ZodArray<Zod.ZodString, \"many\">; currentPipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1703,7 +1796,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "[] | undefined; }>; connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1719,7 +1812,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; }, { connectorId: string; packageName: string; rawSamples: string[]; datastreamName: string; currentPipeline: { processors: ",
+          "[] | undefined; }; }, { connectorId: string; packageName: string; rawSamples: string[]; dataStreamName: string; currentPipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1750,7 +1843,7 @@
         "label": "RelatedResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ results: Zod.ZodObject<{ docs: Zod.ZodArray<Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
+          "Zod.ZodObject<{ results: Zod.ZodObject<{ docs: Zod.ZodArray<Zod.ZodObject<{}, \"passthrough\", Zod.ZodTypeAny, Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">, Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">>, \"many\">; pipeline: Zod.ZodObject<{ name: Zod.ZodOptional<Zod.ZodString>; description: Zod.ZodOptional<Zod.ZodString>; version: Zod.ZodOptional<Zod.ZodNumber>; processors: Zod.ZodArray<Zod.ZodType<",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1830,7 +1923,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }, { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }, { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1846,7 +1939,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }>; }, \"strip\", Zod.ZodTypeAny, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1862,7 +1955,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }, { results: { pipeline: { processors: ",
+          "[] | undefined; }; docs: Zod.objectOutputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }, { results: { pipeline: { processors: ",
           {
             "pluginId": "integrationAssistant",
             "scope": "common",
@@ -1878,7 +1971,7 @@
             "section": "def-common.ESProcessorItem",
             "text": "ESProcessorItem"
           },
-          "[] | undefined; }; docs: {}[]; }; }>"
+          "[] | undefined; }; docs: Zod.objectInputType<{}, Zod.ZodTypeAny, \"passthrough\">[]; }; }>"
         ],
         "path": "x-pack/plugins/integration_assistant/common/api/related/related_route.ts",
         "deprecated": false,
diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx
index 73b904ecb97c2..48d553e09fa9f 100644
--- a/api_docs/integration_assistant.mdx
+++ b/api_docs/integration_assistant.mdx
@@ -8,12 +8,12 @@ slug: /kibana-dev-docs/api/integrationAssistant
 title: "integrationAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the integrationAssistant plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant']
 ---
 import integrationAssistantObj from './integration_assistant.devdocs.json';
 
-A simple example of how to use core's routing services test
+Plugin implementing the Integration Assistant API and UI
 
 Contact [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) for questions regarding this plugin.
 
@@ -21,7 +21,15 @@ Contact [@elastic/security-solution](https://github.com/orgs/elastic/teams/secur
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 38 | 0 | 33 | 1 |
+| 44 | 0 | 38 | 2 |
+
+## Client
+
+### Setup
+<DocDefinitionList data={[integrationAssistantObj.client.setup]}/>
+
+### Start
+<DocDefinitionList data={[integrationAssistantObj.client.start]}/>
 
 ## Server
 
diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx
index 871aeba226a58..29a4dd1488451 100644
--- a/api_docs/interactive_setup.mdx
+++ b/api_docs/interactive_setup.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup
 title: "interactiveSetup"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the interactiveSetup plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup']
 ---
 import interactiveSetupObj from './interactive_setup.devdocs.json';
diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx
index 18caa601857ed..a04438106c50a 100644
--- a/api_docs/investigate.mdx
+++ b/api_docs/investigate.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate
 title: "investigate"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the investigate plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate']
 ---
 import investigateObj from './investigate.devdocs.json';
diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx
index 767a83fd2f9b9..54644f76c7f87 100644
--- a/api_docs/kbn_ace.mdx
+++ b/api_docs/kbn_ace.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace
 title: "@kbn/ace"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ace plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace']
 ---
 import kbnAceObj from './kbn_ace.devdocs.json';
diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx
index 292449afdca28..a00b5ddceeecd 100644
--- a/api_docs/kbn_actions_types.mdx
+++ b/api_docs/kbn_actions_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types
 title: "@kbn/actions-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/actions-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types']
 ---
 import kbnActionsTypesObj from './kbn_actions_types.devdocs.json';
diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx
index b5f13d0ca6c0c..abf110af0eb07 100644
--- a/api_docs/kbn_aiops_components.mdx
+++ b/api_docs/kbn_aiops_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components
 title: "@kbn/aiops-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components']
 ---
 import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json';
diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx
index eb59d7fe3fd70..04a3d4666187e 100644
--- a/api_docs/kbn_aiops_log_pattern_analysis.mdx
+++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis
 title: "@kbn/aiops-log-pattern-analysis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-log-pattern-analysis plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis']
 ---
 import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json';
diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx
index e54e82a6351ae..7a39393e10526 100644
--- a/api_docs/kbn_aiops_log_rate_analysis.mdx
+++ b/api_docs/kbn_aiops_log_rate_analysis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis
 title: "@kbn/aiops-log-rate-analysis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-log-rate-analysis plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis']
 ---
 import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json';
diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx
index e1ef20d3f3fc8..eeb195c21a371 100644
--- a/api_docs/kbn_alerting_api_integration_helpers.mdx
+++ b/api_docs/kbn_alerting_api_integration_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers
 title: "@kbn/alerting-api-integration-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-api-integration-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers']
 ---
 import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json';
diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx
index bc0c50bbd4d12..867e10f4fb422 100644
--- a/api_docs/kbn_alerting_comparators.mdx
+++ b/api_docs/kbn_alerting_comparators.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators
 title: "@kbn/alerting-comparators"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-comparators plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators']
 ---
 import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json';
diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx
index 0a6362b629c29..eb974f2b2a5e3 100644
--- a/api_docs/kbn_alerting_state_types.mdx
+++ b/api_docs/kbn_alerting_state_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types
 title: "@kbn/alerting-state-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-state-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types']
 ---
 import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json';
diff --git a/api_docs/kbn_alerting_types.devdocs.json b/api_docs/kbn_alerting_types.devdocs.json
index 8dafb52da895c..0ac97eba41479 100644
--- a/api_docs/kbn_alerting_types.devdocs.json
+++ b/api_docs/kbn_alerting_types.devdocs.json
@@ -256,6 +256,52 @@
             "path": "packages/kbn-alerting-types/action_group_types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/alerting-types",
+            "id": "def-common.ActionGroup.severity",
+            "type": "Object",
+            "tags": [],
+            "label": "severity",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/alerting-types",
+                "scope": "common",
+                "docId": "kibKbnAlertingTypesPluginApi",
+                "section": "def-common.ActionGroupSeverity",
+                "text": "ActionGroupSeverity"
+              },
+              " | undefined"
+            ],
+            "path": "packages/kbn-alerting-types/action_group_types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/alerting-types",
+        "id": "def-common.ActionGroupSeverity",
+        "type": "Interface",
+        "tags": [],
+        "label": "ActionGroupSeverity",
+        "description": [],
+        "path": "packages/kbn-alerting-types/action_group_types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/alerting-types",
+            "id": "def-common.ActionGroupSeverity.level",
+            "type": "number",
+            "tags": [],
+            "label": "level",
+            "description": [],
+            "path": "packages/kbn-alerting-types/action_group_types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -3152,7 +3198,15 @@
         "label": "RecoveredActionGroup",
         "description": [],
         "signature": [
-          "{ readonly id: \"recovered\"; readonly name: string; }"
+          "{ readonly id: \"recovered\"; readonly name: string; readonly severity?: ",
+          {
+            "pluginId": "@kbn/alerting-types",
+            "scope": "common",
+            "docId": "kibKbnAlertingTypesPluginApi",
+            "section": "def-common.ActionGroupSeverity",
+            "text": "ActionGroupSeverity"
+          },
+          " | undefined; }"
         ],
         "path": "packages/kbn-alerting-types/builtin_action_groups_types.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx
index e2ea27e979346..a8fe2f0cf6893 100644
--- a/api_docs/kbn_alerting_types.mdx
+++ b/api_docs/kbn_alerting_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types
 title: "@kbn/alerting-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types']
 ---
 import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 190 | 0 | 187 | 0 |
+| 193 | 0 | 190 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_alerts_as_data_utils.devdocs.json b/api_docs/kbn_alerts_as_data_utils.devdocs.json
index ddb8b8183ad05..32e9d70a1a275 100644
--- a/api_docs/kbn_alerts_as_data_utils.devdocs.json
+++ b/api_docs/kbn_alerts_as_data_utils.devdocs.json
@@ -196,7 +196,7 @@
         "label": "AADAlert",
         "description": [],
         "signature": [
-          "({ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; })"
+          "({ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; configId?: string | undefined; 'error.message'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'location.id'?: string | undefined; 'location.name'?: string | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.tags'?: string[] | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; })"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/index.ts",
         "deprecated": false,
@@ -211,7 +211,7 @@
         "label": "Alert",
         "description": [],
         "signature": [
-          "{ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
+          "{ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts",
         "deprecated": false,
@@ -241,7 +241,7 @@
         "label": "AlertFieldMap",
         "description": [],
         "signature": [
-          "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+          "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
           {
             "pluginId": "@kbn/alerts-as-data-utils",
             "scope": "common",
@@ -249,7 +249,7 @@
             "section": "def-common.MultiField",
             "text": "MultiField"
           },
-          "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
+          "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts",
         "deprecated": false,
@@ -264,7 +264,7 @@
         "label": "DefaultAlert",
         "description": [],
         "signature": [
-          "{} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
+          "{} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/default_schema.ts",
         "deprecated": false,
@@ -330,7 +330,7 @@
         "label": "MlAnomalyDetectionAlert",
         "description": [],
         "signature": [
-          "{ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
+          "{ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/ml_anomaly_detection_schema.ts",
         "deprecated": false,
@@ -345,7 +345,7 @@
         "label": "MlAnomalyDetectionHealthAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
+          "{} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/ml_anomaly_detection_health_schema.ts",
         "deprecated": false,
@@ -360,7 +360,7 @@
         "label": "ObservabilityApmAlert",
         "description": [],
         "signature": [
-          "{} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_apm_schema.ts",
         "deprecated": false,
@@ -375,7 +375,7 @@
         "label": "ObservabilityLogsAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_logs_schema.ts",
         "deprecated": false,
@@ -390,7 +390,7 @@
         "label": "ObservabilityMetricsAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_metrics_schema.ts",
         "deprecated": false,
@@ -405,7 +405,7 @@
         "label": "ObservabilitySloAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_slo_schema.ts",
         "deprecated": false,
@@ -420,7 +420,7 @@
         "label": "ObservabilityUptimeAlert",
         "description": [],
         "signature": [
-          "{} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; configId?: string | undefined; 'error.message'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'location.id'?: string | undefined; 'location.name'?: string | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.tags'?: string[] | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts",
         "deprecated": false,
@@ -435,7 +435,7 @@
         "label": "SecurityAlert",
         "description": [],
         "signature": [
-          "{ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
+          "{ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts",
         "deprecated": false,
@@ -450,7 +450,7 @@
         "label": "StackAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.evaluation.conditions'?: string | undefined; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | undefined; 'kibana.alert.title'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; }"
+          "{} & { 'kibana.alert.evaluation.conditions'?: string | undefined; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | undefined; 'kibana.alert.title'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/stack_schema.ts",
         "deprecated": false,
@@ -465,7 +465,7 @@
         "label": "TransformHealthAlert",
         "description": [],
         "signature": [
-          "{} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
+          "{} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/transform_health_schema.ts",
         "deprecated": false,
@@ -482,7 +482,7 @@
         "label": "alertFieldMap",
         "description": [],
         "signature": [
-          "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+          "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
           {
             "pluginId": "@kbn/alerts-as-data-utils",
             "scope": "common",
@@ -490,7 +490,7 @@
             "section": "def-common.MultiField",
             "text": "MultiField"
           },
-          "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
+          "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
         ],
         "path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx
index d85dceff868c6..7031533e507aa 100644
--- a/api_docs/kbn_alerts_as_data_utils.mdx
+++ b/api_docs/kbn_alerts_as_data_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils
 title: "@kbn/alerts-as-data-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerts-as-data-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils']
 ---
 import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json';
diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx
index 035f4691ada4a..482c93d7458f4 100644
--- a/api_docs/kbn_alerts_ui_shared.mdx
+++ b/api_docs/kbn_alerts_ui_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared
 title: "@kbn/alerts-ui-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerts-ui-shared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared']
 ---
 import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json';
diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx
index a61eec4b3e02c..b79b2bd61fe5a 100644
--- a/api_docs/kbn_analytics.mdx
+++ b/api_docs/kbn_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics
 title: "@kbn/analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/analytics plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics']
 ---
 import kbnAnalyticsObj from './kbn_analytics.devdocs.json';
diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx
index 143acf3a461c7..b70a65772a74f 100644
--- a/api_docs/kbn_analytics_collection_utils.mdx
+++ b/api_docs/kbn_analytics_collection_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils
 title: "@kbn/analytics-collection-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/analytics-collection-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils']
 ---
 import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json';
diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx
index f05c565560637..7ab060d69f891 100644
--- a/api_docs/kbn_apm_config_loader.mdx
+++ b/api_docs/kbn_apm_config_loader.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader
 title: "@kbn/apm-config-loader"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-config-loader plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader']
 ---
 import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json';
diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx
index f414c8a5b9a24..0f5c199fe7f15 100644
--- a/api_docs/kbn_apm_data_view.mdx
+++ b/api_docs/kbn_apm_data_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view
 title: "@kbn/apm-data-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-data-view plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view']
 ---
 import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json';
diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx
index ad357a4144d50..ca7e9ec64141c 100644
--- a/api_docs/kbn_apm_synthtrace.mdx
+++ b/api_docs/kbn_apm_synthtrace.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace
 title: "@kbn/apm-synthtrace"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-synthtrace plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace']
 ---
 import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json';
diff --git a/api_docs/kbn_apm_synthtrace_client.devdocs.json b/api_docs/kbn_apm_synthtrace_client.devdocs.json
index f8b1769ca6d2e..0456a1802ee4f 100644
--- a/api_docs/kbn_apm_synthtrace_client.devdocs.json
+++ b/api_docs/kbn_apm_synthtrace_client.devdocs.json
@@ -787,7 +787,7 @@
             "label": "error",
             "description": [],
             "signature": [
-              "({ message, type, culprit }: { message: string; type?: string | undefined; culprit?: string | undefined; }) => ",
+              "({ message, type, culprit, groupingKey, }: { message: string; type?: string | undefined; culprit?: string | undefined; groupingKey?: string | undefined; }) => ",
               "ApmError"
             ],
             "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts",
@@ -799,7 +799,7 @@
                 "id": "def-common.Instance.error.$1",
                 "type": "Object",
                 "tags": [],
-                "label": "{ message, type, culprit }",
+                "label": "{\n    message,\n    type,\n    culprit,\n    groupingKey,\n  }",
                 "description": [],
                 "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts",
                 "deprecated": false,
@@ -843,6 +843,20 @@
                     "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts",
                     "deprecated": false,
                     "trackAdoption": false
+                  },
+                  {
+                    "parentPluginId": "@kbn/apm-synthtrace-client",
+                    "id": "def-common.Instance.error.$1.groupingKey",
+                    "type": "string",
+                    "tags": [],
+                    "label": "groupingKey",
+                    "description": [],
+                    "signature": [
+                      "string | undefined"
+                    ],
+                    "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts",
+                    "deprecated": false,
+                    "trackAdoption": false
                   }
                 ]
               }
@@ -2617,7 +2631,7 @@
         "label": "LogDocument",
         "description": [],
         "signature": [
-          "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'error.message'?: string | undefined; 'event.original'?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'container.id'?: string | undefined; 'trace.id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'container.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.exception.stacktrace'?: string | undefined; 'error.log.stacktrace'?: string | undefined; }>"
+          "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'error.message'?: string | undefined; 'event.original'?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'container.id'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'kubernetes.pod.uid'?: string | undefined; 'aws.s3.bucket.name'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'container.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.exception.stacktrace'?: string | undefined; 'error.log.stacktrace'?: string | undefined; 'log.custom': Record<string, unknown>; }>"
         ],
         "path": "packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx
index 50ece00b8f43b..89426afbc987e 100644
--- a/api_docs/kbn_apm_synthtrace_client.mdx
+++ b/api_docs/kbn_apm_synthtrace_client.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client
 title: "@kbn/apm-synthtrace-client"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-synthtrace-client plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client']
 ---
 import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/te
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 191 | 0 | 191 | 30 |
+| 192 | 0 | 192 | 30 |
 
 ## Common
 
diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx
index f7328138d0261..c7f68543cf56a 100644
--- a/api_docs/kbn_apm_utils.mdx
+++ b/api_docs/kbn_apm_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils
 title: "@kbn/apm-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils']
 ---
 import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json';
diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx
index fc15dcbb32bfe..be5616dd139ed 100644
--- a/api_docs/kbn_axe_config.mdx
+++ b/api_docs/kbn_axe_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config
 title: "@kbn/axe-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/axe-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config']
 ---
 import kbnAxeConfigObj from './kbn_axe_config.devdocs.json';
diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx
index 130c509e6e978..19ec1c75ea292 100644
--- a/api_docs/kbn_bfetch_error.mdx
+++ b/api_docs/kbn_bfetch_error.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error
 title: "@kbn/bfetch-error"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/bfetch-error plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error']
 ---
 import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json';
diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx
index 4a92028ce2133..6246bf9cdcfa1 100644
--- a/api_docs/kbn_calculate_auto.mdx
+++ b/api_docs/kbn_calculate_auto.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto
 title: "@kbn/calculate-auto"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/calculate-auto plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto']
 ---
 import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json';
diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx
index 4a731b72de36a..eba72f3e07e0c 100644
--- a/api_docs/kbn_calculate_width_from_char_count.mdx
+++ b/api_docs/kbn_calculate_width_from_char_count.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count
 title: "@kbn/calculate-width-from-char-count"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/calculate-width-from-char-count plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count']
 ---
 import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json';
diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx
index 3649b11cba127..5f3fb239a8dbd 100644
--- a/api_docs/kbn_cases_components.mdx
+++ b/api_docs/kbn_cases_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components
 title: "@kbn/cases-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cases-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components']
 ---
 import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json';
diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx
index aa437b53ef5c5..53a6d800d1fb5 100644
--- a/api_docs/kbn_cell_actions.mdx
+++ b/api_docs/kbn_cell_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions
 title: "@kbn/cell-actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cell-actions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions']
 ---
 import kbnCellActionsObj from './kbn_cell_actions.devdocs.json';
diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx
index 039d4cac81d55..880bc371c704c 100644
--- a/api_docs/kbn_chart_expressions_common.mdx
+++ b/api_docs/kbn_chart_expressions_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common
 title: "@kbn/chart-expressions-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/chart-expressions-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common']
 ---
 import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json';
diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx
index 8d52987346013..0f410f554b51f 100644
--- a/api_docs/kbn_chart_icons.mdx
+++ b/api_docs/kbn_chart_icons.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons
 title: "@kbn/chart-icons"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/chart-icons plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons']
 ---
 import kbnChartIconsObj from './kbn_chart_icons.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx
index c883c4ea501c6..dce8026776b3e 100644
--- a/api_docs/kbn_ci_stats_core.mdx
+++ b/api_docs/kbn_ci_stats_core.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core
 title: "@kbn/ci-stats-core"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-core plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core']
 ---
 import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx
index 4d8d6b6f095db..a3a77ca1c90b6 100644
--- a/api_docs/kbn_ci_stats_performance_metrics.mdx
+++ b/api_docs/kbn_ci_stats_performance_metrics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics
 title: "@kbn/ci-stats-performance-metrics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-performance-metrics plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics']
 ---
 import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx
index 47a27d830b9b0..f342ef8fb9631 100644
--- a/api_docs/kbn_ci_stats_reporter.mdx
+++ b/api_docs/kbn_ci_stats_reporter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter
 title: "@kbn/ci-stats-reporter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-reporter plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter']
 ---
 import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json';
diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx
index 9b7d2a0d64912..00021f3246425 100644
--- a/api_docs/kbn_cli_dev_mode.mdx
+++ b/api_docs/kbn_cli_dev_mode.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode
 title: "@kbn/cli-dev-mode"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cli-dev-mode plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode']
 ---
 import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json';
diff --git a/api_docs/kbn_code_editor.devdocs.json b/api_docs/kbn_code_editor.devdocs.json
index 91c3191a03eca..52875b5752b68 100644
--- a/api_docs/kbn_code_editor.devdocs.json
+++ b/api_docs/kbn_code_editor.devdocs.json
@@ -590,6 +590,20 @@
             "path": "packages/shared-ux/code_editor/impl/code_editor.tsx",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/code-editor",
+            "id": "def-common.CodeEditorProps.dataTestSubj",
+            "type": "string",
+            "tags": [],
+            "label": "dataTestSubj",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "packages/shared-ux/code_editor/impl/code_editor.tsx",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx
index 0d42b35f0f7e6..6b28bb1870898 100644
--- a/api_docs/kbn_code_editor.mdx
+++ b/api_docs/kbn_code_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor
 title: "@kbn/code-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-editor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor']
 ---
 import kbnCodeEditorObj from './kbn_code_editor.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 39 | 0 | 16 | 0 |
+| 40 | 0 | 17 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx
index 6c18c1361f88c..716125e33e3ae 100644
--- a/api_docs/kbn_code_editor_mock.mdx
+++ b/api_docs/kbn_code_editor_mock.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock
 title: "@kbn/code-editor-mock"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-editor-mock plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock']
 ---
 import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json';
diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx
index 4506e4957f745..2bd5027f28d8c 100644
--- a/api_docs/kbn_code_owners.mdx
+++ b/api_docs/kbn_code_owners.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners
 title: "@kbn/code-owners"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-owners plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners']
 ---
 import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json';
diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx
index f50fe7d50e1bc..9e895d74bf8ab 100644
--- a/api_docs/kbn_coloring.mdx
+++ b/api_docs/kbn_coloring.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring
 title: "@kbn/coloring"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/coloring plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring']
 ---
 import kbnColoringObj from './kbn_coloring.devdocs.json';
diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx
index 971b080bd7600..6ff1ed4c17d61 100644
--- a/api_docs/kbn_config.mdx
+++ b/api_docs/kbn_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config
 title: "@kbn/config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config']
 ---
 import kbnConfigObj from './kbn_config.devdocs.json';
diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx
index 9ac2e856ef23d..54f5d2fb24f7a 100644
--- a/api_docs/kbn_config_mocks.mdx
+++ b/api_docs/kbn_config_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks
 title: "@kbn/config-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks']
 ---
 import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json';
diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx
index 7eb1ba384b302..67cbfd9d7c068 100644
--- a/api_docs/kbn_config_schema.mdx
+++ b/api_docs/kbn_config_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema
 title: "@kbn/config-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config-schema plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema']
 ---
 import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json';
diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx
index 11d11e8c99e80..bc4b6d4be8349 100644
--- a/api_docs/kbn_content_management_content_editor.mdx
+++ b/api_docs/kbn_content_management_content_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor
 title: "@kbn/content-management-content-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-content-editor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor']
 ---
 import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json';
diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx
index b8c232f7bda68..f184668bbda1e 100644
--- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx
+++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view
 title: "@kbn/content-management-tabbed-table-list-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-tabbed-table-list-view plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view']
 ---
 import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx
index 8edb473e68481..d12e0d5c33478 100644
--- a/api_docs/kbn_content_management_table_list_view.mdx
+++ b/api_docs/kbn_content_management_table_list_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view
 title: "@kbn/content-management-table-list-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view']
 ---
 import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx
index d318908661959..a2574062c5939 100644
--- a/api_docs/kbn_content_management_table_list_view_common.mdx
+++ b/api_docs/kbn_content_management_table_list_view_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common
 title: "@kbn/content-management-table-list-view-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common']
 ---
 import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx
index 0ac0ed64beb77..99032e0e797bd 100644
--- a/api_docs/kbn_content_management_table_list_view_table.mdx
+++ b/api_docs/kbn_content_management_table_list_view_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table
 title: "@kbn/content-management-table-list-view-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view-table plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table']
 ---
 import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json';
diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx
index 8c7fdd49f0c66..07013c03e95ae 100644
--- a/api_docs/kbn_content_management_user_profiles.mdx
+++ b/api_docs/kbn_content_management_user_profiles.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles
 title: "@kbn/content-management-user-profiles"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-user-profiles plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles']
 ---
 import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json';
diff --git a/api_docs/kbn_content_management_utils.devdocs.json b/api_docs/kbn_content_management_utils.devdocs.json
index 2dee9c7bf646d..5b3b11e1e6daf 100644
--- a/api_docs/kbn_content_management_utils.devdocs.json
+++ b/api_docs/kbn_content_management_utils.devdocs.json
@@ -4065,7 +4065,7 @@
                 "section": "def-common.Type",
                 "text": "Type"
               },
-              "<Readonly<{ error?: Readonly<{} & { error: string; message: string; metadata: Readonly<{} & {}>; statusCode: number; }> | undefined; namespaces?: string[] | undefined; createdAt?: string | undefined; updatedAt?: string | undefined; version?: string | undefined; originId?: string | undefined; } & { id: string; type: string; attributes: Readonly<{ [x: string]: any; } & {}>; references: Readonly<{ name?: string | undefined; } & { id: string; type: string; }>[]; }> | undefined>"
+              "<Readonly<{ error?: Readonly<{} & { error: string; message: string; metadata: Readonly<{} & {}>; statusCode: number; }> | undefined; version?: string | undefined; namespaces?: string[] | undefined; createdAt?: string | undefined; updatedAt?: string | undefined; originId?: string | undefined; } & { id: string; type: string; attributes: Readonly<{ [x: string]: any; } & {}>; references: Readonly<{ name?: string | undefined; } & { id: string; type: string; }>[]; }> | undefined>"
             ],
             "path": "packages/kbn-content-management-utils/src/schema.ts",
             "deprecated": false,
diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx
index 5e36fe54ede76..5caca4fcf1162 100644
--- a/api_docs/kbn_content_management_utils.mdx
+++ b/api_docs/kbn_content_management_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils
 title: "@kbn/content-management-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils']
 ---
 import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser.devdocs.json b/api_docs/kbn_core_analytics_browser.devdocs.json
index 7f19ef23a3e2d..2bdcb21161c4a 100644
--- a/api_docs/kbn_core_analytics_browser.devdocs.json
+++ b/api_docs/kbn_core_analytics_browser.devdocs.json
@@ -651,6 +651,10 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.ts"
+              },
               {
                 "plugin": "@kbn/cloud",
                 "path": "packages/cloud/connection_details/kibana/kibana_connection_details_provider.tsx"
@@ -703,6 +707,10 @@
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/public/analytics/index.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/public/services/telemetry/service.ts"
+              },
               {
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/telemetry/fleet_usage_sender.ts"
@@ -731,6 +739,22 @@
                 "plugin": "elasticAssistant",
                 "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
               {
                 "plugin": "globalSearchBar",
                 "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts"
@@ -907,10 +931,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts"
@@ -1183,6 +1203,38 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
               {
                 "plugin": "apm",
                 "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts"
@@ -1287,6 +1339,10 @@
                 "plugin": "@kbn/core-analytics-server-mocks",
                 "path": "packages/core/analytics/core-analytics-server-mocks/src/analytics_service.mock.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.test.ts"
+              },
               {
                 "plugin": "@kbn/ebt",
                 "path": "packages/analytics/ebt/client/src/analytics_client/mocks.ts"
diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx
index c8ff98d0fd1d8..45f8b8ec8bbed 100644
--- a/api_docs/kbn_core_analytics_browser.mdx
+++ b/api_docs/kbn_core_analytics_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser
 title: "@kbn/core-analytics-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser']
 ---
 import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx
index a8a42992594af..5665119cca26b 100644
--- a/api_docs/kbn_core_analytics_browser_internal.mdx
+++ b/api_docs/kbn_core_analytics_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal
 title: "@kbn/core-analytics-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal']
 ---
 import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx
index f6911a5bcdb2b..23be802b6cbc4 100644
--- a/api_docs/kbn_core_analytics_browser_mocks.mdx
+++ b/api_docs/kbn_core_analytics_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks
 title: "@kbn/core-analytics-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks']
 ---
 import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server.devdocs.json b/api_docs/kbn_core_analytics_server.devdocs.json
index 5c4760eb2c883..d9a4cef589320 100644
--- a/api_docs/kbn_core_analytics_server.devdocs.json
+++ b/api_docs/kbn_core_analytics_server.devdocs.json
@@ -651,6 +651,10 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.ts"
+              },
               {
                 "plugin": "@kbn/cloud",
                 "path": "packages/cloud/connection_details/kibana/kibana_connection_details_provider.tsx"
@@ -703,6 +707,10 @@
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/public/analytics/index.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/public/services/telemetry/service.ts"
+              },
               {
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/telemetry/fleet_usage_sender.ts"
@@ -731,6 +739,22 @@
                 "plugin": "elasticAssistant",
                 "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
               {
                 "plugin": "globalSearchBar",
                 "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts"
@@ -907,10 +931,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts"
@@ -1183,6 +1203,38 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
               {
                 "plugin": "apm",
                 "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts"
@@ -1287,6 +1339,10 @@
                 "plugin": "@kbn/core-analytics-server-mocks",
                 "path": "packages/core/analytics/core-analytics-server-mocks/src/analytics_service.mock.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.test.ts"
+              },
               {
                 "plugin": "@kbn/ebt",
                 "path": "packages/analytics/ebt/client/src/analytics_client/mocks.ts"
diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx
index e90a091217ad8..6e0a665f9f0c1 100644
--- a/api_docs/kbn_core_analytics_server.mdx
+++ b/api_docs/kbn_core_analytics_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server
 title: "@kbn/core-analytics-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server']
 ---
 import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx
index 0e60a56e9cfce..e37d08b09ec3f 100644
--- a/api_docs/kbn_core_analytics_server_internal.mdx
+++ b/api_docs/kbn_core_analytics_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal
 title: "@kbn/core-analytics-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal']
 ---
 import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx
index 1bbdd8746f8f8..7469a7ad06fdb 100644
--- a/api_docs/kbn_core_analytics_server_mocks.mdx
+++ b/api_docs/kbn_core_analytics_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks
 title: "@kbn/core-analytics-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks']
 ---
 import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx
index 6b76538ad3b79..607fef0224cf9 100644
--- a/api_docs/kbn_core_application_browser.mdx
+++ b/api_docs/kbn_core_application_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser
 title: "@kbn/core-application-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser']
 ---
 import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx
index d83bda2ad887d..5b3705bebc4c1 100644
--- a/api_docs/kbn_core_application_browser_internal.mdx
+++ b/api_docs/kbn_core_application_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal
 title: "@kbn/core-application-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal']
 ---
 import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx
index 34097db0fd1ae..d4f55f1e745b9 100644
--- a/api_docs/kbn_core_application_browser_mocks.mdx
+++ b/api_docs/kbn_core_application_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks
 title: "@kbn/core-application-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks']
 ---
 import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx
index 459d3ad7f0a1d..02675a24c5b78 100644
--- a/api_docs/kbn_core_application_common.mdx
+++ b/api_docs/kbn_core_application_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common
 title: "@kbn/core-application-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common']
 ---
 import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json';
diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx
index deebf2082410e..2b162c3f4e0e0 100644
--- a/api_docs/kbn_core_apps_browser_internal.mdx
+++ b/api_docs/kbn_core_apps_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal
 title: "@kbn/core-apps-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal']
 ---
 import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx
index 92c43aa8d20a8..62aa9fea667e6 100644
--- a/api_docs/kbn_core_apps_browser_mocks.mdx
+++ b/api_docs/kbn_core_apps_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks
 title: "@kbn/core-apps-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks']
 ---
 import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx
index e3bfe07de819c..89a07d1bab784 100644
--- a/api_docs/kbn_core_apps_server_internal.mdx
+++ b/api_docs/kbn_core_apps_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal
 title: "@kbn/core-apps-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal']
 ---
 import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx
index 83361db92ba26..013ded0fdf45b 100644
--- a/api_docs/kbn_core_base_browser_mocks.mdx
+++ b/api_docs/kbn_core_base_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks
 title: "@kbn/core-base-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks']
 ---
 import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx
index 2d4abb8658498..6f4da01d0fd96 100644
--- a/api_docs/kbn_core_base_common.mdx
+++ b/api_docs/kbn_core_base_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common
 title: "@kbn/core-base-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common']
 ---
 import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json';
diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx
index 5730e672d8684..ffea92a4a4027 100644
--- a/api_docs/kbn_core_base_server_internal.mdx
+++ b/api_docs/kbn_core_base_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal
 title: "@kbn/core-base-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal']
 ---
 import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx
index 0093286db5fb8..2a5f969d24559 100644
--- a/api_docs/kbn_core_base_server_mocks.mdx
+++ b/api_docs/kbn_core_base_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks
 title: "@kbn/core-base-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks']
 ---
 import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx
index 2c0c272df5213..17bc87e52f011 100644
--- a/api_docs/kbn_core_capabilities_browser_mocks.mdx
+++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks
 title: "@kbn/core-capabilities-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks']
 ---
 import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx
index c9d891961606c..a1d6e93965568 100644
--- a/api_docs/kbn_core_capabilities_common.mdx
+++ b/api_docs/kbn_core_capabilities_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common
 title: "@kbn/core-capabilities-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common']
 ---
 import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx
index 51221490afe8c..1245f249862fa 100644
--- a/api_docs/kbn_core_capabilities_server.mdx
+++ b/api_docs/kbn_core_capabilities_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server
 title: "@kbn/core-capabilities-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server']
 ---
 import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx
index 2175735f414c9..6e67e4e575e4e 100644
--- a/api_docs/kbn_core_capabilities_server_mocks.mdx
+++ b/api_docs/kbn_core_capabilities_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks
 title: "@kbn/core-capabilities-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks']
 ---
 import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_chrome_browser.devdocs.json b/api_docs/kbn_core_chrome_browser.devdocs.json
index 66c2b4398c08c..19595edba49ec 100644
--- a/api_docs/kbn_core_chrome_browser.devdocs.json
+++ b/api_docs/kbn_core_chrome_browser.devdocs.json
@@ -3716,7 +3716,7 @@
         "label": "AppDeepLinkId",
         "description": [],
         "signature": [
-          "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"metrics\" | \"management\" | \"synthetics\" | \"ux\" | \"apm\" | \"logs\" | \"profiling\" | \"dashboards\" | \"observabilityAIAssistant\" | \"home\" | \"canvas\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:singleMetricViewer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:logRateAnalysis\" | \"ml:logPatternAnalysis\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:settings\" | \"management:dataViews\" | \"management:spaces\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:cross_cluster_replication\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"observability-logs-explorer\" | \"observabilityOnboarding\" | \"slo\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:services\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"profiling:functions\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:coverage-overview\" | \"securitySolutionUI:notes-management\" | \"fleet:settings\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\" | \"fleet:agents\""
+          "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"metrics\" | \"management\" | \"synthetics\" | \"ux\" | \"apm\" | \"logs\" | \"profiling\" | \"dashboards\" | \"observabilityAIAssistant\" | \"home\" | \"canvas\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:singleMetricViewer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:logRateAnalysis\" | \"ml:logPatternAnalysis\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:settings\" | \"management:dataViews\" | \"management:spaces\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:cross_cluster_replication\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"observability-logs-explorer\" | \"observabilityOnboarding\" | \"slo\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:services\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"profiling:functions\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:coverage-overview\" | \"securitySolutionUI:notes-management\" | \"fleet:settings\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\" | \"fleet:agents\""
         ],
         "path": "packages/core/chrome/core-chrome-browser/src/project_navigation.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx
index 71105415fb4ca..d2ca714abe84d 100644
--- a/api_docs/kbn_core_chrome_browser.mdx
+++ b/api_docs/kbn_core_chrome_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser
 title: "@kbn/core-chrome-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-chrome-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser']
 ---
 import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json';
diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx
index df950e030dec0..32ed1de922831 100644
--- a/api_docs/kbn_core_chrome_browser_mocks.mdx
+++ b/api_docs/kbn_core_chrome_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks
 title: "@kbn/core-chrome-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-chrome-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks']
 ---
 import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx
index 9eec1a1692c15..23998d6aadd9b 100644
--- a/api_docs/kbn_core_config_server_internal.mdx
+++ b/api_docs/kbn_core_config_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal
 title: "@kbn/core-config-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-config-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal']
 ---
 import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx
index 2e6eebc20e1ab..5b7526d56a286 100644
--- a/api_docs/kbn_core_custom_branding_browser.mdx
+++ b/api_docs/kbn_core_custom_branding_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser
 title: "@kbn/core-custom-branding-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser']
 ---
 import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx
index c499b048c9344..c6c53153fed5b 100644
--- a/api_docs/kbn_core_custom_branding_browser_internal.mdx
+++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal
 title: "@kbn/core-custom-branding-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal']
 ---
 import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx
index df9652c4f6d7e..fe5b64b64ac93 100644
--- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx
+++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks
 title: "@kbn/core-custom-branding-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks']
 ---
 import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx
index 9ce3fd7b27906..eb3c50a448b9d 100644
--- a/api_docs/kbn_core_custom_branding_common.mdx
+++ b/api_docs/kbn_core_custom_branding_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common
 title: "@kbn/core-custom-branding-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common']
 ---
 import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx
index 23632cdbbd9ac..c846813b6c4da 100644
--- a/api_docs/kbn_core_custom_branding_server.mdx
+++ b/api_docs/kbn_core_custom_branding_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server
 title: "@kbn/core-custom-branding-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server']
 ---
 import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx
index d23c897cecffa..b667a01d17569 100644
--- a/api_docs/kbn_core_custom_branding_server_internal.mdx
+++ b/api_docs/kbn_core_custom_branding_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal
 title: "@kbn/core-custom-branding-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal']
 ---
 import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx
index 6f258fcfc8b48..01027ca00fb31 100644
--- a/api_docs/kbn_core_custom_branding_server_mocks.mdx
+++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks
 title: "@kbn/core-custom-branding-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks']
 ---
 import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx
index 90daf5fa734f3..ec9752b465e85 100644
--- a/api_docs/kbn_core_deprecations_browser.mdx
+++ b/api_docs/kbn_core_deprecations_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser
 title: "@kbn/core-deprecations-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser']
 ---
 import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx
index f657bd0dc847e..1ca2f94aca3fc 100644
--- a/api_docs/kbn_core_deprecations_browser_internal.mdx
+++ b/api_docs/kbn_core_deprecations_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal
 title: "@kbn/core-deprecations-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal']
 ---
 import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx
index e5f76f49825dd..3706ba67ca651 100644
--- a/api_docs/kbn_core_deprecations_browser_mocks.mdx
+++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks
 title: "@kbn/core-deprecations-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks']
 ---
 import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx
index 9a20d9cb1f7fe..aedd91d54e73b 100644
--- a/api_docs/kbn_core_deprecations_common.mdx
+++ b/api_docs/kbn_core_deprecations_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common
 title: "@kbn/core-deprecations-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common']
 ---
 import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx
index 92b19b1819557..c51c0ff64b655 100644
--- a/api_docs/kbn_core_deprecations_server.mdx
+++ b/api_docs/kbn_core_deprecations_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server
 title: "@kbn/core-deprecations-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server']
 ---
 import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx
index d5df05b865157..834d9bd9b9db9 100644
--- a/api_docs/kbn_core_deprecations_server_internal.mdx
+++ b/api_docs/kbn_core_deprecations_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal
 title: "@kbn/core-deprecations-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal']
 ---
 import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx
index 78e9a91330219..75882794f9f40 100644
--- a/api_docs/kbn_core_deprecations_server_mocks.mdx
+++ b/api_docs/kbn_core_deprecations_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks
 title: "@kbn/core-deprecations-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks']
 ---
 import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx
index 8336c45fbe0c2..e55f122c76d48 100644
--- a/api_docs/kbn_core_doc_links_browser.mdx
+++ b/api_docs/kbn_core_doc_links_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser
 title: "@kbn/core-doc-links-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser']
 ---
 import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx
index cda2ac5294b20..bc20536cd96b8 100644
--- a/api_docs/kbn_core_doc_links_browser_mocks.mdx
+++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks
 title: "@kbn/core-doc-links-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks']
 ---
 import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx
index 612ce5f4084cb..1aa437be9b6e8 100644
--- a/api_docs/kbn_core_doc_links_server.mdx
+++ b/api_docs/kbn_core_doc_links_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server
 title: "@kbn/core-doc-links-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server']
 ---
 import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx
index a65bfc25d7e6e..c5b91b9f5abe6 100644
--- a/api_docs/kbn_core_doc_links_server_mocks.mdx
+++ b/api_docs/kbn_core_doc_links_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks
 title: "@kbn/core-doc-links-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks']
 ---
 import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
index 674666ba6ebd2..2a9983c88ea7a 100644
--- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
+++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal
 title: "@kbn/core-elasticsearch-client-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal']
 ---
 import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
index 7904772ed2ae2..74778900cbd39 100644
--- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
+++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks
 title: "@kbn/core-elasticsearch-client-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks']
 ---
 import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_server.devdocs.json b/api_docs/kbn_core_elasticsearch_server.devdocs.json
index 7f68422b77181..8d36fea09e076 100644
--- a/api_docs/kbn_core_elasticsearch_server.devdocs.json
+++ b/api_docs/kbn_core_elasticsearch_server.devdocs.json
@@ -160,6 +160,27 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "@kbn/core-elasticsearch-server",
+            "id": "def-common.ElasticsearchClientConfig.maxResponseSize",
+            "type": "Object",
+            "tags": [],
+            "label": "maxResponseSize",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/config-schema",
+                "scope": "common",
+                "docId": "kibKbnConfigSchemaPluginApi",
+                "section": "def-common.ByteSizeValue",
+                "text": "ByteSizeValue"
+              },
+              " | undefined"
+            ],
+            "path": "packages/core/elasticsearch/core-elasticsearch-server/src/client/client_config.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "@kbn/core-elasticsearch-server",
             "id": "def-common.ElasticsearchClientConfig.idleSocketTimeout",
diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx
index e7d4c7a2ac357..d66135b1d9658 100644
--- a/api_docs/kbn_core_elasticsearch_server.mdx
+++ b/api_docs/kbn_core_elasticsearch_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server
 title: "@kbn/core-elasticsearch-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server']
 ---
 import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 115 | 0 | 55 | 0 |
+| 116 | 0 | 56 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_core_elasticsearch_server_internal.devdocs.json b/api_docs/kbn_core_elasticsearch_server_internal.devdocs.json
index 81fc1bdadb72e..b12006708fc6a 100644
--- a/api_docs/kbn_core_elasticsearch_server_internal.devdocs.json
+++ b/api_docs/kbn_core_elasticsearch_server_internal.devdocs.json
@@ -3114,7 +3114,15 @@
         "label": "ElasticsearchConfigType",
         "description": [],
         "signature": [
-          "{ readonly username?: string | undefined; readonly password?: string | undefined; readonly serviceAccountToken?: string | undefined; readonly ssl: Readonly<{ key?: string | undefined; certificateAuthorities?: string | string[] | undefined; certificate?: string | undefined; keyPassphrase?: string | undefined; } & { verificationMode: \"none\" | \"full\" | \"certificate\"; keystore: Readonly<{ password?: string | undefined; path?: string | undefined; } & {}>; truststore: Readonly<{ password?: string | undefined; path?: string | undefined; } & {}>; alwaysPresentCertificate: boolean; }>; readonly healthCheck: Readonly<{} & { delay: moment.Duration; startupDelay: moment.Duration; }>; readonly hosts: string | string[]; readonly apiVersion: string; readonly customHeaders: Record<string, string>; readonly sniffOnStart: boolean; readonly sniffInterval: false | moment.Duration; readonly sniffOnConnectionFault: boolean; readonly maxSockets: number; readonly maxIdleSockets: number; readonly idleSocketTimeout: moment.Duration; readonly compression: boolean; readonly requestHeadersWhitelist: string | string[]; readonly shardTimeout: moment.Duration; readonly requestTimeout: moment.Duration; readonly pingTimeout: moment.Duration; readonly logQueries: boolean; readonly ignoreVersionMismatch: boolean; readonly skipStartupConnectionCheck: boolean; readonly apisToRedactInLogs: Readonly<{ method?: string | undefined; } & { path: string; }>[]; readonly dnsCacheTtl: moment.Duration; }"
+          "{ readonly username?: string | undefined; readonly password?: string | undefined; readonly serviceAccountToken?: string | undefined; readonly ssl: Readonly<{ key?: string | undefined; certificateAuthorities?: string | string[] | undefined; certificate?: string | undefined; keyPassphrase?: string | undefined; } & { verificationMode: \"none\" | \"full\" | \"certificate\"; keystore: Readonly<{ password?: string | undefined; path?: string | undefined; } & {}>; truststore: Readonly<{ password?: string | undefined; path?: string | undefined; } & {}>; alwaysPresentCertificate: boolean; }>; readonly healthCheck: Readonly<{} & { delay: moment.Duration; startupDelay: moment.Duration; }>; readonly hosts: string | string[]; readonly apiVersion: string; readonly customHeaders: Record<string, string>; readonly sniffOnStart: boolean; readonly sniffInterval: false | moment.Duration; readonly sniffOnConnectionFault: boolean; readonly maxSockets: number; readonly maxIdleSockets: number; readonly maxResponseSize: false | ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.ByteSizeValue",
+            "text": "ByteSizeValue"
+          },
+          "; readonly idleSocketTimeout: moment.Duration; readonly compression: boolean; readonly requestHeadersWhitelist: string | string[]; readonly shardTimeout: moment.Duration; readonly requestTimeout: moment.Duration; readonly pingTimeout: moment.Duration; readonly logQueries: boolean; readonly ignoreVersionMismatch: boolean; readonly skipStartupConnectionCheck: boolean; readonly apisToRedactInLogs: Readonly<{ method?: string | undefined; } & { path: string; }>[]; readonly dnsCacheTtl: moment.Duration; }"
         ],
         "path": "packages/core/elasticsearch/core-elasticsearch-server-internal/src/elasticsearch_config.ts",
         "deprecated": false,
@@ -3188,7 +3196,23 @@
             "section": "def-common.Type",
             "text": "Type"
           },
-          "<number>; idleSocketTimeout: ",
+          "<number>; maxResponseSize: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<false | ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.ByteSizeValue",
+            "text": "ByteSizeValue"
+          },
+          ">; idleSocketTimeout: ",
           {
             "pluginId": "@kbn/config-schema",
             "scope": "common",
diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx
index 5e73f0659d04b..7038857686e1d 100644
--- a/api_docs/kbn_core_elasticsearch_server_internal.mdx
+++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal
 title: "@kbn/core-elasticsearch-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal']
 ---
 import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx
index 75bcf0def4b57..96ce852028560 100644
--- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx
+++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks
 title: "@kbn/core-elasticsearch-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks']
 ---
 import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx
index 5eb9304aac317..433f2c8b504fa 100644
--- a/api_docs/kbn_core_environment_server_internal.mdx
+++ b/api_docs/kbn_core_environment_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal
 title: "@kbn/core-environment-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-environment-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal']
 ---
 import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx
index 8ba4a516a391b..aea64c35dc3c0 100644
--- a/api_docs/kbn_core_environment_server_mocks.mdx
+++ b/api_docs/kbn_core_environment_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks
 title: "@kbn/core-environment-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-environment-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks']
 ---
 import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx
index 2770e6e0bf0cb..ec92cec5a8666 100644
--- a/api_docs/kbn_core_execution_context_browser.mdx
+++ b/api_docs/kbn_core_execution_context_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser
 title: "@kbn/core-execution-context-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser']
 ---
 import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx
index 338cfc8f178ab..4d21a5b327392 100644
--- a/api_docs/kbn_core_execution_context_browser_internal.mdx
+++ b/api_docs/kbn_core_execution_context_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal
 title: "@kbn/core-execution-context-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal']
 ---
 import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx
index 7bd144d8c9668..d3d99b18c094e 100644
--- a/api_docs/kbn_core_execution_context_browser_mocks.mdx
+++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks
 title: "@kbn/core-execution-context-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks']
 ---
 import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx
index 2943e8c03296f..8f3ec845c140b 100644
--- a/api_docs/kbn_core_execution_context_common.mdx
+++ b/api_docs/kbn_core_execution_context_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common
 title: "@kbn/core-execution-context-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common']
 ---
 import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx
index 5778a1ec26183..91d5a75bd2d5a 100644
--- a/api_docs/kbn_core_execution_context_server.mdx
+++ b/api_docs/kbn_core_execution_context_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server
 title: "@kbn/core-execution-context-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server']
 ---
 import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx
index 485e7e1e79c36..f2bc5f2ae5591 100644
--- a/api_docs/kbn_core_execution_context_server_internal.mdx
+++ b/api_docs/kbn_core_execution_context_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal
 title: "@kbn/core-execution-context-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal']
 ---
 import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx
index 1dc6be712cf05..2afdc0064ec07 100644
--- a/api_docs/kbn_core_execution_context_server_mocks.mdx
+++ b/api_docs/kbn_core_execution_context_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks
 title: "@kbn/core-execution-context-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks']
 ---
 import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx
index 8dd268062f9c7..8122aac361a52 100644
--- a/api_docs/kbn_core_fatal_errors_browser.mdx
+++ b/api_docs/kbn_core_fatal_errors_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser
 title: "@kbn/core-fatal-errors-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-fatal-errors-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser']
 ---
 import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json';
diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
index 2b593020653fd..7cf08334e70ca 100644
--- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
+++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks
 title: "@kbn/core-fatal-errors-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks']
 ---
 import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx
index cf2c050db360b..e365170421c4d 100644
--- a/api_docs/kbn_core_http_browser.mdx
+++ b/api_docs/kbn_core_http_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser
 title: "@kbn/core-http-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser']
 ---
 import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx
index 77688dedbcd7a..fa1a51035cf5d 100644
--- a/api_docs/kbn_core_http_browser_internal.mdx
+++ b/api_docs/kbn_core_http_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal
 title: "@kbn/core-http-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal']
 ---
 import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx
index 565afd6b084f1..17b12b6e40822 100644
--- a/api_docs/kbn_core_http_browser_mocks.mdx
+++ b/api_docs/kbn_core_http_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks
 title: "@kbn/core-http-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks']
 ---
 import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx
index 0558d5a0eed69..fbd93f827a78f 100644
--- a/api_docs/kbn_core_http_common.mdx
+++ b/api_docs/kbn_core_http_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common
 title: "@kbn/core-http-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common']
 ---
 import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json';
diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx
index 5f7488eb7179f..f78e569dc0c19 100644
--- a/api_docs/kbn_core_http_context_server_mocks.mdx
+++ b/api_docs/kbn_core_http_context_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks
 title: "@kbn/core-http-context-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-context-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks']
 ---
 import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx
index afd1291384dd2..bed4ad5469c2e 100644
--- a/api_docs/kbn_core_http_request_handler_context_server.mdx
+++ b/api_docs/kbn_core_http_request_handler_context_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server
 title: "@kbn/core-http-request-handler-context-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-request-handler-context-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server']
 ---
 import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx
index a0f4412ee86e1..d5e5d7c5d0f6a 100644
--- a/api_docs/kbn_core_http_resources_server.mdx
+++ b/api_docs/kbn_core_http_resources_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server
 title: "@kbn/core-http-resources-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server']
 ---
 import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx
index 94f41e2228c56..5a236e99bb53f 100644
--- a/api_docs/kbn_core_http_resources_server_internal.mdx
+++ b/api_docs/kbn_core_http_resources_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal
 title: "@kbn/core-http-resources-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal']
 ---
 import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server_mocks.devdocs.json b/api_docs/kbn_core_http_resources_server_mocks.devdocs.json
index 58e758c332771..97793db3d7bd1 100644
--- a/api_docs/kbn_core_http_resources_server_mocks.devdocs.json
+++ b/api_docs/kbn_core_http_resources_server_mocks.devdocs.json
@@ -443,6 +443,68 @@
                 "section": "def-common.IKibanaResponse",
                 "text": "IKibanaResponse"
               },
+              "<T>); created: jest.MockInstance<",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<string | Record<string, any> | Error | Buffer | ",
+              "Stream",
+              " | { message: string | Error; attributes?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ResponseErrorAttributes",
+                "text": "ResponseErrorAttributes"
+              },
+              " | undefined; } | undefined>, [options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<string | Record<string, any> | Error | Buffer | ",
+              "Stream",
+              " | { message: string | Error; attributes?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ResponseErrorAttributes",
+                "text": "ResponseErrorAttributes"
+              },
+              " | undefined; } | undefined> | undefined], unknown> & (<T extends string | Record<string, any> | Error | Buffer | ",
+              "Stream",
+              " | { message: string | Error; attributes?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ResponseErrorAttributes",
+                "text": "ResponseErrorAttributes"
+              },
+              " | undefined; } | undefined = any>(options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<T> | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
               "<T>); accepted: jest.MockInstance<",
               {
                 "pluginId": "@kbn/core-http-server",
@@ -537,6 +599,38 @@
                 "section": "def-common.IKibanaResponse",
                 "text": "IKibanaResponse"
               },
+              "<any>); multiStatus: jest.MockInstance<",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<any>, [options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<any> | undefined], unknown> & ((options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<any> | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
               "<any>); redirected: jest.MockInstance<",
               {
                 "pluginId": "@kbn/core-http-server",
@@ -761,6 +855,38 @@
                 "section": "def-common.IKibanaResponse",
                 "text": "IKibanaResponse"
               },
+              "<any>); unprocessableContent: jest.MockInstance<",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<any>, [options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ErrorHttpResponseOptions",
+                "text": "ErrorHttpResponseOptions"
+              },
+              " | undefined], unknown> & ((options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ErrorHttpResponseOptions",
+                "text": "ErrorHttpResponseOptions"
+              },
+              " | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
               "<any>); customError: jest.MockInstance<",
               {
                 "pluginId": "@kbn/core-http-server",
diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx
index aded1566dcffd..c9f49f4be1342 100644
--- a/api_docs/kbn_core_http_resources_server_mocks.mdx
+++ b/api_docs/kbn_core_http_resources_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks
 title: "@kbn/core-http-resources-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks']
 ---
 import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx
index dcdcbc84d6529..690c67b27be50 100644
--- a/api_docs/kbn_core_http_router_server_internal.mdx
+++ b/api_docs/kbn_core_http_router_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal
 title: "@kbn/core-http-router-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-router-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal']
 ---
 import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx
index f5d32c20ea099..3ac841684d5ad 100644
--- a/api_docs/kbn_core_http_router_server_mocks.mdx
+++ b/api_docs/kbn_core_http_router_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks
 title: "@kbn/core-http-router-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-router-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks']
 ---
 import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_server.devdocs.json b/api_docs/kbn_core_http_server.devdocs.json
index 6efa1875aa8c9..3ba2c76647c3b 100644
--- a/api_docs/kbn_core_http_server.devdocs.json
+++ b/api_docs/kbn_core_http_server.devdocs.json
@@ -4731,32 +4731,16 @@
                 "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts"
-              },
-              {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts"
-              },
-              {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts"
-              },
-              {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts"
-              },
-              {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts"
               },
               {
                 "plugin": "profiling",
@@ -7241,16 +7225,12 @@
                 "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts"
-              },
-              {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts"
               },
               {
                 "plugin": "profiling",
@@ -8750,6 +8730,10 @@
                 "plugin": "grokdebugger",
                 "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts"
               },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts"
+              },
               {
                 "plugin": "synthetics",
                 "path": "x-pack/plugins/observability_solution/synthetics/server/server.ts"
@@ -9671,12 +9655,12 @@
                 "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts"
               },
               {
-                "plugin": "assetManager",
-                "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts"
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts"
               },
               {
                 "plugin": "synthetics",
@@ -10553,6 +10537,65 @@
             ],
             "returnComment": []
           },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-common.KibanaErrorResponseFactory.unprocessableContent",
+            "type": "Function",
+            "tags": [],
+            "label": "unprocessableContent",
+            "description": [
+              "\nThe server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.\nStatus code: `422`."
+            ],
+            "signature": [
+              "(options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ErrorHttpResponseOptions",
+                "text": "ErrorHttpResponseOptions"
+              },
+              " | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<any>"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/core-http-server",
+                "id": "def-common.KibanaErrorResponseFactory.unprocessableContent.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [
+                  "- {@link HttpResponseOptions } configures HTTP response headers, error message and other error details to pass to the client"
+                ],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/core-http-server",
+                    "scope": "common",
+                    "docId": "kibKbnCoreHttpServerPluginApi",
+                    "section": "def-common.ErrorHttpResponseOptions",
+                    "text": "ErrorHttpResponseOptions"
+                  },
+                  " | undefined"
+                ],
+                "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
           {
             "parentPluginId": "@kbn/core-http-server",
             "id": "def-common.KibanaErrorResponseFactory.customError",
@@ -11487,6 +11530,75 @@
             ],
             "returnComment": []
           },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-common.KibanaSuccessResponseFactory.created",
+            "type": "Function",
+            "tags": [],
+            "label": "created",
+            "description": [
+              "\nThe request has succeeded and has led to the creation of a resource.\nStatus code: `201`."
+            ],
+            "signature": [
+              "<T extends string | Record<string, any> | Error | Buffer | ",
+              "Stream",
+              " | { message: string | Error; attributes?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.ResponseErrorAttributes",
+                "text": "ResponseErrorAttributes"
+              },
+              " | undefined; } | undefined = any>(options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<T> | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<T>"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/core-http-server",
+                "id": "def-common.KibanaSuccessResponseFactory.created.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [
+                  "- {@link HttpResponseOptions } configures HTTP response body & headers."
+                ],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/core-http-server",
+                    "scope": "common",
+                    "docId": "kibKbnCoreHttpServerPluginApi",
+                    "section": "def-common.HttpResponseOptions",
+                    "text": "HttpResponseOptions"
+                  },
+                  "<T> | undefined"
+                ],
+                "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
           {
             "parentPluginId": "@kbn/core-http-server",
             "id": "def-common.KibanaSuccessResponseFactory.accepted",
@@ -11614,6 +11726,65 @@
               }
             ],
             "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-common.KibanaSuccessResponseFactory.multiStatus",
+            "type": "Function",
+            "tags": [],
+            "label": "multiStatus",
+            "description": [
+              "\nThe server indicates that there might be a mixture of responses (some tasks succeeded, some failed).\nStatus code: `207`."
+            ],
+            "signature": [
+              "(options?: ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.HttpResponseOptions",
+                "text": "HttpResponseOptions"
+              },
+              "<any> | undefined) => ",
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "common",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-common.IKibanaResponse",
+                "text": "IKibanaResponse"
+              },
+              "<any>"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/core-http-server",
+                "id": "def-common.KibanaSuccessResponseFactory.multiStatus.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [
+                  "- {@link HttpResponseOptions } configures HTTP response body & headers."
+                ],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/core-http-server",
+                    "scope": "common",
+                    "docId": "kibKbnCoreHttpServerPluginApi",
+                    "section": "def-common.HttpResponseOptions",
+                    "text": "HttpResponseOptions"
+                  },
+                  "<any> | undefined"
+                ],
+                "path": "packages/core/http/core-http-server/src/router/response_factory.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
           }
         ],
         "initialIsOpen": false
@@ -14087,10 +14258,6 @@
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results.ts"
               },
-              {
-                "plugin": "ml",
-                "path": "x-pack/plugins/ml/server/routes/json_schema.ts"
-              },
               {
                 "plugin": "ml",
                 "path": "x-pack/plugins/ml/server/routes/notifications.ts"
@@ -14315,6 +14482,10 @@
                 "plugin": "ml",
                 "path": "x-pack/plugins/ml/server/routes/management.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts"
+              },
               {
                 "plugin": "elasticAssistant",
                 "path": "x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.ts"
@@ -14627,6 +14798,10 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts"
               },
+              {
+                "plugin": "securitySolution",
+                "path": "x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts"
+              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/security_integrations/cribl/routes/index.ts"
@@ -14835,6 +15010,10 @@
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/__mocks__/server.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts"
+              },
               {
                 "plugin": "canvas",
                 "path": "x-pack/plugins/canvas/server/routes/custom_elements/find.test.ts"
@@ -15082,6 +15261,10 @@
                 "plugin": "ml",
                 "path": "x-pack/plugins/ml/server/routes/inference_models.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts"
+              },
               {
                 "plugin": "elasticAssistant",
                 "path": "x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.ts"
@@ -15174,6 +15357,10 @@
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/__mocks__/server.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts"
+              },
               {
                 "plugin": "canvas",
                 "path": "x-pack/plugins/canvas/server/routes/custom_elements/update.test.ts"
@@ -16049,13 +16236,17 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts"
               },
+              {
+                "plugin": "securitySolution",
+                "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts"
+              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts"
               },
               {
                 "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts"
+                "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts"
               },
               {
                 "plugin": "securitySolution",
@@ -16233,6 +16424,10 @@
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/__mocks__/server.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts"
+              },
               {
                 "plugin": "canvas",
                 "path": "x-pack/plugins/canvas/server/routes/custom_elements/create.test.ts"
@@ -16379,6 +16574,10 @@
               {
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/__mocks__/server.ts"
+              },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts"
               }
             ],
             "returnComment": [],
@@ -16643,6 +16842,10 @@
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/__mocks__/server.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts"
+              },
               {
                 "plugin": "canvas",
                 "path": "x-pack/plugins/canvas/server/routes/custom_elements/delete.test.ts"
diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx
index 3d4ca4db80615..d923a90985177 100644
--- a/api_docs/kbn_core_http_server.mdx
+++ b/api_docs/kbn_core_http_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server
 title: "@kbn/core-http-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server']
 ---
 import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 489 | 2 | 193 | 0 |
+| 495 | 2 | 193 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx
index 403fc01ea0b4d..4d16d46cc8108 100644
--- a/api_docs/kbn_core_http_server_internal.mdx
+++ b/api_docs/kbn_core_http_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal
 title: "@kbn/core-http-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal']
 ---
 import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx
index 2c11130958d72..752f47421e763 100644
--- a/api_docs/kbn_core_http_server_mocks.mdx
+++ b/api_docs/kbn_core_http_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks
 title: "@kbn/core-http-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks']
 ---
 import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx
index 293fa964ee4a5..c21661229f8f7 100644
--- a/api_docs/kbn_core_i18n_browser.mdx
+++ b/api_docs/kbn_core_i18n_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser
 title: "@kbn/core-i18n-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser']
 ---
 import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx
index b65b47da9991e..3d109ac311ccd 100644
--- a/api_docs/kbn_core_i18n_browser_mocks.mdx
+++ b/api_docs/kbn_core_i18n_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks
 title: "@kbn/core-i18n-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks']
 ---
 import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx
index 1078b9422550d..ab35b6b8c50f1 100644
--- a/api_docs/kbn_core_i18n_server.mdx
+++ b/api_docs/kbn_core_i18n_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server
 title: "@kbn/core-i18n-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server']
 ---
 import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx
index 6e63af728c086..c3e9fefff9e47 100644
--- a/api_docs/kbn_core_i18n_server_internal.mdx
+++ b/api_docs/kbn_core_i18n_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal
 title: "@kbn/core-i18n-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal']
 ---
 import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx
index 399f8f707f150..2f0d31c847663 100644
--- a/api_docs/kbn_core_i18n_server_mocks.mdx
+++ b/api_docs/kbn_core_i18n_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks
 title: "@kbn/core-i18n-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks']
 ---
 import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
index e09f4d57977fd..c1b246f06a7f0 100644
--- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
+++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks
 title: "@kbn/core-injected-metadata-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks']
 ---
 import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx
index 53e799d45f330..028fde1f6e529 100644
--- a/api_docs/kbn_core_integrations_browser_internal.mdx
+++ b/api_docs/kbn_core_integrations_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal
 title: "@kbn/core-integrations-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-integrations-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal']
 ---
 import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx
index 742fb3ae3e247..bc93d5ccbf538 100644
--- a/api_docs/kbn_core_integrations_browser_mocks.mdx
+++ b/api_docs/kbn_core_integrations_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks
 title: "@kbn/core-integrations-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-integrations-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks']
 ---
 import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_browser.devdocs.json b/api_docs/kbn_core_lifecycle_browser.devdocs.json
index ad2d7ba96eb1f..1b96fc2e88592 100644
--- a/api_docs/kbn_core_lifecycle_browser.devdocs.json
+++ b/api_docs/kbn_core_lifecycle_browser.devdocs.json
@@ -659,14 +659,6 @@
                 "plugin": "transform",
                 "path": "x-pack/plugins/transform/public/app/mount_management_section.ts"
               },
-              {
-                "plugin": "dashboard",
-                "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-              },
-              {
-                "plugin": "dashboard",
-                "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-              },
               {
                 "plugin": "discover",
                 "path": "src/plugins/discover/public/application/main/state_management/discover_state.test.ts"
diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx
index bfeb9a0c6fa54..4f3d732ac8d15 100644
--- a/api_docs/kbn_core_lifecycle_browser.mdx
+++ b/api_docs/kbn_core_lifecycle_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser
 title: "@kbn/core-lifecycle-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser']
 ---
 import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx
index 3e3d6f9103061..d32360e933d80 100644
--- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx
+++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks
 title: "@kbn/core-lifecycle-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks']
 ---
 import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx
index 540a363e5f08a..a73f554152119 100644
--- a/api_docs/kbn_core_lifecycle_server.mdx
+++ b/api_docs/kbn_core_lifecycle_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server
 title: "@kbn/core-lifecycle-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server']
 ---
 import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx
index bcd4440d8c427..541252dce2d30 100644
--- a/api_docs/kbn_core_lifecycle_server_mocks.mdx
+++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks
 title: "@kbn/core-lifecycle-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks']
 ---
 import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx
index ebe1d709f3626..6ec82aefa4b9c 100644
--- a/api_docs/kbn_core_logging_browser_mocks.mdx
+++ b/api_docs/kbn_core_logging_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks
 title: "@kbn/core-logging-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks']
 ---
 import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx
index 81ced9b396fd3..02ed8c06d5de8 100644
--- a/api_docs/kbn_core_logging_common_internal.mdx
+++ b/api_docs/kbn_core_logging_common_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal
 title: "@kbn/core-logging-common-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-common-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal']
 ---
 import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx
index 462ee206a17ea..23f339d6f4cf1 100644
--- a/api_docs/kbn_core_logging_server.mdx
+++ b/api_docs/kbn_core_logging_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server
 title: "@kbn/core-logging-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server']
 ---
 import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx
index 547d8e1f274c3..7a7996f3ea76e 100644
--- a/api_docs/kbn_core_logging_server_internal.mdx
+++ b/api_docs/kbn_core_logging_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal
 title: "@kbn/core-logging-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal']
 ---
 import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx
index 46007186a4cf7..472c9d1079d0e 100644
--- a/api_docs/kbn_core_logging_server_mocks.mdx
+++ b/api_docs/kbn_core_logging_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks
 title: "@kbn/core-logging-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks']
 ---
 import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx
index 18e66be6b7a3c..9292fc4d04694 100644
--- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx
+++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal
 title: "@kbn/core-metrics-collectors-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-collectors-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal']
 ---
 import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
index 464491aa5691d..4e765d5c27643 100644
--- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
+++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks
 title: "@kbn/core-metrics-collectors-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks']
 ---
 import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx
index e01424863afb0..ba0707c5dc40e 100644
--- a/api_docs/kbn_core_metrics_server.mdx
+++ b/api_docs/kbn_core_metrics_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server
 title: "@kbn/core-metrics-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server']
 ---
 import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx
index ab8dd8c9df904..fd0a01857ae28 100644
--- a/api_docs/kbn_core_metrics_server_internal.mdx
+++ b/api_docs/kbn_core_metrics_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal
 title: "@kbn/core-metrics-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal']
 ---
 import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx
index 3ec6efa109800..89e7a6cffed70 100644
--- a/api_docs/kbn_core_metrics_server_mocks.mdx
+++ b/api_docs/kbn_core_metrics_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks
 title: "@kbn/core-metrics-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks']
 ---
 import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx
index 61f1267a833b8..ce04fb6eaee47 100644
--- a/api_docs/kbn_core_mount_utils_browser.mdx
+++ b/api_docs/kbn_core_mount_utils_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser
 title: "@kbn/core-mount-utils-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-mount-utils-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser']
 ---
 import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json';
diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx
index 83f6a6541d425..c30f3e0d94148 100644
--- a/api_docs/kbn_core_node_server.mdx
+++ b/api_docs/kbn_core_node_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server
 title: "@kbn/core-node-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server']
 ---
 import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json';
diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx
index 380f12a5efa54..b977075ae6099 100644
--- a/api_docs/kbn_core_node_server_internal.mdx
+++ b/api_docs/kbn_core_node_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal
 title: "@kbn/core-node-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal']
 ---
 import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx
index 7f2fd98b2ad18..2d125bae00fa6 100644
--- a/api_docs/kbn_core_node_server_mocks.mdx
+++ b/api_docs/kbn_core_node_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks
 title: "@kbn/core-node-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks']
 ---
 import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx
index 260678120bf7b..18ec802175cbf 100644
--- a/api_docs/kbn_core_notifications_browser.mdx
+++ b/api_docs/kbn_core_notifications_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser
 title: "@kbn/core-notifications-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser']
 ---
 import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx
index 19a018e82aa93..52f85dfdf864f 100644
--- a/api_docs/kbn_core_notifications_browser_internal.mdx
+++ b/api_docs/kbn_core_notifications_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal
 title: "@kbn/core-notifications-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal']
 ---
 import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx
index a37cddaa83ce9..0bb1ccaf6fcfa 100644
--- a/api_docs/kbn_core_notifications_browser_mocks.mdx
+++ b/api_docs/kbn_core_notifications_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks
 title: "@kbn/core-notifications-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks']
 ---
 import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx
index 4e07e307cd3ef..2ac5312f91498 100644
--- a/api_docs/kbn_core_overlays_browser.mdx
+++ b/api_docs/kbn_core_overlays_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser
 title: "@kbn/core-overlays-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser']
 ---
 import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx
index ce21d35d70b63..34a7580cc209f 100644
--- a/api_docs/kbn_core_overlays_browser_internal.mdx
+++ b/api_docs/kbn_core_overlays_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal
 title: "@kbn/core-overlays-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal']
 ---
 import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx
index 3ffde560b9cb8..108cea5b5ecd2 100644
--- a/api_docs/kbn_core_overlays_browser_mocks.mdx
+++ b/api_docs/kbn_core_overlays_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks
 title: "@kbn/core-overlays-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks']
 ---
 import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx
index 394a55506fc30..2063cd2063af4 100644
--- a/api_docs/kbn_core_plugins_browser.mdx
+++ b/api_docs/kbn_core_plugins_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser
 title: "@kbn/core-plugins-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser']
 ---
 import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx
index 0f2265927f8e9..1d9e184867c58 100644
--- a/api_docs/kbn_core_plugins_browser_mocks.mdx
+++ b/api_docs/kbn_core_plugins_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks
 title: "@kbn/core-plugins-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks']
 ---
 import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx
index 2f74db77bc206..ed0a3429f32ec 100644
--- a/api_docs/kbn_core_plugins_contracts_browser.mdx
+++ b/api_docs/kbn_core_plugins_contracts_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser
 title: "@kbn/core-plugins-contracts-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-contracts-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser']
 ---
 import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx
index 36ded0cd67d6c..dc1b07990ebc7 100644
--- a/api_docs/kbn_core_plugins_contracts_server.mdx
+++ b/api_docs/kbn_core_plugins_contracts_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server
 title: "@kbn/core-plugins-contracts-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-contracts-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server']
 ---
 import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx
index 568715e2a0baa..7817596f7854f 100644
--- a/api_docs/kbn_core_plugins_server.mdx
+++ b/api_docs/kbn_core_plugins_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server
 title: "@kbn/core-plugins-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server']
 ---
 import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx
index f0ffacb8de493..2c34636fdff51 100644
--- a/api_docs/kbn_core_plugins_server_mocks.mdx
+++ b/api_docs/kbn_core_plugins_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks
 title: "@kbn/core-plugins-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks']
 ---
 import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx
index ae491b22583cf..7c2318a6787fa 100644
--- a/api_docs/kbn_core_preboot_server.mdx
+++ b/api_docs/kbn_core_preboot_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server
 title: "@kbn/core-preboot-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-preboot-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server']
 ---
 import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json';
diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx
index 42345a0163255..8e28d84414693 100644
--- a/api_docs/kbn_core_preboot_server_mocks.mdx
+++ b/api_docs/kbn_core_preboot_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks
 title: "@kbn/core-preboot-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-preboot-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks']
 ---
 import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx
index 8880edcde44d2..7ecf4d673dd83 100644
--- a/api_docs/kbn_core_rendering_browser_mocks.mdx
+++ b/api_docs/kbn_core_rendering_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks
 title: "@kbn/core-rendering-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks']
 ---
 import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx
index f50b1493d6bc0..59ac25c06cdd9 100644
--- a/api_docs/kbn_core_rendering_server_internal.mdx
+++ b/api_docs/kbn_core_rendering_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal
 title: "@kbn/core-rendering-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal']
 ---
 import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx
index c602f636b9874..3609236ecfd6a 100644
--- a/api_docs/kbn_core_rendering_server_mocks.mdx
+++ b/api_docs/kbn_core_rendering_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks
 title: "@kbn/core-rendering-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks']
 ---
 import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx
index 7cb65d62fa0d1..e1fe9c9fdf01c 100644
--- a/api_docs/kbn_core_root_server_internal.mdx
+++ b/api_docs/kbn_core_root_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal
 title: "@kbn/core-root-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-root-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal']
 ---
 import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_browser.devdocs.json b/api_docs/kbn_core_saved_objects_api_browser.devdocs.json
index 80e7b392cbaae..2be72bf65c162 100644
--- a/api_docs/kbn_core_saved_objects_api_browser.devdocs.json
+++ b/api_docs/kbn_core_saved_objects_api_browser.devdocs.json
@@ -1138,10 +1138,6 @@
                 "plugin": "savedObjects",
                 "path": "src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.test.ts"
               },
-              {
-                "plugin": "dashboard",
-                "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-              },
               {
                 "plugin": "@kbn/core-saved-objects-browser-internal",
                 "path": "packages/core/saved-objects/core-saved-objects-browser-internal/src/simple_saved_object.test.ts"
@@ -1655,10 +1651,6 @@
                 "plugin": "savedObjects",
                 "path": "src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.test.ts"
               },
-              {
-                "plugin": "dashboard",
-                "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-              },
               {
                 "plugin": "@kbn/core-saved-objects-browser-internal",
                 "path": "packages/core/saved-objects/core-saved-objects-browser-internal/src/saved_objects_client.ts"
@@ -1747,10 +1739,6 @@
                 "plugin": "savedObjects",
                 "path": "src/plugins/saved_objects/public/saved_object/saved_object.test.ts"
               },
-              {
-                "plugin": "dashboard",
-                "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts"
-              },
               {
                 "plugin": "@kbn/core-saved-objects-browser-internal",
                 "path": "packages/core/saved-objects/core-saved-objects-browser-internal/src/saved_objects_client.ts"
diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx
index 9f91e8923304d..d2bbe676baf8c 100644
--- a/api_docs/kbn_core_saved_objects_api_browser.mdx
+++ b/api_docs/kbn_core_saved_objects_api_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser
 title: "@kbn/core-saved-objects-api-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser']
 ---
 import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx
index 874e3e0bdd0ea..1807c0045bf89 100644
--- a/api_docs/kbn_core_saved_objects_api_server.mdx
+++ b/api_docs/kbn_core_saved_objects_api_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server
 title: "@kbn/core-saved-objects-api-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server']
 ---
 import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
index ecffad213e4ff..92ec6f08d1e4e 100644
--- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks
 title: "@kbn/core-saved-objects-api-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks']
 ---
 import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx
index e0cc5522906d0..0c5c237885026 100644
--- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal
 title: "@kbn/core-saved-objects-base-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-base-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal']
 ---
 import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
index 0c5b314f1f660..1e2ac2682ba93 100644
--- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks
 title: "@kbn/core-saved-objects-base-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks']
 ---
 import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx
index 752ecbf87d7e6..491cc6fde9fd6 100644
--- a/api_docs/kbn_core_saved_objects_browser.mdx
+++ b/api_docs/kbn_core_saved_objects_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser
 title: "@kbn/core-saved-objects-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser']
 ---
 import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx
index c433502eed430..1eabec8b1ebc0 100644
--- a/api_docs/kbn_core_saved_objects_browser_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal
 title: "@kbn/core-saved-objects-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal']
 ---
 import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx
index 35a7a834c69bc..3106979b1a1ae 100644
--- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks
 title: "@kbn/core-saved-objects-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks']
 ---
 import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx
index 68d6a67769611..06ede73a52055 100644
--- a/api_docs/kbn_core_saved_objects_common.mdx
+++ b/api_docs/kbn_core_saved_objects_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common
 title: "@kbn/core-saved-objects-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common']
 ---
 import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
index 4a1337ba6374f..aa567a8c58865 100644
--- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal
 title: "@kbn/core-saved-objects-import-export-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal']
 ---
 import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
index 8e6a4bbac0003..fcce0ec4a8e2e 100644
--- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks
 title: "@kbn/core-saved-objects-import-export-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks']
 ---
 import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.devdocs.json b/api_docs/kbn_core_saved_objects_migration_server_internal.devdocs.json
index 662dfa093be91..50e1eb4b031c6 100644
--- a/api_docs/kbn_core_saved_objects_migration_server_internal.devdocs.json
+++ b/api_docs/kbn_core_saved_objects_migration_server_internal.devdocs.json
@@ -917,6 +917,59 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
+        "id": "def-common.checkClusterRoutingAllocationEnabled",
+        "type": "Function",
+        "tags": [],
+        "label": "checkClusterRoutingAllocationEnabled",
+        "description": [],
+        "signature": [
+          "(client: ",
+          {
+            "pluginId": "@kbn/core-elasticsearch-server",
+            "scope": "common",
+            "docId": "kibKbnCoreElasticsearchServerPluginApi",
+            "section": "def-common.ElasticsearchClient",
+            "text": "ElasticsearchClient"
+          },
+          ") => ",
+          "TaskEither",
+          "<",
+          "RetryableEsClientError",
+          " | ",
+          "IncompatibleClusterRoutingAllocation",
+          ", {}>"
+        ],
+        "path": "packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_cluster_routing_allocation.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
+            "id": "def-common.checkClusterRoutingAllocationEnabled.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "client",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-elasticsearch-server",
+                "scope": "common",
+                "docId": "kibKbnCoreElasticsearchServerPluginApi",
+                "section": "def-common.ElasticsearchClient",
+                "text": "ElasticsearchClient"
+              }
+            ],
+            "path": "packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_cluster_routing_allocation.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
         "id": "def-common.checkForUnknownDocs",
@@ -1239,49 +1292,6 @@
         "returnComment": [],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
-        "id": "def-common.initAction",
-        "type": "Function",
-        "tags": [],
-        "label": "initAction",
-        "description": [],
-        "signature": [
-          "({ client, indices, }: ",
-          "InitActionParams",
-          ") => ",
-          "TaskEither",
-          "<",
-          "RetryableEsClientError",
-          " | ",
-          "IncompatibleClusterRoutingAllocation",
-          ", ",
-          "FetchIndexResponse",
-          ">"
-        ],
-        "path": "packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/initialize_action.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
-            "id": "def-common.initAction.$1",
-            "type": "Object",
-            "tags": [],
-            "label": "{\n  client,\n  indices,\n}",
-            "description": [],
-            "signature": [
-              "InitActionParams"
-            ],
-            "path": "packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/initialize_action.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "isRequired": true
-          }
-        ],
-        "returnComment": [],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "@kbn/core-saved-objects-migration-server-internal",
         "id": "def-common.isClusterShardLimitExceeded",
diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
index 80a214f8e8bcc..756704f54b3e9 100644
--- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal
 title: "@kbn/core-saved-objects-migration-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal']
 ---
 import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 128 | 0 | 94 | 45 |
+| 128 | 0 | 94 | 44 |
 
 ## Common
 
diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
index e4c15b37732ab..7b1a43b12fa8b 100644
--- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks
 title: "@kbn/core-saved-objects-migration-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks']
 ---
 import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx
index 78665054e2d51..f24492f78d58f 100644
--- a/api_docs/kbn_core_saved_objects_server.mdx
+++ b/api_docs/kbn_core_saved_objects_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server
 title: "@kbn/core-saved-objects-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server']
 ---
 import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx
index 98fc56e33289f..7602aa2eb9ad3 100644
--- a/api_docs/kbn_core_saved_objects_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal
 title: "@kbn/core-saved-objects-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal']
 ---
 import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx
index 19151bb337527..86b27f680132f 100644
--- a/api_docs/kbn_core_saved_objects_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks
 title: "@kbn/core-saved-objects-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks']
 ---
 import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx
index ff2d640d3dff1..446045d6abfdc 100644
--- a/api_docs/kbn_core_saved_objects_utils_server.mdx
+++ b/api_docs/kbn_core_saved_objects_utils_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server
 title: "@kbn/core-saved-objects-utils-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-utils-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server']
 ---
 import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx
index 0918bd4435b48..b5df9baed6248 100644
--- a/api_docs/kbn_core_security_browser.mdx
+++ b/api_docs/kbn_core_security_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser
 title: "@kbn/core-security-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser']
 ---
 import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx
index bb1ed61f82173..ab947bff85233 100644
--- a/api_docs/kbn_core_security_browser_internal.mdx
+++ b/api_docs/kbn_core_security_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal
 title: "@kbn/core-security-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal']
 ---
 import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx
index 300d673be9d5c..ede76dc7cc443 100644
--- a/api_docs/kbn_core_security_browser_mocks.mdx
+++ b/api_docs/kbn_core_security_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks
 title: "@kbn/core-security-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks']
 ---
 import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx
index 5078e7aac7003..eb4f2475d7983 100644
--- a/api_docs/kbn_core_security_common.mdx
+++ b/api_docs/kbn_core_security_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common
 title: "@kbn/core-security-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common']
 ---
 import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json';
diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx
index 84c9098187bbb..a4eeb79742c95 100644
--- a/api_docs/kbn_core_security_server.mdx
+++ b/api_docs/kbn_core_security_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server
 title: "@kbn/core-security-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server']
 ---
 import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json';
diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx
index 2bd601031c0c3..874a2cf42b3be 100644
--- a/api_docs/kbn_core_security_server_internal.mdx
+++ b/api_docs/kbn_core_security_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal
 title: "@kbn/core-security-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal']
 ---
 import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx
index 7c7d458c61b64..9be525d5b1224 100644
--- a/api_docs/kbn_core_security_server_mocks.mdx
+++ b/api_docs/kbn_core_security_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks
 title: "@kbn/core-security-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks']
 ---
 import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx
index b2be2d573a383..712d795b10de2 100644
--- a/api_docs/kbn_core_status_common.mdx
+++ b/api_docs/kbn_core_status_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common
 title: "@kbn/core-status-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common']
 ---
 import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json';
diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx
index a4e723953e857..c775560bf7f3a 100644
--- a/api_docs/kbn_core_status_common_internal.mdx
+++ b/api_docs/kbn_core_status_common_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal
 title: "@kbn/core-status-common-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-common-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal']
 ---
 import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json';
diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx
index 226d66fd93b4c..8c792950f9fad 100644
--- a/api_docs/kbn_core_status_server.mdx
+++ b/api_docs/kbn_core_status_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server
 title: "@kbn/core-status-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server']
 ---
 import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json';
diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx
index fc208bda2f92b..a9847cbcf7379 100644
--- a/api_docs/kbn_core_status_server_internal.mdx
+++ b/api_docs/kbn_core_status_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal
 title: "@kbn/core-status-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal']
 ---
 import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx
index da52f2f53ee6d..a15bff562a2b0 100644
--- a/api_docs/kbn_core_status_server_mocks.mdx
+++ b/api_docs/kbn_core_status_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks
 title: "@kbn/core-status-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks']
 ---
 import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
index 57d54bc469e26..9d6fbfb4c5cae 100644
--- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
+++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters
 title: "@kbn/core-test-helpers-deprecations-getters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters']
 ---
 import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
index 7dbb268d367bc..5509dc4220153 100644
--- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
+++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser
 title: "@kbn/core-test-helpers-http-setup-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser']
 ---
 import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx
index 1bceadbf6500e..be6cbbbf24564 100644
--- a/api_docs/kbn_core_test_helpers_kbn_server.mdx
+++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server
 title: "@kbn/core-test-helpers-kbn-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-kbn-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server']
 ---
 import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx
index 80dfcec841e4f..60bf975e40208 100644
--- a/api_docs/kbn_core_test_helpers_model_versions.mdx
+++ b/api_docs/kbn_core_test_helpers_model_versions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions
 title: "@kbn/core-test-helpers-model-versions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-model-versions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions']
 ---
 import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
index b5397439e4a13..3b024cb4571ba 100644
--- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
+++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer
 title: "@kbn/core-test-helpers-so-type-serializer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer']
 ---
 import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx
index 08ee975d23ec6..b6196d14312b8 100644
--- a/api_docs/kbn_core_test_helpers_test_utils.mdx
+++ b/api_docs/kbn_core_test_helpers_test_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils
 title: "@kbn/core-test-helpers-test-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-test-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils']
 ---
 import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json';
diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx
index 3a8b9886f7f8a..bee15b5e0bb71 100644
--- a/api_docs/kbn_core_theme_browser.mdx
+++ b/api_docs/kbn_core_theme_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser
 title: "@kbn/core-theme-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-theme-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser']
 ---
 import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json';
diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx
index 888ce7638b70b..14ad25571ee72 100644
--- a/api_docs/kbn_core_theme_browser_mocks.mdx
+++ b/api_docs/kbn_core_theme_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks
 title: "@kbn/core-theme-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-theme-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks']
 ---
 import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx
index d2fe1dfd87a1b..be59f63cee936 100644
--- a/api_docs/kbn_core_ui_settings_browser.mdx
+++ b/api_docs/kbn_core_ui_settings_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser
 title: "@kbn/core-ui-settings-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser']
 ---
 import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx
index a80cfcb497d84..580a72762c02d 100644
--- a/api_docs/kbn_core_ui_settings_browser_internal.mdx
+++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal
 title: "@kbn/core-ui-settings-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal']
 ---
 import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx
index 2f7cad133b4cd..303f2a17d0e47 100644
--- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx
+++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks
 title: "@kbn/core-ui-settings-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks']
 ---
 import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx
index fd3819d87139b..51454951e2c1e 100644
--- a/api_docs/kbn_core_ui_settings_common.mdx
+++ b/api_docs/kbn_core_ui_settings_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common
 title: "@kbn/core-ui-settings-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common']
 ---
 import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx
index 776cd00c33ba9..d5463d9e4c25c 100644
--- a/api_docs/kbn_core_ui_settings_server.mdx
+++ b/api_docs/kbn_core_ui_settings_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server
 title: "@kbn/core-ui-settings-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server']
 ---
 import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx
index 66a0252c0743c..3ecf5c6014360 100644
--- a/api_docs/kbn_core_ui_settings_server_internal.mdx
+++ b/api_docs/kbn_core_ui_settings_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal
 title: "@kbn/core-ui-settings-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal']
 ---
 import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx
index 44ffdbee19eed..fa749c62e45c9 100644
--- a/api_docs/kbn_core_ui_settings_server_mocks.mdx
+++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks
 title: "@kbn/core-ui-settings-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks']
 ---
 import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx
index 8c86d7d90a81d..c4d67bc784ca1 100644
--- a/api_docs/kbn_core_usage_data_server.mdx
+++ b/api_docs/kbn_core_usage_data_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server
 title: "@kbn/core-usage-data-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server']
 ---
 import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json';
diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx
index 167711a91f528..02db19347d2b7 100644
--- a/api_docs/kbn_core_usage_data_server_internal.mdx
+++ b/api_docs/kbn_core_usage_data_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal
 title: "@kbn/core-usage-data-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal']
 ---
 import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx
index 91b5b01cc15bf..db73b3a4d7306 100644
--- a/api_docs/kbn_core_usage_data_server_mocks.mdx
+++ b/api_docs/kbn_core_usage_data_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks
 title: "@kbn/core-usage-data-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks']
 ---
 import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx
index eb95315c988d1..35460db2f8ff3 100644
--- a/api_docs/kbn_core_user_profile_browser.mdx
+++ b/api_docs/kbn_core_user_profile_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser
 title: "@kbn/core-user-profile-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser']
 ---
 import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx
index c843246a61a82..3489265b746b9 100644
--- a/api_docs/kbn_core_user_profile_browser_internal.mdx
+++ b/api_docs/kbn_core_user_profile_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal
 title: "@kbn/core-user-profile-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal']
 ---
 import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx
index befa003474b26..8442be6b104f9 100644
--- a/api_docs/kbn_core_user_profile_browser_mocks.mdx
+++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks
 title: "@kbn/core-user-profile-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks']
 ---
 import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx
index f66ad47be6122..ade7ab8000a6c 100644
--- a/api_docs/kbn_core_user_profile_common.mdx
+++ b/api_docs/kbn_core_user_profile_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common
 title: "@kbn/core-user-profile-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common']
 ---
 import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx
index 0e15c25f306cb..bccad07651dec 100644
--- a/api_docs/kbn_core_user_profile_server.mdx
+++ b/api_docs/kbn_core_user_profile_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server
 title: "@kbn/core-user-profile-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server']
 ---
 import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx
index 41d57e14eb86d..13639f19d1b6e 100644
--- a/api_docs/kbn_core_user_profile_server_internal.mdx
+++ b/api_docs/kbn_core_user_profile_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal
 title: "@kbn/core-user-profile-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server-internal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal']
 ---
 import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx
index b86eb701b873f..13ebabf1037a0 100644
--- a/api_docs/kbn_core_user_profile_server_mocks.mdx
+++ b/api_docs/kbn_core_user_profile_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks
 title: "@kbn/core-user-profile-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks']
 ---
 import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx
index 795d69dbb69e3..2b0710aa1cc9a 100644
--- a/api_docs/kbn_core_user_settings_server.mdx
+++ b/api_docs/kbn_core_user_settings_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server
 title: "@kbn/core-user-settings-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-settings-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server']
 ---
 import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json';
diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx
index a3aa62ecb7342..8f2d9f629570e 100644
--- a/api_docs/kbn_core_user_settings_server_mocks.mdx
+++ b/api_docs/kbn_core_user_settings_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks
 title: "@kbn/core-user-settings-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-settings-server-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks']
 ---
 import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx
index 0738623f9c4cd..426a9839e9229 100644
--- a/api_docs/kbn_crypto.mdx
+++ b/api_docs/kbn_crypto.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto
 title: "@kbn/crypto"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/crypto plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto']
 ---
 import kbnCryptoObj from './kbn_crypto.devdocs.json';
diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx
index a222beae12053..ebb4367885075 100644
--- a/api_docs/kbn_crypto_browser.mdx
+++ b/api_docs/kbn_crypto_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser
 title: "@kbn/crypto-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/crypto-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser']
 ---
 import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json';
diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx
index 6bb317fa407d4..1d8d47cd68a25 100644
--- a/api_docs/kbn_custom_icons.mdx
+++ b/api_docs/kbn_custom_icons.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons
 title: "@kbn/custom-icons"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/custom-icons plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons']
 ---
 import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json';
diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx
index 368d1d7209818..acf1aa560b76e 100644
--- a/api_docs/kbn_custom_integrations.mdx
+++ b/api_docs/kbn_custom_integrations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations
 title: "@kbn/custom-integrations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/custom-integrations plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations']
 ---
 import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json';
diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx
index e3da1a3651de5..ed98166d02f35 100644
--- a/api_docs/kbn_cypress_config.mdx
+++ b/api_docs/kbn_cypress_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config
 title: "@kbn/cypress-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cypress-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config']
 ---
 import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json';
diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx
index aef3c64f67757..7849b0627f432 100644
--- a/api_docs/kbn_data_forge.mdx
+++ b/api_docs/kbn_data_forge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge
 title: "@kbn/data-forge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-forge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge']
 ---
 import kbnDataForgeObj from './kbn_data_forge.devdocs.json';
diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx
index 932436e20308e..7a5b8f43760af 100644
--- a/api_docs/kbn_data_service.mdx
+++ b/api_docs/kbn_data_service.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service
 title: "@kbn/data-service"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-service plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service']
 ---
 import kbnDataServiceObj from './kbn_data_service.devdocs.json';
diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx
index 50998407ddbfe..ccdf9ac69eb22 100644
--- a/api_docs/kbn_data_stream_adapter.mdx
+++ b/api_docs/kbn_data_stream_adapter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter
 title: "@kbn/data-stream-adapter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-stream-adapter plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter']
 ---
 import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json';
diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx
index e03b8bc0f9617..9bc3877cb7906 100644
--- a/api_docs/kbn_data_view_utils.mdx
+++ b/api_docs/kbn_data_view_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils
 title: "@kbn/data-view-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-view-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils']
 ---
 import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json';
diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx
index e90b3a3e04981..7471e1979f4dd 100644
--- a/api_docs/kbn_datemath.mdx
+++ b/api_docs/kbn_datemath.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath
 title: "@kbn/datemath"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/datemath plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath']
 ---
 import kbnDatemathObj from './kbn_datemath.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx
index 3db3b8868e8a1..4231afcaf0a8a 100644
--- a/api_docs/kbn_deeplinks_analytics.mdx
+++ b/api_docs/kbn_deeplinks_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics
 title: "@kbn/deeplinks-analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-analytics plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics']
 ---
 import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx
index 08891eda96b5f..e276d857435b7 100644
--- a/api_docs/kbn_deeplinks_devtools.mdx
+++ b/api_docs/kbn_deeplinks_devtools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools
 title: "@kbn/deeplinks-devtools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-devtools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools']
 ---
 import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx
index 2b6f29f578e49..97ea42fc7d3a6 100644
--- a/api_docs/kbn_deeplinks_fleet.mdx
+++ b/api_docs/kbn_deeplinks_fleet.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet
 title: "@kbn/deeplinks-fleet"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-fleet plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet']
 ---
 import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx
index 31971c1739ba7..02126c5b3569f 100644
--- a/api_docs/kbn_deeplinks_management.mdx
+++ b/api_docs/kbn_deeplinks_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management
 title: "@kbn/deeplinks-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-management plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management']
 ---
 import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx
index 7a2fe8066cfa9..19f221ff0ada6 100644
--- a/api_docs/kbn_deeplinks_ml.mdx
+++ b/api_docs/kbn_deeplinks_ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml
 title: "@kbn/deeplinks-ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-ml plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml']
 ---
 import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx
index 672f113f92ac8..48076c41160e3 100644
--- a/api_docs/kbn_deeplinks_observability.mdx
+++ b/api_docs/kbn_deeplinks_observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability
 title: "@kbn/deeplinks-observability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-observability plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability']
 ---
 import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_search.devdocs.json b/api_docs/kbn_deeplinks_search.devdocs.json
index d1c71948b3f00..312aad5a35d80 100644
--- a/api_docs/kbn_deeplinks_search.devdocs.json
+++ b/api_docs/kbn_deeplinks_search.devdocs.json
@@ -30,7 +30,7 @@
         "label": "DeepLinkId",
         "description": [],
         "signature": [
-          "\"appSearch\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\""
+          "\"appSearch\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\""
         ],
         "path": "packages/deeplinks/search/deep_links.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx
index 43a1345190c31..1b7a033c34152 100644
--- a/api_docs/kbn_deeplinks_search.mdx
+++ b/api_docs/kbn_deeplinks_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search
 title: "@kbn/deeplinks-search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-search plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search']
 ---
 import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx
index 1eb07631bd8ae..e0bf6749b04bc 100644
--- a/api_docs/kbn_deeplinks_security.mdx
+++ b/api_docs/kbn_deeplinks_security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security
 title: "@kbn/deeplinks-security"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-security plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security']
 ---
 import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx
index c79f2f054e5e6..c1bb7b3925bcb 100644
--- a/api_docs/kbn_deeplinks_shared.mdx
+++ b/api_docs/kbn_deeplinks_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared
 title: "@kbn/deeplinks-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-shared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared']
 ---
 import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json';
diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx
index 4cc118f0038c3..00f3493b8daad 100644
--- a/api_docs/kbn_default_nav_analytics.mdx
+++ b/api_docs/kbn_default_nav_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics
 title: "@kbn/default-nav-analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-analytics plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics']
 ---
 import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json';
diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx
index 4e4c7a5e1cbbe..dd44d50d21925 100644
--- a/api_docs/kbn_default_nav_devtools.mdx
+++ b/api_docs/kbn_default_nav_devtools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools
 title: "@kbn/default-nav-devtools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-devtools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools']
 ---
 import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json';
diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx
index 752e3fdbd17ed..7bd6ad9040289 100644
--- a/api_docs/kbn_default_nav_management.mdx
+++ b/api_docs/kbn_default_nav_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management
 title: "@kbn/default-nav-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-management plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management']
 ---
 import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json';
diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx
index 0619209c5133d..f6b4a242c74fb 100644
--- a/api_docs/kbn_default_nav_ml.mdx
+++ b/api_docs/kbn_default_nav_ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml
 title: "@kbn/default-nav-ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-ml plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml']
 ---
 import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json';
diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx
index 6dcc7055b3f00..33db442759532 100644
--- a/api_docs/kbn_dev_cli_errors.mdx
+++ b/api_docs/kbn_dev_cli_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors
 title: "@kbn/dev-cli-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-cli-errors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors']
 ---
 import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json';
diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx
index 5382194ebec16..8ba7202cce516 100644
--- a/api_docs/kbn_dev_cli_runner.mdx
+++ b/api_docs/kbn_dev_cli_runner.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner
 title: "@kbn/dev-cli-runner"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-cli-runner plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner']
 ---
 import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json';
diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx
index 99148ba4dc8fd..f6d4a0e91b520 100644
--- a/api_docs/kbn_dev_proc_runner.mdx
+++ b/api_docs/kbn_dev_proc_runner.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner
 title: "@kbn/dev-proc-runner"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-proc-runner plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner']
 ---
 import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json';
diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx
index f5414936849fc..a9915c7c93a30 100644
--- a/api_docs/kbn_dev_utils.mdx
+++ b/api_docs/kbn_dev_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils
 title: "@kbn/dev-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils']
 ---
 import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json';
diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx
index 100bd04b1e3aa..2ca9e521bed5c 100644
--- a/api_docs/kbn_discover_utils.mdx
+++ b/api_docs/kbn_discover_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils
 title: "@kbn/discover-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/discover-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils']
 ---
 import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json';
diff --git a/api_docs/kbn_doc_links.devdocs.json b/api_docs/kbn_doc_links.devdocs.json
index a0be6948d2da6..f34c6c85b7fe3 100644
--- a/api_docs/kbn_doc_links.devdocs.json
+++ b/api_docs/kbn_doc_links.devdocs.json
@@ -846,6 +846,20 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "@kbn/doc-links",
+            "id": "def-common.DocLinks.integrationDeveloper",
+            "type": "Object",
+            "tags": [],
+            "label": "integrationDeveloper",
+            "description": [],
+            "signature": [
+              "{ upload: string; }"
+            ],
+            "path": "packages/kbn-doc-links/src/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "@kbn/doc-links",
             "id": "def-common.DocLinks.ecs",
diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx
index 949b00b86eed2..88517d25b3d6f 100644
--- a/api_docs/kbn_doc_links.mdx
+++ b/api_docs/kbn_doc_links.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links
 title: "@kbn/doc-links"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/doc-links plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links']
 ---
 import kbnDocLinksObj from './kbn_doc_links.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/docs](https://github.com/orgs/elastic/teams/docs) for question
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 77 | 0 | 77 | 2 |
+| 78 | 0 | 78 | 2 |
 
 ## Common
 
diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx
index b709c1656cde5..67a3a066a5b0a 100644
--- a/api_docs/kbn_docs_utils.mdx
+++ b/api_docs/kbn_docs_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils
 title: "@kbn/docs-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/docs-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils']
 ---
 import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json';
diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx
index 20f8a3b4caecd..48e0631edbb2e 100644
--- a/api_docs/kbn_dom_drag_drop.mdx
+++ b/api_docs/kbn_dom_drag_drop.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop
 title: "@kbn/dom-drag-drop"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dom-drag-drop plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop']
 ---
 import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json';
diff --git a/api_docs/kbn_ebt.devdocs.json b/api_docs/kbn_ebt.devdocs.json
index 82e6770af4fac..6a608e785f53d 100644
--- a/api_docs/kbn_ebt.devdocs.json
+++ b/api_docs/kbn_ebt.devdocs.json
@@ -1786,6 +1786,10 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.ts"
+              },
               {
                 "plugin": "@kbn/cloud",
                 "path": "packages/cloud/connection_details/kibana/kibana_connection_details_provider.tsx"
@@ -1838,6 +1842,10 @@
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/public/analytics/index.ts"
               },
+              {
+                "plugin": "integrationAssistant",
+                "path": "x-pack/plugins/integration_assistant/public/services/telemetry/service.ts"
+              },
               {
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/telemetry/fleet_usage_sender.ts"
@@ -1866,6 +1874,22 @@
                 "plugin": "elasticAssistant",
                 "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts"
+              },
               {
                 "plugin": "globalSearchBar",
                 "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts"
@@ -2042,10 +2066,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts"
@@ -2174,6 +2194,38 @@
                 "plugin": "security",
                 "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts"
               },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
+              {
+                "plugin": "elasticAssistant",
+                "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts"
+              },
               {
                 "plugin": "apm",
                 "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts"
@@ -2278,6 +2330,10 @@
                 "plugin": "@kbn/core-analytics-server-mocks",
                 "path": "packages/core/analytics/core-analytics-server-mocks/src/analytics_service.mock.ts"
               },
+              {
+                "plugin": "actions",
+                "path": "x-pack/plugins/actions/server/lib/action_executor.test.ts"
+              },
               {
                 "plugin": "@kbn/core-analytics-browser-internal",
                 "path": "packages/core/analytics/core-analytics-browser-internal/src/analytics_service.test.mocks.ts"
diff --git a/api_docs/kbn_ebt.mdx b/api_docs/kbn_ebt.mdx
index eff48712195b2..50be524b2d803 100644
--- a/api_docs/kbn_ebt.mdx
+++ b/api_docs/kbn_ebt.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt
 title: "@kbn/ebt"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ebt plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt']
 ---
 import kbnEbtObj from './kbn_ebt.devdocs.json';
diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx
index ecb6ea6043d71..9db6d478e8418 100644
--- a/api_docs/kbn_ebt_tools.mdx
+++ b/api_docs/kbn_ebt_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools
 title: "@kbn/ebt-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ebt-tools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools']
 ---
 import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json';
diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx
index 3966867b26154..ede8b00d6fefc 100644
--- a/api_docs/kbn_ecs_data_quality_dashboard.mdx
+++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard
 title: "@kbn/ecs-data-quality-dashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ecs-data-quality-dashboard plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard']
 ---
 import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json';
diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx
index bc3aade98a916..01c06dfdf7b92 100644
--- a/api_docs/kbn_elastic_agent_utils.mdx
+++ b/api_docs/kbn_elastic_agent_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils
 title: "@kbn/elastic-agent-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-agent-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils']
 ---
 import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json';
diff --git a/api_docs/kbn_elastic_assistant.devdocs.json b/api_docs/kbn_elastic_assistant.devdocs.json
index edb7425fa9508..c85859f2fe60a 100644
--- a/api_docs/kbn_elastic_assistant.devdocs.json
+++ b/api_docs/kbn_elastic_assistant.devdocs.json
@@ -159,7 +159,7 @@
         "label": "AssistantProvider",
         "description": [],
         "signature": [
-          "({ actionTypeRegistry, alertsIndexPattern, assistantAvailability, assistantTelemetry, augmentMessageCodeBlocks, docLinks, basePath, basePromptContexts, baseQuickPrompts, baseSystemPrompts, children, getComments, http, baseConversations, nameSpace, title, toasts, }: React.PropsWithChildren<",
+          "({ actionTypeRegistry, alertsIndexPattern, assistantAvailability, assistantTelemetry, augmentMessageCodeBlocks, docLinks, basePath, basePromptContexts, baseQuickPrompts, baseSystemPrompts, children, getComments, http, baseConversations, navigateToApp, nameSpace, title, toasts, }: React.PropsWithChildren<",
           "AssistantProviderProps",
           ">) => JSX.Element"
         ],
@@ -172,7 +172,7 @@
             "id": "def-public.AssistantProvider.$1",
             "type": "CompoundType",
             "tags": [],
-            "label": "{\n  actionTypeRegistry,\n  alertsIndexPattern,\n  assistantAvailability,\n  assistantTelemetry,\n  augmentMessageCodeBlocks,\n  docLinks,\n  basePath,\n  basePromptContexts = [],\n  baseQuickPrompts = [],\n  baseSystemPrompts = BASE_SYSTEM_PROMPTS,\n  children,\n  getComments,\n  http,\n  baseConversations,\n  nameSpace = DEFAULT_ASSISTANT_NAMESPACE,\n  title = DEFAULT_ASSISTANT_TITLE,\n  toasts,\n}",
+            "label": "{\n  actionTypeRegistry,\n  alertsIndexPattern,\n  assistantAvailability,\n  assistantTelemetry,\n  augmentMessageCodeBlocks,\n  docLinks,\n  basePath,\n  basePromptContexts = [],\n  baseQuickPrompts = [],\n  baseSystemPrompts = BASE_SYSTEM_PROMPTS,\n  children,\n  getComments,\n  http,\n  baseConversations,\n  navigateToApp,\n  nameSpace = DEFAULT_ASSISTANT_NAMESPACE,\n  title = DEFAULT_ASSISTANT_TITLE,\n  toasts,\n}",
             "description": [],
             "signature": [
               "React.PropsWithChildren<",
@@ -2291,6 +2291,20 @@
             "path": "x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/elastic-assistant",
+            "id": "def-public.Prompt.label",
+            "type": "string",
+            "tags": [],
+            "label": "label",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx
index 376443426f3db..ba73b5122824d 100644
--- a/api_docs/kbn_elastic_assistant.mdx
+++ b/api_docs/kbn_elastic_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant
 title: "@kbn/elastic-assistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-assistant plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant']
 ---
 import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 165 | 0 | 138 | 9 |
+| 166 | 0 | 139 | 9 |
 
 ## Client
 
diff --git a/api_docs/kbn_elastic_assistant_common.devdocs.json b/api_docs/kbn_elastic_assistant_common.devdocs.json
index 7f5b1cccc8780..346c991076389 100644
--- a/api_docs/kbn_elastic_assistant_common.devdocs.json
+++ b/api_docs/kbn_elastic_assistant_common.devdocs.json
@@ -851,6 +851,23 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveries",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveries",
+        "description": [
+          "\nArray of attack discoveries"
+        ],
+        "signature": [
+          "{ timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.AttackDiscovery",
@@ -861,9 +878,114 @@
           "\nAn attack discovery generated from one or more alerts"
         ],
         "signature": [
-          "{ title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }"
+          "{ timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }"
         ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCancelRequestParams",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryCancelRequestParams",
+        "description": [],
+        "signature": [
+          "{ connectorId: string; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCancelRequestParamsInput",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryCancelRequestParamsInput",
+        "description": [],
+        "signature": [
+          "{ connectorId: string; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCancelResponse",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryCancelResponse",
+        "description": [],
+        "signature": [
+          "{ id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCreateProps",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryCreateProps",
+        "description": [],
+        "signature": [
+          "{ status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryGetRequestParams",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryGetRequestParams",
+        "description": [],
+        "signature": [
+          "{ connectorId: string; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryGetRequestParamsInput",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryGetRequestParamsInput",
+        "description": [],
+        "signature": [
+          "{ connectorId: string; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryGetResponse",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryGetResponse",
+        "description": [],
+        "signature": [
+          "{ stats: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; data?: { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
@@ -876,7 +998,7 @@
         "label": "AttackDiscoveryPostRequestBody",
         "description": [],
         "signature": [
-          "{ connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }"
+          "{ size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
         "deprecated": false,
@@ -891,7 +1013,7 @@
         "label": "AttackDiscoveryPostRequestBodyInput",
         "description": [],
         "signature": [
-          "{ connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }"
+          "{ size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
         "deprecated": false,
@@ -906,13 +1028,109 @@
         "label": "AttackDiscoveryPostResponse",
         "description": [],
         "signature": [
-          "{ connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }"
+          "{ id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryResponse",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryResponse",
+        "description": [],
+        "signature": [
+          "{ id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStat",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryStat",
+        "description": [
+          "\nAttack discovery stats"
+        ],
+        "signature": [
+          "{ connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStats",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryStats",
+        "description": [
+          "\nStats on existing attack discovery documents"
+        ],
+        "signature": [
+          "{ newDiscoveriesCount: number; newConnectorResultsCount: number; statsPerConnector: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStatus",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryStatus",
+        "description": [
+          "\nThe status of the attack discovery."
+        ],
+        "signature": [
+          "\"running\" | \"succeeded\" | \"failed\" | \"canceled\""
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStatusEnum",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryStatusEnum",
+        "description": [],
+        "signature": [
+          "{ running: \"running\"; succeeded: \"succeeded\"; failed: \"failed\"; canceled: \"canceled\"; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryUpdateProps",
+        "type": "Type",
+        "tags": [],
+        "label": "AttackDiscoveryUpdateProps",
+        "description": [],
+        "signature": [
+          "{ id: string; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; status?: \"running\" | \"succeeded\" | \"failed\" | \"canceled\" | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; lastViewedAt?: string | undefined; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.BulkActionBase",
@@ -1967,6 +2185,23 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.GenerationInterval",
+        "type": "Type",
+        "tags": [],
+        "label": "GenerationInterval",
+        "description": [
+          "\nRun durations for the attack discovery"
+        ],
+        "signature": [
+          "{ date: string; durationMs: number; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.GetCapabilitiesResponse",
@@ -3088,6 +3323,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveries",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveries",
+        "description": [],
+        "signature": [
+          "Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.AttackDiscovery",
@@ -3096,9 +3346,84 @@
         "label": "AttackDiscovery",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }>"
+          "Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>"
         ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCancelRequestParams",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryCancelRequestParams",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; }, { connectorId: string; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCancelResponse",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryCancelResponse",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; updatedAt: Zod.ZodString; lastViewedAt: Zod.ZodString; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; createdAt: Zod.ZodString; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodOptional<Zod.ZodString>; name: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray<Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryCreateProps",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryCreateProps",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ id: Zod.ZodOptional<Zod.ZodString>; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; attackDiscoveries: Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; }, \"strip\", Zod.ZodTypeAny, { status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryGetRequestParams",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryGetRequestParams",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; }, { connectorId: string; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryGetResponse",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryGetResponse",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ data: Zod.ZodOptional<Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; updatedAt: Zod.ZodString; lastViewedAt: Zod.ZodString; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; createdAt: Zod.ZodString; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodOptional<Zod.ZodString>; name: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray<Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>>; stats: Zod.ZodArray<Zod.ZodObject<{ hasViewed: Zod.ZodBoolean; count: Zod.ZodNumber; connectorId: Zod.ZodString; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { stats: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; data?: { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }, { stats: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; data?: { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
@@ -3111,7 +3436,7 @@
         "label": "AttackDiscoveryPostRequestBody",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ alertsIndexPattern: Zod.ZodString; anonymizationFields: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; field: Zod.ZodString; allowed: Zod.ZodOptional<Zod.ZodBoolean>; anonymized: Zod.ZodOptional<Zod.ZodBoolean>; updatedAt: Zod.ZodOptional<Zod.ZodString>; updatedBy: Zod.ZodOptional<Zod.ZodString>; createdAt: Zod.ZodOptional<Zod.ZodString>; createdBy: Zod.ZodOptional<Zod.ZodString>; namespace: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }>, \"many\">; connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; langSmithProject: Zod.ZodOptional<Zod.ZodString>; langSmithApiKey: Zod.ZodOptional<Zod.ZodString>; model: Zod.ZodOptional<Zod.ZodString>; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; size: Zod.ZodNumber; subAction: Zod.ZodEnum<[\"invokeAI\", \"invokeStream\"]>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>"
+          "Zod.ZodObject<{ alertsIndexPattern: Zod.ZodString; anonymizationFields: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; field: Zod.ZodString; allowed: Zod.ZodOptional<Zod.ZodBoolean>; anonymized: Zod.ZodOptional<Zod.ZodBoolean>; updatedAt: Zod.ZodOptional<Zod.ZodString>; updatedBy: Zod.ZodOptional<Zod.ZodString>; createdAt: Zod.ZodOptional<Zod.ZodString>; createdBy: Zod.ZodOptional<Zod.ZodString>; namespace: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; langSmithProject: Zod.ZodOptional<Zod.ZodString>; langSmithApiKey: Zod.ZodOptional<Zod.ZodString>; model: Zod.ZodOptional<Zod.ZodString>; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; size: Zod.ZodNumber; subAction: Zod.ZodEnum<[\"invokeAI\", \"invokeStream\"]>; }, \"strip\", Zod.ZodTypeAny, { size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
         "deprecated": false,
@@ -3126,13 +3451,103 @@
         "label": "AttackDiscoveryPostResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ connector_id: Zod.ZodOptional<Zod.ZodString>; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; attackDiscoveries: Zod.ZodOptional<Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }>, \"many\">>; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; status: Zod.ZodOptional<Zod.ZodString>; trace_data: Zod.ZodOptional<Zod.ZodObject<{ transactionId: Zod.ZodOptional<Zod.ZodString>; traceId: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { transactionId?: string | undefined; traceId?: string | undefined; }, { transactionId?: string | undefined; traceId?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }, { connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }>"
+          "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; updatedAt: Zod.ZodString; lastViewedAt: Zod.ZodString; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; createdAt: Zod.ZodString; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodOptional<Zod.ZodString>; name: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray<Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryResponse",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryResponse",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional<Zod.ZodString>; updatedAt: Zod.ZodString; lastViewedAt: Zod.ZodString; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; createdAt: Zod.ZodString; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodOptional<Zod.ZodString>; name: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray<Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; updatedAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; lastViewedAt: string; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStat",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryStat",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ hasViewed: Zod.ZodBoolean; count: Zod.ZodNumber; connectorId: Zod.ZodString; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStats",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryStats",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ newDiscoveriesCount: Zod.ZodNumber; newConnectorResultsCount: Zod.ZodNumber; statsPerConnector: Zod.ZodArray<Zod.ZodObject<{ hasViewed: Zod.ZodBoolean; count: Zod.ZodNumber; connectorId: Zod.ZodString; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }, { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { newDiscoveriesCount: number; newConnectorResultsCount: number; statsPerConnector: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; }, { newDiscoveriesCount: number; newConnectorResultsCount: number; statsPerConnector: { connectorId: string; count: number; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; hasViewed: boolean; }[]; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStatus",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryStatus",
+        "description": [],
+        "signature": [
+          "Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryStatusEnum",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryStatusEnum",
+        "description": [],
+        "signature": [
+          "{ running: \"running\"; succeeded: \"succeeded\"; failed: \"failed\"; canceled: \"canceled\"; }"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.AttackDiscoveryUpdateProps",
+        "type": "Object",
+        "tags": [],
+        "label": "AttackDiscoveryUpdateProps",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ id: Zod.ZodString; apiConfig: Zod.ZodOptional<Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional<Zod.ZodString>; provider: Zod.ZodOptional<Zod.ZodEnum<[\"OpenAI\", \"Azure OpenAI\"]>>; model: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>>; alertsContextCount: Zod.ZodOptional<Zod.ZodNumber>; attackDiscoveries: Zod.ZodOptional<Zod.ZodArray<Zod.ZodObject<{ alertIds: Zod.ZodArray<Zod.ZodString, \"many\">; id: Zod.ZodOptional<Zod.ZodString>; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional<Zod.ZodArray<Zod.ZodString, \"many\">>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">>; status: Zod.ZodOptional<Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>>; replacements: Zod.ZodOptional<Zod.ZodObject<{}, \"strip\", Zod.ZodString, Zod.objectOutputType<{}, Zod.ZodString, \"strip\">, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; generationIntervals: Zod.ZodOptional<Zod.ZodArray<Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>, \"many\">>; backingIndex: Zod.ZodString; failureReason: Zod.ZodOptional<Zod.ZodString>; lastViewedAt: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { id: string; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; status?: \"running\" | \"succeeded\" | \"failed\" | \"canceled\" | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; lastViewedAt?: string | undefined; }, { id: string; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; status?: \"running\" | \"succeeded\" | \"failed\" | \"canceled\" | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; lastViewedAt?: string | undefined; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.BulkActionBase",
@@ -3810,6 +4225,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/elastic-assistant-common",
+        "id": "def-common.GenerationInterval",
+        "type": "Object",
+        "tags": [],
+        "label": "GenerationInterval",
+        "description": [],
+        "signature": [
+          "Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>"
+        ],
+        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.GetCapabilitiesResponse",
diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx
index 8c2dc5cdf2b7c..5bedfe584179c 100644
--- a/api_docs/kbn_elastic_assistant_common.mdx
+++ b/api_docs/kbn_elastic_assistant_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common
 title: "@kbn/elastic-assistant-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-assistant-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common']
 ---
 import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 305 | 0 | 286 | 0 |
+| 333 | 0 | 309 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx
index 68ab25caaed79..0b4d524003243 100644
--- a/api_docs/kbn_entities_schema.mdx
+++ b/api_docs/kbn_entities_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema
 title: "@kbn/entities-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/entities-schema plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema']
 ---
 import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json';
diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx
index 1065242e2ce20..17888c59dd7c9 100644
--- a/api_docs/kbn_es.mdx
+++ b/api_docs/kbn_es.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es
 title: "@kbn/es"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es']
 ---
 import kbnEsObj from './kbn_es.devdocs.json';
diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx
index 534d4fed39a36..e96f2de2bd948 100644
--- a/api_docs/kbn_es_archiver.mdx
+++ b/api_docs/kbn_es_archiver.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver
 title: "@kbn/es-archiver"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-archiver plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver']
 ---
 import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json';
diff --git a/api_docs/kbn_es_errors.devdocs.json b/api_docs/kbn_es_errors.devdocs.json
index bd462d4562282..9a2e2ceb6908d 100644
--- a/api_docs/kbn_es_errors.devdocs.json
+++ b/api_docs/kbn_es_errors.devdocs.json
@@ -19,6 +19,74 @@
   "common": {
     "classes": [],
     "functions": [
+      {
+        "parentPluginId": "@kbn/es-errors",
+        "id": "def-common.isMaximumResponseSizeExceededError",
+        "type": "Function",
+        "tags": [],
+        "label": "isMaximumResponseSizeExceededError",
+        "description": [],
+        "signature": [
+          "(error: unknown) => boolean"
+        ],
+        "path": "packages/kbn-es-errors/src/errors.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/es-errors",
+            "id": "def-common.isMaximumResponseSizeExceededError.$1",
+            "type": "Unknown",
+            "tags": [],
+            "label": "error",
+            "description": [],
+            "signature": [
+              "unknown"
+            ],
+            "path": "packages/kbn-es-errors/src/errors.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/es-errors",
+        "id": "def-common.isRequestAbortedError",
+        "type": "Function",
+        "tags": [],
+        "label": "isRequestAbortedError",
+        "description": [
+          "\nChecks if the provided `error` is an {@link errors.RequestAbortedError | elasticsearch request aborted error}"
+        ],
+        "signature": [
+          "(error: unknown) => boolean"
+        ],
+        "path": "packages/kbn-es-errors/src/errors.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/es-errors",
+            "id": "def-common.isRequestAbortedError.$1",
+            "type": "Unknown",
+            "tags": [],
+            "label": "error",
+            "description": [],
+            "signature": [
+              "unknown"
+            ],
+            "path": "packages/kbn-es-errors/src/errors.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/es-errors",
         "id": "def-common.isResponseError",
diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx
index 4900cf0b98c7c..e0a2d28b77dc5 100644
--- a/api_docs/kbn_es_errors.mdx
+++ b/api_docs/kbn_es_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors
 title: "@kbn/es-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-errors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors']
 ---
 import kbnEsErrorsObj from './kbn_es_errors.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 7 | 0 | 3 | 0 |
+| 11 | 0 | 6 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx
index 1b19fa053acc1..17c1fd1409a8c 100644
--- a/api_docs/kbn_es_query.mdx
+++ b/api_docs/kbn_es_query.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query
 title: "@kbn/es-query"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-query plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query']
 ---
 import kbnEsQueryObj from './kbn_es_query.devdocs.json';
diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx
index feb5fad5b9042..c9351dbf52315 100644
--- a/api_docs/kbn_es_types.mdx
+++ b/api_docs/kbn_es_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types
 title: "@kbn/es-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types']
 ---
 import kbnEsTypesObj from './kbn_es_types.devdocs.json';
diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx
index 47d8c928be47e..5a8ef28337e42 100644
--- a/api_docs/kbn_eslint_plugin_imports.mdx
+++ b/api_docs/kbn_eslint_plugin_imports.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports
 title: "@kbn/eslint-plugin-imports"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/eslint-plugin-imports plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports']
 ---
 import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json';
diff --git a/api_docs/kbn_esql_ast.devdocs.json b/api_docs/kbn_esql_ast.devdocs.json
index 8449e60698bff..ba60e35d615c3 100644
--- a/api_docs/kbn_esql_ast.devdocs.json
+++ b/api_docs/kbn_esql_ast.devdocs.json
@@ -201,6 +201,475 @@
           }
         ],
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/esql-ast",
+        "id": "def-common.Walker",
+        "type": "Class",
+        "tags": [],
+        "label": "Walker",
+        "description": [],
+        "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walk",
+            "type": "Function",
+            "tags": [],
+            "label": "walk",
+            "description": [
+              "\nWalks the AST and calls the appropriate visitor functions."
+            ],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              " | ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              "[], options: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.WalkerOptions",
+                "text": "WalkerOptions"
+              },
+              ") => ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.Walker",
+                "text": "Walker"
+              }
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walk.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  " | ",
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  "[]"
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walk.$2",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.WalkerOptions",
+                    "text": "WalkerOptions"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.params",
+            "type": "Function",
+            "tags": [],
+            "label": "params",
+            "description": [
+              "\nWalks the AST and extracts all parameter literals.\n"
+            ],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              " | ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              "[]) => ",
+              "ESQLParamLiteral",
+              "<string>[]"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.params.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [
+                  "AST node to extract parameters from."
+                ],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  " | ",
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  "[]"
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.Unnamed",
+            "type": "Function",
+            "tags": [],
+            "label": "Constructor",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.Unnamed.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.WalkerOptions",
+                    "text": "WalkerOptions"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walk",
+            "type": "Function",
+            "tags": [],
+            "label": "walk",
+            "description": [],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              " | ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              "[] | undefined) => void"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walk.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  " | ",
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstNode",
+                    "text": "ESQLAstNode"
+                  },
+                  "[] | undefined"
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walkCommand",
+            "type": "Function",
+            "tags": [],
+            "label": "walkCommand",
+            "description": [],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstCommand",
+                "text": "ESQLAstCommand"
+              },
+              ") => void"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walkCommand.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstCommand",
+                    "text": "ESQLAstCommand"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walkAstItem",
+            "type": "Function",
+            "tags": [],
+            "label": "walkAstItem",
+            "description": [],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstItem",
+                "text": "ESQLAstItem"
+              },
+              ") => void"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walkAstItem.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLAstItem",
+                    "text": "ESQLAstItem"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walkSingleAstItem",
+            "type": "Function",
+            "tags": [],
+            "label": "walkSingleAstItem",
+            "description": [],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLSingleAstItem",
+                "text": "ESQLSingleAstItem"
+              },
+              ") => void"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walkSingleAstItem.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLSingleAstItem",
+                    "text": "ESQLSingleAstItem"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.Walker.walkFunction",
+            "type": "Function",
+            "tags": [],
+            "label": "walkFunction",
+            "description": [],
+            "signature": [
+              "(node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLFunction",
+                "text": "ESQLFunction"
+              },
+              ") => void"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.Walker.walkFunction.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLFunction",
+                    "text": "ESQLFunction"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
       }
     ],
     "functions": [
@@ -378,6 +847,104 @@
         ],
         "returnComment": [],
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/esql-ast",
+        "id": "def-common.walk",
+        "type": "Function",
+        "tags": [],
+        "label": "walk",
+        "description": [],
+        "signature": [
+          "(node: ",
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.ESQLAstNode",
+            "text": "ESQLAstNode"
+          },
+          " | ",
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.ESQLAstNode",
+            "text": "ESQLAstNode"
+          },
+          "[], options: ",
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.WalkerOptions",
+            "text": "WalkerOptions"
+          },
+          ") => ",
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.Walker",
+            "text": "Walker"
+          }
+        ],
+        "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.walk.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "node",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              " | ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLAstNode",
+                "text": "ESQLAstNode"
+              },
+              "[]"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.walk.$2",
+            "type": "Object",
+            "tags": [],
+            "label": "options",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.WalkerOptions",
+                "text": "WalkerOptions"
+              }
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
       }
     ],
     "interfaces": [
@@ -509,10 +1076,10 @@
         "children": [
           {
             "parentPluginId": "@kbn/esql-ast",
-            "id": "def-common.ESQLAstMetricsCommand.indices",
+            "id": "def-common.ESQLAstMetricsCommand.sources",
             "type": "Array",
             "tags": [],
-            "label": "indices",
+            "label": "sources",
             "description": [],
             "signature": [
               {
@@ -536,13 +1103,7 @@
             "label": "aggregates",
             "description": [],
             "signature": [
-              {
-                "pluginId": "@kbn/esql-ast",
-                "scope": "common",
-                "docId": "kibKbnEsqlAstPluginApi",
-                "section": "def-common.ESQLAstItem",
-                "text": "ESQLAstItem"
-              },
+              "ESQLAstField",
               "[] | undefined"
             ],
             "path": "packages/kbn-esql-ast/src/types.ts",
@@ -557,13 +1118,7 @@
             "label": "grouping",
             "description": [],
             "signature": [
-              {
-                "pluginId": "@kbn/esql-ast",
-                "scope": "common",
-                "docId": "kibKbnEsqlAstPluginApi",
-                "section": "def-common.ESQLAstItem",
-                "text": "ESQLAstItem"
-              },
+              "ESQLAstField",
               "[] | undefined"
             ],
             "path": "packages/kbn-esql-ast/src/types.ts",
@@ -1068,6 +1623,204 @@
           }
         ],
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/esql-ast",
+        "id": "def-common.WalkerOptions",
+        "type": "Interface",
+        "tags": [],
+        "label": "WalkerOptions",
+        "description": [],
+        "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.WalkerOptions.visitSingleAstItem",
+            "type": "Function",
+            "tags": [],
+            "label": "visitSingleAstItem",
+            "description": [],
+            "signature": [
+              "((node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLSingleAstItem",
+                "text": "ESQLSingleAstItem"
+              },
+              ") => void) | undefined"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.WalkerOptions.visitSingleAstItem.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLSingleAstItem",
+                    "text": "ESQLSingleAstItem"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.WalkerOptions.visitFunction",
+            "type": "Function",
+            "tags": [],
+            "label": "visitFunction",
+            "description": [],
+            "signature": [
+              "((node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLFunction",
+                "text": "ESQLFunction"
+              },
+              ") => void) | undefined"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.WalkerOptions.visitFunction.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLFunction",
+                    "text": "ESQLFunction"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.WalkerOptions.visitColumn",
+            "type": "Function",
+            "tags": [],
+            "label": "visitColumn",
+            "description": [],
+            "signature": [
+              "((node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLColumn",
+                "text": "ESQLColumn"
+              },
+              ") => void) | undefined"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.WalkerOptions.visitColumn.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLColumn",
+                    "text": "ESQLColumn"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/esql-ast",
+            "id": "def-common.WalkerOptions.visitLiteral",
+            "type": "Function",
+            "tags": [],
+            "label": "visitLiteral",
+            "description": [],
+            "signature": [
+              "((node: ",
+              {
+                "pluginId": "@kbn/esql-ast",
+                "scope": "common",
+                "docId": "kibKbnEsqlAstPluginApi",
+                "section": "def-common.ESQLLiteral",
+                "text": "ESQLLiteral"
+              },
+              ") => void) | undefined"
+            ],
+            "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/esql-ast",
+                "id": "def-common.WalkerOptions.visitLiteral.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "node",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/esql-ast",
+                    "scope": "common",
+                    "docId": "kibKbnEsqlAstPluginApi",
+                    "section": "def-common.ESQLLiteral",
+                    "text": "ESQLLiteral"
+                  }
+                ],
+                "path": "packages/kbn-esql-ast/src/walker/walker.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
       }
     ],
     "enums": [],
@@ -1217,6 +1970,35 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/esql-ast",
+        "id": "def-common.ESQLAstNode",
+        "type": "Type",
+        "tags": [],
+        "label": "ESQLAstNode",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.ESQLAstCommand",
+            "text": "ESQLAstCommand"
+          },
+          " | ",
+          {
+            "pluginId": "@kbn/esql-ast",
+            "scope": "common",
+            "docId": "kibKbnEsqlAstPluginApi",
+            "section": "def-common.ESQLAstItem",
+            "text": "ESQLAstItem"
+          }
+        ],
+        "path": "packages/kbn-esql-ast/src/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/esql-ast",
         "id": "def-common.ESQLLiteral",
@@ -1231,7 +2013,10 @@
           " | ",
           "ESQLNullLiteral",
           " | ",
-          "ESQLStringLiteral"
+          "ESQLStringLiteral",
+          " | ",
+          "ESQLParamLiteral",
+          "<string>"
         ],
         "path": "packages/kbn-esql-ast/src/types.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx
index 2a28cd4a0e37a..a79ad0eb34a18 100644
--- a/api_docs/kbn_esql_ast.mdx
+++ b/api_docs/kbn_esql_ast.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast
 title: "@kbn/esql-ast"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-ast plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast']
 ---
 import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 68 | 1 | 68 | 9 |
+| 99 | 1 | 96 | 11 |
 
 ## Common
 
diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx
index 05bc1416a8a73..b8b5f53f6965a 100644
--- a/api_docs/kbn_esql_utils.mdx
+++ b/api_docs/kbn_esql_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils
 title: "@kbn/esql-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils']
 ---
 import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json';
diff --git a/api_docs/kbn_esql_validation_autocomplete.devdocs.json b/api_docs/kbn_esql_validation_autocomplete.devdocs.json
index ea46ea3ba35da..7f6aa1393fd19 100644
--- a/api_docs/kbn_esql_validation_autocomplete.devdocs.json
+++ b/api_docs/kbn_esql_validation_autocomplete.devdocs.json
@@ -628,6 +628,8 @@
           " | ",
           "ESQLStringLiteral",
           " | ",
+          "ESQLParamLiteral",
+          "<string> | ",
           {
             "pluginId": "@kbn/esql-ast",
             "scope": "common",
@@ -738,6 +740,8 @@
           " | ",
           "ESQLStringLiteral",
           " | ",
+          "ESQLParamLiteral",
+          "<string> | ",
           {
             "pluginId": "@kbn/esql-ast",
             "scope": "common",
@@ -832,6 +836,8 @@
           " | ",
           "ESQLStringLiteral",
           " | ",
+          "ESQLParamLiteral",
+          "<string> | ",
           {
             "pluginId": "@kbn/esql-ast",
             "scope": "common",
@@ -934,6 +940,8 @@
           " | ",
           "ESQLStringLiteral",
           " | ",
+          "ESQLParamLiteral",
+          "<string> | ",
           {
             "pluginId": "@kbn/esql-ast",
             "scope": "common",
@@ -3897,6 +3905,48 @@
             "path": "packages/kbn-esql-validation-autocomplete/src/validation/types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/esql-validation-autocomplete",
+            "id": "def-common.ValidationErrors.noAggFunction",
+            "type": "Object",
+            "tags": [],
+            "label": "noAggFunction",
+            "description": [],
+            "signature": [
+              "{ message: string; type: { commandName: string; expression: string; }; }"
+            ],
+            "path": "packages/kbn-esql-validation-autocomplete/src/validation/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/esql-validation-autocomplete",
+            "id": "def-common.ValidationErrors.expressionNotAggClosed",
+            "type": "Object",
+            "tags": [],
+            "label": "expressionNotAggClosed",
+            "description": [],
+            "signature": [
+              "{ message: string; type: { commandName: string; expression: string; }; }"
+            ],
+            "path": "packages/kbn-esql-validation-autocomplete/src/validation/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/esql-validation-autocomplete",
+            "id": "def-common.ValidationErrors.aggInAggFunction",
+            "type": "Object",
+            "tags": [],
+            "label": "aggInAggFunction",
+            "description": [],
+            "signature": [
+              "{ message: string; type: { nestedAgg: string; }; }"
+            ],
+            "path": "packages/kbn-esql-validation-autocomplete/src/validation/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx
index f326d93d5c638..3bfdc591a31d3 100644
--- a/api_docs/kbn_esql_validation_autocomplete.mdx
+++ b/api_docs/kbn_esql_validation_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete
 title: "@kbn/esql-validation-autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-validation-autocomplete plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete']
 ---
 import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 189 | 0 | 178 | 10 |
+| 192 | 0 | 181 | 10 |
 
 ## Common
 
diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx
index 93754c21b806c..16ccf0a5bfae9 100644
--- a/api_docs/kbn_event_annotation_common.mdx
+++ b/api_docs/kbn_event_annotation_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common
 title: "@kbn/event-annotation-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/event-annotation-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common']
 ---
 import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json';
diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx
index 7b083d3bdcdcb..073fcd2ac4071 100644
--- a/api_docs/kbn_event_annotation_components.mdx
+++ b/api_docs/kbn_event_annotation_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components
 title: "@kbn/event-annotation-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/event-annotation-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components']
 ---
 import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json';
diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx
index 97773962b0371..bb25e04aa1be8 100644
--- a/api_docs/kbn_expandable_flyout.mdx
+++ b/api_docs/kbn_expandable_flyout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout
 title: "@kbn/expandable-flyout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/expandable-flyout plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout']
 ---
 import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json';
diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx
index a0cab91e0732e..65bf4181332a4 100644
--- a/api_docs/kbn_field_types.mdx
+++ b/api_docs/kbn_field_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types
 title: "@kbn/field-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/field-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types']
 ---
 import kbnFieldTypesObj from './kbn_field_types.devdocs.json';
diff --git a/api_docs/kbn_field_utils.devdocs.json b/api_docs/kbn_field_utils.devdocs.json
index 6ffd8029c7422..540633131b699 100644
--- a/api_docs/kbn_field_utils.devdocs.json
+++ b/api_docs/kbn_field_utils.devdocs.json
@@ -126,55 +126,6 @@
         "returnComment": [],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "@kbn/field-utils",
-        "id": "def-common.FieldDescriptionIconButton",
-        "type": "Function",
-        "tags": [],
-        "label": "FieldDescriptionIconButton",
-        "description": [],
-        "signature": [
-          "({ field, ...otherProps }: React.PropsWithChildren<",
-          {
-            "pluginId": "@kbn/field-utils",
-            "scope": "common",
-            "docId": "kibKbnFieldUtilsPluginApi",
-            "section": "def-common.FieldDescriptionIconButtonProps",
-            "text": "FieldDescriptionIconButtonProps"
-          },
-          ">) => JSX.Element | null"
-        ],
-        "path": "packages/kbn-field-utils/src/components/field_description_icon_button/field_description_icon_button.tsx",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "@kbn/field-utils",
-            "id": "def-common.FieldDescriptionIconButton.$1",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "{\n  field,\n  ...otherProps\n}",
-            "description": [],
-            "signature": [
-              "React.PropsWithChildren<",
-              {
-                "pluginId": "@kbn/field-utils",
-                "scope": "common",
-                "docId": "kibKbnFieldUtilsPluginApi",
-                "section": "def-common.FieldDescriptionIconButtonProps",
-                "text": "FieldDescriptionIconButtonProps"
-              },
-              ">"
-            ],
-            "path": "packages/kbn-field-utils/src/components/field_description_icon_button/field_description_icon_button.tsx",
-            "deprecated": false,
-            "trackAdoption": false,
-            "isRequired": true
-          }
-        ],
-        "returnComment": [],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "@kbn/field-utils",
         "id": "def-common.FieldIcon",
@@ -868,23 +819,6 @@
       }
     ],
     "misc": [
-      {
-        "parentPluginId": "@kbn/field-utils",
-        "id": "def-common.FieldDescriptionIconButtonProps",
-        "type": "Type",
-        "tags": [],
-        "label": "FieldDescriptionIconButtonProps",
-        "description": [],
-        "signature": [
-          "Pick<",
-          "EuiPopoverProps",
-          ", \"css\"> & { field: { name: string; customDescription?: string | undefined; }; }"
-        ],
-        "path": "packages/kbn-field-utils/src/components/field_description_icon_button/field_description_icon_button.tsx",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "@kbn/field-utils",
         "id": "def-common.FieldIconProps",
diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx
index 61c5a7cc45dbe..a015a658c9cfb 100644
--- a/api_docs/kbn_field_utils.mdx
+++ b/api_docs/kbn_field_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils
 title: "@kbn/field-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/field-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils']
 ---
 import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 54 | 0 | 45 | 1 |
+| 51 | 0 | 42 | 1 |
 
 ## Common
 
diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx
index 516e28902c830..9e1c946edfa6e 100644
--- a/api_docs/kbn_find_used_node_modules.mdx
+++ b/api_docs/kbn_find_used_node_modules.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules
 title: "@kbn/find-used-node-modules"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/find-used-node-modules plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules']
 ---
 import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json';
diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx
index 55ad163620e2a..045fab34cf6ae 100644
--- a/api_docs/kbn_formatters.mdx
+++ b/api_docs/kbn_formatters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters
 title: "@kbn/formatters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/formatters plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters']
 ---
 import kbnFormattersObj from './kbn_formatters.devdocs.json';
diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx
index 76a7e2562c5f3..3abd4d0ab1778 100644
--- a/api_docs/kbn_ftr_common_functional_services.mdx
+++ b/api_docs/kbn_ftr_common_functional_services.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services
 title: "@kbn/ftr-common-functional-services"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ftr-common-functional-services plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services']
 ---
 import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json';
diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx
index eb5e6081a592f..f35aad5d320ae 100644
--- a/api_docs/kbn_ftr_common_functional_ui_services.mdx
+++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services
 title: "@kbn/ftr-common-functional-ui-services"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ftr-common-functional-ui-services plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services']
 ---
 import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json';
diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx
index 377d3f28132a8..9570e6c38b84b 100644
--- a/api_docs/kbn_generate.mdx
+++ b/api_docs/kbn_generate.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate
 title: "@kbn/generate"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate']
 ---
 import kbnGenerateObj from './kbn_generate.devdocs.json';
diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx
index aeb4254520b6a..8c2b20ffa06d0 100644
--- a/api_docs/kbn_generate_console_definitions.mdx
+++ b/api_docs/kbn_generate_console_definitions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions
 title: "@kbn/generate-console-definitions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate-console-definitions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions']
 ---
 import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json';
diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx
index 0dfb7c3ed231d..94ff39595d22a 100644
--- a/api_docs/kbn_generate_csv.mdx
+++ b/api_docs/kbn_generate_csv.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv
 title: "@kbn/generate-csv"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate-csv plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv']
 ---
 import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json';
diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx
index abe0caab761c9..328d53deb75b1 100644
--- a/api_docs/kbn_grouping.mdx
+++ b/api_docs/kbn_grouping.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping
 title: "@kbn/grouping"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/grouping plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping']
 ---
 import kbnGroupingObj from './kbn_grouping.devdocs.json';
diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx
index d77bf48458c7c..731876d8e45e6 100644
--- a/api_docs/kbn_guided_onboarding.mdx
+++ b/api_docs/kbn_guided_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding
 title: "@kbn/guided-onboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/guided-onboarding plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding']
 ---
 import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json';
diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx
index 2b379b261a2a2..4165dedb0bc47 100644
--- a/api_docs/kbn_handlebars.mdx
+++ b/api_docs/kbn_handlebars.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars
 title: "@kbn/handlebars"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/handlebars plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars']
 ---
 import kbnHandlebarsObj from './kbn_handlebars.devdocs.json';
diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx
index 6246e2e784241..80e2e2a8d1883 100644
--- a/api_docs/kbn_hapi_mocks.mdx
+++ b/api_docs/kbn_hapi_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks
 title: "@kbn/hapi-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/hapi-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks']
 ---
 import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json';
diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx
index bd4698775dfcd..11a415938d5ca 100644
--- a/api_docs/kbn_health_gateway_server.mdx
+++ b/api_docs/kbn_health_gateway_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server
 title: "@kbn/health-gateway-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/health-gateway-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server']
 ---
 import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json';
diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx
index 3bdc220beb3a5..cff647c2d1eba 100644
--- a/api_docs/kbn_home_sample_data_card.mdx
+++ b/api_docs/kbn_home_sample_data_card.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card
 title: "@kbn/home-sample-data-card"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/home-sample-data-card plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card']
 ---
 import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json';
diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx
index 0fac54d1c4056..622470ad36fc7 100644
--- a/api_docs/kbn_home_sample_data_tab.mdx
+++ b/api_docs/kbn_home_sample_data_tab.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab
 title: "@kbn/home-sample-data-tab"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/home-sample-data-tab plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab']
 ---
 import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json';
diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx
index 1be4bfe0b0f67..7727b08ed543d 100644
--- a/api_docs/kbn_i18n.mdx
+++ b/api_docs/kbn_i18n.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n
 title: "@kbn/i18n"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/i18n plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n']
 ---
 import kbnI18nObj from './kbn_i18n.devdocs.json';
diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx
index aac51775cf05d..0023a45ebf5bb 100644
--- a/api_docs/kbn_i18n_react.mdx
+++ b/api_docs/kbn_i18n_react.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react
 title: "@kbn/i18n-react"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/i18n-react plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react']
 ---
 import kbnI18nReactObj from './kbn_i18n_react.devdocs.json';
diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx
index 758d716f10029..9eebecc4be306 100644
--- a/api_docs/kbn_import_resolver.mdx
+++ b/api_docs/kbn_import_resolver.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver
 title: "@kbn/import-resolver"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/import-resolver plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver']
 ---
 import kbnImportResolverObj from './kbn_import_resolver.devdocs.json';
diff --git a/api_docs/kbn_index_management.mdx b/api_docs/kbn_index_management.mdx
index c2daabbf703aa..ee2e689b54984 100644
--- a/api_docs/kbn_index_management.mdx
+++ b/api_docs/kbn_index_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management
 title: "@kbn/index-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/index-management plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management']
 ---
 import kbnIndexManagementObj from './kbn_index_management.devdocs.json';
diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx
index 95cae23bb1c3f..c1fd535439dfc 100644
--- a/api_docs/kbn_inference_integration_flyout.mdx
+++ b/api_docs/kbn_inference_integration_flyout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout
 title: "@kbn/inference_integration_flyout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/inference_integration_flyout plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout']
 ---
 import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json';
diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx
index 91815af1a7baf..93afe59e78560 100644
--- a/api_docs/kbn_infra_forge.mdx
+++ b/api_docs/kbn_infra_forge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge
 title: "@kbn/infra-forge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/infra-forge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge']
 ---
 import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json';
diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx
index 5bd2f82a476b5..62959ccd79b78 100644
--- a/api_docs/kbn_interpreter.mdx
+++ b/api_docs/kbn_interpreter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter
 title: "@kbn/interpreter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/interpreter plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter']
 ---
 import kbnInterpreterObj from './kbn_interpreter.devdocs.json';
diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx
index 7806977a5ff63..deca7d0d8aff7 100644
--- a/api_docs/kbn_io_ts_utils.mdx
+++ b/api_docs/kbn_io_ts_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils
 title: "@kbn/io-ts-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/io-ts-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils']
 ---
 import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json';
diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx
index 0f55e6da22faa..87a266d9b9a14 100644
--- a/api_docs/kbn_ipynb.mdx
+++ b/api_docs/kbn_ipynb.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb
 title: "@kbn/ipynb"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ipynb plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb']
 ---
 import kbnIpynbObj from './kbn_ipynb.devdocs.json';
diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx
index e2e126ace151e..b6e8e58d65a5b 100644
--- a/api_docs/kbn_jest_serializers.mdx
+++ b/api_docs/kbn_jest_serializers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers
 title: "@kbn/jest-serializers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/jest-serializers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers']
 ---
 import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json';
diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx
index f92880e152af6..b8a18026004b8 100644
--- a/api_docs/kbn_journeys.mdx
+++ b/api_docs/kbn_journeys.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys
 title: "@kbn/journeys"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/journeys plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys']
 ---
 import kbnJourneysObj from './kbn_journeys.devdocs.json';
diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx
index f7a970eade436..02fbb0b488130 100644
--- a/api_docs/kbn_json_ast.mdx
+++ b/api_docs/kbn_json_ast.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast
 title: "@kbn/json-ast"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/json-ast plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast']
 ---
 import kbnJsonAstObj from './kbn_json_ast.devdocs.json';
diff --git a/api_docs/kbn_json_schemas.devdocs.json b/api_docs/kbn_json_schemas.devdocs.json
new file mode 100644
index 0000000000000..d4f3ececc9f35
--- /dev/null
+++ b/api_docs/kbn_json_schemas.devdocs.json
@@ -0,0 +1,171 @@
+{
+  "id": "@kbn/json-schemas",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "common": {
+    "classes": [
+      {
+        "parentPluginId": "@kbn/json-schemas",
+        "id": "def-common.JsonSchemaService",
+        "type": "Class",
+        "tags": [],
+        "label": "JsonSchemaService",
+        "description": [
+          "\n"
+        ],
+        "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/json-schemas",
+            "id": "def-common.JsonSchemaService.Unnamed",
+            "type": "Function",
+            "tags": [],
+            "label": "Constructor",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/json-schemas",
+                "id": "def-common.JsonSchemaService.Unnamed.$1",
+                "type": "string",
+                "tags": [],
+                "label": "pathToOpenAPI",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/json-schemas",
+            "id": "def-common.JsonSchemaService.resolveSchema",
+            "type": "Function",
+            "tags": [],
+            "label": "resolveSchema",
+            "description": [],
+            "signature": [
+              "(path: \"/_ml/anomaly_detectors/{job_id}\" | \"/_ml/datafeeds/{datafeed_id}\" | \"/_transform/{transform_id}\" | \"/_ml/data_frame/analytics/{id}\", method: string, props?: string[] | undefined, schema?: object | undefined) => Promise<any>"
+            ],
+            "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/json-schemas",
+                "id": "def-common.JsonSchemaService.resolveSchema.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "path",
+                "description": [],
+                "signature": [
+                  "\"/_ml/anomaly_detectors/{job_id}\" | \"/_ml/datafeeds/{datafeed_id}\" | \"/_transform/{transform_id}\" | \"/_ml/data_frame/analytics/{id}\""
+                ],
+                "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/json-schemas",
+                "id": "def-common.JsonSchemaService.resolveSchema.$2",
+                "type": "string",
+                "tags": [],
+                "label": "method",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/json-schemas",
+                "id": "def-common.JsonSchemaService.resolveSchema.$3",
+                "type": "Array",
+                "tags": [],
+                "label": "props",
+                "description": [],
+                "signature": [
+                  "string[] | undefined"
+                ],
+                "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              },
+              {
+                "parentPluginId": "@kbn/json-schemas",
+                "id": "def-common.JsonSchemaService.resolveSchema.$4",
+                "type": "Uncategorized",
+                "tags": [],
+                "label": "schema",
+                "description": [],
+                "signature": [
+                  "object | undefined"
+                ],
+                "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/json-schemas",
+            "id": "def-common.JsonSchemaService.createSchemaFiles",
+            "type": "Function",
+            "tags": [],
+            "label": "createSchemaFiles",
+            "description": [
+              "\nGenerates schema files for each supported endpoint from the openapi file."
+            ],
+            "signature": [
+              "() => Promise<void>"
+            ],
+            "path": "x-pack/packages/ml/json_schemas/src/json_schema_service.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx
new file mode 100644
index 0000000000000..eb01ef253ef6e
--- /dev/null
+++ b/api_docs/kbn_json_schemas.mdx
@@ -0,0 +1,30 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibKbnJsonSchemasPluginApi
+slug: /kibana-dev-docs/api/kbn-json-schemas
+title: "@kbn/json-schemas"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the @kbn/json-schemas plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas']
+---
+import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json';
+
+
+
+Contact [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 9 | 0 | 7 | 0 |
+
+## Common
+
+### Classes
+<DocDefinitionList data={kbnJsonSchemasObj.common.classes}/>
+
diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx
index 719fe13148e43..34adbecb1dbdb 100644
--- a/api_docs/kbn_kibana_manifest_schema.mdx
+++ b/api_docs/kbn_kibana_manifest_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema
 title: "@kbn/kibana-manifest-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/kibana-manifest-schema plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema']
 ---
 import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json';
diff --git a/api_docs/kbn_language_documentation_popover.mdx b/api_docs/kbn_language_documentation_popover.mdx
index edcf7b993d47c..ee08ce2314c3b 100644
--- a/api_docs/kbn_language_documentation_popover.mdx
+++ b/api_docs/kbn_language_documentation_popover.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation-popover
 title: "@kbn/language-documentation-popover"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/language-documentation-popover plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation-popover']
 ---
 import kbnLanguageDocumentationPopoverObj from './kbn_language_documentation_popover.devdocs.json';
diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx
index b8b7b8305838e..6f11a7d367fdc 100644
--- a/api_docs/kbn_lens_embeddable_utils.mdx
+++ b/api_docs/kbn_lens_embeddable_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils
 title: "@kbn/lens-embeddable-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/lens-embeddable-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils']
 ---
 import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json';
diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx
index dcc7887e2c389..b022a8b3bb5f3 100644
--- a/api_docs/kbn_lens_formula_docs.mdx
+++ b/api_docs/kbn_lens_formula_docs.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs
 title: "@kbn/lens-formula-docs"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/lens-formula-docs plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs']
 ---
 import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json';
diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx
index 0b3284ccaff5b..502f2b7c39ec6 100644
--- a/api_docs/kbn_logging.mdx
+++ b/api_docs/kbn_logging.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging
 title: "@kbn/logging"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/logging plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging']
 ---
 import kbnLoggingObj from './kbn_logging.devdocs.json';
diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx
index e7296264e4221..cc74116040d53 100644
--- a/api_docs/kbn_logging_mocks.mdx
+++ b/api_docs/kbn_logging_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks
 title: "@kbn/logging-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/logging-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks']
 ---
 import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json';
diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx
index ade696d52c11e..ba5b8e8cfb28f 100644
--- a/api_docs/kbn_managed_content_badge.mdx
+++ b/api_docs/kbn_managed_content_badge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge
 title: "@kbn/managed-content-badge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/managed-content-badge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge']
 ---
 import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json';
diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx
index 9ea1627776fdd..230f9c36ffe55 100644
--- a/api_docs/kbn_managed_vscode_config.mdx
+++ b/api_docs/kbn_managed_vscode_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config
 title: "@kbn/managed-vscode-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/managed-vscode-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config']
 ---
 import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json';
diff --git a/api_docs/kbn_management_cards_navigation.devdocs.json b/api_docs/kbn_management_cards_navigation.devdocs.json
index 6e5588dff2455..7d589a0a00560 100644
--- a/api_docs/kbn_management_cards_navigation.devdocs.json
+++ b/api_docs/kbn_management_cards_navigation.devdocs.json
@@ -145,7 +145,7 @@
             "label": "hideLinksTo",
             "description": [],
             "signature": [
-              "(\"transform\" | \"tags\" | \"maintenanceWindows\" | \"settings\" | \"dataViews\" | \"filesManagement\" | \"roles\" | \"reporting\" | \"api_keys\" | \"index_management\" | \"ingest_pipelines\" | \"jobsListLink\" | \"objects\" | \"pipelines\" | \"triggersActions\" | \"triggersActionsConnectors\")[] | undefined"
+              "(\"transform\" | \"tags\" | \"maintenanceWindows\" | \"settings\" | \"dataViews\" | \"data_quality\" | \"filesManagement\" | \"roles\" | \"reporting\" | \"api_keys\" | \"index_management\" | \"ingest_pipelines\" | \"jobsListLink\" | \"objects\" | \"pipelines\" | \"triggersActions\" | \"triggersActionsConnectors\")[] | undefined"
             ],
             "path": "packages/kbn-management/cards_navigation/src/types.ts",
             "deprecated": false,
@@ -202,7 +202,7 @@
         "label": "AppId",
         "description": [],
         "signature": [
-          "\"transform\" | \"tags\" | \"maintenanceWindows\" | \"settings\" | \"dataViews\" | \"filesManagement\" | \"roles\" | \"reporting\" | \"api_keys\" | \"index_management\" | \"ingest_pipelines\" | \"jobsListLink\" | \"objects\" | \"pipelines\" | \"triggersActions\" | \"triggersActionsConnectors\""
+          "\"transform\" | \"tags\" | \"maintenanceWindows\" | \"settings\" | \"dataViews\" | \"data_quality\" | \"filesManagement\" | \"roles\" | \"reporting\" | \"api_keys\" | \"index_management\" | \"ingest_pipelines\" | \"jobsListLink\" | \"objects\" | \"pipelines\" | \"triggersActions\" | \"triggersActionsConnectors\""
         ],
         "path": "packages/kbn-management/cards_navigation/src/types.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx
index e57cd5e7ed8fa..e29ff4fc60e73 100644
--- a/api_docs/kbn_management_cards_navigation.mdx
+++ b/api_docs/kbn_management_cards_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation
 title: "@kbn/management-cards-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-cards-navigation plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation']
 ---
 import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json';
diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx
index bfe63ca555d66..fe19559e238c5 100644
--- a/api_docs/kbn_management_settings_application.mdx
+++ b/api_docs/kbn_management_settings_application.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application
 title: "@kbn/management-settings-application"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-application plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application']
 ---
 import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx
index 679ecc142d451..c54984f72f55a 100644
--- a/api_docs/kbn_management_settings_components_field_category.mdx
+++ b/api_docs/kbn_management_settings_components_field_category.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category
 title: "@kbn/management-settings-components-field-category"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-category plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category']
 ---
 import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx
index 5466ac9f12882..7cc7caee9a8aa 100644
--- a/api_docs/kbn_management_settings_components_field_input.mdx
+++ b/api_docs/kbn_management_settings_components_field_input.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input
 title: "@kbn/management-settings-components-field-input"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-input plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input']
 ---
 import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx
index 389e2027f424a..5e746bc7b3907 100644
--- a/api_docs/kbn_management_settings_components_field_row.mdx
+++ b/api_docs/kbn_management_settings_components_field_row.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row
 title: "@kbn/management-settings-components-field-row"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-row plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row']
 ---
 import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx
index ad499b3c90f10..f85c380a0cc0b 100644
--- a/api_docs/kbn_management_settings_components_form.mdx
+++ b/api_docs/kbn_management_settings_components_form.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form
 title: "@kbn/management-settings-components-form"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-form plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form']
 ---
 import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json';
diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx
index 2886e76ab1137..3abca702adbca 100644
--- a/api_docs/kbn_management_settings_field_definition.mdx
+++ b/api_docs/kbn_management_settings_field_definition.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition
 title: "@kbn/management-settings-field-definition"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-field-definition plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition']
 ---
 import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json';
diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx
index d4d30d03b2e60..8e8f5b15952ea 100644
--- a/api_docs/kbn_management_settings_ids.mdx
+++ b/api_docs/kbn_management_settings_ids.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids
 title: "@kbn/management-settings-ids"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-ids plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids']
 ---
 import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json';
diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx
index d386b31cc29bb..07b3a9a81ef1a 100644
--- a/api_docs/kbn_management_settings_section_registry.mdx
+++ b/api_docs/kbn_management_settings_section_registry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry
 title: "@kbn/management-settings-section-registry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-section-registry plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry']
 ---
 import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json';
diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx
index 960d7c89e444c..a6ee2ad22e9e9 100644
--- a/api_docs/kbn_management_settings_types.mdx
+++ b/api_docs/kbn_management_settings_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types
 title: "@kbn/management-settings-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types']
 ---
 import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json';
diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx
index f846a138ad72d..e9998f34d99ad 100644
--- a/api_docs/kbn_management_settings_utilities.mdx
+++ b/api_docs/kbn_management_settings_utilities.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities
 title: "@kbn/management-settings-utilities"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-utilities plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities']
 ---
 import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json';
diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx
index cc94cfcc45577..f604f1a344dda 100644
--- a/api_docs/kbn_management_storybook_config.mdx
+++ b/api_docs/kbn_management_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config
 title: "@kbn/management-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-storybook-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config']
 ---
 import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx
index 29fe8a26cc807..0e5b134bd7431 100644
--- a/api_docs/kbn_mapbox_gl.mdx
+++ b/api_docs/kbn_mapbox_gl.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl
 title: "@kbn/mapbox-gl"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/mapbox-gl plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl']
 ---
 import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json';
diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx
index 6b6ab7809564d..aa79f7fb2872f 100644
--- a/api_docs/kbn_maps_vector_tile_utils.mdx
+++ b/api_docs/kbn_maps_vector_tile_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils
 title: "@kbn/maps-vector-tile-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/maps-vector-tile-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils']
 ---
 import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx
index c682754234786..2167365cc1b21 100644
--- a/api_docs/kbn_ml_agg_utils.mdx
+++ b/api_docs/kbn_ml_agg_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils
 title: "@kbn/ml-agg-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-agg-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils']
 ---
 import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx
index f94006b655dbf..f4ca6cde186dc 100644
--- a/api_docs/kbn_ml_anomaly_utils.mdx
+++ b/api_docs/kbn_ml_anomaly_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils
 title: "@kbn/ml-anomaly-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-anomaly-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils']
 ---
 import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx
index bd45f8ad1a08b..0288e3bd89110 100644
--- a/api_docs/kbn_ml_cancellable_search.mdx
+++ b/api_docs/kbn_ml_cancellable_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search
 title: "@kbn/ml-cancellable-search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-cancellable-search plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search']
 ---
 import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json';
diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx
index 5f6b80c05feb8..f1d469f6e47f4 100644
--- a/api_docs/kbn_ml_category_validator.mdx
+++ b/api_docs/kbn_ml_category_validator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator
 title: "@kbn/ml-category-validator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-category-validator plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator']
 ---
 import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json';
diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx
index 5869e96f4d4a2..51d486a828b4e 100644
--- a/api_docs/kbn_ml_chi2test.mdx
+++ b/api_docs/kbn_ml_chi2test.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test
 title: "@kbn/ml-chi2test"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-chi2test plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test']
 ---
 import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json';
diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx
index dfdc3b08cbacf..99dbaae6dbb1a 100644
--- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx
+++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils
 title: "@kbn/ml-data-frame-analytics-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-data-frame-analytics-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils']
 ---
 import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx
index 8a1cd3f0ad4e7..a82da9af2c1bb 100644
--- a/api_docs/kbn_ml_data_grid.mdx
+++ b/api_docs/kbn_ml_data_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid
 title: "@kbn/ml-data-grid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-data-grid plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid']
 ---
 import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json';
diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx
index c0466967360b1..6f0bbcfea8778 100644
--- a/api_docs/kbn_ml_date_picker.mdx
+++ b/api_docs/kbn_ml_date_picker.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker
 title: "@kbn/ml-date-picker"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-date-picker plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker']
 ---
 import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json';
diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx
index da283ea5b2848..503ee57e00123 100644
--- a/api_docs/kbn_ml_date_utils.mdx
+++ b/api_docs/kbn_ml_date_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils
 title: "@kbn/ml-date-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-date-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils']
 ---
 import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx
index 52e09fb58f798..ce476f3e5de00 100644
--- a/api_docs/kbn_ml_error_utils.mdx
+++ b/api_docs/kbn_ml_error_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils
 title: "@kbn/ml-error-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-error-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils']
 ---
 import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx
index 7f261994b433c..2ff80ae3fddd8 100644
--- a/api_docs/kbn_ml_in_memory_table.mdx
+++ b/api_docs/kbn_ml_in_memory_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table
 title: "@kbn/ml-in-memory-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-in-memory-table plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table']
 ---
 import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json';
diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx
index f60bb413a2382..d2a98acfe5360 100644
--- a/api_docs/kbn_ml_is_defined.mdx
+++ b/api_docs/kbn_ml_is_defined.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined
 title: "@kbn/ml-is-defined"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-is-defined plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined']
 ---
 import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json';
diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx
index 80a615093e7f0..22e052a550feb 100644
--- a/api_docs/kbn_ml_is_populated_object.mdx
+++ b/api_docs/kbn_ml_is_populated_object.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object
 title: "@kbn/ml-is-populated-object"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-is-populated-object plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object']
 ---
 import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json';
diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx
index d6cb7980ec60d..28554f52db382 100644
--- a/api_docs/kbn_ml_kibana_theme.mdx
+++ b/api_docs/kbn_ml_kibana_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme
 title: "@kbn/ml-kibana-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-kibana-theme plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme']
 ---
 import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json';
diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx
index f5bce0abc160d..0213893a814af 100644
--- a/api_docs/kbn_ml_local_storage.mdx
+++ b/api_docs/kbn_ml_local_storage.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage
 title: "@kbn/ml-local-storage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-local-storage plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage']
 ---
 import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json';
diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx
index 2925c0b6db445..135e64f1a9c0b 100644
--- a/api_docs/kbn_ml_nested_property.mdx
+++ b/api_docs/kbn_ml_nested_property.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property
 title: "@kbn/ml-nested-property"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-nested-property plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property']
 ---
 import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json';
diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx
index 4bfee361313a4..9d01e63ad802d 100644
--- a/api_docs/kbn_ml_number_utils.mdx
+++ b/api_docs/kbn_ml_number_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils
 title: "@kbn/ml-number-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-number-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils']
 ---
 import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx
index 4b5f183519c84..e896a5d7ae1df 100644
--- a/api_docs/kbn_ml_query_utils.mdx
+++ b/api_docs/kbn_ml_query_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils
 title: "@kbn/ml-query-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-query-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils']
 ---
 import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx
index f5fb6b5a066d8..edf9b1658ce77 100644
--- a/api_docs/kbn_ml_random_sampler_utils.mdx
+++ b/api_docs/kbn_ml_random_sampler_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils
 title: "@kbn/ml-random-sampler-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-random-sampler-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils']
 ---
 import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx
index a85bf8421e6c0..2d39f5bb08ac9 100644
--- a/api_docs/kbn_ml_route_utils.mdx
+++ b/api_docs/kbn_ml_route_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils
 title: "@kbn/ml-route-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-route-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils']
 ---
 import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx
index ee9cc56bc047a..cdc25adb5f41c 100644
--- a/api_docs/kbn_ml_runtime_field_utils.mdx
+++ b/api_docs/kbn_ml_runtime_field_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils
 title: "@kbn/ml-runtime-field-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-runtime-field-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils']
 ---
 import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx
index 7100105fa361a..0e4a948efd034 100644
--- a/api_docs/kbn_ml_string_hash.mdx
+++ b/api_docs/kbn_ml_string_hash.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash
 title: "@kbn/ml-string-hash"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-string-hash plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash']
 ---
 import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json';
diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx
index 7a1829d634b78..1e596764daa83 100644
--- a/api_docs/kbn_ml_time_buckets.mdx
+++ b/api_docs/kbn_ml_time_buckets.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets
 title: "@kbn/ml-time-buckets"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-time-buckets plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets']
 ---
 import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json';
diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx
index 34e51866932da..f8c21091576e5 100644
--- a/api_docs/kbn_ml_trained_models_utils.mdx
+++ b/api_docs/kbn_ml_trained_models_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils
 title: "@kbn/ml-trained-models-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-trained-models-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils']
 ---
 import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx
index 88be9a7227836..64954df4d1add 100644
--- a/api_docs/kbn_ml_ui_actions.mdx
+++ b/api_docs/kbn_ml_ui_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions
 title: "@kbn/ml-ui-actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-ui-actions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions']
 ---
 import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json';
diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx
index 68f724104cb2c..09558d2abdade 100644
--- a/api_docs/kbn_ml_url_state.mdx
+++ b/api_docs/kbn_ml_url_state.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state
 title: "@kbn/ml-url-state"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-url-state plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state']
 ---
 import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json';
diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx
index d56e817f32cfe..69e8d3e030e60 100644
--- a/api_docs/kbn_mock_idp_utils.mdx
+++ b/api_docs/kbn_mock_idp_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils
 title: "@kbn/mock-idp-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/mock-idp-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils']
 ---
 import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json';
diff --git a/api_docs/kbn_monaco.devdocs.json b/api_docs/kbn_monaco.devdocs.json
index a432c6389bae2..be1438d460f19 100644
--- a/api_docs/kbn_monaco.devdocs.json
+++ b/api_docs/kbn_monaco.devdocs.json
@@ -1182,6 +1182,9 @@
             "tags": [],
             "label": "url",
             "description": [],
+            "signature": [
+              "string | undefined"
+            ],
             "path": "packages/kbn-monaco/src/console/types.ts",
             "deprecated": false,
             "trackAdoption": false
diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx
index 23ac7c7f51194..6921835681468 100644
--- a/api_docs/kbn_monaco.mdx
+++ b/api_docs/kbn_monaco.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco
 title: "@kbn/monaco"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/monaco plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco']
 ---
 import kbnMonacoObj from './kbn_monaco.devdocs.json';
diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx
index bce22ad4b56e8..e84d112c4c30d 100644
--- a/api_docs/kbn_object_versioning.mdx
+++ b/api_docs/kbn_object_versioning.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning
 title: "@kbn/object-versioning"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/object-versioning plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning']
 ---
 import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json';
diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx
index ab2abedacdfb7..b3e86aee8d302 100644
--- a/api_docs/kbn_observability_alert_details.mdx
+++ b/api_docs/kbn_observability_alert_details.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details
 title: "@kbn/observability-alert-details"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-alert-details plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details']
 ---
 import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json';
diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx
index 6f86bf5ff4e02..73b57383c73d6 100644
--- a/api_docs/kbn_observability_alerting_test_data.mdx
+++ b/api_docs/kbn_observability_alerting_test_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data
 title: "@kbn/observability-alerting-test-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-alerting-test-data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data']
 ---
 import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json';
diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
index 2cefb2e5feaa8..8f28e91503d14 100644
--- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
+++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util
 title: "@kbn/observability-get-padded-alert-time-range-util"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util']
 ---
 import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json';
diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx
index 6f7bcb21157f8..e2793250162e5 100644
--- a/api_docs/kbn_openapi_bundler.mdx
+++ b/api_docs/kbn_openapi_bundler.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler
 title: "@kbn/openapi-bundler"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/openapi-bundler plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler']
 ---
 import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json';
diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx
index a3843270d5540..cc7682869dbb9 100644
--- a/api_docs/kbn_openapi_generator.mdx
+++ b/api_docs/kbn_openapi_generator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator
 title: "@kbn/openapi-generator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/openapi-generator plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator']
 ---
 import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json';
diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx
index 32c15b1d0581a..d62fed6163b9c 100644
--- a/api_docs/kbn_optimizer.mdx
+++ b/api_docs/kbn_optimizer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer
 title: "@kbn/optimizer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/optimizer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer']
 ---
 import kbnOptimizerObj from './kbn_optimizer.devdocs.json';
diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx
index 0d8c3816185a8..42027de74f63e 100644
--- a/api_docs/kbn_optimizer_webpack_helpers.mdx
+++ b/api_docs/kbn_optimizer_webpack_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers
 title: "@kbn/optimizer-webpack-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/optimizer-webpack-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers']
 ---
 import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json';
diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx
index d27bd79efae83..d260f44d19b06 100644
--- a/api_docs/kbn_osquery_io_ts_types.mdx
+++ b/api_docs/kbn_osquery_io_ts_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types
 title: "@kbn/osquery-io-ts-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/osquery-io-ts-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types']
 ---
 import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json';
diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx
index 998c16ed1affb..4fe7f5ced096a 100644
--- a/api_docs/kbn_panel_loader.mdx
+++ b/api_docs/kbn_panel_loader.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader
 title: "@kbn/panel-loader"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/panel-loader plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader']
 ---
 import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json';
diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx
index 4c5416e26ed0f..882b59d74d914 100644
--- a/api_docs/kbn_performance_testing_dataset_extractor.mdx
+++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor
 title: "@kbn/performance-testing-dataset-extractor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/performance-testing-dataset-extractor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor']
 ---
 import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json';
diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx
index b27b01dcff788..02a727684e830 100644
--- a/api_docs/kbn_plugin_check.mdx
+++ b/api_docs/kbn_plugin_check.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check
 title: "@kbn/plugin-check"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-check plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check']
 ---
 import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json';
diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx
index 586db8494bb0c..0f5d0174ae4e0 100644
--- a/api_docs/kbn_plugin_generator.mdx
+++ b/api_docs/kbn_plugin_generator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator
 title: "@kbn/plugin-generator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-generator plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator']
 ---
 import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json';
diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx
index 6ef469883b64e..d45353f8bc210 100644
--- a/api_docs/kbn_plugin_helpers.mdx
+++ b/api_docs/kbn_plugin_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers
 title: "@kbn/plugin-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers']
 ---
 import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json';
diff --git a/api_docs/kbn_presentation_containers.devdocs.json b/api_docs/kbn_presentation_containers.devdocs.json
index 716fbb0bf73cd..46f36820b0d14 100644
--- a/api_docs/kbn_presentation_containers.devdocs.json
+++ b/api_docs/kbn_presentation_containers.devdocs.json
@@ -768,7 +768,7 @@
             "label": "expandPanel",
             "description": [],
             "signature": [
-              "(panelId?: string | undefined) => void"
+              "(panelId: string) => void"
             ],
             "path": "packages/presentation/presentation_containers/interfaces/panel_management.ts",
             "deprecated": false,
@@ -782,12 +782,12 @@
                 "label": "panelId",
                 "description": [],
                 "signature": [
-                  "string | undefined"
+                  "string"
                 ],
                 "path": "packages/presentation/presentation_containers/interfaces/panel_management.ts",
                 "deprecated": false,
                 "trackAdoption": false,
-                "isRequired": false
+                "isRequired": true
               }
             ],
             "returnComment": []
@@ -1139,7 +1139,7 @@
                 "section": "def-common.SerializedPanelState",
                 "text": "SerializedPanelState"
               },
-              "<SerializedState>"
+              "<SerializedState> | undefined"
             ],
             "path": "packages/presentation/presentation_containers/interfaces/child_state.ts",
             "deprecated": false,
@@ -1194,7 +1194,7 @@
             "tags": [],
             "label": "snapshotRuntimeState",
             "description": [
-              "\nSerializes all runtime state exactly as it appears. This could be used\nto rehydrate a component's state without needing to deserialize it."
+              "\nSerializes all runtime state exactly as it appears. This can be used\nto rehydrate a component's state without needing to serialize then deserialize it."
             ],
             "signature": [
               "() => RuntimeState"
diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx
index 86b3132502f3c..1a9e32be1b5f2 100644
--- a/api_docs/kbn_presentation_containers.mdx
+++ b/api_docs/kbn_presentation_containers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers
 title: "@kbn/presentation-containers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/presentation-containers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers']
 ---
 import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json';
diff --git a/api_docs/kbn_presentation_publishing.devdocs.json b/api_docs/kbn_presentation_publishing.devdocs.json
index a91b622e34450..e77aadbe13c1c 100644
--- a/api_docs/kbn_presentation_publishing.devdocs.json
+++ b/api_docs/kbn_presentation_publishing.devdocs.json
@@ -196,7 +196,8 @@
             "docId": "kibKbnPresentationPublishingPluginApi",
             "section": "def-common.HasInPlaceLibraryTransforms",
             "text": "HasInPlaceLibraryTransforms"
-          }
+          },
+          "<object>"
         ],
         "path": "packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts",
         "deprecated": false,
@@ -987,6 +988,46 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/presentation-publishing",
+        "id": "def-common.apiPublishesTimeslice",
+        "type": "Function",
+        "tags": [],
+        "label": "apiPublishesTimeslice",
+        "description": [],
+        "signature": [
+          "(unknownApi: unknown) => unknownApi is ",
+          {
+            "pluginId": "@kbn/presentation-publishing",
+            "scope": "common",
+            "docId": "kibKbnPresentationPublishingPluginApi",
+            "section": "def-common.PublishesTimeslice",
+            "text": "PublishesTimeslice"
+          }
+        ],
+        "path": "packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/presentation-publishing",
+            "id": "def-common.apiPublishesTimeslice.$1",
+            "type": "Unknown",
+            "tags": [],
+            "label": "unknownApi",
+            "description": [],
+            "signature": [
+              "unknown"
+            ],
+            "path": "packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/presentation-publishing",
         "id": "def-common.apiPublishesUnifiedSearch",
@@ -1936,6 +1977,46 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/presentation-publishing",
+        "id": "def-common.stateHasTitles",
+        "type": "Function",
+        "tags": [],
+        "label": "stateHasTitles",
+        "description": [],
+        "signature": [
+          "(state: unknown) => state is ",
+          {
+            "pluginId": "@kbn/presentation-publishing",
+            "scope": "common",
+            "docId": "kibKbnPresentationPublishingPluginApi",
+            "section": "def-common.SerializedTitles",
+            "text": "SerializedTitles"
+          }
+        ],
+        "path": "packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/presentation-publishing",
+            "id": "def-common.stateHasTitles.$1",
+            "type": "Unknown",
+            "tags": [],
+            "label": "state",
+            "description": [],
+            "signature": [
+              "unknown"
+            ],
+            "path": "packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/presentation-publishing",
         "id": "def-common.useBatchedOptionalPublishingSubjects",
@@ -2792,7 +2873,7 @@
             "section": "def-common.HasInPlaceLibraryTransforms",
             "text": "HasInPlaceLibraryTransforms"
           },
-          " extends Partial<LibraryTransformGuards>,DuplicateTitleCheck"
+          "<RuntimeState> extends Partial<LibraryTransformGuards>,DuplicateTitleCheck"
         ],
         "path": "packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts",
         "deprecated": false,
@@ -3000,6 +3081,24 @@
               "id of persisted library item"
             ]
           },
+          {
+            "parentPluginId": "@kbn/presentation-publishing",
+            "id": "def-common.HasInPlaceLibraryTransforms.getByValueRuntimeSnapshot",
+            "type": "Function",
+            "tags": [],
+            "label": "getByValueRuntimeSnapshot",
+            "description": [
+              "\ngets a snapshot of this embeddable's runtime state without any state that links it to a library item."
+            ],
+            "signature": [
+              "() => RuntimeState"
+            ],
+            "path": "packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [],
+            "returnComment": []
+          },
           {
             "parentPluginId": "@kbn/presentation-publishing",
             "id": "def-common.HasInPlaceLibraryTransforms.unlinkFromLibrary",
@@ -3025,11 +3124,11 @@
         "parentPluginId": "@kbn/presentation-publishing",
         "id": "def-common.HasLibraryTransforms",
         "type": "Interface",
-        "tags": [],
-        "label": "HasLibraryTransforms",
-        "description": [
-          "\nAPIs that inherit this interface can be linked to and unlinked from the library. After the save or unlink\noperation, the embeddable will be reinitialized."
+        "tags": [
+          "deprecated"
         ],
+        "label": "HasLibraryTransforms",
+        "description": [],
         "signature": [
           {
             "pluginId": "@kbn/presentation-publishing",
@@ -3041,8 +3140,42 @@
           "<StateT> extends LibraryTransformGuards,DuplicateTitleCheck"
         ],
         "path": "packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts",
-        "deprecated": false,
+        "deprecated": true,
         "trackAdoption": false,
+        "references": [
+          {
+            "plugin": "dashboard",
+            "path": "src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx"
+          },
+          {
+            "plugin": "dashboard",
+            "path": "src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx"
+          },
+          {
+            "plugin": "dashboard",
+            "path": "src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx"
+          },
+          {
+            "plugin": "dashboard",
+            "path": "src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx"
+          },
+          {
+            "plugin": "maps",
+            "path": "x-pack/plugins/maps/public/react_embeddable/types.ts"
+          },
+          {
+            "plugin": "maps",
+            "path": "x-pack/plugins/maps/public/react_embeddable/types.ts"
+          },
+          {
+            "plugin": "maps",
+            "path": "x-pack/plugins/maps/public/react_embeddable/library_transforms.ts"
+          },
+          {
+            "plugin": "maps",
+            "path": "x-pack/plugins/maps/public/react_embeddable/library_transforms.ts"
+          }
+        ],
         "children": [
           {
             "parentPluginId": "@kbn/presentation-publishing",
@@ -5828,14 +5961,15 @@
             "section": "def-common.PublishesTimeRange",
             "text": "PublishesTimeRange"
           },
-          " extends ",
+          " extends Partial<",
           {
             "pluginId": "@kbn/presentation-publishing",
             "scope": "common",
             "docId": "kibKbnPresentationPublishingPluginApi",
             "section": "def-common.PublishesTimeslice",
             "text": "PublishesTimeslice"
-          }
+          },
+          ">"
         ],
         "path": "packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts",
         "deprecated": false,
@@ -6248,14 +6382,157 @@
             "label": "timeslice$",
             "description": [],
             "signature": [
-              {
-                "pluginId": "@kbn/presentation-publishing",
-                "scope": "common",
-                "docId": "kibKbnPresentationPublishingPluginApi",
-                "section": "def-common.PublishingSubject",
-                "text": "PublishingSubject"
-              },
-              "<[number, number] | undefined> | undefined"
+              "{ source: ",
+              "Observable",
+              "<any> | undefined; readonly value: [number, number] | undefined; error: (err: any) => void; forEach: { (next: (value: [number, number] | undefined) => void): Promise<void>; (next: (value: [number, number] | undefined) => void, promiseCtor: PromiseConstructorLike): Promise<void>; }; complete: () => void; getValue: () => [number, number] | undefined; pipe: { (): ",
+              "Observable",
+              "<[number, number] | undefined>; <A>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>): ",
+              "Observable",
+              "<A>; <A, B>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>): ",
+              "Observable",
+              "<B>; <A, B, C>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>): ",
+              "Observable",
+              "<C>; <A, B, C, D>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>): ",
+              "Observable",
+              "<D>; <A, B, C, D, E>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>): ",
+              "Observable",
+              "<E>; <A, B, C, D, E, F>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>, op6: ",
+              "OperatorFunction",
+              "<E, F>): ",
+              "Observable",
+              "<F>; <A, B, C, D, E, F, G>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>, op6: ",
+              "OperatorFunction",
+              "<E, F>, op7: ",
+              "OperatorFunction",
+              "<F, G>): ",
+              "Observable",
+              "<G>; <A, B, C, D, E, F, G, H>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>, op6: ",
+              "OperatorFunction",
+              "<E, F>, op7: ",
+              "OperatorFunction",
+              "<F, G>, op8: ",
+              "OperatorFunction",
+              "<G, H>): ",
+              "Observable",
+              "<H>; <A, B, C, D, E, F, G, H, I>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>, op6: ",
+              "OperatorFunction",
+              "<E, F>, op7: ",
+              "OperatorFunction",
+              "<F, G>, op8: ",
+              "OperatorFunction",
+              "<G, H>, op9: ",
+              "OperatorFunction",
+              "<H, I>): ",
+              "Observable",
+              "<I>; <A, B, C, D, E, F, G, H, I>(op1: ",
+              "OperatorFunction",
+              "<[number, number] | undefined, A>, op2: ",
+              "OperatorFunction",
+              "<A, B>, op3: ",
+              "OperatorFunction",
+              "<B, C>, op4: ",
+              "OperatorFunction",
+              "<C, D>, op5: ",
+              "OperatorFunction",
+              "<D, E>, op6: ",
+              "OperatorFunction",
+              "<E, F>, op7: ",
+              "OperatorFunction",
+              "<F, G>, op8: ",
+              "OperatorFunction",
+              "<G, H>, op9: ",
+              "OperatorFunction",
+              "<H, I>, ...operations: ",
+              "OperatorFunction",
+              "<any, any>[]): ",
+              "Observable",
+              "<unknown>; }; closed: boolean; observers: ",
+              "Observer",
+              "<[number, number] | undefined>[]; isStopped: boolean; hasError: boolean; thrownError: any; lift: <R>(operator: ",
+              "Operator",
+              "<[number, number] | undefined, R>) => ",
+              "Observable",
+              "<R>; unsubscribe: () => void; readonly observed: boolean; asObservable: () => ",
+              "Observable",
+              "<[number, number] | undefined>; operator: ",
+              "Operator",
+              "<any, [number, number] | undefined> | undefined; subscribe: { (observerOrNext?: Partial<",
+              "Observer",
+              "<[number, number] | undefined>> | ((value: [number, number] | undefined) => void) | undefined): ",
+              "Subscription",
+              "; (next?: ((value: [number, number] | undefined) => void) | null | undefined, error?: ((error: any) => void) | null | undefined, complete?: (() => void) | null | undefined): ",
+              "Subscription",
+              "; }; toPromise: { (): Promise<[number, number] | undefined>; (PromiseCtor: PromiseConstructor): Promise<[number, number] | undefined>; (PromiseCtor: PromiseConstructorLike): Promise<[number, number] | undefined>; }; }"
             ],
             "path": "packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts",
             "deprecated": false,
diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx
index 0e021d0ca307c..8ee1c4ba1ea1e 100644
--- a/api_docs/kbn_presentation_publishing.mdx
+++ b/api_docs/kbn_presentation_publishing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing
 title: "@kbn/presentation-publishing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/presentation-publishing plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing']
 ---
 import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 209 | 0 | 174 | 5 |
+| 214 | 0 | 179 | 5 |
 
 ## Common
 
diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx
index 68813cccd6190..b5eb5b118429e 100644
--- a/api_docs/kbn_profiling_utils.mdx
+++ b/api_docs/kbn_profiling_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils
 title: "@kbn/profiling-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/profiling-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils']
 ---
 import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json';
diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx
index b29ce64a87355..1b6384d28a0e4 100644
--- a/api_docs/kbn_random_sampling.mdx
+++ b/api_docs/kbn_random_sampling.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling
 title: "@kbn/random-sampling"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/random-sampling plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling']
 ---
 import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json';
diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx
index f411673525943..aa2db43a50d84 100644
--- a/api_docs/kbn_react_field.mdx
+++ b/api_docs/kbn_react_field.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field
 title: "@kbn/react-field"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-field plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field']
 ---
 import kbnReactFieldObj from './kbn_react_field.devdocs.json';
diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx
index a7443008e4121..3b3c818606f4c 100644
--- a/api_docs/kbn_react_hooks.mdx
+++ b/api_docs/kbn_react_hooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks
 title: "@kbn/react-hooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-hooks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks']
 ---
 import kbnReactHooksObj from './kbn_react_hooks.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx
index 0f8bb09a45811..29dde5f1dba46 100644
--- a/api_docs/kbn_react_kibana_context_common.mdx
+++ b/api_docs/kbn_react_kibana_context_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common
 title: "@kbn/react-kibana-context-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common']
 ---
 import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx
index 201f21fd2072d..7bf4a25dfe6e8 100644
--- a/api_docs/kbn_react_kibana_context_render.mdx
+++ b/api_docs/kbn_react_kibana_context_render.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render
 title: "@kbn/react-kibana-context-render"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-render plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render']
 ---
 import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx
index 23e6f601bf27c..de1685a93a036 100644
--- a/api_docs/kbn_react_kibana_context_root.mdx
+++ b/api_docs/kbn_react_kibana_context_root.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root
 title: "@kbn/react-kibana-context-root"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-root plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root']
 ---
 import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx
index 98dcc858cab1f..14987e882950a 100644
--- a/api_docs/kbn_react_kibana_context_styled.mdx
+++ b/api_docs/kbn_react_kibana_context_styled.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled
 title: "@kbn/react-kibana-context-styled"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-styled plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled']
 ---
 import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx
index 5f617bee8c48c..41af25db1aac1 100644
--- a/api_docs/kbn_react_kibana_context_theme.mdx
+++ b/api_docs/kbn_react_kibana_context_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme
 title: "@kbn/react-kibana-context-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-theme plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme']
 ---
 import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx
index fb82a4b897546..219ef91e4fbae 100644
--- a/api_docs/kbn_react_kibana_mount.mdx
+++ b/api_docs/kbn_react_kibana_mount.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount
 title: "@kbn/react-kibana-mount"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-mount plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount']
 ---
 import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json';
diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx
index 7f7f696d78a68..a6ed7ddd3480f 100644
--- a/api_docs/kbn_repo_file_maps.mdx
+++ b/api_docs/kbn_repo_file_maps.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps
 title: "@kbn/repo-file-maps"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-file-maps plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps']
 ---
 import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json';
diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx
index fb5c4a1524b4d..fb9ceb6f36def 100644
--- a/api_docs/kbn_repo_linter.mdx
+++ b/api_docs/kbn_repo_linter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter
 title: "@kbn/repo-linter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-linter plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter']
 ---
 import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json';
diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx
index 5a840e912f536..a24bfad6aecbc 100644
--- a/api_docs/kbn_repo_path.mdx
+++ b/api_docs/kbn_repo_path.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path
 title: "@kbn/repo-path"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-path plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path']
 ---
 import kbnRepoPathObj from './kbn_repo_path.devdocs.json';
diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx
index 3ff67fc3ea8ce..d37b1139ef143 100644
--- a/api_docs/kbn_repo_source_classifier.mdx
+++ b/api_docs/kbn_repo_source_classifier.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier
 title: "@kbn/repo-source-classifier"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-source-classifier plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier']
 ---
 import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json';
diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx
index 89ec0443f6839..aee93339d3b7f 100644
--- a/api_docs/kbn_reporting_common.mdx
+++ b/api_docs/kbn_reporting_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common
 title: "@kbn/reporting-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common']
 ---
 import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx
index ce737fb4e4b06..862f9c8ede562 100644
--- a/api_docs/kbn_reporting_csv_share_panel.mdx
+++ b/api_docs/kbn_reporting_csv_share_panel.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel
 title: "@kbn/reporting-csv-share-panel"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-csv-share-panel plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel']
 ---
 import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx
index 00ce6fed4ce0b..47444a4568d30 100644
--- a/api_docs/kbn_reporting_export_types_csv.mdx
+++ b/api_docs/kbn_reporting_export_types_csv.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv
 title: "@kbn/reporting-export-types-csv"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-csv plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv']
 ---
 import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx
index 03cc56bb5dd51..06ec94cc6e52d 100644
--- a/api_docs/kbn_reporting_export_types_csv_common.mdx
+++ b/api_docs/kbn_reporting_export_types_csv_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common
 title: "@kbn/reporting-export-types-csv-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-csv-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common']
 ---
 import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx
index 2737f4db07ce4..e3386f12456a1 100644
--- a/api_docs/kbn_reporting_export_types_pdf.mdx
+++ b/api_docs/kbn_reporting_export_types_pdf.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf
 title: "@kbn/reporting-export-types-pdf"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-pdf plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf']
 ---
 import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx
index 574ac8e9ca734..95e92e092d1ed 100644
--- a/api_docs/kbn_reporting_export_types_pdf_common.mdx
+++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common
 title: "@kbn/reporting-export-types-pdf-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-pdf-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common']
 ---
 import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx
index 2977c93c5c0c4..4dcf081b6751c 100644
--- a/api_docs/kbn_reporting_export_types_png.mdx
+++ b/api_docs/kbn_reporting_export_types_png.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png
 title: "@kbn/reporting-export-types-png"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-png plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png']
 ---
 import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx
index 1fe929de376f3..b20deffbb5ba4 100644
--- a/api_docs/kbn_reporting_export_types_png_common.mdx
+++ b/api_docs/kbn_reporting_export_types_png_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common
 title: "@kbn/reporting-export-types-png-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-png-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common']
 ---
 import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx
index 80424616f17b4..37ca4c855c53c 100644
--- a/api_docs/kbn_reporting_mocks_server.mdx
+++ b/api_docs/kbn_reporting_mocks_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server
 title: "@kbn/reporting-mocks-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-mocks-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server']
 ---
 import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json';
diff --git a/api_docs/kbn_reporting_public.devdocs.json b/api_docs/kbn_reporting_public.devdocs.json
index aaa1f39f74c06..76ca0bd88d956 100644
--- a/api_docs/kbn_reporting_public.devdocs.json
+++ b/api_docs/kbn_reporting_public.devdocs.json
@@ -21,7 +21,7 @@
             "label": "payload",
             "description": [],
             "signature": [
-              "{ spaceId?: string | undefined; isDeprecated?: boolean | undefined; title: string; version: string; layout?: { id?: ",
+              "{ spaceId?: string | undefined; version: string; isDeprecated?: boolean | undefined; title: string; layout?: { id?: ",
               {
                 "pluginId": "screenshotting",
                 "scope": "common",
diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx
index 2bdca194559a5..dc1d34a6b44a4 100644
--- a/api_docs/kbn_reporting_public.mdx
+++ b/api_docs/kbn_reporting_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public
 title: "@kbn/reporting-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-public plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public']
 ---
 import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json';
diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx
index b1e93c3e64713..f58338d54ee2b 100644
--- a/api_docs/kbn_reporting_server.mdx
+++ b/api_docs/kbn_reporting_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server
 title: "@kbn/reporting-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server']
 ---
 import kbnReportingServerObj from './kbn_reporting_server.devdocs.json';
diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx
index 2cd1f2d49eaff..5e43e6c32318f 100644
--- a/api_docs/kbn_resizable_layout.mdx
+++ b/api_docs/kbn_resizable_layout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout
 title: "@kbn/resizable-layout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/resizable-layout plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout']
 ---
 import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json';
diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx
index 832f03fdfeb36..f2934a0d4c8c6 100644
--- a/api_docs/kbn_response_ops_feature_flag_service.mdx
+++ b/api_docs/kbn_response_ops_feature_flag_service.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service
 title: "@kbn/response-ops-feature-flag-service"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/response-ops-feature-flag-service plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service']
 ---
 import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json';
diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx
index 02fe8a3f84e65..8366fa9901bd4 100644
--- a/api_docs/kbn_rison.mdx
+++ b/api_docs/kbn_rison.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison
 title: "@kbn/rison"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rison plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison']
 ---
 import kbnRisonObj from './kbn_rison.devdocs.json';
diff --git a/api_docs/kbn_rollup.devdocs.json b/api_docs/kbn_rollup.devdocs.json
new file mode 100644
index 0000000000000..0fe1e0a1d1a4a
--- /dev/null
+++ b/api_docs/kbn_rollup.devdocs.json
@@ -0,0 +1,74 @@
+{
+  "id": "@kbn/rollup",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "common": {
+    "classes": [],
+    "functions": [
+      {
+        "parentPluginId": "@kbn/rollup",
+        "id": "def-common.RollupDeprecationTooltip",
+        "type": "Function",
+        "tags": [],
+        "label": "RollupDeprecationTooltip",
+        "description": [],
+        "signature": [
+          "({ children }: RollupDeprecationTooltipProps) => JSX.Element"
+        ],
+        "path": "x-pack/packages/rollup/src/rollup_deprecation_tooltip/rollup_deprecation_tooltip.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/rollup",
+            "id": "def-common.RollupDeprecationTooltip.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "{ children }",
+            "description": [],
+            "signature": [
+              "RollupDeprecationTooltipProps"
+            ],
+            "path": "x-pack/packages/rollup/src/rollup_deprecation_tooltip/rollup_deprecation_tooltip.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      }
+    ],
+    "interfaces": [],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "@kbn/rollup",
+        "id": "def-common.ROLLUP_DEPRECATION_BADGE_LABEL",
+        "type": "string",
+        "tags": [],
+        "label": "ROLLUP_DEPRECATION_BADGE_LABEL",
+        "description": [],
+        "path": "x-pack/packages/rollup/src/constants/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx
new file mode 100644
index 0000000000000..831c4a46a4b31
--- /dev/null
+++ b/api_docs/kbn_rollup.mdx
@@ -0,0 +1,33 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibKbnRollupPluginApi
+slug: /kibana-dev-docs/api/kbn-rollup
+title: "@kbn/rollup"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the @kbn/rollup plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup']
+---
+import kbnRollupObj from './kbn_rollup.devdocs.json';
+
+
+
+Contact [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 3 | 0 | 3 | 0 |
+
+## Common
+
+### Functions
+<DocDefinitionList data={kbnRollupObj.common.functions}/>
+
+### Consts, variables and types
+<DocDefinitionList data={kbnRollupObj.common.misc}/>
+
diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx
index 3a36a6cad5926..98cce31db59df 100644
--- a/api_docs/kbn_router_to_openapispec.mdx
+++ b/api_docs/kbn_router_to_openapispec.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec
 title: "@kbn/router-to-openapispec"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/router-to-openapispec plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec']
 ---
 import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json';
diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx
index ff48953d6b839..c5d56d10ef97c 100644
--- a/api_docs/kbn_router_utils.mdx
+++ b/api_docs/kbn_router_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils
 title: "@kbn/router-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/router-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils']
 ---
 import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json';
diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx
index 2938c97001f60..207d4e38f8574 100644
--- a/api_docs/kbn_rrule.mdx
+++ b/api_docs/kbn_rrule.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule
 title: "@kbn/rrule"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rrule plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule']
 ---
 import kbnRruleObj from './kbn_rrule.devdocs.json';
diff --git a/api_docs/kbn_rule_data_utils.devdocs.json b/api_docs/kbn_rule_data_utils.devdocs.json
index 58d752abc2388..6315b9f454166 100644
--- a/api_docs/kbn_rule_data_utils.devdocs.json
+++ b/api_docs/kbn_rule_data_utils.devdocs.json
@@ -476,6 +476,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/rule-data-utils",
+        "id": "def-common.ALERT_PREVIOUS_ACTION_GROUP",
+        "type": "string",
+        "tags": [],
+        "label": "ALERT_PREVIOUS_ACTION_GROUP",
+        "description": [],
+        "signature": [
+          "\"kibana.alert.previous_action_group\""
+        ],
+        "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/rule-data-utils",
         "id": "def-common.ALERT_REASON",
@@ -1001,6 +1016,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/rule-data-utils",
+        "id": "def-common.ALERT_SEVERITY_IMPROVING",
+        "type": "string",
+        "tags": [],
+        "label": "ALERT_SEVERITY_IMPROVING",
+        "description": [],
+        "signature": [
+          "\"kibana.alert.severity_improving\""
+        ],
+        "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/rule-data-utils",
         "id": "def-common.ALERT_SEVERITY_WARNING",
@@ -1534,7 +1564,7 @@
         "label": "DefaultAlertFieldName",
         "description": [],
         "signature": [
-          "\"@timestamp\" | \"kibana\" | \"kibana.alert.rule.rule_type_id\" | \"kibana.alert.rule.consumer\" | \"kibana.alert.rule.execution.uuid\" | \"kibana.alert.instance.id\" | \"kibana.alert.rule.category\" | \"kibana.alert.rule.name\" | \"kibana.alert.rule.producer\" | \"kibana.alert.rule.revision\" | \"kibana.alert.rule.uuid\" | \"kibana.alert.status\" | \"kibana.alert.uuid\" | \"kibana.space_ids\" | \"kibana.alert.action_group\" | \"kibana.alert.case_ids\" | \"kibana.alert.consecutive_matches\" | \"kibana.alert.duration.us\" | \"kibana.alert.end\" | \"kibana.alert.flapping\" | \"kibana.alert.flapping_history\" | \"kibana.alert.last_detected\" | \"kibana.alert.maintenance_window_ids\" | \"kibana.alert.reason\" | \"kibana.alert.rule.execution.timestamp\" | \"kibana.alert.rule.parameters\" | \"kibana.alert.rule.tags\" | \"kibana.alert.start\" | \"kibana.alert.time_range\" | \"kibana.alert.url\" | \"kibana.alert.workflow_assignee_ids\" | \"kibana.alert.workflow_status\" | \"kibana.alert.workflow_tags\" | \"kibana.version\" | \"kibana.alert\" | \"kibana.alert.rule\""
+          "\"@timestamp\" | \"kibana\" | \"kibana.alert.rule.rule_type_id\" | \"kibana.alert.rule.consumer\" | \"kibana.alert.rule.execution.uuid\" | \"kibana.alert.instance.id\" | \"kibana.alert.rule.category\" | \"kibana.alert.rule.name\" | \"kibana.alert.rule.producer\" | \"kibana.alert.rule.revision\" | \"kibana.alert.rule.uuid\" | \"kibana.alert.status\" | \"kibana.alert.uuid\" | \"kibana.space_ids\" | \"kibana.alert.action_group\" | \"kibana.alert.case_ids\" | \"kibana.alert.consecutive_matches\" | \"kibana.alert.duration.us\" | \"kibana.alert.end\" | \"kibana.alert.flapping\" | \"kibana.alert.flapping_history\" | \"kibana.alert.last_detected\" | \"kibana.alert.maintenance_window_ids\" | \"kibana.alert.previous_action_group\" | \"kibana.alert.reason\" | \"kibana.alert.rule.execution.timestamp\" | \"kibana.alert.rule.parameters\" | \"kibana.alert.rule.tags\" | \"kibana.alert.severity_improving\" | \"kibana.alert.start\" | \"kibana.alert.time_range\" | \"kibana.alert.url\" | \"kibana.alert.workflow_assignee_ids\" | \"kibana.alert.workflow_status\" | \"kibana.alert.workflow_tags\" | \"kibana.version\" | \"kibana.alert\" | \"kibana.alert.rule\""
         ],
         "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx
index bcc4f8825b62b..fc2e92ca6d5cc 100644
--- a/api_docs/kbn_rule_data_utils.mdx
+++ b/api_docs/kbn_rule_data_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils
 title: "@kbn/rule-data-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rule-data-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils']
 ---
 import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-detections-response](https://github.com/orgs/elastic/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 125 | 0 | 122 | 0 |
+| 127 | 0 | 124 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx
index 3f3dd6ae50a6d..d2acf777896ce 100644
--- a/api_docs/kbn_saved_objects_settings.mdx
+++ b/api_docs/kbn_saved_objects_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings
 title: "@kbn/saved-objects-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/saved-objects-settings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings']
 ---
 import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json';
diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx
index 180f6feaa00b6..9ab91a9556692 100644
--- a/api_docs/kbn_search_api_panels.mdx
+++ b/api_docs/kbn_search_api_panels.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels
 title: "@kbn/search-api-panels"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-api-panels plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels']
 ---
 import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json';
diff --git a/api_docs/kbn_search_connectors.devdocs.json b/api_docs/kbn_search_connectors.devdocs.json
index 3cf388d6f1656..5ef0ca703940d 100644
--- a/api_docs/kbn_search_connectors.devdocs.json
+++ b/api_docs/kbn_search_connectors.devdocs.json
@@ -23451,13 +23451,10 @@
                       {
                         "parentPluginId": "@kbn/search-connectors",
                         "id": "def-common.NATIVE_CONNECTOR_DEFINITIONS.jira.configuration.account_email.tooltip",
-                        "type": "Uncategorized",
+                        "type": "string",
                         "tags": [],
                         "label": "tooltip",
                         "description": [],
-                        "signature": [
-                          "null"
-                        ],
                         "path": "packages/kbn-search-connectors/types/native_connectors.ts",
                         "deprecated": false,
                         "trackAdoption": false
diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx
index b9c9c36ee0cc4..85a231d535bd1 100644
--- a/api_docs/kbn_search_connectors.mdx
+++ b/api_docs/kbn_search_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors
 title: "@kbn/search-connectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-connectors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors']
 ---
 import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json';
diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx
index 95d9c212126d9..26b9bea3667a8 100644
--- a/api_docs/kbn_search_errors.mdx
+++ b/api_docs/kbn_search_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors
 title: "@kbn/search-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-errors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors']
 ---
 import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json';
diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx
index af6487fc4bd74..ac22ee2209b86 100644
--- a/api_docs/kbn_search_index_documents.mdx
+++ b/api_docs/kbn_search_index_documents.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents
 title: "@kbn/search-index-documents"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-index-documents plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents']
 ---
 import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json';
diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx
index 164bc07bfde00..47915730e17c5 100644
--- a/api_docs/kbn_search_response_warnings.mdx
+++ b/api_docs/kbn_search_response_warnings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings
 title: "@kbn/search-response-warnings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-response-warnings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings']
 ---
 import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json';
diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx
index bde8f9b48769a..9cfb066c504e2 100644
--- a/api_docs/kbn_search_types.mdx
+++ b/api_docs/kbn_search_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types
 title: "@kbn/search-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types']
 ---
 import kbnSearchTypesObj from './kbn_search_types.devdocs.json';
diff --git a/api_docs/kbn_security_api_key_management.devdocs.json b/api_docs/kbn_security_api_key_management.devdocs.json
new file mode 100644
index 0000000000000..5fd86dcf3f8c8
--- /dev/null
+++ b/api_docs/kbn_security_api_key_management.devdocs.json
@@ -0,0 +1,1226 @@
+{
+  "id": "@kbn/security-api-key-management",
+  "client": {
+    "classes": [
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.APIKeysAPIClient",
+        "type": "Class",
+        "tags": [],
+        "label": "APIKeysAPIClient",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.APIKeysAPIClient.Unnamed",
+            "type": "Function",
+            "tags": [],
+            "label": "Constructor",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.Unnamed.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "http",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/core-http-browser",
+                    "scope": "common",
+                    "docId": "kibKbnCoreHttpBrowserPluginApi",
+                    "section": "def-common.HttpSetup",
+                    "text": "HttpSetup"
+                  }
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.APIKeysAPIClient.queryApiKeys",
+            "type": "Function",
+            "tags": [],
+            "label": "queryApiKeys",
+            "description": [],
+            "signature": [
+              "(params?: ",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.QueryApiKeyParams",
+                "text": "QueryApiKeyParams"
+              },
+              " | undefined) => Promise<",
+              {
+                "pluginId": "@kbn/security-plugin-types-common",
+                "scope": "common",
+                "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+                "section": "def-common.QueryApiKeyResult",
+                "text": "QueryApiKeyResult"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.queryApiKeys.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/security-api-key-management",
+                    "scope": "public",
+                    "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                    "section": "def-public.QueryApiKeyParams",
+                    "text": "QueryApiKeyParams"
+                  },
+                  " | undefined"
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.APIKeysAPIClient.invalidateApiKeys",
+            "type": "Function",
+            "tags": [],
+            "label": "invalidateApiKeys",
+            "description": [],
+            "signature": [
+              "(apiKeys: ",
+              {
+                "pluginId": "@kbn/security-plugin-types-common",
+                "scope": "common",
+                "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+                "section": "def-common.ApiKeyToInvalidate",
+                "text": "ApiKeyToInvalidate"
+              },
+              "[], isAdmin?: boolean) => Promise<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.InvalidateApiKeysResponse",
+                "text": "InvalidateApiKeysResponse"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.invalidateApiKeys.$1",
+                "type": "Array",
+                "tags": [],
+                "label": "apiKeys",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/security-plugin-types-common",
+                    "scope": "common",
+                    "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+                    "section": "def-common.ApiKeyToInvalidate",
+                    "text": "ApiKeyToInvalidate"
+                  },
+                  "[]"
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.invalidateApiKeys.$2",
+                "type": "boolean",
+                "tags": [],
+                "label": "isAdmin",
+                "description": [],
+                "signature": [
+                  "boolean"
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.APIKeysAPIClient.createApiKey",
+            "type": "Function",
+            "tags": [],
+            "label": "createApiKey",
+            "description": [],
+            "signature": [
+              "(apiKey: ",
+              {
+                "pluginId": "@kbn/security-plugin-types-server",
+                "scope": "server",
+                "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+                "section": "def-server.CreateAPIKeyParams",
+                "text": "CreateAPIKeyParams"
+              },
+              ") => Promise<",
+              "SecurityCreateApiKeyResponse",
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.createApiKey.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "apiKey",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/security-plugin-types-server",
+                    "scope": "server",
+                    "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+                    "section": "def-server.CreateAPIKeyParams",
+                    "text": "CreateAPIKeyParams"
+                  }
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.APIKeysAPIClient.updateApiKey",
+            "type": "Function",
+            "tags": [],
+            "label": "updateApiKey",
+            "description": [],
+            "signature": [
+              "(apiKey: ",
+              {
+                "pluginId": "@kbn/security-plugin-types-server",
+                "scope": "server",
+                "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+                "section": "def-server.UpdateAPIKeyParams",
+                "text": "UpdateAPIKeyParams"
+              },
+              ") => Promise<",
+              "SecurityUpdateApiKeyResponse",
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-api-key-management",
+                "id": "def-public.APIKeysAPIClient.updateApiKey.$1",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "apiKey",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/security-plugin-types-server",
+                    "scope": "server",
+                    "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+                    "section": "def-server.UpdateAPIKeyParams",
+                    "text": "UpdateAPIKeyParams"
+                  }
+                ],
+                "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "functions": [
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyBadge",
+        "type": "Function",
+        "tags": [],
+        "label": "ApiKeyBadge",
+        "description": [],
+        "signature": [
+          "({ type }: React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyBadgeProps",
+            "text": "ApiKeyBadgeProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyBadge.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{ type }",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyBadgeProps",
+                "text": "ApiKeyBadgeProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyCreatedCallout",
+        "type": "Function",
+        "tags": [],
+        "label": "ApiKeyCreatedCallout",
+        "description": [],
+        "signature": [
+          "({ createdApiKey, }: React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyCreatedCalloutProps",
+            "text": "ApiKeyCreatedCalloutProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyCreatedCallout.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{\n  createdApiKey,\n}",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyCreatedCalloutProps",
+                "text": "ApiKeyCreatedCalloutProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyFlyout",
+        "type": "Function",
+        "tags": [],
+        "label": "ApiKeyFlyout",
+        "description": [],
+        "signature": [
+          "({ onSuccess, onCancel, defaultExpiration, defaultMetadata, defaultRoleDescriptors, apiKey, canManageCrossClusterApiKeys, readOnly, currentUser, isLoadingCurrentUser, }: React.PropsWithChildren<(",
+          "DisambiguateSet",
+          "<CreateApiKeyFlyoutProps, UpdateApiKeyFlyoutProps> & UpdateApiKeyFlyoutProps) | (",
+          "DisambiguateSet",
+          "<UpdateApiKeyFlyoutProps, CreateApiKeyFlyoutProps> & CreateApiKeyFlyoutProps)>) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFlyout.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{\n  onSuccess,\n  onCancel,\n  defaultExpiration,\n  defaultMetadata,\n  defaultRoleDescriptors,\n  apiKey,\n  canManageCrossClusterApiKeys = false,\n  readOnly = false,\n  currentUser,\n  isLoadingCurrentUser,\n}",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<(",
+              "DisambiguateSet",
+              "<CreateApiKeyFlyoutProps, UpdateApiKeyFlyoutProps> & UpdateApiKeyFlyoutProps) | (",
+              "DisambiguateSet",
+              "<UpdateApiKeyFlyoutProps, CreateApiKeyFlyoutProps> & CreateApiKeyFlyoutProps)>"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeySelectableTokenField",
+        "type": "Function",
+        "tags": [],
+        "label": "ApiKeySelectableTokenField",
+        "description": [],
+        "signature": [
+          "({ createdApiKey, }: React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyCreatedCalloutProps",
+            "text": "ApiKeyCreatedCalloutProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeySelectableTokenField.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{\n  createdApiKey,\n}",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyCreatedCalloutProps",
+                "text": "ApiKeyCreatedCalloutProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyStatus",
+        "type": "Function",
+        "tags": [],
+        "label": "ApiKeyStatus",
+        "description": [],
+        "signature": [
+          "({ expiration }: React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyStatusProps",
+            "text": "ApiKeyStatusProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyStatus.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{ expiration }",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyStatusProps",
+                "text": "ApiKeyStatusProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.mapCreateApiKeyValues",
+        "type": "Function",
+        "tags": [],
+        "label": "mapCreateApiKeyValues",
+        "description": [],
+        "signature": [
+          "(values: ",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyFormValues",
+            "text": "ApiKeyFormValues"
+          },
+          ") => ",
+          {
+            "pluginId": "@kbn/security-plugin-types-server",
+            "scope": "server",
+            "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+            "section": "def-server.CreateAPIKeyParams",
+            "text": "CreateAPIKeyParams"
+          }
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.mapCreateApiKeyValues.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "values",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyFormValues",
+                "text": "ApiKeyFormValues"
+              }
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.mapUpdateApiKeyValues",
+        "type": "Function",
+        "tags": [],
+        "label": "mapUpdateApiKeyValues",
+        "description": [],
+        "signature": [
+          "(type: \"managed\" | \"rest\" | \"cross_cluster\", id: string, values: ",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.ApiKeyFormValues",
+            "text": "ApiKeyFormValues"
+          },
+          ") => ",
+          {
+            "pluginId": "@kbn/security-plugin-types-server",
+            "scope": "server",
+            "docId": "kibKbnSecurityPluginTypesServerPluginApi",
+            "section": "def-server.UpdateAPIKeyParams",
+            "text": "UpdateAPIKeyParams"
+          }
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.mapUpdateApiKeyValues.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"managed\" | \"rest\" | \"cross_cluster\""
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.mapUpdateApiKeyValues.$2",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "signature": [
+              "string"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.mapUpdateApiKeyValues.$3",
+            "type": "Object",
+            "tags": [],
+            "label": "values",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.ApiKeyFormValues",
+                "text": "ApiKeyFormValues"
+              }
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.TimeToolTip",
+        "type": "Function",
+        "tags": [],
+        "label": "TimeToolTip",
+        "description": [],
+        "signature": [
+          "({ timestamp, children }: React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-api-key-management",
+            "scope": "public",
+            "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+            "section": "def-public.TimeToolTipProps",
+            "text": "TimeToolTipProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.TimeToolTip.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{ timestamp, children }",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.TimeToolTipProps",
+                "text": "TimeToolTipProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      }
+    ],
+    "interfaces": [
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyBadgeProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiKeyBadgeProps",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyBadgeProps.type",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"managed\" | \"rest\" | \"cross_cluster\""
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyCreatedCalloutProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiKeyCreatedCalloutProps",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyCreatedCalloutProps.createdApiKey",
+            "type": "Object",
+            "tags": [],
+            "label": "createdApiKey",
+            "description": [],
+            "signature": [
+              "SecurityCreateApiKeyResponse"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyFormValues",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiKeyFormValues",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.expiration",
+            "type": "string",
+            "tags": [],
+            "label": "expiration",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.customExpiration",
+            "type": "boolean",
+            "tags": [],
+            "label": "customExpiration",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.customPrivileges",
+            "type": "boolean",
+            "tags": [],
+            "label": "customPrivileges",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.includeMetadata",
+            "type": "boolean",
+            "tags": [],
+            "label": "includeMetadata",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.access",
+            "type": "string",
+            "tags": [],
+            "label": "access",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.role_descriptors",
+            "type": "string",
+            "tags": [],
+            "label": "role_descriptors",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.ApiKeyFormValues.metadata",
+            "type": "string",
+            "tags": [],
+            "label": "metadata",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.InvalidateApiKeysResponse",
+        "type": "Interface",
+        "tags": [],
+        "label": "InvalidateApiKeysResponse",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.InvalidateApiKeysResponse.itemsInvalidated",
+            "type": "Array",
+            "tags": [],
+            "label": "itemsInvalidated",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-plugin-types-common",
+                "scope": "common",
+                "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+                "section": "def-common.ApiKeyToInvalidate",
+                "text": "ApiKeyToInvalidate"
+              },
+              "[]"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.InvalidateApiKeysResponse.errors",
+            "type": "Array",
+            "tags": [],
+            "label": "errors",
+            "description": [],
+            "signature": [
+              "any[]"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.QueryApiKeyParams",
+        "type": "Interface",
+        "tags": [],
+        "label": "QueryApiKeyParams",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryApiKeyParams.query",
+            "type": "Object",
+            "tags": [],
+            "label": "query",
+            "description": [],
+            "signature": [
+              "QueryContainer"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryApiKeyParams.from",
+            "type": "number",
+            "tags": [],
+            "label": "from",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryApiKeyParams.size",
+            "type": "number",
+            "tags": [],
+            "label": "size",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryApiKeyParams.sort",
+            "type": "Object",
+            "tags": [],
+            "label": "sort",
+            "description": [],
+            "signature": [
+              "{ field: \"id\" | \"type\" | \"name\" | \"username\" | \"profile_uid\" | \"metadata\" | \"expired\" | \"creation\" | \"expiration\" | \"role_descriptors\" | \"realm\" | \"invalidated\" | \"realm_type\" | \"limited_by\" | \"_sort\"; direction: \"asc\" | \"desc\"; }"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryApiKeyParams.filters",
+            "type": "Object",
+            "tags": [],
+            "label": "filters",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-api-key-management",
+                "scope": "public",
+                "docId": "kibKbnSecurityApiKeyManagementPluginApi",
+                "section": "def-public.QueryFilters",
+                "text": "QueryFilters"
+              }
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.QueryFilters",
+        "type": "Interface",
+        "tags": [],
+        "label": "QueryFilters",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryFilters.usernames",
+            "type": "Array",
+            "tags": [],
+            "label": "usernames",
+            "description": [],
+            "signature": [
+              "string[] | undefined"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryFilters.type",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"managed\" | \"rest\" | \"cross_cluster\" | undefined"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.QueryFilters.expired",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "expired",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.TimeToolTipProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "TimeToolTipProps",
+        "description": [],
+        "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-api-key-management",
+            "id": "def-public.TimeToolTipProps.timestamp",
+            "type": "number",
+            "tags": [],
+            "label": "timestamp",
+            "description": [],
+            "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyFlyoutProps",
+        "type": "Type",
+        "tags": [],
+        "label": "ApiKeyFlyoutProps",
+        "description": [],
+        "signature": [
+          "(",
+          "DisambiguateSet",
+          "<CreateApiKeyFlyoutProps, UpdateApiKeyFlyoutProps> & UpdateApiKeyFlyoutProps) | (",
+          "DisambiguateSet",
+          "<UpdateApiKeyFlyoutProps, CreateApiKeyFlyoutProps> & CreateApiKeyFlyoutProps)"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.ApiKeyStatusProps",
+        "type": "Type",
+        "tags": [],
+        "label": "ApiKeyStatusProps",
+        "description": [],
+        "signature": [
+          "{ expiration?: number | undefined; }"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.CreateAPIKeyParams",
+        "type": "Type",
+        "tags": [],
+        "label": "CreateAPIKeyParams",
+        "description": [],
+        "signature": [
+          "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { name: string; role_descriptors: Record<string, Readonly<{} & {}>>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { name: string; kibana_role_descriptors: Record<string, Readonly<{} & { kibana: Readonly<{ base?: string[] | undefined; feature?: Record<string, string[]> | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { type: \"cross_cluster\"; name: string; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.CreateAPIKeyResult",
+        "type": "Type",
+        "tags": [],
+        "label": "CreateAPIKeyResult",
+        "description": [
+          "\nResponse of Kibana Create API key endpoint."
+        ],
+        "signature": [
+          "SecurityCreateApiKeyResponse"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.QueryApiKeySortOptions",
+        "type": "Type",
+        "tags": [],
+        "label": "QueryApiKeySortOptions",
+        "description": [],
+        "signature": [
+          "{ field: \"id\" | \"type\" | \"name\" | \"username\" | \"profile_uid\" | \"metadata\" | \"expired\" | \"creation\" | \"expiration\" | \"role_descriptors\" | \"realm\" | \"invalidated\" | \"realm_type\" | \"limited_by\" | \"_sort\"; direction: \"asc\" | \"desc\"; }"
+        ],
+        "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.UpdateAPIKeyParams",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateAPIKeyParams",
+        "description": [
+          "\nRequest body of Kibana Update API key endpoint."
+        ],
+        "signature": [
+          "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; role_descriptors: Record<string, Readonly<{} & {}>>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; type: \"cross_cluster\"; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; kibana_role_descriptors: Record<string, Readonly<{} & { kibana: Readonly<{ base?: string[] | undefined; feature?: Record<string, string[]> | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-api-key-management",
+        "id": "def-public.UpdateAPIKeyResult",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateAPIKeyResult",
+        "description": [
+          "\nResponse of Kibana Update API key endpoint."
+        ],
+        "signature": [
+          "SecurityUpdateApiKeyResponse"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx
new file mode 100644
index 0000000000000..54ad93fae2244
--- /dev/null
+++ b/api_docs/kbn_security_api_key_management.mdx
@@ -0,0 +1,39 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibKbnSecurityApiKeyManagementPluginApi
+slug: /kibana-dev-docs/api/kbn-security-api-key-management
+title: "@kbn/security-api-key-management"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the @kbn/security-api-key-management plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management']
+---
+import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json';
+
+
+
+Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 66 | 0 | 63 | 0 |
+
+## Client
+
+### Functions
+<DocDefinitionList data={kbnSecurityApiKeyManagementObj.client.functions}/>
+
+### Classes
+<DocDefinitionList data={kbnSecurityApiKeyManagementObj.client.classes}/>
+
+### Interfaces
+<DocDefinitionList data={kbnSecurityApiKeyManagementObj.client.interfaces}/>
+
+### Consts, variables and types
+<DocDefinitionList data={kbnSecurityApiKeyManagementObj.client.misc}/>
+
diff --git a/api_docs/kbn_security_form_components.devdocs.json b/api_docs/kbn_security_form_components.devdocs.json
new file mode 100644
index 0000000000000..e6456ca9c7abd
--- /dev/null
+++ b/api_docs/kbn_security_form_components.devdocs.json
@@ -0,0 +1,727 @@
+{
+  "id": "@kbn/security-form-components",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "common": {
+    "classes": [],
+    "functions": [
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.createFieldValidator",
+        "type": "Function",
+        "tags": [],
+        "label": "createFieldValidator",
+        "description": [],
+        "signature": [
+          "(options: ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.ValidateOptions",
+            "text": "ValidateOptions"
+          },
+          ") => ",
+          "FieldValidator"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.createFieldValidator.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "options",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.ValidateOptions",
+                "text": "ValidateOptions"
+              }
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormChangesProvider",
+        "type": "Function",
+        "tags": [],
+        "label": "FormChangesProvider",
+        "description": [],
+        "signature": [
+          "React.ProviderExoticComponent<React.ProviderProps<",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormChangesProps",
+            "text": "FormChangesProps"
+          },
+          " | undefined>>"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormChangesProvider.$1",
+            "type": "Uncategorized",
+            "tags": [],
+            "label": "props",
+            "description": [],
+            "signature": [
+              "P"
+            ],
+            "path": "node_modules/@types/react/index.d.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormField",
+        "type": "Function",
+        "tags": [
+          "throws"
+        ],
+        "label": "FormField",
+        "description": [
+          "\nPolymorphic component that renders a form field with all state required for inline validation.\n"
+        ],
+        "signature": [
+          "({\n  as,\n  validate,\n  onBlur,\n  ...rest\n}: ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormFieldProps",
+            "text": "FormFieldProps"
+          },
+          "<T> & Omit<React.PropsWithoutRef<React.ComponentProps<T>>, keyof ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormFieldProps",
+            "text": "FormFieldProps"
+          },
+          "<T>>) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormField.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "{\n  as,\n  validate,\n  onBlur,\n  ...rest\n}",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.FormFieldProps",
+                "text": "FormFieldProps"
+              },
+              "<T> & Omit<React.PropsWithoutRef<React.ComponentProps<T>>, keyof ",
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.FormFieldProps",
+                "text": "FormFieldProps"
+              },
+              "<T>>"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormLabel",
+        "type": "Function",
+        "tags": [
+          "throws",
+          "throws"
+        ],
+        "label": "FormLabel",
+        "description": [
+          "\nComponent that visually indicates whether a field value has changed.\n"
+        ],
+        "signature": [
+          "(props: React.PropsWithChildren<React.PropsWithChildren<",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormLabelProps",
+            "text": "FormLabelProps"
+          },
+          ">>) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_label.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormLabel.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "props",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<React.PropsWithChildren<",
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.FormLabelProps",
+                "text": "FormLabelProps"
+              },
+              ">>"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_label.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormRow",
+        "type": "Function",
+        "tags": [
+          "throws",
+          "throws"
+        ],
+        "label": "FormRow",
+        "description": [
+          "\nComponent that renders a form row with all error states for inline validation.\n"
+        ],
+        "signature": [
+          "(props: React.PropsWithChildren<((",
+          "DisambiguateSet",
+          "<LabelProps, LegendProps> & { labelType?: \"legend\" | undefined; } & ",
+          "CommonProps",
+          " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement<any, string | React.JSXElementConstructor<any>>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & Omit<React.HTMLAttributes<HTMLFieldSetElement>, \"disabled\">) | (",
+          "DisambiguateSet",
+          "<LegendProps, LabelProps> & { labelType?: \"label\" | undefined; } & ",
+          "CommonProps",
+          " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement<any, string | React.JSXElementConstructor<any>>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & React.HTMLAttributes<HTMLDivElement>)) & ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormRowProps",
+            "text": "FormRowProps"
+          },
+          ">) => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_row.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormRow.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "props",
+            "description": [],
+            "signature": [
+              "React.PropsWithChildren<((",
+              "DisambiguateSet",
+              "<LabelProps, LegendProps> & { labelType?: \"legend\" | undefined; } & ",
+              "CommonProps",
+              " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement<any, string | React.JSXElementConstructor<any>>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & Omit<React.HTMLAttributes<HTMLFieldSetElement>, \"disabled\">) | (",
+              "DisambiguateSet",
+              "<LegendProps, LabelProps> & { labelType?: \"label\" | undefined; } & ",
+              "CommonProps",
+              " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement<any, string | React.JSXElementConstructor<any>>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & React.HTMLAttributes<HTMLDivElement>)) & ",
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.FormRowProps",
+                "text": "FormRowProps"
+              },
+              ">"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_row.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.OptionalText",
+        "type": "Function",
+        "tags": [],
+        "label": "OptionalText",
+        "description": [],
+        "signature": [
+          "() => JSX.Element"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_row.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.useFormChanges",
+        "type": "Function",
+        "tags": [],
+        "label": "useFormChanges",
+        "description": [
+          "\nCustom React hook that allows tracking changes within a form.\n"
+        ],
+        "signature": [
+          "() => ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormChangesProps",
+            "text": "FormChangesProps"
+          }
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.useFormChangesContext",
+        "type": "Function",
+        "tags": [
+          "throws"
+        ],
+        "label": "useFormChangesContext",
+        "description": [
+          "\nCustom React hook that returns all @see FormChangesProps state from context.\n"
+        ],
+        "signature": [
+          "() => ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormChangesProps",
+            "text": "FormChangesProps"
+          }
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [],
+        "returnComment": [],
+        "initialIsOpen": false
+      }
+    ],
+    "interfaces": [
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormChangesProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "FormChangesProps",
+        "description": [],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormChangesProps.count",
+            "type": "number",
+            "tags": [],
+            "label": "count",
+            "description": [
+              "\nNumber of fields rendered on the page that have changed."
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormChangesProps.report",
+            "type": "Function",
+            "tags": [],
+            "label": "report",
+            "description": [
+              "\nCallback function used by a form field to indicate whether its current value is different to its initial value.\n"
+            ],
+            "signature": [
+              "(isEqual: boolean) => ",
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.RevertFunction",
+                "text": "RevertFunction"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "returnComment": [],
+            "children": [
+              {
+                "parentPluginId": "@kbn/security-form-components",
+                "id": "def-common.FormChangesProps.report.$1",
+                "type": "boolean",
+                "tags": [],
+                "label": "isEqual",
+                "description": [],
+                "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+                "deprecated": false,
+                "trackAdoption": false
+              }
+            ]
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormFieldProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "FormFieldProps",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.FormFieldProps",
+            "text": "FormFieldProps"
+          },
+          "<T>"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormFieldProps.as",
+            "type": "Uncategorized",
+            "tags": [],
+            "label": "as",
+            "description": [],
+            "signature": [
+              "T | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormFieldProps.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormFieldProps.validate",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "validate",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-form-components",
+                "scope": "common",
+                "docId": "kibKbnSecurityFormComponentsPluginApi",
+                "section": "def-common.ValidateOptions",
+                "text": "ValidateOptions"
+              },
+              " | ",
+              "FieldValidator",
+              " | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormLabelProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "FormLabelProps",
+        "description": [],
+        "path": "x-pack/packages/security/form_components/src/form_label.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormLabelProps.for",
+            "type": "string",
+            "tags": [],
+            "label": "for",
+            "description": [
+              "\nName of target form field."
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_label.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.FormRowProps",
+        "type": "Interface",
+        "tags": [],
+        "label": "FormRowProps",
+        "description": [],
+        "path": "x-pack/packages/security/form_components/src/form_row.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.FormRowProps.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [
+              "\nOptional name of form field.\n\nIf not provided the name will be inferred from its child element."
+            ],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_row.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.ValidateOptions",
+        "type": "Interface",
+        "tags": [],
+        "label": "ValidateOptions",
+        "description": [],
+        "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.required",
+            "type": "string",
+            "tags": [],
+            "label": "required",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.pattern",
+            "type": "Object",
+            "tags": [],
+            "label": "pattern",
+            "description": [],
+            "signature": [
+              "{ value: RegExp; message: string; } | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.minLength",
+            "type": "Object",
+            "tags": [],
+            "label": "minLength",
+            "description": [],
+            "signature": [
+              "{ value: number; message: string; } | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.maxLength",
+            "type": "Object",
+            "tags": [],
+            "label": "maxLength",
+            "description": [],
+            "signature": [
+              "{ value: number; message: string; } | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.min",
+            "type": "Object",
+            "tags": [],
+            "label": "min",
+            "description": [],
+            "signature": [
+              "{ value: number; message: string; } | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ValidateOptions.max",
+            "type": "Object",
+            "tags": [],
+            "label": "max",
+            "description": [],
+            "signature": [
+              "{ value: number; message: string; } | undefined"
+            ],
+            "path": "x-pack/packages/security/form_components/src/form_field.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.ReportFunction",
+        "type": "Type",
+        "tags": [],
+        "label": "ReportFunction",
+        "description": [],
+        "signature": [
+          "(isEqual: boolean) => ",
+          {
+            "pluginId": "@kbn/security-form-components",
+            "scope": "common",
+            "docId": "kibKbnSecurityFormComponentsPluginApi",
+            "section": "def-common.RevertFunction",
+            "text": "RevertFunction"
+          },
+          " | undefined"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-form-components",
+            "id": "def-common.ReportFunction.$1",
+            "type": "boolean",
+            "tags": [],
+            "label": "isEqual",
+            "description": [],
+            "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-form-components",
+        "id": "def-common.RevertFunction",
+        "type": "Type",
+        "tags": [],
+        "label": "RevertFunction",
+        "description": [],
+        "signature": [
+          "() => void"
+        ],
+        "path": "x-pack/packages/security/form_components/src/form_changes.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [],
+        "initialIsOpen": false
+      }
+    ],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx
new file mode 100644
index 0000000000000..2cc84adcae9f6
--- /dev/null
+++ b/api_docs/kbn_security_form_components.mdx
@@ -0,0 +1,36 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibKbnSecurityFormComponentsPluginApi
+slug: /kibana-dev-docs/api/kbn-security-form-components
+title: "@kbn/security-form-components"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the @kbn/security-form-components plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components']
+---
+import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json';
+
+
+
+Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 35 | 0 | 25 | 0 |
+
+## Common
+
+### Functions
+<DocDefinitionList data={kbnSecurityFormComponentsObj.common.functions}/>
+
+### Interfaces
+<DocDefinitionList data={kbnSecurityFormComponentsObj.common.interfaces}/>
+
+### Consts, variables and types
+<DocDefinitionList data={kbnSecurityFormComponentsObj.common.misc}/>
+
diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx
index d77972c92b169..2f6d259c8e092 100644
--- a/api_docs/kbn_security_hardening.mdx
+++ b/api_docs/kbn_security_hardening.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening
 title: "@kbn/security-hardening"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-hardening plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening']
 ---
 import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json';
diff --git a/api_docs/kbn_security_plugin_types_common.devdocs.json b/api_docs/kbn_security_plugin_types_common.devdocs.json
index 804df8e1e3d13..4bb4d0397c70f 100644
--- a/api_docs/kbn_security_plugin_types_common.devdocs.json
+++ b/api_docs/kbn_security_plugin_types_common.devdocs.json
@@ -20,6 +20,119 @@
     "classes": [],
     "functions": [],
     "interfaces": [
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.ApiKeyAggregations",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiKeyAggregations",
+        "description": [],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyAggregations.usernames",
+            "type": "Object",
+            "tags": [],
+            "label": "usernames",
+            "description": [],
+            "signature": [
+              "AggregationsStringTermsAggregate",
+              " | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyAggregations.types",
+            "type": "Object",
+            "tags": [],
+            "label": "types",
+            "description": [],
+            "signature": [
+              "AggregationsStringTermsAggregate",
+              " | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyAggregations.expired",
+            "type": "Object",
+            "tags": [],
+            "label": "expired",
+            "description": [],
+            "signature": [
+              "AggregationsFilterAggregateKeys",
+              " | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyAggregations.managed",
+            "type": "Object",
+            "tags": [],
+            "label": "managed",
+            "description": [],
+            "signature": [
+              "{ buckets: { metadataBased: ",
+              "AggregationsFilterAggregateKeys",
+              "; namePrefixBased: ",
+              "AggregationsFilterAggregateKeys",
+              "; }; } | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.ApiKeyToInvalidate",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiKeyToInvalidate",
+        "description": [],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyToInvalidate.id",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ApiKeyToInvalidate.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-common",
         "id": "def-common.AuthenticatedUser",
@@ -203,6 +316,211 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.BaseApiKey",
+        "type": "Interface",
+        "tags": [],
+        "label": "BaseApiKey",
+        "description": [
+          "\nFixing up `estypes.SecurityApiKey` type since some fields are marked as optional even though they are guaranteed to be returned.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated."
+        ],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.BaseApiKey",
+            "text": "BaseApiKey"
+          },
+          " extends ",
+          "SecurityApiKey"
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.BaseApiKey.username",
+            "type": "string",
+            "tags": [],
+            "label": "username",
+            "description": [],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.BaseApiKey.realm",
+            "type": "string",
+            "tags": [],
+            "label": "realm",
+            "description": [],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.BaseApiKey.creation",
+            "type": "number",
+            "tags": [],
+            "label": "creation",
+            "description": [],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.BaseApiKey.metadata",
+            "type": "Object",
+            "tags": [],
+            "label": "metadata",
+            "description": [],
+            "signature": [
+              "{ [x: string]: any; }"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.BaseApiKey.role_descriptors",
+            "type": "Object",
+            "tags": [],
+            "label": "role_descriptors",
+            "description": [],
+            "signature": [
+              "{ [x: string]: ",
+              "SecurityRoleDescriptor",
+              "; }"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.CrossClusterApiKey",
+        "type": "Interface",
+        "tags": [],
+        "label": "CrossClusterApiKey",
+        "description": [
+          "\nInterface representing a cross-cluster API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated."
+        ],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.CrossClusterApiKey",
+            "text": "CrossClusterApiKey"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.BaseApiKey",
+            "text": "BaseApiKey"
+          }
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.CrossClusterApiKey.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"cross_cluster\""
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.CrossClusterApiKey.access",
+            "type": "Object",
+            "tags": [],
+            "label": "access",
+            "description": [
+              "\nThe access to be granted to this API key. The access is composed of permissions for cross-cluster\nsearch and cross-cluster replication. At least one of them must be specified."
+            ],
+            "signature": [
+              {
+                "pluginId": "@kbn/security-plugin-types-common",
+                "scope": "common",
+                "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+                "section": "def-common.CrossClusterApiKeyAccess",
+                "text": "CrossClusterApiKeyAccess"
+              }
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.CrossClusterApiKeyAccess",
+        "type": "Interface",
+        "tags": [],
+        "label": "CrossClusterApiKeyAccess",
+        "description": [],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.CrossClusterApiKeyAccess.search",
+            "type": "Array",
+            "tags": [],
+            "label": "search",
+            "description": [
+              "\nA list of indices permission entries for cross-cluster search."
+            ],
+            "signature": [
+              "CrossClusterApiKeySearch[] | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.CrossClusterApiKeyAccess.replication",
+            "type": "Array",
+            "tags": [],
+            "label": "replication",
+            "description": [
+              "\nA list of indices permission entries for cross-cluster replication."
+            ],
+            "signature": [
+              "CrossClusterApiKeyReplication[] | undefined"
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-common",
         "id": "def-common.FeaturesPrivileges",
@@ -231,6 +549,100 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.ManagedApiKey",
+        "type": "Interface",
+        "tags": [],
+        "label": "ManagedApiKey",
+        "description": [
+          "\nInterface representing a REST API key that is managed by Kibana."
+        ],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.ManagedApiKey",
+            "text": "ManagedApiKey"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.BaseApiKey",
+            "text": "BaseApiKey"
+          }
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.ManagedApiKey.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"managed\""
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.RestApiKey",
+        "type": "Interface",
+        "tags": [],
+        "label": "RestApiKey",
+        "description": [
+          "\nInterface representing a REST API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated."
+        ],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.RestApiKey",
+            "text": "RestApiKey"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.BaseApiKey",
+            "text": "BaseApiKey"
+          }
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-common",
+            "id": "def-common.RestApiKey.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "signature": [
+              "\"rest\""
+            ],
+            "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-common",
         "id": "def-common.Role",
@@ -1406,6 +1818,87 @@
     ],
     "enums": [],
     "misc": [
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.ApiKey",
+        "type": "Type",
+        "tags": [],
+        "label": "ApiKey",
+        "description": [
+          "\nInterface representing an API key the way it is returned by Elasticsearch GET endpoint."
+        ],
+        "signature": [
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.RestApiKey",
+            "text": "RestApiKey"
+          },
+          " | ",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.CrossClusterApiKey",
+            "text": "CrossClusterApiKey"
+          }
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.ApiKeyRoleDescriptors",
+        "type": "Type",
+        "tags": [],
+        "label": "ApiKeyRoleDescriptors",
+        "description": [],
+        "signature": [
+          "{ [x: string]: ",
+          "SecurityRoleDescriptor",
+          "; }"
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.CategorizedApiKey",
+        "type": "Type",
+        "tags": [],
+        "label": "CategorizedApiKey",
+        "description": [
+          "\nInterface representing an API key the way it is presented in the Kibana UI  (with Kibana system\nAPI keys given its own dedicated `managed` type)."
+        ],
+        "signature": [
+          "(",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.ApiKey",
+            "text": "ApiKey"
+          },
+          " | ",
+          {
+            "pluginId": "@kbn/security-plugin-types-common",
+            "scope": "common",
+            "docId": "kibKbnSecurityPluginTypesCommonPluginApi",
+            "section": "def-common.ManagedApiKey",
+            "text": "ManagedApiKey"
+          },
+          ") & { expired: boolean; }"
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-common",
         "id": "def-common.LoginLayout",
@@ -1423,6 +1916,23 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-common",
+        "id": "def-common.QueryApiKeyResult",
+        "type": "Type",
+        "tags": [],
+        "label": "QueryApiKeyResult",
+        "description": [
+          "\nResponse of Kibana Query API keys endpoint."
+        ],
+        "signature": [
+          "SuccessQueryApiKeyResult | ErrorQueryApiKeyResult"
+        ],
+        "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-common",
         "id": "def-common.UserProfileData",
diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx
index 6af26b6b71fbf..838090933be74 100644
--- a/api_docs/kbn_security_plugin_types_common.mdx
+++ b/api_docs/kbn_security_plugin_types_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common
 title: "@kbn/security-plugin-types-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-common plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common']
 ---
 import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 88 | 0 | 40 | 0 |
+| 116 | 0 | 58 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_security_plugin_types_public.devdocs.json b/api_docs/kbn_security_plugin_types_public.devdocs.json
index 637e988957f0e..17c1ecb22d341 100644
--- a/api_docs/kbn_security_plugin_types_public.devdocs.json
+++ b/api_docs/kbn_security_plugin_types_public.devdocs.json
@@ -520,14 +520,6 @@
               {
                 "plugin": "security",
                 "path": "x-pack/plugins/security/public/plugin.tsx"
-              },
-              {
-                "plugin": "dataVisualizer",
-                "path": "x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx"
-              },
-              {
-                "plugin": "dataVisualizer",
-                "path": "x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts"
               }
             ]
           },
@@ -635,22 +627,10 @@
             "deprecated": true,
             "trackAdoption": false,
             "references": [
-              {
-                "plugin": "dataViews",
-                "path": "src/plugins/data_views/public/plugin.ts"
-              },
               {
                 "plugin": "security",
                 "path": "x-pack/plugins/security/public/plugin.tsx"
               },
-              {
-                "plugin": "maps",
-                "path": "x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx"
-              },
-              {
-                "plugin": "imageEmbeddable",
-                "path": "src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/management/links.ts"
diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx
index e9c43ae092a19..900364abf89d4 100644
--- a/api_docs/kbn_security_plugin_types_public.mdx
+++ b/api_docs/kbn_security_plugin_types_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public
 title: "@kbn/security-plugin-types-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-public plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public']
 ---
 import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json';
diff --git a/api_docs/kbn_security_plugin_types_server.devdocs.json b/api_docs/kbn_security_plugin_types_server.devdocs.json
index 15aea85d3b059..11afe5cb40dce 100644
--- a/api_docs/kbn_security_plugin_types_server.devdocs.json
+++ b/api_docs/kbn_security_plugin_types_server.devdocs.json
@@ -134,6 +134,95 @@
         ],
         "returnComment": [],
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.getUpdateRestApiKeyWithKibanaPrivilegesSchema",
+        "type": "Function",
+        "tags": [],
+        "label": "getUpdateRestApiKeyWithKibanaPrivilegesSchema",
+        "description": [],
+        "signature": [
+          "(getBasePrivilegeNames: () => { global: string[]; space: string[]; }) => ExtendedObjectType<{ type: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<\"rest\" | undefined>; name: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; expiration: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string | undefined>; role_descriptors: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Record<string, Readonly<{} & {}>>>; metadata: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Readonly<{} & {}> | undefined>; }, { role_descriptors: null; name: null; id: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; kibana_role_descriptors: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Record<string, Readonly<{} & { kibana: Readonly<{ base?: string[] | undefined; feature?: Record<string, string[]> | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>>; }>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/security-plugin-types-server",
+            "id": "def-server.getUpdateRestApiKeyWithKibanaPrivilegesSchema.$1",
+            "type": "Function",
+            "tags": [],
+            "label": "getBasePrivilegeNames",
+            "description": [],
+            "signature": [
+              "() => { global: string[]; space: string[]; }"
+            ],
+            "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
       }
     ],
     "interfaces": [
@@ -3179,14 +3268,6 @@
                 "plugin": "alerting",
                 "path": "x-pack/plugins/alerting/server/plugin.ts"
               },
-              {
-                "plugin": "files",
-                "path": "src/plugins/files/server/routes/file_kind/create.ts"
-              },
-              {
-                "plugin": "cases",
-                "path": "x-pack/plugins/cases/server/client/factory.ts"
-              },
               {
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts"
@@ -3195,70 +3276,10 @@
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/api_keys/security.ts"
               },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/services/security/security.ts"
-              },
               {
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts"
               },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-              },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-              },
               {
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts"
@@ -3267,10 +3288,6 @@
                 "plugin": "fleet",
                 "path": "x-pack/plugins/fleet/server/routes/setup/handlers.ts"
               },
-              {
-                "plugin": "fleet",
-                "path": "x-pack/plugins/fleet/server/routes/settings/index.ts"
-              },
               {
                 "plugin": "cloudDefend",
                 "path": "x-pack/plugins/cloud_defend/server/routes/setup_routes.ts"
@@ -3279,10 +3296,6 @@
                 "plugin": "cloudSecurityPosture",
                 "path": "x-pack/plugins/cloud_security_posture/server/routes/setup_routes.ts"
               },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts"
-              },
               {
                 "plugin": "enterpriseSearch",
                 "path": "x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts"
@@ -3295,30 +3308,6 @@
                 "plugin": "lists",
                 "path": "x-pack/plugins/lists/server/get_user.ts"
               },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts"
-              },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts"
-              },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts"
-              },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts"
-              },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts"
-              },
-              {
-                "plugin": "osquery",
-                "path": "x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts"
@@ -3343,10 +3332,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts"
               },
-              {
-                "plugin": "reporting",
-                "path": "x-pack/plugins/reporting/server/routes/common/get_user.ts"
-              },
               {
                 "plugin": "serverlessSearch",
                 "path": "x-pack/plugins/serverless_search/server/routes/api_key_routes.ts"
@@ -3379,6 +3364,30 @@
                 "plugin": "apm",
                 "path": "x-pack/plugins/observability_solution/apm/server/routes/fleet/is_superuser.ts"
               },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+              },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+              },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+              },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts"
+              },
+              {
+                "plugin": "entityManager",
+                "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts"
+              },
+              {
+                "plugin": "observabilityOnboarding",
+                "path": "x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts"
+              },
               {
                 "plugin": "synthetics",
                 "path": "x-pack/plugins/observability_solution/synthetics/server/synthetics_service/get_api_key.ts"
@@ -4342,6 +4351,85 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.UpdateAPIKeyParams",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateAPIKeyParams",
+        "description": [
+          "\nRequest body of Kibana Update API key endpoint."
+        ],
+        "signature": [
+          "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; role_descriptors: Record<string, Readonly<{} & {}>>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; type: \"cross_cluster\"; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; kibana_role_descriptors: Record<string, Readonly<{} & { kibana: Readonly<{ base?: string[] | undefined; feature?: Record<string, string[]> | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.UpdateAPIKeyResult",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateAPIKeyResult",
+        "description": [
+          "\nResponse of Kibana Update API key endpoint."
+        ],
+        "signature": [
+          "SecurityUpdateApiKeyResponse"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.UpdateCrossClusterAPIKeyParams",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateCrossClusterAPIKeyParams",
+        "description": [],
+        "signature": [
+          "{ readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly type: \"cross_cluster\"; readonly access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.UpdateRestAPIKeyParams",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateRestAPIKeyParams",
+        "description": [],
+        "signature": [
+          "{ readonly type?: \"rest\" | undefined; readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly role_descriptors: Record<string, Readonly<{} & {}>>; }"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.UpdateRestAPIKeyWithKibanaPrivilegesParams",
+        "type": "Type",
+        "tags": [],
+        "label": "UpdateRestAPIKeyWithKibanaPrivilegesParams",
+        "description": [],
+        "signature": [
+          "{ readonly type?: \"rest\" | undefined; readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly kibana_role_descriptors: Record<string, Readonly<{} & { kibana: Readonly<{ base?: string[] | undefined; feature?: Record<string, string[]> | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/security-plugin-types-server",
         "id": "def-server.UserProfileServiceStart",
@@ -4586,6 +4674,178 @@
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.updateCrossClusterApiKeySchema",
+        "type": "Object",
+        "tags": [],
+        "label": "updateCrossClusterApiKeySchema",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.ObjectType",
+            "text": "ObjectType"
+          },
+          "<ExtendedProps<ExtendedProps<{ type: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<\"rest\" | undefined>; name: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; expiration: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string | undefined>; role_descriptors: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Record<string, Readonly<{} & {}>>>; metadata: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Readonly<{} & {}> | undefined>; }, { type: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<\"cross_cluster\">; role_descriptors: null; access: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.ObjectType",
+            "text": "ObjectType"
+          },
+          "<{ search: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined>; replication: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Readonly<{} & { names: string[]; }>[] | undefined>; }>; }>, { name: null; id: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; }>>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/security-plugin-types-server",
+        "id": "def-server.updateRestApiKeySchema",
+        "type": "Object",
+        "tags": [],
+        "label": "updateRestApiKeySchema",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.ObjectType",
+            "text": "ObjectType"
+          },
+          "<ExtendedProps<{ type: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<\"rest\" | undefined>; name: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; expiration: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string | undefined>; role_descriptors: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Record<string, Readonly<{} & {}>>>; metadata: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<Readonly<{} & {}> | undefined>; }, { name: null; id: ",
+          {
+            "pluginId": "@kbn/config-schema",
+            "scope": "common",
+            "docId": "kibKbnConfigSchemaPluginApi",
+            "section": "def-common.Type",
+            "text": "Type"
+          },
+          "<string>; }>>"
+        ],
+        "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
       }
     ]
   },
diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx
index 1e2222e5ee35b..6029c81ec368e 100644
--- a/api_docs/kbn_security_plugin_types_server.mdx
+++ b/api_docs/kbn_security_plugin_types_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server
 title: "@kbn/security-plugin-types-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-server plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server']
 ---
 import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 207 | 0 | 114 | 0 |
+| 216 | 0 | 121 | 0 |
 
 ## Server
 
diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx
index 9d91ab7470056..a9a5c9dafc7ba 100644
--- a/api_docs/kbn_security_solution_features.mdx
+++ b/api_docs/kbn_security_solution_features.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features
 title: "@kbn/security-solution-features"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-features plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features']
 ---
 import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json';
diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx
index 6bf6254bc2591..e6953d46f1961 100644
--- a/api_docs/kbn_security_solution_navigation.mdx
+++ b/api_docs/kbn_security_solution_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation
 title: "@kbn/security-solution-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-navigation plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation']
 ---
 import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json';
diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx
index d011760047994..98f4db3262765 100644
--- a/api_docs/kbn_security_solution_side_nav.mdx
+++ b/api_docs/kbn_security_solution_side_nav.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav
 title: "@kbn/security-solution-side-nav"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-side-nav plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav']
 ---
 import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json';
diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx
index 168d289b799cd..a9b3a4e379265 100644
--- a/api_docs/kbn_security_solution_storybook_config.mdx
+++ b/api_docs/kbn_security_solution_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config
 title: "@kbn/security-solution-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-storybook-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config']
 ---
 import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx
index 2ac141175ccf8..be2a9184de459 100644
--- a/api_docs/kbn_securitysolution_autocomplete.mdx
+++ b/api_docs/kbn_securitysolution_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete
 title: "@kbn/securitysolution-autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-autocomplete plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete']
 ---
 import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx
index d6a3696437744..036844c562285 100644
--- a/api_docs/kbn_securitysolution_data_table.mdx
+++ b/api_docs/kbn_securitysolution_data_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table
 title: "@kbn/securitysolution-data-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-data-table plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table']
 ---
 import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx
index 8762cacb033b3..43b4167de967a 100644
--- a/api_docs/kbn_securitysolution_ecs.mdx
+++ b/api_docs/kbn_securitysolution_ecs.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs
 title: "@kbn/securitysolution-ecs"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-ecs plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs']
 ---
 import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx
index ff2f0609cc740..4d8bf98615bec 100644
--- a/api_docs/kbn_securitysolution_es_utils.mdx
+++ b/api_docs/kbn_securitysolution_es_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils
 title: "@kbn/securitysolution-es-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-es-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils']
 ---
 import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx
index 09104e8d6febc..64babe983ac7e 100644
--- a/api_docs/kbn_securitysolution_exception_list_components.mdx
+++ b/api_docs/kbn_securitysolution_exception_list_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components
 title: "@kbn/securitysolution-exception-list-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-exception-list-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components']
 ---
 import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx
index 873699f6b4092..0c549e82880e8 100644
--- a/api_docs/kbn_securitysolution_hook_utils.mdx
+++ b/api_docs/kbn_securitysolution_hook_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils
 title: "@kbn/securitysolution-hook-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-hook-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils']
 ---
 import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
index 68eaaad8c99b1..9bcca4c2afebc 100644
--- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types
 title: "@kbn/securitysolution-io-ts-alerting-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types']
 ---
 import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx
index c78391812aced..609ef4521a23d 100644
--- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types
 title: "@kbn/securitysolution-io-ts-list-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-list-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types']
 ---
 import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx
index fdabec7085bb6..d42f6a2049389 100644
--- a/api_docs/kbn_securitysolution_io_ts_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types
 title: "@kbn/securitysolution-io-ts-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types']
 ---
 import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx
index dd230ff4e75d2..af842dcfc20aa 100644
--- a/api_docs/kbn_securitysolution_io_ts_utils.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils
 title: "@kbn/securitysolution-io-ts-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils']
 ---
 import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx
index 69cb2d0521c29..b136699211a57 100644
--- a/api_docs/kbn_securitysolution_list_api.mdx
+++ b/api_docs/kbn_securitysolution_list_api.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api
 title: "@kbn/securitysolution-list-api"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-api plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api']
 ---
 import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx
index 6b3e626eccecf..52162af770cc7 100644
--- a/api_docs/kbn_securitysolution_list_constants.mdx
+++ b/api_docs/kbn_securitysolution_list_constants.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants
 title: "@kbn/securitysolution-list-constants"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-constants plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants']
 ---
 import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx
index a2a939321dd14..9c63a6588ec7f 100644
--- a/api_docs/kbn_securitysolution_list_hooks.mdx
+++ b/api_docs/kbn_securitysolution_list_hooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks
 title: "@kbn/securitysolution-list-hooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-hooks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks']
 ---
 import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx
index 11a08c128e4f5..ce7c749acfe50 100644
--- a/api_docs/kbn_securitysolution_list_utils.mdx
+++ b/api_docs/kbn_securitysolution_list_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils
 title: "@kbn/securitysolution-list-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils']
 ---
 import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx
index ef5bf78923fbd..97e13a2d45ac9 100644
--- a/api_docs/kbn_securitysolution_rules.mdx
+++ b/api_docs/kbn_securitysolution_rules.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules
 title: "@kbn/securitysolution-rules"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-rules plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules']
 ---
 import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx
index 21bee7c0e72a2..59f7318f7338f 100644
--- a/api_docs/kbn_securitysolution_t_grid.mdx
+++ b/api_docs/kbn_securitysolution_t_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid
 title: "@kbn/securitysolution-t-grid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-t-grid plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid']
 ---
 import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx
index dc2b54cb365bd..8a9710d3594d3 100644
--- a/api_docs/kbn_securitysolution_utils.mdx
+++ b/api_docs/kbn_securitysolution_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils
 title: "@kbn/securitysolution-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils']
 ---
 import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json';
diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx
index 1f2f176f841e3..04a85f428b9aa 100644
--- a/api_docs/kbn_server_http_tools.mdx
+++ b/api_docs/kbn_server_http_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools
 title: "@kbn/server-http-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-http-tools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools']
 ---
 import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json';
diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx
index 7bf9a997101b8..790d83aa60999 100644
--- a/api_docs/kbn_server_route_repository.mdx
+++ b/api_docs/kbn_server_route_repository.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository
 title: "@kbn/server-route-repository"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-route-repository plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository']
 ---
 import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json';
diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx
index ca8a403348209..b5512c2c6c475 100644
--- a/api_docs/kbn_serverless_common_settings.mdx
+++ b/api_docs/kbn_serverless_common_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings
 title: "@kbn/serverless-common-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-common-settings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings']
 ---
 import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx
index 16ca494177e31..866ea239779a9 100644
--- a/api_docs/kbn_serverless_observability_settings.mdx
+++ b/api_docs/kbn_serverless_observability_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings
 title: "@kbn/serverless-observability-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-observability-settings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings']
 ---
 import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx
index e52d006de0233..810463b36efcb 100644
--- a/api_docs/kbn_serverless_project_switcher.mdx
+++ b/api_docs/kbn_serverless_project_switcher.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher
 title: "@kbn/serverless-project-switcher"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-project-switcher plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher']
 ---
 import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json';
diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx
index d5b634131da1a..3f52c7b9e9d1d 100644
--- a/api_docs/kbn_serverless_search_settings.mdx
+++ b/api_docs/kbn_serverless_search_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings
 title: "@kbn/serverless-search-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-search-settings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings']
 ---
 import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx
index 3caf5ac24cec2..0b7627d04d0de 100644
--- a/api_docs/kbn_serverless_security_settings.mdx
+++ b/api_docs/kbn_serverless_security_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings
 title: "@kbn/serverless-security-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-security-settings plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings']
 ---
 import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx
index 08bc40afae32c..441278297ed99 100644
--- a/api_docs/kbn_serverless_storybook_config.mdx
+++ b/api_docs/kbn_serverless_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config
 title: "@kbn/serverless-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-storybook-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config']
 ---
 import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx
index 9745ecdb8186c..05afafd9671f3 100644
--- a/api_docs/kbn_shared_svg.mdx
+++ b/api_docs/kbn_shared_svg.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg
 title: "@kbn/shared-svg"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-svg plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg']
 ---
 import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx
index 404f874299660..65a21f2fcc501 100644
--- a/api_docs/kbn_shared_ux_avatar_solution.mdx
+++ b/api_docs/kbn_shared_ux_avatar_solution.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution
 title: "@kbn/shared-ux-avatar-solution"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-avatar-solution plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution']
 ---
 import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
index 9333d04496cb4..642b5e1170cb8 100644
--- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
+++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen
 title: "@kbn/shared-ux-button-exit-full-screen"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen']
 ---
 import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx
index ef29350965f53..ba6a03d4d1644 100644
--- a/api_docs/kbn_shared_ux_button_toolbar.mdx
+++ b/api_docs/kbn_shared_ux_button_toolbar.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar
 title: "@kbn/shared-ux-button-toolbar"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-button-toolbar plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar']
 ---
 import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx
index d3673b25f72e7..43ebdeee3e443 100644
--- a/api_docs/kbn_shared_ux_card_no_data.mdx
+++ b/api_docs/kbn_shared_ux_card_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data
 title: "@kbn/shared-ux-card-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-card-no-data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data']
 ---
 import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
index 5cb78c021e1f9..430a12cc61fce 100644
--- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks
 title: "@kbn/shared-ux-card-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks']
 ---
 import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx
index 0a2ead2d37889..8242feae71a62 100644
--- a/api_docs/kbn_shared_ux_chrome_navigation.mdx
+++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation
 title: "@kbn/shared-ux-chrome-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-chrome-navigation plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation']
 ---
 import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx
index 239d1b323afe6..89469c92b08e1 100644
--- a/api_docs/kbn_shared_ux_error_boundary.mdx
+++ b/api_docs/kbn_shared_ux_error_boundary.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary
 title: "@kbn/shared-ux-error-boundary"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-error-boundary plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary']
 ---
 import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx
index b8ece7498308d..31f1c910af3c2 100644
--- a/api_docs/kbn_shared_ux_file_context.mdx
+++ b/api_docs/kbn_shared_ux_file_context.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context
 title: "@kbn/shared-ux-file-context"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-context plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context']
 ---
 import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx
index d66a1c29d299b..3f758f564eb62 100644
--- a/api_docs/kbn_shared_ux_file_image.mdx
+++ b/api_docs/kbn_shared_ux_file_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image
 title: "@kbn/shared-ux-file-image"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-image plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image']
 ---
 import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx
index 4af0208d8e674..ba0cc5c2bc248 100644
--- a/api_docs/kbn_shared_ux_file_image_mocks.mdx
+++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks
 title: "@kbn/shared-ux-file-image-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-image-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks']
 ---
 import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx
index da0e05f1c19c1..4fc51321e30c3 100644
--- a/api_docs/kbn_shared_ux_file_mocks.mdx
+++ b/api_docs/kbn_shared_ux_file_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks
 title: "@kbn/shared-ux-file-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks']
 ---
 import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx
index 2f8bbde5a2807..48d2a6e7cb3ca 100644
--- a/api_docs/kbn_shared_ux_file_picker.mdx
+++ b/api_docs/kbn_shared_ux_file_picker.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker
 title: "@kbn/shared-ux-file-picker"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-picker plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker']
 ---
 import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx
index 3bd1daa4136c0..17eb11e2c05fd 100644
--- a/api_docs/kbn_shared_ux_file_types.mdx
+++ b/api_docs/kbn_shared_ux_file_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types
 title: "@kbn/shared-ux-file-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types']
 ---
 import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx
index 259a2ef67160a..e73628fd9226d 100644
--- a/api_docs/kbn_shared_ux_file_upload.mdx
+++ b/api_docs/kbn_shared_ux_file_upload.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload
 title: "@kbn/shared-ux-file-upload"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-upload plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload']
 ---
 import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx
index fbd2ad9877dfa..79a941f92f584 100644
--- a/api_docs/kbn_shared_ux_file_util.mdx
+++ b/api_docs/kbn_shared_ux_file_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util
 title: "@kbn/shared-ux-file-util"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-util plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util']
 ---
 import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx
index b43f928c2921b..fa5ea1621dbe3 100644
--- a/api_docs/kbn_shared_ux_link_redirect_app.mdx
+++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app
 title: "@kbn/shared-ux-link-redirect-app"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-link-redirect-app plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app']
 ---
 import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
index 29a5b2b890b55..8fbe61ee4f3c4 100644
--- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
+++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks
 title: "@kbn/shared-ux-link-redirect-app-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks']
 ---
 import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx
index 70cd3f8c5a62e..84404d0a80a16 100644
--- a/api_docs/kbn_shared_ux_markdown.mdx
+++ b/api_docs/kbn_shared_ux_markdown.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown
 title: "@kbn/shared-ux-markdown"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-markdown plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown']
 ---
 import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx
index e92d85b21dea6..62252f73ef8d0 100644
--- a/api_docs/kbn_shared_ux_markdown_mocks.mdx
+++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks
 title: "@kbn/shared-ux-markdown-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-markdown-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks']
 ---
 import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
index 279b0490c5cba..1310f572ceba7 100644
--- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data
 title: "@kbn/shared-ux-page-analytics-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data']
 ---
 import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
index 17edc6261ff59..923b2f3a66c9c 100644
--- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks
 title: "@kbn/shared-ux-page-analytics-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks']
 ---
 import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
index 073fc1ac1af79..dc3612df6112b 100644
--- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data
 title: "@kbn/shared-ux-page-kibana-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data']
 ---
 import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
index 17fcd1e4f0c90..8397786153a23 100644
--- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks
 title: "@kbn/shared-ux-page-kibana-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks']
 ---
 import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx
index fe6a0f30a222d..5937b1044fd07 100644
--- a/api_docs/kbn_shared_ux_page_kibana_template.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template
 title: "@kbn/shared-ux-page-kibana-template"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-template plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template']
 ---
 import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
index 1657db0e5712d..8d52acbf5040a 100644
--- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks
 title: "@kbn/shared-ux-page-kibana-template-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks']
 ---
 import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx
index faa0052cdefe5..10f3af8516bf3 100644
--- a/api_docs/kbn_shared_ux_page_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data
 title: "@kbn/shared-ux-page-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data']
 ---
 import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx
index 095b8d4616d75..e5db6fc34d669 100644
--- a/api_docs/kbn_shared_ux_page_no_data_config.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config
 title: "@kbn/shared-ux-page-no-data-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config']
 ---
 import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
index bff0a5c9cfbcd..dcfccbce574b2 100644
--- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks
 title: "@kbn/shared-ux-page-no-data-config-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks']
 ---
 import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
index bf07f8e2bbba6..587ff6dc91d48 100644
--- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks
 title: "@kbn/shared-ux-page-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks']
 ---
 import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx
index adf63c4ec483b..43a0b60448441 100644
--- a/api_docs/kbn_shared_ux_page_solution_nav.mdx
+++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav
 title: "@kbn/shared-ux-page-solution-nav"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-solution-nav plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav']
 ---
 import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
index 5287ba423855e..a51e7e98159cf 100644
--- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
+++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views
 title: "@kbn/shared-ux-prompt-no-data-views"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views']
 ---
 import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
index 33ab370ae2fac..b9016aa9ffd22 100644
--- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
+++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks
 title: "@kbn/shared-ux-prompt-no-data-views-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks']
 ---
 import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx
index 4029b95750832..2fe07d9596a2c 100644
--- a/api_docs/kbn_shared_ux_prompt_not_found.mdx
+++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found
 title: "@kbn/shared-ux-prompt-not-found"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-not-found plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found']
 ---
 import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx
index 92f3ebba2f5df..07dc34a2ace38 100644
--- a/api_docs/kbn_shared_ux_router.mdx
+++ b/api_docs/kbn_shared_ux_router.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router
 title: "@kbn/shared-ux-router"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-router plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router']
 ---
 import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx
index 12cbb0872b2e1..2d0f0fa55731e 100644
--- a/api_docs/kbn_shared_ux_router_mocks.mdx
+++ b/api_docs/kbn_shared_ux_router_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks
 title: "@kbn/shared-ux-router-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-router-mocks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks']
 ---
 import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx
index d39b8ab858fc2..0ef6471b360e5 100644
--- a/api_docs/kbn_shared_ux_storybook_config.mdx
+++ b/api_docs/kbn_shared_ux_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config
 title: "@kbn/shared-ux-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-storybook-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config']
 ---
 import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx
index b82e7bc78626a..062540743ab25 100644
--- a/api_docs/kbn_shared_ux_storybook_mock.mdx
+++ b/api_docs/kbn_shared_ux_storybook_mock.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock
 title: "@kbn/shared-ux-storybook-mock"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-storybook-mock plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock']
 ---
 import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx
index 261247fd4298c..7ddf41f54776b 100644
--- a/api_docs/kbn_shared_ux_tabbed_modal.mdx
+++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal
 title: "@kbn/shared-ux-tabbed-modal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-tabbed-modal plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal']
 ---
 import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx
index 1a435031fb47b..de4958f4af561 100644
--- a/api_docs/kbn_shared_ux_utility.mdx
+++ b/api_docs/kbn_shared_ux_utility.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility
 title: "@kbn/shared-ux-utility"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-utility plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility']
 ---
 import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json';
diff --git a/api_docs/kbn_slo_schema.devdocs.json b/api_docs/kbn_slo_schema.devdocs.json
index 5707fe5fd6e53..77f3590eb32c0 100644
--- a/api_docs/kbn_slo_schema.devdocs.json
+++ b/api_docs/kbn_slo_schema.devdocs.json
@@ -850,7 +850,7 @@
         "label": "FindSLOGroupsParams",
         "description": [],
         "signature": [
-          "{ page?: string | undefined; perPage?: string | undefined; groupBy?: \"status\" | \"_index\" | \"ungrouped\" | \"slo.tags\" | \"slo.indicator.type\" | undefined; groupsFilter?: string | string[] | undefined; kqlQuery?: string | undefined; filters?: string | undefined; }"
+          "{ page?: string | undefined; perPage?: string | undefined; groupBy?: \"status\" | \"slo.instanceId\" | \"_index\" | \"ungrouped\" | \"slo.tags\" | \"slo.indicator.type\" | undefined; groupsFilter?: string | string[] | undefined; kqlQuery?: string | undefined; filters?: string | undefined; }"
         ],
         "path": "x-pack/packages/kbn-slo-schema/src/rest_specs/routes/find_group.ts",
         "deprecated": false,
@@ -865,7 +865,7 @@
         "label": "FindSLOGroupsResponse",
         "description": [],
         "signature": [
-          "{ page: number; perPage: number; total: number; results: { group: string; groupBy: \"status\" | \"_index\" | \"ungrouped\" | \"slo.tags\" | \"slo.indicator.type\"; summary: { total: number; worst: { sliValue: number; status: string; slo: { id: string; instanceId: string; name: string; }; }; violated: number; healthy: number; degrading: number; noData: number; }; }[]; }"
+          "{ page: number; perPage: number; total: number; results: { group: string; groupBy: \"status\" | \"slo.instanceId\" | \"_index\" | \"ungrouped\" | \"slo.tags\" | \"slo.indicator.type\"; summary: { total: number; worst: { sliValue: number; status: string; slo: { id: string; instanceId: string; name: string; groupings: { [x: string]: unknown; }; }; }; violated: number; healthy: number; degrading: number; noData: number; }; }[]; }"
         ],
         "path": "x-pack/packages/kbn-slo-schema/src/rest_specs/routes/find_group.ts",
         "deprecated": false,
@@ -1053,7 +1053,7 @@
         "label": "GroupSummary",
         "description": [],
         "signature": [
-          "{ total: number; worst: { sliValue: number; status: string; slo: { id: string; instanceId: string; name: string; }; }; violated: number; healthy: number; degrading: number; noData: number; }"
+          "{ total: number; worst: { sliValue: number; status: string; slo: { id: string; instanceId: string; name: string; groupings: { [x: string]: unknown; }; }; }; violated: number; healthy: number; degrading: number; noData: number; }"
         ],
         "path": "x-pack/packages/kbn-slo-schema/src/rest_specs/common.ts",
         "deprecated": false,
@@ -5256,6 +5256,8 @@
           "LiteralC",
           "<\"slo.indicator.type\">, ",
           "LiteralC",
+          "<\"slo.instanceId\">, ",
+          "LiteralC",
           "<\"_index\">]>; groupsFilter: ",
           "UnionC",
           "<[",
@@ -5308,6 +5310,8 @@
           "LiteralC",
           "<\"slo.indicator.type\">, ",
           "LiteralC",
+          "<\"slo.instanceId\">, ",
+          "LiteralC",
           "<\"_index\">]>; summary: ",
           "TypeC",
           "<{ total: ",
@@ -5326,7 +5330,13 @@
           "StringC",
           "; name: ",
           "StringC",
-          "; }>; }>; violated: ",
+          "; groupings: ",
+          "RecordC",
+          "<",
+          "StringC",
+          ", ",
+          "UnknownC",
+          ">; }>; }>; violated: ",
           "NumberC",
           "; healthy: ",
           "NumberC",
@@ -10154,7 +10164,13 @@
           "StringC",
           "; name: ",
           "StringC",
-          "; }>; }>; violated: ",
+          "; groupings: ",
+          "RecordC",
+          "<",
+          "StringC",
+          ", ",
+          "UnknownC",
+          ">; }>; }>; violated: ",
           "NumberC",
           "; healthy: ",
           "NumberC",
@@ -16029,6 +16045,8 @@
           "LiteralC",
           "<\"slo.indicator.type\">, ",
           "LiteralC",
+          "<\"slo.instanceId\">, ",
+          "LiteralC",
           "<\"_index\">]>; summary: ",
           "TypeC",
           "<{ total: ",
@@ -16047,7 +16065,13 @@
           "StringC",
           "; name: ",
           "StringC",
-          "; }>; }>; violated: ",
+          "; groupings: ",
+          "RecordC",
+          "<",
+          "StringC",
+          ", ",
+          "UnknownC",
+          ">; }>; }>; violated: ",
           "NumberC",
           "; healthy: ",
           "NumberC",
diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx
index aa10690cafe76..2406d3d260774 100644
--- a/api_docs/kbn_slo_schema.mdx
+++ b/api_docs/kbn_slo_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema
 title: "@kbn/slo-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/slo-schema plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema']
 ---
 import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json';
diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx
index 9748374475f97..7f19c0069ed9a 100644
--- a/api_docs/kbn_some_dev_log.mdx
+++ b/api_docs/kbn_some_dev_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log
 title: "@kbn/some-dev-log"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/some-dev-log plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log']
 ---
 import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json';
diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx
index 8f8c28195b779..538c604ff6ad0 100644
--- a/api_docs/kbn_sort_predicates.mdx
+++ b/api_docs/kbn_sort_predicates.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates
 title: "@kbn/sort-predicates"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/sort-predicates plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates']
 ---
 import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json';
diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx
index c6eab71a6e0c6..c630dda04f3a4 100644
--- a/api_docs/kbn_std.mdx
+++ b/api_docs/kbn_std.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std
 title: "@kbn/std"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/std plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std']
 ---
 import kbnStdObj from './kbn_std.devdocs.json';
diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx
index 0112000b7a26c..a42f68884d39a 100644
--- a/api_docs/kbn_stdio_dev_helpers.mdx
+++ b/api_docs/kbn_stdio_dev_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers
 title: "@kbn/stdio-dev-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/stdio-dev-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers']
 ---
 import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json';
diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx
index 943833768aeac..3de74afe59f63 100644
--- a/api_docs/kbn_storybook.mdx
+++ b/api_docs/kbn_storybook.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook
 title: "@kbn/storybook"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/storybook plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook']
 ---
 import kbnStorybookObj from './kbn_storybook.devdocs.json';
diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx
index 0d9fa30a0949c..f06c67f6ca5b9 100644
--- a/api_docs/kbn_telemetry_tools.mdx
+++ b/api_docs/kbn_telemetry_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools
 title: "@kbn/telemetry-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/telemetry-tools plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools']
 ---
 import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json';
diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx
index 64f82b945cbc0..b042d70c3711d 100644
--- a/api_docs/kbn_test.mdx
+++ b/api_docs/kbn_test.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test
 title: "@kbn/test"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test']
 ---
 import kbnTestObj from './kbn_test.devdocs.json';
diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx
index 29b758c4be49c..ec5062684c97b 100644
--- a/api_docs/kbn_test_eui_helpers.mdx
+++ b/api_docs/kbn_test_eui_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers
 title: "@kbn/test-eui-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-eui-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers']
 ---
 import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json';
diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx
index 468d56ee570b1..815901b8c623b 100644
--- a/api_docs/kbn_test_jest_helpers.mdx
+++ b/api_docs/kbn_test_jest_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers
 title: "@kbn/test-jest-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-jest-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers']
 ---
 import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json';
diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx
index 0e0df8e1fee93..3960bce2ae1cb 100644
--- a/api_docs/kbn_test_subj_selector.mdx
+++ b/api_docs/kbn_test_subj_selector.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector
 title: "@kbn/test-subj-selector"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-subj-selector plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector']
 ---
 import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json';
diff --git a/api_docs/kbn_text_based_editor.mdx b/api_docs/kbn_text_based_editor.mdx
index a274863d31ad6..0617ce75c7c52 100644
--- a/api_docs/kbn_text_based_editor.mdx
+++ b/api_docs/kbn_text_based_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-text-based-editor
 title: "@kbn/text-based-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/text-based-editor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/text-based-editor']
 ---
 import kbnTextBasedEditorObj from './kbn_text_based_editor.devdocs.json';
diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx
index d3e5ad7feb050..417fde8807576 100644
--- a/api_docs/kbn_timerange.mdx
+++ b/api_docs/kbn_timerange.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange
 title: "@kbn/timerange"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/timerange plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange']
 ---
 import kbnTimerangeObj from './kbn_timerange.devdocs.json';
diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx
index 8312393b8890a..80fdf65e0898c 100644
--- a/api_docs/kbn_tooling_log.mdx
+++ b/api_docs/kbn_tooling_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log
 title: "@kbn/tooling-log"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/tooling-log plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log']
 ---
 import kbnToolingLogObj from './kbn_tooling_log.devdocs.json';
diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx
index b8ef08f8eec8f..7f5ff2cc2265d 100644
--- a/api_docs/kbn_triggers_actions_ui_types.mdx
+++ b/api_docs/kbn_triggers_actions_ui_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types
 title: "@kbn/triggers-actions-ui-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/triggers-actions-ui-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types']
 ---
 import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json';
diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx
index 94ddd39fdd645..fd218b38a8bb7 100644
--- a/api_docs/kbn_try_in_console.mdx
+++ b/api_docs/kbn_try_in_console.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console
 title: "@kbn/try-in-console"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/try-in-console plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console']
 ---
 import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json';
diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx
index b13e774e8dd1d..d21d48abc5440 100644
--- a/api_docs/kbn_ts_projects.mdx
+++ b/api_docs/kbn_ts_projects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects
 title: "@kbn/ts-projects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ts-projects plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects']
 ---
 import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json';
diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx
index 83d4f24f65989..e2c7d8f130913 100644
--- a/api_docs/kbn_typed_react_router_config.mdx
+++ b/api_docs/kbn_typed_react_router_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config
 title: "@kbn/typed-react-router-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/typed-react-router-config plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config']
 ---
 import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json';
diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx
index cf0d74cfcf5d6..de8bd6dfa9b8f 100644
--- a/api_docs/kbn_ui_actions_browser.mdx
+++ b/api_docs/kbn_ui_actions_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser
 title: "@kbn/ui-actions-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-actions-browser plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser']
 ---
 import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json';
diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx
index 3e366650b981a..1b198515e6659 100644
--- a/api_docs/kbn_ui_shared_deps_src.mdx
+++ b/api_docs/kbn_ui_shared_deps_src.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src
 title: "@kbn/ui-shared-deps-src"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-shared-deps-src plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src']
 ---
 import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json';
diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx
index a316100c89324..f87b0a967e737 100644
--- a/api_docs/kbn_ui_theme.mdx
+++ b/api_docs/kbn_ui_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme
 title: "@kbn/ui-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-theme plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme']
 ---
 import kbnUiThemeObj from './kbn_ui_theme.devdocs.json';
diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx
index ebaebbf0d1c19..45e2d08bc66b5 100644
--- a/api_docs/kbn_unified_data_table.mdx
+++ b/api_docs/kbn_unified_data_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table
 title: "@kbn/unified-data-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-data-table plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table']
 ---
 import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json';
diff --git a/api_docs/kbn_unified_doc_viewer.devdocs.json b/api_docs/kbn_unified_doc_viewer.devdocs.json
index 784e80f8d5615..62463520b7db6 100644
--- a/api_docs/kbn_unified_doc_viewer.devdocs.json
+++ b/api_docs/kbn_unified_doc_viewer.devdocs.json
@@ -295,7 +295,7 @@
         "label": "FieldName",
         "description": [],
         "signature": [
-          "({\n  fieldName,\n  fieldMapping,\n  fieldType,\n  fieldIconProps,\n  scripted = false,\n  highlight = '',\n}: Props) => JSX.Element"
+          "({\n  fieldName,\n  fieldMapping,\n  fieldType,\n  fieldIconProps,\n  scripted = false,\n  highlight = '',\n  isPinned = false,\n}: Props) => JSX.Element"
         ],
         "path": "packages/kbn-unified-doc-viewer/src/components/field_name/field_name.tsx",
         "deprecated": false,
@@ -306,7 +306,7 @@
             "id": "def-common.FieldName.$1",
             "type": "Object",
             "tags": [],
-            "label": "{\n  fieldName,\n  fieldMapping,\n  fieldType,\n  fieldIconProps,\n  scripted = false,\n  highlight = '',\n}",
+            "label": "{\n  fieldName,\n  fieldMapping,\n  fieldType,\n  fieldIconProps,\n  scripted = false,\n  highlight = '',\n  isPinned = false,\n}",
             "description": [],
             "signature": [
               "Props"
diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx
index 9016bea59786a..6d36e8b656dc3 100644
--- a/api_docs/kbn_unified_doc_viewer.mdx
+++ b/api_docs/kbn_unified_doc_viewer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer
 title: "@kbn/unified-doc-viewer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-doc-viewer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer']
 ---
 import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json';
diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx
index d7b8892935c74..e6c88a3d4d217 100644
--- a/api_docs/kbn_unified_field_list.mdx
+++ b/api_docs/kbn_unified_field_list.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list
 title: "@kbn/unified-field-list"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-field-list plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list']
 ---
 import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json';
diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx
index 13d0692fda595..718c1b7569c9b 100644
--- a/api_docs/kbn_unsaved_changes_badge.mdx
+++ b/api_docs/kbn_unsaved_changes_badge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge
 title: "@kbn/unsaved-changes-badge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unsaved-changes-badge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge']
 ---
 import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json';
diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx
index 28de503ac92cf..02fe85f1544ba 100644
--- a/api_docs/kbn_unsaved_changes_prompt.mdx
+++ b/api_docs/kbn_unsaved_changes_prompt.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt
 title: "@kbn/unsaved-changes-prompt"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unsaved-changes-prompt plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt']
 ---
 import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json';
diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx
index 0e01d98f67532..9414aa5ddc862 100644
--- a/api_docs/kbn_use_tracked_promise.mdx
+++ b/api_docs/kbn_use_tracked_promise.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise
 title: "@kbn/use-tracked-promise"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/use-tracked-promise plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise']
 ---
 import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json';
diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx
index 0eca362028796..a01a034244376 100644
--- a/api_docs/kbn_user_profile_components.mdx
+++ b/api_docs/kbn_user_profile_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components
 title: "@kbn/user-profile-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/user-profile-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components']
 ---
 import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json';
diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx
index 51d6e23f8b802..c0dcacd69cba2 100644
--- a/api_docs/kbn_utility_types.mdx
+++ b/api_docs/kbn_utility_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types
 title: "@kbn/utility-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utility-types plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types']
 ---
 import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json';
diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx
index 857110d8f912f..2a5ea20b6a311 100644
--- a/api_docs/kbn_utility_types_jest.mdx
+++ b/api_docs/kbn_utility_types_jest.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest
 title: "@kbn/utility-types-jest"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utility-types-jest plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest']
 ---
 import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json';
diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx
index 3de74eb88c3ab..d492f2bbbf6f3 100644
--- a/api_docs/kbn_utils.mdx
+++ b/api_docs/kbn_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils
 title: "@kbn/utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils']
 ---
 import kbnUtilsObj from './kbn_utils.devdocs.json';
diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx
index fff13aac1b112..5c5924b07a2d2 100644
--- a/api_docs/kbn_visualization_ui_components.mdx
+++ b/api_docs/kbn_visualization_ui_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components
 title: "@kbn/visualization-ui-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/visualization-ui-components plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components']
 ---
 import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json';
diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx
index 94cabdfae49a6..f686c0d763291 100644
--- a/api_docs/kbn_visualization_utils.mdx
+++ b/api_docs/kbn_visualization_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils
 title: "@kbn/visualization-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/visualization-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils']
 ---
 import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json';
diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx
index a093809f851a7..de0954d3f3f23 100644
--- a/api_docs/kbn_xstate_utils.mdx
+++ b/api_docs/kbn_xstate_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils
 title: "@kbn/xstate-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/xstate-utils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils']
 ---
 import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json';
diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx
index 78c6e883b6e67..ade55986cf2db 100644
--- a/api_docs/kbn_yarn_lock_validator.mdx
+++ b/api_docs/kbn_yarn_lock_validator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator
 title: "@kbn/yarn-lock-validator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/yarn-lock-validator plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator']
 ---
 import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json';
diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx
index 8c5ae93d1de77..7fcba26eb3295 100644
--- a/api_docs/kbn_zod_helpers.mdx
+++ b/api_docs/kbn_zod_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers
 title: "@kbn/zod-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/zod-helpers plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers']
 ---
 import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json';
diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx
index 2578cad63ef05..87f2ed48a240b 100644
--- a/api_docs/kibana_overview.mdx
+++ b/api_docs/kibana_overview.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview
 title: "kibanaOverview"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaOverview plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview']
 ---
 import kibanaOverviewObj from './kibana_overview.devdocs.json';
diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx
index 7eaac80a171b1..b913321e27dbc 100644
--- a/api_docs/kibana_react.mdx
+++ b/api_docs/kibana_react.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact
 title: "kibanaReact"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaReact plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact']
 ---
 import kibanaReactObj from './kibana_react.devdocs.json';
diff --git a/api_docs/kibana_utils.devdocs.json b/api_docs/kibana_utils.devdocs.json
index c880f79625ef1..e2cb3da15e5e6 100644
--- a/api_docs/kibana_utils.devdocs.json
+++ b/api_docs/kibana_utils.devdocs.json
@@ -1437,7 +1437,7 @@
             "label": "set",
             "description": [],
             "signature": [
-              "(key: string, value: any) => false | void"
+              "(key: string, value: any, includeUndefined?: boolean) => false | void"
             ],
             "path": "src/plugins/kibana_utils/public/storage/storage.ts",
             "deprecated": false,
@@ -1472,6 +1472,21 @@
                 "deprecated": false,
                 "trackAdoption": false,
                 "isRequired": true
+              },
+              {
+                "parentPluginId": "kibanaUtils",
+                "id": "def-public.Storage.set.$3",
+                "type": "boolean",
+                "tags": [],
+                "label": "includeUndefined",
+                "description": [],
+                "signature": [
+                  "boolean"
+                ],
+                "path": "src/plugins/kibana_utils/public/storage/storage.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
               }
             ],
             "returnComment": []
diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx
index 350d92ac57c19..c73d784f22c48 100644
--- a/api_docs/kibana_utils.mdx
+++ b/api_docs/kibana_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils
 title: "kibanaUtils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaUtils plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils']
 ---
 import kibanaUtilsObj from './kibana_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 609 | 3 | 416 | 9 |
+| 610 | 3 | 417 | 9 |
 
 ## Client
 
diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx
index 97af756fbcb2a..351f00f87cba0 100644
--- a/api_docs/kubernetes_security.mdx
+++ b/api_docs/kubernetes_security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity
 title: "kubernetesSecurity"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kubernetesSecurity plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity']
 ---
 import kubernetesSecurityObj from './kubernetes_security.devdocs.json';
diff --git a/api_docs/lens.devdocs.json b/api_docs/lens.devdocs.json
index 2e502ecd39bad..efd0ff8b1c20c 100644
--- a/api_docs/lens.devdocs.json
+++ b/api_docs/lens.devdocs.json
@@ -3725,6 +3725,55 @@
             "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "lens",
+            "id": "def-public.LegendConfig.layout",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "layout",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "visualizations",
+                "scope": "common",
+                "docId": "kibVisualizationsPluginApi",
+                "section": "def-common.LegendLayout",
+                "text": "LegendLayout"
+              },
+              " | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "lens",
+            "id": "def-public.LegendConfig.title",
+            "type": "string",
+            "tags": [],
+            "label": "title",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "lens",
+            "id": "def-public.LegendConfig.isTitleVisible",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "isTitleVisible",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "src/plugins/chart_expressions/expression_xy/common/types/expression_functions.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx
index 1aacddd53ae9c..84594ef2687a0 100644
--- a/api_docs/lens.mdx
+++ b/api_docs/lens.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens
 title: "lens"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the lens plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens']
 ---
 import lensObj from './lens.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 669 | 0 | 567 | 62 |
+| 672 | 0 | 570 | 62 |
 
 ## Client
 
diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx
index 52990b67a8805..866485eac5815 100644
--- a/api_docs/license_api_guard.mdx
+++ b/api_docs/license_api_guard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard
 title: "licenseApiGuard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licenseApiGuard plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard']
 ---
 import licenseApiGuardObj from './license_api_guard.devdocs.json';
diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx
index 53e6a7de6aaf9..3568b10d76a09 100644
--- a/api_docs/license_management.mdx
+++ b/api_docs/license_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement
 title: "licenseManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licenseManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement']
 ---
 import licenseManagementObj from './license_management.devdocs.json';
diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx
index 7ff63218c70ce..94264323f48f2 100644
--- a/api_docs/licensing.mdx
+++ b/api_docs/licensing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing
 title: "licensing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licensing plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing']
 ---
 import licensingObj from './licensing.devdocs.json';
diff --git a/api_docs/links.devdocs.json b/api_docs/links.devdocs.json
index 55d1053815fad..e242c392dcd42 100644
--- a/api_docs/links.devdocs.json
+++ b/api_docs/links.devdocs.json
@@ -110,6 +110,27 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "links",
+            "id": "def-public.LinksEmbeddable.grouping",
+            "type": "Array",
+            "tags": [],
+            "label": "grouping",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/ui-actions-browser",
+                "scope": "common",
+                "docId": "kibKbnUiActionsBrowserPluginApi",
+                "section": "def-common.PresentableGroup",
+                "text": "PresentableGroup"
+              },
+              "<unknown>[]"
+            ],
+            "path": "src/plugins/links/public/embeddable/links_embeddable.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "links",
             "id": "def-public.LinksEmbeddable.Unnamed",
@@ -565,10 +586,10 @@
                 "pluginId": "@kbn/ui-actions-browser",
                 "scope": "common",
                 "docId": "kibKbnUiActionsBrowserPluginApi",
-                "section": "def-common.PresentableGrouping",
-                "text": "PresentableGrouping"
+                "section": "def-common.PresentableGroup",
+                "text": "PresentableGroup"
               },
-              "<unknown> | undefined"
+              "<unknown>[]"
             ],
             "path": "src/plugins/links/public/embeddable/links_embeddable_factory.ts",
             "deprecated": false,
diff --git a/api_docs/links.mdx b/api_docs/links.mdx
index bb6e28921dcea..228de45ba3c27 100644
--- a/api_docs/links.mdx
+++ b/api_docs/links.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links
 title: "links"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the links plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links']
 ---
 import linksObj from './links.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 57 | 0 | 57 | 6 |
+| 58 | 0 | 58 | 6 |
 
 ## Client
 
diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx
index d1dbb67ba6ccb..f0d4df4abd2ec 100644
--- a/api_docs/lists.mdx
+++ b/api_docs/lists.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists
 title: "lists"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the lists plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists']
 ---
 import listsObj from './lists.devdocs.json';
diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx
index 8e77013849428..a42904bbdfd74 100644
--- a/api_docs/logs_data_access.mdx
+++ b/api_docs/logs_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess
 title: "logsDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsDataAccess plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess']
 ---
 import logsDataAccessObj from './logs_data_access.devdocs.json';
diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx
index f853c879c5cc2..6b8fba15ce551 100644
--- a/api_docs/logs_explorer.mdx
+++ b/api_docs/logs_explorer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer
 title: "logsExplorer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsExplorer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer']
 ---
 import logsExplorerObj from './logs_explorer.devdocs.json';
diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx
index b3b4149db03f5..b46e634bf3577 100644
--- a/api_docs/logs_shared.mdx
+++ b/api_docs/logs_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared
 title: "logsShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsShared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared']
 ---
 import logsSharedObj from './logs_shared.devdocs.json';
diff --git a/api_docs/management.mdx b/api_docs/management.mdx
index 128a57183b207..4bf738fe5acaa 100644
--- a/api_docs/management.mdx
+++ b/api_docs/management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management
 title: "management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the management plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management']
 ---
 import managementObj from './management.devdocs.json';
diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx
index ada73ac30ea8f..642c5a13a95b7 100644
--- a/api_docs/maps.mdx
+++ b/api_docs/maps.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps
 title: "maps"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the maps plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps']
 ---
 import mapsObj from './maps.devdocs.json';
diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx
index dcf3eed8d65e7..f6dbf835b7950 100644
--- a/api_docs/maps_ems.mdx
+++ b/api_docs/maps_ems.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms
 title: "mapsEms"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the mapsEms plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms']
 ---
 import mapsEmsObj from './maps_ems.devdocs.json';
diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx
index 7621ac99fed0d..f2e47393b6639 100644
--- a/api_docs/metrics_data_access.mdx
+++ b/api_docs/metrics_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess
 title: "metricsDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the metricsDataAccess plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess']
 ---
 import metricsDataAccessObj from './metrics_data_access.devdocs.json';
diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx
index 242a6df027850..51de1743ec845 100644
--- a/api_docs/ml.mdx
+++ b/api_docs/ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml
 title: "ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ml plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml']
 ---
 import mlObj from './ml.devdocs.json';
diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx
index a54ec10197db9..507d39f85f789 100644
--- a/api_docs/mock_idp_plugin.mdx
+++ b/api_docs/mock_idp_plugin.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin
 title: "mockIdpPlugin"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the mockIdpPlugin plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin']
 ---
 import mockIdpPluginObj from './mock_idp_plugin.devdocs.json';
diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx
index f00d547d595b2..2b464c6063507 100644
--- a/api_docs/monitoring.mdx
+++ b/api_docs/monitoring.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring
 title: "monitoring"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the monitoring plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring']
 ---
 import monitoringObj from './monitoring.devdocs.json';
diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx
index 37bdf4ef856ea..9a84bcbb4cf79 100644
--- a/api_docs/monitoring_collection.mdx
+++ b/api_docs/monitoring_collection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection
 title: "monitoringCollection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the monitoringCollection plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection']
 ---
 import monitoringCollectionObj from './monitoring_collection.devdocs.json';
diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx
index 36019f225e1c4..1e43c314ceb7d 100644
--- a/api_docs/navigation.mdx
+++ b/api_docs/navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation
 title: "navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the navigation plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation']
 ---
 import navigationObj from './navigation.devdocs.json';
diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx
index ed3a9bbce6fec..dd5a3637c8a2d 100644
--- a/api_docs/newsfeed.mdx
+++ b/api_docs/newsfeed.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed
 title: "newsfeed"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the newsfeed plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed']
 ---
 import newsfeedObj from './newsfeed.devdocs.json';
diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx
index 2ac60ca6d01aa..de8609330a248 100644
--- a/api_docs/no_data_page.mdx
+++ b/api_docs/no_data_page.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage
 title: "noDataPage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the noDataPage plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage']
 ---
 import noDataPageObj from './no_data_page.devdocs.json';
diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx
index fefcc8e26a90f..6ec254e651be1 100644
--- a/api_docs/notifications.mdx
+++ b/api_docs/notifications.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications
 title: "notifications"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the notifications plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications']
 ---
 import notificationsObj from './notifications.devdocs.json';
diff --git a/api_docs/observability.devdocs.json b/api_docs/observability.devdocs.json
index ed3e91babeb4f..b3ed45a5dc0af 100644
--- a/api_docs/observability.devdocs.json
+++ b/api_docs/observability.devdocs.json
@@ -1,177 +1,70 @@
 {
   "id": "observability",
   "client": {
-    "classes": [
+    "classes": [],
+    "functions": [
       {
         "parentPluginId": "observability",
-        "id": "def-public.AutocompleteField",
-        "type": "Class",
+        "id": "def-public.AlertSummary",
+        "type": "Function",
         "tags": [],
-        "label": "AutocompleteField",
+        "label": "AlertSummary",
         "description": [],
         "signature": [
-          {
-            "pluginId": "observability",
-            "scope": "public",
-            "docId": "kibObservabilityPluginApi",
-            "section": "def-public.AutocompleteField",
-            "text": "AutocompleteField"
-          },
-          " extends React.Component<AutocompleteFieldProps, AutocompleteFieldState, any>"
+          "(props: ",
+          "AlertSummaryProps",
+          ") => JSX.Element"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
+        "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "observability",
-            "id": "def-public.AutocompleteField.state",
+            "id": "def-public.AlertSummary.$1",
             "type": "Object",
             "tags": [],
-            "label": "state",
-            "description": [],
-            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "observability",
-                "id": "def-public.AutocompleteField.state.areSuggestionsVisible",
-                "type": "boolean",
-                "tags": [],
-                "label": "areSuggestionsVisible",
-                "description": [],
-                "signature": [
-                  "false"
-                ],
-                "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-                "deprecated": false,
-                "trackAdoption": false
-              },
-              {
-                "parentPluginId": "observability",
-                "id": "def-public.AutocompleteField.state.isFocused",
-                "type": "boolean",
-                "tags": [],
-                "label": "isFocused",
-                "description": [],
-                "signature": [
-                  "false"
-                ],
-                "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-                "deprecated": false,
-                "trackAdoption": false
-              },
-              {
-                "parentPluginId": "observability",
-                "id": "def-public.AutocompleteField.state.selectedIndex",
-                "type": "Uncategorized",
-                "tags": [],
-                "label": "selectedIndex",
-                "description": [],
-                "signature": [
-                  "null"
-                ],
-                "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-                "deprecated": false,
-                "trackAdoption": false
-              }
-            ]
-          },
-          {
-            "parentPluginId": "observability",
-            "id": "def-public.AutocompleteField.render",
-            "type": "Function",
-            "tags": [],
-            "label": "render",
-            "description": [],
-            "signature": [
-              "() => JSX.Element"
-            ],
-            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [],
-            "returnComment": []
-          },
-          {
-            "parentPluginId": "observability",
-            "id": "def-public.AutocompleteField.componentDidMount",
-            "type": "Function",
-            "tags": [],
-            "label": "componentDidMount",
-            "description": [],
-            "signature": [
-              "() => void"
-            ],
-            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [],
-            "returnComment": []
-          },
-          {
-            "parentPluginId": "observability",
-            "id": "def-public.AutocompleteField.componentDidUpdate",
-            "type": "Function",
-            "tags": [],
-            "label": "componentDidUpdate",
+            "label": "props",
             "description": [],
             "signature": [
-              "(prevProps: AutocompleteFieldProps) => void"
+              "AlertSummaryProps"
             ],
-            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
+            "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx",
             "deprecated": false,
             "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "observability",
-                "id": "def-public.AutocompleteField.componentDidUpdate.$1",
-                "type": "Object",
-                "tags": [],
-                "label": "prevProps",
-                "description": [],
-                "signature": [
-                  "AutocompleteFieldProps"
-                ],
-                "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
-            ],
-            "returnComment": []
+            "isRequired": true
           }
         ],
+        "returnComment": [],
         "initialIsOpen": false
-      }
-    ],
-    "functions": [
+      },
       {
         "parentPluginId": "observability",
-        "id": "def-public.AlertSummary",
+        "id": "def-public.AutocompleteField",
         "type": "Function",
         "tags": [],
-        "label": "AlertSummary",
+        "label": "AutocompleteField",
         "description": [],
         "signature": [
-          "({ alert, alertSummaryFields }: AlertSummaryProps) => JSX.Element"
+          "(props: ",
+          "AutocompleteFieldProps",
+          ") => JSX.Element"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx",
+        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "observability",
-            "id": "def-public.AlertSummary.$1",
+            "id": "def-public.AutocompleteField.$1",
             "type": "Object",
             "tags": [],
-            "label": "{ alert, alertSummaryFields }",
+            "label": "props",
             "description": [],
             "signature": [
-              "AlertSummaryProps"
+              "AutocompleteFieldProps"
             ],
-            "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx",
+            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
@@ -457,9 +350,11 @@
         "label": "DatePicker",
         "description": [],
         "signature": [
-          "({\n  rangeFrom,\n  rangeTo,\n  refreshPaused,\n  refreshInterval,\n  width = 'restricted',\n  onTimeRangeRefresh,\n}: DatePickerProps) => JSX.Element"
+          "(props: ",
+          "DatePickerProps",
+          ") => JSX.Element"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx",
+        "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
@@ -468,12 +363,12 @@
             "id": "def-public.DatePicker.$1",
             "type": "Object",
             "tags": [],
-            "label": "{\n  rangeFrom,\n  rangeTo,\n  refreshPaused,\n  refreshInterval,\n  width = 'restricted',\n  onTimeRangeRefresh,\n}",
+            "label": "props",
             "description": [],
             "signature": [
               "DatePickerProps"
             ],
-            "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx",
+            "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx",
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
@@ -793,42 +688,58 @@
       },
       {
         "parentPluginId": "observability",
-        "id": "def-public.getElasticsearchQueryOrThrow",
+        "id": "def-public.getGroupFilters",
         "type": "Function",
         "tags": [],
-        "label": "getElasticsearchQueryOrThrow",
+        "label": "getGroupFilters",
         "description": [],
         "signature": [
-          "(kuery: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }) => never[] | ",
-          "QueryDslQueryContainer",
-          " | { bool: ",
+          "(groups?: ",
+          "Group",
+          "[] | undefined, groupFieldName?: string | undefined) => ",
           {
             "pluginId": "@kbn/es-query",
             "scope": "common",
             "docId": "kibKbnEsQueryPluginApi",
-            "section": "def-common.BoolQuery",
-            "text": "BoolQuery"
+            "section": "def-common.Filter",
+            "text": "Filter"
           },
-          "; }"
+          "[]"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts",
+        "path": "x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "observability",
-            "id": "def-public.getElasticsearchQueryOrThrow.$1",
-            "type": "CompoundType",
+            "id": "def-public.getGroupFilters.$1",
+            "type": "Array",
             "tags": [],
-            "label": "kuery",
+            "label": "groups",
             "description": [],
             "signature": [
-              "string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }"
+              "Group",
+              "[] | undefined"
             ],
-            "path": "x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts",
+            "path": "x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts",
             "deprecated": false,
             "trackAdoption": false,
-            "isRequired": true
+            "isRequired": false
+          },
+          {
+            "parentPluginId": "observability",
+            "id": "def-public.getGroupFilters.$2",
+            "type": "string",
+            "tags": [],
+            "label": "groupFieldName",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": false
           }
         ],
         "returnComment": [],
@@ -1012,6 +923,41 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observability",
+        "id": "def-public.RuleConditionChart",
+        "type": "Function",
+        "tags": [],
+        "label": "RuleConditionChart",
+        "description": [],
+        "signature": [
+          "(props: ",
+          "RuleConditionChartProps",
+          ") => JSX.Element"
+        ],
+        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "observability",
+            "id": "def-public.RuleConditionChart.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "props",
+            "description": [],
+            "signature": [
+              "RuleConditionChartProps"
+            ],
+            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observability",
         "id": "def-public.RuleFlyoutKueryBar",
@@ -1020,9 +966,11 @@
         "label": "RuleFlyoutKueryBar",
         "description": [],
         "signature": [
-          "({\n  derivedIndexPattern,\n  onSubmit,\n  onChange,\n  value,\n  placeholder,\n  curryLoadSuggestions = defaultCurryLoadSuggestions,\n  compressed,\n}: Props) => JSX.Element"
+          "(props: ",
+          "RuleFlyoutKueryBarProps",
+          ") => JSX.Element"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx",
+        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
@@ -1031,12 +979,12 @@
             "id": "def-public.RuleFlyoutKueryBar.$1",
             "type": "Object",
             "tags": [],
-            "label": "{\n  derivedIndexPattern,\n  onSubmit,\n  onChange,\n  value,\n  placeholder,\n  curryLoadSuggestions = defaultCurryLoadSuggestions,\n  compressed,\n}",
+            "label": "props",
             "description": [],
             "signature": [
-              "Props"
+              "RuleFlyoutKueryBarProps"
             ],
-            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx",
+            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
@@ -1080,29 +1028,6 @@
         "returnComment": [],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "observability",
-        "id": "def-public.useCreateRule",
-        "type": "Function",
-        "tags": [],
-        "label": "useCreateRule",
-        "description": [],
-        "signature": [
-          "() => ",
-          "UseMutationResult",
-          "<",
-          "CreateRuleResponse",
-          "<Params>, Error, { rule: ",
-          "CreateRuleRequestBody",
-          "<Params>; }, unknown>"
-        ],
-        "path": "x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [],
-        "returnComment": [],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "observability",
         "id": "def-public.useFetchDataViews",
@@ -1142,23 +1067,6 @@
         "returnComment": [],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "observability",
-        "id": "def-public.useGetFilteredRuleTypes",
-        "type": "Function",
-        "tags": [],
-        "label": "useGetFilteredRuleTypes",
-        "description": [],
-        "signature": [
-          "() => string[]"
-        ],
-        "path": "x-pack/plugins/observability_solution/observability/public/hooks/use_get_filtered_rule_types.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [],
-        "returnComment": [],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "observability",
         "id": "def-public.useSummaryTimeRange",
@@ -1245,42 +1153,31 @@
         "label": "WithKueryAutocompletion",
         "description": [],
         "signature": [
-          "React.FunctionComponent<Omit<WithKueryAutocompletionLifecycleProps, \"kibana\">>"
+          "(props: ",
+          "WithKueryAutocompletionLifecycleProps",
+          ") => JSX.Element"
         ],
-        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx",
+        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
-        "returnComment": [],
         "children": [
           {
             "parentPluginId": "observability",
             "id": "def-public.WithKueryAutocompletion.$1",
-            "type": "CompoundType",
+            "type": "Object",
             "tags": [],
             "label": "props",
             "description": [],
             "signature": [
-              "P & { children?: React.ReactNode; }"
-            ],
-            "path": "node_modules/@types/react/index.d.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "observability",
-            "id": "def-public.WithKueryAutocompletion.$2",
-            "type": "Any",
-            "tags": [],
-            "label": "context",
-            "description": [],
-            "signature": [
-              "any"
+              "WithKueryAutocompletionLifecycleProps"
             ],
-            "path": "node_modules/@types/react/index.d.ts",
+            "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx",
             "deprecated": false,
-            "trackAdoption": false
+            "trackAdoption": false,
+            "isRequired": true
           }
         ],
+        "returnComment": [],
         "initialIsOpen": false
       }
     ],
@@ -1468,7 +1365,7 @@
             "label": "unsafe",
             "description": [],
             "signature": [
-              "{ alertDetails: { metrics: { enabled: boolean; }; logs?: { enabled: boolean; } | undefined; uptime: { enabled: boolean; }; observability?: { enabled: boolean; } | undefined; }; thresholdRule?: { enabled: boolean; } | undefined; ruleFormV2?: { enabled: boolean; } | undefined; }"
+              "{ alertDetails: { logs?: { enabled: boolean; } | undefined; uptime: { enabled: boolean; }; observability?: { enabled: boolean; } | undefined; }; thresholdRule?: { enabled: boolean; } | undefined; ruleFormV2?: { enabled: boolean; } | undefined; }"
             ],
             "path": "x-pack/plugins/observability_solution/observability/public/plugin.ts",
             "deprecated": false,
@@ -3821,7 +3718,7 @@
             "label": "format",
             "description": [],
             "signature": [
-              "(options: { fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              "(options: { fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -3829,7 +3726,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
               "Maybe",
               "<number>, { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ",
               "Maybe",
@@ -3848,7 +3745,7 @@
                 "label": "options",
                 "description": [],
                 "signature": [
-                  "{ fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+                  "{ fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
                   {
                     "pluginId": "@kbn/alerts-as-data-utils",
                     "scope": "common",
@@ -3856,7 +3753,7 @@
                     "section": "def-common.MultiField",
                     "text": "MultiField"
                   },
-                  "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
+                  "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
                   "Maybe",
                   "<number>, { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ",
                   "Maybe",
@@ -4138,7 +4035,7 @@
             "label": "fields",
             "description": [],
             "signature": [
-              "OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              "OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -4146,7 +4043,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>> & TAdditionalMetaFields"
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>> & TAdditionalMetaFields"
             ],
             "path": "x-pack/plugins/observability_solution/observability/public/typings/alerts.ts",
             "deprecated": false,
@@ -4620,6 +4517,22 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observability",
+        "id": "def-public.GenericAggType",
+        "type": "Type",
+        "tags": [],
+        "label": "GenericAggType",
+        "description": [],
+        "signature": [
+          "\"custom\" | ",
+          "Aggregators"
+        ],
+        "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observability",
         "id": "def-public.HasData",
@@ -4743,7 +4656,7 @@
         "label": "ObservabilityRuleTypeFormatter",
         "description": [],
         "signature": [
-          "(options: { fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+          "(options: { fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
           {
             "pluginId": "@kbn/alerts-as-data-utils",
             "scope": "common",
@@ -4751,7 +4664,7 @@
             "section": "def-common.MultiField",
             "text": "MultiField"
           },
-          "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
+          "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
           "Maybe",
           "<number>, { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ",
           "Maybe",
@@ -4770,7 +4683,7 @@
             "label": "options",
             "description": [],
             "signature": [
-              "{ fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              "{ fields: OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -4778,7 +4691,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record<string, any>; formatters: { asDuration: (value: ",
               "Maybe",
               "<number>, { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ",
               "Maybe",
@@ -13858,6 +13771,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observability",
+        "id": "def-common.apmEnableMultiSignal",
+        "type": "string",
+        "tags": [],
+        "label": "apmEnableMultiSignal",
+        "description": [],
+        "signature": [
+          "\"observability:apmEnableMultiSignal\""
+        ],
+        "path": "x-pack/plugins/observability_solution/observability/common/ui_settings_keys.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observability",
         "id": "def-common.apmEnableProfilingIntegration",
diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx
index 8b0145aebed4c..e60c5ad48da4b 100644
--- a/api_docs/observability.mdx
+++ b/api_docs/observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability
 title: "observability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observability plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability']
 ---
 import observabilityObj from './observability.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 698 | 2 | 689 | 15 |
+| 693 | 2 | 686 | 22 |
 
 ## Client
 
@@ -34,9 +34,6 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/
 ### Functions
 <DocDefinitionList data={observabilityObj.client.functions}/>
 
-### Classes
-<DocDefinitionList data={observabilityObj.client.classes}/>
-
 ### Interfaces
 <DocDefinitionList data={observabilityObj.client.interfaces}/>
 
diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx
index 944c331bf49d7..8532081a15967 100644
--- a/api_docs/observability_a_i_assistant.mdx
+++ b/api_docs/observability_a_i_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant
 title: "observabilityAIAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAIAssistant plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant']
 ---
 import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json';
diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx
index 3d3c4c26a72b5..fdcdbaf5bca86 100644
--- a/api_docs/observability_a_i_assistant_app.mdx
+++ b/api_docs/observability_a_i_assistant_app.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp
 title: "observabilityAIAssistantApp"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAIAssistantApp plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp']
 ---
 import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json';
diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx
index 0a6cd4f656e10..139f2c05c4669 100644
--- a/api_docs/observability_ai_assistant_management.mdx
+++ b/api_docs/observability_ai_assistant_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement
 title: "observabilityAiAssistantManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAiAssistantManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement']
 ---
 import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json';
diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx
index 3106ad25e10ba..175d36ddfd4df 100644
--- a/api_docs/observability_logs_explorer.mdx
+++ b/api_docs/observability_logs_explorer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer
 title: "observabilityLogsExplorer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityLogsExplorer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer']
 ---
 import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json';
diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx
index 9c73c46efa49f..2b6b96f32e079 100644
--- a/api_docs/observability_onboarding.mdx
+++ b/api_docs/observability_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding
 title: "observabilityOnboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityOnboarding plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding']
 ---
 import observabilityOnboardingObj from './observability_onboarding.devdocs.json';
diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx
index f5e26915cb9b4..aaee7258e2aa9 100644
--- a/api_docs/observability_shared.mdx
+++ b/api_docs/observability_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared
 title: "observabilityShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityShared plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared']
 ---
 import observabilitySharedObj from './observability_shared.devdocs.json';
diff --git a/api_docs/osquery.devdocs.json b/api_docs/osquery.devdocs.json
index 2d09d029c0772..938299886d68a 100644
--- a/api_docs/osquery.devdocs.json
+++ b/api_docs/osquery.devdocs.json
@@ -301,7 +301,7 @@
           "label": "createActionService",
           "description": [],
           "signature": [
-            "{ create: (params: { agent_ids?: string[] | undefined; agent_all?: boolean | undefined; agent_platforms?: string[] | undefined; agent_policy_ids?: string[] | undefined; query?: string | undefined; queries?: { id: string; query: string; ecs_mapping: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; version: string | undefined; platform: string | undefined; removed: boolean | undefined; snapshot: boolean | undefined; }[] | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; ecs_mapping?: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; pack_id?: string | undefined; alert_ids?: string[] | undefined; case_ids?: string[] | undefined; event_ids?: string[] | undefined; metadata?: object | undefined; }, alertData?: (OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+            "{ create: (params: { agent_ids?: string[] | undefined; agent_all?: boolean | undefined; agent_platforms?: string[] | undefined; agent_policy_ids?: string[] | undefined; query?: string | undefined; queries?: { id: string; query: string; ecs_mapping: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; version: string | undefined; platform: string | undefined; removed: boolean | undefined; snapshot: boolean | undefined; }[] | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; ecs_mapping?: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; pack_id?: string | undefined; alert_ids?: string[] | undefined; case_ids?: string[] | undefined; event_ids?: string[] | undefined; metadata?: object | undefined; }, alertData?: (OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
             {
               "pluginId": "@kbn/alerts-as-data-utils",
               "scope": "common",
@@ -309,7 +309,7 @@
               "section": "def-common.MultiField",
               "text": "MultiField"
             },
-            "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & { _index: string; }) | undefined) => Promise<{ response: { action_id: string; '@timestamp': string; expiration: string; type: string; input_type: string; alert_ids: string[] | undefined; event_ids: string[] | undefined; case_ids: string[] | undefined; agent_ids: string[] | undefined; agent_all: boolean | undefined; agent_platforms: string[] | undefined; agent_policy_ids: string[] | undefined; agents: string[]; user_id: string | undefined; metadata: object | undefined; pack_id: string | undefined; pack_name: string | undefined; pack_prebuilt: boolean | undefined; queries: ",
+            "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & { _index: string; }) | undefined) => Promise<{ response: { action_id: string; '@timestamp': string; expiration: string; type: string; input_type: string; alert_ids: string[] | undefined; event_ids: string[] | undefined; case_ids: string[] | undefined; agent_ids: string[] | undefined; agent_all: boolean | undefined; agent_platforms: string[] | undefined; agent_policy_ids: string[] | undefined; agents: string[]; user_id: string | undefined; metadata: object | undefined; pack_id: string | undefined; pack_name: string | undefined; pack_prebuilt: boolean | undefined; queries: ",
             "Dictionary",
             "<any>[]; }; fleetActionsCount: number; }>; stop: () => void; }"
           ],
diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx
index ac6690ba3a9dd..4d12385d01663 100644
--- a/api_docs/osquery.mdx
+++ b/api_docs/osquery.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery
 title: "osquery"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the osquery plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery']
 ---
 import osqueryObj from './osquery.devdocs.json';
diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx
index 4324d1d11c14a..32c34c2a2f691 100644
--- a/api_docs/painless_lab.mdx
+++ b/api_docs/painless_lab.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab
 title: "painlessLab"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the painlessLab plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab']
 ---
 import painlessLabObj from './painless_lab.devdocs.json';
diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx
index 80b6b3136a7d9..3f6941e5749f1 100644
--- a/api_docs/plugin_directory.mdx
+++ b/api_docs/plugin_directory.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory
 slug: /kibana-dev-docs/api-meta/plugin-api-directory
 title: Directory
 description: Directory of public APIs available through plugins or packages.
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
@@ -15,13 +15,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 | Count | Plugins or Packages with a <br /> public API | Number of teams |
 |--------------|----------|------------------------|
-| 805 | 689 | 42 |
+| 810 | 694 | 42 |
 
 ### Public API health stats
 
 | API Count | Any Count | Missing comments | Missing exports |
 |--------------|----------|-----------------|--------|
-| 49310 | 238 | 37600 | 1879 |
+| 49599 | 238 | 37841 | 1886 |
 
 ## Plugin Directory
 
@@ -31,10 +31,9 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibAdvancedSettingsPluginApi" text="advancedSettings"/> | [@elastic/appex-sharedux @elastic/kibana-management](https://github.com/orgs/elastic/teams/appex-sharedux ) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibAiAssistantManagementSelectionPluginApi" text="aiAssistantManagementSelection"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 4 | 0 | 4 | 1 |
 | <DocLink id="kibAiopsPluginApi" text="aiops"/> | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | AIOps plugin maintained by ML team. | 72 | 0 | 9 | 2 |
-| <DocLink id="kibAlertingPluginApi" text="alerting"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 868 | 1 | 836 | 54 |
+| <DocLink id="kibAlertingPluginApi" text="alerting"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 870 | 1 | 838 | 52 |
 | <DocLink id="kibApmPluginApi" text="apm"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | The user interface for Elastic APM | 29 | 0 | 29 | 123 |
 | <DocLink id="kibApmDataAccessPluginApi" text="apmDataAccess"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 9 | 0 | 9 | 0 |
-| <DocLink id="kibAssetManagerPluginApi" text="assetManager"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | Asset manager plugin for entity assets (inventory, topology, etc) | 9 | 0 | 9 | 2 |
 | <DocLink id="kibAssetsDataAccessPluginApi" text="assetsDataAccess"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibBannersPluginApi" text="banners"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 9 | 0 | 9 | 0 |
 | <DocLink id="kibBfetchPluginApi" text="bfetch"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Considering using bfetch capabilities when fetching large amounts of data. This services supports batching HTTP requests and streaming responses back. | 83 | 1 | 73 | 2 |
@@ -60,21 +59,22 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibDataPluginApi" text="data"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Data services are useful for searching and querying data from Elasticsearch. Helpful utilities include: a re-usable react query bar, KQL autocomplete, async search, Data Views (Index Patterns) and field formatters. | 3199 | 31 | 2590 | 24 |
 | <DocLink id="kibDataQualityPluginApi" text="dataQuality"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 8 | 0 | 8 | 0 |
 | <DocLink id="kibDataViewEditorPluginApi" text="dataViewEditor"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin provides the ability to create data views via a modal flyout inside Kibana apps | 35 | 0 | 25 | 5 |
-| <DocLink id="kibDataViewFieldEditorPluginApi" text="dataViewFieldEditor"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Reusable data view field editor across Kibana | 72 | 0 | 33 | 0 |
+| <DocLink id="kibDataViewFieldEditorPluginApi" text="dataViewFieldEditor"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Reusable data view field editor across Kibana | 72 | 0 | 33 | 1 |
 | <DocLink id="kibDataViewManagementPluginApi" text="dataViewManagement"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Data view management app | 2 | 0 | 2 | 0 |
-| <DocLink id="kibDataViewsPluginApi" text="dataViews"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Data services are useful for searching and querying data from Elasticsearch. Helpful utilities include: a re-usable react query bar, KQL autocomplete, async search, Data Views (Index Patterns) and field formatters. | 1159 | 0 | 402 | 3 |
+| <DocLink id="kibDataViewsPluginApi" text="dataViews"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Data services are useful for searching and querying data from Elasticsearch. Helpful utilities include: a re-usable react query bar, KQL autocomplete, async search, Data Views (Index Patterns) and field formatters. | 1158 | 0 | 401 | 3 |
 | <DocLink id="kibDataVisualizerPluginApi" text="dataVisualizer"/> | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | The Data Visualizer tools help you understand your data, by analyzing the metrics and fields in a log file or an existing Elasticsearch index. | 31 | 3 | 25 | 4 |
 | <DocLink id="kibDatasetQualityPluginApi" text="datasetQuality"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin introduces the concept of data set quality, where users can easily get an overview on the data sets they have. | 10 | 0 | 10 | 5 |
 | <DocLink id="kibDevToolsPluginApi" text="devTools"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 15 | 0 | 9 | 2 |
-| <DocLink id="kibDiscoverPluginApi" text="discover"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains the Discover application and the saved search embeddable. | 148 | 0 | 101 | 28 |
+| <DocLink id="kibDiscoverPluginApi" text="discover"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains the Discover application and the saved search embeddable. | 144 | 0 | 97 | 29 |
 | <DocLink id="kibDiscoverEnhancedPluginApi" text="discoverEnhanced"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 35 | 0 | 33 | 2 |
 | <DocLink id="kibDiscoverSharedPluginApi" text="discoverShared"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | A stateful layer to register shared features and provide an access point to discover without a direct dependency | 16 | 0 | 15 | 2 |
 | <DocLink id="kibEcsDataQualityDashboardPluginApi" text="ecsDataQualityDashboard"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | APIs used to assess the quality of data in Elasticsearch indexes | 2 | 0 | 0 | 0 |
 | <DocLink id="kibElasticAssistantPluginApi" text="elasticAssistant"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | Server APIs for the Elastic AI Assistant | 48 | 0 | 34 | 1 |
-| <DocLink id="kibEmbeddablePluginApi" text="embeddable"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds embeddables service to Kibana | 557 | 1 | 447 | 9 |
+| <DocLink id="kibEmbeddablePluginApi" text="embeddable"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds embeddables service to Kibana | 571 | 1 | 461 | 9 |
 | <DocLink id="kibEmbeddableEnhancedPluginApi" text="embeddableEnhanced"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Extends embeddable plugin with more functionality | 19 | 0 | 19 | 2 |
 | <DocLink id="kibEncryptedSavedObjectsPluginApi" text="encryptedSavedObjects"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides encryption and decryption utilities for saved objects containing sensitive information. | 53 | 0 | 46 | 1 |
 | <DocLink id="kibEnterpriseSearchPluginApi" text="enterpriseSearch"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Adds dashboards for discovering and managing Enterprise Search products. | 5 | 0 | 5 | 0 |
+| <DocLink id="kibEntityManagerPluginApi" text="entityManager"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | Entity manager plugin for entity assets (inventory, topology, etc) | 8 | 0 | 8 | 1 |
 | <DocLink id="kibEsUiSharedPluginApi" text="esUiShared"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 99 | 3 | 97 | 3 |
 | <DocLink id="kibEsqlDataGridPluginApi" text="esqlDataGrid"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibEventAnnotationPluginApi" text="eventAnnotation"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | The Event Annotation service contains expressions for event annotations | 201 | 0 | 201 | 6 |
@@ -93,15 +93,15 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibExpressionRevealImagePluginApi" text="expressionRevealImage"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds 'revealImage' function and renderer to expressions | 14 | 0 | 14 | 3 |
 | <DocLink id="kibExpressionShapePluginApi" text="expressionShape"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds 'shape' function and renderer to expressions | 148 | 0 | 146 | 0 |
 | <DocLink id="kibExpressionTagcloudPluginApi" text="expressionTagcloud"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression Tagcloud plugin adds a `tagcloud` renderer and function to the expression plugin. The renderer will display the `Wordcloud` chart. | 6 | 0 | 6 | 2 |
-| <DocLink id="kibExpressionXYPluginApi" text="expressionXY"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression XY plugin adds a `xy` renderer and function to the expression plugin. The renderer will display the `xy` chart. | 177 | 0 | 166 | 13 |
+| <DocLink id="kibExpressionXYPluginApi" text="expressionXY"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression XY plugin adds a `xy` renderer and function to the expression plugin. The renderer will display the `xy` chart. | 180 | 0 | 169 | 13 |
 | <DocLink id="kibExpressionsPluginApi" text="expressions"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Adds expression runtime to Kibana | 2233 | 17 | 1763 | 6 |
 | <DocLink id="kibFeaturesPluginApi" text="features"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 247 | 0 | 102 | 2 |
 | <DocLink id="kibFieldFormatsPluginApi" text="fieldFormats"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Index pattern fields and ambiguous values formatters | 292 | 5 | 253 | 3 |
 | <DocLink id="kibFieldsMetadataPluginApi" text="fieldsMetadata"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | Exposes services for async usage and search of fields metadata. | 39 | 0 | 39 | 7 |
 | <DocLink id="kibFileUploadPluginApi" text="fileUpload"/> | [@elastic/kibana-gis](https://github.com/orgs/elastic/teams/kibana-gis) | The file upload plugin contains components and services for uploading a file, analyzing its data, and then importing the data into an Elasticsearch index. Supported file types include CSV, TSV, newline-delimited JSON and GeoJSON. | 84 | 0 | 84 | 8 |
 | <DocLink id="kibFilesPluginApi" text="files"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | File upload, download, sharing, and serving over HTTP implementation in Kibana. | 240 | 0 | 24 | 9 |
-| <DocLink id="kibFilesManagementPluginApi" text="filesManagement"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Simple UI for managing files in Kibana | 2 | 0 | 2 | 0 |
-| <DocLink id="kibFleetPluginApi" text="fleet"/> | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | - | 1339 | 5 | 1217 | 72 |
+| <DocLink id="kibFilesManagementPluginApi" text="filesManagement"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Simple UI for managing files in Kibana | 3 | 0 | 3 | 0 |
+| <DocLink id="kibFleetPluginApi" text="fleet"/> | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | - | 1348 | 5 | 1226 | 72 |
 | ftrApis | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 0 | 0 | 0 | 0 |
 | <DocLink id="kibGlobalSearchPluginApi" text="globalSearch"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 72 | 0 | 14 | 5 |
 | globalSearchBar | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 0 | 0 | 0 | 0 |
@@ -117,19 +117,19 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibIngestPipelinesPluginApi" text="ingestPipelines"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 0 |
 | inputControlVis | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds Input Control visualization to Kibana | 0 | 0 | 0 | 0 |
 | <DocLink id="kibInspectorPluginApi" text="inspector"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | - | 127 | 2 | 100 | 4 |
-| <DocLink id="kibIntegrationAssistantPluginApi" text="integrationAssistant"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | A simple example of how to use core's routing services test | 38 | 0 | 33 | 1 |
+| <DocLink id="kibIntegrationAssistantPluginApi" text="integrationAssistant"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | Plugin implementing the Integration Assistant API and UI | 44 | 0 | 38 | 2 |
 | <DocLink id="kibInteractiveSetupPluginApi" text="interactiveSetup"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides UI and APIs for the interactive setup mode. | 28 | 0 | 18 | 0 |
 | <DocLink id="kibInvestigatePluginApi" text="investigate"/> | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 95 | 0 | 95 | 4 |
 | <DocLink id="kibKibanaOverviewPluginApi" text="kibanaOverview"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 6 | 0 | 6 | 0 |
 | <DocLink id="kibKibanaReactPluginApi" text="kibanaReact"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 153 | 0 | 121 | 3 |
 | kibanaUsageCollection | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 0 | 0 | 0 | 0 |
-| <DocLink id="kibKibanaUtilsPluginApi" text="kibanaUtils"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 609 | 3 | 416 | 9 |
+| <DocLink id="kibKibanaUtilsPluginApi" text="kibanaUtils"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 610 | 3 | 417 | 9 |
 | <DocLink id="kibKubernetesSecurityPluginApi" text="kubernetesSecurity"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 5 | 0 | 5 | 1 |
-| <DocLink id="kibLensPluginApi" text="lens"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Visualization editor allowing to quickly and easily configure compelling visualizations to use on dashboards and canvas workpads. Exposes components to embed visualizations and link into the Lens editor from within other apps in Kibana. | 669 | 0 | 567 | 62 |
+| <DocLink id="kibLensPluginApi" text="lens"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Visualization editor allowing to quickly and easily configure compelling visualizations to use on dashboards and canvas workpads. Exposes components to embed visualizations and link into the Lens editor from within other apps in Kibana. | 672 | 0 | 570 | 62 |
 | <DocLink id="kibLicenseApiGuardPluginApi" text="licenseApiGuard"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 8 | 0 | 8 | 0 |
 | <DocLink id="kibLicenseManagementPluginApi" text="licenseManagement"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 1 |
 | <DocLink id="kibLicensingPluginApi" text="licensing"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 117 | 0 | 42 | 10 |
-| <DocLink id="kibLinksPluginApi" text="links"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | A dashboard panel for creating links to dashboards or external links. | 57 | 0 | 57 | 6 |
+| <DocLink id="kibLinksPluginApi" text="links"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | A dashboard panel for creating links to dashboards or external links. | 58 | 0 | 58 | 6 |
 | <DocLink id="kibListsPluginApi" text="lists"/> | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 226 | 0 | 97 | 52 |
 | <DocLink id="kibLogsDataAccessPluginApi" text="logsDataAccess"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 7 | 0 | 7 | 1 |
 | <DocLink id="kibLogsExplorerPluginApi" text="logsExplorer"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin provides a LogsExplorer component using the Discover customization framework, offering several affordances specifically designed for log consumption. | 117 | 4 | 117 | 22 |
@@ -147,7 +147,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibNewsfeedPluginApi" text="newsfeed"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 17 | 0 | 17 | 0 |
 | <DocLink id="kibNoDataPagePluginApi" text="noDataPage"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibNotificationsPluginApi" text="notifications"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 1 |
-| <DocLink id="kibObservabilityPluginApi" text="observability"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 698 | 2 | 689 | 15 |
+| <DocLink id="kibObservabilityPluginApi" text="observability"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 693 | 2 | 686 | 22 |
 | <DocLink id="kibObservabilityAIAssistantPluginApi" text="observabilityAIAssistant"/> | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 290 | 1 | 288 | 26 |
 | <DocLink id="kibObservabilityAIAssistantAppPluginApi" text="observabilityAIAssistantApp"/> | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 4 | 0 | 4 | 0 |
 | <DocLink id="kibObservabilityAiAssistantManagementPluginApi" text="observabilityAiAssistantManagement"/> | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 2 | 0 | 2 | 0 |
@@ -174,11 +174,12 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibScreenshotModePluginApi" text="screenshotMode"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 32 | 0 | 13 | 0 |
 | <DocLink id="kibScreenshottingPluginApi" text="screenshotting"/> | [@elastic/kibana-reporting-services](https://github.com/orgs/elastic/teams/kibana-reporting-services) | Kibana Screenshotting Plugin | 32 | 0 | 8 | 4 |
 | <DocLink id="kibSearchConnectorsPluginApi" text="searchConnectors"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Plugin hosting shared features for connectors | 19 | 0 | 19 | 3 |
+| <DocLink id="kibSearchHomepagePluginApi" text="searchHomepage"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 18 | 0 | 10 | 0 |
 | <DocLink id="kibSearchInferenceEndpointsPluginApi" text="searchInferenceEndpoints"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 10 | 0 | 6 | 1 |
 | <DocLink id="kibSearchNotebooksPluginApi" text="searchNotebooks"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Plugin to provide access to and rendering of python notebooks for use in the persistent developer console. | 6 | 0 | 6 | 0 |
 | <DocLink id="kibSearchPlaygroundPluginApi" text="searchPlayground"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 18 | 0 | 10 | 1 |
 | searchprofiler | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 |
-| <DocLink id="kibSecurityPluginApi" text="security"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides authentication and authorization features, and exposes functionality to understand the capabilities of the currently authenticated user. | 414 | 0 | 205 | 3 |
+| <DocLink id="kibSecurityPluginApi" text="security"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides authentication and authorization features, and exposes functionality to understand the capabilities of the currently authenticated user. | 411 | 0 | 204 | 1 |
 | <DocLink id="kibSecuritySolutionPluginApi" text="securitySolution"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 191 | 0 | 121 | 37 |
 | <DocLink id="kibSecuritySolutionEssPluginApi" text="securitySolutionEss"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | ESS customizations for Security Solution. | 6 | 0 | 6 | 0 |
 | <DocLink id="kibSecuritySolutionServerlessPluginApi" text="securitySolutionServerless"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | Serverless customizations for security. | 7 | 0 | 7 | 0 |
@@ -200,13 +201,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibTelemetryManagementSectionPluginApi" text="telemetryManagementSection"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 6 | 0 | 0 | 0 |
 | <DocLink id="kibTextBasedLanguagesPluginApi" text="textBasedLanguages"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 29 | 0 | 10 | 0 |
 | <DocLink id="kibThreatIntelligencePluginApi" text="threatIntelligence"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | Elastic threat intelligence helps you see if you are open to or have been subject to current or historical known threats | 30 | 0 | 14 | 4 |
-| <DocLink id="kibTimelinesPluginApi" text="timelines"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 242 | 1 | 198 | 17 |
+| <DocLink id="kibTimelinesPluginApi" text="timelines"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 239 | 1 | 195 | 17 |
 | <DocLink id="kibTransformPluginApi" text="transform"/> | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | This plugin provides access to the transforms features provided by Elastic. Transforms enable you to convert existing Elasticsearch indices into summarized indices, which provide opportunities for new insights and analytics. | 4 | 0 | 4 | 1 |
 | translations | [@elastic/kibana-localization](https://github.com/orgs/elastic/teams/kibana-localization) | - | 0 | 0 | 0 | 0 |
 | <DocLink id="kibTriggersActionsUiPluginApi" text="triggersActionsUi"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 588 | 1 | 562 | 52 |
-| <DocLink id="kibUiActionsPluginApi" text="uiActions"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds UI Actions service to Kibana | 149 | 0 | 103 | 9 |
+| <DocLink id="kibUiActionsPluginApi" text="uiActions"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds UI Actions service to Kibana | 156 | 0 | 110 | 9 |
 | <DocLink id="kibUiActionsEnhancedPluginApi" text="uiActionsEnhanced"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Extends UI Actions plugin with more functionality | 212 | 0 | 145 | 11 |
-| <DocLink id="kibUnifiedDocViewerPluginApi" text="unifiedDocViewer"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains services reliant on the plugin lifecycle for the unified doc viewer component (see @kbn/unified-doc-viewer). | 10 | 0 | 7 | 2 |
+| <DocLink id="kibUnifiedDocViewerPluginApi" text="unifiedDocViewer"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains services reliant on the plugin lifecycle for the unified doc viewer component (see @kbn/unified-doc-viewer). | 12 | 0 | 8 | 3 |
 | <DocLink id="kibUnifiedHistogramPluginApi" text="unifiedHistogram"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | The `unifiedHistogram` plugin provides UI components to create a layout including a resizable histogram and a main display. | 71 | 0 | 36 | 6 |
 | <DocLink id="kibUnifiedSearchPluginApi" text="unifiedSearch"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains all the key functionality of Kibana's unified search experience.Contains all the key functionality of Kibana's unified search experience. | 152 | 2 | 113 | 23 |
 | upgradeAssistant | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 |
@@ -228,7 +229,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibVisTypeVegaPluginApi" text="visTypeVega"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Registers the vega visualization. Is the elastic version of vega and vega-lite libraries. | 2 | 0 | 2 | 0 |
 | <DocLink id="kibVisTypeVislibPluginApi" text="visTypeVislib"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the vislib visualizations. These are the classical area/line/bar, gauge/goal and heatmap charts. We want to replace them with elastic-charts. | 1 | 0 | 1 | 0 |
 | <DocLink id="kibVisTypeXyPluginApi" text="visTypeXy"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the new xy-axis chart using the elastic-charts library, which will eventually replace the vislib xy-axis charts including bar, area, and line. | 52 | 0 | 50 | 5 |
-| <DocLink id="kibVisualizationsPluginApi" text="visualizations"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the shared architecture among all the legacy visualizations, e.g. the visualization type registry or the visualization embeddable. | 864 | 12 | 833 | 19 |
+| <DocLink id="kibVisualizationsPluginApi" text="visualizations"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the shared architecture among all the legacy visualizations, e.g. the visualization type registry or the visualization embeddable. | 869 | 12 | 838 | 19 |
 | watcher | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 |
 
 ## Package Directory
@@ -243,7 +244,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnAlertingApiIntegrationHelpersPluginApi" text="@kbn/alerting-api-integration-helpers"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 27 | 3 | 27 | 0 |
 | <DocLink id="kibKbnAlertingComparatorsPluginApi" text="@kbn/alerting-comparators"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 5 | 0 | 5 | 0 |
 | <DocLink id="kibKbnAlertingStateTypesPluginApi" text="@kbn/alerting-state-types"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 23 | 0 | 22 | 0 |
-| <DocLink id="kibKbnAlertingTypesPluginApi" text="@kbn/alerting-types"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 190 | 0 | 187 | 0 |
+| <DocLink id="kibKbnAlertingTypesPluginApi" text="@kbn/alerting-types"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 193 | 0 | 190 | 0 |
 | <DocLink id="kibKbnAlertsAsDataUtilsPluginApi" text="@kbn/alerts-as-data-utils"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 33 | 0 | 33 | 0 |
 | <DocLink id="kibKbnAlertsUiSharedPluginApi" text="@kbn/alerts-ui-shared"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 237 | 0 | 223 | 2 |
 | <DocLink id="kibKbnAnalyticsPluginApi" text="@kbn/analytics"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 73 | 0 | 73 | 2 |
@@ -251,7 +252,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnApmConfigLoaderPluginApi" text="@kbn/apm-config-loader"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 18 | 0 | 18 | 0 |
 | <DocLink id="kibKbnApmDataViewPluginApi" text="@kbn/apm-data-view"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 4 | 0 | 4 | 0 |
 | <DocLink id="kibKbnApmSynthtracePluginApi" text="@kbn/apm-synthtrace"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 49 | 0 | 49 | 8 |
-| <DocLink id="kibKbnApmSynthtraceClientPluginApi" text="@kbn/apm-synthtrace-client"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 191 | 0 | 191 | 30 |
+| <DocLink id="kibKbnApmSynthtraceClientPluginApi" text="@kbn/apm-synthtrace-client"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 192 | 0 | 192 | 30 |
 | <DocLink id="kibKbnApmUtilsPluginApi" text="@kbn/apm-utils"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 11 | 0 | 11 | 0 |
 | <DocLink id="kibKbnAxeConfigPluginApi" text="@kbn/axe-config"/> | [@elastic/kibana-qa](https://github.com/orgs/elastic/teams/kibana-qa) | - | 12 | 0 | 12 | 0 |
 | <DocLink id="kibKbnBfetchErrorPluginApi" text="@kbn/bfetch-error"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 4 | 0 | 1 | 0 |
@@ -265,7 +266,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCiStatsPerformanceMetricsPluginApi" text="@kbn/ci-stats-performance-metrics"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnCiStatsReporterPluginApi" text="@kbn/ci-stats-reporter"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 62 | 0 | 17 | 1 |
 | <DocLink id="kibKbnCliDevModePluginApi" text="@kbn/cli-dev-mode"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 |
-| <DocLink id="kibKbnCodeEditorPluginApi" text="@kbn/code-editor"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 39 | 0 | 16 | 0 |
+| <DocLink id="kibKbnCodeEditorPluginApi" text="@kbn/code-editor"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 40 | 0 | 17 | 0 |
 | <DocLink id="kibKbnCodeEditorMockPluginApi" text="@kbn/code-editor-mock"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnCodeOwnersPluginApi" text="@kbn/code-owners"/> | [@elastic/appex-qa](https://github.com/orgs/elastic/teams/appex-qa) | - | 8 | 0 | 4 | 0 |
 | <DocLink id="kibKbnColoringPluginApi" text="@kbn/coloring"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 217 | 0 | 180 | 9 |
@@ -323,7 +324,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreDocLinksServerMocksPluginApi" text="@kbn/core-doc-links-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 0 |
 | <DocLink id="kibKbnCoreElasticsearchClientServerInternalPluginApi" text="@kbn/core-elasticsearch-client-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 22 | 0 | 13 | 1 |
 | <DocLink id="kibKbnCoreElasticsearchClientServerMocksPluginApi" text="@kbn/core-elasticsearch-client-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 38 | 1 | 34 | 0 |
-| <DocLink id="kibKbnCoreElasticsearchServerPluginApi" text="@kbn/core-elasticsearch-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 115 | 0 | 55 | 0 |
+| <DocLink id="kibKbnCoreElasticsearchServerPluginApi" text="@kbn/core-elasticsearch-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 116 | 0 | 56 | 0 |
 | <DocLink id="kibKbnCoreElasticsearchServerInternalPluginApi" text="@kbn/core-elasticsearch-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 43 | 0 | 38 | 3 |
 | <DocLink id="kibKbnCoreElasticsearchServerMocksPluginApi" text="@kbn/core-elasticsearch-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 13 | 1 | 13 | 0 |
 | <DocLink id="kibKbnCoreEnvironmentServerInternalPluginApi" text="@kbn/core-environment-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 1 |
@@ -348,7 +349,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreHttpResourcesServerMocksPluginApi" text="@kbn/core-http-resources-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 7 | 0 | 7 | 0 |
 | <DocLink id="kibKbnCoreHttpRouterServerInternalPluginApi" text="@kbn/core-http-router-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 54 | 7 | 54 | 6 |
 | <DocLink id="kibKbnCoreHttpRouterServerMocksPluginApi" text="@kbn/core-http-router-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 13 | 0 | 13 | 1 |
-| <DocLink id="kibKbnCoreHttpServerPluginApi" text="@kbn/core-http-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 489 | 2 | 193 | 0 |
+| <DocLink id="kibKbnCoreHttpServerPluginApi" text="@kbn/core-http-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 495 | 2 | 193 | 0 |
 | <DocLink id="kibKbnCoreHttpServerInternalPluginApi" text="@kbn/core-http-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 92 | 0 | 79 | 10 |
 | <DocLink id="kibKbnCoreHttpServerMocksPluginApi" text="@kbn/core-http-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 44 | 0 | 43 | 0 |
 | <DocLink id="kibKbnCoreI18nBrowserPluginApi" text="@kbn/core-i18n-browser"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 2 | 0 |
@@ -406,7 +407,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreSavedObjectsCommonPluginApi" text="@kbn/core-saved-objects-common"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 73 | 0 | 40 | 0 |
 | <DocLink id="kibKbnCoreSavedObjectsImportExportServerInternalPluginApi" text="@kbn/core-saved-objects-import-export-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 26 | 0 | 23 | 0 |
 | <DocLink id="kibKbnCoreSavedObjectsImportExportServerMocksPluginApi" text="@kbn/core-saved-objects-import-export-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 0 |
-| <DocLink id="kibKbnCoreSavedObjectsMigrationServerInternalPluginApi" text="@kbn/core-saved-objects-migration-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 128 | 0 | 94 | 45 |
+| <DocLink id="kibKbnCoreSavedObjectsMigrationServerInternalPluginApi" text="@kbn/core-saved-objects-migration-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 128 | 0 | 94 | 44 |
 | <DocLink id="kibKbnCoreSavedObjectsMigrationServerMocksPluginApi" text="@kbn/core-saved-objects-migration-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 12 | 0 | 12 | 0 |
 | <DocLink id="kibKbnCoreSavedObjectsServerPluginApi" text="@kbn/core-saved-objects-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 561 | 1 | 133 | 4 |
 | <DocLink id="kibKbnCoreSavedObjectsServerInternalPluginApi" text="@kbn/core-saved-objects-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 71 | 0 | 70 | 5 |
@@ -479,30 +480,30 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnDevProcRunnerPluginApi" text="@kbn/dev-proc-runner"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 15 | 0 | 9 | 0 |
 | <DocLink id="kibKbnDevUtilsPluginApi" text="@kbn/dev-utils"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 38 | 2 | 33 | 0 |
 | <DocLink id="kibKbnDiscoverUtilsPluginApi" text="@kbn/discover-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 120 | 0 | 94 | 1 |
-| <DocLink id="kibKbnDocLinksPluginApi" text="@kbn/doc-links"/> | [@elastic/docs](https://github.com/orgs/elastic/teams/docs) | - | 77 | 0 | 77 | 2 |
+| <DocLink id="kibKbnDocLinksPluginApi" text="@kbn/doc-links"/> | [@elastic/docs](https://github.com/orgs/elastic/teams/docs) | - | 78 | 0 | 78 | 2 |
 | <DocLink id="kibKbnDocsUtilsPluginApi" text="@kbn/docs-utils"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 5 | 0 | 5 | 1 |
 | <DocLink id="kibKbnDomDragDropPluginApi" text="@kbn/dom-drag-drop"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 41 | 0 | 27 | 6 |
 | <DocLink id="kibKbnEbtPluginApi" text="@kbn/ebt"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 152 | 0 | 0 | 0 |
 | <DocLink id="kibKbnEbtToolsPluginApi" text="@kbn/ebt-tools"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 33 | 0 | 24 | 1 |
 | <DocLink id="kibKbnEcsDataQualityDashboardPluginApi" text="@kbn/ecs-data-quality-dashboard"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 13 | 0 | 5 | 0 |
 | <DocLink id="kibKbnElasticAgentUtilsPluginApi" text="@kbn/elastic-agent-utils"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 35 | 0 | 34 | 0 |
-| <DocLink id="kibKbnElasticAssistantPluginApi" text="@kbn/elastic-assistant"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 165 | 0 | 138 | 9 |
-| <DocLink id="kibKbnElasticAssistantCommonPluginApi" text="@kbn/elastic-assistant-common"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 305 | 0 | 286 | 0 |
+| <DocLink id="kibKbnElasticAssistantPluginApi" text="@kbn/elastic-assistant"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 166 | 0 | 139 | 9 |
+| <DocLink id="kibKbnElasticAssistantCommonPluginApi" text="@kbn/elastic-assistant-common"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 333 | 0 | 309 | 0 |
 | <DocLink id="kibKbnEntitiesSchemaPluginApi" text="@kbn/entities-schema"/> | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 20 | 0 | 20 | 0 |
 | <DocLink id="kibKbnEsPluginApi" text="@kbn/es"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 52 | 0 | 37 | 7 |
 | <DocLink id="kibKbnEsArchiverPluginApi" text="@kbn/es-archiver"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 32 | 0 | 19 | 1 |
-| <DocLink id="kibKbnEsErrorsPluginApi" text="@kbn/es-errors"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 7 | 0 | 3 | 0 |
+| <DocLink id="kibKbnEsErrorsPluginApi" text="@kbn/es-errors"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 11 | 0 | 6 | 0 |
 | <DocLink id="kibKbnEsQueryPluginApi" text="@kbn/es-query"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 269 | 1 | 209 | 15 |
 | <DocLink id="kibKbnEsTypesPluginApi" text="@kbn/es-types"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 26 | 0 | 26 | 1 |
 | <DocLink id="kibKbnEslintPluginImportsPluginApi" text="@kbn/eslint-plugin-imports"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 1 | 0 |
-| <DocLink id="kibKbnEsqlAstPluginApi" text="@kbn/esql-ast"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 68 | 1 | 68 | 9 |
+| <DocLink id="kibKbnEsqlAstPluginApi" text="@kbn/esql-ast"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 99 | 1 | 96 | 11 |
 | <DocLink id="kibKbnEsqlUtilsPluginApi" text="@kbn/esql-utils"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 53 | 0 | 51 | 0 |
-| <DocLink id="kibKbnEsqlValidationAutocompletePluginApi" text="@kbn/esql-validation-autocomplete"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 189 | 0 | 178 | 10 |
+| <DocLink id="kibKbnEsqlValidationAutocompletePluginApi" text="@kbn/esql-validation-autocomplete"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 192 | 0 | 181 | 10 |
 | <DocLink id="kibKbnEventAnnotationCommonPluginApi" text="@kbn/event-annotation-common"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 39 | 0 | 39 | 0 |
 | <DocLink id="kibKbnEventAnnotationComponentsPluginApi" text="@kbn/event-annotation-components"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 52 | 0 | 52 | 1 |
 | <DocLink id="kibKbnExpandableFlyoutPluginApi" text="@kbn/expandable-flyout"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 39 | 0 | 14 | 1 |
 | <DocLink id="kibKbnFieldTypesPluginApi" text="@kbn/field-types"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 22 | 0 | 18 | 0 |
-| <DocLink id="kibKbnFieldUtilsPluginApi" text="@kbn/field-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 54 | 0 | 45 | 1 |
+| <DocLink id="kibKbnFieldUtilsPluginApi" text="@kbn/field-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 51 | 0 | 42 | 1 |
 | <DocLink id="kibKbnFindUsedNodeModulesPluginApi" text="@kbn/find-used-node-modules"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 0 | 0 |
 | <DocLink id="kibKbnFormattersPluginApi" text="@kbn/formatters"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnFtrCommonFunctionalServicesPluginApi" text="@kbn/ftr-common-functional-services"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 36 | 0 | 21 | 1 |
@@ -529,6 +530,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnJestSerializersPluginApi" text="@kbn/jest-serializers"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 13 | 0 | 13 | 0 |
 | <DocLink id="kibKbnJourneysPluginApi" text="@kbn/journeys"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 86 | 0 | 78 | 6 |
 | <DocLink id="kibKbnJsonAstPluginApi" text="@kbn/json-ast"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 41 | 2 | 35 | 0 |
+| <DocLink id="kibKbnJsonSchemasPluginApi" text="@kbn/json-schemas"/> | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | - | 9 | 0 | 7 | 0 |
 | <DocLink id="kibKbnKibanaManifestSchemaPluginApi" text="@kbn/kibana-manifest-schema"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 108 | 0 | 107 | 0 |
 | <DocLink id="kibKbnLanguageDocumentationPopoverPluginApi" text="@kbn/language-documentation-popover"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 7 | 0 | 5 | 0 |
 | <DocLink id="kibKbnLensEmbeddableUtilsPluginApi" text="@kbn/lens-embeddable-utils"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 193 | 0 | 190 | 6 |
@@ -594,7 +596,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnPluginGeneratorPluginApi" text="@kbn/plugin-generator"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 1 | 0 | 1 | 0 |
 | <DocLink id="kibKbnPluginHelpersPluginApi" text="@kbn/plugin-helpers"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 1 | 0 | 1 | 0 |
 | <DocLink id="kibKbnPresentationContainersPluginApi" text="@kbn/presentation-containers"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | - | 82 | 0 | 71 | 0 |
-| <DocLink id="kibKbnPresentationPublishingPluginApi" text="@kbn/presentation-publishing"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | - | 209 | 0 | 174 | 5 |
+| <DocLink id="kibKbnPresentationPublishingPluginApi" text="@kbn/presentation-publishing"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | - | 214 | 0 | 179 | 5 |
 | <DocLink id="kibKbnProfilingUtilsPluginApi" text="@kbn/profiling-utils"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 168 | 0 | 55 | 0 |
 | <DocLink id="kibKbnRandomSamplingPluginApi" text="@kbn/random-sampling"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 13 | 0 | 7 | 0 |
 | <DocLink id="kibKbnReactFieldPluginApi" text="@kbn/react-field"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 22 | 0 | 9 | 0 |
@@ -623,10 +625,11 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnResizableLayoutPluginApi" text="@kbn/resizable-layout"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | A component for creating resizable layouts containing a fixed width panel and a flexible panel, with support for horizontal and vertical layouts. | 18 | 0 | 5 | 0 |
 | <DocLink id="kibKbnResponseOpsFeatureFlagServicePluginApi" text="@kbn/response-ops-feature-flag-service"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnRisonPluginApi" text="@kbn/rison"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 13 | 2 | 8 | 0 |
+| <DocLink id="kibKbnRollupPluginApi" text="@kbn/rollup"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnRouterToOpenapispecPluginApi" text="@kbn/router-to-openapispec"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 5 | 0 | 5 | 1 |
 | <DocLink id="kibKbnRouterUtilsPluginApi" text="@kbn/router-utils"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 2 | 0 | 1 | 1 |
 | <DocLink id="kibKbnRrulePluginApi" text="@kbn/rrule"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 16 | 0 | 16 | 1 |
-| <DocLink id="kibKbnRuleDataUtilsPluginApi" text="@kbn/rule-data-utils"/> | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 125 | 0 | 122 | 0 |
+| <DocLink id="kibKbnRuleDataUtilsPluginApi" text="@kbn/rule-data-utils"/> | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 127 | 0 | 124 | 0 |
 | <DocLink id="kibKbnSavedObjectsSettingsPluginApi" text="@kbn/saved-objects-settings"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnSearchApiPanelsPluginApi" text="@kbn/search-api-panels"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 76 | 0 | 76 | 0 |
 | <DocLink id="kibKbnSearchConnectorsPluginApi" text="@kbn/search-connectors"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 3717 | 0 | 3717 | 0 |
@@ -634,10 +637,12 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnSearchIndexDocumentsPluginApi" text="@kbn/search-index-documents"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 25 | 0 | 25 | 0 |
 | <DocLink id="kibKbnSearchResponseWarningsPluginApi" text="@kbn/search-response-warnings"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 20 | 0 | 18 | 1 |
 | <DocLink id="kibKbnSearchTypesPluginApi" text="@kbn/search-types"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 50 | 0 | 25 | 0 |
+| <DocLink id="kibKbnSecurityApiKeyManagementPluginApi" text="@kbn/security-api-key-management"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 66 | 0 | 63 | 0 |
+| <DocLink id="kibKbnSecurityFormComponentsPluginApi" text="@kbn/security-form-components"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 35 | 0 | 25 | 0 |
 | <DocLink id="kibKbnSecurityHardeningPluginApi" text="@kbn/security-hardening"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 7 | 0 | 7 | 0 |
-| <DocLink id="kibKbnSecurityPluginTypesCommonPluginApi" text="@kbn/security-plugin-types-common"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 88 | 0 | 40 | 0 |
+| <DocLink id="kibKbnSecurityPluginTypesCommonPluginApi" text="@kbn/security-plugin-types-common"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 116 | 0 | 58 | 0 |
 | <DocLink id="kibKbnSecurityPluginTypesPublicPluginApi" text="@kbn/security-plugin-types-public"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 51 | 0 | 25 | 0 |
-| <DocLink id="kibKbnSecurityPluginTypesServerPluginApi" text="@kbn/security-plugin-types-server"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 207 | 0 | 114 | 0 |
+| <DocLink id="kibKbnSecurityPluginTypesServerPluginApi" text="@kbn/security-plugin-types-server"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 216 | 0 | 121 | 0 |
 | <DocLink id="kibKbnSecuritySolutionFeaturesPluginApi" text="@kbn/security-solution-features"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 14 | 0 | 14 | 6 |
 | <DocLink id="kibKbnSecuritySolutionNavigationPluginApi" text="@kbn/security-solution-navigation"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 54 | 0 | 49 | 0 |
 | <DocLink id="kibKbnSecuritySolutionSideNavPluginApi" text="@kbn/security-solution-side-nav"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 30 | 0 | 24 | 0 |
diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx
index 4df0ee0b57d97..a3cb0410b2f54 100644
--- a/api_docs/presentation_panel.mdx
+++ b/api_docs/presentation_panel.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel
 title: "presentationPanel"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the presentationPanel plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel']
 ---
 import presentationPanelObj from './presentation_panel.devdocs.json';
diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx
index 7e59e1b428305..98f5f54475ad8 100644
--- a/api_docs/presentation_util.mdx
+++ b/api_docs/presentation_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil
 title: "presentationUtil"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the presentationUtil plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil']
 ---
 import presentationUtilObj from './presentation_util.devdocs.json';
diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx
index b03bdffd3b0d2..529b2ea6329a1 100644
--- a/api_docs/profiling.mdx
+++ b/api_docs/profiling.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling
 title: "profiling"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the profiling plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling']
 ---
 import profilingObj from './profiling.devdocs.json';
diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx
index e3310f1e571a0..37e4a9556348a 100644
--- a/api_docs/profiling_data_access.mdx
+++ b/api_docs/profiling_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess
 title: "profilingDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the profilingDataAccess plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess']
 ---
 import profilingDataAccessObj from './profiling_data_access.devdocs.json';
diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx
index 1b78a818df00f..67c1fba9a3abc 100644
--- a/api_docs/remote_clusters.mdx
+++ b/api_docs/remote_clusters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters
 title: "remoteClusters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the remoteClusters plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters']
 ---
 import remoteClustersObj from './remote_clusters.devdocs.json';
diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx
index 10d2a95a204f3..14bc69bab8977 100644
--- a/api_docs/reporting.mdx
+++ b/api_docs/reporting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting
 title: "reporting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the reporting plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting']
 ---
 import reportingObj from './reporting.devdocs.json';
diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx
index 3c7589a1dfaa4..6eec93ed454fe 100644
--- a/api_docs/rollup.mdx
+++ b/api_docs/rollup.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup
 title: "rollup"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the rollup plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup']
 ---
 import rollupObj from './rollup.devdocs.json';
diff --git a/api_docs/rule_registry.devdocs.json b/api_docs/rule_registry.devdocs.json
index d4f84f64fe559..fd79ee3f09e9a 100644
--- a/api_docs/rule_registry.devdocs.json
+++ b/api_docs/rule_registry.devdocs.json
@@ -107,7 +107,7 @@
             "label": "get",
             "description": [],
             "signature": [
-              "({ id, index }: GetAlertParams) => Promise<{ _index: string; \"@timestamp\"?: string | undefined; \"kibana.alert.rule.rule_type_id\"?: string | undefined; \"kibana.alert.rule.consumer\"?: string | undefined; \"kibana.alert.instance.id\"?: string | undefined; \"kibana.alert.rule.category\"?: string | undefined; \"kibana.alert.rule.name\"?: string | undefined; \"kibana.alert.rule.producer\"?: string | undefined; \"kibana.alert.rule.revision\"?: number | undefined; \"kibana.alert.rule.uuid\"?: string | undefined; \"kibana.alert.status\"?: string | undefined; \"kibana.alert.uuid\"?: string | undefined; \"kibana.space_ids\"?: string[] | undefined; \"event.action\"?: string | undefined; tags?: string[] | undefined; \"kibana.alert.rule.execution.uuid\"?: string | undefined; \"event.kind\"?: string | undefined; \"kibana.alert.action_group\"?: string | undefined; \"kibana.alert.case_ids\"?: string[] | undefined; \"kibana.alert.consecutive_matches\"?: number | undefined; \"kibana.alert.duration.us\"?: number | undefined; \"kibana.alert.end\"?: string | undefined; \"kibana.alert.flapping\"?: boolean | undefined; \"kibana.alert.flapping_history\"?: boolean[] | undefined; \"kibana.alert.last_detected\"?: string | undefined; \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; \"kibana.alert.reason\"?: string | undefined; \"kibana.alert.rule.execution.timestamp\"?: string | undefined; \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; \"kibana.alert.rule.tags\"?: string[] | undefined; \"kibana.alert.start\"?: string | undefined; \"kibana.alert.time_range\"?: unknown; \"kibana.alert.url\"?: string | undefined; \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; \"kibana.alert.workflow_status\"?: string | undefined; \"kibana.alert.workflow_tags\"?: string[] | undefined; \"kibana.version\"?: string | undefined; \"ecs.version\"?: string | undefined; \"kibana.alert.risk_score\"?: number | undefined; \"kibana.alert.rule.author\"?: string | undefined; \"kibana.alert.rule.created_at\"?: string | undefined; \"kibana.alert.rule.created_by\"?: string | undefined; \"kibana.alert.rule.description\"?: string | undefined; \"kibana.alert.rule.enabled\"?: string | undefined; \"kibana.alert.rule.from\"?: string | undefined; \"kibana.alert.rule.interval\"?: string | undefined; \"kibana.alert.rule.license\"?: string | undefined; \"kibana.alert.rule.note\"?: string | undefined; \"kibana.alert.rule.references\"?: string[] | undefined; \"kibana.alert.rule.rule_id\"?: string | undefined; \"kibana.alert.rule.rule_name_override\"?: string | undefined; \"kibana.alert.rule.to\"?: string | undefined; \"kibana.alert.rule.type\"?: string | undefined; \"kibana.alert.rule.updated_at\"?: string | undefined; \"kibana.alert.rule.updated_by\"?: string | undefined; \"kibana.alert.rule.version\"?: string | undefined; \"kibana.alert.severity\"?: string | undefined; \"kibana.alert.suppression.docs_count\"?: number | undefined; \"kibana.alert.suppression.end\"?: string | undefined; \"kibana.alert.suppression.start\"?: string | undefined; \"kibana.alert.suppression.terms.field\"?: string[] | undefined; \"kibana.alert.suppression.terms.value\"?: string[] | undefined; \"kibana.alert.system_status\"?: string | undefined; \"kibana.alert.workflow_reason\"?: string | undefined; \"kibana.alert.workflow_status_updated_at\"?: string | undefined; \"kibana.alert.workflow_user\"?: string | undefined; }>"
+              "({ id, index }: GetAlertParams) => Promise<{ _index: string; \"@timestamp\"?: string | undefined; \"kibana.alert.rule.rule_type_id\"?: string | undefined; \"kibana.alert.rule.consumer\"?: string | undefined; \"kibana.alert.instance.id\"?: string | undefined; \"kibana.alert.rule.category\"?: string | undefined; \"kibana.alert.rule.name\"?: string | undefined; \"kibana.alert.rule.producer\"?: string | undefined; \"kibana.alert.rule.revision\"?: number | undefined; \"kibana.alert.rule.uuid\"?: string | undefined; \"kibana.alert.status\"?: string | undefined; \"kibana.alert.uuid\"?: string | undefined; \"kibana.space_ids\"?: string[] | undefined; \"event.action\"?: string | undefined; tags?: string[] | undefined; \"kibana.alert.rule.execution.uuid\"?: string | undefined; \"event.kind\"?: string | undefined; \"kibana.alert.action_group\"?: string | undefined; \"kibana.alert.case_ids\"?: string[] | undefined; \"kibana.alert.consecutive_matches\"?: number | undefined; \"kibana.alert.duration.us\"?: number | undefined; \"kibana.alert.end\"?: string | undefined; \"kibana.alert.flapping\"?: boolean | undefined; \"kibana.alert.flapping_history\"?: boolean[] | undefined; \"kibana.alert.last_detected\"?: string | undefined; \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; \"kibana.alert.previous_action_group\"?: string | undefined; \"kibana.alert.reason\"?: string | undefined; \"kibana.alert.rule.execution.timestamp\"?: string | undefined; \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; \"kibana.alert.rule.tags\"?: string[] | undefined; \"kibana.alert.severity_improving\"?: boolean | undefined; \"kibana.alert.start\"?: string | undefined; \"kibana.alert.time_range\"?: unknown; \"kibana.alert.url\"?: string | undefined; \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; \"kibana.alert.workflow_status\"?: string | undefined; \"kibana.alert.workflow_tags\"?: string[] | undefined; \"kibana.version\"?: string | undefined; \"ecs.version\"?: string | undefined; \"kibana.alert.risk_score\"?: number | undefined; \"kibana.alert.rule.author\"?: string | undefined; \"kibana.alert.rule.created_at\"?: string | undefined; \"kibana.alert.rule.created_by\"?: string | undefined; \"kibana.alert.rule.description\"?: string | undefined; \"kibana.alert.rule.enabled\"?: string | undefined; \"kibana.alert.rule.from\"?: string | undefined; \"kibana.alert.rule.interval\"?: string | undefined; \"kibana.alert.rule.license\"?: string | undefined; \"kibana.alert.rule.note\"?: string | undefined; \"kibana.alert.rule.references\"?: string[] | undefined; \"kibana.alert.rule.rule_id\"?: string | undefined; \"kibana.alert.rule.rule_name_override\"?: string | undefined; \"kibana.alert.rule.to\"?: string | undefined; \"kibana.alert.rule.type\"?: string | undefined; \"kibana.alert.rule.updated_at\"?: string | undefined; \"kibana.alert.rule.updated_by\"?: string | undefined; \"kibana.alert.rule.version\"?: string | undefined; \"kibana.alert.severity\"?: string | undefined; \"kibana.alert.suppression.docs_count\"?: number | undefined; \"kibana.alert.suppression.end\"?: string | undefined; \"kibana.alert.suppression.start\"?: string | undefined; \"kibana.alert.suppression.terms.field\"?: string[] | undefined; \"kibana.alert.suppression.terms.value\"?: string[] | undefined; \"kibana.alert.system_status\"?: string | undefined; \"kibana.alert.workflow_reason\"?: string | undefined; \"kibana.alert.workflow_status_updated_at\"?: string | undefined; \"kibana.alert.workflow_user\"?: string | undefined; }>"
             ],
             "path": "x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts",
             "deprecated": false,
@@ -191,9 +191,9 @@
               "UpdateOptions",
               "<Params>) => Promise<{ _version: string | undefined; get?: ",
               "InlineGet",
-              "<unknown> | undefined; _id: string; _index: string; _primary_term: number; result: ",
+              "<unknown> | undefined; _id: string; _index: string; _primary_term?: number | undefined; result: ",
               "Result",
-              "; _seq_no: number; _shards: ",
+              "; _seq_no?: number | undefined; _shards: ",
               "ShardStatistics",
               "; forced_refresh?: boolean | undefined; }>"
             ],
@@ -403,7 +403,7 @@
               "SortOptions",
               "[] | undefined; track_total_hits?: number | boolean | undefined; _source?: string[] | undefined; }) => Promise<",
               "SearchResponse",
-              "<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              "<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -411,7 +411,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>>, Record<string, ",
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>>, Record<string, ",
               "AggregationsAggregate",
               ">>>"
             ],
@@ -2731,7 +2731,7 @@
             "signature": [
               "<TSearchRequest extends ",
               "SearchRequest",
-              ", TAlertDoc = Partial<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              ", TAlertDoc = Partial<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -2739,7 +2739,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>>>>(request: TSearchRequest) => Promise<",
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>>>>(request: TSearchRequest) => Promise<",
               {
                 "pluginId": "@kbn/es-types",
                 "scope": "common",
@@ -3376,7 +3376,7 @@
             "label": "getAlertByAlertUuid",
             "description": [],
             "signature": [
-              "(alertUuid: string) => Promise<Partial<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+              "(alertUuid: string) => Promise<Partial<OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
               {
                 "pluginId": "@kbn/alerts-as-data-utils",
                 "scope": "common",
@@ -3384,7 +3384,7 @@
                 "section": "def-common.MultiField",
                 "text": "MultiField"
               },
-              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>>> | null> | null"
+              "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf<SetOptional<{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; readonly \"kibana.alert.group\": { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.group.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; }>>> | null> | null"
             ],
             "path": "x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts",
             "deprecated": false,
@@ -4928,7 +4928,7 @@
         "label": "parseTechnicalFields",
         "description": [],
         "signature": [
-          "(input: unknown, partial?: boolean) => OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
+          "(input: unknown, partial?: boolean) => OutputOf<SetOptional<{ readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_status_updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ",
           {
             "pluginId": "@kbn/alerts-as-data-utils",
             "scope": "common",
@@ -4936,7 +4936,7 @@
             "section": "def-common.MultiField",
             "text": "MultiField"
           },
-          "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>>"
+          "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>>"
         ],
         "path": "x-pack/plugins/rule_registry/common/parse_technical_fields.ts",
         "deprecated": false,
@@ -5312,7 +5312,7 @@
         "label": "ParsedTechnicalFields",
         "description": [],
         "signature": [
-          "{ readonly \"@timestamp\": string; readonly \"kibana.alert.rule.rule_type_id\": string; readonly \"kibana.alert.rule.consumer\": string; readonly \"kibana.alert.instance.id\": string; readonly \"kibana.alert.rule.category\": string; readonly \"kibana.alert.rule.name\": string; readonly \"kibana.alert.rule.producer\": string; readonly \"kibana.alert.rule.revision\": number; readonly \"kibana.alert.rule.uuid\": string; readonly \"kibana.alert.status\": string; readonly \"kibana.alert.uuid\": string; readonly \"kibana.space_ids\": string[]; readonly \"event.action\"?: string | undefined; readonly tags?: string[] | undefined; readonly \"kibana.alert.rule.execution.uuid\"?: string | undefined; readonly \"event.kind\"?: string | undefined; readonly \"kibana.alert.action_group\"?: string | undefined; readonly \"kibana.alert.case_ids\"?: string[] | undefined; readonly \"kibana.alert.consecutive_matches\"?: number | undefined; readonly \"kibana.alert.duration.us\"?: number | undefined; readonly \"kibana.alert.end\"?: string | undefined; readonly \"kibana.alert.flapping\"?: boolean | undefined; readonly \"kibana.alert.flapping_history\"?: boolean[] | undefined; readonly \"kibana.alert.last_detected\"?: string | undefined; readonly \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; readonly \"kibana.alert.reason\"?: string | undefined; readonly \"kibana.alert.rule.execution.timestamp\"?: string | undefined; readonly \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; readonly \"kibana.alert.rule.tags\"?: string[] | undefined; readonly \"kibana.alert.start\"?: string | undefined; readonly \"kibana.alert.time_range\"?: unknown; readonly \"kibana.alert.url\"?: string | undefined; readonly \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; readonly \"kibana.alert.workflow_status\"?: string | undefined; readonly \"kibana.alert.workflow_tags\"?: string[] | undefined; readonly \"kibana.version\"?: string | undefined; readonly \"ecs.version\"?: string | undefined; readonly \"kibana.alert.risk_score\"?: number | undefined; readonly \"kibana.alert.rule.author\"?: string | undefined; readonly \"kibana.alert.rule.created_at\"?: string | undefined; readonly \"kibana.alert.rule.created_by\"?: string | undefined; readonly \"kibana.alert.rule.description\"?: string | undefined; readonly \"kibana.alert.rule.enabled\"?: string | undefined; readonly \"kibana.alert.rule.from\"?: string | undefined; readonly \"kibana.alert.rule.interval\"?: string | undefined; readonly \"kibana.alert.rule.license\"?: string | undefined; readonly \"kibana.alert.rule.note\"?: string | undefined; readonly \"kibana.alert.rule.references\"?: string[] | undefined; readonly \"kibana.alert.rule.rule_id\"?: string | undefined; readonly \"kibana.alert.rule.rule_name_override\"?: string | undefined; readonly \"kibana.alert.rule.to\"?: string | undefined; readonly \"kibana.alert.rule.type\"?: string | undefined; readonly \"kibana.alert.rule.updated_at\"?: string | undefined; readonly \"kibana.alert.rule.updated_by\"?: string | undefined; readonly \"kibana.alert.rule.version\"?: string | undefined; readonly \"kibana.alert.severity\"?: string | undefined; readonly \"kibana.alert.suppression.docs_count\"?: number | undefined; readonly \"kibana.alert.suppression.end\"?: string | undefined; readonly \"kibana.alert.suppression.start\"?: string | undefined; readonly \"kibana.alert.suppression.terms.field\"?: string[] | undefined; readonly \"kibana.alert.suppression.terms.value\"?: string[] | undefined; readonly \"kibana.alert.system_status\"?: string | undefined; readonly \"kibana.alert.workflow_reason\"?: string | undefined; readonly \"kibana.alert.workflow_status_updated_at\"?: string | undefined; readonly \"kibana.alert.workflow_user\"?: string | undefined; }"
+          "{ readonly \"@timestamp\": string; readonly \"kibana.alert.rule.rule_type_id\": string; readonly \"kibana.alert.rule.consumer\": string; readonly \"kibana.alert.instance.id\": string; readonly \"kibana.alert.rule.category\": string; readonly \"kibana.alert.rule.name\": string; readonly \"kibana.alert.rule.producer\": string; readonly \"kibana.alert.rule.revision\": number; readonly \"kibana.alert.rule.uuid\": string; readonly \"kibana.alert.status\": string; readonly \"kibana.alert.uuid\": string; readonly \"kibana.space_ids\": string[]; readonly \"event.action\"?: string | undefined; readonly tags?: string[] | undefined; readonly \"kibana.alert.rule.execution.uuid\"?: string | undefined; readonly \"event.kind\"?: string | undefined; readonly \"kibana.alert.action_group\"?: string | undefined; readonly \"kibana.alert.case_ids\"?: string[] | undefined; readonly \"kibana.alert.consecutive_matches\"?: number | undefined; readonly \"kibana.alert.duration.us\"?: number | undefined; readonly \"kibana.alert.end\"?: string | undefined; readonly \"kibana.alert.flapping\"?: boolean | undefined; readonly \"kibana.alert.flapping_history\"?: boolean[] | undefined; readonly \"kibana.alert.last_detected\"?: string | undefined; readonly \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; readonly \"kibana.alert.previous_action_group\"?: string | undefined; readonly \"kibana.alert.reason\"?: string | undefined; readonly \"kibana.alert.rule.execution.timestamp\"?: string | undefined; readonly \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; readonly \"kibana.alert.rule.tags\"?: string[] | undefined; readonly \"kibana.alert.severity_improving\"?: boolean | undefined; readonly \"kibana.alert.start\"?: string | undefined; readonly \"kibana.alert.time_range\"?: unknown; readonly \"kibana.alert.url\"?: string | undefined; readonly \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; readonly \"kibana.alert.workflow_status\"?: string | undefined; readonly \"kibana.alert.workflow_tags\"?: string[] | undefined; readonly \"kibana.version\"?: string | undefined; readonly \"ecs.version\"?: string | undefined; readonly \"kibana.alert.risk_score\"?: number | undefined; readonly \"kibana.alert.rule.author\"?: string | undefined; readonly \"kibana.alert.rule.created_at\"?: string | undefined; readonly \"kibana.alert.rule.created_by\"?: string | undefined; readonly \"kibana.alert.rule.description\"?: string | undefined; readonly \"kibana.alert.rule.enabled\"?: string | undefined; readonly \"kibana.alert.rule.from\"?: string | undefined; readonly \"kibana.alert.rule.interval\"?: string | undefined; readonly \"kibana.alert.rule.license\"?: string | undefined; readonly \"kibana.alert.rule.note\"?: string | undefined; readonly \"kibana.alert.rule.references\"?: string[] | undefined; readonly \"kibana.alert.rule.rule_id\"?: string | undefined; readonly \"kibana.alert.rule.rule_name_override\"?: string | undefined; readonly \"kibana.alert.rule.to\"?: string | undefined; readonly \"kibana.alert.rule.type\"?: string | undefined; readonly \"kibana.alert.rule.updated_at\"?: string | undefined; readonly \"kibana.alert.rule.updated_by\"?: string | undefined; readonly \"kibana.alert.rule.version\"?: string | undefined; readonly \"kibana.alert.severity\"?: string | undefined; readonly \"kibana.alert.suppression.docs_count\"?: number | undefined; readonly \"kibana.alert.suppression.end\"?: string | undefined; readonly \"kibana.alert.suppression.start\"?: string | undefined; readonly \"kibana.alert.suppression.terms.field\"?: string[] | undefined; readonly \"kibana.alert.suppression.terms.value\"?: string[] | undefined; readonly \"kibana.alert.system_status\"?: string | undefined; readonly \"kibana.alert.workflow_reason\"?: string | undefined; readonly \"kibana.alert.workflow_status_updated_at\"?: string | undefined; readonly \"kibana.alert.workflow_user\"?: string | undefined; }"
         ],
         "path": "x-pack/plugins/rule_registry/common/parse_technical_fields.ts",
         "deprecated": false,
diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx
index f39c370de06fc..c198a170c584c 100644
--- a/api_docs/rule_registry.mdx
+++ b/api_docs/rule_registry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry
 title: "ruleRegistry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ruleRegistry plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry']
 ---
 import ruleRegistryObj from './rule_registry.devdocs.json';
diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx
index a046e09ac1206..370dea3505051 100644
--- a/api_docs/runtime_fields.mdx
+++ b/api_docs/runtime_fields.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields
 title: "runtimeFields"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the runtimeFields plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields']
 ---
 import runtimeFieldsObj from './runtime_fields.devdocs.json';
diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx
index 2b3aebccf8f44..0cab1b1bc831a 100644
--- a/api_docs/saved_objects.mdx
+++ b/api_docs/saved_objects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects
 title: "savedObjects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjects plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects']
 ---
 import savedObjectsObj from './saved_objects.devdocs.json';
diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx
index dfcabf012f816..05b325aba1952 100644
--- a/api_docs/saved_objects_finder.mdx
+++ b/api_docs/saved_objects_finder.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder
 title: "savedObjectsFinder"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsFinder plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder']
 ---
 import savedObjectsFinderObj from './saved_objects_finder.devdocs.json';
diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx
index a4b75fa8bf8af..30d315f4a96be 100644
--- a/api_docs/saved_objects_management.mdx
+++ b/api_docs/saved_objects_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement
 title: "savedObjectsManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsManagement plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement']
 ---
 import savedObjectsManagementObj from './saved_objects_management.devdocs.json';
diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx
index 997699a68579a..1d5ea5fc5f2ca 100644
--- a/api_docs/saved_objects_tagging.mdx
+++ b/api_docs/saved_objects_tagging.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging
 title: "savedObjectsTagging"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsTagging plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging']
 ---
 import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json';
diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx
index a353a4cff8bc9..e8ae9f00b82a7 100644
--- a/api_docs/saved_objects_tagging_oss.mdx
+++ b/api_docs/saved_objects_tagging_oss.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss
 title: "savedObjectsTaggingOss"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsTaggingOss plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss']
 ---
 import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json';
diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx
index 5fe795374d9fd..d10efc4c27372 100644
--- a/api_docs/saved_search.mdx
+++ b/api_docs/saved_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch
 title: "savedSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedSearch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch']
 ---
 import savedSearchObj from './saved_search.devdocs.json';
diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx
index 8b0e1bbb43838..a5b414e22f07b 100644
--- a/api_docs/screenshot_mode.mdx
+++ b/api_docs/screenshot_mode.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode
 title: "screenshotMode"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the screenshotMode plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode']
 ---
 import screenshotModeObj from './screenshot_mode.devdocs.json';
diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx
index f8503be8f380b..42e9f914559b4 100644
--- a/api_docs/screenshotting.mdx
+++ b/api_docs/screenshotting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting
 title: "screenshotting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the screenshotting plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting']
 ---
 import screenshottingObj from './screenshotting.devdocs.json';
diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx
index 45a03aa097976..f5d4c92fbf63b 100644
--- a/api_docs/search_connectors.mdx
+++ b/api_docs/search_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors
 title: "searchConnectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchConnectors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors']
 ---
 import searchConnectorsObj from './search_connectors.devdocs.json';
diff --git a/api_docs/search_homepage.devdocs.json b/api_docs/search_homepage.devdocs.json
new file mode 100644
index 0000000000000..38fef344fc7b4
--- /dev/null
+++ b/api_docs/search_homepage.devdocs.json
@@ -0,0 +1,312 @@
+{
+  "id": "searchHomepage",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [
+      {
+        "parentPluginId": "searchHomepage",
+        "id": "def-public.SearchHomepageAppInfo",
+        "type": "Interface",
+        "tags": [],
+        "label": "SearchHomepageAppInfo",
+        "description": [],
+        "path": "x-pack/plugins/search_homepage/public/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "searchHomepage",
+            "id": "def-public.SearchHomepageAppInfo.appRoute",
+            "type": "string",
+            "tags": [],
+            "label": "appRoute",
+            "description": [],
+            "path": "x-pack/plugins/search_homepage/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "searchHomepage",
+            "id": "def-public.SearchHomepageAppInfo.id",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "path": "x-pack/plugins/search_homepage/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "searchHomepage",
+            "id": "def-public.SearchHomepageAppInfo.title",
+            "type": "string",
+            "tags": [],
+            "label": "title",
+            "description": [],
+            "path": "x-pack/plugins/search_homepage/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "enums": [],
+    "misc": [],
+    "objects": [],
+    "setup": {
+      "parentPluginId": "searchHomepage",
+      "id": "def-public.SearchHomepagePluginSetup",
+      "type": "Interface",
+      "tags": [],
+      "label": "SearchHomepagePluginSetup",
+      "description": [],
+      "path": "x-pack/plugins/search_homepage/public/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [
+        {
+          "parentPluginId": "searchHomepage",
+          "id": "def-public.SearchHomepagePluginSetup.app",
+          "type": "Object",
+          "tags": [],
+          "label": "app",
+          "description": [
+            "\nSearch Homepage shared information for the Kibana application.\nUsed to ensure the stack and serverless apps have the same route\nand deep links."
+          ],
+          "signature": [
+            {
+              "pluginId": "searchHomepage",
+              "scope": "public",
+              "docId": "kibSearchHomepagePluginApi",
+              "section": "def-public.SearchHomepageAppInfo",
+              "text": "SearchHomepageAppInfo"
+            }
+          ],
+          "path": "x-pack/plugins/search_homepage/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false
+        },
+        {
+          "parentPluginId": "searchHomepage",
+          "id": "def-public.SearchHomepagePluginSetup.isHomepageFeatureEnabled",
+          "type": "Function",
+          "tags": [],
+          "label": "isHomepageFeatureEnabled",
+          "description": [
+            "\nChecks if the Search Homepage feature flag is currently enabled."
+          ],
+          "signature": [
+            "() => boolean"
+          ],
+          "path": "x-pack/plugins/search_homepage/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false,
+          "children": [],
+          "returnComment": [
+            "true if Search Homepage feature is enabled"
+          ]
+        }
+      ],
+      "lifecycle": "setup",
+      "initialIsOpen": true
+    },
+    "start": {
+      "parentPluginId": "searchHomepage",
+      "id": "def-public.SearchHomepagePluginStart",
+      "type": "Interface",
+      "tags": [],
+      "label": "SearchHomepagePluginStart",
+      "description": [],
+      "path": "x-pack/plugins/search_homepage/public/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [
+        {
+          "parentPluginId": "searchHomepage",
+          "id": "def-public.SearchHomepagePluginStart.app",
+          "type": "Object",
+          "tags": [],
+          "label": "app",
+          "description": [
+            "\nSearch Homepage shared information for the Kibana application.\nUsed to ensure the stack and serverless apps have the same route\nand deep links."
+          ],
+          "signature": [
+            {
+              "pluginId": "searchHomepage",
+              "scope": "public",
+              "docId": "kibSearchHomepagePluginApi",
+              "section": "def-public.SearchHomepageAppInfo",
+              "text": "SearchHomepageAppInfo"
+            }
+          ],
+          "path": "x-pack/plugins/search_homepage/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false
+        },
+        {
+          "parentPluginId": "searchHomepage",
+          "id": "def-public.SearchHomepagePluginStart.isHomepageFeatureEnabled",
+          "type": "Function",
+          "tags": [],
+          "label": "isHomepageFeatureEnabled",
+          "description": [
+            "\nChecks if the Search Homepage feature flag is currently enabled."
+          ],
+          "signature": [
+            "() => boolean"
+          ],
+          "path": "x-pack/plugins/search_homepage/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false,
+          "children": [],
+          "returnComment": [
+            "true if Search Homepage feature is enabled"
+          ]
+        },
+        {
+          "parentPluginId": "searchHomepage",
+          "id": "def-public.SearchHomepagePluginStart.SearchHomepage",
+          "type": "Function",
+          "tags": [],
+          "label": "SearchHomepage",
+          "description": [
+            "\nSearchHomepage shared component, used to render the search homepage in\nthe Stack search plugin"
+          ],
+          "signature": [
+            "React.FunctionComponent<{ children?: React.ReactNode; }>"
+          ],
+          "path": "x-pack/plugins/search_homepage/public/types.ts",
+          "deprecated": false,
+          "trackAdoption": false,
+          "returnComment": [],
+          "children": [
+            {
+              "parentPluginId": "searchHomepage",
+              "id": "def-public.SearchHomepagePluginStart.SearchHomepage.$1",
+              "type": "CompoundType",
+              "tags": [],
+              "label": "props",
+              "description": [],
+              "signature": [
+                "P & { children?: React.ReactNode; }"
+              ],
+              "path": "node_modules/@types/react/index.d.ts",
+              "deprecated": false,
+              "trackAdoption": false
+            },
+            {
+              "parentPluginId": "searchHomepage",
+              "id": "def-public.SearchHomepagePluginStart.SearchHomepage.$2",
+              "type": "Any",
+              "tags": [],
+              "label": "context",
+              "description": [],
+              "signature": [
+                "any"
+              ],
+              "path": "node_modules/@types/react/index.d.ts",
+              "deprecated": false,
+              "trackAdoption": false
+            }
+          ]
+        }
+      ],
+      "lifecycle": "start",
+      "initialIsOpen": true
+    }
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": [],
+    "setup": {
+      "parentPluginId": "searchHomepage",
+      "id": "def-server.SearchHomepagePluginSetup",
+      "type": "Interface",
+      "tags": [],
+      "label": "SearchHomepagePluginSetup",
+      "description": [],
+      "path": "x-pack/plugins/search_homepage/server/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [],
+      "lifecycle": "setup",
+      "initialIsOpen": true
+    },
+    "start": {
+      "parentPluginId": "searchHomepage",
+      "id": "def-server.SearchHomepagePluginStart",
+      "type": "Interface",
+      "tags": [],
+      "label": "SearchHomepagePluginStart",
+      "description": [],
+      "path": "x-pack/plugins/search_homepage/server/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [],
+      "lifecycle": "start",
+      "initialIsOpen": true
+    }
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "searchHomepage",
+        "id": "def-common.HOMEPAGE_FEATURE_FLAG_ID",
+        "type": "string",
+        "tags": [],
+        "label": "HOMEPAGE_FEATURE_FLAG_ID",
+        "description": [
+          "\nUI Setting id for the Search Homepage feature flag"
+        ],
+        "signature": [
+          "\"searchHomepage:homepageEnabled\""
+        ],
+        "path": "x-pack/plugins/search_homepage/common/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "searchHomepage",
+        "id": "def-common.PLUGIN_ID",
+        "type": "string",
+        "tags": [],
+        "label": "PLUGIN_ID",
+        "description": [],
+        "signature": [
+          "\"searchHomepage\""
+        ],
+        "path": "x-pack/plugins/search_homepage/common/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "searchHomepage",
+        "id": "def-common.PLUGIN_NAME",
+        "type": "string",
+        "tags": [],
+        "label": "PLUGIN_NAME",
+        "description": [],
+        "signature": [
+          "\"searchHomepage\""
+        ],
+        "path": "x-pack/plugins/search_homepage/common/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx
new file mode 100644
index 0000000000000..e873770e1fec9
--- /dev/null
+++ b/api_docs/search_homepage.mdx
@@ -0,0 +1,49 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibSearchHomepagePluginApi
+slug: /kibana-dev-docs/api/searchHomepage
+title: "searchHomepage"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the searchHomepage plugin
+date: 2024-07-01
+tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage']
+---
+import searchHomepageObj from './search_homepage.devdocs.json';
+
+
+
+Contact [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 18 | 0 | 10 | 0 |
+
+## Client
+
+### Setup
+<DocDefinitionList data={[searchHomepageObj.client.setup]}/>
+
+### Start
+<DocDefinitionList data={[searchHomepageObj.client.start]}/>
+
+### Interfaces
+<DocDefinitionList data={searchHomepageObj.client.interfaces}/>
+
+## Server
+
+### Setup
+<DocDefinitionList data={[searchHomepageObj.server.setup]}/>
+
+### Start
+<DocDefinitionList data={[searchHomepageObj.server.start]}/>
+
+## Common
+
+### Consts, variables and types
+<DocDefinitionList data={searchHomepageObj.common.misc}/>
+
diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx
index 960e4e7e48960..607ce948ed198 100644
--- a/api_docs/search_inference_endpoints.mdx
+++ b/api_docs/search_inference_endpoints.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints
 title: "searchInferenceEndpoints"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchInferenceEndpoints plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints']
 ---
 import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json';
diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx
index 470c28d2868b4..c4533fcb3466d 100644
--- a/api_docs/search_notebooks.mdx
+++ b/api_docs/search_notebooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks
 title: "searchNotebooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchNotebooks plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks']
 ---
 import searchNotebooksObj from './search_notebooks.devdocs.json';
diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx
index 1f957baa893ee..f721339bac5c7 100644
--- a/api_docs/search_playground.mdx
+++ b/api_docs/search_playground.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground
 title: "searchPlayground"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchPlayground plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground']
 ---
 import searchPlaygroundObj from './search_playground.devdocs.json';
diff --git a/api_docs/security.devdocs.json b/api_docs/security.devdocs.json
index f43fe4bd96a09..35017305bdb8a 100644
--- a/api_docs/security.devdocs.json
+++ b/api_docs/security.devdocs.json
@@ -1255,16 +1255,7 @@
           "path": "x-pack/packages/security/plugin_types_public/src/plugin.ts",
           "deprecated": true,
           "trackAdoption": false,
-          "references": [
-            {
-              "plugin": "dataVisualizer",
-              "path": "x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx"
-            },
-            {
-              "plugin": "dataVisualizer",
-              "path": "x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts"
-            }
-          ]
+          "references": []
         },
         {
           "parentPluginId": "security",
@@ -5304,10 +5295,6 @@
               "plugin": "actions",
               "path": "x-pack/plugins/actions/server/plugin.ts"
             },
-            {
-              "plugin": "data",
-              "path": "src/plugins/data/server/search/session/session_service.ts"
-            },
             {
               "plugin": "ml",
               "path": "x-pack/plugins/ml/server/routes/annotations.ts"
@@ -5483,14 +5470,6 @@
               "plugin": "alerting",
               "path": "x-pack/plugins/alerting/server/plugin.ts"
             },
-            {
-              "plugin": "files",
-              "path": "src/plugins/files/server/routes/file_kind/create.ts"
-            },
-            {
-              "plugin": "cases",
-              "path": "x-pack/plugins/cases/server/client/factory.ts"
-            },
             {
               "plugin": "observabilityAIAssistant",
               "path": "x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts"
@@ -5499,70 +5478,10 @@
               "plugin": "fleet",
               "path": "x-pack/plugins/fleet/server/services/api_keys/security.ts"
             },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/services/security/security.ts"
-            },
             {
               "plugin": "fleet",
               "path": "x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts"
             },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/epm/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-            },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/package_policy/handlers.ts"
-            },
             {
               "plugin": "fleet",
               "path": "x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts"
@@ -5571,10 +5490,6 @@
               "plugin": "fleet",
               "path": "x-pack/plugins/fleet/server/routes/setup/handlers.ts"
             },
-            {
-              "plugin": "fleet",
-              "path": "x-pack/plugins/fleet/server/routes/settings/index.ts"
-            },
             {
               "plugin": "cloudDefend",
               "path": "x-pack/plugins/cloud_defend/server/routes/setup_routes.ts"
@@ -5583,10 +5498,6 @@
               "plugin": "cloudSecurityPosture",
               "path": "x-pack/plugins/cloud_security_posture/server/routes/setup_routes.ts"
             },
-            {
-              "plugin": "elasticAssistant",
-              "path": "x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts"
-            },
             {
               "plugin": "enterpriseSearch",
               "path": "x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts"
@@ -5599,30 +5510,6 @@
               "plugin": "lists",
               "path": "x-pack/plugins/lists/server/get_user.ts"
             },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts"
-            },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts"
-            },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts"
-            },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts"
-            },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts"
-            },
-            {
-              "plugin": "osquery",
-              "path": "x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts"
-            },
             {
               "plugin": "securitySolution",
               "path": "x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts"
@@ -5647,10 +5534,6 @@
               "plugin": "securitySolution",
               "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts"
             },
-            {
-              "plugin": "reporting",
-              "path": "x-pack/plugins/reporting/server/routes/common/get_user.ts"
-            },
             {
               "plugin": "serverlessSearch",
               "path": "x-pack/plugins/serverless_search/server/routes/api_key_routes.ts"
@@ -5683,6 +5566,30 @@
               "plugin": "apm",
               "path": "x-pack/plugins/observability_solution/apm/server/routes/fleet/is_superuser.ts"
             },
+            {
+              "plugin": "entityManager",
+              "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+            },
+            {
+              "plugin": "entityManager",
+              "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+            },
+            {
+              "plugin": "entityManager",
+              "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts"
+            },
+            {
+              "plugin": "entityManager",
+              "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts"
+            },
+            {
+              "plugin": "entityManager",
+              "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts"
+            },
+            {
+              "plugin": "observabilityOnboarding",
+              "path": "x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts"
+            },
             {
               "plugin": "synthetics",
               "path": "x-pack/plugins/observability_solution/synthetics/server/synthetics_service/get_api_key.ts"
@@ -6599,47 +6506,6 @@
         ],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "security",
-        "id": "def-common.RestApiKey",
-        "type": "Interface",
-        "tags": [],
-        "label": "RestApiKey",
-        "description": [
-          "\nInterface representing a REST API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated."
-        ],
-        "signature": [
-          {
-            "pluginId": "security",
-            "scope": "common",
-            "docId": "kibSecurityPluginApi",
-            "section": "def-common.RestApiKey",
-            "text": "RestApiKey"
-          },
-          " extends ",
-          "BaseApiKey"
-        ],
-        "path": "x-pack/plugins/security/common/model/api_key.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "security",
-            "id": "def-common.RestApiKey.type",
-            "type": "string",
-            "tags": [],
-            "label": "type",
-            "description": [],
-            "signature": [
-              "\"rest\""
-            ],
-            "path": "x-pack/plugins/security/common/model/api_key.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "security",
         "id": "def-common.Role",
@@ -7956,31 +7822,6 @@
     ],
     "enums": [],
     "misc": [
-      {
-        "parentPluginId": "security",
-        "id": "def-common.ApiKey",
-        "type": "Type",
-        "tags": [],
-        "label": "ApiKey",
-        "description": [
-          "\nInterface representing an API key the way it is returned by Elasticsearch GET endpoint."
-        ],
-        "signature": [
-          {
-            "pluginId": "security",
-            "scope": "common",
-            "docId": "kibSecurityPluginApi",
-            "section": "def-common.RestApiKey",
-            "text": "RestApiKey"
-          },
-          " | ",
-          "CrossClusterApiKey"
-        ],
-        "path": "x-pack/plugins/security/common/model/api_key.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "security",
         "id": "def-common.LoginLayout",
diff --git a/api_docs/security.mdx b/api_docs/security.mdx
index ad7fdca6c19f6..652f77ed50717 100644
--- a/api_docs/security.mdx
+++ b/api_docs/security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security
 title: "security"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the security plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security']
 ---
 import securityObj from './security.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 414 | 0 | 205 | 3 |
+| 411 | 0 | 204 | 1 |
 
 ## Client
 
diff --git a/api_docs/security_solution.devdocs.json b/api_docs/security_solution.devdocs.json
index 659f8ee587527..053f30a5fd66f 100644
--- a/api_docs/security_solution.devdocs.json
+++ b/api_docs/security_solution.devdocs.json
@@ -390,7 +390,7 @@
             "label": "data",
             "description": [],
             "signature": [
-              "({ id: string; type: \"eql\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"eql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; data_view_id?: string | undefined; filters?: unknown[] | undefined; event_category_override?: string | undefined; tiebreaker_field?: string | undefined; timestamp_field?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"query\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"saved_query\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; saved_id: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; query?: string | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"threshold\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threshold: { value: number; field: (string | string[]) & (string | string[] | undefined); cardinality?: { value: number; field: string; }[] | undefined; }; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { duration: { value: number; unit: \"m\" | \"h\" | \"s\"; }; } | undefined; saved_id?: string | undefined; } | { id: string; type: \"threat_match\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threat_query: string; threat_mapping: { entries: { value: string; type: \"mapping\"; field: string; }[]; }[]; threat_index: string[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; threat_filters?: unknown[] | undefined; threat_indicator_path?: string | undefined; threat_language?: \"lucene\" | \"kuery\" | undefined; concurrent_searches?: number | undefined; items_per_search?: number | undefined; } | { id: string; type: \"machine_learning\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; anomaly_threshold: number; machine_learning_job_id: (string | string[]) & (string | string[] | undefined); meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; } | { id: string; type: \"new_terms\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; new_terms_fields: string[]; history_window_start: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"esql\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"esql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; })[]"
+              "({ id: string; type: \"eql\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"eql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; data_view_id?: string | undefined; filters?: unknown[] | undefined; event_category_override?: string | undefined; tiebreaker_field?: string | undefined; timestamp_field?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"query\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"saved_query\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; saved_id: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; query?: string | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional<Zod.ZodString>; value: Zod.ZodOptional<Zod.ZodUnion<[Zod.ZodString, Zod.ZodArray<Zod.ZodString, \"many\">]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"threshold\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threshold: { value: number; field: (string | string[]) & (string | string[] | undefined); cardinality?: { value: number; field: string; }[] | undefined; }; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { duration: { value: number; unit: \"m\" | \"h\" | \"s\"; }; } | undefined; saved_id?: string | undefined; } | { id: string; type: \"threat_match\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threat_query: string; threat_mapping: { entries: { value: string; type: \"mapping\"; field: string; }[]; }[]; threat_index: string[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; threat_filters?: unknown[] | undefined; threat_indicator_path?: string | undefined; threat_language?: \"lucene\" | \"kuery\" | undefined; concurrent_searches?: number | undefined; items_per_search?: number | undefined; } | { id: string; type: \"machine_learning\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; anomaly_threshold: number; machine_learning_job_id: (string | string[]) & (string | string[] | undefined); meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; } | { id: string; type: \"new_terms\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; new_terms_fields: string[]; history_window_start: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"esql\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"esql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; })[]"
             ],
             "path": "x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/types.ts",
             "deprecated": false,
@@ -485,7 +485,7 @@
               "\nExperimental flag needed to enable the link"
             ],
             "signature": [
-              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"agentStatusClientEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"notesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined"
+              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined"
             ],
             "path": "x-pack/plugins/security_solution/public/common/links/types.ts",
             "deprecated": false,
@@ -565,7 +565,7 @@
               "\nExperimental flag needed to disable the link. Opposite of experimentalKey"
             ],
             "signature": [
-              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"agentStatusClientEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"notesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined"
+              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined"
             ],
             "path": "x-pack/plugins/security_solution/public/common/links/types.ts",
             "deprecated": false,
@@ -1964,7 +1964,7 @@
           "label": "experimentalFeatures",
           "description": [],
           "signature": [
-            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
+            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
           ],
           "path": "x-pack/plugins/security_solution/public/types.ts",
           "deprecated": false,
@@ -3071,7 +3071,7 @@
             "\nThe security solution generic experimental features"
           ],
           "signature": [
-            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
+            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
           ],
           "path": "x-pack/plugins/security_solution/server/plugin_contract.ts",
           "deprecated": false,
@@ -3247,7 +3247,7 @@
         "label": "ExperimentalFeatures",
         "description": [],
         "signature": [
-          "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
+          "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }"
         ],
         "path": "x-pack/plugins/security_solution/common/experimental_features.ts",
         "deprecated": false,
@@ -3313,7 +3313,7 @@
           "\nA list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.\nThis object is then used to validate and parse the value entered."
         ],
         "signature": [
-          "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionsEnabled: true; readonly endpointResponseActionsEnabled: true; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: false; readonly agentStatusClientEnabled: false; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: false; readonly responseActionScanEnabled: false; readonly alertsPageChartsEnabled: true; readonly alertTypeEnabled: false; readonly expandableFlyoutDisabled: false; readonly notesEnabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly alertSuppressionForEsqlRuleEnabled: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: false; readonly jamfDataInAnalyzerEnabled: false; readonly jsonPrebuiltRulesDiffingEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineEnabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly perFieldPrebuiltRulesDiffingEnabled: true; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: false; readonly aiAssistantFlyoutMode: true; readonly valueListItemsModalEnabled: true; readonly bulkCustomHighlightedFieldsEnabled: false; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: false; }"
+          "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionsEnabled: true; readonly endpointResponseActionsEnabled: true; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly responseActionScanEnabled: false; readonly alertsPageChartsEnabled: true; readonly alertTypeEnabled: false; readonly expandableFlyoutDisabled: false; readonly securitySolutionNotesEnabled: false; readonly entityAlertPreviewEnabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly alertSuppressionForEsqlRuleEnabled: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly jamfDataInAnalyzerEnabled: false; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineEnabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: false; readonly aiAssistantFlyoutMode: true; readonly valueListItemsModalEnabled: true; readonly bulkCustomHighlightedFieldsEnabled: false; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: false; }"
         ],
         "path": "x-pack/plugins/security_solution/common/experimental_features.ts",
         "deprecated": false,
diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx
index 10fb34dfcd75a..ab4c6424e8e24 100644
--- a/api_docs/security_solution.mdx
+++ b/api_docs/security_solution.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution
 title: "securitySolution"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolution plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution']
 ---
 import securitySolutionObj from './security_solution.devdocs.json';
diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx
index c96d7a20b5e9f..3b6aa069055a5 100644
--- a/api_docs/security_solution_ess.mdx
+++ b/api_docs/security_solution_ess.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss
 title: "securitySolutionEss"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolutionEss plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss']
 ---
 import securitySolutionEssObj from './security_solution_ess.devdocs.json';
diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx
index 7acea530f5fc5..a37423119a556 100644
--- a/api_docs/security_solution_serverless.mdx
+++ b/api_docs/security_solution_serverless.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless
 title: "securitySolutionServerless"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolutionServerless plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless']
 ---
 import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json';
diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx
index 1eb61bcf6de72..f67451db51ca8 100644
--- a/api_docs/serverless.mdx
+++ b/api_docs/serverless.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless
 title: "serverless"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverless plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless']
 ---
 import serverlessObj from './serverless.devdocs.json';
diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx
index c403796a2f280..be29967c889fe 100644
--- a/api_docs/serverless_observability.mdx
+++ b/api_docs/serverless_observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability
 title: "serverlessObservability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverlessObservability plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability']
 ---
 import serverlessObservabilityObj from './serverless_observability.devdocs.json';
diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx
index c882d39ee8c64..c191541c27396 100644
--- a/api_docs/serverless_search.mdx
+++ b/api_docs/serverless_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch
 title: "serverlessSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverlessSearch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch']
 ---
 import serverlessSearchObj from './serverless_search.devdocs.json';
diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx
index 39e2308ac3b35..a5e379035d677 100644
--- a/api_docs/session_view.mdx
+++ b/api_docs/session_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView
 title: "sessionView"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the sessionView plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView']
 ---
 import sessionViewObj from './session_view.devdocs.json';
diff --git a/api_docs/share.mdx b/api_docs/share.mdx
index 0955b3e6997b2..7722bfd2df82d 100644
--- a/api_docs/share.mdx
+++ b/api_docs/share.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share
 title: "share"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the share plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share']
 ---
 import shareObj from './share.devdocs.json';
diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx
index 8bb7ffb38c2ea..58b76396f7ca8 100644
--- a/api_docs/slo.mdx
+++ b/api_docs/slo.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo
 title: "slo"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the slo plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo']
 ---
 import sloObj from './slo.devdocs.json';
diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx
index 359079def7dbc..4ab0efa209631 100644
--- a/api_docs/snapshot_restore.mdx
+++ b/api_docs/snapshot_restore.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore
 title: "snapshotRestore"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the snapshotRestore plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore']
 ---
 import snapshotRestoreObj from './snapshot_restore.devdocs.json';
diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx
index 385368b87f654..d71d47471b295 100644
--- a/api_docs/spaces.mdx
+++ b/api_docs/spaces.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces
 title: "spaces"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the spaces plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces']
 ---
 import spacesObj from './spaces.devdocs.json';
diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx
index 3314b5bb8aa63..97220a485cde0 100644
--- a/api_docs/stack_alerts.mdx
+++ b/api_docs/stack_alerts.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts
 title: "stackAlerts"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the stackAlerts plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts']
 ---
 import stackAlertsObj from './stack_alerts.devdocs.json';
diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx
index 086640353d71c..15fe7114a82e0 100644
--- a/api_docs/stack_connectors.mdx
+++ b/api_docs/stack_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors
 title: "stackConnectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the stackConnectors plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors']
 ---
 import stackConnectorsObj from './stack_connectors.devdocs.json';
diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx
index 03645e34e324d..44fa9dad02866 100644
--- a/api_docs/task_manager.mdx
+++ b/api_docs/task_manager.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager
 title: "taskManager"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the taskManager plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager']
 ---
 import taskManagerObj from './task_manager.devdocs.json';
diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx
index 2c751b121ed49..1eea3dc772fde 100644
--- a/api_docs/telemetry.mdx
+++ b/api_docs/telemetry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry
 title: "telemetry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetry plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry']
 ---
 import telemetryObj from './telemetry.devdocs.json';
diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx
index 51d70a87ff4b4..69db22173e167 100644
--- a/api_docs/telemetry_collection_manager.mdx
+++ b/api_docs/telemetry_collection_manager.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager
 title: "telemetryCollectionManager"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetryCollectionManager plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager']
 ---
 import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json';
diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx
index 176820c472d6f..e62824d2b2c86 100644
--- a/api_docs/telemetry_collection_xpack.mdx
+++ b/api_docs/telemetry_collection_xpack.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack
 title: "telemetryCollectionXpack"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetryCollectionXpack plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack']
 ---
 import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json';
diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx
index ce2e6eb5c50d8..7d1f7da9801be 100644
--- a/api_docs/telemetry_management_section.mdx
+++ b/api_docs/telemetry_management_section.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection
 title: "telemetryManagementSection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetryManagementSection plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection']
 ---
 import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json';
diff --git a/api_docs/text_based_languages.mdx b/api_docs/text_based_languages.mdx
index 7426e2bcc3ed3..515a3980cc868 100644
--- a/api_docs/text_based_languages.mdx
+++ b/api_docs/text_based_languages.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/textBasedLanguages
 title: "textBasedLanguages"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the textBasedLanguages plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'textBasedLanguages']
 ---
 import textBasedLanguagesObj from './text_based_languages.devdocs.json';
diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx
index 5e6c067200b75..00b42a6e147b3 100644
--- a/api_docs/threat_intelligence.mdx
+++ b/api_docs/threat_intelligence.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence
 title: "threatIntelligence"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the threatIntelligence plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence']
 ---
 import threatIntelligenceObj from './threat_intelligence.devdocs.json';
diff --git a/api_docs/timelines.devdocs.json b/api_docs/timelines.devdocs.json
index 781b3110679a8..c978c041d986f 100644
--- a/api_docs/timelines.devdocs.json
+++ b/api_docs/timelines.devdocs.json
@@ -1510,11 +1510,7 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx"
-          },
-          {
-            "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx"
           },
           {
             "plugin": "securitySolution",
@@ -1598,19 +1594,19 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx"
           },
           {
             "plugin": "securitySolution",
@@ -1622,11 +1618,11 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts"
           },
           {
             "plugin": "securitySolution",
@@ -1689,45 +1685,6 @@
             "deprecated": false,
             "trackAdoption": false
           },
-          {
-            "parentPluginId": "timelines",
-            "id": "def-common.BrowserField.category",
-            "type": "string",
-            "tags": [],
-            "label": "category",
-            "description": [],
-            "path": "x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "timelines",
-            "id": "def-common.BrowserField.description",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "description",
-            "description": [],
-            "signature": [
-              "string | null"
-            ],
-            "path": "x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "timelines",
-            "id": "def-common.BrowserField.example",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "example",
-            "description": [],
-            "signature": [
-              "string | number | null"
-            ],
-            "path": "x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
           {
             "parentPluginId": "timelines",
             "id": "def-common.BrowserField.fields",
@@ -4058,14 +4015,6 @@
             "plugin": "securitySolution",
             "path": "x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts"
           },
-          {
-            "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx"
-          },
-          {
-            "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx"
-          },
           {
             "plugin": "securitySolution",
             "path": "x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx"
@@ -4224,79 +4173,79 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/query_bar/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/query_bar/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/index.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/index.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_badge.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_badge.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/helpers.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/edit_data_provider/index.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.ts"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_actions.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_badge.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/provider_item_badge.tsx"
+            "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx"
           },
           {
             "plugin": "securitySolution",
@@ -4304,19 +4253,19 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx"
+            "path": "x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/query_bar/index.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
+            "path": "x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/query_bar/index.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/index.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx"
+            "path": "x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/index.tsx"
           },
           {
             "plugin": "securitySolution",
@@ -4444,19 +4393,11 @@
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx"
-          },
-          {
-            "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx"
-          },
-          {
-            "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx"
+            "path": "x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx"
           },
           {
             "plugin": "securitySolution",
-            "path": "x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx"
+            "path": "x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx"
           },
           {
             "plugin": "securitySolution",
diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx
index 0fbca32935a9a..33373dd4691e5 100644
--- a/api_docs/timelines.mdx
+++ b/api_docs/timelines.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines
 title: "timelines"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the timelines plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines']
 ---
 import timelinesObj from './timelines.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-threat-hunting-investigations](https://github.com/org
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 242 | 1 | 198 | 17 |
+| 239 | 1 | 195 | 17 |
 
 ## Client
 
diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx
index c283e9cbb1940..7fee997d41f96 100644
--- a/api_docs/transform.mdx
+++ b/api_docs/transform.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform
 title: "transform"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the transform plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform']
 ---
 import transformObj from './transform.devdocs.json';
diff --git a/api_docs/triggers_actions_ui.devdocs.json b/api_docs/triggers_actions_ui.devdocs.json
index f2d0b86703d56..e8e1b4e820781 100644
--- a/api_docs/triggers_actions_ui.devdocs.json
+++ b/api_docs/triggers_actions_ui.devdocs.json
@@ -8101,7 +8101,9 @@
             },
             " | undefined; onUpdate?: ((args: ",
             "TableUpdateHandlerArgs",
-            ") => void) | undefined; onLoaded?: (() => void) | undefined; runtimeMappings?: ",
+            ") => void) | undefined; onLoaded?: ((alerts: ",
+            "Alerts",
+            ") => void) | undefined; runtimeMappings?: ",
             "MappingRuntimeFields",
             " | undefined; showAlertStatusWithFlapping?: boolean | undefined; toolbarVisibility?: ",
             "EuiDataGridToolBarVisibilityOptions",
@@ -8159,7 +8161,9 @@
                 },
                 " | undefined; onUpdate?: ((args: ",
                 "TableUpdateHandlerArgs",
-                ") => void) | undefined; onLoaded?: (() => void) | undefined; runtimeMappings?: ",
+                ") => void) | undefined; onLoaded?: ((alerts: ",
+                "Alerts",
+                ") => void) | undefined; runtimeMappings?: ",
                 "MappingRuntimeFields",
                 " | undefined; showAlertStatusWithFlapping?: boolean | undefined; toolbarVisibility?: ",
                 "EuiDataGridToolBarVisibilityOptions",
diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx
index 947d503130b72..ea2a7b62cf454 100644
--- a/api_docs/triggers_actions_ui.mdx
+++ b/api_docs/triggers_actions_ui.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi
 title: "triggersActionsUi"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the triggersActionsUi plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi']
 ---
 import triggersActionsUiObj from './triggers_actions_ui.devdocs.json';
diff --git a/api_docs/ui_actions.devdocs.json b/api_docs/ui_actions.devdocs.json
index bde897ec629f1..97adea8b4a331 100644
--- a/api_docs/ui_actions.devdocs.json
+++ b/api_docs/ui_actions.devdocs.json
@@ -2188,6 +2188,49 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "uiActions",
+        "id": "def-public.PresentableGroup",
+        "type": "Interface",
+        "tags": [],
+        "label": "PresentableGroup",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/ui-actions-browser",
+            "scope": "common",
+            "docId": "kibKbnUiActionsBrowserPluginApi",
+            "section": "def-common.PresentableGroup",
+            "text": "PresentableGroup"
+          },
+          "<Context> extends Partial<Pick<",
+          {
+            "pluginId": "@kbn/ui-actions-browser",
+            "scope": "common",
+            "docId": "kibKbnUiActionsBrowserPluginApi",
+            "section": "def-common.Presentable",
+            "text": "Presentable"
+          },
+          "<Context>, \"order\" | \"getDisplayName\" | \"getIconType\" | \"getDisplayNameTooltip\">>"
+        ],
+        "path": "packages/kbn-ui-actions-browser/src/types/presentable.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "uiActions",
+            "id": "def-public.PresentableGroup.id",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "path": "packages/kbn-ui-actions-browser/src/types/presentable.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "uiActions",
         "id": "def-public.Trigger",
@@ -2547,6 +2590,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "uiActions",
+        "id": "def-public.ADD_PANEL_TRIGGER",
+        "type": "string",
+        "tags": [],
+        "label": "ADD_PANEL_TRIGGER",
+        "description": [],
+        "signature": [
+          "\"ADD_PANEL_TRIGGER\""
+        ],
+        "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "uiActions",
         "id": "def-public.FrequentCompatibilityChangeAction",
@@ -2677,6 +2735,53 @@
       }
     ],
     "objects": [
+      {
+        "parentPluginId": "uiActions",
+        "id": "def-public.addPanelMenuTrigger",
+        "type": "Object",
+        "tags": [],
+        "label": "addPanelMenuTrigger",
+        "description": [],
+        "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "uiActions",
+            "id": "def-public.addPanelMenuTrigger.id",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "uiActions",
+            "id": "def-public.addPanelMenuTrigger.title",
+            "type": "string",
+            "tags": [],
+            "label": "title",
+            "description": [],
+            "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "uiActions",
+            "id": "def-public.addPanelMenuTrigger.description",
+            "type": "string",
+            "tags": [],
+            "label": "description",
+            "description": [],
+            "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "uiActions",
         "id": "def-public.rowClickTrigger",
diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx
index 9927f905c3232..a6d12caec1ff2 100644
--- a/api_docs/ui_actions.mdx
+++ b/api_docs/ui_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions
 title: "uiActions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uiActions plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions']
 ---
 import uiActionsObj from './ui_actions.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 149 | 0 | 103 | 9 |
+| 156 | 0 | 110 | 9 |
 
 ## Client
 
diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx
index f0c965a6d86fd..36bf49e420a2e 100644
--- a/api_docs/ui_actions_enhanced.mdx
+++ b/api_docs/ui_actions_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced
 title: "uiActionsEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uiActionsEnhanced plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced']
 ---
 import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json';
diff --git a/api_docs/unified_doc_viewer.devdocs.json b/api_docs/unified_doc_viewer.devdocs.json
index 0906c32e85ebd..76a3e2a3d32ff 100644
--- a/api_docs/unified_doc_viewer.devdocs.json
+++ b/api_docs/unified_doc_viewer.devdocs.json
@@ -65,7 +65,7 @@
           },
           " & React.RefAttributes<{}>>"
         ],
-        "path": "src/plugins/unified_doc_viewer/public/index.tsx",
+        "path": "src/plugins/unified_doc_viewer/public/components/lazy_doc_viewer.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "returnComment": [],
@@ -87,6 +87,48 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "unifiedDocViewer",
+        "id": "def-public.UnifiedDocViewerFlyout",
+        "type": "Function",
+        "tags": [],
+        "label": "UnifiedDocViewerFlyout",
+        "description": [],
+        "signature": [
+          "React.ForwardRefExoticComponent<",
+          "UnifiedDocViewerFlyoutProps",
+          " & ",
+          {
+            "pluginId": "@kbn/shared-ux-utility",
+            "scope": "common",
+            "docId": "kibKbnSharedUxUtilityPluginApi",
+            "section": "def-common.WithSuspenseExtendedDeps",
+            "text": "WithSuspenseExtendedDeps"
+          },
+          " & React.RefAttributes<{}>>"
+        ],
+        "path": "src/plugins/unified_doc_viewer/public/components/lazy_doc_viewer_flyout.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [
+          {
+            "parentPluginId": "unifiedDocViewer",
+            "id": "def-public.UnifiedDocViewerFlyout.$1",
+            "type": "Uncategorized",
+            "tags": [],
+            "label": "props",
+            "description": [],
+            "signature": [
+              "P"
+            ],
+            "path": "node_modules/@types/react/index.d.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "unifiedDocViewer",
         "id": "def-public.useEsDocSearch",
diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx
index 797100653e885..93ed273ad78ef 100644
--- a/api_docs/unified_doc_viewer.mdx
+++ b/api_docs/unified_doc_viewer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer
 title: "unifiedDocViewer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedDocViewer plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer']
 ---
 import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 10 | 0 | 7 | 2 |
+| 12 | 0 | 8 | 3 |
 
 ## Client
 
diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx
index 673a04e07caa2..0df8fd8154544 100644
--- a/api_docs/unified_histogram.mdx
+++ b/api_docs/unified_histogram.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram
 title: "unifiedHistogram"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedHistogram plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram']
 ---
 import unifiedHistogramObj from './unified_histogram.devdocs.json';
diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx
index da150ddd187d5..6c5182fb708c1 100644
--- a/api_docs/unified_search.mdx
+++ b/api_docs/unified_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch
 title: "unifiedSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedSearch plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch']
 ---
 import unifiedSearchObj from './unified_search.devdocs.json';
diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx
index 3828629b7de40..991d7ac2fbe77 100644
--- a/api_docs/unified_search_autocomplete.mdx
+++ b/api_docs/unified_search_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete
 title: "unifiedSearch.autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedSearch.autocomplete plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete']
 ---
 import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json';
diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx
index 8b9feb48b2554..78fd42c02de10 100644
--- a/api_docs/uptime.mdx
+++ b/api_docs/uptime.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime
 title: "uptime"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uptime plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime']
 ---
 import uptimeObj from './uptime.devdocs.json';
diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx
index 64a832b6cff6c..42a5bab939cc2 100644
--- a/api_docs/url_forwarding.mdx
+++ b/api_docs/url_forwarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding
 title: "urlForwarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the urlForwarding plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding']
 ---
 import urlForwardingObj from './url_forwarding.devdocs.json';
diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx
index 436db094913ba..d35eb84ee8aad 100644
--- a/api_docs/usage_collection.mdx
+++ b/api_docs/usage_collection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection
 title: "usageCollection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the usageCollection plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection']
 ---
 import usageCollectionObj from './usage_collection.devdocs.json';
diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx
index 6101ac7d027d2..4a34a45f7d0c0 100644
--- a/api_docs/ux.mdx
+++ b/api_docs/ux.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux
 title: "ux"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ux plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux']
 ---
 import uxObj from './ux.devdocs.json';
diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx
index 890eb0c990a2e..a20658de54123 100644
--- a/api_docs/vis_default_editor.mdx
+++ b/api_docs/vis_default_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor
 title: "visDefaultEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visDefaultEditor plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor']
 ---
 import visDefaultEditorObj from './vis_default_editor.devdocs.json';
diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx
index 6aff52a01cd88..f1130396dc376 100644
--- a/api_docs/vis_type_gauge.mdx
+++ b/api_docs/vis_type_gauge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge
 title: "visTypeGauge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeGauge plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge']
 ---
 import visTypeGaugeObj from './vis_type_gauge.devdocs.json';
diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx
index dca9fa99c07b0..c0ef69081465d 100644
--- a/api_docs/vis_type_heatmap.mdx
+++ b/api_docs/vis_type_heatmap.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap
 title: "visTypeHeatmap"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeHeatmap plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap']
 ---
 import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json';
diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx
index 6f52c4d6726a1..623d861fd148e 100644
--- a/api_docs/vis_type_pie.mdx
+++ b/api_docs/vis_type_pie.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie
 title: "visTypePie"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypePie plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie']
 ---
 import visTypePieObj from './vis_type_pie.devdocs.json';
diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx
index c984f1e20a831..84ef6a8f4f54b 100644
--- a/api_docs/vis_type_table.mdx
+++ b/api_docs/vis_type_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable
 title: "visTypeTable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTable plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable']
 ---
 import visTypeTableObj from './vis_type_table.devdocs.json';
diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx
index 3dce4637737ae..38d3f4ded1122 100644
--- a/api_docs/vis_type_timelion.mdx
+++ b/api_docs/vis_type_timelion.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion
 title: "visTypeTimelion"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTimelion plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion']
 ---
 import visTypeTimelionObj from './vis_type_timelion.devdocs.json';
diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx
index 1106d22596c13..2cf0b885ba83a 100644
--- a/api_docs/vis_type_timeseries.mdx
+++ b/api_docs/vis_type_timeseries.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries
 title: "visTypeTimeseries"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTimeseries plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries']
 ---
 import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json';
diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx
index d899070ea869f..b3ba492de6aba 100644
--- a/api_docs/vis_type_vega.mdx
+++ b/api_docs/vis_type_vega.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega
 title: "visTypeVega"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeVega plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega']
 ---
 import visTypeVegaObj from './vis_type_vega.devdocs.json';
diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx
index 89682e5f50528..0f1e4931aa4fc 100644
--- a/api_docs/vis_type_vislib.mdx
+++ b/api_docs/vis_type_vislib.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib
 title: "visTypeVislib"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeVislib plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib']
 ---
 import visTypeVislibObj from './vis_type_vislib.devdocs.json';
diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx
index 4ae390b8e9a7c..63b20260c928c 100644
--- a/api_docs/vis_type_xy.mdx
+++ b/api_docs/vis_type_xy.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy
 title: "visTypeXy"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeXy plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy']
 ---
 import visTypeXyObj from './vis_type_xy.devdocs.json';
diff --git a/api_docs/visualizations.devdocs.json b/api_docs/visualizations.devdocs.json
index b405cfcef12f0..bfea478cf29ce 100644
--- a/api_docs/visualizations.devdocs.json
+++ b/api_docs/visualizations.devdocs.json
@@ -45,6 +45,17 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "visualizations",
+            "id": "def-public.BaseVisType.order",
+            "type": "number",
+            "tags": [],
+            "label": "order",
+            "description": [],
+            "path": "src/plugins/visualizations/public/vis_types/base_vis_type.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "visualizations",
             "id": "def-public.BaseVisType.description",
@@ -4656,6 +4667,20 @@
             "path": "src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "visualizations",
+            "id": "def-public.VisTypeAlias.order",
+            "type": "number",
+            "tags": [],
+            "label": "order",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -5596,6 +5621,20 @@
             "path": "src/plugins/visualizations/public/vis_types/types.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "visualizations",
+            "id": "def-public.VisTypeDefinition.order",
+            "type": "number",
+            "tags": [],
+            "label": "order",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "src/plugins/visualizations/public/vis_types/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -6376,6 +6415,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "visualizations",
+        "id": "def-public.COMMON_VISUALIZATION_GROUPING",
+        "type": "Array",
+        "tags": [],
+        "label": "COMMON_VISUALIZATION_GROUPING",
+        "description": [],
+        "signature": [
+          "{ id: string; getDisplayName: () => string; getIconType: () => string; order: number; }[]"
+        ],
+        "path": "src/plugins/visualizations/public/embeddable/constants.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "visualizations",
         "id": "def-public.DASHBOARD_VISUALIZATION_PANEL_TRIGGER",
@@ -14631,6 +14685,18 @@
       }
     ],
     "enums": [
+      {
+        "parentPluginId": "visualizations",
+        "id": "def-common.LegendLayout",
+        "type": "Enum",
+        "tags": [],
+        "label": "LegendLayout",
+        "description": [],
+        "path": "src/plugins/visualizations/common/constants.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "visualizations",
         "id": "def-common.LegendSize",
@@ -16124,10 +16190,13 @@
       {
         "parentPluginId": "visualizations",
         "id": "def-common.PartitionLegendValue",
-        "type": "string",
+        "type": "Type",
         "tags": [],
         "label": "PartitionLegendValue",
         "description": [],
+        "signature": [
+          "\"value\" | \"percent\""
+        ],
         "path": "src/plugins/visualizations/common/constants.ts",
         "deprecated": false,
         "trackAdoption": false,
@@ -16648,10 +16717,13 @@
       {
         "parentPluginId": "visualizations",
         "id": "def-common.XYLegendValue",
-        "type": "string",
+        "type": "Type",
         "tags": [],
         "label": "XYLegendValue",
         "description": [],
+        "signature": [
+          "\"min\" | \"max\" | \"median\" | \"count\" | \"total\" | \"range\" | \"currentAndLastValue\" | \"lastValue\" | \"lastNonNullValue\" | \"average\" | \"firstValue\" | \"firstNonNullValue\" | \"distinctCount\" | \"variance\" | \"stdDeviation\" | \"difference\" | \"differencePercent\""
+        ],
         "path": "src/plugins/visualizations/common/constants.ts",
         "deprecated": false,
         "trackAdoption": false,
diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx
index 862c90efea645..84089238b5ff0 100644
--- a/api_docs/visualizations.mdx
+++ b/api_docs/visualizations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations
 title: "visualizations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visualizations plugin
-date: 2024-06-19
+date: 2024-07-01
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations']
 ---
 import visualizationsObj from './visualizations.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 864 | 12 | 833 | 19 |
+| 869 | 12 | 838 | 19 |
 
 ## Client
 
diff --git a/config/serverless.yml b/config/serverless.yml
index bea8e422e2925..1eab9f962b54b 100644
--- a/config/serverless.yml
+++ b/config/serverless.yml
@@ -100,10 +100,10 @@ xpack.index_management.enableIndexActions: false
 xpack.index_management.enableLegacyTemplates: false
 # Disable index stats information from Index Management UI
 xpack.index_management.enableIndexStats: false
+# Disable data stream stats information from Index Management UI
+xpack.index_management.enableDataStreamStats: false
 # Only limited index settings can be edited
 xpack.index_management.editableIndexSettings: limited
-# Disable Storage size column in the Data streams table from Index Management UI
-xpack.index_management.enableDataStreamsStorageColumn: false
 # Disable _source field in the Mappings editor's advanced options form from Index Management UI
 xpack.index_management.enableMappingsSourceFieldSection: false
 # Disable toggle for enabling data retention in DSL form from Index Management UI
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
index 3e18a1445ff4c..6d42b25d4bce4 100644
--- a/docs/CHANGELOG.asciidoc
+++ b/docs/CHANGELOG.asciidoc
@@ -10,6 +10,7 @@
 
 Review important information about the {kib} 8.x releases.
 
+* <<release-notes-8.14.2>>
 * <<release-notes-8.14.1>>
 * <<release-notes-8.14.0>>
 * <<release-notes-8.13.4>>
@@ -67,6 +68,25 @@ Review important information about the {kib} 8.x releases.
 * <<release-notes-8.0.0-alpha1>>
 
 --
+
+[[release-notes-8.14.2]]
+== {kib} 8.14.2
+
+The 8.14.2 release includes the following bug fixes.
+
+[float]
+[[fixes-v8.14.2]]
+=== Bug Fixes
+
+Alerting::
+* Rule runs recovered actions without ever running active actions ({kibana-pull}183646[#183646]).
+Fleet::
+* Updates health_check endpoint to accept hosts ids ({kibana-pull}185014[#185014]).
+Machine Learning::
+* AIOps Log Rate Analysis: Fixes text field selection ({kibana-pull}186176[#186176]).
+Presentation::
+* Fixes PresentationPanelError component throwing when error.message is empty string ({kibana-pull}186098[#186098]).
+
 [[release-notes-8.14.1]]
 == {kib} 8.14.1
 
@@ -6247,7 +6267,7 @@ Before you upgrade to 8.1.0, review the breaking changes, then mitigate the impa
 The `/api/reporting/generate/csv` endpoint has been removed. For more information, refer to {kibana-pull}121435[#121435].
 
 *Impact* +
-If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatatically generate CSV reports.
+If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatically generate CSV reports.
 ====
 
 [discrete]
diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc
index fc15206bd284d..e4f161ac8f4e5 100644
--- a/docs/developer/plugin-list.asciidoc
+++ b/docs/developer/plugin-list.asciidoc
@@ -470,10 +470,6 @@ The plugin exposes the static DefaultEditorController class to consume.
 |WARNING: Missing README.
 
 
-|{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/asset_manager/README.md[assetManager]
-|This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more.
-
-
 |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/assets_data_access[assetsDataAccess]
 |WARNING: Missing README.
 
@@ -573,6 +569,10 @@ security and spaces filtering.
 |This plugin provides Kibana user interfaces for managing the Enterprise Search solution and its products, App Search and Workplace Search.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/entity_manager/README.md[entityManager]
+|This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more.
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/event_log/README.md[eventLog]
 |The event log plugin provides a persistent history of alerting and action
 activities.
diff --git a/docs/management/connectors/action-types/gemini.asciidoc b/docs/management/connectors/action-types/gemini.asciidoc
index d1693f0b5ec28..6ba03f247461a 100644
--- a/docs/management/connectors/action-types/gemini.asciidoc
+++ b/docs/management/connectors/action-types/gemini.asciidoc
@@ -31,7 +31,7 @@ Name::      The name of the connector.
 API URL::   The {gemini} request URL.
 PROJECT ID:: The project which has Vertex AI endpoint enabled.
 Region:: The GCP region where the Vertex AI endpoint enabled.
-Default model:: The GAI model for {gemini} to use. Current support is for the Google Gemini models, defaulting to gemini-1.5-pro-preview-0409. The model can be set on a per request basis by including a "model" parameter alongside the request body.
+Default model:: The GAI model for {gemini} to use. Current support is for the Google Gemini models, defaulting to gemini-1.5-pro-001. The model can be set on a per request basis by including a "model" parameter alongside the request body.
 Credentials JSON:: The GCP service account JSON file for authentication.
 
 [float]
diff --git a/docs/management/connectors/pre-configured-connectors.asciidoc b/docs/management/connectors/pre-configured-connectors.asciidoc
index 893e2c03e93bf..919661276aa64 100644
--- a/docs/management/connectors/pre-configured-connectors.asciidoc
+++ b/docs/management/connectors/pre-configured-connectors.asciidoc
@@ -148,7 +148,7 @@ xpack.actions.preconfigured:
     actionTypeId: .bedrock
     config:
       apiUrl: https://bedrock-runtime.us-east-1.amazonaws.com <1>
-      defaultModel: anthropic.claude-3-sonnet-20240229-v1:0 <2>
+      defaultModel: anthropic.claude-3-5-sonnet-20240620-v1:0 <2>
     secrets:
       accessKey: key-value <3>
       secret: secret-value <4>
diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc
index 6528e1a60b7bc..66dd681f534b1 100644
--- a/docs/settings/alert-action-settings.asciidoc
+++ b/docs/settings/alert-action-settings.asciidoc
@@ -341,8 +341,8 @@ For a <<cases-webhook-action-type,{webhook-cm} connector>>, specifies a string f
 The default model to use for requests, which varies by connector:
 +
 --
-* For an <<bedrock-action-type,{bedrock} connector>>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-sonnet-20240229-v1:0`.
-* For a <<gemini-action-type,{gemini} connector>>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-preview-0409`.
+* For an <<bedrock-action-type,{bedrock} connector>>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`.
+* For a <<gemini-action-type,{gemini} connector>>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-001`.
 * For a <<openai-action-type,OpenAI connector>>, it is optional and applicable only when `xpack.actions.preconfigured.<connector-id>.config.apiProvider` is `OpenAI`.
 --
 
diff --git a/docs/settings/reporting-settings.asciidoc b/docs/settings/reporting-settings.asciidoc
index f871f72db22c0..87ee0b9bac099 100644
--- a/docs/settings/reporting-settings.asciidoc
+++ b/docs/settings/reporting-settings.asciidoc
@@ -245,6 +245,7 @@ Choose the API method used to page through data during CSV export. Valid options
 [NOTE]
 ============
 Each method has its own unique limitations which are important to understand.
+
 * Scroll API: Search is limited to 500 shards at the very most. In cases where data shards are unavailable or time out, the export may return partial data.
 * PIT API: Permissions to read data aliases alone will not work: the permissions are needed on the underlying indices or datastreams. In cases where data shards are unavailable or time out, the export will be empty rather than returning partial data.
 ============
diff --git a/docs/user/reporting/index.asciidoc b/docs/user/reporting/index.asciidoc
index 338b2bc53a55a..5075caad71813 100644
--- a/docs/user/reporting/index.asciidoc
+++ b/docs/user/reporting/index.asciidoc
@@ -171,3 +171,5 @@ NOTE: *Public URL* is available only when anonymous access is configured and you
 
 include::automating-report-generation.asciidoc[]
 include::reporting-troubleshooting.asciidoc[]
+include::reporting-csv-troubleshooting.asciidoc[leveloffset=+1]
+include::reporting-pdf-troubleshooting.asciidoc[leveloffset=+1]
\ No newline at end of file
diff --git a/docs/user/reporting/reporting-csv-troubleshooting.asciidoc b/docs/user/reporting/reporting-csv-troubleshooting.asciidoc
new file mode 100644
index 0000000000000..a0eb782ce3d3b
--- /dev/null
+++ b/docs/user/reporting/reporting-csv-troubleshooting.asciidoc
@@ -0,0 +1,90 @@
+[[reporting-troubleshooting-csv]]
+== Troubleshooting CSV reports
+++++
+<titleabbrev>CSV</titleabbrev>
+++++
+
+The CSV export feature in Kibana makes queries to Elasticsearch and formats the results into CSV.
+This feature offers a solution that attempts to provide the most benefit to the most use cases.
+However, things could go wrong during export.
+Elasticsearch can stop responding, repeated querying can take so long that authentication tokens can time
+out, and the format of exported data can be too complex for spreadsheet applications to handle.
+Such situations are outside of the control of Kibana.
+If the use case becomes complex enough, it's recommended that you create scripts that query Elasticsearch directly, using a scripting language like Python and the public {es} APIs.
+
+For more advice about common problems, refer to <<reporting-troubleshooting>>.
+
+[NOTE]
+============
+It is recommended that you use CSV reports to export moderate amounts of data only.
+The feature enables analysis of data in external tools, but it's not intended for bulk export or to backup {es} data.
+If you need to export more than 250 MB of CSV, rather than increasing <<reporting-csv-settings,`xpack.reporting.csv.maxSizeBytes`>>, use
+filters to create multiple smaller reports or extract the data you need directly from {es}.
+
+The following deployment configurations may lead to failed report jobs or incomplete reports:
+
+* Any shard needed for search is unavailable.
+* Data is stored on slow storage tiers.
+* Network latency between nodes is high.
+* {ccs-cap} is used.
+
+To export large amounts of data, use {es} APIs directly.
+Check out the {ref}/point-in-time-api.html[Point in time API] or {ref}/sql-rest-format.html#_csv[SQL with CSV response data format].
+============
+
+[float]
+[[reporting-troubleshooting-csv-configure-scan-api]]
+=== Configuring CSV export to use the scroll API
+
+The Kibana CSV export feature collects all of the data from Elasticsearch by using multiple requests to page
+over all of the documents.
+Internally, the feature uses the {ref}/point-in-time-api.html[Point in time API and
+`search_after` parameters in the queries] to do so.
+There are some limitations related to the point in time API:
+
+1. Permissions to read data aliases alone will not work: the permissions are needed on the underlying indices or data streams.
+2. In cases where data shards are unavailable or time out, the export will be empty rather than returning partial data.
+
+Some users may benefit from using the {ref}/paginate-search-results.html#scroll-search-results[scroll API], an
+alternative to paging through the data.
+The behavior of this API does not have the limitations of point in time API, however it has its own limitations:
+
+1. Search is limited to 500 shards at the very most.
+2. In cases where the data shards are unavailable or time out, the export may return partial data.
+
+If you prefer the internal implementation of CSV export to use the scroll API, you can configure this in
+`kibana.yml`:
+
+[source,yml]
+-------------------------------------------
+xpack.reporting.csv.scroll.strategy: scroll
+-------------------------------------------
+
+For more details about CSV export settings, go to <<reporting-csv-settings>>.
+
+[float]
+[[reporting-troubleshooting-csv-socket-hangup]]
+=== Socket hangups
+
+A "socket hangup" is a generic type of error meaning that a remote service (in this case Elasticsearch or a proxy in Cloud) closed the connection.
+Kibana can't foresee when this might happen and can't force the remote service to keep the connection open.
+To work around this situation, consider lowering the size of results that come back in each request or increase the amount of time the remote services will
+allow to keep the request open.
+For example:
+
+[source,yml]
+---------------------------------------
+xpack.reporting.csv.scroll.size: 50
+xpack.reporting.csv.scroll.duration: 2m
+---------------------------------------
+
+Such changes aren't guaranteed to solve the issue, but give the functionality a better
+chance of working in this use case.
+Unfortunately, lowering the scroll size will require more requests to Elasticsearch during export, which adds more time overhead, which could unintentionally create more instances of auth token expiration errors.
+
+[float]
+[[reporting-troubleshooting-csv-token-expired]]
+=== Token expiration
+
+To avoid token expirations, use a type of authentication that doesn't expire (such as Basic auth) or run the export using scripts that query Elasticsearch directly.
+In a custom script, you have the ability to refresh the auth token as needed, such as once before each query.
diff --git a/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc b/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc
new file mode 100644
index 0000000000000..9ea3ff6aa3721
--- /dev/null
+++ b/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc
@@ -0,0 +1,136 @@
+[[reporting-troubleshooting-pdf]]
+== Troubleshooting PDF and PNG reports
+++++
+<titleabbrev>PDF/PNG</titleabbrev>
+++++
+
+For the most reliable configuration of PDF/PNG {report-features}, consider installing {kib} using <<docker,Docker>> or using <<set-up-on-cloud,Elastic Cloud>>.
+
+For more advice about common problems, refer to <<reporting-troubleshooting>>.
+
+[float]
+[[reporting-diagnostics]]
+=== Reporting diagnostics
+Reporting comes with a built-in utility to try to automatically find common issues.
+When {kib} is running, navigate to the *Report Listing* page, and click *Run reporting diagnostics*.
+This will open up a diagnostic tool that checks various parts of the {kib} deployment and comes up with any relevant recommendations.
+
+If the diagnostic information doesn't reveal the problem, you can troubleshoot further by starting the Kibana server with an environment variable for revealing additional debugging logs.
+Refer to <<reporting-troubleshooting-puppeteer-debug-logs>>.
+
+[float]
+[[reporting-troubleshooting-nss-dependency]]
+=== Network security service libraries
+
+You must install Network Security Service (NSS) libraries for {report-features} to work.
+Reporting using the Chromium browser relies on these libraries.
+Install the appropriate nss package for your distribution.
+Refer to <<install-reporting-packages>>.
+
+[float]
+[[reporting-troubleshooting-sandbox-dependency]]
+=== Chromium sandbox requirements
+
+Chromium uses sandboxing techniques that are built on top of operating system primitives.
+The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel.
+However, many distributions don't have user namespaces enabled by default or they require the CAP_SYS_ADMIN capability.
+If the sandbox is not explicitly disabled in Kibana, either based on operating system detection or with the `xpack.screenshotting.browser.chromium.disableSandbox` setting, Chrome will try to enable the sandbox.
+If it fails due to operating system or permissions restrictions, Chrome will crash during initialization.
+
+Elastic recommends that you research the feasibility of enabling unprivileged user namespaces before disabling the sandbox.
+An exception is if you are running Kibana in Docker because the container runs in a user namespace with the built-in seccomp/bpf filters.
+
+[float]
+[[reporting-troubleshooting-text-incorrect]]
+=== Text rendered incorrectly in generated reports
+
+If a report label is rendered as an empty rectangle, no system fonts are available.
+Install at least one font package on the system.
+
+If the report is missing certain Chinese, Japanese or Korean characters, ensure that a system font with those characters is installed.
+
+[float]
+[[reporting-troubleshooting-missing-data]]
+=== Missing data in PDF report of data table visualization
+
+There is currently a known limitation with the data table visualization that only the first page of data rows, which are the only data
+visible on the screen, are shown in PDF reports.
+
+[float]
+[[reporting-troubleshooting-pdf-connection-refused]]
+=== Connection refused errors
+
+If PDF or PNG reports are not working due to a "connection refused" or "unable to connect" type of error, ensure that the `kibana.yml`
+file uses the setting of `server.host: 0.0.0.0`.
+Also verify that no firewall rules or other routing rules prevent local services from accessing this address.
+Find out more at <<set-reporting-server-host>>.
+
+[float]
+[[reporting-troubleshooting-file-permissions]]
+=== File permissions
+
+Ensure that the `headless_shell` binary located in your Kibana data directory is owned by the user who is running Kibana, that the
+user has the execute permission, and if applicable, that the filesystem is mounted with the `exec` option.
+
+[NOTE]
+--
+The Chromium binary is located in the Kibana installation directory as `data/headless_shell-OS_TYPE/headless_shell`.
+The full path is logged the first time Kibana starts when verbose logging is enabled.
+--
+
+[float]
+[[reporting-troubleshooting-puppeteer-debug-logs]]
+=== Puppeteer debug logs
+
+The Chromium browser that {kib} launches on the server is driven by a NodeJS library for Chromium called Puppeteer.
+The Puppeteer library has its own command-line method to generate its own debug logs, which can sometimes be helpful, particularly to figure out if a problem is caused by Kibana or Chromium.
+Learn more https://github.com/GoogleChrome/puppeteer/blob/v1.19.0/README.md#debugging-tips[debugging tips].
+
+Using Puppeteer's debug method when launching Kibana would look like:
+```
+env DEBUG="puppeteer:*" ./bin/kibana
+```
+The internal DevTools protocol traffic will be logged via the `debug` module under the `puppeteer` namespace.
+
+The Puppeteer logs are very verbose and could possibly contain sensitive information.
+Handle the generated output with care.
+
+[float]
+[[reporting-troubleshooting-system-requirements]]
+=== System requirements
+
+In Elastic Cloud, the {kib} instances that most configurations provide by default is for 1GB of RAM for the instance.
+That is enough for {kib} {report-features} when the visualization or dashboard is relatively simple, such as a single pie chart or a dashboard with a few visualizations.
+However, certain visualization types incur more load than others.
+For example, a TSVB panel has a lot of network requests to render.
+
+If the {kib} instance doesn't have enough memory to run the report, the report fails with an error such as `Error: Page crashed!`.
+In this case, try increasing the memory for the {kib} instance to 2GB.
+
+[float]
+[[reporting-troubleshooting-maps-ems]]
+=== Unable to connect to Elastic Maps Service
+
+https://www.elastic.co/elastic-maps-service[{ems} ({ems-init})] is a service that hosts tile layers and vector shapes of administrative boundaries.
+If a report contains a map with a missing basemap layer or administrative boundary, the {kib} server does not have access to {ems-init}.
+Refer to <<maps-connect-to-ems>> for information about how to connect your {kib} server to {ems-init}.
+
+[float]
+[[reporting-manual-chromium-install]]
+=== Manually install the Chromium browser for Darwin
+
+Chromium is not embedded into {kib} for the Darwin (Mac OS) architecture.
+When running {kib} on Darwin, {report-features} will download Chromium into the proper area of the {kib} installation path the first time the server starts.
+If the server does not have access to the internet, you must download the Chromium browser and install it into the {kib} installation path.
+
+1. Download the Chromium zip file:
+
+** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac/901912/chrome-mac.zip[x64] systems
+** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac_Arm/901913/chrome-mac.zip[ARM] systems
+
+2. Copy the zip file into the holding area. Relative to the root directory of {kib}, the path is:
+
+** `.chromium/x64` for x64 systems
+** `.chromium/arm64` for ARM systems
+
+When {kib} starts, it will automatically extract the browser from the zip file and is then ready for PNG and PDF reports.
diff --git a/docs/user/reporting/reporting-troubleshooting.asciidoc b/docs/user/reporting/reporting-troubleshooting.asciidoc
index 72b94c02a6ebc..814c2e48f15d9 100644
--- a/docs/user/reporting/reporting-troubleshooting.asciidoc
+++ b/docs/user/reporting/reporting-troubleshooting.asciidoc
@@ -1,73 +1,31 @@
-[role="xpack"]
 [[reporting-troubleshooting]]
-== Reporting troubleshooting
+== Troubleshooting {report-features}
 
 ++++
 <titleabbrev>Troubleshooting</titleabbrev>
 ++++
 
-Having trouble? Here are solutions to common problems you might encounter while using Reporting.
+Kibana excels as a data visualization tool. The {report-features} exist to export data as simple reports, however Kibana is not a data export tool.
+To export data at a large scale, there are better ways and better architectures for exporting data at scale from Elasticsearch.
 
-* <<reporting-diagnostics>>
-* <<reporting-troubleshooting-text-incorrect>>
-* <<reporting-troubleshooting-missing-data>>
-* <<reporting-troubleshooting-file-permissions>>
-* <<reporting-troubleshooting-error-messages>>
-* <<reporting-troubleshooting-puppeteer-debug-logs>>
-* <<reporting-troubleshooting-system-requirements>>
-* <<reporting-troubleshooting-maps-ems>>
-* <<reporting-manual-chromium-install>>
-
-[float]
-[[reporting-diagnostics]]
-=== Reporting diagnostics
-Reporting comes with a built-in utility to try to automatically find common issues. When {kib} is running,
-navigate to the Report Listing page, and click *Run reporting diagnostics*. This will open up a diagnostic tool
-that checks various parts of the {kib} deployment and come up with any relevant recommendations.
-
-If the diagnostic information doesn't reveal the problem, you can troubleshoot further by starting the Kibana
-server with an environment variable for revealing additional debugging logs. Refer to
-<<reporting-troubleshooting-puppeteer-debug-logs>>.
-
-[float]
-[[reporting-troubleshooting-text-incorrect]]
-=== Text rendered incorrectly in generated reports
-
-If a report label is rendered as an empty rectangle, no system fonts are available. Install at least one font package on the system.
-
-If the report is missing certain Chinese, Japanese or Korean characters, ensure that a system font with those characters is installed.
-
-[float]
-[[reporting-troubleshooting-missing-data]]
-=== Missing data in PDF report of data table visualization
-There is currently a known limitation with the Data Table visualization that only the first page of data rows, which are the only data
-visible on the screen, are shown in PDF reports.
-
-[float]
-[[reporting-troubleshooting-file-permissions]]
-=== File permissions
-Ensure that the `headless_shell` binary located in your Kibana data directory is owned by the user who is running Kibana, that the
-user has the execute permission, and if applicable, that the filesystem is mounted with the `exec` option.
-
-[NOTE]
---
-The Chromium binary is located in the Kibana installation directory as `data/headless_shell-OS_TYPE/headless_shell`. The full path is logged
-the first time Kibana starts when verbose logging is enabled.
---
+If you have trouble creating simple reports, there are some general solutions to common problems you might encounter while using {report-features}.
+For tips related to specific types of reports, refer to <<reporting-troubleshooting-csv>> and <<reporting-troubleshooting-pdf>>.
 
 [float]
 [[reporting-troubleshooting-error-messages]]
 === Error messages
-Whenever possible, a Reporting error message tries to be as self-explanatory as possible. Here are some error messages you might encounter,
-along with the solution.
+
+There are some common solutions for error messages that you might encounter in {report-features}.
 
 [float]
-==== `StatusCodeError: [version_conflict_engine_exception]`
-If you are running multiple instances of {kib} in a cluster, the instances share the work of executing report jobs to evenly distribute
-the work load. Each instance searches the reporting index for "pending" jobs that the user has requested. It is possible for
-multiple instances to find the same job in these searches. Only the instance that successfully updated the job status to
-"processing" will actually execute the report job. The other instances that unsuccessfully tried to make the same update will log
-something similar to this:
+[[reporting-troubleshooting-version-conflict-exception]]
+==== Version conflict engine exceptions
+
+If you are running multiple instances of {kib} in a cluster, the instances share the work of running report jobs to evenly distribute the workload.
+Each instance searches the reporting index for "pending" jobs that the user has requested. 
+It is possible for multiple instances to find the same job in these searches.
+Only the instance that successfully updated the job status to "processing" will actually run the report job.
+The other instances that unsuccessfully tried to make the same update will log something similar to this:
 
 [source,text]
 --------------------------------------------------------------------------------
@@ -85,103 +43,34 @@ StatusCodeError: [version_conflict_engine_exception] [...]: version conflict, re
 }
 --------------------------------------------------------------------------------
 
-These messages alone don't indicate a problem. They show normal events that happen in a healthy system.
+These messages alone don't indicate a problem.
+They show normal events that happen in a healthy system.
 
 [float]
 ==== Max attempts reached
-There are two primary causes of this error:
-
-* You're creating a PDF of a visualization or dashboard that spans a large amount of data and Kibana is hitting the `xpack.reporting.queue.timeout`
-
-* Kibana is hosted behind a reverse-proxy, and the <<reporting-kibana-server-settings, Kibana server settings>> are not configured correctly
 
-Create a Markdown visualization and then create a PDF report. If this succeeds, increase the `xpack.reporting.queue.timeout` setting. If the
-PDF report fails with "Max attempts reached," check your <<reporting-kibana-server-settings, Kibana server settings>>.
+There are two primary causes for a "Max attempts reached" error:
 
-[float]
-[[reporting-troubleshooting-nss-dependency]]
-==== You must install nss for Reporting to work
-Reporting using the Chromium browser relies on the Network Security Service libraries (NSS). Install the appropriate nss package for your
-distribution.
+* You're creating a PDF of a visualization or dashboard that spans a large amount of data and Kibana is hitting the `xpack.reporting.queue.timeout`
 
-[float]
-[[reporting-troubleshooting-sandbox-dependency]]
-==== Unable to use Chromium sandbox
-Chromium uses sandboxing techniques that are built on top of operating system primitives. The Linux sandbox depends on user namespaces,
-which were introduced with the 3.8 Linux kernel. However, many distributions don't have user namespaces enabled by default, or they require
-the CAP_SYS_ADMIN capability. If the sandbox is not explicitly disabled in Kibana, either based on OS detection or with the
-`xpack.screenshotting.browser.chromium.disableSandbox` setting, Chrome will try to enable the sandbox. If it fails due to OS or permissions
-restrictions, Chrome will crash during initialization.
+* Kibana is hosted behind a reverse-proxy, and the <<reporting-kibana-server-settings,Kibana server settings>> are not configured correctly
 
-Elastic recommends that you research the feasibility of enabling unprivileged user namespaces before disabling the sandbox. An exception
-is if you are running Kibana in Docker because the container runs in a user namespace with the built-in seccomp/bpf filters.
+Create a Markdown visualization and then create a PDF report.
+If this succeeds, increase the `xpack.reporting.queue.timeout` setting.
+If the
+PDF report fails with "Max attempts reached," check your <<reporting-kibana-server-settings,Kibana server settings>>.
 
 [float]
 [[reporting-troubleshooting-verbose-logs]]
-=== Verbose logs
-{kib} server logs have a lot of useful information for troubleshooting and understanding how things work. If you're having any issues at
-all, the full logs from Reporting will be the first place to look. In `kibana.yml`:
+=== Verbose logging
+
+{kib} server logs have a lot of useful information for troubleshooting and understanding how things work.
+The full logs from {report-features} are a good place to look when you encounter problems.
+In `kibana.yml`:
 
 [source,yaml]
 --------------------------------------------------------------------------------
 logging.root.level: all
 --------------------------------------------------------------------------------
 
-For more information about logging, see <<logging-root-level,Kibana configuration settings>>.
-
-[float]
-[[reporting-troubleshooting-puppeteer-debug-logs]]
-=== Puppeteer debug logs
-The Chromium browser that {kib} launches on the server is driven by a NodeJS library for Chromium called Puppeteer. The Puppeteer library
-has its own command-line method to generate its own debug logs, which can sometimes be helpful, particularly to figure out if a problem is
-caused by Kibana or Chromium. See more at https://github.com/GoogleChrome/puppeteer/blob/v1.19.0/README.md#debugging-tips[debugging tips].
-
-Using Puppeteer's debug method when launching Kibana would look like:
-```
-env DEBUG="puppeteer:*" ./bin/kibana
-```
-The internal DevTools protocol traffic will be logged via the `debug` module under the `puppeteer` namespace.
-
-
-The Puppeteer logs are very verbose and could possibly contain sensitive information. Handle the generated output with care.
-
-[float]
-[[reporting-troubleshooting-system-requirements]]
-=== System requirements
-In Elastic Cloud, the {kib} instances that most configurations provide by default is for 1GB of RAM for the instance. That is enough for
-{kib} Reporting when the visualization or dashboard is relatively simple, such as a single pie chart or a dashboard with
-a few visualizations. However, certain visualization types incur more load than others. For example, a TSVB panel has a lot of network
-requests to render.
-
-If the {kib} instance doesn't have enough memory to run the report, the report fails with an error such as `Error: Page crashed!`
-In this case, try increasing the memory for the {kib} instance to 2GB.
-
-[float]
-[[reporting-troubleshooting-maps-ems]]
-=== Unable to connect to Elastic Maps Service
-
-https://www.elastic.co/elastic-maps-service[{ems} ({ems-init})] is a service that hosts
-tile layers and vector shapes of administrative boundaries.
-If a report contains a map with a missing basemap layer or administrative boundary, the {kib} server does not have access to {ems-init}.
-See <<maps-connect-to-ems>> for information on how to connect your {kib} server to {ems-init}.
-
-[float]
-[[reporting-manual-chromium-install]]
-=== Manually install the Chromium browser for Darwin
-Chromium is not embedded into {kib} for the Darwin (Mac OS) architecture. When
-running {kib} on Darwin, Reporting will download Chromium into the proper area of
-the {kib} installation path the first time the server starts. If the server
-does not have access to the Internet, you must download the
-Chromium browser and install it into the {kib} installation path.
-
-1. Download the Chromium zip file:
-
-** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac/901912/chrome-mac.zip[x64] systems
-** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac_Arm/901913/chrome-mac.zip[ARM] systems
-
-2. Copy the zip file into the holding area. Relative to the root directory of {kib}, the path is:
-
-** `.chromium/x64` for x64 systems
-** `.chromium/arm64` for ARM systems
-
-When {kib} starts, it will automatically extract the browser from the zip file, and is then ready for PNG and PDF reports.
+For more information about logging, check out <<logging-root-level,Kibana configuration settings>>.
diff --git a/examples/controls_example/jest.config.js b/examples/controls_example/jest.config.js
new file mode 100644
index 0000000000000..993283259d646
--- /dev/null
+++ b/examples/controls_example/jest.config.js
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../..',
+  roots: ['<rootDir>/examples/controls_example'],
+};
diff --git a/examples/controls_example/public/app/react_control_example.tsx b/examples/controls_example/public/app/react_control_example.tsx
index 859f747be1db2..0c84d557ec310 100644
--- a/examples/controls_example/public/app/react_control_example.tsx
+++ b/examples/controls_example/public/app/react_control_example.tsx
@@ -15,26 +15,33 @@ import {
   EuiFlexItem,
   EuiLoadingSpinner,
   EuiSpacer,
+  EuiSuperDatePicker,
+  OnTimeChangeProps,
 } from '@elastic/eui';
 import { CONTROL_GROUP_TYPE } from '@kbn/controls-plugin/common';
 import { CoreStart } from '@kbn/core/public';
 import { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
 import { ReactEmbeddableRenderer, ViewMode } from '@kbn/embeddable-plugin/public';
 import { AggregateQuery, Filter, Query, TimeRange } from '@kbn/es-query';
-import { PresentationContainer } from '@kbn/presentation-containers';
+import { combineCompatibleChildrenApis, PresentationContainer } from '@kbn/presentation-containers';
 import {
+  apiPublishesDataLoading,
   HasUniqueId,
+  PublishesDataLoading,
   PublishesUnifiedSearch,
   PublishesViewMode,
+  useBatchedPublishingSubjects,
   useStateFromPublishingSubject,
   ViewMode as ViewModeType,
 } from '@kbn/presentation-publishing';
 import { toMountPoint } from '@kbn/react-kibana-mount';
-import React, { useEffect, useState } from 'react';
+import React, { useEffect, useMemo, useState } from 'react';
 import useAsync from 'react-use/lib/useAsync';
 import useMount from 'react-use/lib/useMount';
 import { BehaviorSubject } from 'rxjs';
 import { ControlGroupApi } from '../react_controls/control_group/types';
+import { SEARCH_CONTROL_TYPE } from '../react_controls/data_controls/search_control/types';
+import { TIMESLIDER_CONTROL_TYPE } from '../react_controls/timeslider_control/types';
 
 const toggleViewButtons = [
   {
@@ -49,11 +56,43 @@ const toggleViewButtons = [
   },
 ];
 
+const searchControlId = 'searchControl1';
+const timesliderControlId = 'timesliderControl1';
+const controlGroupPanels = {
+  [searchControlId]: {
+    type: SEARCH_CONTROL_TYPE,
+    order: 0,
+    grow: true,
+    width: 'medium',
+    explicitInput: {
+      id: searchControlId,
+      fieldName: 'message',
+      title: 'Message',
+      grow: true,
+      width: 'medium',
+      searchString: 'this',
+      enhancements: {},
+    },
+  },
+  [timesliderControlId]: {
+    type: TIMESLIDER_CONTROL_TYPE,
+    order: 0,
+    grow: true,
+    width: 'medium',
+    explicitInput: {
+      id: timesliderControlId,
+      title: 'Time slider',
+      enhancements: {},
+    },
+  },
+};
+
 /**
  * I am mocking the dashboard API so that the data table embeddble responds to changes to the
  * data view publishing subject from the control group
  */
 type MockedDashboardApi = PresentationContainer &
+  PublishesDataLoading &
   PublishesViewMode &
   PublishesUnifiedSearch & {
     publishFilters: (newFilters: Filter[] | undefined) => void;
@@ -68,6 +107,20 @@ export const ReactControlExample = ({
   core: CoreStart;
   dataViews: DataViewsPublicPluginStart;
 }) => {
+  const dataLoading$ = useMemo(() => {
+    return new BehaviorSubject<boolean | undefined>(false);
+  }, []);
+  const timeRange$ = useMemo(() => {
+    return new BehaviorSubject<TimeRange | undefined>({
+      from: 'now-24h',
+      to: 'now',
+    });
+  }, []);
+  const timeslice$ = useMemo(() => {
+    return new BehaviorSubject<[number, number] | undefined>(undefined);
+  }, []);
+  const [dataLoading, timeRange] = useBatchedPublishingSubjects(dataLoading$, timeRange$);
+
   const [dashboardApi, setDashboardApi] = useState<MockedDashboardApi | undefined>(undefined);
   const [controlGroupApi, setControlGroupApi] = useState<ControlGroupApi | undefined>(undefined);
   const viewModeSelected = useStateFromPublishingSubject(dashboardApi?.viewMode);
@@ -76,14 +129,15 @@ export const ReactControlExample = ({
     const viewMode = new BehaviorSubject<ViewModeType>(ViewMode.EDIT as ViewModeType);
     const filters$ = new BehaviorSubject<Filter[] | undefined>([]);
     const query$ = new BehaviorSubject<Query | AggregateQuery | undefined>(undefined);
-    const timeRange$ = new BehaviorSubject<TimeRange | undefined>(undefined);
     const children$ = new BehaviorSubject<{ [key: string]: unknown }>({});
 
     setDashboardApi({
+      dataLoading: dataLoading$,
       viewMode,
       filters$,
       query$,
       timeRange$,
+      timeslice$,
       children$,
       publishFilters: (newFilters) => filters$.next(newFilters),
       setViewMode: (newViewMode) => viewMode.next(newViewMode),
@@ -101,6 +155,25 @@ export const ReactControlExample = ({
     });
   });
 
+  useEffect(() => {
+    const subscription = combineCompatibleChildrenApis<PublishesDataLoading, boolean | undefined>(
+      dashboardApi,
+      'dataLoading',
+      apiPublishesDataLoading,
+      undefined,
+      // flatten method
+      (values) => {
+        return values.some((isLoading) => isLoading);
+      }
+    ).subscribe((isAtLeastOneChildLoading) => {
+      dataLoading$.next(isAtLeastOneChildLoading);
+    });
+
+    return () => {
+      subscription.unsubscribe();
+    };
+  }, [dashboardApi, dataLoading$]);
+
   // TODO: Maybe remove `useAsync` - see https://github.com/elastic/kibana/pull/182842#discussion_r1624909709
   const {
     loading,
@@ -122,6 +195,18 @@ export const ReactControlExample = ({
     };
   }, [dashboardApi, controlGroupApi]);
 
+  useEffect(() => {
+    if (!controlGroupApi) return;
+
+    const subscription = controlGroupApi.timeslice$.subscribe((timeslice) => {
+      timeslice$.next(timeslice);
+    });
+
+    return () => {
+      subscription.unsubscribe();
+    };
+  }, [controlGroupApi, timeslice$]);
+
   if (error || (!dataViews?.[0]?.id && !loading))
     return (
       <EuiEmptyPrompt
@@ -180,6 +265,18 @@ export const ReactControlExample = ({
         </EuiFlexItem>
       </EuiFlexGroup>
       <EuiSpacer size="m" />
+      <EuiSuperDatePicker
+        isLoading={dataLoading}
+        start={timeRange?.from}
+        end={timeRange?.to}
+        onTimeChange={({ start, end }: OnTimeChangeProps) => {
+          timeRange$.next({
+            from: start,
+            to: end,
+          });
+        }}
+      />
+      <EuiSpacer size="m" />
       <ReactEmbeddableRenderer
         onApiAvailable={(api) => {
           dashboardApi?.setChild(api);
@@ -194,14 +291,13 @@ export const ReactControlExample = ({
               controlStyle: 'oneLine',
               chainingSystem: 'HIERARCHICAL',
               showApplySelections: false,
-              panelsJSON:
-                '{"a957862f-beae-4f0c-8a3a-a6ea4c235651":{"type":"searchControl","order":0,"grow":true,"width":"medium","explicitInput":{"id":"a957862f-beae-4f0c-8a3a-a6ea4c235651","fieldName":"message","title":"Message","grow":true,"width":"medium","searchString": "this","enhancements":{}}}}',
+              panelsJSON: JSON.stringify(controlGroupPanels),
               ignoreParentSettingsJSON:
                 '{"ignoreFilters":false,"ignoreQuery":false,"ignoreTimerange":false,"ignoreValidations":false}',
             } as object,
             references: [
               {
-                name: 'controlGroup_a957862f-beae-4f0c-8a3a-a6ea4c235651:searchControlDataView',
+                name: `controlGroup_${searchControlId}:searchControlDataView`,
                 type: 'index-pattern',
                 id: dataViews?.[0].id!,
               },
@@ -217,9 +313,7 @@ export const ReactControlExample = ({
           getParentApi={() => ({
             ...dashboardApi,
             getSerializedStateForChild: () => ({
-              rawState: {
-                timeRange: { from: 'now-60d/d', to: 'now+60d/d' },
-              },
+              rawState: {},
               references: [],
             }),
           })}
diff --git a/examples/controls_example/public/plugin.tsx b/examples/controls_example/public/plugin.tsx
index 57fd451cc81a9..c3a43e8907b37 100644
--- a/examples/controls_example/public/plugin.tsx
+++ b/examples/controls_example/public/plugin.tsx
@@ -18,6 +18,7 @@ import img from './control_group_image.png';
 import { EditControlAction } from './react_controls/actions/edit_control_action';
 import { registerControlFactory } from './react_controls/control_factory_registry';
 import { SEARCH_CONTROL_TYPE } from './react_controls/data_controls/search_control/types';
+import { TIMESLIDER_CONTROL_TYPE } from './react_controls/timeslider_control/types';
 
 interface SetupDeps {
   developerExamples: DeveloperExamplesSetup;
@@ -61,6 +62,17 @@ export class ControlsExamplePlugin
       });
     });
 
+    registerControlFactory(TIMESLIDER_CONTROL_TYPE, async () => {
+      const [{ getTimesliderControlFactory }, [coreStart, depsStart]] = await Promise.all([
+        import('./react_controls/timeslider_control/get_timeslider_control_factory'),
+        core.getStartServices(),
+      ]);
+      return getTimesliderControlFactory({
+        core: coreStart,
+        data: depsStart.data,
+      });
+    });
+
     core.application.register({
       id: PLUGIN_ID,
       title: 'Controls examples',
diff --git a/examples/controls_example/public/react_controls/control_group/control_group_editor.tsx b/examples/controls_example/public/react_controls/control_group/control_group_editor.tsx
index de62427a1cd1a..869b0fe622eb2 100644
--- a/examples/controls_example/public/react_controls/control_group/control_group_editor.tsx
+++ b/examples/controls_example/public/react_controls/control_group/control_group_editor.tsx
@@ -55,13 +55,13 @@ export const ControlGroupEditor = ({
     children,
     selectedLabelPosition,
     selectedChainingSystem,
-    selectedShowApplySelections,
+    selectedAutoApplySelections,
     selectedIgnoreParentSettings,
   ] = useBatchedPublishingSubjects(
     api.children$,
     stateManager.labelPosition,
     stateManager.chainingSystem,
-    stateManager.showApplySelections,
+    stateManager.autoApplySelections,
     stateManager.ignoreParentSettings
   );
 
@@ -172,8 +172,8 @@ export const ControlGroupEditor = ({
                     tooltip={ControlGroupEditorStrings.management.selectionSettings.showApplySelections.getShowApplySelectionsTooltip()}
                   />
                 }
-                checked={!selectedShowApplySelections}
-                onChange={(e) => stateManager.showApplySelections.next(!e.target.checked)}
+                checked={selectedAutoApplySelections}
+                onChange={(e) => stateManager.autoApplySelections.next(e.target.checked)}
               />
             </div>
           </EuiFormRow>
diff --git a/examples/controls_example/public/react_controls/control_group/get_control_group_factory.tsx b/examples/controls_example/public/react_controls/control_group/get_control_group_factory.tsx
index d78feb6743795..669361ad040f7 100644
--- a/examples/controls_example/public/react_controls/control_group/get_control_group_factory.tsx
+++ b/examples/controls_example/public/react_controls/control_group/get_control_group_factory.tsx
@@ -28,8 +28,10 @@ import { combineCompatibleChildrenApis } from '@kbn/presentation-containers';
 import {
   apiPublishesDataViews,
   apiPublishesFilters,
+  apiPublishesTimeslice,
   PublishesDataViews,
   PublishesFilters,
+  PublishesTimeslice,
   PublishingSubject,
   useStateFromPublishingSubject,
 } from '@kbn/presentation-publishing';
@@ -64,15 +66,16 @@ export const getControlGroupEmbeddableFactory = (services: {
         defaultControlWidth,
         labelPosition,
         chainingSystem,
-        showApplySelections: initialShowApply,
+        autoApplySelections,
         ignoreParentSettings: initialParentSettings,
       } = initialState;
 
+      const autoApplySelections$ = new BehaviorSubject<boolean>(autoApplySelections);
+      const timeslice$ = new BehaviorSubject<[number, number] | undefined>(undefined);
       const children$ = new BehaviorSubject<{ [key: string]: DefaultControlApi }>({});
       const filters$ = new BehaviorSubject<Filter[] | undefined>([]);
       const dataViews = new BehaviorSubject<DataView[] | undefined>(undefined);
       const chainingSystem$ = new BehaviorSubject<ControlGroupChainingSystem>(chainingSystem);
-      const showApplySelections = new BehaviorSubject<boolean | undefined>(initialShowApply);
       const ignoreParentSettings = new BehaviorSubject<ParentIgnoreSettings | undefined>(
         initialParentSettings
       );
@@ -87,7 +90,7 @@ export const getControlGroupEmbeddableFactory = (services: {
       );
 
       /** TODO: Handle loading; loading should be true if any child is loading */
-      const dataLoading$ = new BehaviorSubject<boolean | undefined>(true);
+      const dataLoading$ = new BehaviorSubject<boolean | undefined>(false);
 
       /** TODO: Handle unsaved changes
        * - Each child has an unsaved changed behaviour subject it pushes to
@@ -111,6 +114,7 @@ export const getControlGroupEmbeddableFactory = (services: {
           .sort((a, b) => (a.order > b.order ? 1 : -1))
       );
       const api = setApi({
+        autoApplySelections$,
         unsavedChanges,
         resetUnsavedChanges: () => {
           // TODO: Implement this
@@ -129,7 +133,7 @@ export const getControlGroupEmbeddableFactory = (services: {
             {
               chainingSystem: chainingSystem$,
               labelPosition: labelPosition$,
-              showApplySelections,
+              autoApplySelections: autoApplySelections$,
               ignoreParentSettings,
             },
             { core: services.core }
@@ -150,7 +154,7 @@ export const getControlGroupEmbeddableFactory = (services: {
             {
               labelPosition: labelPosition$.getValue(),
               chainingSystem: chainingSystem$.getValue(),
-              showApplySelections: showApplySelections.getValue(),
+              autoApplySelections: autoApplySelections$.getValue(),
               ignoreParentSettings: ignoreParentSettings.getValue(),
             }
           );
@@ -174,15 +178,16 @@ export const getControlGroupEmbeddableFactory = (services: {
         filters$,
         dataViews,
         labelPosition: labelPosition$,
+        timeslice$,
       });
 
       /**
        * Subscribe to all children's output filters, combine them, and output them
-       * TODO: If `showApplySelections` is true, publish to "unpublishedFilters" instead
+       * TODO: If `autoApplySelections` is false, publish to "unpublishedFilters" instead
        * and only output to filters$ when the apply button is clicked.
        *       OR
        *       Always publish to "unpublishedFilters" and publish them manually on click
-       *       (when `showApplySelections` is true) or after a small debounce (when false)
+       *       (when `autoApplySelections` is false) or after a small debounce (when false)
        *       See: https://github.com/elastic/kibana/pull/182842#discussion_r1624929511
        * - Note: Unsaved changes of control group **should** take into consideration the
        *         output filters,  but not the "unpublishedFilters"
@@ -194,6 +199,24 @@ export const getControlGroupEmbeddableFactory = (services: {
         []
       ).subscribe((newFilters) => filters$.next(newFilters));
 
+      const childrenTimesliceSubscription = combineCompatibleChildrenApis<
+        PublishesTimeslice,
+        [number, number] | undefined
+      >(
+        api,
+        'timeslice$',
+        apiPublishesTimeslice,
+        undefined,
+        // flatten method
+        (values) => {
+          // control group should never allow multiple timeslider controls
+          // returns first timeslider control value
+          return values.length === 0 ? undefined : values[0];
+        }
+      ).subscribe((timeslice) => {
+        timeslice$.next(timeslice);
+      });
+
       /** Subscribe to all children's output data views, combine them, and output them */
       const childDataViewsSubscription = combineCompatibleChildrenApis<
         PublishesDataViews,
@@ -211,6 +234,7 @@ export const getControlGroupEmbeddableFactory = (services: {
             return () => {
               outputFiltersSubscription.unsubscribe();
               childDataViewsSubscription.unsubscribe();
+              childrenTimesliceSubscription.unsubscribe();
             };
           }, []);
 
@@ -218,14 +242,14 @@ export const getControlGroupEmbeddableFactory = (services: {
             <EuiFlexGroup className={'controlGroup'} alignItems="center" gutterSize="s" wrap={true}>
               {controlsInOrder.map(({ id, type }) => (
                 <ControlRenderer
-                  key={uuid}
+                  key={id}
                   maybeId={id}
                   type={type}
                   getParentApi={() => api}
                   onApiAvailable={(controlApi) => {
                     children$.next({
                       ...children$.getValue(),
-                      [controlApi.uuid]: controlApi,
+                      [id]: controlApi,
                     });
                   }}
                 />
diff --git a/examples/controls_example/public/react_controls/control_group/serialization_utils.ts b/examples/controls_example/public/react_controls/control_group/serialization_utils.ts
index 94566bf20af82..0488e3f46a572 100644
--- a/examples/controls_example/public/react_controls/control_group/serialization_utils.ts
+++ b/examples/controls_example/public/react_controls/control_group/serialization_utils.ts
@@ -43,6 +43,10 @@ export const deserializeControlGroup = (
     ...omit(state.rawState, ['panelsJSON', 'ignoreParentSettingsJSON']),
     initialChildControlState: flattenedPanels,
     ignoreParentSettings,
+    autoApplySelections:
+      typeof state.rawState.showApplySelections === 'boolean'
+        ? !state.rawState.showApplySelections
+        : false,
     labelPosition: state.rawState.controlStyle, // Rename "controlStyle" to "labelPosition"
     defaultControlGrow: DEFAULT_CONTROL_GROW,
     defaultControlWidth: DEFAULT_CONTROL_WIDTH,
@@ -91,6 +95,7 @@ export const serializeControlGroup = (
     rawState: {
       ...omit(state, ['ignoreParentSettings', 'labelPosition']),
       controlStyle: state.labelPosition, // Rename "labelPosition" to "controlStyle"
+      showApplySelections: !state.autoApplySelections,
       ignoreParentSettingsJSON: JSON.stringify(state.ignoreParentSettings),
       panelsJSON: JSON.stringify(explicitInputPanels),
     },
diff --git a/examples/controls_example/public/react_controls/control_group/types.ts b/examples/controls_example/public/react_controls/control_group/types.ts
index 9fb6af3cef803..413d72a96702d 100644
--- a/examples/controls_example/public/react_controls/control_group/types.ts
+++ b/examples/controls_example/public/react_controls/control_group/types.ts
@@ -17,6 +17,7 @@ import {
   HasParentApi,
   PublishesDataLoading,
   PublishesFilters,
+  PublishesTimeslice,
   PublishesUnifiedSearch,
   PublishesUnsavedChanges,
   PublishingSubject,
@@ -50,14 +51,17 @@ export type ControlGroupApi = PresentationContainer &
   PublishesDataLoading &
   PublishesUnsavedChanges &
   PublishesControlGroupDisplaySettings &
-  Partial<HasParentApi<PublishesUnifiedSearch>>;
+  PublishesTimeslice &
+  Partial<HasParentApi<PublishesUnifiedSearch>> & {
+    autoApplySelections$: PublishingSubject<boolean>;
+  };
 
 export interface ControlGroupRuntimeState {
   chainingSystem: ControlGroupChainingSystem;
   defaultControlGrow?: boolean;
   defaultControlWidth?: ControlWidth;
   labelPosition: ControlStyle; // TODO: Rename this type to ControlLabelPosition
-  showApplySelections?: boolean;
+  autoApplySelections: boolean;
   ignoreParentSettings?: ParentIgnoreSettings;
 
   initialChildControlState: ControlPanelsState<ControlPanelState>;
@@ -71,7 +75,7 @@ export interface ControlGroupRuntimeState {
 
 export type ControlGroupEditorState = Pick<
   ControlGroupRuntimeState,
-  'chainingSystem' | 'labelPosition' | 'showApplySelections' | 'ignoreParentSettings'
+  'chainingSystem' | 'labelPosition' | 'autoApplySelections' | 'ignoreParentSettings'
 >;
 
 export type ControlGroupSerializedState = Omit<
@@ -82,10 +86,14 @@ export type ControlGroupSerializedState = Omit<
   | 'defaultControlWidth'
   | 'anyChildHasUnsavedChanges'
   | 'initialChildControlState'
+  | 'autoApplySelections'
 > & {
   panelsJSON: string;
   ignoreParentSettingsJSON: string;
-  // In runtime state, we refer to this property as `labelPosition`; however, to avoid migrations, we will
-  // continue to refer to this property as the legacy `controlStyle` in the serialized state
+  // In runtime state, we refer to this property as `labelPosition`;
+  // to avoid migrations, we will continue to refer to this property as `controlStyle` in the serialized state
   controlStyle: ControlStyle;
+  // In runtime state, we refer to the inverse of this property as `autoApplySelections`
+  // to avoid migrations, we will continue to refer to this property as `showApplySelections` in the serialized state
+  showApplySelections: boolean | undefined;
 };
diff --git a/examples/controls_example/public/react_controls/control_panel.tsx b/examples/controls_example/public/react_controls/control_panel.tsx
index ec431e61b9dcf..7dd8df3596749 100644
--- a/examples/controls_example/public/react_controls/control_panel.tsx
+++ b/examples/controls_example/public/react_controls/control_panel.tsx
@@ -131,8 +131,8 @@ export const ControlPanel = <ApiType extends DefaultControlApi = DefaultControlA
               fullWidth
               isLoading={Boolean(dataLoading)}
               prepend={
-                api?.getCustomPrepend ? (
-                  <>{api.getCustomPrepend()}</>
+                api?.CustomPrependComponent ? (
+                  <api.CustomPrependComponent />
                 ) : usingTwoLineLayout ? (
                   <DragHandle
                     isEditable={isEditable}
diff --git a/examples/controls_example/public/react_controls/control_renderer.tsx b/examples/controls_example/public/react_controls/control_renderer.tsx
index 471b12894bae7..1629673e64f7b 100644
--- a/examples/controls_example/public/react_controls/control_renderer.tsx
+++ b/examples/controls_example/public/react_controls/control_renderer.tsx
@@ -59,7 +59,7 @@ export const ControlRenderer = <
           return fullApi;
         };
 
-        const { rawState: initialState } = parentApi.getSerializedStateForChild(uuid);
+        const { rawState: initialState } = parentApi.getSerializedStateForChild(uuid) ?? {};
 
         const { api, Component } = factory.buildControl(
           initialState as unknown as StateType,
diff --git a/examples/controls_example/public/react_controls/data_controls/initialize_data_control.test.tsx b/examples/controls_example/public/react_controls/data_controls/initialize_data_control.test.tsx
new file mode 100644
index 0000000000000..97ac9a6977226
--- /dev/null
+++ b/examples/controls_example/public/react_controls/data_controls/initialize_data_control.test.tsx
@@ -0,0 +1,155 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { coreMock } from '@kbn/core/public/mocks';
+import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks';
+import type { DataView } from '@kbn/data-views-plugin/public';
+import { first, skip } from 'rxjs';
+import { ControlGroupApi } from '../control_group/types';
+import { initializeDataControl } from './initialize_data_control';
+
+describe('initializeDataControl', () => {
+  const dataControlState = {
+    dataViewId: 'myDataViewId',
+    fieldName: 'myFieldName',
+  };
+  const editorStateManager = {};
+  const controlGroupApi = {} as unknown as ControlGroupApi;
+  const mockDataViews = dataViewPluginMocks.createStartContract();
+  // @ts-ignore
+  mockDataViews.get = async (id: string): Promise<DataView> => {
+    if (id !== 'myDataViewId') {
+      throw new Error(`Simulated error: no data view found for id ${id}`);
+    }
+    return {
+      id,
+      getFieldByName: (fieldName: string) => {
+        return [
+          {
+            displayName: 'My field name',
+            name: 'myFieldName',
+            type: 'string',
+          },
+        ].find((field) => fieldName === field.name);
+      },
+    } as unknown as DataView;
+  };
+  const services = {
+    core: coreMock.createStart(),
+    dataViews: mockDataViews,
+  };
+
+  describe('dataViewId subscription', () => {
+    describe('no blocking errors', () => {
+      let dataControl: undefined | ReturnType<typeof initializeDataControl>;
+      beforeAll((done) => {
+        dataControl = initializeDataControl(
+          'myControlId',
+          'myControlType',
+          dataControlState,
+          editorStateManager,
+          controlGroupApi,
+          services
+        );
+
+        dataControl.api.defaultPanelTitle!.pipe(skip(1), first()).subscribe(() => {
+          done();
+        });
+      });
+
+      test('should set data view', () => {
+        const dataViews = dataControl!.api.dataViews.value;
+        expect(dataViews).not.toBeUndefined();
+        expect(dataViews!.length).toBe(1);
+        expect(dataViews![0].id).toBe('myDataViewId');
+      });
+
+      test('should set default panel title', () => {
+        const defaultPanelTitle = dataControl!.api.defaultPanelTitle!.value;
+        expect(defaultPanelTitle).not.toBeUndefined();
+        expect(defaultPanelTitle).toBe('My field name');
+      });
+    });
+
+    describe('data view does not exist', () => {
+      let dataControl: undefined | ReturnType<typeof initializeDataControl>;
+      beforeAll((done) => {
+        dataControl = initializeDataControl(
+          'myControlId',
+          'myControlType',
+          {
+            ...dataControlState,
+            dataViewId: 'notGonnaFindMeDataViewId',
+          },
+          editorStateManager,
+          controlGroupApi,
+          services
+        );
+
+        dataControl.api.dataViews.pipe(skip(1), first()).subscribe(() => {
+          done();
+        });
+      });
+
+      test('should set blocking error', () => {
+        const error = dataControl!.api.blockingError.value;
+        expect(error).not.toBeUndefined();
+        expect(error!.message).toBe(
+          'Simulated error: no data view found for id notGonnaFindMeDataViewId'
+        );
+      });
+
+      test('should clear blocking error when valid data view id provided', (done) => {
+        dataControl!.api.dataViews.pipe(skip(1), first()).subscribe((dataView) => {
+          expect(dataView).not.toBeUndefined();
+          expect(dataControl!.api.blockingError.value).toBeUndefined();
+          done();
+        });
+        dataControl!.stateManager.dataViewId.next('myDataViewId');
+      });
+    });
+
+    describe('field does not exist', () => {
+      let dataControl: undefined | ReturnType<typeof initializeDataControl>;
+      beforeAll((done) => {
+        dataControl = initializeDataControl(
+          'myControlId',
+          'myControlType',
+          {
+            ...dataControlState,
+            fieldName: 'notGonnaFindMeFieldName',
+          },
+          editorStateManager,
+          controlGroupApi,
+          services
+        );
+
+        dataControl.api.defaultPanelTitle!.pipe(skip(1), first()).subscribe(() => {
+          done();
+        });
+      });
+
+      test('should set blocking error', () => {
+        const error = dataControl!.api.blockingError.value;
+        expect(error).not.toBeUndefined();
+        expect(error!.message).toBe('Could not locate field: notGonnaFindMeFieldName');
+      });
+
+      test('should clear blocking error when valid field name provided', (done) => {
+        dataControl!.api
+          .defaultPanelTitle!.pipe(skip(1), first())
+          .subscribe((defaultPanelTitle) => {
+            expect(defaultPanelTitle).toBe('My field name');
+            expect(dataControl!.api.blockingError.value).toBeUndefined();
+            done();
+          });
+        dataControl!.stateManager.fieldName.next('myFieldName');
+      });
+    });
+  });
+});
diff --git a/examples/controls_example/public/react_controls/data_controls/initialize_data_control.tsx b/examples/controls_example/public/react_controls/data_controls/initialize_data_control.tsx
index 988104ca11d1a..d3a2b20fc0d02 100644
--- a/examples/controls_example/public/react_controls/data_controls/initialize_data_control.tsx
+++ b/examples/controls_example/public/react_controls/data_controls/initialize_data_control.tsx
@@ -6,7 +6,7 @@
  * Side Public License, v 1.
  */
 
-import { BehaviorSubject, combineLatestWith, switchMap } from 'rxjs';
+import { BehaviorSubject, combineLatest, switchMap } from 'rxjs';
 
 import { CoreStart } from '@kbn/core-lifecycle-browser';
 import { DataView, DATA_VIEW_SAVED_OBJECT_TYPE } from '@kbn/data-views-plugin/common';
@@ -15,6 +15,7 @@ import { Filter } from '@kbn/es-query';
 import { SerializedPanelState } from '@kbn/presentation-containers';
 import { StateComparators } from '@kbn/presentation-publishing';
 
+import { i18n } from '@kbn/i18n';
 import { ControlGroupApi } from '../control_group/types';
 import { initializeDefaultControlApi } from '../initialize_default_control_api';
 import { ControlApiInitialization, ControlStateManager, DefaultControlState } from '../types';
@@ -32,17 +33,13 @@ export const initializeDataControl = <EditorState extends object = {}>(
     dataViews: DataViewsPublicPluginStart;
   }
 ): {
-  dataControlApi: ControlApiInitialization<DataControlApi>;
-  dataControlComparators: StateComparators<DefaultDataControlState>;
-  dataControlStateManager: ControlStateManager<DefaultDataControlState>;
-  serializeDataControl: () => SerializedPanelState<DefaultControlState>;
+  api: ControlApiInitialization<DataControlApi>;
+  cleanup: () => void;
+  comparators: StateComparators<DefaultDataControlState>;
+  stateManager: ControlStateManager<DefaultDataControlState>;
+  serialize: () => SerializedPanelState<DefaultControlState>;
 } => {
-  const {
-    defaultControlApi,
-    defaultControlComparators,
-    defaultControlStateManager,
-    serializeDefaultControl,
-  } = initializeDefaultControlApi(state);
+  const defaultControl = initializeDefaultControlApi(state);
 
   const panelTitle = new BehaviorSubject<string | undefined>(state.title);
   const defaultPanelTitle = new BehaviorSubject<string | undefined>(undefined);
@@ -51,42 +48,66 @@ export const initializeDataControl = <EditorState extends object = {}>(
   const dataViews = new BehaviorSubject<DataView[] | undefined>(undefined);
   const filters = new BehaviorSubject<Filter[] | undefined>(undefined);
 
-  const dataControlComparators: StateComparators<DefaultDataControlState> = {
-    ...defaultControlComparators,
-    title: [panelTitle, (value: string | undefined) => panelTitle.next(value)],
-    dataViewId: [dataViewId, (value: string) => dataViewId.next(value)],
-    fieldName: [fieldName, (value: string) => fieldName.next(value)],
-  };
-
   const stateManager: ControlStateManager<DefaultDataControlState> = {
-    ...defaultControlStateManager,
+    ...defaultControl.stateManager,
     dataViewId,
     fieldName,
     title: panelTitle,
   };
 
-  /**
-   * Fetch the data view + field whenever the selected data view ID or field name changes; use the
-   * fetched field spec to set the default panel title, which is always equal to either the field
-   * name or the field's display name.
-   */
-  dataViewId
+  function clearBlockingError() {
+    if (defaultControl.api.blockingError.value) {
+      defaultControl.api.setBlockingError(undefined);
+    }
+  }
+
+  const dataViewIdSubscription = dataViewId
     .pipe(
-      combineLatestWith(fieldName),
-      switchMap(async ([currentDataViewId, currentFieldName]) => {
-        defaultControlApi.setDataLoading(true);
-        const dataView = await services.dataViews.get(currentDataViewId);
-        const field = dataView.getFieldByName(currentFieldName);
-        defaultControlApi.setDataLoading(false);
-        return { dataView, field };
+      switchMap(async (currentDataViewId) => {
+        let dataView: DataView | undefined;
+        try {
+          dataView = await services.dataViews.get(currentDataViewId);
+          return { dataView };
+        } catch (error) {
+          return { error };
+        }
       })
     )
-    .subscribe(async ({ dataView, field }) => {
-      if (!dataView || !field) return;
-      dataViews.next([dataView]);
-      defaultPanelTitle.next(field.displayName || field.name);
+    .subscribe(({ dataView, error }) => {
+      if (error) {
+        defaultControl.api.setBlockingError(error);
+      } else {
+        clearBlockingError();
+      }
+      dataViews.next(dataView ? [dataView] : undefined);
     });
 
+  const fieldNameSubscription = combineLatest([dataViews, fieldName]).subscribe(
+    ([nextDataViews, nextFieldName]) => {
+      const dataView = nextDataViews
+        ? nextDataViews.find(({ id }) => dataViewId.value === id)
+        : undefined;
+      if (!dataView) {
+        return;
+      }
+
+      const field = dataView.getFieldByName(nextFieldName);
+      if (!field) {
+        defaultControl.api.setBlockingError(
+          new Error(
+            i18n.translate('controlsExamples.errors.fieldNotFound', {
+              defaultMessage: 'Could not locate field: {fieldName}',
+              values: { fieldName: nextFieldName },
+            })
+          )
+        );
+      } else {
+        clearBlockingError();
+      }
+      defaultPanelTitle.next(field ? field.displayName || field.name : nextFieldName);
+    }
+  );
+
   const onEdit = async () => {
     openDataControlEditor<DefaultDataControlState & EditorState>(
       { ...stateManager, ...editorStateManager } as ControlStateManager<
@@ -99,8 +120,8 @@ export const initializeDataControl = <EditorState extends object = {}>(
     );
   };
 
-  const dataControlApi: ControlApiInitialization<DataControlApi> = {
-    ...defaultControlApi,
+  const api: ControlApiInitialization<DataControlApi> = {
+    ...defaultControl.api,
     panelTitle,
     defaultPanelTitle,
     dataViews,
@@ -113,13 +134,22 @@ export const initializeDataControl = <EditorState extends object = {}>(
   };
 
   return {
-    dataControlApi,
-    dataControlComparators,
-    dataControlStateManager: stateManager,
-    serializeDataControl: () => {
+    api,
+    cleanup: () => {
+      dataViewIdSubscription.unsubscribe();
+      fieldNameSubscription.unsubscribe();
+    },
+    comparators: {
+      ...defaultControl.comparators,
+      title: [panelTitle, (value: string | undefined) => panelTitle.next(value)],
+      dataViewId: [dataViewId, (value: string) => dataViewId.next(value)],
+      fieldName: [fieldName, (value: string) => fieldName.next(value)],
+    },
+    stateManager,
+    serialize: () => {
       return {
         rawState: {
-          ...serializeDefaultControl().rawState,
+          ...defaultControl.serialize().rawState,
           dataViewId: dataViewId.getValue(),
           fieldName: fieldName.getValue(),
           title: panelTitle.getValue(),
diff --git a/examples/controls_example/public/react_controls/data_controls/search_control/get_search_control_factory.tsx b/examples/controls_example/public/react_controls/data_controls/search_control/get_search_control_factory.tsx
index 6e401cff5a37c..35f6d01f442d9 100644
--- a/examples/controls_example/public/react_controls/data_controls/search_control/get_search_control_factory.tsx
+++ b/examples/controls_example/public/react_controls/data_controls/search_control/get_search_control_factory.tsx
@@ -86,12 +86,7 @@ export const getSearchControlFactory = ({
       );
       const editorStateManager = { searchTechnique };
 
-      const {
-        dataControlApi,
-        dataControlComparators,
-        dataControlStateManager,
-        serializeDataControl,
-      } = initializeDataControl<Pick<SearchControlState, 'searchTechnique'>>(
+      const dataControl = initializeDataControl<Pick<SearchControlState, 'searchTechnique'>>(
         uuid,
         SEARCH_CONTROL_TYPE,
         initialState,
@@ -105,13 +100,13 @@ export const getSearchControlFactory = ({
 
       const api = buildApi(
         {
-          ...dataControlApi,
+          ...dataControl.api,
           getTypeDisplayName: () =>
             i18n.translate('controlsExamples.searchControl.displayName', {
               defaultMessage: 'Search',
             }),
           serializeState: () => {
-            const { rawState: dataControlState, references } = serializeDataControl();
+            const { rawState: dataControlState, references } = dataControl.serialize();
             return {
               rawState: {
                 ...dataControlState,
@@ -126,7 +121,7 @@ export const getSearchControlFactory = ({
           },
         },
         {
-          ...dataControlComparators,
+          ...dataControl.comparators,
           searchTechnique: [
             searchTechnique,
             (newTechnique: SearchControlTechniques | undefined) =>
@@ -146,8 +141,8 @@ export const getSearchControlFactory = ({
       const onSearchStringChanged = combineLatest([searchString, searchTechnique])
         .pipe(debounceTime(200), distinctUntilChanged(deepEqual))
         .subscribe(([newSearchString, currentSearchTechnnique]) => {
-          const currentDataView = dataControlApi.dataViews.getValue()?.[0];
-          const currentField = dataControlStateManager.fieldName.getValue();
+          const currentDataView = dataControl.api.dataViews.getValue()?.[0];
+          const currentField = dataControl.stateManager.fieldName.getValue();
 
           if (currentDataView && currentField) {
             if (newSearchString) {
@@ -179,8 +174,8 @@ export const getSearchControlFactory = ({
        *  clear the previous search string.
        */
       const onFieldChanged = combineLatest([
-        dataControlStateManager.fieldName,
-        dataControlStateManager.dataViewId,
+        dataControl.stateManager.fieldName,
+        dataControl.stateManager.dataViewId,
       ])
         .pipe(distinctUntilChanged(deepEqual))
         .subscribe(() => {
@@ -199,6 +194,7 @@ export const getSearchControlFactory = ({
           useEffect(() => {
             return () => {
               // cleanup on unmount
+              dataControl.cleanup();
               onSearchStringChanged.unsubscribe();
               onFieldChanged.unsubscribe();
             };
diff --git a/examples/controls_example/public/react_controls/initialize_default_control_api.tsx b/examples/controls_example/public/react_controls/initialize_default_control_api.tsx
index dd2afcaf45d6c..cab0f2c46b003 100644
--- a/examples/controls_example/public/react_controls/initialize_default_control_api.tsx
+++ b/examples/controls_example/public/react_controls/initialize_default_control_api.tsx
@@ -24,40 +24,34 @@ export type ControlApi = ControlApiInitialization<DefaultControlApi>;
 export const initializeDefaultControlApi = (
   state: DefaultControlState
 ): {
-  defaultControlApi: ControlApi;
-  defaultControlStateManager: ControlStateManager<DefaultControlState>;
-  defaultControlComparators: StateComparators<DefaultControlState>;
-  serializeDefaultControl: () => SerializedPanelState<DefaultControlState>;
+  api: ControlApi;
+  stateManager: ControlStateManager<DefaultControlState>;
+  comparators: StateComparators<DefaultControlState>;
+  serialize: () => SerializedPanelState<DefaultControlState>;
 } => {
   const dataLoading = new BehaviorSubject<boolean | undefined>(false);
   const blockingError = new BehaviorSubject<Error | undefined>(undefined);
   const grow = new BehaviorSubject<boolean | undefined>(state.grow);
   const width = new BehaviorSubject<ControlWidth | undefined>(state.width);
 
-  const defaultControlApi: ControlApi = {
-    grow,
-    width,
-    dataLoading,
-    blockingError,
-    setBlockingError: (error) => blockingError.next(error),
-    setDataLoading: (loading) => dataLoading.next(loading),
-  };
-
-  const defaultControlStateManager: ControlStateManager<DefaultControlState> = {
-    grow,
-    width,
-  };
-
-  const defaultControlComparators: StateComparators<DefaultControlState> = {
-    grow: [grow, (newGrow: boolean | undefined) => grow.next(newGrow)],
-    width: [width, (newWidth: ControlWidth | undefined) => width.next(newWidth)],
-  };
-
   return {
-    defaultControlApi,
-    defaultControlComparators,
-    defaultControlStateManager,
-    serializeDefaultControl: () => {
+    api: {
+      grow,
+      width,
+      dataLoading,
+      blockingError,
+      setBlockingError: (error) => blockingError.next(error),
+      setDataLoading: (loading) => dataLoading.next(loading),
+    },
+    comparators: {
+      grow: [grow, (newGrow: boolean | undefined) => grow.next(newGrow)],
+      width: [width, (newWidth: ControlWidth | undefined) => width.next(newWidth)],
+    },
+    stateManager: {
+      grow,
+      width,
+    },
+    serialize: () => {
       return { rawState: { grow: grow.getValue(), width: width.getValue() }, references: [] };
     },
   };
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/index.scss b/examples/controls_example/public/react_controls/timeslider_control/components/index.scss
new file mode 100644
index 0000000000000..3c7478c097bf7
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/index.scss
@@ -0,0 +1,43 @@
+
+.timeSlider__popoverOverride {
+  width: 100%;
+  max-inline-size: 100% !important;
+}
+
+.timeSlider-playToggle:enabled {
+  background-color: $euiColorPrimary !important;
+}
+
+.timeSlider__anchor {
+  width: 100%;
+  height: 100%;
+  box-shadow: none;
+  overflow: hidden;
+  @include euiFormControlSideBorderRadius($euiFormControlBorderRadius, $side: 'right', $internal: true);
+
+  .euiText {
+    background-color: $euiFormBackgroundColor !important;
+    // background-color: transparent !important; TODO revert to this rule once control group provides background color
+
+    &:hover {
+      text-decoration: underline;
+    }
+
+    &:not(.euiFormControlLayoutDelimited__delimiter) {
+      cursor: pointer !important;
+    }
+  }
+
+  .timeSlider__anchorText {
+    font-weight: $euiFontWeightMedium;
+  }
+
+  .timeSlider__anchorText--default {
+    color: $euiColorMediumShade;
+  }
+
+  .timeSlider__anchorText--invalid {
+    text-decoration: line-through;
+    color: $euiColorMediumShade;
+  }
+}
\ No newline at end of file
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/play_button.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/play_button.tsx
new file mode 100644
index 0000000000000..c30bff5c2926d
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/play_button.tsx
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiButtonIcon, EuiToolTip } from '@elastic/eui';
+import { ViewMode } from '@kbn/presentation-publishing';
+import { Observable } from 'rxjs';
+import { TimeSliderStrings } from './time_slider_strings';
+
+interface Props {
+  onPlay: () => void;
+  onPause: () => void;
+  waitForControlOutputConsumersToLoad$?: Observable<void>;
+  viewMode: ViewMode;
+  disablePlayButton: boolean;
+  isPaused: boolean;
+}
+
+export function PlayButton(props: Props) {
+  if (
+    props.waitForControlOutputConsumersToLoad$ === undefined ||
+    (props.disablePlayButton && props.viewMode === 'view')
+  ) {
+    return null;
+  }
+
+  const Button = (
+    <EuiButtonIcon
+      className="timeSlider-playToggle"
+      onClick={props.isPaused ? props.onPlay : props.onPause}
+      disabled={props.disablePlayButton}
+      iconType={props.isPaused ? 'playFilled' : 'pause'}
+      size="s"
+      display="fill"
+      aria-label={TimeSliderStrings.control.getPlayButtonAriaLabel(props.isPaused)}
+    />
+  );
+  return props.disablePlayButton ? (
+    <EuiToolTip content={TimeSliderStrings.control.getPlayButtonDisabledTooltip()}>
+      {Button}
+    </EuiToolTip>
+  ) : (
+    Button
+  );
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_anchored_range.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_anchored_range.tsx
new file mode 100644
index 0000000000000..0671442bf4120
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_anchored_range.tsx
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiRange, EuiRangeTick } from '@elastic/eui';
+import { _SingleRangeChangeEvent } from '@elastic/eui/src/components/form/range/types';
+import { Timeslice } from '../types';
+
+interface Props {
+  value: Timeslice;
+  onChange: (value?: Timeslice) => void;
+  stepSize: number;
+  ticks: EuiRangeTick[];
+  timeRangeMin: number;
+  timeRangeMax: number;
+}
+
+export function TimeSliderAnchoredRange(props: Props) {
+  function onChange(e: _SingleRangeChangeEvent) {
+    const from = parseInt(e.currentTarget.value, 10);
+    if (!isNaN(from)) {
+      props.onChange([props.timeRangeMin, from]);
+    }
+  }
+
+  return (
+    <EuiRange
+      fullWidth={true}
+      value={props.value[1]}
+      onChange={onChange}
+      showRange
+      showTicks={true}
+      min={props.timeRangeMin}
+      max={props.timeRangeMax}
+      step={props.stepSize}
+      ticks={props.ticks}
+    />
+  );
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_button.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_button.tsx
new file mode 100644
index 0000000000000..bb2597716d559
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_button.tsx
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiText } from '@elastic/eui';
+
+interface Props {
+  onClick: () => void;
+  formatDate: (epoch: number) => string;
+  from: number;
+  to: number;
+}
+
+export function TimeSliderPopoverButton(props: Props) {
+  return (
+    <button
+      className="timeSlider__anchor eui-textTruncate"
+      color="text"
+      onClick={props.onClick}
+      data-test-subj="timeSlider-popoverToggleButton"
+    >
+      <EuiText className="timeSlider__anchorText eui-textTruncate" size="s">
+        <span>{props.formatDate(props.from)}</span>
+        &nbsp;&nbsp;→&nbsp;&nbsp;
+        <span>{props.formatDate(props.to)}</span>
+      </EuiText>
+    </button>
+  );
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_content.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_content.tsx
new file mode 100644
index 0000000000000..871b9719ef25d
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_popover_content.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiButtonIcon, EuiRangeTick, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/eui';
+
+import { TimeSliderStrings } from './time_slider_strings';
+import { TimeSliderAnchoredRange } from './time_slider_anchored_range';
+import { TimeSliderSlidingWindowRange } from './time_slider_sliding_window_range';
+import { Timeslice } from '../types';
+
+interface Props {
+  isAnchored: boolean;
+  setIsAnchored: (isAnchored: boolean) => void;
+  value: Timeslice;
+  onChange: (value?: Timeslice) => void;
+  stepSize: number;
+  ticks: EuiRangeTick[];
+  timeRangeMin: number;
+  timeRangeMax: number;
+}
+
+export function TimeSliderPopoverContent(props: Props) {
+  const rangeInput = props.isAnchored ? (
+    <TimeSliderAnchoredRange
+      value={props.value}
+      onChange={props.onChange}
+      stepSize={props.stepSize}
+      ticks={props.ticks}
+      timeRangeMin={props.timeRangeMin}
+      timeRangeMax={props.timeRangeMax}
+    />
+  ) : (
+    <TimeSliderSlidingWindowRange
+      value={props.value}
+      onChange={props.onChange}
+      stepSize={props.stepSize}
+      ticks={props.ticks}
+      timeRangeMin={props.timeRangeMin}
+      timeRangeMax={props.timeRangeMax}
+    />
+  );
+  const anchorStartToggleButtonLabel = props.isAnchored
+    ? TimeSliderStrings.control.getUnpinStart()
+    : TimeSliderStrings.control.getPinStart();
+
+  return (
+    <EuiFlexGroup
+      className="rangeSlider__actions"
+      gutterSize="none"
+      data-test-subj="timeSlider-popoverContents"
+      responsive={false}
+    >
+      <EuiFlexItem grow={false}>
+        <EuiToolTip content={anchorStartToggleButtonLabel} position="left">
+          <EuiButtonIcon
+            iconType={props.isAnchored ? 'pinFilled' : 'pin'}
+            onClick={() => {
+              const nextIsAnchored = !props.isAnchored;
+              if (nextIsAnchored) {
+                props.onChange([props.timeRangeMin, props.value[1]]);
+              }
+              props.setIsAnchored(nextIsAnchored);
+            }}
+            aria-label={anchorStartToggleButtonLabel}
+            data-test-subj="timeSlider__anchorStartToggleButton"
+          />
+        </EuiToolTip>
+      </EuiFlexItem>
+      <EuiFlexItem>{rangeInput}</EuiFlexItem>
+    </EuiFlexGroup>
+  );
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_prepend.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_prepend.tsx
new file mode 100644
index 0000000000000..14927317f9e7e
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_prepend.tsx
@@ -0,0 +1,100 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EuiButtonIcon } from '@elastic/eui';
+import React, { FC, useCallback, useState } from 'react';
+import { Observable, Subscription } from 'rxjs';
+import { first } from 'rxjs';
+import { ViewMode } from '@kbn/presentation-publishing';
+import { TimeSliderStrings } from './time_slider_strings';
+import { PlayButton } from './play_button';
+
+interface Props {
+  onNext: () => void;
+  onPrevious: () => void;
+  waitForControlOutputConsumersToLoad$?: Observable<void>;
+  viewMode: ViewMode;
+  disablePlayButton: boolean;
+  setIsPopoverOpen: (isPopoverOpen: boolean) => void;
+}
+
+export const TimeSliderPrepend: FC<Props> = (props: Props) => {
+  const [isPaused, setIsPaused] = useState(true);
+  const [timeoutId, setTimeoutId] = useState<number | undefined>(undefined);
+  const [subscription, setSubscription] = useState<Subscription | undefined>(undefined);
+
+  const playNextFrame = useCallback(() => {
+    // advance to next frame
+    props.onNext();
+
+    if (props.waitForControlOutputConsumersToLoad$) {
+      const nextFrameSubscription = props.waitForControlOutputConsumersToLoad$
+        .pipe(first())
+        .subscribe(() => {
+          // use timeout to display frame for small time period before moving to next frame
+          const nextTimeoutId = window.setTimeout(() => {
+            playNextFrame();
+          }, 1750);
+          setTimeoutId(nextTimeoutId);
+        });
+      setSubscription(nextFrameSubscription);
+    }
+  }, [props]);
+
+  const onPlay = useCallback(() => {
+    props.setIsPopoverOpen(true);
+    setIsPaused(false);
+    playNextFrame();
+  }, [props, playNextFrame]);
+
+  const onPause = useCallback(() => {
+    props.setIsPopoverOpen(true);
+    setIsPaused(true);
+    if (subscription) {
+      subscription.unsubscribe();
+      setSubscription(undefined);
+    }
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+      setTimeoutId(undefined);
+    }
+  }, [props, subscription, timeoutId]);
+
+  return (
+    <div>
+      <EuiButtonIcon
+        onClick={() => {
+          onPause();
+          props.onPrevious();
+        }}
+        iconType="framePrevious"
+        color="text"
+        aria-label={TimeSliderStrings.control.getPreviousButtonAriaLabel()}
+        data-test-subj="timeSlider-previousTimeWindow"
+      />
+      <PlayButton
+        onPlay={onPlay}
+        onPause={onPause}
+        waitForControlOutputConsumersToLoad$={props.waitForControlOutputConsumersToLoad$}
+        viewMode={props.viewMode}
+        disablePlayButton={props.disablePlayButton}
+        isPaused={isPaused}
+      />
+      <EuiButtonIcon
+        onClick={() => {
+          onPause();
+          props.onNext();
+        }}
+        iconType="frameNext"
+        color="text"
+        aria-label={TimeSliderStrings.control.getNextButtonAriaLabel()}
+        data-test-subj="timeSlider-nextTimeWindow"
+      />
+    </div>
+  );
+};
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_sliding_window_range.tsx b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_sliding_window_range.tsx
new file mode 100644
index 0000000000000..584c20328496f
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_sliding_window_range.tsx
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiDualRange, EuiRangeTick } from '@elastic/eui';
+import { Timeslice } from '../types';
+
+interface Props {
+  value: Timeslice;
+  onChange: (value?: Timeslice) => void;
+  stepSize: number;
+  ticks: EuiRangeTick[];
+  timeRangeMin: number;
+  timeRangeMax: number;
+}
+
+export function TimeSliderSlidingWindowRange(props: Props) {
+  function onChange(value?: [number | string, number | string]) {
+    props.onChange(value as Timeslice);
+  }
+
+  return (
+    <EuiDualRange
+      fullWidth={true}
+      value={props.value}
+      onChange={onChange}
+      showTicks={true}
+      min={props.timeRangeMin}
+      max={props.timeRangeMax}
+      step={props.stepSize}
+      ticks={props.ticks}
+      isDraggable
+    />
+  );
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_strings.ts b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_strings.ts
new file mode 100644
index 0000000000000..8d0e4a65962e4
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/components/time_slider_strings.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const TimeSliderStrings = {
+  control: {
+    getPinStart: () =>
+      i18n.translate('controls.timeSlider.settings.pinStart', {
+        defaultMessage: 'Pin start',
+      }),
+    getUnpinStart: () =>
+      i18n.translate('controls.timeSlider.settings.unpinStart', {
+        defaultMessage: 'Unpin start',
+      }),
+    getPlayButtonAriaLabel: (isPaused: boolean) =>
+      isPaused
+        ? i18n.translate('controls.timeSlider.playLabel', {
+            defaultMessage: 'Play',
+          })
+        : i18n.translate('controls.timeSlider.pauseLabel', {
+            defaultMessage: 'Pause',
+          }),
+    getPreviousButtonAriaLabel: () =>
+      i18n.translate('controls.timeSlider.previousLabel', {
+        defaultMessage: 'Previous time window',
+      }),
+    getNextButtonAriaLabel: () =>
+      i18n.translate('controls.timeSlider.nextLabel', {
+        defaultMessage: 'Next time window',
+      }),
+    getPlayButtonDisabledTooltip: () =>
+      i18n.translate('controls.timeSlider.playButtonTooltip.disabled', {
+        defaultMessage: '"Apply selections automatically" is disabled in Control Settings.',
+      }),
+  },
+};
diff --git a/examples/controls_example/public/react_controls/timeslider_control/get_time_range_meta.ts b/examples/controls_example/public/react_controls/timeslider_control/get_time_range_meta.ts
new file mode 100644
index 0000000000000..b8b9e29e4f45f
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/get_time_range_meta.ts
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EuiRangeTick } from '@elastic/eui';
+import { TimeRange } from '@kbn/es-query';
+import {
+  FROM_INDEX,
+  getStepSize,
+  getTicks,
+  roundDownToNextStepSizeFactor,
+  roundUpToNextStepSizeFactor,
+  TO_INDEX,
+} from './time_utils';
+import { Services } from './types';
+
+export interface TimeRangeMeta {
+  format: string;
+  stepSize: number;
+  ticks: EuiRangeTick[];
+  timeRange: number;
+  timeRangeBounds: [number, number];
+  timeRangeMax: number;
+  timeRangeMin: number;
+}
+
+export function getTimeRangeMeta(
+  timeRange: TimeRange | undefined,
+  services: Services
+): TimeRangeMeta {
+  const nextBounds = timeRangeToBounds(timeRange ?? getDefaultTimeRange(services), services);
+  const ticks = getTicks(nextBounds[FROM_INDEX], nextBounds[TO_INDEX], getTimezone(services));
+  const { format, stepSize } = getStepSize(ticks);
+  return {
+    format,
+    stepSize,
+    ticks,
+    timeRange: nextBounds[TO_INDEX] - nextBounds[FROM_INDEX],
+    timeRangeBounds: nextBounds,
+    timeRangeMax: roundUpToNextStepSizeFactor(nextBounds[TO_INDEX], stepSize),
+    timeRangeMin: roundDownToNextStepSizeFactor(nextBounds[FROM_INDEX], stepSize),
+  };
+}
+
+export function getTimezone(services: Services) {
+  return services.core.uiSettings.get('dateFormat:tz', 'Browser');
+}
+
+function getDefaultTimeRange(services: Services) {
+  const defaultTimeRange = services.core.uiSettings.get('timepicker:timeDefaults');
+  return defaultTimeRange ? defaultTimeRange : { from: 'now-15m', to: 'now' };
+}
+
+function timeRangeToBounds(timeRange: TimeRange, services: Services): [number, number] {
+  const timeRangeBounds = services.data.query.timefilter.timefilter.calculateBounds(timeRange);
+  return timeRangeBounds.min === undefined || timeRangeBounds.max === undefined
+    ? [Date.now() - 1000 * 60 * 15, Date.now()]
+    : [timeRangeBounds.min.valueOf(), timeRangeBounds.max.valueOf()];
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.test.tsx b/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.test.tsx
new file mode 100644
index 0000000000000..2062f8fb0e578
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.test.tsx
@@ -0,0 +1,228 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { render, fireEvent } from '@testing-library/react';
+import { TimeRange } from '@kbn/es-query';
+import { StateComparators } from '@kbn/presentation-publishing';
+import { coreMock } from '@kbn/core/public/mocks';
+import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
+import dateMath from '@kbn/datemath';
+import { BehaviorSubject } from 'rxjs';
+import { ControlGroupApi } from '../control_group/types';
+import { ControlApiRegistration } from '../types';
+import { getTimesliderControlFactory } from './get_timeslider_control_factory';
+import { TimesliderControlApi, TimesliderControlState } from './types';
+
+describe('TimesliderControlApi', () => {
+  const uuid = 'myControl1';
+  const dashboardApi = {
+    timeRange$: new BehaviorSubject<TimeRange | undefined>(undefined),
+  };
+  const controlGroupApi = {
+    autoApplySelections$: new BehaviorSubject(true),
+    parentApi: dashboardApi,
+  } as unknown as ControlGroupApi;
+  const dataStartServiceMock = dataPluginMock.createStartContract();
+  dataStartServiceMock.query.timefilter.timefilter.calculateBounds = (timeRange: TimeRange) => {
+    const now = new Date();
+    return {
+      min: dateMath.parse(timeRange.from, { forceNow: now }),
+      max: dateMath.parse(timeRange.to, { roundUp: true, forceNow: now }),
+    };
+  };
+  const factory = getTimesliderControlFactory({
+    core: coreMock.createStart(),
+    data: dataStartServiceMock,
+  });
+  let comparators: StateComparators<TimesliderControlState> | undefined;
+  function buildApiMock(
+    api: ControlApiRegistration<TimesliderControlApi>,
+    nextComparators: StateComparators<TimesliderControlState>
+  ) {
+    comparators = nextComparators;
+    return {
+      ...api,
+      uuid,
+      parentApi: controlGroupApi,
+      unsavedChanges: new BehaviorSubject<Partial<TimesliderControlState> | undefined>(undefined),
+      resetUnsavedChanges: () => {},
+      type: factory.type,
+    };
+  }
+
+  beforeEach(() => {
+    dashboardApi.timeRange$.next({
+      from: '2024-06-09T00:00:00.000Z',
+      to: '2024-06-10T00:00:00.000Z',
+    });
+  });
+
+  test('Should set timeslice to undefined when state does not provide percentage of timeRange', () => {
+    const { api } = factory.buildControl({}, buildApiMock, uuid, controlGroupApi);
+    expect(api.timeslice$.value).toBe(undefined);
+  });
+
+  test('Should set timeslice to values within time range when state provides percentage of timeRange', () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T06:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T12:00:00.000Z');
+  });
+
+  test('Should update timeslice when time range changes', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+
+    // change time range to single hour
+    dashboardApi.timeRange$.next({
+      from: '2024-06-08T00:00:00.000Z',
+      to: '2024-06-08T01:00:00.000Z',
+    });
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+
+    // update time slice to same percentage in new hour interval
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-08T00:15:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-08T00:30:00.000Z');
+  });
+
+  test('Clicking previous button should advance timeslice backward', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+    if (!api.CustomPrependComponent) {
+      throw new Error('API does not return CustomPrependComponent');
+    }
+    const { findByTestId } = render(<api.CustomPrependComponent />);
+    fireEvent.click(await findByTestId('timeSlider-previousTimeWindow'));
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T00:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T06:00:00.000Z');
+  });
+
+  test('Clicking previous button should wrap when time range start is reached', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+    if (!api.CustomPrependComponent) {
+      throw new Error('API does not return CustomPrependComponent');
+    }
+    const { findByTestId } = render(<api.CustomPrependComponent />);
+    fireEvent.click(await findByTestId('timeSlider-previousTimeWindow'));
+    fireEvent.click(await findByTestId('timeSlider-previousTimeWindow'));
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T18:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-10T00:00:00.000Z');
+  });
+
+  test('Clicking next button should advance timeslice forward', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+    if (!api.CustomPrependComponent) {
+      throw new Error('API does not return CustomPrependComponent');
+    }
+    const { findByTestId } = render(<api.CustomPrependComponent />);
+    fireEvent.click(await findByTestId('timeSlider-nextTimeWindow'));
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T12:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T18:00:00.000Z');
+  });
+
+  test('Clicking next button should wrap when time range end is reached', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+    if (!api.CustomPrependComponent) {
+      throw new Error('API does not return CustomPrependComponent');
+    }
+    const { findByTestId } = render(<api.CustomPrependComponent />);
+    fireEvent.click(await findByTestId('timeSlider-nextTimeWindow'));
+    fireEvent.click(await findByTestId('timeSlider-nextTimeWindow'));
+    fireEvent.click(await findByTestId('timeSlider-nextTimeWindow'));
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T00:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T06:00:00.000Z');
+  });
+
+  test('Resetting state with comparators should reset timeslice', async () => {
+    const { api } = factory.buildControl(
+      {
+        timesliceStartAsPercentageOfTimeRange: 0.25,
+        timesliceEndAsPercentageOfTimeRange: 0.5,
+      },
+      buildApiMock,
+      uuid,
+      controlGroupApi
+    );
+    if (!api.CustomPrependComponent) {
+      throw new Error('API does not return CustomPrependComponent');
+    }
+
+    const { findByTestId } = render(<api.CustomPrependComponent />);
+    fireEvent.click(await findByTestId('timeSlider-nextTimeWindow'));
+    await new Promise((resolve) => setTimeout(resolve, 0));
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T12:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T18:00:00.000Z');
+
+    comparators!.timesliceStartAsPercentageOfTimeRange[1](0.25);
+    comparators!.timesliceEndAsPercentageOfTimeRange[1](0.5);
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+    expect(new Date(api.timeslice$.value![0]).toISOString()).toEqual('2024-06-09T06:00:00.000Z');
+    expect(new Date(api.timeslice$.value![1]).toISOString()).toEqual('2024-06-09T12:00:00.000Z');
+  });
+});
diff --git a/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.tsx b/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.tsx
new file mode 100644
index 0000000000000..c264eaf175ff9
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/get_timeslider_control_factory.tsx
@@ -0,0 +1,309 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React, { useEffect, useMemo } from 'react';
+import { i18n } from '@kbn/i18n';
+import { BehaviorSubject, debounceTime, first, map } from 'rxjs';
+import { EuiInputPopover } from '@elastic/eui';
+import {
+  apiHasParentApi,
+  apiPublishesDataLoading,
+  getViewModeSubject,
+  useBatchedPublishingSubjects,
+  ViewMode,
+} from '@kbn/presentation-publishing';
+import { ControlFactory } from '../types';
+import {
+  TimesliderControlState,
+  TimesliderControlApi,
+  TIMESLIDER_CONTROL_TYPE,
+  Services,
+  Timeslice,
+} from './types';
+import { initializeDefaultControlApi } from '../initialize_default_control_api';
+import { TimeSliderPopoverButton } from './components/time_slider_popover_button';
+import { TimeSliderPopoverContent } from './components/time_slider_popover_content';
+import { initTimeRangeSubscription } from './init_time_range_subscription';
+import {
+  FROM_INDEX,
+  roundDownToNextStepSizeFactor,
+  roundUpToNextStepSizeFactor,
+  TO_INDEX,
+} from './time_utils';
+import { initTimeRangePercentage } from './init_time_range_percentage';
+import './components/index.scss';
+import { TimeSliderPrepend } from './components/time_slider_prepend';
+
+export const getTimesliderControlFactory = (
+  services: Services
+): ControlFactory<TimesliderControlState, TimesliderControlApi> => {
+  return {
+    type: TIMESLIDER_CONTROL_TYPE,
+    getIconType: () => 'search',
+    getDisplayName: () =>
+      i18n.translate('controlsExamples.timesliderControl.displayName', {
+        defaultMessage: 'Time slider',
+      }),
+    buildControl: (initialState, buildApi, uuid, controlGroupApi) => {
+      const { timeRangeMeta$, formatDate, cleanupTimeRangeSubscription } =
+        initTimeRangeSubscription(controlGroupApi, services);
+      const timeslice$ = new BehaviorSubject<[number, number] | undefined>(undefined);
+      function syncTimesliceWithTimeRangePercentage(
+        startPercentage: number | undefined,
+        endPercentage: number | undefined
+      ) {
+        if (startPercentage === undefined || endPercentage === undefined) {
+          if (timeslice$.value !== undefined) {
+            timeslice$.next(undefined);
+          }
+          return;
+        }
+
+        const { stepSize, timeRange, timeRangeBounds } = timeRangeMeta$.value;
+        const from = timeRangeBounds[FROM_INDEX] + startPercentage * timeRange;
+        const to = timeRangeBounds[FROM_INDEX] + endPercentage * timeRange;
+        timeslice$.next([
+          roundDownToNextStepSizeFactor(from, stepSize),
+          roundUpToNextStepSizeFactor(to, stepSize),
+        ]);
+        setSelectedRange(to - from);
+      }
+      const timeRangePercentage = initTimeRangePercentage(
+        initialState,
+        syncTimesliceWithTimeRangePercentage
+      );
+      function setTimeslice(timeslice?: Timeslice) {
+        timeRangePercentage.setTimeRangePercentage(timeslice, timeRangeMeta$.value);
+        timeslice$.next(timeslice);
+      }
+      const isAnchored$ = new BehaviorSubject<boolean | undefined>(initialState.isAnchored);
+      function setIsAnchored(isAnchored: boolean | undefined) {
+        isAnchored$.next(isAnchored);
+      }
+      let selectedRange: number | undefined;
+      function setSelectedRange(nextSelectedRange?: number) {
+        selectedRange =
+          nextSelectedRange !== undefined && nextSelectedRange < timeRangeMeta$.value.timeRange
+            ? nextSelectedRange
+            : undefined;
+      }
+
+      function onChange(timeslice?: Timeslice) {
+        setTimeslice(timeslice);
+        const nextSelectedRange = timeslice
+          ? timeslice[TO_INDEX] - timeslice[FROM_INDEX]
+          : undefined;
+        setSelectedRange(nextSelectedRange);
+      }
+
+      function onPrevious() {
+        const { ticks, timeRangeMax, timeRangeMin } = timeRangeMeta$.value;
+        const value = timeslice$.value;
+        const tickRange = ticks[1].value - ticks[0].value;
+
+        if (isAnchored$.value) {
+          const prevTick = value
+            ? [...ticks].reverse().find((tick) => {
+                return tick.value < value[TO_INDEX];
+              })
+            : ticks[ticks.length - 1];
+          setTimeslice([timeRangeMin, prevTick ? prevTick.value : timeRangeMax]);
+          return;
+        }
+
+        if (value === undefined || value[FROM_INDEX] <= timeRangeMin) {
+          const to = timeRangeMax;
+          if (selectedRange === undefined || selectedRange === tickRange) {
+            const lastTickValue = ticks[ticks.length - 1].value;
+            const secondToLastTickValue = ticks[ticks.length - 2].value;
+            const from = lastTickValue === to ? secondToLastTickValue : lastTickValue;
+            setTimeslice([from, to]);
+            setSelectedRange(tickRange);
+          } else {
+            const from = to - selectedRange;
+            setTimeslice([Math.max(from, timeRangeMin), to]);
+          }
+          return;
+        }
+
+        const to = value[FROM_INDEX];
+        const safeRange = selectedRange === undefined ? tickRange : selectedRange;
+        const from = to - safeRange;
+        setTimeslice([Math.max(from, timeRangeMin), to]);
+      }
+
+      function onNext() {
+        const { ticks, timeRangeMax, timeRangeMin } = timeRangeMeta$.value;
+        const value = timeslice$.value;
+        const tickRange = ticks[1].value - ticks[0].value;
+
+        if (isAnchored$.value) {
+          if (value === undefined || value[TO_INDEX] >= timeRangeMax) {
+            setTimeslice([timeRangeMin, ticks[0].value]);
+            return;
+          }
+
+          const nextTick = ticks.find((tick) => {
+            return tick.value > value[TO_INDEX];
+          });
+          setTimeslice([timeRangeMin, nextTick ? nextTick.value : timeRangeMax]);
+          return;
+        }
+
+        if (value === undefined || value[TO_INDEX] >= timeRangeMax) {
+          const from = timeRangeMin;
+          if (selectedRange === undefined || selectedRange === tickRange) {
+            const firstTickValue = ticks[0].value;
+            const secondTickValue = ticks[1].value;
+            const to = firstTickValue === from ? secondTickValue : firstTickValue;
+            setTimeslice([from, to]);
+            setSelectedRange(tickRange);
+          } else {
+            const to = from + selectedRange;
+            setTimeslice([from, Math.min(to, timeRangeMax)]);
+          }
+          return;
+        }
+
+        const from = value[TO_INDEX];
+        const safeRange = selectedRange === undefined ? tickRange : selectedRange;
+        const to = from + safeRange;
+        setTimeslice([from, Math.min(to, timeRangeMax)]);
+      }
+
+      const isPopoverOpen$ = new BehaviorSubject(false);
+      function setIsPopoverOpen(value: boolean) {
+        isPopoverOpen$.next(value);
+      }
+      const viewModeSubject =
+        getViewModeSubject(controlGroupApi) ?? new BehaviorSubject('view' as ViewMode);
+
+      const defaultControl = initializeDefaultControlApi(initialState);
+
+      const dashboardDataLoading$ =
+        apiHasParentApi(controlGroupApi) && apiPublishesDataLoading(controlGroupApi.parentApi)
+          ? controlGroupApi.parentApi.dataLoading
+          : new BehaviorSubject<boolean | undefined>(false);
+      const waitForDashboardPanelsToLoad$ = dashboardDataLoading$.pipe(
+        // debounce to give time for panels to start loading if they are going to load from time changes
+        debounceTime(300),
+        first((isLoading: boolean | undefined) => {
+          return !isLoading;
+        }),
+        map(() => {
+          // Observable notifies subscriber when loading is finished
+          // Return void to not expose internal implementation details of observable
+          return;
+        })
+      );
+
+      const api = buildApi(
+        {
+          ...defaultControl.api,
+          timeslice$,
+          serializeState: () => {
+            const { rawState: defaultControlState } = defaultControl.serialize();
+            return {
+              rawState: {
+                ...defaultControlState,
+                ...timeRangePercentage.serializeState(),
+                isAnchored: isAnchored$.value,
+              },
+              references: [],
+            };
+          },
+          CustomPrependComponent: () => {
+            const [autoApplySelections, viewMode] = useBatchedPublishingSubjects(
+              controlGroupApi.autoApplySelections$,
+              viewModeSubject
+            );
+
+            return (
+              <TimeSliderPrepend
+                onNext={onNext}
+                onPrevious={onPrevious}
+                viewMode={viewMode}
+                disablePlayButton={!autoApplySelections}
+                setIsPopoverOpen={setIsPopoverOpen}
+                waitForControlOutputConsumersToLoad$={waitForDashboardPanelsToLoad$}
+              />
+            );
+          },
+        },
+        {
+          ...defaultControl.comparators,
+          ...timeRangePercentage.comparators,
+          isAnchored: [isAnchored$, setIsAnchored],
+        }
+      );
+
+      const timeRangeMetaSubscription = timeRangeMeta$.subscribe((timeRangeMeta) => {
+        const { timesliceStartAsPercentageOfTimeRange, timesliceEndAsPercentageOfTimeRange } =
+          timeRangePercentage.serializeState();
+        syncTimesliceWithTimeRangePercentage(
+          timesliceStartAsPercentageOfTimeRange,
+          timesliceEndAsPercentageOfTimeRange
+        );
+      });
+
+      return {
+        api,
+        Component: (controlStyleProps) => {
+          const [isAnchored, isPopoverOpen, timeRangeMeta, timeslice] =
+            useBatchedPublishingSubjects(isAnchored$, isPopoverOpen$, timeRangeMeta$, timeslice$);
+
+          useEffect(() => {
+            return () => {
+              cleanupTimeRangeSubscription();
+              timeRangeMetaSubscription.unsubscribe();
+            };
+          }, []);
+
+          const from = useMemo(() => {
+            return timeslice ? timeslice[FROM_INDEX] : timeRangeMeta.timeRangeMin;
+          }, [timeslice, timeRangeMeta.timeRangeMin]);
+          const to = useMemo(() => {
+            return timeslice ? timeslice[TO_INDEX] : timeRangeMeta.timeRangeMax;
+          }, [timeslice, timeRangeMeta.timeRangeMax]);
+
+          return (
+            <EuiInputPopover
+              {...controlStyleProps}
+              className="timeSlider__popoverOverride"
+              panelClassName="timeSlider__panelOverride"
+              input={
+                <TimeSliderPopoverButton
+                  onClick={() => {
+                    setIsPopoverOpen(!isPopoverOpen);
+                  }}
+                  formatDate={formatDate}
+                  from={from}
+                  to={to}
+                />
+              }
+              isOpen={isPopoverOpen}
+              closePopover={() => setIsPopoverOpen(false)}
+              panelPaddingSize="s"
+            >
+              <TimeSliderPopoverContent
+                isAnchored={typeof isAnchored === 'boolean' ? isAnchored : false}
+                setIsAnchored={setIsAnchored}
+                value={[from, to]}
+                onChange={onChange}
+                stepSize={timeRangeMeta.stepSize}
+                ticks={timeRangeMeta.ticks}
+                timeRangeMin={timeRangeMeta.timeRangeMin}
+                timeRangeMax={timeRangeMeta.timeRangeMax}
+              />
+            </EuiInputPopover>
+          );
+        },
+      };
+    },
+  };
+};
diff --git a/examples/controls_example/public/react_controls/timeslider_control/init_time_range_percentage.ts b/examples/controls_example/public/react_controls/timeslider_control/init_time_range_percentage.ts
new file mode 100644
index 0000000000000..492530f4c0527
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/init_time_range_percentage.ts
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { StateComparators } from '@kbn/presentation-publishing';
+import { debounce } from 'lodash';
+import { BehaviorSubject } from 'rxjs';
+import { TimeRangeMeta } from './get_time_range_meta';
+import { FROM_INDEX, TO_INDEX } from './time_utils';
+import { Timeslice, TimesliderControlState } from './types';
+
+export function initTimeRangePercentage(
+  state: TimesliderControlState,
+  onReset: (
+    timesliceStartAsPercentageOfTimeRange: number | undefined,
+    timesliceEndAsPercentageOfTimeRange: number | undefined
+  ) => void
+) {
+  const timesliceStartAsPercentageOfTimeRange$ = new BehaviorSubject<number | undefined>(
+    state.timesliceStartAsPercentageOfTimeRange
+  );
+  const timesliceEndAsPercentageOfTimeRange$ = new BehaviorSubject<number | undefined>(
+    state.timesliceEndAsPercentageOfTimeRange
+  );
+
+  // debounce to avoid calling 'resetTimeslice' on each comparator reset
+  const debouncedOnReset = debounce(() => {
+    onReset(
+      timesliceStartAsPercentageOfTimeRange$.value,
+      timesliceEndAsPercentageOfTimeRange$.value
+    );
+  }, 0);
+
+  return {
+    setTimeRangePercentage(timeslice: Timeslice | undefined, timeRangeMeta: TimeRangeMeta) {
+      let timesliceStartAsPercentageOfTimeRange: number | undefined;
+      let timesliceEndAsPercentageOfTimeRange: number | undefined;
+      if (timeslice) {
+        timesliceStartAsPercentageOfTimeRange =
+          (timeslice[FROM_INDEX] - timeRangeMeta.timeRangeBounds[FROM_INDEX]) /
+          timeRangeMeta.timeRange;
+        timesliceEndAsPercentageOfTimeRange =
+          (timeslice[TO_INDEX] - timeRangeMeta.timeRangeBounds[FROM_INDEX]) /
+          timeRangeMeta.timeRange;
+      }
+      timesliceStartAsPercentageOfTimeRange$.next(timesliceStartAsPercentageOfTimeRange);
+      timesliceEndAsPercentageOfTimeRange$.next(timesliceEndAsPercentageOfTimeRange);
+    },
+    serializeState: () => {
+      return {
+        timesliceStartAsPercentageOfTimeRange: timesliceStartAsPercentageOfTimeRange$.value,
+        timesliceEndAsPercentageOfTimeRange: timesliceEndAsPercentageOfTimeRange$.value,
+      };
+    },
+    comparators: {
+      timesliceStartAsPercentageOfTimeRange: [
+        timesliceStartAsPercentageOfTimeRange$,
+        (value: number | undefined) => {
+          timesliceStartAsPercentageOfTimeRange$.next(value);
+          debouncedOnReset();
+        },
+      ],
+      timesliceEndAsPercentageOfTimeRange: [
+        timesliceEndAsPercentageOfTimeRange$,
+        (value: number | undefined) => {
+          timesliceEndAsPercentageOfTimeRange$.next(value);
+          debouncedOnReset();
+        },
+      ],
+    } as StateComparators<
+      Pick<
+        TimesliderControlState,
+        'timesliceStartAsPercentageOfTimeRange' | 'timesliceEndAsPercentageOfTimeRange'
+      >
+    >,
+  };
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/init_time_range_subscription.ts b/examples/controls_example/public/react_controls/timeslider_control/init_time_range_subscription.ts
new file mode 100644
index 0000000000000..d3206bd2b917b
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/init_time_range_subscription.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { TimeRange } from '@kbn/es-query';
+import { i18n } from '@kbn/i18n';
+import { apiHasParentApi, apiPublishesTimeRange } from '@kbn/presentation-publishing';
+import moment from 'moment';
+import { BehaviorSubject, skip } from 'rxjs';
+import { getTimeRangeMeta, getTimezone, TimeRangeMeta } from './get_time_range_meta';
+import { getMomentTimezone } from './time_utils';
+import { Services } from './types';
+
+export function initTimeRangeSubscription(controlGroupApi: unknown, services: Services) {
+  const timeRange$ =
+    apiHasParentApi(controlGroupApi) && apiPublishesTimeRange(controlGroupApi.parentApi)
+      ? controlGroupApi.parentApi.timeRange$
+      : new BehaviorSubject<TimeRange | undefined>(undefined);
+  const timeRangeMeta$ = new BehaviorSubject<TimeRangeMeta>(
+    getTimeRangeMeta(timeRange$.value, services)
+  );
+
+  const timeRangeSubscription = timeRange$.pipe(skip(1)).subscribe((timeRange) => {
+    timeRangeMeta$.next(getTimeRangeMeta(timeRange, services));
+  });
+
+  return {
+    timeRangeMeta$,
+    formatDate: (epoch: number) => {
+      return moment
+        .tz(epoch, getMomentTimezone(getTimezone(services)))
+        .locale(i18n.getLocale())
+        .format(timeRangeMeta$.value.format);
+    },
+    cleanupTimeRangeSubscription: () => {
+      timeRangeSubscription.unsubscribe();
+    },
+  };
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/time_utils.tsx b/examples/controls_example/public/react_controls/timeslider_control/time_utils.tsx
new file mode 100644
index 0000000000000..aa315907e84fa
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/time_utils.tsx
@@ -0,0 +1,162 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import moment from 'moment-timezone';
+import { EuiRangeTick } from '@elastic/eui';
+import { calcAutoIntervalNear } from '@kbn/data-plugin/common';
+
+const MAX_TICKS = 20; // eui range has hard limit of 20 ticks and throws when exceeded
+
+export const FROM_INDEX = 0;
+export const TO_INDEX = 1;
+
+export function getMomentTimezone(dateFormatTZ: string) {
+  const detectedTimezone = moment.tz.guess();
+  return dateFormatTZ === undefined || dateFormatTZ === 'Browser' ? detectedTimezone : dateFormatTZ;
+}
+
+function getScaledDateFormat(interval: number): string {
+  if (interval >= moment.duration(1, 'y').asMilliseconds()) {
+    return 'YYYY';
+  }
+
+  if (interval >= moment.duration(30, 'd').asMilliseconds()) {
+    return 'MMM YYYY';
+  }
+
+  if (interval >= moment.duration(1, 'd').asMilliseconds()) {
+    return 'MMM D';
+  }
+
+  if (interval >= moment.duration(6, 'h').asMilliseconds()) {
+    return 'Do HH';
+  }
+
+  if (interval >= moment.duration(1, 'h').asMilliseconds()) {
+    return 'HH:mm';
+  }
+
+  if (interval >= moment.duration(1, 'm').asMilliseconds()) {
+    return 'HH:mm';
+  }
+
+  if (interval >= moment.duration(1, 's').asMilliseconds()) {
+    return 'mm:ss';
+  }
+
+  return 'ss.SSS';
+}
+
+export function getInterval(min: number, max: number, steps = MAX_TICKS): number {
+  const duration = max - min;
+  let interval = calcAutoIntervalNear(MAX_TICKS, duration).asMilliseconds();
+  // Sometimes auto interval is not quite right and returns 2X, 3X, 1/2X, or 1/3X  requested ticks
+  const actualSteps = duration / interval;
+  if (actualSteps > MAX_TICKS) {
+    // EuiRange throws if ticks exceeds MAX_TICKS
+    // Adjust the interval to ensure MAX_TICKS is never exceeded
+    const factor = Math.ceil(actualSteps / MAX_TICKS);
+    interval = interval * factor;
+  } else if (actualSteps < MAX_TICKS / 2) {
+    // Increase number of ticks when ticks is less then half MAX_TICKS
+    interval = interval / 2;
+  }
+  return interval;
+}
+
+export function getTicks(min: number, max: number, timezone: string): EuiRangeTick[] {
+  const interval = getInterval(min, max);
+  const format = getScaledDateFormat(interval);
+
+  let tickValue = Math.ceil(min / interval) * interval;
+  const ticks: EuiRangeTick[] = [];
+  while (tickValue <= max) {
+    ticks.push({
+      value: tickValue,
+      label: moment.tz(tickValue, getMomentTimezone(timezone)).format(format),
+    });
+    tickValue += interval;
+  }
+
+  return ticks.length <= 12
+    ? ticks
+    : ticks.map((tick, index) => {
+        return {
+          ...tick,
+          value: tick.value,
+          // to avoid label overlap, only display even tick labels
+          // Passing empty string as tick label results in tick not rendering, so must wrap empty label in react element
+          label: index % 2 === 0 ? tick.label : <span>&nbsp;</span>,
+        };
+      });
+}
+
+export function getStepSize(ticks: EuiRangeTick[]): {
+  stepSize: number;
+  format: string;
+} {
+  if (ticks.length < 2) {
+    return {
+      stepSize: 1,
+      format: 'MMM D, YYYY @ HH:mm:ss.SSS',
+    };
+  }
+
+  const tickRange = ticks[1].value - ticks[0].value;
+
+  if (tickRange >= moment.duration(2, 'y').asMilliseconds()) {
+    return {
+      stepSize: moment.duration(1, 'y').asMilliseconds(),
+      format: 'YYYY',
+    };
+  }
+
+  if (tickRange >= moment.duration(2, 'd').asMilliseconds()) {
+    return {
+      stepSize: moment.duration(1, 'd').asMilliseconds(),
+      format: 'MMM D, YYYY',
+    };
+  }
+
+  if (tickRange >= moment.duration(2, 'h').asMilliseconds()) {
+    return {
+      stepSize: moment.duration(1, 'h').asMilliseconds(),
+      format: 'MMM D, YYYY @ HH:mm',
+    };
+  }
+
+  if (tickRange >= moment.duration(2, 'm').asMilliseconds()) {
+    return {
+      stepSize: moment.duration(1, 'm').asMilliseconds(),
+      format: 'MMM D, YYYY @ HH:mm',
+    };
+  }
+
+  if (tickRange >= moment.duration(2, 's').asMilliseconds()) {
+    return {
+      stepSize: moment.duration(1, 's').asMilliseconds(),
+      format: 'MMM D, YYYY @ HH:mm:ss',
+    };
+  }
+
+  return {
+    stepSize: 1,
+    format: 'MMM D, YYYY @ HH:mm:ss.SSS',
+  };
+}
+
+export function roundDownToNextStepSizeFactor(value: number, stepSize: number) {
+  const remainder = value % stepSize;
+  return remainder === 0 ? value : value - remainder;
+}
+
+export function roundUpToNextStepSizeFactor(value: number, stepSize: number) {
+  const remainder = value % stepSize;
+  return remainder === 0 ? value : value + (stepSize - remainder);
+}
diff --git a/examples/controls_example/public/react_controls/timeslider_control/types.ts b/examples/controls_example/public/react_controls/timeslider_control/types.ts
new file mode 100644
index 0000000000000..38dbf4572bbe2
--- /dev/null
+++ b/examples/controls_example/public/react_controls/timeslider_control/types.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { CoreStart } from '@kbn/core/public';
+import { DataPublicPluginStart } from '@kbn/data-plugin/public';
+import type { PublishesTimeslice } from '@kbn/presentation-publishing';
+import type { DefaultControlApi, DefaultControlState } from '../types';
+
+export const TIMESLIDER_CONTROL_TYPE = 'timesliderControl';
+
+export type Timeslice = [number, number];
+
+export interface TimesliderControlState extends DefaultControlState {
+  isAnchored?: boolean;
+  // Encode value as percentage of time range to support relative time ranges.
+  timesliceStartAsPercentageOfTimeRange?: number;
+  timesliceEndAsPercentageOfTimeRange?: number;
+}
+
+export type TimesliderControlApi = DefaultControlApi & PublishesTimeslice;
+
+export interface Services {
+  core: CoreStart;
+  data: DataPublicPluginStart;
+}
diff --git a/examples/controls_example/public/react_controls/types.ts b/examples/controls_example/public/react_controls/types.ts
index 7bb25ff9821bb..52987e41210ab 100644
--- a/examples/controls_example/public/react_controls/types.ts
+++ b/examples/controls_example/public/react_controls/types.ts
@@ -33,7 +33,7 @@ export interface PublishesControlDisplaySettings {
 }
 
 export interface HasCustomPrepend {
-  getCustomPrepend: () => React.FC<{}>;
+  CustomPrependComponent: React.FC<{}>;
 }
 
 export type DefaultControlApi = PublishesDataLoading &
diff --git a/examples/controls_example/tsconfig.json b/examples/controls_example/tsconfig.json
index 834ef6cebe553..5af09dd368b59 100644
--- a/examples/controls_example/tsconfig.json
+++ b/examples/controls_example/tsconfig.json
@@ -34,5 +34,6 @@
     "@kbn/ui-theme",
     "@kbn/core-lifecycle-browser",
     "@kbn/presentation-panel-plugin",
+    "@kbn/datemath",
   ]
 }
diff --git a/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts b/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts
index 9971535e148dd..6364073ade676 100644
--- a/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts
+++ b/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts
@@ -9,7 +9,11 @@
 import { i18n } from '@kbn/i18n';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public';
+import {
+  IncompatibleActionError,
+  UiActionsStart,
+  ADD_PANEL_TRIGGER,
+} from '@kbn/ui-actions-plugin/public';
 import { embeddableExamplesGrouping } from '../embeddable_examples_grouping';
 import { ADD_DATA_TABLE_ACTION_ID, DATA_TABLE_ID } from './constants';
 
@@ -39,5 +43,5 @@ export const registerCreateDataTableAction = (uiActions: UiActionsStart) => {
         defaultMessage: 'Data table',
       }),
   });
-  uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_DATA_TABLE_ACTION_ID);
+  uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_DATA_TABLE_ACTION_ID);
 };
diff --git a/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts b/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts
index fa2ecd03b5d25..4c7f52d261fcb 100644
--- a/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts
+++ b/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts
@@ -10,4 +10,5 @@ export const embeddableExamplesGrouping = {
   id: 'embeddableExamples',
   getIconType: () => 'documentation',
   getDisplayName: () => 'Embeddable examples',
+  order: -10,
 };
diff --git a/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx b/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx
index 81c23a4d960b8..c5eb2d72cc479 100644
--- a/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx
+++ b/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx
@@ -9,7 +9,11 @@
 import { i18n } from '@kbn/i18n';
 import { apiCanAddNewPanel } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public';
+import {
+  IncompatibleActionError,
+  UiActionsStart,
+  ADD_PANEL_TRIGGER,
+} from '@kbn/ui-actions-plugin/public';
 import { embeddableExamplesGrouping } from '../embeddable_examples_grouping';
 import { ADD_EUI_MARKDOWN_ACTION_ID, EUI_MARKDOWN_ID } from './constants';
 import { MarkdownEditorSerializedState } from './types';
@@ -41,7 +45,7 @@ export const registerCreateEuiMarkdownAction = (uiActions: UiActionsStart) => {
         defaultMessage: 'EUI Markdown',
       }),
   });
-  uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_EUI_MARKDOWN_ACTION_ID);
+  uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_EUI_MARKDOWN_ACTION_ID);
   if (uiActions.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) {
     // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach
     // the create action if the Canvas-specific trigger does indeed exist.
diff --git a/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx b/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx
index e05868e7737d1..175c3119955a2 100644
--- a/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx
+++ b/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx
@@ -9,7 +9,7 @@
 import { i18n } from '@kbn/i18n';
 import { apiCanAddNewPanel } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
+import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import { UiActionsPublicStart } from '@kbn/ui-actions-plugin/public/plugin';
 import { embeddableExamplesGrouping } from '../embeddable_examples_grouping';
 import { ADD_FIELD_LIST_ACTION_ID, FIELD_LIST_ID } from './constants';
@@ -34,5 +34,5 @@ export const registerCreateFieldListAction = (uiActions: UiActionsPublicStart) =
         defaultMessage: 'Field list',
       }),
   });
-  uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_FIELD_LIST_ACTION_ID);
+  uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_FIELD_LIST_ACTION_ID);
 };
diff --git a/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx b/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx
index 6916bd38cc28d..eaaa607f76001 100644
--- a/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx
+++ b/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx
@@ -10,7 +10,7 @@ import { CoreStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
+import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import { UiActionsPublicStart } from '@kbn/ui-actions-plugin/public/plugin';
 import { embeddableExamplesGrouping } from '../embeddable_examples_grouping';
 import {
@@ -67,5 +67,5 @@ export const registerCreateSavedBookAction = (uiActions: UiActionsPublicStart, c
         defaultMessage: 'Book',
       }),
   });
-  uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_SAVED_BOOK_ACTION_ID);
+  uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_SAVED_BOOK_ACTION_ID);
 };
diff --git a/examples/embeddable_examples/public/react_embeddables/saved_book/saved_book_react_embeddable.tsx b/examples/embeddable_examples/public/react_embeddables/saved_book/saved_book_react_embeddable.tsx
index 0a9c3c4d7117b..af96793e6522e 100644
--- a/examples/embeddable_examples/public/react_embeddables/saved_book/saved_book_react_embeddable.tsx
+++ b/examples/embeddable_examples/public/react_embeddables/saved_book/saved_book_react_embeddable.tsx
@@ -35,7 +35,7 @@ import {
 const bookSerializedStateIsByReference = (
   state?: BookSerializedState
 ): state is BookByReferenceSerializedState => {
-  return Boolean(state && (state as BookByReferenceSerializedState).savedBookId !== undefined);
+  return Boolean(state && (state as BookByReferenceSerializedState).savedBookId);
 };
 
 export const getSavedBookEmbeddableFactory = (core: CoreStart) => {
@@ -86,7 +86,7 @@ export const getSavedBookEmbeddableFactory = (core: CoreStart) => {
               defaultMessage: 'book',
             }),
           serializeState: async () => {
-            if (savedBookId$.value === undefined) {
+            if (!Boolean(savedBookId$.value)) {
               // if this book is currently by value, we serialize the entire state.
               const bookByValueState: BookByValueSerializedState = {
                 attributes: serializeBookAttributes(bookAttributesManager),
@@ -97,7 +97,7 @@ export const getSavedBookEmbeddableFactory = (core: CoreStart) => {
 
             // if this book is currently by reference, we serialize the reference and write to the external store.
             const bookByReferenceState: BookByReferenceSerializedState = {
-              savedBookId: savedBookId$.value,
+              savedBookId: savedBookId$.value!,
               ...serializeTitles(),
             };
 
@@ -123,6 +123,11 @@ export const getSavedBookEmbeddableFactory = (core: CoreStart) => {
           unlinkFromLibrary: () => {
             savedBookId$.next(undefined);
           },
+          getByValueRuntimeSnapshot: () => {
+            const snapshot = api.snapshotRuntimeState();
+            delete snapshot.savedBookId;
+            return snapshot;
+          },
         },
         {
           savedBookId: [savedBookId$, (val) => savedBookId$.next(val)],
diff --git a/examples/embeddable_examples/public/react_embeddables/saved_book/types.ts b/examples/embeddable_examples/public/react_embeddables/saved_book/types.ts
index 362d95604cf97..00290698a9b1d 100644
--- a/examples/embeddable_examples/public/react_embeddables/saved_book/types.ts
+++ b/examples/embeddable_examples/public/react_embeddables/saved_book/types.ts
@@ -47,4 +47,4 @@ export interface BookRuntimeState
 
 export type BookApi = DefaultEmbeddableApi<BookSerializedState, BookRuntimeState> &
   HasEditCapabilities &
-  HasInPlaceLibraryTransforms;
+  HasInPlaceLibraryTransforms<BookRuntimeState>;
diff --git a/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx b/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx
index 945e969187631..1bffd091164b0 100644
--- a/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx
+++ b/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx
@@ -8,7 +8,11 @@
 
 import { apiCanAddNewPanel } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public';
+import {
+  IncompatibleActionError,
+  type UiActionsStart,
+  ADD_PANEL_TRIGGER,
+} from '@kbn/ui-actions-plugin/public';
 import { embeddableExamplesGrouping } from '../embeddable_examples_grouping';
 import { ADD_SEARCH_ACTION_ID, SEARCH_EMBEDDABLE_ID } from './constants';
 import { SearchSerializedState } from './types';
@@ -33,7 +37,7 @@ export const registerAddSearchPanelAction = (uiActions: UiActionsStart) => {
       );
     },
   });
-  uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_SEARCH_ACTION_ID);
+  uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_SEARCH_ACTION_ID);
   if (uiActions.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) {
     // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach
     // the create action if the Canvas-specific trigger does indeed exist.
diff --git a/oas_docs/kibana.serverless.yaml b/oas_docs/kibana.serverless.yaml
index d7b5512e96099..24cf6df24a4d4 100644
--- a/oas_docs/kibana.serverless.yaml
+++ b/oas_docs/kibana.serverless.yaml
@@ -38,6 +38,8 @@ servers:
       kibana_url:
         default: localhost:5601
   - url: /
+  - url: http://localhost:5601
+    description: local
 tags:
   - name: APM agent keys
     description: >
@@ -66,6 +68,9 @@ tags:
       Manage Kibana saved objects, including dashboards, visualizations, and
       more.
     x-displayName: saved objects
+  - name: slo
+    description: SLO APIs enable you to define, manage and track service-level objectives
+    x-displayName: slo
 paths:
   /api/apm/agent_keys:
     post:
@@ -1939,6 +1944,594 @@ paths:
                 $ref: '#/components/schemas/Serverless_saved_objects_400_response'
       security:
         - Serverless_saved_objects_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos:
+    post:
+      summary: Create an SLO
+      operationId: createSloOp
+      description: >
+        You must have `all` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SLOs_create_slo_request'
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_create_slo_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '409':
+          description: Conflict - The SLO id already exists
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_409_response'
+      servers:
+        - url: https://localhost:5601
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+    get:
+      summary: Get a paginated list of SLOs
+      operationId: findSlosOp
+      description: >
+        You must have the `read` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - name: kqlQuery
+          in: query
+          description: A valid kql query to filter the SLO with
+          schema:
+            type: string
+          example: 'slo.name:latency* and slo.tags : "prod"'
+        - name: page
+          in: query
+          description: The page to use for pagination, must be greater or equal than 1
+          schema:
+            type: integer
+            default: 1
+          example: 1
+        - name: perPage
+          in: query
+          description: Number of SLOs returned by page
+          schema:
+            type: integer
+            default: 25
+            maximum: 5000
+          example: 25
+        - name: sortBy
+          in: query
+          description: Sort by field
+          schema:
+            type: string
+            enum:
+              - sli_value
+              - status
+              - error_budget_consumed
+              - error_budget_remaining
+            default: status
+          example: status
+        - name: sortDirection
+          in: query
+          description: Sort order
+          schema:
+            type: string
+            enum:
+              - asc
+              - desc
+            default: asc
+          example: asc
+        - name: hideStale
+          in: query
+          description: >-
+            Hide stale SLOs from the list as defined by stale SLO threshold in
+            SLO settings
+          schema:
+            type: boolean
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_find_slo_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos/{sloId}:
+    get:
+      summary: Get an SLO
+      operationId: getSloOp
+      description: >
+        You must have the `read` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+        - name: instanceId
+          in: query
+          description: the specific instanceId used by the summary calculation
+          schema:
+            type: string
+          example: host-abcde
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_slo_with_summary_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+    put:
+      summary: Update an SLO
+      operationId: updateSloOp
+      description: >
+        You must have the `write` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SLOs_update_slo_request'
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_slo_definition_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+    delete:
+      summary: Delete an SLO
+      operationId: deleteSloOp
+      description: >
+        You must have the `write` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      responses:
+        '204':
+          description: Successful request
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos/{sloId}/enable:
+    post:
+      summary: Enable an SLO
+      operationId: enableSloOp
+      description: >
+        You must have the `write` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      responses:
+        '204':
+          description: Successful request
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos/{sloId}/disable:
+    post:
+      summary: Disable an SLO
+      operationId: disableSloOp
+      description: >
+        You must have the `write` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      responses:
+        '200':
+          description: Successful request
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos/{sloId}/_reset:
+    post:
+      summary: Reset an SLO
+      operationId: resetSloOp
+      description: >
+        You must have the `write` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      responses:
+        '204':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_slo_definition_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+        '404':
+          description: Not found response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/internal/observability/slos/_historical_summary:
+    post:
+      summary: Get a historical summary for SLOs
+      operationId: historicalSummaryOp
+      description: >
+        You must have the `read` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SLOs_historical_summary_request'
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_historical_summary_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/internal/observability/slos/_definitions:
+    get:
+      summary: Get the SLO definitions
+      operationId: getDefinitionsOp
+      description: >
+        You must have the `read` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - name: includeOutdatedOnly
+          in: query
+          description: >-
+            Indicates if the API returns only outdated SLO or all SLO
+            definitions
+          schema:
+            type: boolean
+          example: true
+        - name: search
+          in: query
+          description: Filters the SLOs by name
+          schema:
+            type: string
+          example: my service availability
+        - name: page
+          in: query
+          description: The page to use for pagination, must be greater or equal than 1
+          schema:
+            type: number
+          example: 1
+        - name: perPage
+          in: query
+          description: Number of SLOs returned by page
+          schema:
+            type: integer
+            default: 100
+            maximum: 1000
+          example: 100
+      responses:
+        '200':
+          description: Successful request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_find_slo_definitions_response'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
+  /s/{spaceId}/api/observability/slos/_delete_instances:
+    post:
+      summary: Batch delete rollup and summary data
+      operationId: deleteSloInstancesOp
+      description: >
+        The deletion occurs for the specified list of `sloId` and `instanceId`.
+        You must have `all` privileges for the **SLOs** feature in the
+        **Observability** section of the Kibana feature privileges.
+      tags:
+        - slo
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SLOs_delete_slo_instances_request'
+      responses:
+        '204':
+          description: Successful request
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+        '401':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+        '403':
+          description: Unauthorized response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+      servers:
+        - url: https://localhost:5601
+      security:
+        - SLOs_basicAuth: []
+        - SLOs_apiKeyAuth: []
 components:
   securitySchemes:
     Connectors_apiKeyAuth:
@@ -1972,6 +2565,14 @@ components:
         Serverless APIs support only key-based authentication. You must create
         an API key and use the encoded value in the request header. For example:
         'Authorization: ApiKey base64AccessApiKey'.
+    SLOs_basicAuth:
+      type: http
+      scheme: basic
+    SLOs_apiKeyAuth:
+      type: apiKey
+      in: header
+      name: Authorization
+      description: 'e.g. Authorization: ApiKey base64AccessApiKey'
   parameters:
     Connectors_kbn_xsrf:
       schema:
@@ -2081,6 +2682,31 @@ components:
         conflict errors are automatically resolved by overwriting the
         destination object. NOTE: This option cannot be used with the
         `createNewCopies` option.
+    SLOs_kbn_xsrf:
+      schema:
+        type: string
+      in: header
+      name: kbn-xsrf
+      description: Cross-site request forgery protection
+      required: true
+    SLOs_space_id:
+      in: path
+      name: spaceId
+      description: >-
+        An identifier for the space. If `/s/` and the identifier are omitted
+        from the path, the default space is used.
+      required: true
+      schema:
+        type: string
+        example: default
+    SLOs_slo_id:
+      in: path
+      name: sloId
+      description: An identifier for the slo.
+      required: true
+      schema:
+        type: string
+        example: 9c235211-6834-11ea-a78c-6feb38a34414
   schemas:
     Connectors_create_connector_request_bedrock:
       title: Create Amazon Bedrock connector request
@@ -4909,665 +5535,1902 @@ components:
       title: Update server log connector request
       type: object
       required:
-        - name
+        - name
+      properties:
+        name:
+          type: string
+          description: The display name for the connector.
+    Connectors_update_connector_request_servicenow:
+      title: Update ServiceNow ITSM connector or ServiceNow SecOps request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_servicenow'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_servicenow'
+    Connectors_update_connector_request_servicenow_itom:
+      title: Create ServiceNow ITOM connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_servicenow'
+    Connectors_update_connector_request_slack_api:
+      title: Update Slack connector request
+      type: object
+      required:
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_slack_api'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_slack_api'
+    Connectors_update_connector_request_slack_webhook:
+      title: Update Slack connector request
+      type: object
+      required:
+        - name
+        - secrets
+      properties:
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook'
+    Connectors_update_connector_request_swimlane:
+      title: Update Swimlane connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_swimlane'
+        name:
+          type: string
+          description: The display name for the connector.
+          example: my-connector
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_swimlane'
+    Connectors_update_connector_request_teams:
+      title: Update Microsoft Teams connector request
+      type: object
+      required:
+        - name
+        - secrets
+      properties:
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_teams'
+    Connectors_update_connector_request_tines:
+      title: Update Tines connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_tines'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_tines'
+    Connectors_update_connector_request_torq:
+      title: Update Torq connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_torq'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_torq'
+    Connectors_update_connector_request_webhook:
+      title: Update Webhook connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_webhook'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_webhook'
+    Connectors_update_connector_request_xmatters:
+      title: Update xMatters connector request
+      type: object
+      required:
+        - config
+        - name
+        - secrets
+      properties:
+        config:
+          $ref: '#/components/schemas/Connectors_config_properties_xmatters'
+        name:
+          type: string
+          description: The display name for the connector.
+        secrets:
+          $ref: '#/components/schemas/Connectors_secrets_properties_xmatters'
+    Connectors_update_connector_request:
+      title: Update connector request body properties
+      description: The properties vary depending on the connector type.
+      oneOf:
+        - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_gemini'
+        - $ref: >-
+            #/components/schemas/Connectors_update_connector_request_cases_webhook
+        - $ref: '#/components/schemas/Connectors_update_connector_request_d3security'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_email'
+        - $ref: '#/components/schemas/Connectors_create_connector_request_genai'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_index'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_jira'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_resilient'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow'
+        - $ref: >-
+            #/components/schemas/Connectors_update_connector_request_servicenow_itom
+        - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api'
+        - $ref: >-
+            #/components/schemas/Connectors_update_connector_request_slack_webhook
+        - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_teams'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_tines'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_torq'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_webhook'
+        - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters'
+    Connectors_features:
+      type: string
+      description: |
+        The feature that uses the connector.
+      enum:
+        - alerting
+        - cases
+        - generativeAIForSecurity
+        - generativeAIForObservability
+        - generativeAIForSearchPlayground
+        - siem
+        - uptime
+    Connectors_connector_types:
+      title: Connector types
+      type: string
+      description: >-
+        The type of connector. For example, `.email`, `.index`, `.jira`,
+        `.opsgenie`, or `.server-log`.
+      enum:
+        - .bedrock
+        - .gemini
+        - .cases-webhook
+        - .d3security
+        - .email
+        - .gen-ai
+        - .index
+        - .jira
+        - .opsgenie
+        - .pagerduty
+        - .resilient
+        - .sentinelone
+        - .servicenow
+        - .servicenow-itom
+        - .servicenow-sir
+        - .server-log
+        - .slack
+        - .slack_api
+        - .swimlane
+        - .teams
+        - .tines
+        - .torq
+        - .webhook
+        - .xmatters
+      example: .server-log
+    Data_views_400_response:
+      title: Bad request
+      type: object
+      required:
+        - statusCode
+        - error
+        - message
       properties:
-        name:
+        statusCode:
+          type: number
+          example: 400
+        error:
           type: string
-          description: The display name for the connector.
-    Connectors_update_connector_request_servicenow:
-      title: Update ServiceNow ITSM connector or ServiceNow SecOps request
+          example: Bad Request
+        message:
+          type: string
+    Data_views_allownoindex:
+      type: boolean
+      description: Allows the data view saved object to exist before the data is available.
+    Data_views_fieldattrs:
+      type: object
+      description: A map of field attributes by field name.
+    Data_views_fieldformats:
+      type: object
+      description: A map of field formats by field name.
+    Data_views_namespaces:
+      type: array
+      description: >-
+        An array of space identifiers for sharing the data view between multiple
+        spaces.
+      items:
+        type: string
+        default: default
+    Data_views_runtimefieldmap:
+      type: object
+      description: A map of runtime field definitions by field name.
+    Data_views_sourcefilters:
+      type: array
+      description: The array of field names you want to filter out in Discover.
+      items:
+        type: object
+        required:
+          - value
+        properties:
+          value:
+            type: string
+    Data_views_timefieldname:
+      type: string
+      description: The timestamp field name, which you use for time-based data views.
+    Data_views_title:
+      type: string
+      description: >-
+        Comma-separated list of data streams, indices, and aliases that you want
+        to search. Supports wildcards (`*`).
+    Data_views_type:
+      type: string
+      description: When set to `rollup`, identifies the rollup data views.
+    Data_views_typemeta:
+      type: object
+      description: >-
+        When you use rollup indices, contains the field list for the rollup data
+        view API endpoints.
+    Data_views_create_data_view_request_object:
+      title: Create data view request
       type: object
       required:
-        - config
-        - name
-        - secrets
+        - data_view
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_servicenow'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_servicenow'
-    Connectors_update_connector_request_servicenow_itom:
-      title: Create ServiceNow ITOM connector request
+        data_view:
+          type: object
+          required:
+            - title
+          description: The data view object.
+          properties:
+            allowNoIndex:
+              $ref: '#/components/schemas/Data_views_allownoindex'
+            fieldAttrs:
+              $ref: '#/components/schemas/Data_views_fieldattrs'
+            fieldFormats:
+              $ref: '#/components/schemas/Data_views_fieldformats'
+            fields:
+              type: object
+            id:
+              type: string
+            name:
+              type: string
+              description: The data view name.
+            namespaces:
+              $ref: '#/components/schemas/Data_views_namespaces'
+            runtimeFieldMap:
+              $ref: '#/components/schemas/Data_views_runtimefieldmap'
+            sourceFilters:
+              $ref: '#/components/schemas/Data_views_sourcefilters'
+            timeFieldName:
+              $ref: '#/components/schemas/Data_views_timefieldname'
+            title:
+              $ref: '#/components/schemas/Data_views_title'
+            type:
+              $ref: '#/components/schemas/Data_views_type'
+            typeMeta:
+              $ref: '#/components/schemas/Data_views_typemeta'
+            version:
+              type: string
+        override:
+          type: boolean
+          description: >-
+            Override an existing data view if a data view with the provided
+            title already exists.
+          default: false
+    Data_views_data_view_response_object:
+      title: Data view response properties
       type: object
-      required:
-        - config
-        - name
-        - secrets
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_servicenow'
-    Connectors_update_connector_request_slack_api:
-      title: Update Slack connector request
+        data_view:
+          type: object
+          properties:
+            allowNoIndex:
+              $ref: '#/components/schemas/Data_views_allownoindex'
+            fieldAttrs:
+              $ref: '#/components/schemas/Data_views_fieldattrs'
+            fieldFormats:
+              $ref: '#/components/schemas/Data_views_fieldformats'
+            fields:
+              type: object
+            id:
+              type: string
+              example: ff959d40-b880-11e8-a6d9-e546fe2bba5f
+            name:
+              type: string
+              description: The data view name.
+            namespaces:
+              $ref: '#/components/schemas/Data_views_namespaces'
+            runtimeFieldMap:
+              $ref: '#/components/schemas/Data_views_runtimefieldmap'
+            sourceFilters:
+              $ref: '#/components/schemas/Data_views_sourcefilters'
+            timeFieldName:
+              $ref: '#/components/schemas/Data_views_timefieldname'
+            title:
+              $ref: '#/components/schemas/Data_views_title'
+            typeMeta:
+              $ref: '#/components/schemas/Data_views_typemeta'
+            version:
+              type: string
+              example: WzQ2LDJd
+    Data_views_404_response:
       type: object
-      required:
-        - name
-        - secrets
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_slack_api'
-        name:
+        error:
           type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_slack_api'
-    Connectors_update_connector_request_slack_webhook:
-      title: Update Slack connector request
+          example: Not Found
+          enum:
+            - Not Found
+        message:
+          type: string
+          example: >-
+            Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00]
+            not found
+        statusCode:
+          type: integer
+          example: 404
+          enum:
+            - 404
+    Data_views_update_data_view_request_object:
+      title: Update data view request
       type: object
       required:
-        - name
-        - secrets
+        - data_view
       properties:
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook'
-    Connectors_update_connector_request_swimlane:
-      title: Update Swimlane connector request
+        data_view:
+          type: object
+          description: >
+            The data view properties you want to update. Only the specified
+            properties are updated in the data view. Unspecified fields stay as
+            they are persisted.
+          properties:
+            allowNoIndex:
+              $ref: '#/components/schemas/Data_views_allownoindex'
+            fieldFormats:
+              $ref: '#/components/schemas/Data_views_fieldformats'
+            fields:
+              type: object
+            name:
+              type: string
+            runtimeFieldMap:
+              $ref: '#/components/schemas/Data_views_runtimefieldmap'
+            sourceFilters:
+              $ref: '#/components/schemas/Data_views_sourcefilters'
+            timeFieldName:
+              $ref: '#/components/schemas/Data_views_timefieldname'
+            title:
+              $ref: '#/components/schemas/Data_views_title'
+            type:
+              $ref: '#/components/schemas/Data_views_type'
+            typeMeta:
+              $ref: '#/components/schemas/Data_views_typemeta'
+        refresh_fields:
+          type: boolean
+          description: Reloads the data view fields after the data view is updated.
+          default: false
+    Machine_learning_APIs_mlSyncResponseSuccess:
+      type: boolean
+      description: The success or failure of the synchronization.
+    Machine_learning_APIs_mlSyncResponseAnomalyDetectors:
+      type: object
+      title: Sync API response for anomaly detection jobs
+      description: >-
+        The sync machine learning saved objects API response contains this
+        object when there are anomaly detection jobs affected by the
+        synchronization. There is an object for each relevant job, which
+        contains the synchronization status.
+      properties:
+        success:
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
+    Machine_learning_APIs_mlSyncResponseDatafeeds:
       type: object
-      required:
-        - config
-        - name
-        - secrets
+      title: Sync API response for datafeeds
+      description: >-
+        The sync machine learning saved objects API response contains this
+        object when there are datafeeds affected by the synchronization. There
+        is an object for each relevant datafeed, which contains the
+        synchronization status.
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_swimlane'
-        name:
-          type: string
-          description: The display name for the connector.
-          example: my-connector
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_swimlane'
-    Connectors_update_connector_request_teams:
-      title: Update Microsoft Teams connector request
+        success:
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
+    Machine_learning_APIs_mlSyncResponseDataFrameAnalytics:
       type: object
-      required:
-        - name
-        - secrets
+      title: Sync API response for data frame analytics jobs
+      description: >-
+        The sync machine learning saved objects API response contains this
+        object when there are data frame analytics jobs affected by the
+        synchronization. There is an object for each relevant job, which
+        contains the synchronization status.
       properties:
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_teams'
-    Connectors_update_connector_request_tines:
-      title: Update Tines connector request
+        success:
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
+    Machine_learning_APIs_mlSyncResponseSavedObjectsCreated:
       type: object
-      required:
-        - config
-        - name
-        - secrets
+      title: Sync API response for created saved objects
+      description: >-
+        If saved objects are missing for machine learning jobs or trained
+        models, they are created when you run the sync machine learning saved
+        objects API.
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_tines'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_tines'
-    Connectors_update_connector_request_torq:
-      title: Update Torq connector request
+        anomaly-detector:
+          type: object
+          description: >-
+            If saved objects are missing for anomaly detection jobs, they are
+            created.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
+        data-frame-analytics:
+          type: object
+          description: >-
+            If saved objects are missing for data frame analytics jobs, they are
+            created.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
+        trained-model:
+          type: object
+          description: If saved objects are missing for trained models, they are created.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
+    Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted:
       type: object
-      required:
-        - config
-        - name
-        - secrets
+      title: Sync API response for deleted saved objects
+      description: >-
+        If saved objects exist for machine learning jobs or trained models that
+        no longer exist, they are deleted when you run the sync machine learning
+        saved objects API.
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_torq'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_torq'
-    Connectors_update_connector_request_webhook:
-      title: Update Webhook connector request
+        anomaly-detector:
+          type: object
+          description: >-
+            If there are saved objects exist for nonexistent anomaly detection
+            jobs, they are deleted.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
+        data-frame-analytics:
+          type: object
+          description: >-
+            If there are saved objects exist for nonexistent data frame
+            analytics jobs, they are deleted.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
+        trained-model:
+          type: object
+          description: >-
+            If there are saved objects exist for nonexistent trained models,
+            they are deleted.
+          additionalProperties:
+            $ref: >-
+              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
+    Machine_learning_APIs_mlSyncResponseTrainedModels:
       type: object
-      required:
-        - config
-        - name
-        - secrets
+      title: Sync API response for trained models
+      description: >-
+        The sync machine learning saved objects API response contains this
+        object when there are trained models affected by the synchronization.
+        There is an object for each relevant trained model, which contains the
+        synchronization status.
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_webhook'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_webhook'
-    Connectors_update_connector_request_xmatters:
-      title: Update xMatters connector request
+        success:
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
+    Machine_learning_APIs_mlSync200Response:
       type: object
-      required:
-        - config
-        - name
-        - secrets
+      title: Successful sync API response
       properties:
-        config:
-          $ref: '#/components/schemas/Connectors_config_properties_xmatters'
-        name:
-          type: string
-          description: The display name for the connector.
-        secrets:
-          $ref: '#/components/schemas/Connectors_secrets_properties_xmatters'
-    Connectors_update_connector_request:
-      title: Update connector request body properties
-      description: The properties vary depending on the connector type.
-      oneOf:
-        - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_gemini'
-        - $ref: >-
-            #/components/schemas/Connectors_update_connector_request_cases_webhook
-        - $ref: '#/components/schemas/Connectors_update_connector_request_d3security'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_email'
-        - $ref: '#/components/schemas/Connectors_create_connector_request_genai'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_index'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_jira'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_resilient'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow'
-        - $ref: >-
-            #/components/schemas/Connectors_update_connector_request_servicenow_itom
-        - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api'
-        - $ref: >-
-            #/components/schemas/Connectors_update_connector_request_slack_webhook
-        - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_teams'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_tines'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_torq'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_webhook'
-        - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters'
-    Connectors_features:
-      type: string
-      description: |
-        The feature that uses the connector.
-      enum:
-        - alerting
-        - cases
-        - generativeAIForSecurity
-        - generativeAIForObservability
-        - generativeAIForSearchPlayground
-        - siem
-        - uptime
-    Connectors_connector_types:
-      title: Connector types
-      type: string
-      description: >-
-        The type of connector. For example, `.email`, `.index`, `.jira`,
-        `.opsgenie`, or `.server-log`.
-      enum:
-        - .bedrock
-        - .gemini
-        - .cases-webhook
-        - .d3security
-        - .email
-        - .gen-ai
-        - .index
-        - .jira
-        - .opsgenie
-        - .pagerduty
-        - .resilient
-        - .sentinelone
-        - .servicenow
-        - .servicenow-itom
-        - .servicenow-sir
-        - .server-log
-        - .slack
-        - .slack_api
-        - .swimlane
-        - .teams
-        - .tines
-        - .torq
-        - .webhook
-        - .xmatters
-      example: .server-log
-    Data_views_400_response:
+        datafeedsAdded:
+          type: object
+          description: >-
+            If a saved object for an anomaly detection job is missing a datafeed
+            identifier, it is added when you run the sync machine learning saved
+            objects API.
+          additionalProperties:
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
+        datafeedsRemoved:
+          type: object
+          description: >-
+            If a saved object for an anomaly detection job references a datafeed
+            that no longer exists, it is deleted when you run the sync machine
+            learning saved objects API.
+          additionalProperties:
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
+        savedObjectsCreated:
+          $ref: >-
+            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated
+        savedObjectsDeleted:
+          $ref: >-
+            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted
+    Machine_learning_APIs_mlSync4xxResponse:
+      type: object
+      title: Unsuccessful sync API response
+      properties:
+        error:
+          type: string
+          example: Unauthorized
+        message:
+          type: string
+        statusCode:
+          type: integer
+          example: 401
+    Serverless_saved_objects_400_response:
       title: Bad request
       type: object
       required:
-        - statusCode
         - error
         - message
+        - statusCode
       properties:
-        statusCode:
-          type: number
-          example: 400
         error:
           type: string
-          example: Bad Request
+          enum:
+            - Bad Request
         message:
           type: string
-    Data_views_allownoindex:
-      type: boolean
-      description: Allows the data view saved object to exist before the data is available.
-    Data_views_fieldattrs:
+        statusCode:
+          type: integer
+          enum:
+            - 400
+    Serverless_saved_objects_export_objects_request:
       type: object
-      description: A map of field attributes by field name.
-    Data_views_fieldformats:
+      properties:
+        excludeExportDetails:
+          description: Do not add export details entry at the end of the stream.
+          type: boolean
+          default: false
+        includeReferencesDeep:
+          description: Includes all of the referenced objects in the exported objects.
+          type: boolean
+        objects:
+          description: A list of objects to export.
+          type: array
+          items:
+            type: object
+        type:
+          description: >-
+            The saved object types to include in the export. Use `*` to export
+            all the types.
+          oneOf:
+            - type: string
+            - type: array
+              items:
+                type: string
+    Serverless_saved_objects_import_objects_request:
       type: object
-      description: A map of field formats by field name.
-    Data_views_namespaces:
-      type: array
-      description: >-
-        An array of space identifiers for sharing the data view between multiple
-        spaces.
-      items:
-        type: string
-        default: default
-    Data_views_runtimefieldmap:
+      properties:
+        file:
+          description: >
+            A file exported using the export API. NOTE: The
+            `savedObjects.maxImportExportSize` configuration setting limits the
+            number of saved objects which may be included in this file.
+            Similarly, the `savedObjects.maxImportPayloadBytes` setting limits
+            the overall size of the file that can be imported.
+    Serverless_saved_objects_200_import_objects_response:
       type: object
-      description: A map of runtime field definitions by field name.
-    Data_views_sourcefilters:
-      type: array
-      description: The array of field names you want to filter out in Discover.
-      items:
-        type: object
-        required:
-          - value
-        properties:
-          value:
-            type: string
-    Data_views_timefieldname:
-      type: string
-      description: The timestamp field name, which you use for time-based data views.
-    Data_views_title:
-      type: string
-      description: >-
-        Comma-separated list of data streams, indices, and aliases that you want
-        to search. Supports wildcards (`*`).
-    Data_views_type:
-      type: string
-      description: When set to `rollup`, identifies the rollup data views.
-    Data_views_typemeta:
+      properties:
+        success:
+          type: boolean
+          description: >
+            Indicates when the import was successfully completed. When set to
+            false, some objects may not have been created. For additional
+            information, refer to the `errors` and `successResults` properties.
+        successCount:
+          type: integer
+          description: Indicates the number of successfully imported records.
+        errors:
+          type: array
+          items:
+            type: object
+          description: >
+            Indicates the import was unsuccessful and specifies the objects that
+            failed to import.
+
+
+            NOTE: One object may result in multiple errors, which requires
+            separate steps to resolve. For instance, a `missing_references`
+            error and conflict error.
+        successResults:
+          type: array
+          items:
+            type: object
+          description: >
+            Indicates the objects that are successfully imported, with any
+            metadata if applicable.
+
+
+            NOTE: Objects are created only when all resolvable errors are
+            addressed, including conflicts and missing references. If objects
+            are created as new copies, each entry in the `successResults` array
+            includes a `destinationId` attribute.
+    SLOs_indicator_properties_apm_availability:
+      title: APM availability
+      required:
+        - type
+        - params
+      description: Defines properties for the APM availability indicator type
       type: object
-      description: >-
-        When you use rollup indices, contains the field list for the rollup data
-        view API endpoints.
-    Data_views_create_data_view_request_object:
-      title: Create data view request
+      properties:
+        params:
+          description: An object containing the indicator parameters.
+          type: object
+          nullable: false
+          required:
+            - service
+            - environment
+            - transactionType
+            - transactionName
+            - index
+          properties:
+            service:
+              description: The APM service name
+              type: string
+              example: o11y-app
+            environment:
+              description: The APM service environment or "*"
+              type: string
+              example: production
+            transactionType:
+              description: The APM transaction type or "*"
+              type: string
+              example: request
+            transactionName:
+              description: The APM transaction name or "*"
+              type: string
+              example: GET /my/api
+            filter:
+              description: KQL query used for filtering the data
+              type: string
+              example: 'service.foo : "bar"'
+            index:
+              description: The index used by APM metrics
+              type: string
+              example: metrics-apm*,apm*
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.apm.transactionDuration
+    SLOs_filter_meta:
+      title: FilterMeta
+      description: Defines properties for a filter
+      type: object
+      properties:
+        alias:
+          type: string
+          nullable: true
+        disabled:
+          type: boolean
+        negate:
+          type: boolean
+        controlledBy:
+          type: string
+        group:
+          type: string
+        index:
+          type: string
+        isMultiIndex:
+          type: boolean
+        type:
+          type: string
+        key:
+          type: string
+        params:
+          type: object
+        value:
+          type: string
+        field:
+          type: string
+    SLOs_filter:
+      title: Filter
+      description: Defines properties for a filter
       type: object
+      properties:
+        query:
+          type: object
+        meta:
+          $ref: '#/components/schemas/SLOs_filter_meta'
+    SLOs_kql_with_filters:
+      title: KQL with filters
+      description: Defines properties for a filter
+      oneOf:
+        - description: the KQL query to filter the documents with.
+          type: string
+          example: 'field.environment : "production" and service.name : "my-service"'
+        - type: object
+          properties:
+            kqlQuery:
+              type: string
+            filters:
+              type: array
+              items:
+                $ref: '#/components/schemas/SLOs_filter'
+    SLOs_kql_with_filters_good:
+      title: KQL query for good events
+      description: The KQL query used to define the good events.
+      oneOf:
+        - description: the KQL query to filter the documents with.
+          type: string
+          example: 'request.latency <= 150 and request.status_code : "2xx"'
+        - type: object
+          properties:
+            kqlQuery:
+              type: string
+            filters:
+              type: array
+              items:
+                $ref: '#/components/schemas/SLOs_filter'
+    SLOs_kql_with_filters_total:
+      title: KQL query for all events
+      description: The KQL query used to define all events.
+      oneOf:
+        - description: the KQL query to filter the documents with.
+          type: string
+          example: 'field.environment : "production" and service.name : "my-service"'
+        - type: object
+          properties:
+            kqlQuery:
+              type: string
+            filters:
+              type: array
+              items:
+                $ref: '#/components/schemas/SLOs_filter'
+    SLOs_indicator_properties_custom_kql:
+      title: Custom Query
       required:
-        - data_view
+        - type
+        - params
+      description: Defines properties for a custom query indicator type
+      type: object
       properties:
-        data_view:
+        params:
+          description: An object containing the indicator parameters.
           type: object
+          nullable: false
           required:
-            - title
-          description: The data view object.
+            - index
+            - timestampField
+            - good
+            - total
           properties:
-            allowNoIndex:
-              $ref: '#/components/schemas/Data_views_allownoindex'
-            fieldAttrs:
-              $ref: '#/components/schemas/Data_views_fieldattrs'
-            fieldFormats:
-              $ref: '#/components/schemas/Data_views_fieldformats'
-            fields:
-              type: object
-            id:
+            index:
+              description: The index or index pattern to use
               type: string
-            name:
+              example: my-service-*
+            dataViewId:
+              description: >-
+                The kibana data view id to use, primarily used to include data
+                view runtime mappings. Make sure to save SLO again if you
+                add/update run time fields to the data view and if those fields
+                are being used in slo queries.
               type: string
-              description: The data view name.
-            namespaces:
-              $ref: '#/components/schemas/Data_views_namespaces'
-            runtimeFieldMap:
-              $ref: '#/components/schemas/Data_views_runtimefieldmap'
-            sourceFilters:
-              $ref: '#/components/schemas/Data_views_sourcefilters'
-            timeFieldName:
-              $ref: '#/components/schemas/Data_views_timefieldname'
-            title:
-              $ref: '#/components/schemas/Data_views_title'
-            type:
-              $ref: '#/components/schemas/Data_views_type'
-            typeMeta:
-              $ref: '#/components/schemas/Data_views_typemeta'
-            version:
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
+            filter:
+              $ref: '#/components/schemas/SLOs_kql_with_filters'
+            good:
+              $ref: '#/components/schemas/SLOs_kql_with_filters_good'
+            total:
+              $ref: '#/components/schemas/SLOs_kql_with_filters_total'
+            timestampField:
+              description: |
+                The timestamp field used in the source indice.
               type: string
-        override:
-          type: boolean
-          description: >-
-            Override an existing data view if a data view with the provided
-            title already exists.
-          default: false
-    Data_views_data_view_response_object:
-      title: Data view response properties
+              example: timestamp
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.kql.custom
+    SLOs_indicator_properties_apm_latency:
+      title: APM latency
+      required:
+        - type
+        - params
+      description: Defines properties for the APM latency indicator type
+      type: object
+      properties:
+        params:
+          description: An object containing the indicator parameters.
+          type: object
+          nullable: false
+          required:
+            - service
+            - environment
+            - transactionType
+            - transactionName
+            - index
+            - threshold
+          properties:
+            service:
+              description: The APM service name
+              type: string
+              example: o11y-app
+            environment:
+              description: The APM service environment or "*"
+              type: string
+              example: production
+            transactionType:
+              description: The APM transaction type or "*"
+              type: string
+              example: request
+            transactionName:
+              description: The APM transaction name or "*"
+              type: string
+              example: GET /my/api
+            filter:
+              description: KQL query used for filtering the data
+              type: string
+              example: 'service.foo : "bar"'
+            index:
+              description: The index used by APM metrics
+              type: string
+              example: metrics-apm*,apm*
+            threshold:
+              description: The latency threshold in milliseconds
+              type: number
+              example: 250
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.apm.transactionDuration
+    SLOs_indicator_properties_custom_metric:
+      title: Custom metric
+      required:
+        - type
+        - params
+      description: Defines properties for a custom metric indicator type
+      type: object
+      properties:
+        params:
+          description: An object containing the indicator parameters.
+          type: object
+          nullable: false
+          required:
+            - index
+            - timestampField
+            - good
+            - total
+          properties:
+            index:
+              description: The index or index pattern to use
+              type: string
+              example: my-service-*
+            dataViewId:
+              description: >-
+                The kibana data view id to use, primarily used to include data
+                view runtime mappings. Make sure to save SLO again if you
+                add/update run time fields to the data view and if those fields
+                are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
+            filter:
+              description: the KQL query to filter the documents with.
+              type: string
+              example: 'field.environment : "production" and service.name : "my-service"'
+            timestampField:
+              description: |
+                The timestamp field used in the source indice.
+              type: string
+              example: timestamp
+            good:
+              description: |
+                An object defining the "good" metrics and equation
+              type: object
+              required:
+                - metrics
+                - equation
+              properties:
+                metrics:
+                  description: >-
+                    List of metrics with their name, aggregation type, and
+                    field.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - name
+                      - aggregation
+                      - field
+                    properties:
+                      name:
+                        description: The name of the metric. Only valid options are A-Z
+                        type: string
+                        example: A
+                        pattern: ^[A-Z]$
+                      aggregation:
+                        description: >-
+                          The aggregation type of the metric. Only valid option
+                          is "sum"
+                        type: string
+                        example: sum
+                        enum:
+                          - sum
+                      field:
+                        description: The field of the metric.
+                        type: string
+                        example: processor.processed
+                      filter:
+                        description: The filter to apply to the metric.
+                        type: string
+                        example: 'processor.outcome: "success"'
+                equation:
+                  description: The equation to calculate the "good" metric.
+                  type: string
+                  example: A
+            total:
+              description: |
+                An object defining the "total" metrics and equation
+              type: object
+              required:
+                - metrics
+                - equation
+              properties:
+                metrics:
+                  description: >-
+                    List of metrics with their name, aggregation type, and
+                    field.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - name
+                      - aggregation
+                      - field
+                    properties:
+                      name:
+                        description: The name of the metric. Only valid options are A-Z
+                        type: string
+                        example: A
+                        pattern: ^[A-Z]$
+                      aggregation:
+                        description: >-
+                          The aggregation type of the metric. Only valid option
+                          is "sum"
+                        type: string
+                        example: sum
+                        enum:
+                          - sum
+                      field:
+                        description: The field of the metric.
+                        type: string
+                        example: processor.processed
+                      filter:
+                        description: The filter to apply to the metric.
+                        type: string
+                        example: 'processor.outcome: *'
+                equation:
+                  description: The equation to calculate the "total" metric.
+                  type: string
+                  example: A
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.metric.custom
+    SLOs_indicator_properties_histogram:
+      title: Histogram indicator
+      required:
+        - type
+        - params
+      description: Defines properties for a histogram indicator type
       type: object
       properties:
-        data_view:
+        params:
+          description: An object containing the indicator parameters.
           type: object
+          nullable: false
+          required:
+            - index
+            - timestampField
+            - good
+            - total
           properties:
-            allowNoIndex:
-              $ref: '#/components/schemas/Data_views_allownoindex'
-            fieldAttrs:
-              $ref: '#/components/schemas/Data_views_fieldattrs'
-            fieldFormats:
-              $ref: '#/components/schemas/Data_views_fieldformats'
-            fields:
-              type: object
-            id:
+            index:
+              description: The index or index pattern to use
               type: string
-              example: ff959d40-b880-11e8-a6d9-e546fe2bba5f
-            name:
+              example: my-service-*
+            dataViewId:
+              description: >-
+                The kibana data view id to use, primarily used to include data
+                view runtime mappings. Make sure to save SLO again if you
+                add/update run time fields to the data view and if those fields
+                are being used in slo queries.
               type: string
-              description: The data view name.
-            namespaces:
-              $ref: '#/components/schemas/Data_views_namespaces'
-            runtimeFieldMap:
-              $ref: '#/components/schemas/Data_views_runtimefieldmap'
-            sourceFilters:
-              $ref: '#/components/schemas/Data_views_sourcefilters'
-            timeFieldName:
-              $ref: '#/components/schemas/Data_views_timefieldname'
-            title:
-              $ref: '#/components/schemas/Data_views_title'
-            typeMeta:
-              $ref: '#/components/schemas/Data_views_typemeta'
-            version:
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
+            filter:
+              description: the KQL query to filter the documents with.
               type: string
-              example: WzQ2LDJd
-    Data_views_404_response:
+              example: 'field.environment : "production" and service.name : "my-service"'
+            timestampField:
+              description: |
+                The timestamp field used in the source indice.
+              type: string
+              example: timestamp
+            good:
+              description: |
+                An object defining the "good" events
+              type: object
+              required:
+                - aggregation
+                - field
+              properties:
+                field:
+                  description: The field use to aggregate the good events.
+                  type: string
+                  example: processor.latency
+                aggregation:
+                  description: The type of aggregation to use.
+                  type: string
+                  example: value_count
+                  enum:
+                    - value_count
+                    - range
+                filter:
+                  description: The filter for good events.
+                  type: string
+                  example: 'processor.outcome: "success"'
+                from:
+                  description: >-
+                    The starting value of the range. Only required for "range"
+                    aggregations.
+                  type: number
+                  example: 0
+                to:
+                  description: >-
+                    The ending value of the range. Only required for "range"
+                    aggregations.
+                  type: number
+                  example: 100
+            total:
+              description: |
+                An object defining the "total" events
+              type: object
+              required:
+                - aggregation
+                - field
+              properties:
+                field:
+                  description: The field use to aggregate the good events.
+                  type: string
+                  example: processor.latency
+                aggregation:
+                  description: The type of aggregation to use.
+                  type: string
+                  example: value_count
+                  enum:
+                    - value_count
+                    - range
+                filter:
+                  description: The filter for total events.
+                  type: string
+                  example: 'processor.outcome : *'
+                from:
+                  description: >-
+                    The starting value of the range. Only required for "range"
+                    aggregations.
+                  type: number
+                  example: 0
+                to:
+                  description: >-
+                    The ending value of the range. Only required for "range"
+                    aggregations.
+                  type: number
+                  example: 100
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.histogram.custom
+    SLOs_timeslice_metric_basic_metric_with_field:
+      title: Timeslice Metric Basic Metric with Field
+      required:
+        - name
+        - aggregation
+        - field
       type: object
       properties:
-        error:
+        name:
+          description: The name of the metric. Only valid options are A-Z
           type: string
-          example: Not Found
-          enum:
-            - Not Found
-        message:
+          example: A
+          pattern: ^[A-Z]$
+        aggregation:
+          description: The aggregation type of the metric.
           type: string
-          example: >-
-            Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00]
-            not found
-        statusCode:
-          type: integer
-          example: 404
+          example: sum
           enum:
-            - 404
-    Data_views_update_data_view_request_object:
-      title: Update data view request
-      type: object
+            - sum
+            - avg
+            - min
+            - max
+            - std_deviation
+            - last_value
+            - cardinality
+        field:
+          description: The field of the metric.
+          type: string
+          example: processor.processed
+        filter:
+          description: The filter to apply to the metric.
+          type: string
+          example: 'processor.outcome: "success"'
+    SLOs_timeslice_metric_percentile_metric:
+      title: Timeslice Metric Percentile Metric
       required:
-        - data_view
-      properties:
-        data_view:
-          type: object
-          description: >
-            The data view properties you want to update. Only the specified
-            properties are updated in the data view. Unspecified fields stay as
-            they are persisted.
-          properties:
-            allowNoIndex:
-              $ref: '#/components/schemas/Data_views_allownoindex'
-            fieldFormats:
-              $ref: '#/components/schemas/Data_views_fieldformats'
-            fields:
-              type: object
-            name:
-              type: string
-            runtimeFieldMap:
-              $ref: '#/components/schemas/Data_views_runtimefieldmap'
-            sourceFilters:
-              $ref: '#/components/schemas/Data_views_sourcefilters'
-            timeFieldName:
-              $ref: '#/components/schemas/Data_views_timefieldname'
-            title:
-              $ref: '#/components/schemas/Data_views_title'
-            type:
-              $ref: '#/components/schemas/Data_views_type'
-            typeMeta:
-              $ref: '#/components/schemas/Data_views_typemeta'
-        refresh_fields:
-          type: boolean
-          description: Reloads the data view fields after the data view is updated.
-          default: false
-    Machine_learning_APIs_mlSyncResponseSuccess:
-      type: boolean
-      description: The success or failure of the synchronization.
-    Machine_learning_APIs_mlSyncResponseAnomalyDetectors:
+        - name
+        - aggregation
+        - field
+        - percentile
       type: object
-      title: Sync API response for anomaly detection jobs
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are anomaly detection jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
       properties:
-        success:
-          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
-    Machine_learning_APIs_mlSyncResponseDatafeeds:
+        name:
+          description: The name of the metric. Only valid options are A-Z
+          type: string
+          example: A
+          pattern: ^[A-Z]$
+        aggregation:
+          description: >-
+            The aggregation type of the metric. Only valid option is
+            "percentile"
+          type: string
+          example: percentile
+          enum:
+            - percentile
+        field:
+          description: The field of the metric.
+          type: string
+          example: processor.processed
+        percentile:
+          description: The percentile value.
+          type: number
+          example: 95
+        filter:
+          description: The filter to apply to the metric.
+          type: string
+          example: 'processor.outcome: "success"'
+    SLOs_timeslice_metric_doc_count_metric:
+      title: Timeslice Metric Doc Count Metric
+      required:
+        - name
+        - aggregation
       type: object
-      title: Sync API response for datafeeds
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are datafeeds affected by the synchronization. There
-        is an object for each relevant datafeed, which contains the
-        synchronization status.
       properties:
-        success:
-          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
-    Machine_learning_APIs_mlSyncResponseDataFrameAnalytics:
+        name:
+          description: The name of the metric. Only valid options are A-Z
+          type: string
+          example: A
+          pattern: ^[A-Z]$
+        aggregation:
+          description: The aggregation type of the metric. Only valid option is "doc_count"
+          type: string
+          example: doc_count
+          enum:
+            - doc_count
+        filter:
+          description: The filter to apply to the metric.
+          type: string
+          example: 'processor.outcome: "success"'
+    SLOs_indicator_properties_timeslice_metric:
+      title: Timeslice metric
+      required:
+        - type
+        - params
+      description: Defines properties for a timeslice metric indicator type
       type: object
-      title: Sync API response for data frame analytics jobs
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are data frame analytics jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
       properties:
-        success:
-          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
-    Machine_learning_APIs_mlSyncResponseSavedObjectsCreated:
+        params:
+          description: An object containing the indicator parameters.
+          type: object
+          nullable: false
+          required:
+            - index
+            - timestampField
+            - metric
+          properties:
+            index:
+              description: The index or index pattern to use
+              type: string
+              example: my-service-*
+            dataViewId:
+              description: >-
+                The kibana data view id to use, primarily used to include data
+                view runtime mappings. Make sure to save SLO again if you
+                add/update run time fields to the data view and if those fields
+                are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
+            filter:
+              description: the KQL query to filter the documents with.
+              type: string
+              example: 'field.environment : "production" and service.name : "my-service"'
+            timestampField:
+              description: |
+                The timestamp field used in the source indice.
+              type: string
+              example: timestamp
+            metric:
+              description: >
+                An object defining the metrics, equation, and threshold to
+                determine if it's a good slice or not
+              type: object
+              required:
+                - metrics
+                - equation
+                - comparator
+                - threshold
+              properties:
+                metrics:
+                  description: >-
+                    List of metrics with their name, aggregation type, and
+                    field.
+                  type: array
+                  items:
+                    anyOf:
+                      - $ref: >-
+                          #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field
+                      - $ref: >-
+                          #/components/schemas/SLOs_timeslice_metric_percentile_metric
+                      - $ref: >-
+                          #/components/schemas/SLOs_timeslice_metric_doc_count_metric
+                equation:
+                  description: The equation to calculate the metric.
+                  type: string
+                  example: A
+                comparator:
+                  description: >-
+                    The comparator to use to compare the equation to the
+                    threshold.
+                  type: string
+                  example: GT
+                  enum:
+                    - GT
+                    - GTE
+                    - LT
+                    - LTE
+                threshold:
+                  description: >-
+                    The threshold used to determine if the metric is a good
+                    slice or not.
+                  type: number
+                  example: 100
+        type:
+          description: The type of indicator.
+          type: string
+          example: sli.metric.timeslice
+    SLOs_time_window:
+      title: Time window
+      required:
+        - duration
+        - type
+      description: Defines properties for the SLO time window
       type: object
-      title: Sync API response for created saved objects
-      description: >-
-        If saved objects are missing for machine learning jobs or trained
-        models, they are created when you run the sync machine learning saved
-        objects API.
       properties:
-        anomaly-detector:
-          type: object
+        duration:
           description: >-
-            If saved objects are missing for anomaly detection jobs, they are
-            created.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-        data-frame-analytics:
-          type: object
+            the duration formatted as {duration}{unit}. Accepted values for
+            rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w
+            (weekly) or 1M (monthly)
+          type: string
+          example: 30d
+        type:
           description: >-
-            If saved objects are missing for data frame analytics jobs, they are
-            created.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-        trained-model:
-          type: object
-          description: If saved objects are missing for trained models, they are created.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
-    Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted:
+            Indicates weither the time window is a rolling or a calendar aligned
+            time window.
+          type: string
+          example: rolling
+          enum:
+            - rolling
+            - calendarAligned
+    SLOs_budgeting_method:
+      title: Budgeting method
+      type: string
+      description: The budgeting method to use when computing the rollup data.
+      enum:
+        - occurrences
+        - timeslices
+      example: occurrences
+    SLOs_objective:
+      title: Objective
+      required:
+        - target
+      description: Defines properties for the SLO objective
       type: object
-      title: Sync API response for deleted saved objects
-      description: >-
-        If saved objects exist for machine learning jobs or trained models that
-        no longer exist, they are deleted when you run the sync machine learning
-        saved objects API.
       properties:
-        anomaly-detector:
-          type: object
-          description: >-
-            If there are saved objects exist for nonexistent anomaly detection
-            jobs, they are deleted.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-        data-frame-analytics:
-          type: object
+        target:
+          description: the target objective between 0 and 1 excluded
+          type: number
+          minimum: 0
+          maximum: 100
+          exclusiveMinimum: true
+          exclusiveMaximum: true
+          example: 0.99
+        timesliceTarget:
           description: >-
-            If there are saved objects exist for nonexistent data frame
-            analytics jobs, they are deleted.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-        trained-model:
-          type: object
+            the target objective for each slice when using a timeslices
+            budgeting method
+          type: number
+          minimum: 0
+          maximum: 100
+          example: 0.995
+        timesliceWindow:
           description: >-
-            If there are saved objects exist for nonexistent trained models,
-            they are deleted.
-          additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
-    Machine_learning_APIs_mlSyncResponseTrainedModels:
+            the duration of each slice when using a timeslices budgeting method,
+            as {duraton}{unit}
+          type: string
+          example: 5m
+    SLOs_settings:
+      title: Settings
+      description: Defines properties for SLO settings.
       type: object
-      title: Sync API response for trained models
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are trained models affected by the synchronization.
-        There is an object for each relevant trained model, which contains the
-        synchronization status.
       properties:
-        success:
-          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
-    Machine_learning_APIs_mlSync200Response:
+        syncDelay:
+          description: The synch delay to apply to the transform. Default 1m
+          type: string
+          default: 1m
+          example: 5m
+        frequency:
+          description: Configure how often the transform runs, default 1m
+          type: string
+          default: 1m
+          example: 5m
+        preventInitialBackfill:
+          description: Prevents the transform from backfilling data when it starts.
+          type: boolean
+          default: false
+          example: true
+    SLOs_summary_status:
+      title: summary status
+      type: string
+      enum:
+        - NO_DATA
+        - HEALTHY
+        - DEGRADING
+        - VIOLATED
+      example: HEALTHY
+    SLOs_error_budget:
+      title: Error budget
       type: object
-      title: Successful sync API response
+      required:
+        - initial
+        - consumed
+        - remaining
+        - isEstimated
       properties:
-        datafeedsAdded:
-          type: object
-          description: >-
-            If a saved object for an anomaly detection job is missing a datafeed
-            identifier, it is added when you run the sync machine learning saved
-            objects API.
-          additionalProperties:
-            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-        datafeedsRemoved:
-          type: object
+        initial:
+          type: number
+          description: The initial error budget, as 1 - objective
+          example: 0.02
+        consumed:
+          type: number
+          description: The error budget consummed, as a percentage of the initial value.
+          example: 0.8
+        remaining:
+          type: number
+          description: The error budget remaining, as a percentage of the initial value.
+          example: 0.2
+        isEstimated:
+          type: boolean
           description: >-
-            If a saved object for an anomaly detection job references a datafeed
-            that no longer exists, it is deleted when you run the sync machine
-            learning saved objects API.
-          additionalProperties:
-            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-        savedObjectsCreated:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated
-        savedObjectsDeleted:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted
-    Machine_learning_APIs_mlSync4xxResponse:
+            Only for SLO defined with occurrences budgeting method and calendar
+            aligned time window.
+          example: true
+    SLOs_summary:
+      title: Summary
       type: object
-      title: Unsuccessful sync API response
+      description: The SLO computed data
+      required:
+        - status
+        - sliValue
+        - errorBudget
+      properties:
+        status:
+          $ref: '#/components/schemas/SLOs_summary_status'
+        sliValue:
+          type: number
+          example: 0.9836
+        errorBudget:
+          $ref: '#/components/schemas/SLOs_error_budget'
+    SLOs_slo_with_summary_response:
+      title: SLO response
+      type: object
+      required:
+        - id
+        - name
+        - description
+        - indicator
+        - timeWindow
+        - budgetingMethod
+        - objective
+        - settings
+        - revision
+        - summary
+        - enabled
+        - groupBy
+        - instanceId
+        - tags
+        - createdAt
+        - updatedAt
+        - version
+      properties:
+        id:
+          description: The identifier of the SLO.
+          type: string
+          example: 8853df00-ae2e-11ed-90af-09bb6422b258
+        name:
+          description: The name of the SLO.
+          type: string
+          example: My Service SLO
+        description:
+          description: The description of the SLO.
+          type: string
+          example: My SLO description
+        indicator:
+          discriminator:
+            propertyName: type
+            mapping:
+              sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+              sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+              sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+              sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+              sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram'
+              sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
+          oneOf:
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_histogram'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
+        timeWindow:
+          $ref: '#/components/schemas/SLOs_time_window'
+        budgetingMethod:
+          $ref: '#/components/schemas/SLOs_budgeting_method'
+        objective:
+          $ref: '#/components/schemas/SLOs_objective'
+        settings:
+          $ref: '#/components/schemas/SLOs_settings'
+        revision:
+          description: The SLO revision
+          type: number
+          example: 2
+        summary:
+          $ref: '#/components/schemas/SLOs_summary'
+        enabled:
+          description: Indicate if the SLO is enabled
+          type: boolean
+          example: true
+        groupBy:
+          description: optional group by field to use to generate an SLO per distinct value
+          type: string
+          example: some.field
+        instanceId:
+          description: the value derived from the groupBy field, if present, otherwise '*'
+          type: string
+          example: host-abcde
+        tags:
+          description: List of tags
+          type: array
+          items:
+            type: string
+        createdAt:
+          description: The creation date
+          type: string
+          example: '2023-01-12T10:03:19.000Z'
+        updatedAt:
+          description: The last update date
+          type: string
+          example: '2023-01-12T10:03:19.000Z'
+        version:
+          description: The internal SLO version
+          type: number
+          example: 2
+    SLOs_find_slo_response:
+      title: Find SLO response
+      description: |
+        A paginated response of SLOs matching the query.
+      type: object
+      properties:
+        page:
+          type: number
+          example: 1
+        perPage:
+          type: number
+          example: 25
+        total:
+          type: number
+          example: 34
+        results:
+          type: array
+          items:
+            $ref: '#/components/schemas/SLOs_slo_with_summary_response'
+    SLOs_400_response:
+      title: Bad request
+      type: object
+      required:
+        - statusCode
+        - error
+        - message
       properties:
+        statusCode:
+          type: number
+          example: 400
         error:
           type: string
-          example: Unauthorized
+          example: Bad Request
         message:
           type: string
+          example: 'Invalid value ''foo'' supplied to: [...]'
+    SLOs_401_response:
+      title: Unauthorized
+      type: object
+      required:
+        - statusCode
+        - error
+        - message
+      properties:
         statusCode:
-          type: integer
+          type: number
           example: 401
-    Serverless_saved_objects_400_response:
-      title: Bad request
+        error:
+          type: string
+          example: Unauthorized
+        message:
+          type: string
+          example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]"
+    SLOs_403_response:
+      title: Unauthorized
       type: object
       required:
+        - statusCode
         - error
         - message
+      properties:
+        statusCode:
+          type: number
+          example: 403
+        error:
+          type: string
+          example: Unauthorized
+        message:
+          type: string
+          example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]"
+    SLOs_404_response:
+      title: Not found
+      type: object
+      required:
         - statusCode
+        - error
+        - message
       properties:
+        statusCode:
+          type: number
+          example: 404
         error:
           type: string
-          enum:
-            - Bad Request
+          example: Not Found
         message:
           type: string
+          example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found
+    SLOs_create_slo_request:
+      title: Create SLO request
+      description: >
+        The create SLO API request body varies depending on the type of
+        indicator, time window and budgeting method.
+      type: object
+      required:
+        - name
+        - description
+        - indicator
+        - timeWindow
+        - budgetingMethod
+        - objective
+      properties:
+        id:
+          description: >-
+            A optional and unique identifier for the SLO. Must be between 8 and
+            36 chars
+          type: string
+          example: my-super-slo-id
+        name:
+          description: A name for the SLO.
+          type: string
+        description:
+          description: A description for the SLO.
+          type: string
+        indicator:
+          oneOf:
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_histogram'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
+        timeWindow:
+          $ref: '#/components/schemas/SLOs_time_window'
+        budgetingMethod:
+          $ref: '#/components/schemas/SLOs_budgeting_method'
+        objective:
+          $ref: '#/components/schemas/SLOs_objective'
+        settings:
+          $ref: '#/components/schemas/SLOs_settings'
+        groupBy:
+          description: optional group by field to use to generate an SLO per distinct value
+          type: string
+          example: some.field
+        tags:
+          description: List of tags
+          type: array
+          items:
+            type: string
+    SLOs_create_slo_response:
+      title: Create SLO response
+      type: object
+      required:
+        - id
+      properties:
+        id:
+          type: string
+          example: 8853df00-ae2e-11ed-90af-09bb6422b258
+    SLOs_409_response:
+      title: Conflict
+      type: object
+      required:
+        - statusCode
+        - error
+        - message
+      properties:
         statusCode:
-          type: integer
-          enum:
-            - 400
-    Serverless_saved_objects_export_objects_request:
+          type: number
+          example: 409
+        error:
+          type: string
+          example: Conflict
+        message:
+          type: string
+          example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists
+    SLOs_update_slo_request:
+      title: Update SLO request
+      description: >
+        The update SLO API request body varies depending on the type of
+        indicator, time window and budgeting method. Partial update is handled.
       type: object
       properties:
-        excludeExportDetails:
-          description: Do not add export details entry at the end of the stream.
-          type: boolean
-          default: false
-        includeReferencesDeep:
-          description: Includes all of the referenced objects in the exported objects.
-          type: boolean
-        objects:
-          description: A list of objects to export.
+        name:
+          description: A name for the SLO.
+          type: string
+        description:
+          description: A description for the SLO.
+          type: string
+        indicator:
+          oneOf:
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_histogram'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
+        timeWindow:
+          $ref: '#/components/schemas/SLOs_time_window'
+        budgetingMethod:
+          $ref: '#/components/schemas/SLOs_budgeting_method'
+        objective:
+          $ref: '#/components/schemas/SLOs_objective'
+        settings:
+          $ref: '#/components/schemas/SLOs_settings'
+        tags:
+          description: List of tags
           type: array
           items:
-            type: object
-        type:
-          description: >-
-            The saved object types to include in the export. Use `*` to export
-            all the types.
+            type: string
+    SLOs_slo_definition_response:
+      title: SLO definition response
+      type: object
+      required:
+        - id
+        - name
+        - description
+        - indicator
+        - timeWindow
+        - budgetingMethod
+        - objective
+        - settings
+        - revision
+        - enabled
+        - groupBy
+        - tags
+        - createdAt
+        - updatedAt
+        - version
+      properties:
+        id:
+          description: The identifier of the SLO.
+          type: string
+          example: 8853df00-ae2e-11ed-90af-09bb6422b258
+        name:
+          description: The name of the SLO.
+          type: string
+          example: My Service SLO
+        description:
+          description: The description of the SLO.
+          type: string
+          example: My SLO description
+        indicator:
+          discriminator:
+            propertyName: type
+            mapping:
+              sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+              sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+              sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+              sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+              sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram'
+              sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
           oneOf:
-            - type: string
-            - type: array
-              items:
-                type: string
-    Serverless_saved_objects_import_objects_request:
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_histogram'
+            - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric'
+        timeWindow:
+          $ref: '#/components/schemas/SLOs_time_window'
+        budgetingMethod:
+          $ref: '#/components/schemas/SLOs_budgeting_method'
+        objective:
+          $ref: '#/components/schemas/SLOs_objective'
+        settings:
+          $ref: '#/components/schemas/SLOs_settings'
+        revision:
+          description: The SLO revision
+          type: number
+          example: 2
+        enabled:
+          description: Indicate if the SLO is enabled
+          type: boolean
+          example: true
+        groupBy:
+          description: optional group by field to use to generate an SLO per distinct value
+          type: string
+          example: some.field
+        tags:
+          description: List of tags
+          type: array
+          items:
+            type: string
+        createdAt:
+          description: The creation date
+          type: string
+          example: '2023-01-12T10:03:19.000Z'
+        updatedAt:
+          description: The last update date
+          type: string
+          example: '2023-01-12T10:03:19.000Z'
+        version:
+          description: The internal SLO version
+          type: number
+          example: 2
+    SLOs_historical_summary_request:
+      title: Historical summary request
       type: object
+      required:
+        - list
       properties:
-        file:
-          description: >
-            A file exported using the export API. NOTE: The
-            `savedObjects.maxImportExportSize` configuration setting limits the
-            number of saved objects which may be included in this file.
-            Similarly, the `savedObjects.maxImportPayloadBytes` setting limits
-            the overall size of the file that can be imported.
-    Serverless_saved_objects_200_import_objects_response:
+        list:
+          description: The list of SLO identifiers to get the historical summary for
+          type: array
+          items:
+            type: string
+            example: 8853df00-ae2e-11ed-90af-09bb6422b258
+    SLOs_historical_summary_response:
+      title: Historical summary response
+      type: object
+      additionalProperties:
+        type: array
+        items:
+          type: object
+          properties:
+            date:
+              type: string
+              example: '2022-01-01T00:00:00.000Z'
+            status:
+              $ref: '#/components/schemas/SLOs_summary_status'
+            sliValue:
+              type: number
+              example: 0.9836
+            errorBudget:
+              $ref: '#/components/schemas/SLOs_error_budget'
+    SLOs_find_slo_definitions_response:
+      title: Find SLO definitions response
+      description: |
+        A paginated response of SLO definitions matching the query.
       type: object
       properties:
-        success:
-          type: boolean
-          description: >
-            Indicates when the import was successfully completed. When set to
-            false, some objects may not have been created. For additional
-            information, refer to the `errors` and `successResults` properties.
-        successCount:
-          type: integer
-          description: Indicates the number of successfully imported records.
-        errors:
+        page:
+          type: number
+          example: 2
+        perPage:
+          type: number
+          example: 100
+        total:
+          type: number
+          example: 123
+        results:
           type: array
           items:
-            type: object
-          description: >
-            Indicates the import was unsuccessful and specifies the objects that
-            failed to import.
-
-
-            NOTE: One object may result in multiple errors, which requires
-            separate steps to resolve. For instance, a `missing_references`
-            error and conflict error.
-        successResults:
+            $ref: '#/components/schemas/SLOs_slo_definition_response'
+    SLOs_delete_slo_instances_request:
+      title: Delete SLO instances request
+      description: >
+        The delete SLO instances request takes a list of SLO id and instance id,
+        then delete the rollup and summary data. This API can be used to remove
+        the staled data of an instance SLO that no longer get updated.
+      type: object
+      required:
+        - list
+      properties:
+        list:
+          description: An array of slo id and instance id
           type: array
           items:
             type: object
-          description: >
-            Indicates the objects that are successfully imported, with any
-            metadata if applicable.
-
-
-            NOTE: Objects are created only when all resolvable errors are
-            addressed, including conflicts and missing references. If objects
-            are created as new copies, each entry in the `successResults` array
-            includes a `destinationId` attribute.
+            required:
+              - sloId
+              - instanceId
+            properties:
+              sloId:
+                description: The SLO unique identifier
+                type: string
+                example: 8853df00-ae2e-11ed-90af-09bb6422b258
+              instanceId:
+                description: The SLO instance identifier
+                type: string
+                example: 8853df00-ae2e-11ed-90af-09bb6422b258
   examples:
     Connectors_create_email_connector_request:
       summary: Create an email connector.
@@ -7392,3 +9255,6 @@ x-tagGroups:
   - name: Serverless saved objects
     tags:
       - saved objects
+  - name: SLOs
+    tags:
+      - slo
diff --git a/oas_docs/makefile b/oas_docs/makefile
index 805da0b6218a7..da353781351b0 100644
--- a/oas_docs/makefile
+++ b/oas_docs/makefile
@@ -15,7 +15,7 @@
 
 .PHONY: api-docs
 api-docs: ## Generate kibana.serverless.yaml
-	@npx @redocly/cli join "kibana.info.serverless.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml" "../packages/core/saved-objects/docs/openapi/bundled_serverless.yaml" -o "kibana.serverless.yaml" --prefix-components-with-info-prop title
+	@npx @redocly/cli join "kibana.info.serverless.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml" "../packages/core/saved-objects/docs/openapi/bundled_serverless.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" -o "kibana.serverless.yaml" --prefix-components-with-info-prop title
 
 .PHONY: api-docs-lint
 api-docs-lint: ## Run spectral API docs linter
diff --git a/package.json b/package.json
index efd020e91df66..dfbfcd6bec3a3 100644
--- a/package.json
+++ b/package.json
@@ -96,20 +96,20 @@
   },
   "dependencies": {
     "@appland/sql-parser": "^1.5.1",
-    "@babel/runtime": "^7.24.4",
+    "@babel/runtime": "^7.24.7",
     "@cfworker/json-schema": "^1.12.7",
     "@dnd-kit/core": "^6.1.0",
     "@dnd-kit/sortable": "^8.0.0",
     "@dnd-kit/utilities": "^3.2.2",
-    "@elastic/apm-rum": "^5.16.0",
+    "@elastic/apm-rum": "^5.16.1",
     "@elastic/apm-rum-core": "^5.21.0",
-    "@elastic/apm-rum-react": "^2.0.2",
-    "@elastic/charts": "65.2.0",
+    "@elastic/apm-rum-react": "^2.0.3",
+    "@elastic/charts": "66.0.4",
     "@elastic/datemath": "5.0.3",
     "@elastic/ecs": "^8.11.1",
-    "@elastic/elasticsearch": "^8.13.1",
+    "@elastic/elasticsearch": "^8.14.0",
     "@elastic/ems-client": "8.5.1",
-    "@elastic/eui": "95.0.0-backport.0",
+    "@elastic/eui": "95.2.0",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "1.2.1",
     "@elastic/numeral": "^2.5.1",
@@ -176,7 +176,6 @@
     "@kbn/apm-utils": "link:packages/kbn-apm-utils",
     "@kbn/app-link-test-plugin": "link:test/plugin_functional/plugins/app_link_test",
     "@kbn/application-usage-test-plugin": "link:x-pack/test/usage_collection/plugins/application_usage_test",
-    "@kbn/assetManager-plugin": "link:x-pack/plugins/observability_solution/asset_manager",
     "@kbn/assets-data-access-plugin": "link:x-pack/plugins/observability_solution/assets_data_access",
     "@kbn/audit-log-plugin": "link:x-pack/test/security_api_integration/plugins/audit_log",
     "@kbn/banners-plugin": "link:x-pack/plugins/banners",
@@ -446,6 +445,7 @@
     "@kbn/encrypted-saved-objects-plugin": "link:x-pack/plugins/encrypted_saved_objects",
     "@kbn/enterprise-search-plugin": "link:x-pack/plugins/enterprise_search",
     "@kbn/entities-schema": "link:x-pack/packages/kbn-entities-schema",
+    "@kbn/entityManager-plugin": "link:x-pack/plugins/observability_solution/entity_manager",
     "@kbn/error-boundary-example-plugin": "link:examples/error_boundary",
     "@kbn/es-errors": "link:packages/kbn-es-errors",
     "@kbn/es-query": "link:packages/kbn-es-query",
@@ -544,6 +544,7 @@
     "@kbn/investigate-plugin": "link:x-pack/plugins/observability_solution/investigate",
     "@kbn/io-ts-utils": "link:packages/kbn-io-ts-utils",
     "@kbn/ipynb": "link:packages/kbn-ipynb",
+    "@kbn/json-schemas": "link:x-pack/packages/ml/json_schemas",
     "@kbn/kbn-health-gateway-status-plugin": "link:test/health_gateway/plugins/status",
     "@kbn/kbn-sample-panel-action-plugin": "link:test/plugin_functional/plugins/kbn_sample_panel_action",
     "@kbn/kbn-top-nav-plugin": "link:test/plugin_functional/plugins/kbn_top_nav",
@@ -694,6 +695,7 @@
     "@kbn/response-ops-feature-flag-service": "link:packages/response-ops/feature_flag_service",
     "@kbn/response-stream-plugin": "link:examples/response_stream",
     "@kbn/rison": "link:packages/kbn-rison",
+    "@kbn/rollup": "link:x-pack/packages/rollup",
     "@kbn/rollup-plugin": "link:x-pack/plugins/rollup",
     "@kbn/router-to-openapispec": "link:packages/kbn-router-to-openapispec",
     "@kbn/router-utils": "link:packages/kbn-router-utils",
@@ -735,6 +737,8 @@
     "@kbn/search-response-warnings": "link:packages/kbn-search-response-warnings",
     "@kbn/search-types": "link:packages/kbn-search-types",
     "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler",
+    "@kbn/security-api-key-management": "link:x-pack/packages/security/api_key_management",
+    "@kbn/security-form-components": "link:x-pack/packages/security/form_components",
     "@kbn/security-hardening": "link:packages/kbn-security-hardening",
     "@kbn/security-plugin": "link:x-pack/plugins/security",
     "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common",
@@ -933,7 +937,7 @@
     "@langchain/langgraph": "^0.0.23",
     "@langchain/openai": "^0.0.34",
     "@langtrase/trace-attributes": "^3.0.8",
-    "@launchdarkly/node-server-sdk": "^9.4.5",
+    "@launchdarkly/node-server-sdk": "^9.4.6",
     "@loaders.gl/core": "^3.4.7",
     "@loaders.gl/json": "^3.4.7",
     "@loaders.gl/shapefile": "^3.4.7",
@@ -998,7 +1002,7 @@
     "compare-versions": "3.5.1",
     "constate": "^3.3.2",
     "copy-to-clipboard": "^3.0.8",
-    "core-js": "^3.36.0",
+    "core-js": "^3.37.1",
     "cronstrue": "^1.51.0",
     "css-box-model": "^1.2.1",
     "css.escape": "^1.5.1",
@@ -1033,7 +1037,7 @@
     "flat": "5",
     "fnv-plus": "^1.3.1",
     "font-awesome": "4.7.0",
-    "formik": "^2.4.5",
+    "formik": "^2.4.6",
     "fp-ts": "^2.3.1",
     "get-port": "^5.0.0",
     "getopts": "^2.2.5",
@@ -1054,8 +1058,8 @@
     "io-ts": "^2.0.5",
     "ipaddr.js": "2.0.0",
     "isbinaryfile": "4.0.2",
-    "joi": "^17.7.1",
-    "joi-to-json": "^4.2.1",
+    "joi": "^17.13.3",
+    "joi-to-json": "^4.3.0",
     "jquery": "^3.5.0",
     "js-levenshtein": "^1.1.6",
     "js-search": "^1.4.3",
@@ -1070,7 +1074,7 @@
     "kea": "^2.6.0",
     "langchain": "0.2.3",
     "langsmith": "^0.1.30",
-    "launchdarkly-js-client-sdk": "^3.3.0",
+    "launchdarkly-js-client-sdk": "^3.4.0",
     "launchdarkly-node-server-sdk": "^7.0.3",
     "load-json-file": "^6.2.0",
     "lodash": "^4.17.21",
@@ -1092,7 +1096,7 @@
     "mustache": "^2.3.2",
     "node-fetch": "^2.6.7",
     "node-forge": "^1.3.1",
-    "nodemailer": "^6.9.9",
+    "nodemailer": "^6.9.14",
     "normalize-path": "^3.0.0",
     "nunjucks": "^3.2.4",
     "object-hash": "^1.3.1",
@@ -1156,7 +1160,7 @@
     "remark-gfm": "1.0.0",
     "remark-parse-no-trim": "^8.0.4",
     "remark-stringify": "^8.0.3",
-    "require-in-the-middle": "^7.2.1",
+    "require-in-the-middle": "^7.3.0",
     "reselect": "^4.1.8",
     "resize-observer-polyfill": "1.5.1",
     "rison-node": "1.0.2",
@@ -1207,30 +1211,31 @@
   },
   "devDependencies": {
     "@apidevtools/swagger-parser": "^10.0.3",
-    "@babel/cli": "^7.24.1",
-    "@babel/core": "^7.24.4",
-    "@babel/eslint-parser": "^7.24.1",
-    "@babel/eslint-plugin": "^7.23.5",
-    "@babel/generator": "^7.24.4",
-    "@babel/helper-plugin-utils": "^7.24.0",
-    "@babel/parser": "^7.24.4",
-    "@babel/plugin-proposal-decorators": "^7.24.1",
+    "@babel/cli": "^7.24.7",
+    "@babel/core": "^7.24.7",
+    "@babel/eslint-parser": "^7.24.7",
+    "@babel/eslint-plugin": "^7.24.7",
+    "@babel/generator": "^7.24.7",
+    "@babel/helper-plugin-utils": "^7.24.7",
+    "@babel/parser": "^7.24.7",
+    "@babel/plugin-proposal-decorators": "^7.24.7",
     "@babel/plugin-proposal-export-namespace-from": "^7.18.9",
     "@babel/plugin-proposal-nullish-coalescing-operator": "^7.18.6",
     "@babel/plugin-proposal-object-rest-spread": "^7.20.7",
     "@babel/plugin-proposal-optional-chaining": "^7.21.0",
     "@babel/plugin-proposal-private-methods": "^7.18.6",
-    "@babel/plugin-transform-class-properties": "^7.24.1",
-    "@babel/plugin-transform-numeric-separator": "^7.24.1",
-    "@babel/plugin-transform-runtime": "^7.24.3",
-    "@babel/preset-env": "^7.24.4",
-    "@babel/preset-react": "^7.24.1",
-    "@babel/preset-typescript": "^7.24.1",
-    "@babel/register": "^7.23.7",
-    "@babel/traverse": "^7.24.1",
+    "@babel/plugin-transform-class-properties": "^7.24.7",
+    "@babel/plugin-transform-numeric-separator": "^7.24.7",
+    "@babel/plugin-transform-runtime": "^7.24.7",
+    "@babel/preset-env": "^7.24.7",
+    "@babel/preset-react": "^7.24.7",
+    "@babel/preset-typescript": "^7.24.7",
+    "@babel/register": "^7.24.6",
+    "@babel/traverse": "^7.24.7",
     "@babel/types": "7.21.2",
     "@bazel/ibazel": "^0.16.2",
     "@bazel/typescript": "4.6.2",
+    "@cypress/debugging-proxy": "2.0.1",
     "@cypress/grep": "^4.0.1",
     "@cypress/webpack-preprocessor": "^6.0.1",
     "@elastic/eslint-plugin-eui": "0.0.2",
@@ -1247,7 +1252,7 @@
     "@jest/reporters": "^29.6.1",
     "@jest/transform": "^29.6.1",
     "@jest/types": "^29.6.1",
-    "@kayahr/text-encoding": "^1.2.0",
+    "@kayahr/text-encoding": "^1.3.0",
     "@kbn/alerting-api-integration-helpers": "link:x-pack/test/alerting_api_integration/packages/helpers",
     "@kbn/ambient-common-types": "link:packages/kbn-ambient-common-types",
     "@kbn/ambient-ftr-types": "link:packages/kbn-ambient-ftr-types",
@@ -1395,7 +1400,7 @@
     "@mapbox/vector-tile": "1.3.1",
     "@octokit/rest": "^17.11.2",
     "@parcel/watcher": "^2.1.0",
-    "@redocly/cli": "^1.12.0",
+    "@redocly/cli": "^1.16.0",
     "@statoscope/webpack-plugin": "^5.28.2",
     "@storybook/addon-a11y": "^6.5.16",
     "@storybook/addon-actions": "^6.5.16",
@@ -1504,7 +1509,7 @@
     "@types/nock": "^10.0.3",
     "@types/node": "20.10.5",
     "@types/node-fetch": "2.6.4",
-    "@types/node-forge": "^1.3.10",
+    "@types/node-forge": "^1.3.11",
     "@types/nodemailer": "^6.4.0",
     "@types/normalize-path": "^3.0.0",
     "@types/nunjucks": "^3.2.6",
@@ -1537,7 +1542,7 @@
     "@types/redux-actions": "^2.6.1",
     "@types/resolve": "^1.20.1",
     "@types/seedrandom": ">=2.0.0 <4.0.0",
-    "@types/selenium-webdriver": "^4.1.22",
+    "@types/selenium-webdriver": "^4.1.23",
     "@types/semver": "^7",
     "@types/set-value": "^2.0.0",
     "@types/sinon": "^7.0.13",
@@ -1572,7 +1577,7 @@
     "@wojtekmaj/enzyme-adapter-react-17": "^0.6.7",
     "@yarnpkg/lockfile": "^1.1.0",
     "aggregate-error": "^3.1.0",
-    "apidoc-markdown": "^7.3.0",
+    "apidoc-markdown": "^7.3.2",
     "argsplit": "^1.0.5",
     "autoprefixer": "^10.4.7",
     "axe-core": "^4.9.0",
@@ -1589,7 +1594,7 @@
     "buildkite-test-collector": "^1.7.0",
     "callsites": "^3.1.0",
     "chance": "1.0.18",
-    "chromedriver": "^125.0.2",
+    "chromedriver": "^126.0.3",
     "clean-webpack-plugin": "^3.0.0",
     "cli-progress": "^3.12.0",
     "cli-table3": "^0.6.1",
@@ -1706,13 +1711,13 @@
     "q": "^1.5.1",
     "raw-loader": "^3.1.0",
     "react-test-renderer": "^17.0.2",
-    "recast": "^0.23.7",
+    "recast": "^0.23.9",
     "regenerate": "^1.4.0",
     "resolve": "^1.22.0",
     "rxjs-marbles": "^7.0.1",
-    "sass-embedded": "^1.71.1",
+    "sass-embedded": "^1.77.5",
     "sass-loader": "^10.5.1",
-    "selenium-webdriver": "^4.21.0",
+    "selenium-webdriver": "^4.22.0",
     "sharp": "0.32.6",
     "simple-git": "^3.16.0",
     "sinon": "^7.4.2",
@@ -1727,9 +1732,9 @@
     "svgo": "^2.8.0",
     "table": "^6.8.1",
     "tape": "^5.0.1",
-    "terser": "^5.29.1",
+    "terser": "^5.31.1",
     "terser-webpack-plugin": "^4.2.3",
-    "tough-cookie": "^4.1.3",
+    "tough-cookie": "^4.1.4",
     "tree-kill": "^1.2.2",
     "ts-morph": "^15.1.0",
     "tsd": "^0.20.0",
diff --git a/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.css b/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.css
index f5891b361bc43..3c790ec67216e 100644
--- a/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.css
+++ b/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.css
@@ -4324,14 +4324,12 @@ table .info a,
 .table-bordered > tfoot > tr > td {
   border: 1px solid #343741;
 }
-.form-control,
-input {
+.form-control {
   border-width: 1px;
   -webkit-box-shadow: none;
   box-shadow: none;
 }
-.form-control:focus,
-input:focus {
+.form-control:focus {
   -webkit-box-shadow: none;
   box-shadow: none;
 }
diff --git a/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.min.css b/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.min.css
index 052b0ee255004..eeb82303abd08 100644
--- a/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.min.css
+++ b/packages/core/apps/core-apps-server-internal/assets/legacy_dark_theme.min.css
@@ -2,4 +2,4 @@
  * Bootstrap v3.3.6 (http://getbootstrap.com)
  * Copyright 2011-2015 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
- */.container{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{min-height:1px;padding-left:15px;padding-right:15px;position:relative}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}.table{font-size:14px;margin-bottom:20px;max-width:100%;width:100%}.table thead{font-size:12px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{border-top:1px solid #343741;line-height:1.42857143;padding:8px;vertical-align:top}.table>thead>tr>th{border-bottom:1px solid #343741;vertical-align:bottom}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #343741}.table .table{background-color:#1d1e24}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{font-size:12px;padding:5px}.table-bordered{border:1px solid #343741}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-hover>tbody>tr:hover,.table-striped>tbody>tr:nth-of-type(odd){background-color:#343741}table col[class*=col-]{display:table-column;float:none;position:static}table td[class*=col-],table th[class*=col-]{display:table-cell;float:none;position:static}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#343741}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#292b33}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#7de2d1}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#68ddca}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#1ba9f5}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#0a9dec}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#ff977a}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#ff8361}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#f66}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#ff4c4c}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #343741;margin-bottom:15px;overflow-y:hidden;width:100%}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}.form-control{background-color:#1a1a20;background-image:none;border:1px solid #343741;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);color:#f5f7fa;display:block;font-size:14px;height:32px;line-height:1.42857143;padding:5px 15px;-webkit-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-o-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;width:100%}.form-control:focus{border-color:#1ba9f5;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #1ba9f599;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #1ba9f599;outline:0}.form-control::-moz-placeholder{color:#535966;opacity:1}.form-control:-ms-input-placeholder{color:#535966}.form-control::-webkit-input-placeholder{color:#535966}.form-control::-ms-expand{background-color:initial;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#343741;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}.form-group:not(:empty){margin-bottom:15px}.checkbox,.radio{display:block;margin-bottom:10px;margin-top:10px;position:relative}.checkbox label,.radio label{cursor:pointer;font-weight:400;margin-bottom:0;min-height:20px;padding-left:20px}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{margin-left:-20px;margin-top:4px\9;position:absolute}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{cursor:pointer;display:inline-block;font-weight:400;margin-bottom:0;padding-left:20px;position:relative;vertical-align:middle}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-left:10px;margin-top:0}.checkbox-inline.disabled,.checkbox.disabled label,.radio-inline.disabled,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio label,fieldset[disabled] .radio-inline{cursor:not-allowed}.form-control-static{margin-bottom:0;min-height:34px;padding-bottom:6px;padding-top:6px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-sm{height:32px;line-height:32px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}.form-group-sm select.form-control{height:32px;line-height:32px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{font-size:12px;height:32px;line-height:1.5;min-height:32px;padding:7px 9px}.input-lg{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-lg{height:62px;line-height:62px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}.form-group-lg select.form-control{height:62px;line-height:62px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{font-size:18px;height:62px;line-height:1.3333333;min-height:38px;padding:19px 27px}.has-feedback{position:relative}.has-feedback .form-control{padding-right:40px}.form-control-feedback{display:block;height:32px;line-height:32px;pointer-events:none;position:absolute;right:0;text-align:center;top:0;width:32px;z-index:2}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{height:62px;line-height:62px;width:62px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{height:32px;line-height:32px;width:32px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#1d1e24}.has-success .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-success .input-group-addon{background-color:#7de2d1;border-color:#1d1e24;color:#1d1e24}.has-success .form-control-feedback,.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#1d1e24}.has-warning .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-warning .input-group-addon{background-color:#ff977a;border-color:#1d1e24;color:#1d1e24}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label,.has-warning .form-control-feedback{color:#1d1e24}.has-error .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-error .input-group-addon{background-color:#f66;border-color:#1d1e24;color:#1d1e24}.has-error .form-control-feedback{color:#1d1e24}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{color:#fff;display:block;margin-bottom:10px;margin-top:5px}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;vertical-align:middle;width:auto}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{margin-left:0;position:relative}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{margin-bottom:0;margin-top:0;padding-top:6px}.form-horizontal .checkbox,.form-horizontal .radio{min-height:26px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{margin-bottom:0;padding-top:6px;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{font-size:18px;padding-top:19px}.form-horizontal .form-group-sm .control-label{font-size:12px;padding-top:7px}}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-muted{color:#3e434d}.text-primary{color:#f5f7fa}a.text-primary:focus,a.text-primary:hover{color:#d3dce9}.text-success{color:#1d1e24}a.text-success:focus,a.text-success:hover{color:#060608}.text-info{color:#1d1e24}a.text-info:focus,a.text-info:hover{color:#060608}.text-warning{color:#1d1e24}a.text-warning:focus,a.text-warning:hover{color:#060608}.text-danger{color:#1d1e24}a.text-danger:focus,a.text-danger:hover{color:#060608}.bg-info{background-color:#1ba9f5}a.bg-info:focus,a.bg-info:hover{background-color:#098dd4}.list-unstyled{list-style:none;padding-left:0}@media (min-width:0){.dl-horizontal dt{clear:left;float:left;overflow:hidden;text-align:right;text-overflow:ellipsis;white-space:nowrap;width:160px}.dl-horizontal dd{margin-left:180px}}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{height:0;overflow:hidden;position:relative;-webkit-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;transition-property:height,visibility;-webkit-transition-timing-function:ease;transition-timing-function:ease}.btn{background-image:none;border:1px solid #0000;border-radius:4px;cursor:pointer;display:inline-block;font-size:14px;font-weight:400;line-height:1.42857143;margin-bottom:0;padding:5px 15px;text-align:center;touch-action:manipulation;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;vertical-align:middle;white-space:nowrap}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{box-shadow:0 0 0 1px #fff,0 0 0 2px #0079a5}.btn.focus,.btn:focus,.btn:hover{color:#1d1e24;text-decoration:none}.btn.active,.btn:active{background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125);outline:0}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{-webkit-box-shadow:none;box-shadow:none;cursor:not-allowed;filter:alpha(opacity=65);opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{background-color:#1ba9f5;border-color:#1ba9f5;color:#1d1e24}.btn-default.focus,.btn-default:focus{background-color:#098dd4;border-color:#065c8a;color:#1d1e24}.btn-default.active,.btn-default:active,.btn-default:hover,.open>.dropdown-toggle.btn-default{background-color:#098dd4;border-color:#0987ca;color:#1d1e24}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{background-color:#0876b2;border-color:#065c8a;color:#1d1e24}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#1ba9f5;border-color:#1ba9f5}.btn-default .badge{background-color:#1d1e24;color:#1ba9f5}.btn-primary{background-color:#1ba9f5;border-color:#1ba9f5;color:#1d1e24}.btn-primary.focus,.btn-primary:focus{background-color:#098dd4;border-color:#065c8a;color:#1d1e24}.btn-primary.active,.btn-primary:active,.btn-primary:hover,.open>.dropdown-toggle.btn-primary{background-color:#098dd4;border-color:#0987ca;color:#1d1e24}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{background-color:#0876b2;border-color:#065c8a;color:#1d1e24}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#1ba9f5;border-color:#1ba9f5}.btn-primary .badge{background-color:#1d1e24;color:#1ba9f5}.btn-xs{border-radius:4px;font-size:12px;line-height:1.5;padding:1px 5px}.navbar{border:1px solid #0000;margin-bottom:0;min-height:45px;position:relative}@media (min-width:0){.navbar{border-radius:4px}.navbar-header{float:left}}.navbar-collapse{-webkit-overflow-scrolling:touch;border-top:1px solid #0000;box-shadow:inset 0 1px 0 #ffffff1a;overflow-x:visible;padding-left:10px;padding-right:10px}.navbar-collapse.in{overflow-y:auto}@media (min-width:0){.navbar-collapse{border-top:0;box-shadow:none;width:auto}.navbar-collapse.collapse{display:block!important;height:auto!important;overflow:visible!important;padding-bottom:0}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:-10px;margin-right:-10px}@media (min-width:0){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:0;margin-right:0}}.navbar-fixed-bottom,.navbar-fixed-top{left:0;position:fixed;right:0;z-index:1050}@media (min-width:0){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{border-width:0 0 1px;top:0}.navbar-fixed-bottom{border-width:1px 0 0;bottom:0;margin-bottom:0}.navbar-brand{float:left;font-size:18px;height:45px;line-height:20px;padding:12.5px 10px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:0){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-10px}}.navbar-toggle{background-color:initial;background-image:none;border:1px solid #0000;border-radius:4px;float:right;margin-bottom:5.5px;margin-right:10px;margin-top:5.5px;padding:9px 10px;position:relative}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{border-radius:1px;display:block;height:2px;width:22px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:0){.navbar-toggle{display:none}}.navbar-nav{margin:6.25px -10px}.navbar-nav>li>a{line-height:20px;padding-bottom:10px;padding-top:10px}@media (max-width:-1){.navbar-nav .open .dropdown-menu{background-color:initial;border:0;box-shadow:none;float:none;margin-top:0;position:static;width:auto}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:0){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-bottom:12.5px;padding-top:12.5px}}.navbar-form{border-bottom:1px solid #0000;border-top:1px solid #0000;-webkit-box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;margin:6.5px -10px;padding:10px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;vertical-align:middle;width:auto}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{margin-left:0;position:relative}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:-1){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:0){.navbar-form{border:0;-webkit-box-shadow:none;box-shadow:none;margin-left:0;margin-right:0;padding-bottom:0;padding-top:0;width:auto}}.navbar-nav>li>.dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-left-radius:0;border-bottom-right-radius:0;border-top-left-radius:4px;border-top-right-radius:4px;margin-bottom:0}.navbar-text{margin-bottom:12.5px;margin-top:12.5px}@media (min-width:0){.navbar-text{float:left;margin-left:10px;margin-right:10px}.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-10px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#000;border-color:#0000}.navbar-default .navbar-brand{color:#d4dae5}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav>li>a,.navbar-default .navbar-text{color:#d4dae5}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{background-color:initial;color:#f5f7fa}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-toggle{border-color:#000}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#000}.navbar-default .navbar-toggle .icon-bar{background-color:#1d1e24}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#0000}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{background-color:initial;color:#f5f7fa}@media (max-width:-1){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#d4dae5}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:initial;color:#f5f7fa}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#d4dae5}}.navbar-default .navbar-link,.navbar-default .navbar-link:hover{color:#d4dae5}.navbar-inverse{background-color:#f5f7fa;border-color:#d3dce9}.navbar-inverse .navbar-brand{color:#1d1e24}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-text{color:#1d1e24}.navbar-inverse .navbar-nav>li>a{color:#343741}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{background-color:#d4dae5;color:#1d1e24}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{background-color:initial;color:#3e434d}.navbar-inverse .navbar-toggle{border-color:#d3dce9}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#d3dce9}.navbar-inverse .navbar-toggle .icon-bar{background-color:#1d1e24}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#dde4ee}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{background-color:#d4dae5;color:#1d1e24}@media (max-width:-1){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#d3dce9}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#d3dce9}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#343741}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:#d4dae5;color:#1d1e24}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#3e434d}}.navbar-inverse .navbar-link{color:#343741}.navbar-inverse .navbar-link:hover{color:#1d1e24}.close{color:#fff;filter:alpha(opacity=20);float:right;font-size:21px;font-weight:700;line-height:1;opacity:.2;text-shadow:none}.close:focus,.close:hover{color:#fff;cursor:pointer;filter:alpha(opacity=50);opacity:.5;text-decoration:none}button.close{-webkit-appearance:none;background:#0000;border:0;cursor:pointer;padding:0}.modal,.modal-open{overflow:hidden}.modal{-webkit-overflow-scrolling:touch;bottom:0;display:none;left:0;outline:0;position:fixed;right:0;top:0;z-index:1070}.modal.fade .modal-dialog{-webkit-transform:translateY(-25%);-ms-transform:translateY(-25%);-o-transform:translateY(-25%);transform:translateY(-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0);-ms-transform:translate(0);-o-transform:translate(0);transform:translate(0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{margin:10px;position:relative;width:auto}.modal-content{background-clip:padding-box;background-color:#1d1e24;border:1px solid #0003;border-radius:4px;-webkit-box-shadow:0 3px 9px #00000080;box-shadow:0 3px 9px #00000080;outline:0;position:relative}.modal-backdrop{background-color:#fff;bottom:0;left:0;position:fixed;right:0;top:0;z-index:1060}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{border-bottom:1px solid #e5e5e5;padding:15px}.modal-header .close{margin-top:-2px}.modal-title{line-height:1.42857143;margin:0}.modal-body{padding:15px;position:relative}.modal-footer{border-top:1px solid #e5e5e5;padding:15px;text-align:right}.modal-scrollbar-measure{height:50px;overflow:scroll;position:absolute;top:-9999px;width:50px}@media (min-width:768px){.modal-dialog{margin:30px auto;width:600px}.modal-content{-webkit-box-shadow:0 5px 15px #00000080;box-shadow:0 5px 15px #00000080}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}@-webkit-keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}.progress{background-color:#2d3039;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px #0000001a;box-shadow:inset 0 1px 2px #0000001a;height:20px;margin-bottom:20px;overflow:hidden}.progress-bar{background-color:#54b399;color:#1d1e24;float:left;font-size:12px;height:100%;line-height:20px;text-align:center;-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease;width:0}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#7de2d1}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-info{background-color:#1ba9f5}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-warning{background-color:#ff977a}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-danger{background-color:#f66}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{background-color:#1d1e24;border:1px solid #343741;display:block;margin-bottom:-1px;padding:10px 15px;position:relative}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{border-bottom-left-radius:4px;border-bottom-right-radius:4px;margin-bottom:0}.list-group-item--noBorder{border-top:0}a.list-group-item,button.list-group-item{color:#d4dae5}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#f5f7fa}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{background-color:#25262e;color:#d4dae5;text-decoration:none}button.list-group-item{text-align:left;width:100%}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{background-color:#343741;color:#3e434d;cursor:not-allowed}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#3e434d}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{background-color:#f5f7fa;border-color:#f5f7fa;color:#f5f7fa;z-index:2}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#fff}.list-group-item-success{background-color:#7de2d1;color:#1d1e24}a.list-group-item-success,button.list-group-item-success{color:#1d1e24}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{background-color:#68ddca;color:#1d1e24}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-info{background-color:#1ba9f5;color:#1d1e24}a.list-group-item-info,button.list-group-item-info{color:#1d1e24}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{background-color:#0a9dec;color:#1d1e24}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-warning{background-color:#ff977a;color:#1d1e24}a.list-group-item-warning,button.list-group-item-warning{color:#1d1e24}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{background-color:#ff8361;color:#1d1e24}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-danger{background-color:#f66;color:#1d1e24}a.list-group-item-danger,button.list-group-item-danger{color:#1d1e24}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{background-color:#ff4c4c;color:#1d1e24}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-heading{margin-bottom:5px;margin-top:0}.list-group-item-text{line-height:1.3;margin-bottom:0}.nav{list-style:none;margin-bottom:0;padding-left:0}.nav>li,.nav>li>a{display:block;position:relative}.nav>li>a{padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{background-color:#343741;text-decoration:none}.nav>li.disabled>a{color:#3e434d}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{background-color:initial;color:#3e434d;cursor:not-allowed;text-decoration:none}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#343741;border-color:#1ba9f5}.nav .nav-divider{background-color:#e5e5e5;height:1px;margin:9px 0;overflow:hidden}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #343741}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{border:1px solid #0000;border-radius:4px 4px 0 0;line-height:1.42857143;margin-right:2px}.nav-tabs>li>a:hover{background-color:#1d1e24;border-color:#343741}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{background-color:#1d1e24;border:1px solid #343741;border-bottom-color:#0000;color:#f5f7fa;cursor:default}.nav-tabs.nav-justified{border-bottom:0;width:100%}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #1d1e24}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #1d1e24;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#1d1e24}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{background-color:#1ba9f5;color:#1d1e24}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-left:0;margin-top:2px}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #1d1e24}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #1d1e24;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#1d1e24}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:-1px}.alert{border:1px solid #0000;border-radius:4px;margin-bottom:20px;padding:15px}.alert h4{color:inherit;margin-top:0}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{color:inherit;position:relative;right:-21px;top:-2px}.alert-success{background-color:#7de2d1;border-color:#53d9c2;color:#1d1e24}.alert-success hr{border-top-color:#3ed4bb}.alert-success .alert-link{color:#060608}.alert-info{background-color:#1ba9f5;border-color:#098dd4;color:#1d1e24}.alert-info hr{border-top-color:#087dbb}.alert-info .alert-link{color:#060608}.alert-warning{background-color:#ff977a;border-color:#ff6f47;color:#1d1e24}.alert-warning hr{border-top-color:#ff5b2e}.alert-warning .alert-link{color:#060608}.alert-danger{background-color:#f66;border-color:#f33;color:#1d1e24}.alert-danger hr{border-top-color:#ff1919}.alert-danger .alert-link{color:#060608}.bsTooltip{word-wrap:normal;display:block;filter:alpha(opacity=0);font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;line-break:auto;line-height:1.42857143;opacity:0;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;white-space:normal;word-break:normal;word-spacing:normal;z-index:1040}.bsTooltip.in{filter:alpha(opacity=80);opacity:.8}.bsTooltip.top{margin-top:-3px;padding:5px 0}.bsTooltip.right{margin-left:3px;padding:0 5px}.bsTooltip.bottom{margin-top:3px;padding:5px 0}.bsTooltip.left{margin-left:-3px;padding:0 5px}.bsTooltip-inner{background-color:#000;border-radius:4px;color:#fff;max-width:200px;padding:3px 8px;text-align:center}.bsTooltip-arrow{border-color:#0000;border-style:solid;height:0;position:absolute;width:0}.bsTooltip.top .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:50%;margin-left:-5px}.bsTooltip.top-left .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;margin-bottom:-5px;right:5px}.bsTooltip.top-right .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:5px;margin-bottom:-5px}.bsTooltip.right .bsTooltip-arrow{border-right-color:#000;border-width:5px 5px 5px 0;left:0;margin-top:-5px;top:50%}.bsTooltip.left .bsTooltip-arrow{border-left-color:#000;border-width:5px 0 5px 5px;margin-top:-5px;right:0;top:50%}.bsTooltip.bottom .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:50%;margin-left:-5px;top:0}.bsTooltip.bottom-left .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;margin-top:-5px;right:5px;top:0}.bsTooltip.bottom-right .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:5px;margin-top:-5px;top:0}.visible-lg,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}.visible-xs-block{display:block!important}.visible-xs-inline{display:inline!important}.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}.visible-sm-block{display:block!important}.visible-sm-inline{display:inline!important}.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}.visible-md-block{display:block!important}.visible-md-inline{display:inline!important}.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}.visible-lg-block{display:block!important}.visible-lg-inline{display:inline!important}.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}.hidden-print{display:none!important}}.caret{border-left:4px solid #0000;border-right:4px solid #0000;border-top:4px dashed;border-top:4px solid\9;display:inline-block;height:0;margin-left:2px;vertical-align:middle;width:0}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{background-clip:padding-box;background-color:#1d1e24;border:1px solid #343741;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;float:left;font-size:14px;left:0;list-style:none;margin:2px 0 0;min-width:160px;padding:5px 0;position:absolute;text-align:left;top:100%;z-index:1000}.dropdown-menu.pull-right{left:auto;right:0}.dropdown-menu .divider{background-color:#343741;height:1px;margin:9px 0;overflow:hidden}.dropdown-menu>li>a,.dropdown-menu>li>button{clear:both;color:#ababab;display:block;font-weight:400;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-menu>li>button{appearance:none;background:none;border:none;text-align:left;width:100%}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover,.dropdown-menu>li>button:focus,.dropdown-menu>li>button:hover{background-color:#f5f7fa;color:#1d1e24;text-decoration:none}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>button,.dropdown-menu>.active>button:focus,.dropdown-menu>.active>button:hover{background-color:#f5f7fa;color:#1d1e24;outline:0;text-decoration:none}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#535966}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{background-color:initial;background-image:none;cursor:not-allowed;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);text-decoration:none}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{color:#535966;display:block;font-size:12px;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-backdrop{bottom:0;left:0;position:fixed;right:0;top:0;z-index:990}.pull-right>.dropdown-menu{left:auto;right:0}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-bottom:4px dashed;border-bottom:4px solid\9;border-top:0;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{bottom:100%;margin-bottom:2px;top:auto}@media (min-width:0){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.input-group{border-collapse:initial;display:table;position:relative}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{float:left;margin-bottom:0;position:relative;width:100%;z-index:2}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon{height:62px;line-height:62px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon{height:32px;line-height:32px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon{height:auto}.input-group .form-control,.input-group-addon{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child){border-radius:0}.input-group-addon{background-color:#343741;border:1px solid #343741;border-radius:4px;color:#f5f7fa;font-size:14px;font-weight:400;line-height:1;padding:5px 15px;text-align:center;vertical-align:middle;white-space:nowrap;width:1%}.input-group-addon.input-sm{border-radius:4px;font-size:12px;padding:6px 9px}.input-group-addon.input-lg{border-radius:4px;font-size:18px;padding:18px 27px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.pagination{border-radius:4px;display:inline-block;margin:20px 0;padding-left:0}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{background-color:initial;border:1px solid #0000;color:#1ba9f5;float:left;line-height:1.42857143;margin-left:-1px;padding:5px 15px;position:relative;text-decoration:none}.pagination>li:first-child>a,.pagination>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px;margin-left:0}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{background-color:#0000;border-color:#0000;color:#1ba9f5;z-index:2}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{background-color:#0000;border-color:#0000;color:#f5f7fa;cursor:default;z-index:3}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{background-color:#26262600;border-color:#0000;color:#f5f7fa;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{font-size:18px;line-height:1.3333333;padding:18px 27px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination-sm>li>a,.pagination-sm>li>span{font-size:12px;line-height:1.5;padding:6px 9px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pager{list-style:none;margin:20px 0;padding-left:0;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{background-color:initial;border:1px solid #0000;border-radius:0;display:inline-block;padding:5px 14px}.pager li>a:focus,.pager li>a:hover{background-color:#0000;text-decoration:none}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:initial;color:#1d1e24;cursor:not-allowed}.label{border-radius:.25em;color:#1d1e24;display:inline;font-size:75%;font-weight:700;line-height:1;padding:.2em .6em .3em;text-align:center;vertical-align:initial;white-space:nowrap}a.label:focus,a.label:hover{color:#1d1e24;cursor:pointer;text-decoration:none}.label:empty{display:none}.label-default{background-color:#1ba9f5}.label-default[href]:focus,.label-default[href]:hover{background-color:#098dd4}.label-primary{background-color:#f5f7fa}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#d3dce9}.label-success{background-color:#7de2d1}.label-success[href]:focus,.label-success[href]:hover{background-color:#53d9c2}.label-info{background-color:#1ba9f5}.label-info[href]:focus,.label-info[href]:hover{background-color:#098dd4}.label-warning{background-color:#ff977a}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#ff6f47}.label-danger{background-color:#f66}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#f33}.panel{background-color:#1d1e24;border:1px solid #0000;border-radius:4px;-webkit-box-shadow:0 1px 1px #0000000d;box-shadow:0 1px 1px #0000000d;margin-bottom:20px}.panel-body{padding:15px}.panel-heading{border-bottom:1px solid #0000;border-top-left-radius:3px;border-top-right-radius:3px;padding:10px 15px}.panel-heading>.dropdown .dropdown-toggle,.panel-title{color:inherit}.panel-title{font-size:16px;margin-bottom:0;margin-top:0}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{background-color:#25262e;border-bottom-left-radius:3px;border-bottom-right-radius:3px;border-top:1px solid #343741;padding:10px 15px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-radius:0;border-width:1px 0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.list-group+.panel-footer,.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-left:15px;padding-right:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #343741}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{border-radius:4px;margin-bottom:0}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #343741}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #343741}.panel-default{border-color:#343741}.panel-default>.panel-heading{background-color:#25262e;border-color:#343741;color:#ababab}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#343741}.panel-default>.panel-heading .badge{background-color:#ababab;color:#25262e}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#343741}.panel-primary{border-color:#f5f7fa}.panel-primary>.panel-heading{background-color:#f5f7fa;border-color:#f5f7fa;color:#1d1e24}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#f5f7fa}.panel-primary>.panel-heading .badge{background-color:#1d1e24;color:#f5f7fa}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#f5f7fa}.panel-success{border-color:#53d9c2}.panel-success>.panel-heading{background-color:#7de2d1;border-color:#53d9c2;color:#1d1e24}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#53d9c2}.panel-success>.panel-heading .badge{background-color:#1d1e24;color:#7de2d1}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#53d9c2}.panel-info{border-color:#098dd4}.panel-info>.panel-heading{background-color:#1ba9f5;border-color:#098dd4;color:#1d1e24}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#098dd4}.panel-info>.panel-heading .badge{background-color:#1d1e24;color:#1ba9f5}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#098dd4}.panel-warning{border-color:#ff6f47}.panel-warning>.panel-heading{background-color:#ff977a;border-color:#ff6f47;color:#1d1e24}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ff6f47}.panel-warning>.panel-heading .badge{background-color:#1d1e24;color:#ff977a}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ff6f47}.panel-danger{border-color:#f33}.panel-danger>.panel-heading{background-color:#f66;border-color:#f33;color:#1d1e24}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#f33}.panel-danger>.panel-heading .badge{background-color:#1d1e24;color:#f66}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#f33}.popover{word-wrap:normal;background-clip:padding-box;background-color:#1d1e24;border:1px solid #343741;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;left:0;letter-spacing:normal;line-break:auto;line-height:1.42857143;max-width:276px;padding:1px;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;top:0;white-space:normal;word-break:normal;word-spacing:normal;z-index:1010}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{background-color:#16171c;border-bottom:1px solid #0b0b0d;border-radius:3px 3px 0 0;font-size:14px;margin:0;padding:8px 14px}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{border-color:#0000;border-style:solid;display:block;height:0;position:absolute;width:0}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{border-bottom-width:0;border-top-color:#343741;bottom:-11px;left:50%;margin-left:-11px}.popover.top>.arrow:after{border-bottom-width:0;border-top-color:#1d1e24;bottom:1px;content:" ";margin-left:-10px}.popover.right>.arrow{border-left-width:0;border-right-color:#343741;left:-11px;margin-top:-11px;top:50%}.popover.right>.arrow:after{border-left-width:0;border-right-color:#1d1e24;bottom:-10px;content:" ";left:1px}.popover.bottom>.arrow{border-bottom-color:#343741;border-top-width:0;left:50%;margin-left:-11px;top:-11px}.popover.bottom>.arrow:after{border-bottom-color:#1d1e24;border-top-width:0;content:" ";margin-left:-10px;top:1px}.popover.left>.arrow{border-left-color:#343741;border-right-width:0;margin-top:-11px;right:-11px;top:50%}.popover.left>.arrow:after{border-left-color:#1d1e24;border-right-width:0;bottom:-10px;content:" ";right:1px}.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{content:" ";display:table}.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{background-color:initial;border:0;color:#0000;font:0/0 a;text-shadow:none}.hidden{display:none!important}.affix{position:fixed}.navbar>.container-fluid>.navbar-form:not(.pull-right):first-child,.navbar>.container-fluid>.navbar-nav:not(.pull-right):first-child{margin-left:-15px;margin-top:4px}.navbar{border-width:0}.navbar-btn-link{border-radius:0;margin:0}@media (max-width:768px){.navbar-btn-link{text-align:left;width:100%}}.navbar-default .badge{background-color:#1d1e24;color:#000}.navbar-inverse .kbnGlobalNav__logoBrand{background-color:#fff;height:45px;width:252px}.navbar-inverse .kbnGlobalNav__smallLogoBrand{background-color:#fff;height:45px;width:45px}.navbar-inverse .badge{background-color:#1d1e24;color:#fff}.navbar-brand{cursor:default;font-size:1.8em;user-select:none}.navbar-nav{font-size:12px}.navbar-nav>.active>a{background-color:initial;border-bottom-color:#ababab}.navbar-toggle{margin-top:4px}.text-primary,.text-primary:hover{color:#f5f7fa}.text-success,.text-success:hover{color:#7de2d1}.text-danger,.text-danger:hover{color:#f66}.text-warning,.text-warning:hover{color:#ff977a}.text-info,.text-info:hover{color:#1ba9f5}.table .danger,.table .danger a,.table .info,.table .info a,.table .success,.table .success a,.table .warning,.table .warning a,table .danger,table .danger a,table .info,table .info a,table .success,table .success a,table .warning,table .warning a{color:#1d1e24}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #343741}.form-control,input{border-width:1px}.form-control,.form-control:focus,input,input:focus{-webkit-box-shadow:none;box-shadow:none}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .form-control-feedback,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline{color:#ff977a}.has-warning .form-control,.has-warning .form-control:focus{border:1px solid #ff977a}.has-warning .input-group-addon{border-color:#ff977a}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .form-control-feedback,.has-error .help-block,.has-error .radio,.has-error .radio-inline{color:#f66}.has-error .form-control,.has-error .form-control:focus{border:1px solid #f66}.has-error .input-group-addon{border-color:#f66}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .form-control-feedback,.has-success .help-block,.has-success .radio,.has-success .radio-inline{color:#7de2d1}.has-success .form-control,.has-success .form-control:focus{border:solid #7de2d1}.has-success .input-group-addon{border-color:#7de2d1}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{border-color:#0000}.pager a,.pager a:hover{color:#1d1e24}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:#26262600}.panel{border-radius:0;-webkit-box-shadow:0 0 0 #0000;box-shadow:0 0 0 #0000}.progress{-webkit-box-shadow:none;box-shadow:none}.progress .progress-bar{font-size:10px;line-height:10px}.well{-webkit-box-shadow:none;box-shadow:none}
\ No newline at end of file
+ */.container{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{min-height:1px;padding-left:15px;padding-right:15px;position:relative}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}.table{font-size:14px;margin-bottom:20px;max-width:100%;width:100%}.table thead{font-size:12px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{border-top:1px solid #343741;line-height:1.42857143;padding:8px;vertical-align:top}.table>thead>tr>th{border-bottom:1px solid #343741;vertical-align:bottom}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #343741}.table .table{background-color:#1d1e24}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{font-size:12px;padding:5px}.table-bordered{border:1px solid #343741}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-hover>tbody>tr:hover,.table-striped>tbody>tr:nth-of-type(odd){background-color:#343741}table col[class*=col-]{display:table-column;float:none;position:static}table td[class*=col-],table th[class*=col-]{display:table-cell;float:none;position:static}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#343741}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#292b33}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#7de2d1}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#68ddca}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#1ba9f5}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#0a9dec}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#ff977a}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#ff8361}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#f66}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#ff4c4c}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #343741;margin-bottom:15px;overflow-y:hidden;width:100%}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}.form-control{background-color:#1a1a20;background-image:none;border:1px solid #343741;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);color:#f5f7fa;display:block;font-size:14px;height:32px;line-height:1.42857143;padding:5px 15px;-webkit-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-o-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;width:100%}.form-control:focus{border-color:#1ba9f5;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #1ba9f599;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #1ba9f599;outline:0}.form-control::-moz-placeholder{color:#535966;opacity:1}.form-control:-ms-input-placeholder{color:#535966}.form-control::-webkit-input-placeholder{color:#535966}.form-control::-ms-expand{background-color:initial;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#343741;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}.form-group:not(:empty){margin-bottom:15px}.checkbox,.radio{display:block;margin-bottom:10px;margin-top:10px;position:relative}.checkbox label,.radio label{cursor:pointer;font-weight:400;margin-bottom:0;min-height:20px;padding-left:20px}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{margin-left:-20px;margin-top:4px\9;position:absolute}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{cursor:pointer;display:inline-block;font-weight:400;margin-bottom:0;padding-left:20px;position:relative;vertical-align:middle}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-left:10px;margin-top:0}.checkbox-inline.disabled,.checkbox.disabled label,.radio-inline.disabled,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio label,fieldset[disabled] .radio-inline{cursor:not-allowed}.form-control-static{margin-bottom:0;min-height:34px;padding-bottom:6px;padding-top:6px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-sm{height:32px;line-height:32px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}.form-group-sm select.form-control{height:32px;line-height:32px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{font-size:12px;height:32px;line-height:1.5;min-height:32px;padding:7px 9px}.input-lg{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-lg{height:62px;line-height:62px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}.form-group-lg select.form-control{height:62px;line-height:62px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{font-size:18px;height:62px;line-height:1.3333333;min-height:38px;padding:19px 27px}.has-feedback{position:relative}.has-feedback .form-control{padding-right:40px}.form-control-feedback{display:block;height:32px;line-height:32px;pointer-events:none;position:absolute;right:0;text-align:center;top:0;width:32px;z-index:2}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{height:62px;line-height:62px;width:62px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{height:32px;line-height:32px;width:32px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#1d1e24}.has-success .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-success .input-group-addon{background-color:#7de2d1;border-color:#1d1e24;color:#1d1e24}.has-success .form-control-feedback,.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#1d1e24}.has-warning .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-warning .input-group-addon{background-color:#ff977a;border-color:#1d1e24;color:#1d1e24}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label,.has-warning .form-control-feedback{color:#1d1e24}.has-error .form-control{border-color:#1d1e24;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#060608;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #4b4d5c}.has-error .input-group-addon{background-color:#f66;border-color:#1d1e24;color:#1d1e24}.has-error .form-control-feedback{color:#1d1e24}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{color:#fff;display:block;margin-bottom:10px;margin-top:5px}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;vertical-align:middle;width:auto}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{margin-left:0;position:relative}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{margin-bottom:0;margin-top:0;padding-top:6px}.form-horizontal .checkbox,.form-horizontal .radio{min-height:26px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{margin-bottom:0;padding-top:6px;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{font-size:18px;padding-top:19px}.form-horizontal .form-group-sm .control-label{font-size:12px;padding-top:7px}}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-muted{color:#3e434d}.text-primary{color:#f5f7fa}a.text-primary:focus,a.text-primary:hover{color:#d3dce9}.text-success{color:#1d1e24}a.text-success:focus,a.text-success:hover{color:#060608}.text-info{color:#1d1e24}a.text-info:focus,a.text-info:hover{color:#060608}.text-warning{color:#1d1e24}a.text-warning:focus,a.text-warning:hover{color:#060608}.text-danger{color:#1d1e24}a.text-danger:focus,a.text-danger:hover{color:#060608}.bg-info{background-color:#1ba9f5}a.bg-info:focus,a.bg-info:hover{background-color:#098dd4}.list-unstyled{list-style:none;padding-left:0}@media (min-width:0){.dl-horizontal dt{clear:left;float:left;overflow:hidden;text-align:right;text-overflow:ellipsis;white-space:nowrap;width:160px}.dl-horizontal dd{margin-left:180px}}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{height:0;overflow:hidden;position:relative;-webkit-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;transition-property:height,visibility;-webkit-transition-timing-function:ease;transition-timing-function:ease}.btn{background-image:none;border:1px solid #0000;border-radius:4px;cursor:pointer;display:inline-block;font-size:14px;font-weight:400;line-height:1.42857143;margin-bottom:0;padding:5px 15px;text-align:center;touch-action:manipulation;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;vertical-align:middle;white-space:nowrap}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{box-shadow:0 0 0 1px #fff,0 0 0 2px #0079a5}.btn.focus,.btn:focus,.btn:hover{color:#1d1e24;text-decoration:none}.btn.active,.btn:active{background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125);outline:0}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{-webkit-box-shadow:none;box-shadow:none;cursor:not-allowed;filter:alpha(opacity=65);opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{background-color:#1ba9f5;border-color:#1ba9f5;color:#1d1e24}.btn-default.focus,.btn-default:focus{background-color:#098dd4;border-color:#065c8a;color:#1d1e24}.btn-default.active,.btn-default:active,.btn-default:hover,.open>.dropdown-toggle.btn-default{background-color:#098dd4;border-color:#0987ca;color:#1d1e24}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{background-color:#0876b2;border-color:#065c8a;color:#1d1e24}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#1ba9f5;border-color:#1ba9f5}.btn-default .badge{background-color:#1d1e24;color:#1ba9f5}.btn-primary{background-color:#1ba9f5;border-color:#1ba9f5;color:#1d1e24}.btn-primary.focus,.btn-primary:focus{background-color:#098dd4;border-color:#065c8a;color:#1d1e24}.btn-primary.active,.btn-primary:active,.btn-primary:hover,.open>.dropdown-toggle.btn-primary{background-color:#098dd4;border-color:#0987ca;color:#1d1e24}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{background-color:#0876b2;border-color:#065c8a;color:#1d1e24}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#1ba9f5;border-color:#1ba9f5}.btn-primary .badge{background-color:#1d1e24;color:#1ba9f5}.btn-xs{border-radius:4px;font-size:12px;line-height:1.5;padding:1px 5px}.navbar{border:1px solid #0000;margin-bottom:0;min-height:45px;position:relative}@media (min-width:0){.navbar{border-radius:4px}.navbar-header{float:left}}.navbar-collapse{-webkit-overflow-scrolling:touch;border-top:1px solid #0000;box-shadow:inset 0 1px 0 #ffffff1a;overflow-x:visible;padding-left:10px;padding-right:10px}.navbar-collapse.in{overflow-y:auto}@media (min-width:0){.navbar-collapse{border-top:0;box-shadow:none;width:auto}.navbar-collapse.collapse{display:block!important;height:auto!important;overflow:visible!important;padding-bottom:0}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:-10px;margin-right:-10px}@media (min-width:0){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:0;margin-right:0}}.navbar-fixed-bottom,.navbar-fixed-top{left:0;position:fixed;right:0;z-index:1050}@media (min-width:0){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{border-width:0 0 1px;top:0}.navbar-fixed-bottom{border-width:1px 0 0;bottom:0;margin-bottom:0}.navbar-brand{float:left;font-size:18px;height:45px;line-height:20px;padding:12.5px 10px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:0){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-10px}}.navbar-toggle{background-color:initial;background-image:none;border:1px solid #0000;border-radius:4px;float:right;margin-bottom:5.5px;margin-right:10px;margin-top:5.5px;padding:9px 10px;position:relative}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{border-radius:1px;display:block;height:2px;width:22px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:0){.navbar-toggle{display:none}}.navbar-nav{margin:6.25px -10px}.navbar-nav>li>a{line-height:20px;padding-bottom:10px;padding-top:10px}@media (max-width:-1){.navbar-nav .open .dropdown-menu{background-color:initial;border:0;box-shadow:none;float:none;margin-top:0;position:static;width:auto}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:0){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-bottom:12.5px;padding-top:12.5px}}.navbar-form{border-bottom:1px solid #0000;border-top:1px solid #0000;-webkit-box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;margin:6.5px -10px;padding:10px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;vertical-align:middle;width:auto}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{margin-left:0;position:relative}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:-1){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:0){.navbar-form{border:0;-webkit-box-shadow:none;box-shadow:none;margin-left:0;margin-right:0;padding-bottom:0;padding-top:0;width:auto}}.navbar-nav>li>.dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-left-radius:0;border-bottom-right-radius:0;border-top-left-radius:4px;border-top-right-radius:4px;margin-bottom:0}.navbar-text{margin-bottom:12.5px;margin-top:12.5px}@media (min-width:0){.navbar-text{float:left;margin-left:10px;margin-right:10px}.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-10px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#000;border-color:#0000}.navbar-default .navbar-brand{color:#d4dae5}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav>li>a,.navbar-default .navbar-text{color:#d4dae5}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{background-color:initial;color:#f5f7fa}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-toggle{border-color:#000}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#000}.navbar-default .navbar-toggle .icon-bar{background-color:#1d1e24}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#0000}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{background-color:initial;color:#f5f7fa}@media (max-width:-1){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#d4dae5}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{background-color:initial;color:#d4dae5}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:initial;color:#f5f7fa}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#d4dae5}}.navbar-default .navbar-link,.navbar-default .navbar-link:hover{color:#d4dae5}.navbar-inverse{background-color:#f5f7fa;border-color:#d3dce9}.navbar-inverse .navbar-brand{color:#1d1e24}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-text{color:#1d1e24}.navbar-inverse .navbar-nav>li>a{color:#343741}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{background-color:#d4dae5;color:#1d1e24}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{background-color:initial;color:#3e434d}.navbar-inverse .navbar-toggle{border-color:#d3dce9}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#d3dce9}.navbar-inverse .navbar-toggle .icon-bar{background-color:#1d1e24}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#dde4ee}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{background-color:#d4dae5;color:#1d1e24}@media (max-width:-1){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#d3dce9}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#d3dce9}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#343741}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{background-color:#fff;color:#1d1e24}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:#d4dae5;color:#1d1e24}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#3e434d}}.navbar-inverse .navbar-link{color:#343741}.navbar-inverse .navbar-link:hover{color:#1d1e24}.close{color:#fff;filter:alpha(opacity=20);float:right;font-size:21px;font-weight:700;line-height:1;opacity:.2;text-shadow:none}.close:focus,.close:hover{color:#fff;cursor:pointer;filter:alpha(opacity=50);opacity:.5;text-decoration:none}button.close{-webkit-appearance:none;background:#0000;border:0;cursor:pointer;padding:0}.modal,.modal-open{overflow:hidden}.modal{-webkit-overflow-scrolling:touch;bottom:0;display:none;left:0;outline:0;position:fixed;right:0;top:0;z-index:1070}.modal.fade .modal-dialog{-webkit-transform:translateY(-25%);-ms-transform:translateY(-25%);-o-transform:translateY(-25%);transform:translateY(-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0);-ms-transform:translate(0);-o-transform:translate(0);transform:translate(0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{margin:10px;position:relative;width:auto}.modal-content{background-clip:padding-box;background-color:#1d1e24;border:1px solid #0003;border-radius:4px;-webkit-box-shadow:0 3px 9px #00000080;box-shadow:0 3px 9px #00000080;outline:0;position:relative}.modal-backdrop{background-color:#fff;bottom:0;left:0;position:fixed;right:0;top:0;z-index:1060}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{border-bottom:1px solid #e5e5e5;padding:15px}.modal-header .close{margin-top:-2px}.modal-title{line-height:1.42857143;margin:0}.modal-body{padding:15px;position:relative}.modal-footer{border-top:1px solid #e5e5e5;padding:15px;text-align:right}.modal-scrollbar-measure{height:50px;overflow:scroll;position:absolute;top:-9999px;width:50px}@media (min-width:768px){.modal-dialog{margin:30px auto;width:600px}.modal-content{-webkit-box-shadow:0 5px 15px #00000080;box-shadow:0 5px 15px #00000080}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}@-webkit-keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}.progress{background-color:#2d3039;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px #0000001a;box-shadow:inset 0 1px 2px #0000001a;height:20px;margin-bottom:20px;overflow:hidden}.progress-bar{background-color:#54b399;color:#1d1e24;float:left;font-size:12px;height:100%;line-height:20px;text-align:center;-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease;width:0}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#7de2d1}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-info{background-color:#1ba9f5}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-warning{background-color:#ff977a}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-danger{background-color:#f66}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{background-color:#1d1e24;border:1px solid #343741;display:block;margin-bottom:-1px;padding:10px 15px;position:relative}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{border-bottom-left-radius:4px;border-bottom-right-radius:4px;margin-bottom:0}.list-group-item--noBorder{border-top:0}a.list-group-item,button.list-group-item{color:#d4dae5}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#f5f7fa}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{background-color:#25262e;color:#d4dae5;text-decoration:none}button.list-group-item{text-align:left;width:100%}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{background-color:#343741;color:#3e434d;cursor:not-allowed}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#3e434d}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{background-color:#f5f7fa;border-color:#f5f7fa;color:#f5f7fa;z-index:2}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#fff}.list-group-item-success{background-color:#7de2d1;color:#1d1e24}a.list-group-item-success,button.list-group-item-success{color:#1d1e24}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{background-color:#68ddca;color:#1d1e24}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-info{background-color:#1ba9f5;color:#1d1e24}a.list-group-item-info,button.list-group-item-info{color:#1d1e24}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{background-color:#0a9dec;color:#1d1e24}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-warning{background-color:#ff977a;color:#1d1e24}a.list-group-item-warning,button.list-group-item-warning{color:#1d1e24}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{background-color:#ff8361;color:#1d1e24}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-danger{background-color:#f66;color:#1d1e24}a.list-group-item-danger,button.list-group-item-danger{color:#1d1e24}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{background-color:#ff4c4c;color:#1d1e24}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{background-color:#1d1e24;border-color:#1d1e24;color:#fff}.list-group-item-heading{margin-bottom:5px;margin-top:0}.list-group-item-text{line-height:1.3;margin-bottom:0}.nav{list-style:none;margin-bottom:0;padding-left:0}.nav>li,.nav>li>a{display:block;position:relative}.nav>li>a{padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{background-color:#343741;text-decoration:none}.nav>li.disabled>a{color:#3e434d}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{background-color:initial;color:#3e434d;cursor:not-allowed;text-decoration:none}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#343741;border-color:#1ba9f5}.nav .nav-divider{background-color:#e5e5e5;height:1px;margin:9px 0;overflow:hidden}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #343741}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{border:1px solid #0000;border-radius:4px 4px 0 0;line-height:1.42857143;margin-right:2px}.nav-tabs>li>a:hover{background-color:#1d1e24;border-color:#343741}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{background-color:#1d1e24;border:1px solid #343741;border-bottom-color:#0000;color:#f5f7fa;cursor:default}.nav-tabs.nav-justified{border-bottom:0;width:100%}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #1d1e24}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #1d1e24;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#1d1e24}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{background-color:#1ba9f5;color:#1d1e24}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-left:0;margin-top:2px}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #1d1e24}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #1d1e24;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#1d1e24}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:-1px}.alert{border:1px solid #0000;border-radius:4px;margin-bottom:20px;padding:15px}.alert h4{color:inherit;margin-top:0}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{color:inherit;position:relative;right:-21px;top:-2px}.alert-success{background-color:#7de2d1;border-color:#53d9c2;color:#1d1e24}.alert-success hr{border-top-color:#3ed4bb}.alert-success .alert-link{color:#060608}.alert-info{background-color:#1ba9f5;border-color:#098dd4;color:#1d1e24}.alert-info hr{border-top-color:#087dbb}.alert-info .alert-link{color:#060608}.alert-warning{background-color:#ff977a;border-color:#ff6f47;color:#1d1e24}.alert-warning hr{border-top-color:#ff5b2e}.alert-warning .alert-link{color:#060608}.alert-danger{background-color:#f66;border-color:#f33;color:#1d1e24}.alert-danger hr{border-top-color:#ff1919}.alert-danger .alert-link{color:#060608}.bsTooltip{word-wrap:normal;display:block;filter:alpha(opacity=0);font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;line-break:auto;line-height:1.42857143;opacity:0;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;white-space:normal;word-break:normal;word-spacing:normal;z-index:1040}.bsTooltip.in{filter:alpha(opacity=80);opacity:.8}.bsTooltip.top{margin-top:-3px;padding:5px 0}.bsTooltip.right{margin-left:3px;padding:0 5px}.bsTooltip.bottom{margin-top:3px;padding:5px 0}.bsTooltip.left{margin-left:-3px;padding:0 5px}.bsTooltip-inner{background-color:#000;border-radius:4px;color:#fff;max-width:200px;padding:3px 8px;text-align:center}.bsTooltip-arrow{border-color:#0000;border-style:solid;height:0;position:absolute;width:0}.bsTooltip.top .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:50%;margin-left:-5px}.bsTooltip.top-left .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;margin-bottom:-5px;right:5px}.bsTooltip.top-right .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:5px;margin-bottom:-5px}.bsTooltip.right .bsTooltip-arrow{border-right-color:#000;border-width:5px 5px 5px 0;left:0;margin-top:-5px;top:50%}.bsTooltip.left .bsTooltip-arrow{border-left-color:#000;border-width:5px 0 5px 5px;margin-top:-5px;right:0;top:50%}.bsTooltip.bottom .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:50%;margin-left:-5px;top:0}.bsTooltip.bottom-left .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;margin-top:-5px;right:5px;top:0}.bsTooltip.bottom-right .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:5px;margin-top:-5px;top:0}.visible-lg,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}.visible-xs-block{display:block!important}.visible-xs-inline{display:inline!important}.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}.visible-sm-block{display:block!important}.visible-sm-inline{display:inline!important}.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}.visible-md-block{display:block!important}.visible-md-inline{display:inline!important}.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}.visible-lg-block{display:block!important}.visible-lg-inline{display:inline!important}.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}.hidden-print{display:none!important}}.caret{border-left:4px solid #0000;border-right:4px solid #0000;border-top:4px dashed;border-top:4px solid\9;display:inline-block;height:0;margin-left:2px;vertical-align:middle;width:0}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{background-clip:padding-box;background-color:#1d1e24;border:1px solid #343741;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;float:left;font-size:14px;left:0;list-style:none;margin:2px 0 0;min-width:160px;padding:5px 0;position:absolute;text-align:left;top:100%;z-index:1000}.dropdown-menu.pull-right{left:auto;right:0}.dropdown-menu .divider{background-color:#343741;height:1px;margin:9px 0;overflow:hidden}.dropdown-menu>li>a,.dropdown-menu>li>button{clear:both;color:#ababab;display:block;font-weight:400;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-menu>li>button{appearance:none;background:none;border:none;text-align:left;width:100%}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover,.dropdown-menu>li>button:focus,.dropdown-menu>li>button:hover{background-color:#f5f7fa;color:#1d1e24;text-decoration:none}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>button,.dropdown-menu>.active>button:focus,.dropdown-menu>.active>button:hover{background-color:#f5f7fa;color:#1d1e24;outline:0;text-decoration:none}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#535966}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{background-color:initial;background-image:none;cursor:not-allowed;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);text-decoration:none}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{color:#535966;display:block;font-size:12px;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-backdrop{bottom:0;left:0;position:fixed;right:0;top:0;z-index:990}.pull-right>.dropdown-menu{left:auto;right:0}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-bottom:4px dashed;border-bottom:4px solid\9;border-top:0;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{bottom:100%;margin-bottom:2px;top:auto}@media (min-width:0){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.input-group{border-collapse:initial;display:table;position:relative}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{float:left;margin-bottom:0;position:relative;width:100%;z-index:2}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon{height:62px;line-height:62px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon{height:32px;line-height:32px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon{height:auto}.input-group .form-control,.input-group-addon{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child){border-radius:0}.input-group-addon{background-color:#343741;border:1px solid #343741;border-radius:4px;color:#f5f7fa;font-size:14px;font-weight:400;line-height:1;padding:5px 15px;text-align:center;vertical-align:middle;white-space:nowrap;width:1%}.input-group-addon.input-sm{border-radius:4px;font-size:12px;padding:6px 9px}.input-group-addon.input-lg{border-radius:4px;font-size:18px;padding:18px 27px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.pagination{border-radius:4px;display:inline-block;margin:20px 0;padding-left:0}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{background-color:initial;border:1px solid #0000;color:#1ba9f5;float:left;line-height:1.42857143;margin-left:-1px;padding:5px 15px;position:relative;text-decoration:none}.pagination>li:first-child>a,.pagination>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px;margin-left:0}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{background-color:#0000;border-color:#0000;color:#1ba9f5;z-index:2}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{background-color:#0000;border-color:#0000;color:#f5f7fa;cursor:default;z-index:3}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{background-color:#26262600;border-color:#0000;color:#f5f7fa;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{font-size:18px;line-height:1.3333333;padding:18px 27px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination-sm>li>a,.pagination-sm>li>span{font-size:12px;line-height:1.5;padding:6px 9px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pager{list-style:none;margin:20px 0;padding-left:0;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{background-color:initial;border:1px solid #0000;border-radius:0;display:inline-block;padding:5px 14px}.pager li>a:focus,.pager li>a:hover{background-color:#0000;text-decoration:none}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:initial;color:#1d1e24;cursor:not-allowed}.label{border-radius:.25em;color:#1d1e24;display:inline;font-size:75%;font-weight:700;line-height:1;padding:.2em .6em .3em;text-align:center;vertical-align:initial;white-space:nowrap}a.label:focus,a.label:hover{color:#1d1e24;cursor:pointer;text-decoration:none}.label:empty{display:none}.label-default{background-color:#1ba9f5}.label-default[href]:focus,.label-default[href]:hover{background-color:#098dd4}.label-primary{background-color:#f5f7fa}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#d3dce9}.label-success{background-color:#7de2d1}.label-success[href]:focus,.label-success[href]:hover{background-color:#53d9c2}.label-info{background-color:#1ba9f5}.label-info[href]:focus,.label-info[href]:hover{background-color:#098dd4}.label-warning{background-color:#ff977a}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#ff6f47}.label-danger{background-color:#f66}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#f33}.panel{background-color:#1d1e24;border:1px solid #0000;border-radius:4px;-webkit-box-shadow:0 1px 1px #0000000d;box-shadow:0 1px 1px #0000000d;margin-bottom:20px}.panel-body{padding:15px}.panel-heading{border-bottom:1px solid #0000;border-top-left-radius:3px;border-top-right-radius:3px;padding:10px 15px}.panel-heading>.dropdown .dropdown-toggle,.panel-title{color:inherit}.panel-title{font-size:16px;margin-bottom:0;margin-top:0}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{background-color:#25262e;border-bottom-left-radius:3px;border-bottom-right-radius:3px;border-top:1px solid #343741;padding:10px 15px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-radius:0;border-width:1px 0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.list-group+.panel-footer,.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-left:15px;padding-right:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #343741}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{border-radius:4px;margin-bottom:0}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #343741}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #343741}.panel-default{border-color:#343741}.panel-default>.panel-heading{background-color:#25262e;border-color:#343741;color:#ababab}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#343741}.panel-default>.panel-heading .badge{background-color:#ababab;color:#25262e}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#343741}.panel-primary{border-color:#f5f7fa}.panel-primary>.panel-heading{background-color:#f5f7fa;border-color:#f5f7fa;color:#1d1e24}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#f5f7fa}.panel-primary>.panel-heading .badge{background-color:#1d1e24;color:#f5f7fa}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#f5f7fa}.panel-success{border-color:#53d9c2}.panel-success>.panel-heading{background-color:#7de2d1;border-color:#53d9c2;color:#1d1e24}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#53d9c2}.panel-success>.panel-heading .badge{background-color:#1d1e24;color:#7de2d1}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#53d9c2}.panel-info{border-color:#098dd4}.panel-info>.panel-heading{background-color:#1ba9f5;border-color:#098dd4;color:#1d1e24}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#098dd4}.panel-info>.panel-heading .badge{background-color:#1d1e24;color:#1ba9f5}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#098dd4}.panel-warning{border-color:#ff6f47}.panel-warning>.panel-heading{background-color:#ff977a;border-color:#ff6f47;color:#1d1e24}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ff6f47}.panel-warning>.panel-heading .badge{background-color:#1d1e24;color:#ff977a}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ff6f47}.panel-danger{border-color:#f33}.panel-danger>.panel-heading{background-color:#f66;border-color:#f33;color:#1d1e24}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#f33}.panel-danger>.panel-heading .badge{background-color:#1d1e24;color:#f66}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#f33}.popover{word-wrap:normal;background-clip:padding-box;background-color:#1d1e24;border:1px solid #343741;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;left:0;letter-spacing:normal;line-break:auto;line-height:1.42857143;max-width:276px;padding:1px;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;top:0;white-space:normal;word-break:normal;word-spacing:normal;z-index:1010}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{background-color:#16171c;border-bottom:1px solid #0b0b0d;border-radius:3px 3px 0 0;font-size:14px;margin:0;padding:8px 14px}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{border-color:#0000;border-style:solid;display:block;height:0;position:absolute;width:0}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{border-bottom-width:0;border-top-color:#343741;bottom:-11px;left:50%;margin-left:-11px}.popover.top>.arrow:after{border-bottom-width:0;border-top-color:#1d1e24;bottom:1px;content:" ";margin-left:-10px}.popover.right>.arrow{border-left-width:0;border-right-color:#343741;left:-11px;margin-top:-11px;top:50%}.popover.right>.arrow:after{border-left-width:0;border-right-color:#1d1e24;bottom:-10px;content:" ";left:1px}.popover.bottom>.arrow{border-bottom-color:#343741;border-top-width:0;left:50%;margin-left:-11px;top:-11px}.popover.bottom>.arrow:after{border-bottom-color:#1d1e24;border-top-width:0;content:" ";margin-left:-10px;top:1px}.popover.left>.arrow{border-left-color:#343741;border-right-width:0;margin-top:-11px;right:-11px;top:50%}.popover.left>.arrow:after{border-left-color:#1d1e24;border-right-width:0;bottom:-10px;content:" ";right:1px}.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{content:" ";display:table}.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{background-color:initial;border:0;color:#0000;font:0/0 a;text-shadow:none}.hidden{display:none!important}.affix{position:fixed}.navbar>.container-fluid>.navbar-form:not(.pull-right):first-child,.navbar>.container-fluid>.navbar-nav:not(.pull-right):first-child{margin-left:-15px;margin-top:4px}.navbar{border-width:0}.navbar-btn-link{border-radius:0;margin:0}@media (max-width:768px){.navbar-btn-link{text-align:left;width:100%}}.navbar-default .badge{background-color:#1d1e24;color:#000}.navbar-inverse .kbnGlobalNav__logoBrand{background-color:#fff;height:45px;width:252px}.navbar-inverse .kbnGlobalNav__smallLogoBrand{background-color:#fff;height:45px;width:45px}.navbar-inverse .badge{background-color:#1d1e24;color:#fff}.navbar-brand{cursor:default;font-size:1.8em;user-select:none}.navbar-nav{font-size:12px}.navbar-nav>.active>a{background-color:initial;border-bottom-color:#ababab}.navbar-toggle{margin-top:4px}.text-primary,.text-primary:hover{color:#f5f7fa}.text-success,.text-success:hover{color:#7de2d1}.text-danger,.text-danger:hover{color:#f66}.text-warning,.text-warning:hover{color:#ff977a}.text-info,.text-info:hover{color:#1ba9f5}.table .danger,.table .danger a,.table .info,.table .info a,.table .success,.table .success a,.table .warning,.table .warning a,table .danger,table .danger a,table .info,table .info a,table .success,table .success a,table .warning,table .warning a{color:#1d1e24}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #343741}.form-control{border-width:1px}.form-control,.form-control:focus{-webkit-box-shadow:none;box-shadow:none}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .form-control-feedback,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline{color:#ff977a}.has-warning .form-control,.has-warning .form-control:focus{border:1px solid #ff977a}.has-warning .input-group-addon{border-color:#ff977a}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .form-control-feedback,.has-error .help-block,.has-error .radio,.has-error .radio-inline{color:#f66}.has-error .form-control,.has-error .form-control:focus{border:1px solid #f66}.has-error .input-group-addon{border-color:#f66}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .form-control-feedback,.has-success .help-block,.has-success .radio,.has-success .radio-inline{color:#7de2d1}.has-success .form-control,.has-success .form-control:focus{border:solid #7de2d1}.has-success .input-group-addon{border-color:#7de2d1}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{border-color:#0000}.pager a,.pager a:hover{color:#1d1e24}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:#26262600}.panel{border-radius:0;-webkit-box-shadow:0 0 0 #0000;box-shadow:0 0 0 #0000}.progress{-webkit-box-shadow:none;box-shadow:none}.progress .progress-bar{font-size:10px;line-height:10px}.well{-webkit-box-shadow:none;box-shadow:none}
\ No newline at end of file
diff --git a/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.css b/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.css
index c5c639f60e3be..26340bed55596 100644
--- a/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.css
+++ b/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.css
@@ -4324,14 +4324,12 @@ table .info a,
 .table-bordered > tfoot > tr > td {
   border: 1px solid #D3DAE6;
 }
-.form-control,
-input {
+.form-control {
   border-width: 1px;
   -webkit-box-shadow: none;
   box-shadow: none;
 }
-.form-control:focus,
-input:focus {
+.form-control:focus {
   -webkit-box-shadow: none;
   box-shadow: none;
 }
diff --git a/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.min.css b/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.min.css
index 3dece6ea03d7e..797b9ff701244 100644
--- a/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.min.css
+++ b/packages/core/apps/core-apps-server-internal/assets/legacy_light_theme.min.css
@@ -2,4 +2,4 @@
  * Bootstrap v3.3.6 (http://getbootstrap.com)
  * Copyright 2011-2015 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
- */.container{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{min-height:1px;padding-left:15px;padding-right:15px;position:relative}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}.table{font-size:14px;margin-bottom:20px;max-width:100%;width:100%}.table thead{font-size:12px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{border-top:1px solid #d3dae6;line-height:1.42857143;padding:8px;vertical-align:top}.table>thead>tr>th{border-bottom:1px solid #d3dae6;vertical-align:bottom}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #d3dae6}.table .table{background-color:#fff}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{font-size:12px;padding:5px}.table-bordered{border:1px solid #d3dae6}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-hover>tbody>tr:hover,.table-striped>tbody>tr:nth-of-type(odd){background-color:#d3dae6}table col[class*=col-]{display:table-column;float:none;position:static}table td[class*=col-],table th[class*=col-]{display:table-cell;float:none;position:static}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#d3dae6}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#c3ccdd}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#017d73}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#01645c}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#006bb4}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#005c9b}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#f5a700}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#dc9600}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#bd271e}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#a7221b}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #d3dae6;margin-bottom:15px;overflow-y:hidden;width:100%}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}.form-control{background-color:#fafbfd;background-image:none;border:1px solid #d3dae6;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);color:#343741;display:block;font-size:14px;height:32px;line-height:1.42857143;padding:5px 15px;-webkit-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-o-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;width:100%}.form-control:focus{border-color:#006bb4;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #006bb499;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #006bb499;outline:0}.form-control::-moz-placeholder{color:#98a2b3;opacity:1}.form-control:-ms-input-placeholder{color:#98a2b3}.form-control::-webkit-input-placeholder{color:#98a2b3}.form-control::-ms-expand{background-color:initial;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#d3dae6;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}.form-group:not(:empty){margin-bottom:15px}.checkbox,.radio{display:block;margin-bottom:10px;margin-top:10px;position:relative}.checkbox label,.radio label{cursor:pointer;font-weight:400;margin-bottom:0;min-height:20px;padding-left:20px}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{margin-left:-20px;margin-top:4px\9;position:absolute}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{cursor:pointer;display:inline-block;font-weight:400;margin-bottom:0;padding-left:20px;position:relative;vertical-align:middle}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-left:10px;margin-top:0}.checkbox-inline.disabled,.checkbox.disabled label,.radio-inline.disabled,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio label,fieldset[disabled] .radio-inline{cursor:not-allowed}.form-control-static{margin-bottom:0;min-height:34px;padding-bottom:6px;padding-top:6px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-sm{height:32px;line-height:32px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}.form-group-sm select.form-control{height:32px;line-height:32px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{font-size:12px;height:32px;line-height:1.5;min-height:32px;padding:7px 9px}.input-lg{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-lg{height:62px;line-height:62px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}.form-group-lg select.form-control{height:62px;line-height:62px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{font-size:18px;height:62px;line-height:1.3333333;min-height:38px;padding:19px 27px}.has-feedback{position:relative}.has-feedback .form-control{padding-right:40px}.form-control-feedback{display:block;height:32px;line-height:32px;pointer-events:none;position:absolute;right:0;text-align:center;top:0;width:32px;z-index:2}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{height:62px;line-height:62px;width:62px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{height:32px;line-height:32px;width:32px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#fff}.has-success .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-success .input-group-addon{background-color:#017d73;border-color:#fff;color:#fff}.has-success .form-control-feedback,.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#fff}.has-warning .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-warning .input-group-addon{background-color:#f5a700;border-color:#fff;color:#fff}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label,.has-warning .form-control-feedback{color:#fff}.has-error .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-error .input-group-addon{background-color:#bd271e;border-color:#fff;color:#fff}.has-error .form-control-feedback{color:#fff}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{color:#6d7388;display:block;margin-bottom:10px;margin-top:5px}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;vertical-align:middle;width:auto}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{margin-left:0;position:relative}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{margin-bottom:0;margin-top:0;padding-top:6px}.form-horizontal .checkbox,.form-horizontal .radio{min-height:26px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{margin-bottom:0;padding-top:6px;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{font-size:18px;padding-top:19px}.form-horizontal .form-group-sm .control-label{font-size:12px;padding-top:7px}}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-muted{color:#b2bac6}.text-primary{color:#343741}a.text-primary:focus,a.text-primary:hover{color:#1d1f25}.text-success{color:#fff}a.text-success:focus,a.text-success:hover{color:#e6e6e6}.text-info{color:#fff}a.text-info:focus,a.text-info:hover{color:#e6e6e6}.text-warning{color:#fff}a.text-warning:focus,a.text-warning:hover{color:#e6e6e6}.text-danger{color:#fff}a.text-danger:focus,a.text-danger:hover{color:#e6e6e6}.bg-info{background-color:#006bb4}a.bg-info:focus,a.bg-info:hover{background-color:#004d81}.list-unstyled{list-style:none;padding-left:0}@media (min-width:0){.dl-horizontal dt{clear:left;float:left;overflow:hidden;text-align:right;text-overflow:ellipsis;white-space:nowrap;width:160px}.dl-horizontal dd{margin-left:180px}}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{height:0;overflow:hidden;position:relative;-webkit-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;transition-property:height,visibility;-webkit-transition-timing-function:ease;transition-timing-function:ease}.btn{background-image:none;border:1px solid #0000;border-radius:4px;cursor:pointer;display:inline-block;font-size:14px;font-weight:400;line-height:1.42857143;margin-bottom:0;padding:5px 15px;text-align:center;touch-action:manipulation;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;vertical-align:middle;white-space:nowrap}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{box-shadow:0 0 0 1px #fff,0 0 0 2px #0079a5}.btn.focus,.btn:focus,.btn:hover{color:#fff;text-decoration:none}.btn.active,.btn:active{background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125);outline:0}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{-webkit-box-shadow:none;box-shadow:none;cursor:not-allowed;filter:alpha(opacity=65);opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{background-color:#006bb4;border-color:#006bb4;color:#fff}.btn-default.focus,.btn-default:focus{background-color:#004d81;border-color:#001f35;color:#fff}.btn-default.active,.btn-default:active,.btn-default:hover,.open>.dropdown-toggle.btn-default{background-color:#004d81;border-color:#004777;color:#fff}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{background-color:#00375d;border-color:#001f35;color:#fff}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#006bb4;border-color:#006bb4}.btn-default .badge{background-color:#fff;color:#006bb4}.btn-primary{background-color:#006bb4;border-color:#006bb4;color:#fff}.btn-primary.focus,.btn-primary:focus{background-color:#004d81;border-color:#001f35;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:hover,.open>.dropdown-toggle.btn-primary{background-color:#004d81;border-color:#004777;color:#fff}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{background-color:#00375d;border-color:#001f35;color:#fff}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#006bb4;border-color:#006bb4}.btn-primary .badge{background-color:#fff;color:#006bb4}.btn-xs{border-radius:4px;font-size:12px;line-height:1.5;padding:1px 5px}.navbar{border:1px solid #0000;margin-bottom:0;min-height:45px;position:relative}@media (min-width:0){.navbar{border-radius:4px}.navbar-header{float:left}}.navbar-collapse{-webkit-overflow-scrolling:touch;border-top:1px solid #0000;box-shadow:inset 0 1px 0 #ffffff1a;overflow-x:visible;padding-left:10px;padding-right:10px}.navbar-collapse.in{overflow-y:auto}@media (min-width:0){.navbar-collapse{border-top:0;box-shadow:none;width:auto}.navbar-collapse.collapse{display:block!important;height:auto!important;overflow:visible!important;padding-bottom:0}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:-10px;margin-right:-10px}@media (min-width:0){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:0;margin-right:0}}.navbar-fixed-bottom,.navbar-fixed-top{left:0;position:fixed;right:0;z-index:1050}@media (min-width:0){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{border-width:0 0 1px;top:0}.navbar-fixed-bottom{border-width:1px 0 0;bottom:0;margin-bottom:0}.navbar-brand{float:left;font-size:18px;height:45px;line-height:20px;padding:12.5px 10px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:0){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-10px}}.navbar-toggle{background-color:initial;background-image:none;border:1px solid #0000;border-radius:4px;float:right;margin-bottom:5.5px;margin-right:10px;margin-top:5.5px;padding:9px 10px;position:relative}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{border-radius:1px;display:block;height:2px;width:22px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:0){.navbar-toggle{display:none}}.navbar-nav{margin:6.25px -10px}.navbar-nav>li>a{line-height:20px;padding-bottom:10px;padding-top:10px}@media (max-width:-1){.navbar-nav .open .dropdown-menu{background-color:initial;border:0;box-shadow:none;float:none;margin-top:0;position:static;width:auto}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:0){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-bottom:12.5px;padding-top:12.5px}}.navbar-form{border-bottom:1px solid #0000;border-top:1px solid #0000;-webkit-box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;margin:6.5px -10px;padding:10px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;vertical-align:middle;width:auto}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{margin-left:0;position:relative}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:-1){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:0){.navbar-form{border:0;-webkit-box-shadow:none;box-shadow:none;margin-left:0;margin-right:0;padding-bottom:0;padding-top:0;width:auto}}.navbar-nav>li>.dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-left-radius:0;border-bottom-right-radius:0;border-top-left-radius:4px;border-top-right-radius:4px;margin-bottom:0}.navbar-text{margin-bottom:12.5px;margin-top:12.5px}@media (min-width:0){.navbar-text{float:left;margin-left:10px;margin-right:10px}.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-10px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f5f7fa;border-color:#0000}.navbar-default .navbar-brand{color:#69707d}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav>li>a,.navbar-default .navbar-text{color:#69707d}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{background-color:initial;color:#343741}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-toggle{border-color:#d3dce9}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#d3dce9}.navbar-default .navbar-toggle .icon-bar{background-color:#fff}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#0000}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{background-color:initial;color:#343741}@media (max-width:-1){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#69707d}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:initial;color:#343741}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#69707d}}.navbar-default .navbar-link,.navbar-default .navbar-link:hover{color:#69707d}.navbar-inverse{background-color:#343741;border-color:#1d1f25}.navbar-inverse .navbar-brand{color:#fff}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{background-color:#4b4f5d;color:#fff}.navbar-inverse .navbar-text{color:#fff}.navbar-inverse .navbar-nav>li>a{color:#d3dae6}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{background-color:#61677a;color:#fff}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{background-color:#69707d;color:#fff}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{background-color:initial;color:#b2bac6}.navbar-inverse .navbar-toggle{border-color:#1d1f25}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#1d1f25}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#24262d}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{background-color:#69707d;color:#fff}@media (max-width:-1){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#1d1f25}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#1d1f25}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#d3dae6}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{background-color:#61677a;color:#fff}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:#69707d;color:#fff}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#b2bac6}}.navbar-inverse .navbar-link{color:#d3dae6}.navbar-inverse .navbar-link:hover{color:#fff}.close{color:#000;filter:alpha(opacity=20);float:right;font-size:21px;font-weight:700;line-height:1;opacity:.2;text-shadow:none}.close:focus,.close:hover{color:#000;cursor:pointer;filter:alpha(opacity=50);opacity:.5;text-decoration:none}button.close{-webkit-appearance:none;background:#0000;border:0;cursor:pointer;padding:0}.modal,.modal-open{overflow:hidden}.modal{-webkit-overflow-scrolling:touch;bottom:0;display:none;left:0;outline:0;position:fixed;right:0;top:0;z-index:1070}.modal.fade .modal-dialog{-webkit-transform:translateY(-25%);-ms-transform:translateY(-25%);-o-transform:translateY(-25%);transform:translateY(-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0);-ms-transform:translate(0);-o-transform:translate(0);transform:translate(0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{margin:10px;position:relative;width:auto}.modal-content{background-clip:padding-box;background-color:#fff;border:1px solid #0003;border-radius:4px;-webkit-box-shadow:0 3px 9px #00000080;box-shadow:0 3px 9px #00000080;outline:0;position:relative}.modal-backdrop{background-color:#000;bottom:0;left:0;position:fixed;right:0;top:0;z-index:1060}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{border-bottom:1px solid #e5e5e5;padding:15px}.modal-header .close{margin-top:-2px}.modal-title{line-height:1.42857143;margin:0}.modal-body{padding:15px;position:relative}.modal-footer{border-top:1px solid #e5e5e5;padding:15px;text-align:right}.modal-scrollbar-measure{height:50px;overflow:scroll;position:absolute;top:-9999px;width:50px}@media (min-width:768px){.modal-dialog{margin:30px auto;width:600px}.modal-content{-webkit-box-shadow:0 5px 15px #00000080;box-shadow:0 5px 15px #00000080}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}@-webkit-keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}.progress{background-color:#b8bec8;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px #0000001a;box-shadow:inset 0 1px 2px #0000001a;height:20px;margin-bottom:20px;overflow:hidden}.progress-bar{background-color:#54b399;color:#fff;float:left;font-size:12px;height:100%;line-height:20px;text-align:center;-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease;width:0}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#017d73}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-info{background-color:#006bb4}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-warning{background-color:#f5a700}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-danger{background-color:#bd271e}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{background-color:#fff;border:1px solid #d3dae6;display:block;margin-bottom:-1px;padding:10px 15px;position:relative}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{border-bottom-left-radius:4px;border-bottom-right-radius:4px;margin-bottom:0}.list-group-item--noBorder{border-top:0}a.list-group-item,button.list-group-item{color:#69707d}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#343741}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{background-color:#f5f7fa;color:#69707d;text-decoration:none}button.list-group-item{text-align:left;width:100%}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{background-color:#d3dae6;color:#b2bac6;cursor:not-allowed}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#b2bac6}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{background-color:#343741;border-color:#343741;color:#343741;z-index:2}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#969bab}.list-group-item-success{background-color:#017d73;color:#fff}a.list-group-item-success,button.list-group-item-success{color:#fff}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{background-color:#01645c;color:#fff}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-info{background-color:#006bb4;color:#fff}a.list-group-item-info,button.list-group-item-info{color:#fff}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{background-color:#005c9b;color:#fff}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-warning{background-color:#f5a700;color:#fff}a.list-group-item-warning,button.list-group-item-warning{color:#fff}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{background-color:#dc9600;color:#fff}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-danger{background-color:#bd271e;color:#fff}a.list-group-item-danger,button.list-group-item-danger{color:#fff}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{background-color:#a7221b;color:#fff}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-heading{margin-bottom:5px;margin-top:0}.list-group-item-text{line-height:1.3;margin-bottom:0}.nav{list-style:none;margin-bottom:0;padding-left:0}.nav>li,.nav>li>a{display:block;position:relative}.nav>li>a{padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{background-color:#d3dae6;text-decoration:none}.nav>li.disabled>a{color:#b2bac6}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{background-color:initial;color:#b2bac6;cursor:not-allowed;text-decoration:none}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#d3dae6;border-color:#006bb4}.nav .nav-divider{background-color:#e5e5e5;height:1px;margin:9px 0;overflow:hidden}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #d3dae6}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{border:1px solid #0000;border-radius:4px 4px 0 0;line-height:1.42857143;margin-right:2px}.nav-tabs>li>a:hover{background-color:#fff;border-color:#d3dae6}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{background-color:#fff;border:1px solid #d3dae6;border-bottom-color:#0000;color:#343741;cursor:default}.nav-tabs.nav-justified{border-bottom:0;width:100%}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #fff}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #fff;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{background-color:#006bb4;color:#fff}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-left:0;margin-top:2px}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #fff}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #fff;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:-1px}.alert{border:1px solid #0000;border-radius:4px;margin-bottom:20px;padding:15px}.alert h4{color:inherit;margin-top:0}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{color:inherit;position:relative;right:-21px;top:-2px}.alert-success{background-color:#017d73;border-color:#014a44;color:#fff}.alert-success hr{border-top-color:#00312d}.alert-success .alert-link{color:#e6e6e6}.alert-info{background-color:#006bb4;border-color:#004d81;color:#fff}.alert-info hr{border-top-color:#003e68}.alert-info .alert-link{color:#e6e6e6}.alert-warning{background-color:#f5a700;border-color:#c28400;color:#fff}.alert-warning hr{border-top-color:#a97300}.alert-warning .alert-link{color:#e6e6e6}.alert-danger{background-color:#bd271e;border-color:#911e17;color:#fff}.alert-danger hr{border-top-color:#7b1914}.alert-danger .alert-link{color:#e6e6e6}.bsTooltip{word-wrap:normal;display:block;filter:alpha(opacity=0);font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;line-break:auto;line-height:1.42857143;opacity:0;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;white-space:normal;word-break:normal;word-spacing:normal;z-index:1040}.bsTooltip.in{filter:alpha(opacity=80);opacity:.8}.bsTooltip.top{margin-top:-3px;padding:5px 0}.bsTooltip.right{margin-left:3px;padding:0 5px}.bsTooltip.bottom{margin-top:3px;padding:5px 0}.bsTooltip.left{margin-left:-3px;padding:0 5px}.bsTooltip-inner{background-color:#000;border-radius:4px;color:#fff;max-width:200px;padding:3px 8px;text-align:center}.bsTooltip-arrow{border-color:#0000;border-style:solid;height:0;position:absolute;width:0}.bsTooltip.top .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:50%;margin-left:-5px}.bsTooltip.top-left .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;margin-bottom:-5px;right:5px}.bsTooltip.top-right .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:5px;margin-bottom:-5px}.bsTooltip.right .bsTooltip-arrow{border-right-color:#000;border-width:5px 5px 5px 0;left:0;margin-top:-5px;top:50%}.bsTooltip.left .bsTooltip-arrow{border-left-color:#000;border-width:5px 0 5px 5px;margin-top:-5px;right:0;top:50%}.bsTooltip.bottom .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:50%;margin-left:-5px;top:0}.bsTooltip.bottom-left .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;margin-top:-5px;right:5px;top:0}.bsTooltip.bottom-right .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:5px;margin-top:-5px;top:0}.visible-lg,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}.visible-xs-block{display:block!important}.visible-xs-inline{display:inline!important}.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}.visible-sm-block{display:block!important}.visible-sm-inline{display:inline!important}.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}.visible-md-block{display:block!important}.visible-md-inline{display:inline!important}.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}.visible-lg-block{display:block!important}.visible-lg-inline{display:inline!important}.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}.hidden-print{display:none!important}}.caret{border-left:4px solid #0000;border-right:4px solid #0000;border-top:4px dashed;border-top:4px solid\9;display:inline-block;height:0;margin-left:2px;vertical-align:middle;width:0}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{background-clip:padding-box;background-color:#fff;border:1px solid #d3dae6;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;float:left;font-size:14px;left:0;list-style:none;margin:2px 0 0;min-width:160px;padding:5px 0;position:absolute;text-align:left;top:100%;z-index:1000}.dropdown-menu.pull-right{left:auto;right:0}.dropdown-menu .divider{background-color:#d3dae6;height:1px;margin:9px 0;overflow:hidden}.dropdown-menu>li>a,.dropdown-menu>li>button{clear:both;color:#7b7b7b;display:block;font-weight:400;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-menu>li>button{appearance:none;background:none;border:none;text-align:left;width:100%}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover,.dropdown-menu>li>button:focus,.dropdown-menu>li>button:hover{background-color:#343741;color:#fff;text-decoration:none}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>button,.dropdown-menu>.active>button:focus,.dropdown-menu>.active>button:hover{background-color:#343741;color:#fff;outline:0;text-decoration:none}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#98a2b3}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{background-color:initial;background-image:none;cursor:not-allowed;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);text-decoration:none}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{color:#98a2b3;display:block;font-size:12px;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-backdrop{bottom:0;left:0;position:fixed;right:0;top:0;z-index:990}.pull-right>.dropdown-menu{left:auto;right:0}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-bottom:4px dashed;border-bottom:4px solid\9;border-top:0;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{bottom:100%;margin-bottom:2px;top:auto}@media (min-width:0){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.input-group{border-collapse:initial;display:table;position:relative}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{float:left;margin-bottom:0;position:relative;width:100%;z-index:2}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon{height:62px;line-height:62px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon{height:32px;line-height:32px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon{height:auto}.input-group .form-control,.input-group-addon{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child){border-radius:0}.input-group-addon{background-color:#d3dae6;border:1px solid #d3dae6;border-radius:4px;color:#343741;font-size:14px;font-weight:400;line-height:1;padding:5px 15px;text-align:center;vertical-align:middle;white-space:nowrap;width:1%}.input-group-addon.input-sm{border-radius:4px;font-size:12px;padding:6px 9px}.input-group-addon.input-lg{border-radius:4px;font-size:18px;padding:18px 27px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.pagination{border-radius:4px;display:inline-block;margin:20px 0;padding-left:0}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{background-color:initial;border:1px solid #0000;color:#006bb4;float:left;line-height:1.42857143;margin-left:-1px;padding:5px 15px;position:relative;text-decoration:none}.pagination>li:first-child>a,.pagination>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px;margin-left:0}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{background-color:#0000;border-color:#0000;color:#006bb4;z-index:2}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{background-color:#0000;border-color:#0000;color:#343741;cursor:default;z-index:3}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{background-color:#26262600;border-color:#0000;color:#343741;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{font-size:18px;line-height:1.3333333;padding:18px 27px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination-sm>li>a,.pagination-sm>li>span{font-size:12px;line-height:1.5;padding:6px 9px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pager{list-style:none;margin:20px 0;padding-left:0;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{background-color:initial;border:1px solid #0000;border-radius:0;display:inline-block;padding:5px 14px}.pager li>a:focus,.pager li>a:hover{background-color:#0000;text-decoration:none}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:initial;color:#fff;cursor:not-allowed}.label{border-radius:.25em;color:#fff;display:inline;font-size:75%;font-weight:700;line-height:1;padding:.2em .6em .3em;text-align:center;vertical-align:initial;white-space:nowrap}a.label:focus,a.label:hover{color:#fff;cursor:pointer;text-decoration:none}.label:empty{display:none}.label-default{background-color:#006bb4}.label-default[href]:focus,.label-default[href]:hover{background-color:#004d81}.label-primary{background-color:#343741}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#1d1f25}.label-success{background-color:#017d73}.label-success[href]:focus,.label-success[href]:hover{background-color:#014a44}.label-info{background-color:#006bb4}.label-info[href]:focus,.label-info[href]:hover{background-color:#004d81}.label-warning{background-color:#f5a700}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#c28400}.label-danger{background-color:#bd271e}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#911e17}.panel{background-color:#fff;border:1px solid #0000;border-radius:4px;-webkit-box-shadow:0 1px 1px #0000000d;box-shadow:0 1px 1px #0000000d;margin-bottom:20px}.panel-body{padding:15px}.panel-heading{border-bottom:1px solid #0000;border-top-left-radius:3px;border-top-right-radius:3px;padding:10px 15px}.panel-heading>.dropdown .dropdown-toggle,.panel-title{color:inherit}.panel-title{font-size:16px;margin-bottom:0;margin-top:0}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{background-color:#f5f7fa;border-bottom-left-radius:3px;border-bottom-right-radius:3px;border-top:1px solid #d3dae6;padding:10px 15px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-radius:0;border-width:1px 0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.list-group+.panel-footer,.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-left:15px;padding-right:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #d3dae6}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{border-radius:4px;margin-bottom:0}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #d3dae6}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #d3dae6}.panel-default{border-color:#d3dae6}.panel-default>.panel-heading{background-color:#f5f7fa;border-color:#d3dae6;color:#7b7b7b}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d3dae6}.panel-default>.panel-heading .badge{background-color:#7b7b7b;color:#f5f7fa}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d3dae6}.panel-primary{border-color:#343741}.panel-primary>.panel-heading{background-color:#343741;border-color:#343741;color:#fff}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#343741}.panel-primary>.panel-heading .badge{background-color:#fff;color:#343741}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#343741}.panel-success{border-color:#014a44}.panel-success>.panel-heading{background-color:#017d73;border-color:#014a44;color:#fff}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#014a44}.panel-success>.panel-heading .badge{background-color:#fff;color:#017d73}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#014a44}.panel-info{border-color:#004d81}.panel-info>.panel-heading{background-color:#006bb4;border-color:#004d81;color:#fff}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#004d81}.panel-info>.panel-heading .badge{background-color:#fff;color:#006bb4}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#004d81}.panel-warning{border-color:#c28400}.panel-warning>.panel-heading{background-color:#f5a700;border-color:#c28400;color:#fff}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#c28400}.panel-warning>.panel-heading .badge{background-color:#fff;color:#f5a700}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#c28400}.panel-danger{border-color:#911e17}.panel-danger>.panel-heading{background-color:#bd271e;border-color:#911e17;color:#fff}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#911e17}.panel-danger>.panel-heading .badge{background-color:#fff;color:#bd271e}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#911e17}.popover{word-wrap:normal;background-clip:padding-box;background-color:#fff;border:1px solid #d3dae6;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;left:0;letter-spacing:normal;line-break:auto;line-height:1.42857143;max-width:276px;padding:1px;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;top:0;white-space:normal;word-break:normal;word-spacing:normal;z-index:1010}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:3px 3px 0 0;font-size:14px;margin:0;padding:8px 14px}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{border-color:#0000;border-style:solid;display:block;height:0;position:absolute;width:0}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{border-bottom-width:0;border-top-color:#d3dae6;bottom:-11px;left:50%;margin-left:-11px}.popover.top>.arrow:after{border-bottom-width:0;border-top-color:#fff;bottom:1px;content:" ";margin-left:-10px}.popover.right>.arrow{border-left-width:0;border-right-color:#d3dae6;left:-11px;margin-top:-11px;top:50%}.popover.right>.arrow:after{border-left-width:0;border-right-color:#fff;bottom:-10px;content:" ";left:1px}.popover.bottom>.arrow{border-bottom-color:#d3dae6;border-top-width:0;left:50%;margin-left:-11px;top:-11px}.popover.bottom>.arrow:after{border-bottom-color:#fff;border-top-width:0;content:" ";margin-left:-10px;top:1px}.popover.left>.arrow{border-left-color:#d3dae6;border-right-width:0;margin-top:-11px;right:-11px;top:50%}.popover.left>.arrow:after{border-left-color:#fff;border-right-width:0;bottom:-10px;content:" ";right:1px}.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{content:" ";display:table}.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{background-color:initial;border:0;color:#0000;font:0/0 a;text-shadow:none}.hidden{display:none!important}.affix{position:fixed}.navbar>.container-fluid>.navbar-form:not(.pull-right):first-child,.navbar>.container-fluid>.navbar-nav:not(.pull-right):first-child{margin-left:-15px;margin-top:4px}.navbar{border-width:0}.navbar-btn-link{border-radius:0;margin:0}@media (max-width:768px){.navbar-btn-link{text-align:left;width:100%}}.navbar-default .badge{background-color:#fff;color:#f5f7fa}.navbar-inverse .kbnGlobalNav__logoBrand{background-color:#4b4f5d;height:45px;width:252px}.navbar-inverse .kbnGlobalNav__smallLogoBrand{background-color:#4b4f5d;height:45px;width:45px}.navbar-inverse .badge{background-color:#fff;color:#4b4f5d}.navbar-brand{cursor:default;font-size:1.8em;user-select:none}.navbar-nav{font-size:12px}.navbar-nav>.active>a{background-color:initial;border-bottom-color:#7b7b7b}.navbar-toggle{margin-top:4px}.text-primary,.text-primary:hover{color:#343741}.text-success,.text-success:hover{color:#017d73}.text-danger,.text-danger:hover{color:#bd271e}.text-warning,.text-warning:hover{color:#f5a700}.text-info,.text-info:hover{color:#006bb4}.table .danger,.table .danger a,.table .info,.table .info a,.table .success,.table .success a,.table .warning,.table .warning a,table .danger,table .danger a,table .info,table .info a,table .success,table .success a,table .warning,table .warning a{color:#fff}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #d3dae6}.form-control,input{border-width:1px}.form-control,.form-control:focus,input,input:focus{-webkit-box-shadow:none;box-shadow:none}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .form-control-feedback,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline{color:#f5a700}.has-warning .form-control,.has-warning .form-control:focus{border:1px solid #f5a700}.has-warning .input-group-addon{border-color:#f5a700}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .form-control-feedback,.has-error .help-block,.has-error .radio,.has-error .radio-inline{color:#bd271e}.has-error .form-control,.has-error .form-control:focus{border:1px solid #bd271e}.has-error .input-group-addon{border-color:#bd271e}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .form-control-feedback,.has-success .help-block,.has-success .radio,.has-success .radio-inline{color:#017d73}.has-success .form-control,.has-success .form-control:focus{border:solid #017d73}.has-success .input-group-addon{border-color:#017d73}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{border-color:#0000}.pager a,.pager a:hover{color:#fff}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:#26262600}.panel{border-radius:0;-webkit-box-shadow:0 0 0 #0000;box-shadow:0 0 0 #0000}.progress{-webkit-box-shadow:none;box-shadow:none}.progress .progress-bar{font-size:10px;line-height:10px}.well{-webkit-box-shadow:none;box-shadow:none}
\ No newline at end of file
+ */.container{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-left:auto;margin-right:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{min-height:1px;padding-left:15px;padding-right:15px;position:relative}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}.table{font-size:14px;margin-bottom:20px;max-width:100%;width:100%}.table thead{font-size:12px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{border-top:1px solid #d3dae6;line-height:1.42857143;padding:8px;vertical-align:top}.table>thead>tr>th{border-bottom:1px solid #d3dae6;vertical-align:bottom}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #d3dae6}.table .table{background-color:#fff}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{font-size:12px;padding:5px}.table-bordered{border:1px solid #d3dae6}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-hover>tbody>tr:hover,.table-striped>tbody>tr:nth-of-type(odd){background-color:#d3dae6}table col[class*=col-]{display:table-column;float:none;position:static}table td[class*=col-],table th[class*=col-]{display:table-cell;float:none;position:static}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#d3dae6}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#c3ccdd}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#017d73}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#01645c}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#006bb4}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#005c9b}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#f5a700}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#dc9600}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#bd271e}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#a7221b}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #d3dae6;margin-bottom:15px;overflow-y:hidden;width:100%}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}.form-control{background-color:#fafbfd;background-image:none;border:1px solid #d3dae6;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);color:#343741;display:block;font-size:14px;height:32px;line-height:1.42857143;padding:5px 15px;-webkit-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-o-transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;width:100%}.form-control:focus{border-color:#006bb4;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #006bb499;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px #006bb499;outline:0}.form-control::-moz-placeholder{color:#98a2b3;opacity:1}.form-control:-ms-input-placeholder{color:#98a2b3}.form-control::-webkit-input-placeholder{color:#98a2b3}.form-control::-ms-expand{background-color:initial;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#d3dae6;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}.form-group:not(:empty){margin-bottom:15px}.checkbox,.radio{display:block;margin-bottom:10px;margin-top:10px;position:relative}.checkbox label,.radio label{cursor:pointer;font-weight:400;margin-bottom:0;min-height:20px;padding-left:20px}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{margin-left:-20px;margin-top:4px\9;position:absolute}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{cursor:pointer;display:inline-block;font-weight:400;margin-bottom:0;padding-left:20px;position:relative;vertical-align:middle}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-left:10px;margin-top:0}.checkbox-inline.disabled,.checkbox.disabled label,.radio-inline.disabled,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio label,fieldset[disabled] .radio-inline{cursor:not-allowed}.form-control-static{margin-bottom:0;min-height:34px;padding-bottom:6px;padding-top:6px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-sm{height:32px;line-height:32px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}.form-group-sm select.form-control{height:32px;line-height:32px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{font-size:12px;height:32px;line-height:1.5;min-height:32px;padding:7px 9px}.input-lg{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-lg{height:62px;line-height:62px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}.form-group-lg select.form-control{height:62px;line-height:62px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{font-size:18px;height:62px;line-height:1.3333333;min-height:38px;padding:19px 27px}.has-feedback{position:relative}.has-feedback .form-control{padding-right:40px}.form-control-feedback{display:block;height:32px;line-height:32px;pointer-events:none;position:absolute;right:0;text-align:center;top:0;width:32px;z-index:2}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{height:62px;line-height:62px;width:62px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{height:32px;line-height:32px;width:32px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#fff}.has-success .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-success .input-group-addon{background-color:#017d73;border-color:#fff;color:#fff}.has-success .form-control-feedback,.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#fff}.has-warning .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-warning .input-group-addon{background-color:#f5a700;border-color:#fff;color:#fff}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label,.has-warning .form-control-feedback{color:#fff}.has-error .form-control{border-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#e6e6e6;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #fff}.has-error .input-group-addon{background-color:#bd271e;border-color:#fff;color:#fff}.has-error .form-control-feedback{color:#fff}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{color:#6d7388;display:block;margin-bottom:10px;margin-top:5px}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;vertical-align:middle;width:auto}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{margin-left:0;position:relative}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{margin-bottom:0;margin-top:0;padding-top:6px}.form-horizontal .checkbox,.form-horizontal .radio{min-height:26px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{margin-bottom:0;padding-top:6px;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{font-size:18px;padding-top:19px}.form-horizontal .form-group-sm .control-label{font-size:12px;padding-top:7px}}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-muted{color:#b2bac6}.text-primary{color:#343741}a.text-primary:focus,a.text-primary:hover{color:#1d1f25}.text-success{color:#fff}a.text-success:focus,a.text-success:hover{color:#e6e6e6}.text-info{color:#fff}a.text-info:focus,a.text-info:hover{color:#e6e6e6}.text-warning{color:#fff}a.text-warning:focus,a.text-warning:hover{color:#e6e6e6}.text-danger{color:#fff}a.text-danger:focus,a.text-danger:hover{color:#e6e6e6}.bg-info{background-color:#006bb4}a.bg-info:focus,a.bg-info:hover{background-color:#004d81}.list-unstyled{list-style:none;padding-left:0}@media (min-width:0){.dl-horizontal dt{clear:left;float:left;overflow:hidden;text-align:right;text-overflow:ellipsis;white-space:nowrap;width:160px}.dl-horizontal dd{margin-left:180px}}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{height:0;overflow:hidden;position:relative;-webkit-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;transition-property:height,visibility;-webkit-transition-timing-function:ease;transition-timing-function:ease}.btn{background-image:none;border:1px solid #0000;border-radius:4px;cursor:pointer;display:inline-block;font-size:14px;font-weight:400;line-height:1.42857143;margin-bottom:0;padding:5px 15px;text-align:center;touch-action:manipulation;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;vertical-align:middle;white-space:nowrap}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{box-shadow:0 0 0 1px #fff,0 0 0 2px #0079a5}.btn.focus,.btn:focus,.btn:hover{color:#fff;text-decoration:none}.btn.active,.btn:active{background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125);outline:0}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{-webkit-box-shadow:none;box-shadow:none;cursor:not-allowed;filter:alpha(opacity=65);opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{background-color:#006bb4;border-color:#006bb4;color:#fff}.btn-default.focus,.btn-default:focus{background-color:#004d81;border-color:#001f35;color:#fff}.btn-default.active,.btn-default:active,.btn-default:hover,.open>.dropdown-toggle.btn-default{background-color:#004d81;border-color:#004777;color:#fff}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{background-color:#00375d;border-color:#001f35;color:#fff}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#006bb4;border-color:#006bb4}.btn-default .badge{background-color:#fff;color:#006bb4}.btn-primary{background-color:#006bb4;border-color:#006bb4;color:#fff}.btn-primary.focus,.btn-primary:focus{background-color:#004d81;border-color:#001f35;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:hover,.open>.dropdown-toggle.btn-primary{background-color:#004d81;border-color:#004777;color:#fff}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{background-color:#00375d;border-color:#001f35;color:#fff}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#006bb4;border-color:#006bb4}.btn-primary .badge{background-color:#fff;color:#006bb4}.btn-xs{border-radius:4px;font-size:12px;line-height:1.5;padding:1px 5px}.navbar{border:1px solid #0000;margin-bottom:0;min-height:45px;position:relative}@media (min-width:0){.navbar{border-radius:4px}.navbar-header{float:left}}.navbar-collapse{-webkit-overflow-scrolling:touch;border-top:1px solid #0000;box-shadow:inset 0 1px 0 #ffffff1a;overflow-x:visible;padding-left:10px;padding-right:10px}.navbar-collapse.in{overflow-y:auto}@media (min-width:0){.navbar-collapse{border-top:0;box-shadow:none;width:auto}.navbar-collapse.collapse{display:block!important;height:auto!important;overflow:visible!important;padding-bottom:0}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:-10px;margin-right:-10px}@media (min-width:0){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-left:0;margin-right:0}}.navbar-fixed-bottom,.navbar-fixed-top{left:0;position:fixed;right:0;z-index:1050}@media (min-width:0){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{border-width:0 0 1px;top:0}.navbar-fixed-bottom{border-width:1px 0 0;bottom:0;margin-bottom:0}.navbar-brand{float:left;font-size:18px;height:45px;line-height:20px;padding:12.5px 10px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:0){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-10px}}.navbar-toggle{background-color:initial;background-image:none;border:1px solid #0000;border-radius:4px;float:right;margin-bottom:5.5px;margin-right:10px;margin-top:5.5px;padding:9px 10px;position:relative}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{border-radius:1px;display:block;height:2px;width:22px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:0){.navbar-toggle{display:none}}.navbar-nav{margin:6.25px -10px}.navbar-nav>li>a{line-height:20px;padding-bottom:10px;padding-top:10px}@media (max-width:-1){.navbar-nav .open .dropdown-menu{background-color:initial;border:0;box-shadow:none;float:none;margin-top:0;position:static;width:auto}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:0){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-bottom:12.5px;padding-top:12.5px}}.navbar-form{border-bottom:1px solid #0000;border-top:1px solid #0000;-webkit-box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;box-shadow:inset 0 1px 0 #ffffff1a,0 1px 0 #ffffff1a;margin:6.5px -10px;padding:10px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;vertical-align:middle;width:auto}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-bottom:0;margin-top:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{margin-left:0;position:relative}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:-1){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:0){.navbar-form{border:0;-webkit-box-shadow:none;box-shadow:none;margin-left:0;margin-right:0;padding-bottom:0;padding-top:0;width:auto}}.navbar-nav>li>.dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-left-radius:0;border-bottom-right-radius:0;border-top-left-radius:4px;border-top-right-radius:4px;margin-bottom:0}.navbar-text{margin-bottom:12.5px;margin-top:12.5px}@media (min-width:0){.navbar-text{float:left;margin-left:10px;margin-right:10px}.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-10px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f5f7fa;border-color:#0000}.navbar-default .navbar-brand{color:#69707d}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav>li>a,.navbar-default .navbar-text{color:#69707d}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{background-color:initial;color:#343741}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-toggle{border-color:#d3dce9}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#d3dce9}.navbar-default .navbar-toggle .icon-bar{background-color:#fff}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#0000}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{background-color:initial;color:#343741}@media (max-width:-1){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#69707d}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{background-color:initial;color:#69707d}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:initial;color:#343741}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#69707d}}.navbar-default .navbar-link,.navbar-default .navbar-link:hover{color:#69707d}.navbar-inverse{background-color:#343741;border-color:#1d1f25}.navbar-inverse .navbar-brand{color:#fff}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{background-color:#4b4f5d;color:#fff}.navbar-inverse .navbar-text{color:#fff}.navbar-inverse .navbar-nav>li>a{color:#d3dae6}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{background-color:#61677a;color:#fff}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{background-color:#69707d;color:#fff}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{background-color:initial;color:#b2bac6}.navbar-inverse .navbar-toggle{border-color:#1d1f25}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#1d1f25}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#24262d}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{background-color:#69707d;color:#fff}@media (max-width:-1){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#1d1f25}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#1d1f25}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#d3dae6}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{background-color:#61677a;color:#fff}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{background-color:#69707d;color:#fff}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{background-color:initial;color:#b2bac6}}.navbar-inverse .navbar-link{color:#d3dae6}.navbar-inverse .navbar-link:hover{color:#fff}.close{color:#000;filter:alpha(opacity=20);float:right;font-size:21px;font-weight:700;line-height:1;opacity:.2;text-shadow:none}.close:focus,.close:hover{color:#000;cursor:pointer;filter:alpha(opacity=50);opacity:.5;text-decoration:none}button.close{-webkit-appearance:none;background:#0000;border:0;cursor:pointer;padding:0}.modal,.modal-open{overflow:hidden}.modal{-webkit-overflow-scrolling:touch;bottom:0;display:none;left:0;outline:0;position:fixed;right:0;top:0;z-index:1070}.modal.fade .modal-dialog{-webkit-transform:translateY(-25%);-ms-transform:translateY(-25%);-o-transform:translateY(-25%);transform:translateY(-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0);-ms-transform:translate(0);-o-transform:translate(0);transform:translate(0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{margin:10px;position:relative;width:auto}.modal-content{background-clip:padding-box;background-color:#fff;border:1px solid #0003;border-radius:4px;-webkit-box-shadow:0 3px 9px #00000080;box-shadow:0 3px 9px #00000080;outline:0;position:relative}.modal-backdrop{background-color:#000;bottom:0;left:0;position:fixed;right:0;top:0;z-index:1060}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{border-bottom:1px solid #e5e5e5;padding:15px}.modal-header .close{margin-top:-2px}.modal-title{line-height:1.42857143;margin:0}.modal-body{padding:15px;position:relative}.modal-footer{border-top:1px solid #e5e5e5;padding:15px;text-align:right}.modal-scrollbar-measure{height:50px;overflow:scroll;position:absolute;top:-9999px;width:50px}@media (min-width:768px){.modal-dialog{margin:30px auto;width:600px}.modal-content{-webkit-box-shadow:0 5px 15px #00000080;box-shadow:0 5px 15px #00000080}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}@-webkit-keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{0%{background-position:40px 0}to{background-position:0 0}}.progress{background-color:#b8bec8;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px #0000001a;box-shadow:inset 0 1px 2px #0000001a;height:20px;margin-bottom:20px;overflow:hidden}.progress-bar{background-color:#54b399;color:#fff;float:left;font-size:12px;height:100%;line-height:20px;text-align:center;-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease;width:0}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#017d73}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-info{background-color:#006bb4}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-warning{background-color:#f5a700}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.progress-bar-danger{background-color:#bd271e}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000);background-image:-o-linear-gradient(45deg,#ffffff26 25%,#0000 25%,#0000 50%,#ffffff26 50%,#ffffff26 75%,#0000 75%,#0000);background-image:linear-gradient(45deg,#ffffff26 25%,#0000 0,#0000 50%,#ffffff26 0,#ffffff26 75%,#0000 0,#0000)}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{background-color:#fff;border:1px solid #d3dae6;display:block;margin-bottom:-1px;padding:10px 15px;position:relative}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{border-bottom-left-radius:4px;border-bottom-right-radius:4px;margin-bottom:0}.list-group-item--noBorder{border-top:0}a.list-group-item,button.list-group-item{color:#69707d}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#343741}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{background-color:#f5f7fa;color:#69707d;text-decoration:none}button.list-group-item{text-align:left;width:100%}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{background-color:#d3dae6;color:#b2bac6;cursor:not-allowed}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#b2bac6}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{background-color:#343741;border-color:#343741;color:#343741;z-index:2}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#969bab}.list-group-item-success{background-color:#017d73;color:#fff}a.list-group-item-success,button.list-group-item-success{color:#fff}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{background-color:#01645c;color:#fff}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-info{background-color:#006bb4;color:#fff}a.list-group-item-info,button.list-group-item-info{color:#fff}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{background-color:#005c9b;color:#fff}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-warning{background-color:#f5a700;color:#fff}a.list-group-item-warning,button.list-group-item-warning{color:#fff}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{background-color:#dc9600;color:#fff}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-danger{background-color:#bd271e;color:#fff}a.list-group-item-danger,button.list-group-item-danger{color:#fff}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{background-color:#a7221b;color:#fff}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{background-color:#fff;border-color:#fff;color:#fff}.list-group-item-heading{margin-bottom:5px;margin-top:0}.list-group-item-text{line-height:1.3;margin-bottom:0}.nav{list-style:none;margin-bottom:0;padding-left:0}.nav>li,.nav>li>a{display:block;position:relative}.nav>li>a{padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{background-color:#d3dae6;text-decoration:none}.nav>li.disabled>a{color:#b2bac6}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{background-color:initial;color:#b2bac6;cursor:not-allowed;text-decoration:none}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#d3dae6;border-color:#006bb4}.nav .nav-divider{background-color:#e5e5e5;height:1px;margin:9px 0;overflow:hidden}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #d3dae6}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{border:1px solid #0000;border-radius:4px 4px 0 0;line-height:1.42857143;margin-right:2px}.nav-tabs>li>a:hover{background-color:#fff;border-color:#d3dae6}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{background-color:#fff;border:1px solid #d3dae6;border-bottom-color:#0000;color:#343741;cursor:default}.nav-tabs.nav-justified{border-bottom:0;width:100%}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #fff}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #fff;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{background-color:#006bb4;color:#fff}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-left:0;margin-top:2px}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{left:auto;top:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{border-radius:4px;margin-right:0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #fff}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #fff;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{border-top-left-radius:0;border-top-right-radius:0;margin-top:-1px}.alert{border:1px solid #0000;border-radius:4px;margin-bottom:20px;padding:15px}.alert h4{color:inherit;margin-top:0}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{color:inherit;position:relative;right:-21px;top:-2px}.alert-success{background-color:#017d73;border-color:#014a44;color:#fff}.alert-success hr{border-top-color:#00312d}.alert-success .alert-link{color:#e6e6e6}.alert-info{background-color:#006bb4;border-color:#004d81;color:#fff}.alert-info hr{border-top-color:#003e68}.alert-info .alert-link{color:#e6e6e6}.alert-warning{background-color:#f5a700;border-color:#c28400;color:#fff}.alert-warning hr{border-top-color:#a97300}.alert-warning .alert-link{color:#e6e6e6}.alert-danger{background-color:#bd271e;border-color:#911e17;color:#fff}.alert-danger hr{border-top-color:#7b1914}.alert-danger .alert-link{color:#e6e6e6}.bsTooltip{word-wrap:normal;display:block;filter:alpha(opacity=0);font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;line-break:auto;line-height:1.42857143;opacity:0;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;white-space:normal;word-break:normal;word-spacing:normal;z-index:1040}.bsTooltip.in{filter:alpha(opacity=80);opacity:.8}.bsTooltip.top{margin-top:-3px;padding:5px 0}.bsTooltip.right{margin-left:3px;padding:0 5px}.bsTooltip.bottom{margin-top:3px;padding:5px 0}.bsTooltip.left{margin-left:-3px;padding:0 5px}.bsTooltip-inner{background-color:#000;border-radius:4px;color:#fff;max-width:200px;padding:3px 8px;text-align:center}.bsTooltip-arrow{border-color:#0000;border-style:solid;height:0;position:absolute;width:0}.bsTooltip.top .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:50%;margin-left:-5px}.bsTooltip.top-left .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;margin-bottom:-5px;right:5px}.bsTooltip.top-right .bsTooltip-arrow{border-top-color:#000;border-width:5px 5px 0;bottom:0;left:5px;margin-bottom:-5px}.bsTooltip.right .bsTooltip-arrow{border-right-color:#000;border-width:5px 5px 5px 0;left:0;margin-top:-5px;top:50%}.bsTooltip.left .bsTooltip-arrow{border-left-color:#000;border-width:5px 0 5px 5px;margin-top:-5px;right:0;top:50%}.bsTooltip.bottom .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:50%;margin-left:-5px;top:0}.bsTooltip.bottom-left .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;margin-top:-5px;right:5px;top:0}.bsTooltip.bottom-right .bsTooltip-arrow{border-bottom-color:#000;border-width:0 5px 5px;left:5px;margin-top:-5px;top:0}.visible-lg,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}.visible-xs-block{display:block!important}.visible-xs-inline{display:inline!important}.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}.visible-sm-block{display:block!important}.visible-sm-inline{display:inline!important}.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}.visible-md-block{display:block!important}.visible-md-inline{display:inline!important}.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}.visible-lg-block{display:block!important}.visible-lg-inline{display:inline!important}.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}.hidden-print{display:none!important}}.caret{border-left:4px solid #0000;border-right:4px solid #0000;border-top:4px dashed;border-top:4px solid\9;display:inline-block;height:0;margin-left:2px;vertical-align:middle;width:0}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{background-clip:padding-box;background-color:#fff;border:1px solid #d3dae6;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;float:left;font-size:14px;left:0;list-style:none;margin:2px 0 0;min-width:160px;padding:5px 0;position:absolute;text-align:left;top:100%;z-index:1000}.dropdown-menu.pull-right{left:auto;right:0}.dropdown-menu .divider{background-color:#d3dae6;height:1px;margin:9px 0;overflow:hidden}.dropdown-menu>li>a,.dropdown-menu>li>button{clear:both;color:#7b7b7b;display:block;font-weight:400;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-menu>li>button{appearance:none;background:none;border:none;text-align:left;width:100%}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover,.dropdown-menu>li>button:focus,.dropdown-menu>li>button:hover{background-color:#343741;color:#fff;text-decoration:none}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>button,.dropdown-menu>.active>button:focus,.dropdown-menu>.active>button:hover{background-color:#343741;color:#fff;outline:0;text-decoration:none}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#98a2b3}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{background-color:initial;background-image:none;cursor:not-allowed;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);text-decoration:none}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{color:#98a2b3;display:block;font-size:12px;line-height:1.42857143;padding:3px 20px;white-space:nowrap}.dropdown-backdrop{bottom:0;left:0;position:fixed;right:0;top:0;z-index:990}.pull-right>.dropdown-menu{left:auto;right:0}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-bottom:4px dashed;border-bottom:4px solid\9;border-top:0;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{bottom:100%;margin-bottom:2px;top:auto}@media (min-width:0){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.input-group{border-collapse:initial;display:table;position:relative}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{float:left;margin-bottom:0;position:relative;width:100%;z-index:2}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon{border-radius:4px;font-size:18px;height:62px;line-height:1.3333333;padding:18px 27px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon{height:62px;line-height:62px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon{border-radius:4px;font-size:12px;height:32px;line-height:1.5;padding:6px 9px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon{height:32px;line-height:32px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon{height:auto}.input-group .form-control,.input-group-addon{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child){border-radius:0}.input-group-addon{background-color:#d3dae6;border:1px solid #d3dae6;border-radius:4px;color:#343741;font-size:14px;font-weight:400;line-height:1;padding:5px 15px;text-align:center;vertical-align:middle;white-space:nowrap;width:1%}.input-group-addon.input-sm{border-radius:4px;font-size:12px;padding:6px 9px}.input-group-addon.input-lg{border-radius:4px;font-size:18px;padding:18px 27px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.pagination{border-radius:4px;display:inline-block;margin:20px 0;padding-left:0}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{background-color:initial;border:1px solid #0000;color:#006bb4;float:left;line-height:1.42857143;margin-left:-1px;padding:5px 15px;position:relative;text-decoration:none}.pagination>li:first-child>a,.pagination>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px;margin-left:0}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{background-color:#0000;border-color:#0000;color:#006bb4;z-index:2}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{background-color:#0000;border-color:#0000;color:#343741;cursor:default;z-index:3}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{background-color:#26262600;border-color:#0000;color:#343741;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{font-size:18px;line-height:1.3333333;padding:18px 27px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination-sm>li>a,.pagination-sm>li>span{font-size:12px;line-height:1.5;padding:6px 9px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pager{list-style:none;margin:20px 0;padding-left:0;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{background-color:initial;border:1px solid #0000;border-radius:0;display:inline-block;padding:5px 14px}.pager li>a:focus,.pager li>a:hover{background-color:#0000;text-decoration:none}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:initial;color:#fff;cursor:not-allowed}.label{border-radius:.25em;color:#fff;display:inline;font-size:75%;font-weight:700;line-height:1;padding:.2em .6em .3em;text-align:center;vertical-align:initial;white-space:nowrap}a.label:focus,a.label:hover{color:#fff;cursor:pointer;text-decoration:none}.label:empty{display:none}.label-default{background-color:#006bb4}.label-default[href]:focus,.label-default[href]:hover{background-color:#004d81}.label-primary{background-color:#343741}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#1d1f25}.label-success{background-color:#017d73}.label-success[href]:focus,.label-success[href]:hover{background-color:#014a44}.label-info{background-color:#006bb4}.label-info[href]:focus,.label-info[href]:hover{background-color:#004d81}.label-warning{background-color:#f5a700}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#c28400}.label-danger{background-color:#bd271e}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#911e17}.panel{background-color:#fff;border:1px solid #0000;border-radius:4px;-webkit-box-shadow:0 1px 1px #0000000d;box-shadow:0 1px 1px #0000000d;margin-bottom:20px}.panel-body{padding:15px}.panel-heading{border-bottom:1px solid #0000;border-top-left-radius:3px;border-top-right-radius:3px;padding:10px 15px}.panel-heading>.dropdown .dropdown-toggle,.panel-title{color:inherit}.panel-title{font-size:16px;margin-bottom:0;margin-top:0}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{background-color:#f5f7fa;border-bottom-left-radius:3px;border-bottom-right-radius:3px;border-top:1px solid #d3dae6;padding:10px 15px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-radius:0;border-width:1px 0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.list-group+.panel-footer,.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-left:15px;padding-right:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #d3dae6}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{border-radius:4px;margin-bottom:0}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #d3dae6}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #d3dae6}.panel-default{border-color:#d3dae6}.panel-default>.panel-heading{background-color:#f5f7fa;border-color:#d3dae6;color:#7b7b7b}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d3dae6}.panel-default>.panel-heading .badge{background-color:#7b7b7b;color:#f5f7fa}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d3dae6}.panel-primary{border-color:#343741}.panel-primary>.panel-heading{background-color:#343741;border-color:#343741;color:#fff}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#343741}.panel-primary>.panel-heading .badge{background-color:#fff;color:#343741}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#343741}.panel-success{border-color:#014a44}.panel-success>.panel-heading{background-color:#017d73;border-color:#014a44;color:#fff}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#014a44}.panel-success>.panel-heading .badge{background-color:#fff;color:#017d73}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#014a44}.panel-info{border-color:#004d81}.panel-info>.panel-heading{background-color:#006bb4;border-color:#004d81;color:#fff}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#004d81}.panel-info>.panel-heading .badge{background-color:#fff;color:#006bb4}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#004d81}.panel-warning{border-color:#c28400}.panel-warning>.panel-heading{background-color:#f5a700;border-color:#c28400;color:#fff}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#c28400}.panel-warning>.panel-heading .badge{background-color:#fff;color:#f5a700}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#c28400}.panel-danger{border-color:#911e17}.panel-danger>.panel-heading{background-color:#bd271e;border-color:#911e17;color:#fff}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#911e17}.panel-danger>.panel-heading .badge{background-color:#fff;color:#bd271e}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#911e17}.popover{word-wrap:normal;background-clip:padding-box;background-color:#fff;border:1px solid #d3dae6;border-radius:4px;box-shadow:0 4px 8px 0 #0000001a;display:none;font-family:Open Sans,Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;left:0;letter-spacing:normal;line-break:auto;line-height:1.42857143;max-width:276px;padding:1px;position:absolute;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;top:0;white-space:normal;word-break:normal;word-spacing:normal;z-index:1010}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:3px 3px 0 0;font-size:14px;margin:0;padding:8px 14px}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{border-color:#0000;border-style:solid;display:block;height:0;position:absolute;width:0}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{border-bottom-width:0;border-top-color:#d3dae6;bottom:-11px;left:50%;margin-left:-11px}.popover.top>.arrow:after{border-bottom-width:0;border-top-color:#fff;bottom:1px;content:" ";margin-left:-10px}.popover.right>.arrow{border-left-width:0;border-right-color:#d3dae6;left:-11px;margin-top:-11px;top:50%}.popover.right>.arrow:after{border-left-width:0;border-right-color:#fff;bottom:-10px;content:" ";left:1px}.popover.bottom>.arrow{border-bottom-color:#d3dae6;border-top-width:0;left:50%;margin-left:-11px;top:-11px}.popover.bottom>.arrow:after{border-bottom-color:#fff;border-top-width:0;content:" ";margin-left:-10px;top:1px}.popover.left>.arrow{border-left-color:#d3dae6;border-right-width:0;margin-top:-11px;right:-11px;top:50%}.popover.left>.arrow:after{border-left-color:#fff;border-right-width:0;bottom:-10px;content:" ";right:1px}.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{content:" ";display:table}.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{background-color:initial;border:0;color:#0000;font:0/0 a;text-shadow:none}.hidden{display:none!important}.affix{position:fixed}.navbar>.container-fluid>.navbar-form:not(.pull-right):first-child,.navbar>.container-fluid>.navbar-nav:not(.pull-right):first-child{margin-left:-15px;margin-top:4px}.navbar{border-width:0}.navbar-btn-link{border-radius:0;margin:0}@media (max-width:768px){.navbar-btn-link{text-align:left;width:100%}}.navbar-default .badge{background-color:#fff;color:#f5f7fa}.navbar-inverse .kbnGlobalNav__logoBrand{background-color:#4b4f5d;height:45px;width:252px}.navbar-inverse .kbnGlobalNav__smallLogoBrand{background-color:#4b4f5d;height:45px;width:45px}.navbar-inverse .badge{background-color:#fff;color:#4b4f5d}.navbar-brand{cursor:default;font-size:1.8em;user-select:none}.navbar-nav{font-size:12px}.navbar-nav>.active>a{background-color:initial;border-bottom-color:#7b7b7b}.navbar-toggle{margin-top:4px}.text-primary,.text-primary:hover{color:#343741}.text-success,.text-success:hover{color:#017d73}.text-danger,.text-danger:hover{color:#bd271e}.text-warning,.text-warning:hover{color:#f5a700}.text-info,.text-info:hover{color:#006bb4}.table .danger,.table .danger a,.table .info,.table .info a,.table .success,.table .success a,.table .warning,.table .warning a,table .danger,table .danger a,table .info,table .info a,table .success,table .success a,table .warning,table .warning a{color:#fff}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #d3dae6}.form-control{border-width:1px}.form-control,.form-control:focus{-webkit-box-shadow:none;box-shadow:none}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .form-control-feedback,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline{color:#f5a700}.has-warning .form-control,.has-warning .form-control:focus{border:1px solid #f5a700}.has-warning .input-group-addon{border-color:#f5a700}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .form-control-feedback,.has-error .help-block,.has-error .radio,.has-error .radio-inline{color:#bd271e}.has-error .form-control,.has-error .form-control:focus{border:1px solid #bd271e}.has-error .input-group-addon{border-color:#bd271e}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .form-control-feedback,.has-success .help-block,.has-success .radio,.has-success .radio-inline{color:#017d73}.has-success .form-control,.has-success .form-control:focus{border:solid #017d73}.has-success .input-group-addon{border-color:#017d73}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{border-color:#0000}.pager a,.pager a:hover{color:#fff}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{background-color:#26262600}.panel{border-radius:0;-webkit-box-shadow:0 0 0 #0000;box-shadow:0 0 0 #0000}.progress{-webkit-box-shadow:none;box-shadow:none}.progress .progress-bar{font-size:10px;line-height:10px}.well{-webkit-box-shadow:none;box-shadow:none}
\ No newline at end of file
diff --git a/packages/core/http/core-http-router-server-internal/src/response.test.ts b/packages/core/http/core-http-router-server-internal/src/response.test.ts
index 84f22f076528c..b80bcbc305c69 100644
--- a/packages/core/http/core-http-router-server-internal/src/response.test.ts
+++ b/packages/core/http/core-http-router-server-internal/src/response.test.ts
@@ -6,13 +6,61 @@
  * Side Public License, v 1.
  */
 
-import { fileResponseFactory } from './response';
+import { IKibanaResponse } from '@kbn/core-http-server';
+import { kibanaResponseFactory } from './response';
+
+describe('kibanaResponseFactory', () => {
+  describe('status codes', () => {
+    const tests: Array<[string, number, IKibanaResponse]> = [
+      ['ok', 200, kibanaResponseFactory.ok()],
+      ['created', 201, kibanaResponseFactory.created()],
+      ['accepted', 202, kibanaResponseFactory.accepted()],
+      ['noContent', 204, kibanaResponseFactory.noContent()],
+      ['multiStatus', 207, kibanaResponseFactory.multiStatus()],
+      ['redirected', 302, kibanaResponseFactory.redirected({})],
+      ['notModified', 304, kibanaResponseFactory.notModified({})],
+      ['badRequest', 400, kibanaResponseFactory.badRequest()],
+      ['unauthorized', 401, kibanaResponseFactory.unauthorized()],
+      ['forbidden', 403, kibanaResponseFactory.forbidden()],
+      ['notFound', 404, kibanaResponseFactory.notFound()],
+      ['conflict', 409, kibanaResponseFactory.conflict()],
+      ['unprocessableContent', 422, kibanaResponseFactory.unprocessableContent()],
+      [
+        'file',
+        200,
+        kibanaResponseFactory.file({
+          filename: 'test.txt',
+          body: 'content',
+        }),
+      ],
+      [
+        'custom:205',
+        205,
+        kibanaResponseFactory.custom({
+          statusCode: 205,
+        }),
+      ],
+      [
+        'customError:505',
+        505,
+        kibanaResponseFactory.customError({
+          statusCode: 505,
+        }),
+      ],
+    ];
+
+    it.each(tests)(
+      '.%s produces a response with status code %i',
+      (_name, expectedStatusCode, response) => {
+        expect(response.status).toEqual(expectedStatusCode);
+      }
+    );
+  });
 
-describe('fileResponseFactory', () => {
   describe('res.file', () => {
     it('returns a kibana response with attachment', () => {
       const body = Buffer.from('Attachment content');
-      const result = fileResponseFactory.file({
+      const result = kibanaResponseFactory.file({
         body,
         filename: 'myfile.test',
         fileContentSize: 30,
@@ -31,7 +79,7 @@ describe('fileResponseFactory', () => {
 
     it('converts string body content to buffer in response', () => {
       const body = 'I am a string';
-      const result = fileResponseFactory.file({ body, filename: 'myfile.test' });
+      const result = kibanaResponseFactory.file({ body, filename: 'myfile.test' });
       expect(result.payload?.toString()).toBe(body);
     });
 
@@ -39,7 +87,7 @@ describe('fileResponseFactory', () => {
       const isMultiByte = (str: string) => [...str].some((c) => (c.codePointAt(0) || 0) > 255);
       const multuByteCharacters = '日本語ダッシュボード.pdf';
 
-      const result = fileResponseFactory.file({
+      const result = kibanaResponseFactory.file({
         body: 'content',
         filename: multuByteCharacters,
       });
@@ -72,7 +120,7 @@ describe('fileResponseFactory', () => {
       };
       const filename = 'myfile.test';
       const fileContent = 'content';
-      const result = fileResponseFactory.file({
+      const result = kibanaResponseFactory.file({
         body: fileContent,
         filename,
         headers: { ...extraHeaders, ...overrideHeaders },
@@ -88,15 +136,15 @@ describe('fileResponseFactory', () => {
 
     describe('content-type', () => {
       it('default mime type octet-stream', () => {
-        const result = fileResponseFactory.file({ body: 'content', filename: 'myfile.unknown' });
+        const result = kibanaResponseFactory.file({ body: 'content', filename: 'myfile.unknown' });
         expect(result.options.headers).toHaveProperty('content-type', 'application/octet-stream');
       });
       it('gets mime type from filename', () => {
-        const result = fileResponseFactory.file({ body: 'content', filename: 'myfile.mp4' });
+        const result = kibanaResponseFactory.file({ body: 'content', filename: 'myfile.mp4' });
         expect(result.options.headers).toHaveProperty('content-type', 'video/mp4');
       });
       it('gets accepts contentType override', () => {
-        const result = fileResponseFactory.file({
+        const result = kibanaResponseFactory.file({
           body: 'content',
           filename: 'myfile.mp4',
           fileContentType: 'custom',
diff --git a/packages/core/http/core-http-router-server-internal/src/response.ts b/packages/core/http/core-http-router-server-internal/src/response.ts
index 14e2bd10c9c14..b79fd7d812b2b 100644
--- a/packages/core/http/core-http-router-server-internal/src/response.ts
+++ b/packages/core/http/core-http-router-server-internal/src/response.ts
@@ -40,8 +40,11 @@ export class KibanaResponse<T extends HttpResponsePayload | ResponseError = any>
 
 const successResponseFactory: KibanaSuccessResponseFactory = {
   ok: (options: HttpResponseOptions = {}) => new KibanaResponse(200, options.body, options),
+  created: (options: HttpResponseOptions = {}) => new KibanaResponse(201, options.body, options),
   accepted: (options: HttpResponseOptions = {}) => new KibanaResponse(202, options.body, options),
   noContent: (options: HttpResponseOptions = {}) => new KibanaResponse(204, undefined, options),
+  multiStatus: (options: HttpResponseOptions = {}) =>
+    new KibanaResponse(207, options.body, options),
 };
 
 const redirectionResponseFactory: KibanaRedirectionResponseFactory = {
@@ -63,6 +66,8 @@ const errorResponseFactory: KibanaErrorResponseFactory = {
     new KibanaResponse(404, options.body || 'Not Found', options),
   conflict: (options: ErrorHttpResponseOptions = {}) =>
     new KibanaResponse(409, options.body || 'Conflict', options),
+  unprocessableContent: (options: ErrorHttpResponseOptions = {}) =>
+    new KibanaResponse(422, options.body || 'Unprocessable Content', options),
   customError: (options: CustomHttpResponseOptions<ResponseError | Buffer | Stream>) => {
     if (!options || !options.statusCode) {
       throw new Error(
diff --git a/packages/core/http/core-http-router-server-mocks/src/router.mock.ts b/packages/core/http/core-http-router-server-mocks/src/router.mock.ts
index d5904699b5813..dfe95000014e7 100644
--- a/packages/core/http/core-http-router-server-mocks/src/router.mock.ts
+++ b/packages/core/http/core-http-router-server-mocks/src/router.mock.ts
@@ -119,8 +119,10 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
 
 const createResponseFactoryMock = (): jest.Mocked<KibanaResponseFactory> => ({
   ok: jest.fn(),
+  created: jest.fn(),
   accepted: jest.fn(),
   noContent: jest.fn(),
+  multiStatus: jest.fn(),
   notModified: jest.fn(),
   custom: jest.fn(),
   redirected: jest.fn(),
@@ -129,6 +131,7 @@ const createResponseFactoryMock = (): jest.Mocked<KibanaResponseFactory> => ({
   forbidden: jest.fn(),
   notFound: jest.fn(),
   conflict: jest.fn(),
+  unprocessableContent: jest.fn(),
   customError: jest.fn(),
   file: jest.fn(),
 });
diff --git a/packages/core/http/core-http-server-mocks/src/http_server.mocks.ts b/packages/core/http/core-http-server-mocks/src/http_server.mocks.ts
index 8e7d5543e35eb..0854e43ebbee4 100644
--- a/packages/core/http/core-http-server-mocks/src/http_server.mocks.ts
+++ b/packages/core/http/core-http-server-mocks/src/http_server.mocks.ts
@@ -22,6 +22,7 @@ const createLifecycleResponseFactoryMock = (): jest.Mocked<LifecycleResponseFact
   forbidden: jest.fn(),
   notFound: jest.fn(),
   conflict: jest.fn(),
+  unprocessableContent: jest.fn(),
   customError: jest.fn(),
 });
 
diff --git a/packages/core/http/core-http-server/src/router/response_factory.ts b/packages/core/http/core-http-server/src/router/response_factory.ts
index 04d3606d28dea..f7c763da024bf 100644
--- a/packages/core/http/core-http-server/src/router/response_factory.ts
+++ b/packages/core/http/core-http-server/src/router/response_factory.ts
@@ -31,6 +31,15 @@ export interface KibanaSuccessResponseFactory {
     options?: HttpResponseOptions<T>
   ): IKibanaResponse<T>;
 
+  /**
+   * The request has succeeded and has led to the creation of a resource.
+   * Status code: `201`.
+   * @param options - {@link HttpResponseOptions} configures HTTP response body & headers.
+   */
+  created<T extends HttpResponsePayload | ResponseError = any>(
+    options?: HttpResponseOptions<T>
+  ): IKibanaResponse<T>;
+
   /**
    * The request has been accepted for processing.
    * Status code: `202`.
@@ -46,6 +55,13 @@ export interface KibanaSuccessResponseFactory {
    * @param options - {@link HttpResponseOptions} configures HTTP response body & headers.
    */
   noContent(options?: HttpResponseOptions): IKibanaResponse;
+
+  /**
+   * The server indicates that there might be a mixture of responses (some tasks succeeded, some failed).
+   * Status code: `207`.
+   * @param options - {@link HttpResponseOptions} configures HTTP response body & headers.
+   */
+  multiStatus(options?: HttpResponseOptions): IKibanaResponse;
 }
 
 /**
@@ -112,6 +128,13 @@ export interface KibanaErrorResponseFactory {
    */
   conflict(options?: ErrorHttpResponseOptions): IKibanaResponse;
 
+  /**
+   * The server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.
+   * Status code: `422`.
+   * @param options - {@link HttpResponseOptions} configures HTTP response headers, error message and other error details to pass to the client
+   */
+  unprocessableContent(options?: ErrorHttpResponseOptions): IKibanaResponse;
+
   /**
    * Creates an error response with defined status code and payload.
    * @param options - {@link CustomHttpResponseOptions} configures HTTP response headers, error message and other error details to pass to the client
diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts
index b2a30d24a7bee..a339025003062 100644
--- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts
+++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts
@@ -22,7 +22,7 @@ const hitToSavedObject = (hit: estypes.SearchHit<any>): SavedObject => {
   const type = hit._source.type;
   return {
     type,
-    id: hit._id,
+    id: hit._id!,
     references: [],
     attributes: hit._source[type],
   };
diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts
index 755d535b3bd2b..daf636aebb850 100644
--- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts
+++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts
@@ -262,7 +262,7 @@ describe('find', () => {
 
         noNamespaceSearchResults.hits.hits.forEach((doc, i) => {
           expect(response.saved_objects[i]).toEqual({
-            id: doc._id.replace(/(index-pattern|config|globalType)\:/, ''),
+            id: doc._id!.replace(/(index-pattern|config|globalType)\:/, ''),
             type: doc._source!.type,
             originId: doc._source!.originId,
             ...mockTimestampFields,
@@ -293,7 +293,7 @@ describe('find', () => {
 
         namespacedSearchResults.hits.hits.forEach((doc, i) => {
           expect(response.saved_objects[i]).toEqual({
-            id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
+            id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
             type: doc._source!.type,
             originId: doc._source!.originId,
             ...mockTimestampFields,
@@ -337,7 +337,7 @@ describe('find', () => {
         );
         expectMigrationArgs({
           type,
-          id: noNamespaceSearchResults.hits.hits[0]._id.replace(
+          id: noNamespaceSearchResults.hits.hits[0]._id!.replace(
             /(index-pattern|config|globalType)\:/,
             ''
           ),
diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts
index 74d0e85785e12..ef6d9bc2d6bc5 100644
--- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts
+++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts
@@ -769,7 +769,7 @@ describe('SavedObjectsRepository Security Extension', () => {
       expect(result.saved_objects).toHaveLength(4);
       generatedResults.hits.hits.forEach((doc, i) => {
         expect(result.saved_objects[i]).toEqual({
-          id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
+          id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
           type: doc._source!.type,
           originId: doc._source!.originId,
           ...mockTimestampFields,
@@ -825,7 +825,7 @@ describe('SavedObjectsRepository Security Extension', () => {
 
       generatedResults.hits.hits.forEach((doc, i) => {
         expect(result.saved_objects[i]).toEqual({
-          id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
+          id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
           type: doc._source!.type,
           originId: doc._source!.originId,
           ...mockTimestampFields,
@@ -882,7 +882,7 @@ describe('SavedObjectsRepository Security Extension', () => {
 
       generatedResults.hits.hits.forEach((doc, i) => {
         expect(result.saved_objects[i]).toEqual({
-          id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
+          id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''),
           type: doc._source!.type,
           originId: doc._source!.originId,
           ...mockTimestampFields,
@@ -927,7 +927,7 @@ describe('SavedObjectsRepository Security Extension', () => {
         objects: generatedResults.hits.hits.map((obj) => {
           return {
             type: obj._source?.type,
-            id: obj._id.slice(obj._id.lastIndexOf(':') + 1), // find removes the space/type from the ID in the original raw doc
+            id: obj._id!.slice(obj._id!.lastIndexOf(':') + 1), // find removes the space/type from the ID in the original raw doc
             existingNamespaces:
               obj._source?.namespaces ?? obj._source?.namespace ? [obj._source?.namespace] : [],
           };
diff --git a/packages/kbn-alerting-types/action_group_types.ts b/packages/kbn-alerting-types/action_group_types.ts
index dbb0d6ac0a78f..52e79af7dfa2f 100644
--- a/packages/kbn-alerting-types/action_group_types.ts
+++ b/packages/kbn-alerting-types/action_group_types.ts
@@ -6,7 +6,12 @@
  * Side Public License, v 1.
  */
 
+export interface ActionGroupSeverity {
+  level: number;
+}
+
 export interface ActionGroup<ActionGroupIds extends string> {
   id: ActionGroupIds;
   name: string;
+  severity?: ActionGroupSeverity;
 }
diff --git a/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts b/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts
index 54a09c67d59ad..73a3535857041 100644
--- a/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts
+++ b/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts
@@ -17,6 +17,7 @@ import {
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_INSTANCE_ID,
   ALERT_LAST_DETECTED,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_REASON,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -29,6 +30,7 @@ import {
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_START,
   ALERT_STATUS,
   ALERT_TIME_RANGE,
@@ -97,6 +99,11 @@ export const alertFieldMap = {
     required: false,
     array: false,
   },
+  [ALERT_PREVIOUS_ACTION_GROUP]: {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   [ALERT_REASON]: {
     type: 'keyword',
     array: false,
@@ -165,6 +172,11 @@ export const alertFieldMap = {
     array: false,
     required: true,
   },
+  [ALERT_SEVERITY_IMPROVING]: {
+    type: 'boolean',
+    array: false,
+    required: false,
+  },
   [ALERT_START]: {
     type: 'date',
     array: false,
diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts
index 8a5d2a56bc329..935a09971c613 100644
--- a/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts
+++ b/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts
@@ -93,11 +93,13 @@ const AlertOptional = rt.partial({
   'kibana.alert.flapping_history': schemaBooleanArray,
   'kibana.alert.last_detected': schemaDate,
   'kibana.alert.maintenance_window_ids': schemaStringArray,
+  'kibana.alert.previous_action_group': schemaString,
   'kibana.alert.reason': schemaString,
   'kibana.alert.rule.execution.timestamp': schemaDate,
   'kibana.alert.rule.execution.uuid': schemaString,
   'kibana.alert.rule.parameters': schemaUnknown,
   'kibana.alert.rule.tags': schemaStringArray,
+  'kibana.alert.severity_improving': schemaBoolean,
   'kibana.alert.start': schemaDate,
   'kibana.alert.time_range': schemaDateRange,
   'kibana.alert.url': schemaString,
diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts
index 7837a83b1c9b3..039622f645e42 100644
--- a/packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts
+++ b/packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts
@@ -74,7 +74,9 @@ const ObservabilityUptimeAlertOptional = rt.partial({
   'agent.name': schemaString,
   'anomaly.bucket_span.minutes': schemaString,
   'anomaly.start': schemaDate,
+  configId: schemaString,
   'error.message': schemaString,
+  'host.name': schemaString,
   'kibana.alert.context': schemaUnknown,
   'kibana.alert.evaluation.threshold': schemaStringOrNumber,
   'kibana.alert.evaluation.value': schemaStringOrNumber,
@@ -85,8 +87,11 @@ const ObservabilityUptimeAlertOptional = rt.partial({
       value: schemaStringArray,
     })
   ),
+  'location.id': schemaString,
+  'location.name': schemaString,
   'monitor.id': schemaString,
   'monitor.name': schemaString,
+  'monitor.tags': schemaStringArray,
   'monitor.type': schemaString,
   'observer.geo.name': schemaString,
   'tls.server.hash.sha256': schemaString,
diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts
index fd585473fe596..14fdb859ed3e9 100644
--- a/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts
+++ b/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts
@@ -151,6 +151,7 @@ const SecurityAlertOptional = rt.partial({
   'kibana.alert.original_event.start': schemaDate,
   'kibana.alert.original_event.timezone': schemaString,
   'kibana.alert.original_event.url': schemaString,
+  'kibana.alert.previous_action_group': schemaString,
   'kibana.alert.reason': schemaString,
   'kibana.alert.risk_score': schemaNumber,
   'kibana.alert.rule.author': schemaString,
@@ -180,6 +181,7 @@ const SecurityAlertOptional = rt.partial({
   'kibana.alert.rule.updated_by': schemaString,
   'kibana.alert.rule.version': schemaString,
   'kibana.alert.severity': schemaString,
+  'kibana.alert.severity_improving': schemaBoolean,
   'kibana.alert.start': schemaDate,
   'kibana.alert.suppression.docs_count': schemaStringOrNumber,
   'kibana.alert.suppression.end': schemaDate,
diff --git a/packages/kbn-apm-config-loader/src/config.test.ts b/packages/kbn-apm-config-loader/src/config.test.ts
index e955b175de129..01f83d43f160d 100644
--- a/packages/kbn-apm-config-loader/src/config.test.ts
+++ b/packages/kbn-apm-config-loader/src/config.test.ts
@@ -146,6 +146,35 @@ describe('ApmConfiguration', () => {
     );
   });
 
+  it('flattens the `globalLabels` object', () => {
+    const kibanaConfig = {
+      elastic: {
+        apm: {
+          globalLabels: {
+            keyOne: 'k1',
+            objectOne: {
+              objectOneKeyOne: 'o1k1',
+              objectOneKeyTwo: {
+                objectOneKeyTwoSubkeyOne: 'o1k2s1',
+              },
+            },
+          },
+        },
+      },
+    };
+    const config = new ApmConfiguration(mockedRootDir, kibanaConfig, true);
+    expect(config.getConfig('serviceName')).toEqual(
+      expect.objectContaining({
+        globalLabels: {
+          git_rev: 'sha',
+          keyOne: 'k1',
+          'objectOne.objectOneKeyOne': 'o1k1',
+          'objectOne.objectOneKeyTwo.objectOneKeyTwoSubkeyOne': 'o1k2s1',
+        },
+      })
+    );
+  });
+
   describe('env vars', () => {
     beforeEach(() => {
       delete process.env.ELASTIC_APM_ENVIRONMENT;
diff --git a/packages/kbn-apm-config-loader/src/config.ts b/packages/kbn-apm-config-loader/src/config.ts
index 8771eb042dc75..ef5f41bb8398e 100644
--- a/packages/kbn-apm-config-loader/src/config.ts
+++ b/packages/kbn-apm-config-loader/src/config.ts
@@ -13,6 +13,7 @@ import { getDataPath } from '@kbn/utils';
 import { readFileSync } from 'fs';
 import type { AgentConfigOptions } from 'elastic-apm-node';
 import type { AgentConfigOptions as RUMAgentConfigOptions } from '@elastic/apm-rum';
+import { getFlattenedObject } from '@kbn/std';
 import type { ApmConfigSchema } from './apm_config';
 
 // https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuration.html
@@ -129,6 +130,15 @@ export class ApmConfiguration {
       ) {
         this.baseConfig = merge(this.baseConfig, centralizedConfig);
       }
+
+      if (this.baseConfig?.globalLabels) {
+        // Global Labels need to be a key/value pair...
+        // Dotted names will be renamed to underscored ones by the agent, but we need to provide key/value pairs
+        // https://github.com/elastic/apm-agent-nodejs/issues/4096#issuecomment-2181621221
+        this.baseConfig.globalLabels = getFlattenedObject(
+          this.baseConfig.globalLabels as Record<string, unknown>
+        );
+      }
     }
 
     return this.baseConfig;
diff --git a/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts b/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts
index 250375623dfc3..30773ce7148c1 100644
--- a/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts
+++ b/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts
@@ -25,9 +25,11 @@ export class ApmError extends Serializable<ApmFields> {
       this.fields['error.grouping_name'] || this.fields['error.exception']?.[0]?.message;
 
     const [data] = super.serialize();
-    data['error.grouping_key'] = errorMessage
-      ? generateLongIdWithSeed(errorMessage)
-      : generateLongId();
+
+    data['error.grouping_key'] =
+      this.fields['error.grouping_key'] ??
+      (errorMessage ? generateLongIdWithSeed(errorMessage) : generateLongId());
+
     return [data];
   }
 
diff --git a/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts b/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts
index 4b3cfde40825c..88a595b573112 100644
--- a/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts
+++ b/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts
@@ -72,9 +72,20 @@ export class Instance extends Entity<ApmFields> {
       'error.grouping_name': getErrorGroupingKey(message),
     });
   }
-  error({ message, type, culprit }: { message: string; type?: string; culprit?: string }) {
+  error({
+    message,
+    type,
+    culprit,
+    groupingKey,
+  }: {
+    message: string;
+    type?: string;
+    culprit?: string;
+    groupingKey?: string;
+  }) {
     return new ApmError({
       ...this.fields,
+      ...(groupingKey ? { 'error.grouping_key': groupingKey } : {}),
       'error.exception': [{ message, ...(type ? { type } : {}) }],
       'error.culprit': culprit,
     });
diff --git a/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts b/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts
index c57b15e3dace0..3d3b0156cfd9d 100644
--- a/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts
+++ b/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts
@@ -26,6 +26,8 @@ type OpenTelemetryAgentName =
   | 'opentelemetry/erlang'
   | 'opentelemetry/go'
   | 'opentelemetry/java'
+  | 'opentelemetry/java/opentelemetry-java-instrumentation'
+  | 'opentelemetry/java/elastic'
   | 'opentelemetry/nodejs'
   | 'opentelemetry/php'
   | 'opentelemetry/python'
diff --git a/packages/kbn-apm-synthtrace/src/scenarios/traces_logs_assets.ts b/packages/kbn-apm-synthtrace/src/scenarios/traces_logs_assets.ts
index 187be94f62e36..5b3e6fcf4b350 100644
--- a/packages/kbn-apm-synthtrace/src/scenarios/traces_logs_assets.ts
+++ b/packages/kbn-apm-synthtrace/src/scenarios/traces_logs_assets.ts
@@ -15,6 +15,7 @@ import {
   log,
   Serializable,
 } from '@kbn/apm-synthtrace-client';
+import { random } from 'lodash';
 import { Readable } from 'stream';
 import { Scenario } from '../cli/scenario';
 import { getSynthtraceEnvironment } from '../lib/utils/get_synthtrace_environment';
@@ -35,8 +36,8 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
 
       const successfulTimestamps = range.interval('1m').rate(1);
       const failedTimestamps = range.interval('1m').rate(1);
-      const serviceNames = [...Array(numServices).keys()].map((index) => `synth-node-${index}`);
-
+      const serviceNames = [...Array(numServices).keys()].map((index) => `apm-only-${index}`);
+      serviceNames.push('multi-signal-service');
       const HOSTS = Array(numHosts)
         .fill(0)
         .map((_, idx) => infra.host(`my-host-${idx}`));
@@ -60,12 +61,12 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
           .service({ name: serviceName, environment: ENVIRONMENT, agentName: 'nodejs' })
           .instance('instance')
       );
-      const instanceSpans = (instance: Instance) => {
+      const instanceSpans = (instance: Instance, index: number) => {
         const successfulTraceEvents = successfulTimestamps.generator((timestamp) =>
           instance
             .transaction({ transactionName })
             .timestamp(timestamp)
-            .duration(1000)
+            .duration(random(100, (index % 4) * 1000, false))
             .success()
             .children(
               instance
@@ -90,7 +91,7 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
           instance
             .transaction({ transactionName })
             .timestamp(timestamp)
-            .duration(1000)
+            .duration(600)
             .failure()
             .errors(
               instance
@@ -144,7 +145,7 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
                 .create()
                 .message(message.replace('<random>', generateShortId()))
                 .logLevel(level)
-                .service(serviceNames[0])
+                .service('multi-signal-service')
                 .defaults({
                   'trace.id': generateShortId(),
                   'agent.name': 'nodejs',
@@ -156,6 +157,7 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
                   'cloud.provider': 'gcp',
                   'cloud.region': 'eu-central-1',
                   'cloud.availability_zone': 'eu-central-1a',
+                  'log.level': 'error',
                   'cloud.project.id': generateShortId(),
                   'cloud.instance.id': generateShortId(),
                   'log.file.path': `/logs/${generateLongId()}/error.txt`,
@@ -183,14 +185,14 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
                 .create()
                 .message(message.replace('<random>', generateShortId()))
                 .logLevel(level)
-                .service('synth-java')
+                .service('logs-only-services')
                 .defaults({
                   'trace.id': generateShortId(),
                   'agent.name': 'nodejs',
                   'orchestrator.cluster.name': CLUSTER.clusterName,
                   'orchestrator.cluster.id': CLUSTER.clusterId,
                   'orchestrator.namespace': CLUSTER.namespace,
-                  'container.name': `synth-java-${generateShortId()}`,
+                  'container.name': `logs-only-${generateShortId()}`,
                   'orchestrator.resource.id': generateShortId(),
                   'cloud.provider': 'gcp',
                   'cloud.region': 'eu-central-1',
@@ -198,6 +200,7 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
                   'cloud.project.id': generateShortId(),
                   'cloud.instance.id': generateShortId(),
                   'log.file.path': `/logs/${generateLongId()}/error.txt`,
+                  'log.level': 'error',
                 })
                 .timestamp(timestamp);
             });
@@ -211,7 +214,7 @@ const scenario: Scenario<ApmFields> = async (runOptions) => {
       const logsGen = createGeneratorFromArray(logsValuesArray);
       const logsGenAssets = createGeneratorFromArray(logsValuesArray);
 
-      const traces = instances.flatMap((instance) => instanceSpans(instance));
+      const traces = instances.flatMap((instance, index) => instanceSpans(instance, index));
       const tracesGen = createGeneratorFromArray(traces);
       const tracesGenAssets = createGeneratorFromArray(traces);
 
diff --git a/packages/kbn-babel-preset/node_preset.js b/packages/kbn-babel-preset/node_preset.js
index a0c5a0114873c..0f1a36ff23195 100644
--- a/packages/kbn-babel-preset/node_preset.js
+++ b/packages/kbn-babel-preset/node_preset.js
@@ -31,7 +31,7 @@ module.exports = (_, options = {}) => {
           // Because of that we should use for that value the same version we install
           // in the package.json in order to have the same polyfills between the environment
           // and the tests
-          corejs: '3.34.0',
+          corejs: '3.37.1',
           bugfixes: true,
 
           ...(options['@babel/preset-env'] || {}),
diff --git a/packages/kbn-babel-preset/webpack_preset.js b/packages/kbn-babel-preset/webpack_preset.js
index 84f3771816dfa..0ad8b59489651 100644
--- a/packages/kbn-babel-preset/webpack_preset.js
+++ b/packages/kbn-babel-preset/webpack_preset.js
@@ -19,7 +19,7 @@ module.exports = (api, options = {}) => {
           modules: false,
           // Please read the explanation for this
           // in node_preset.js
-          corejs: '3.34.0',
+          corejs: '3.37.1',
           bugfixes: true,
           browserslistEnv: api.env('production') ? 'production' : 'dev',
         },
diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json
index 8bce3d4d5e536..e0f2ae0f4f4ba 100644
--- a/packages/kbn-check-mappings-update-cli/current_fields.json
+++ b/packages/kbn-check-mappings-update-cli/current_fields.json
@@ -290,7 +290,24 @@
     "schemaVersion"
   ],
   "enterprise_search_telemetry": [],
+  "entity-definition": [
+    "description",
+    "filter",
+    "id",
+    "identityFields",
+    "indexPatterns",
+    "managed",
+    "metadata",
+    "metrics",
+    "name",
+    "staticFields",
+    "type"
+  ],
+  "entity-discovery-api-key": [
+    "apiKey"
+  ],
   "epm-packages": [
+    "additional_spaces_installed_kibana",
     "es_index_patterns",
     "experimental_data_stream_features",
     "experimental_data_stream_features.data_stream",
diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json
index a498714b970f2..778ed3c37992c 100644
--- a/packages/kbn-check-mappings-update-cli/current_mappings.json
+++ b/packages/kbn-check-mappings-update-cli/current_mappings.json
@@ -993,8 +993,58 @@
     "dynamic": false,
     "properties": {}
   },
+  "entity-definition": {
+    "dynamic": false,
+    "properties": {
+      "description": {
+        "type": "text"
+      },
+      "filter": {
+        "type": "keyword"
+      },
+      "id": {
+        "type": "keyword"
+      },
+      "identityFields": {
+        "type": "object"
+      },
+      "indexPatterns": {
+        "type": "keyword"
+      },
+      "managed": {
+        "type": "boolean"
+      },
+      "metadata": {
+        "type": "object"
+      },
+      "metrics": {
+        "type": "object"
+      },
+      "name": {
+        "type": "text"
+      },
+      "staticFields": {
+        "type": "object"
+      },
+      "type": {
+        "type": "keyword"
+      }
+    }
+  },
+  "entity-discovery-api-key": {
+    "dynamic": false,
+    "properties": {
+      "apiKey": {
+        "type": "binary"
+      }
+    }
+  },
   "epm-packages": {
     "properties": {
+      "additional_spaces_installed_kibana": {
+        "index": false,
+        "type": "flattened"
+      },
       "es_index_patterns": {
         "dynamic": false,
         "properties": {}
diff --git a/packages/kbn-config-schema/src/types/maybe_type.test.ts b/packages/kbn-config-schema/src/types/maybe_type.test.ts
index 312b88520a12a..c0b04b4e8d70a 100644
--- a/packages/kbn-config-schema/src/types/maybe_type.test.ts
+++ b/packages/kbn-config-schema/src/types/maybe_type.test.ts
@@ -99,7 +99,7 @@ describe('maybe + object', () => {
 
 test('meta', () => {
   const maybeString = schema.maybe(schema.string());
-  const result = maybeString.getSchema().describe().metas[0];
+  const result = maybeString.getSchema().describe().metas?.[0];
   expect(result).toEqual({ [META_FIELD_X_OAS_OPTIONAL]: true });
 });
 
diff --git a/packages/kbn-config-schema/src/types/object_type.test.ts b/packages/kbn-config-schema/src/types/object_type.test.ts
index bf92d22615504..bdf72c585b9eb 100644
--- a/packages/kbn-config-schema/src/types/object_type.test.ts
+++ b/packages/kbn-config-schema/src/types/object_type.test.ts
@@ -354,6 +354,125 @@ test('unknowns = `ignore` affects only own keys', () => {
   ).toThrowErrorMatchingInlineSnapshot(`"[foo.baz]: definition for this key is missing"`);
 });
 
+describe('nested unknows', () => {
+  test('allow unknown keys when unknowns = `allow`', () => {
+    const type = schema.object({
+      myObj: schema.object({ foo: schema.string({ defaultValue: 'test' }) }, { unknowns: 'allow' }),
+    });
+
+    expect(
+      type.validate({
+        myObj: {
+          bar: 'baz',
+        },
+      })
+    ).toEqual({
+      myObj: {
+        foo: 'test',
+        bar: 'baz',
+      },
+    });
+  });
+
+  test('unknowns = `allow` affects only own keys', () => {
+    const type = schema.object({
+      myObj: schema.object({ foo: schema.object({ bar: schema.string() }) }, { unknowns: 'allow' }),
+    });
+
+    expect(() =>
+      type.validate({
+        myObj: {
+          foo: {
+            bar: 'bar',
+            baz: 'baz',
+          },
+        },
+      })
+    ).toThrowErrorMatchingInlineSnapshot(`"[myObj.foo.baz]: definition for this key is missing"`);
+  });
+
+  test('does not allow unknown keys when unknowns = `forbid`', () => {
+    const type = schema.object({
+      myObj: schema.object(
+        { foo: schema.string({ defaultValue: 'test' }) },
+        { unknowns: 'forbid' }
+      ),
+    });
+    expect(() =>
+      type.validate({
+        myObj: {
+          bar: 'baz',
+        },
+      })
+    ).toThrowErrorMatchingInlineSnapshot(`"[myObj.bar]: definition for this key is missing"`);
+  });
+
+  test('allow and remove unknown keys when unknowns = `ignore`', () => {
+    const type = schema.object({
+      myObj: schema.object(
+        { foo: schema.string({ defaultValue: 'test' }) },
+        { unknowns: 'ignore' }
+      ),
+    });
+
+    expect(
+      type.validate({
+        myObj: {
+          bar: 'baz',
+        },
+      })
+    ).toEqual({
+      myObj: {
+        foo: 'test',
+      },
+    });
+  });
+
+  test('unknowns = `ignore` affects only own keys', () => {
+    const type = schema.object({
+      myObj: schema.object(
+        { foo: schema.object({ bar: schema.string() }) },
+        { unknowns: 'ignore' }
+      ),
+    });
+
+    expect(() =>
+      type.validate({
+        myObj: {
+          foo: {
+            bar: 'bar',
+            baz: 'baz',
+          },
+        },
+      })
+    ).toThrowErrorMatchingInlineSnapshot(`"[myObj.foo.baz]: definition for this key is missing"`);
+  });
+
+  test('parent `allow`, child `ignore` should be honored', () => {
+    const type = schema.object(
+      {
+        myObj: schema.object(
+          { foo: schema.string({ defaultValue: 'test' }) },
+          { unknowns: 'ignore' }
+        ),
+      },
+      { unknowns: 'allow' }
+    );
+
+    expect(
+      type.validate({
+        myObj: {
+          bar: 'baz',
+        },
+      })
+    ).toEqual({
+      myObj: {
+        foo: 'test',
+      },
+    });
+  });
+});
+
 test('handles optional properties', () => {
   const type = schema.object({
     required: schema.string(),
diff --git a/packages/kbn-config-schema/src/types/object_type.ts b/packages/kbn-config-schema/src/types/object_type.ts
index 423d6030b30b0..76d0bab474ec8 100644
--- a/packages/kbn-config-schema/src/types/object_type.ts
+++ b/packages/kbn-config-schema/src/types/object_type.ts
@@ -96,9 +96,14 @@ export class ObjectType<P extends Props = any> extends Type<ObjectResultType<P>>
       .keys(schemaKeys)
       .default()
       .optional()
-      .unknown(unknowns === 'allow')
       .options({ stripUnknown: { objects: unknowns === 'ignore' } });
 
+    // We need to specify the `.unknown` property only when we want to override the default `forbid`
+    // or it will break `stripUnknown` functionality.
+    if (unknowns === 'allow') {
+      schema = schema.unknown(unknowns === 'allow');
+    }
+
     if (options.meta?.id) {
       schema = schema.id(options.meta.id);
     }
diff --git a/packages/kbn-config-schema/src/types/string_type.test.ts b/packages/kbn-config-schema/src/types/string_type.test.ts
index 0f567cd2b7e20..7d73fa96e1ff7 100644
--- a/packages/kbn-config-schema/src/types/string_type.test.ts
+++ b/packages/kbn-config-schema/src/types/string_type.test.ts
@@ -169,7 +169,7 @@ describe('#defaultValue', () => {
 
 test('meta', () => {
   const string = schema.string({ minLength: 1, maxLength: 3 });
-  const [meta1, meta2] = string.getSchema().describe().metas;
+  const [meta1, meta2] = string.getSchema().describe().metas ?? [];
   expect(meta1).toEqual({
     [META_FIELD_X_OAS_MIN_LENGTH]: 1,
   });
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
index cc587dcaebfad..29c2dc855326e 100644
--- a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
+++ b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
@@ -21,6 +21,7 @@ esClient.indices.putMapping.mockResolvedValue({ acknowledged: true });
 esClient.indices.putSettings.mockResolvedValue({ acknowledged: true });
 
 const simulateIndexTemplateResponse = { template: { mappings: { is_managed: true } } };
+// @ts-expect-error test data type mismatch
 esClient.indices.simulateIndexTemplate.mockResolvedValue(simulateIndexTemplateResponse);
 
 const name = 'test_data_stream';
diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts
index 11e29fd14a35f..a135d8a58ae96 100644
--- a/packages/kbn-doc-links/src/get_doc_links.ts
+++ b/packages/kbn-doc-links/src/get_doc_links.ts
@@ -28,6 +28,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
   const ELASTICSEARCH_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/elasticsearch/reference/${DOC_LINK_VERSION}/`;
   const KIBANA_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/kibana/${DOC_LINK_VERSION}/`;
   const FLEET_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/fleet/${DOC_LINK_VERSION}/`;
+  const INTEGRATIONS_DEV_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/integrations-developer/${DOC_LINK_VERSION}/`;
   const PLUGIN_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/elasticsearch/plugins/${DOC_LINK_VERSION}/`;
   const OBSERVABILITY_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/observability/${DOC_LINK_VERSION}/`;
   const APM_DOCS = `${ELASTIC_WEBSITE_URL}guide/en/apm/`;
@@ -685,7 +686,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
       cloudMinimumRequirements: `${KIBANA_DOCS}reporting-getting-started.html#reporting-on-cloud-resource-requirements`,
       grantUserAccess: `${KIBANA_DOCS}secure-reporting.html#grant-user-access`,
       browserSystemDependencies: `${KIBANA_DOCS}secure-reporting.html#install-reporting-packages`,
-      browserSandboxDependencies: `${KIBANA_DOCS}reporting-troubleshooting.html#reporting-troubleshooting-sandbox-dependency`,
+      browserSandboxDependencies: `${KIBANA_DOCS}reporting-troubleshooting-pdf.html#reporting-troubleshooting-sandbox-dependency`,
     },
     security: {
       apiKeyServiceSettings: `${ELASTICSEARCH_DOCS}security-settings.html#api-key-service-settings`,
@@ -864,6 +865,10 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
       scalingKubernetesResourcesAndLimits: `${FLEET_DOCS}scaling-on-kubernetes.html#_specifying_resources_and_limits_in_agent_manifests`,
       roleAndPrivileges: `${FLEET_DOCS}fleet-roles-and-privileges.html`,
       proxiesSettings: `${FLEET_DOCS}fleet-agent-proxy-support.html`,
+      unprivilegedMode: `${FLEET_DOCS}elastic-agent-unprivileged.html#unprivileged-change-mode`,
+    },
+    integrationDeveloper: {
+      upload: `${INTEGRATIONS_DEV_DOCS}upload-a-new-integration.html`,
     },
     ecs: {
       guide: `${ELASTIC_WEBSITE_URL}guide/en/ecs/${ECS_VERSION}/index.html`,
diff --git a/packages/kbn-doc-links/src/types.ts b/packages/kbn-doc-links/src/types.ts
index f7cd6ba482aac..7970d7dadb4b9 100644
--- a/packages/kbn-doc-links/src/types.ts
+++ b/packages/kbn-doc-links/src/types.ts
@@ -554,7 +554,11 @@ export interface DocLinks {
     scalingKubernetesResourcesAndLimits: string;
     roleAndPrivileges: string;
     proxiesSettings: string;
+    unprivilegedMode: string;
   }>;
+  readonly integrationDeveloper: {
+    upload: string;
+  };
   readonly ecs: {
     readonly guide: string;
     readonly dataStreams: string;
diff --git a/packages/kbn-es/src/utils/docker.test.ts b/packages/kbn-es/src/utils/docker.test.ts
index b3e7bd30ad83e..ec5bbdefdbeac 100644
--- a/packages/kbn-es/src/utils/docker.test.ts
+++ b/packages/kbn-es/src/utils/docker.test.ts
@@ -15,6 +15,7 @@ import {
   detectRunningNodes,
   maybeCreateDockerNetwork,
   maybePullDockerImage,
+  printESImageInfo,
   resolveDockerCmd,
   resolveDockerImage,
   resolveEsArgs,
@@ -660,8 +661,14 @@ describe('runServerlessCluster()', () => {
 
     await runServerlessCluster(log, { projectType, basePath: baseEsPath });
 
-    // setupDocker execa calls then run three nodes and attach logger
-    expect(execa.mock.calls).toHaveLength(8);
+    // docker version (1)
+    // docker ps (1)
+    // docker network create (1)
+    // docker pull (1)
+    // docker inspect (1)
+    // docker run (3)
+    // docker logs (1)
+    expect(execa.mock.calls).toHaveLength(9);
   });
 
   test(`should wait for serverless nodes to return 'green' status`, async () => {
@@ -795,7 +802,63 @@ describe('runDockerContainer()', () => {
   test('should resolve', async () => {
     execa.mockImplementation(() => Promise.resolve({ stdout: '' }));
     await expect(runDockerContainer(log, {})).resolves.toBeUndefined();
-    // setupDocker execa calls then run container
-    expect(execa.mock.calls).toHaveLength(5);
+    // docker version (1)
+    // docker ps (1)
+    // docker network create (1)
+    // docker pull (1)
+    // docker inspect (1)
+    // docker run (1)
+    expect(execa.mock.calls).toHaveLength(6);
+  });
+});
+
+describe('printESImageInfo', () => {
+  beforeEach(() => {
+    logWriter.messages.length = 0;
+  });
+
+  test('should print ES Serverless image info', async () => {
+    execa.mockImplementation(() =>
+      Promise.resolve({
+        stdout: JSON.stringify({
+          'org.opencontainers.image.revision': 'deadbeef12345678',
+          'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch-serverless',
+        }),
+      })
+    );
+
+    await printESImageInfo(
+      log,
+      'docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:latest'
+    );
+
+    expect(execa.mock.calls).toHaveLength(1);
+    expect(logWriter.messages[0]).toContain(
+      `docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:git-deadbeef1234`
+    );
+    expect(logWriter.messages[0]).toContain(
+      `https://github.com/elastic/elasticsearch-serverless/commit/deadbeef12345678`
+    );
+  });
+
+  test('should print ES image info', async () => {
+    execa.mockImplementation(() =>
+      Promise.resolve({
+        stdout: JSON.stringify({
+          'org.opencontainers.image.revision': 'deadbeef12345678',
+          'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch',
+        }),
+      })
+    );
+
+    await printESImageInfo(log, 'docker.elastic.co/elasticsearch/elasticsearch:8.15-SNAPSHOT');
+
+    expect(execa.mock.calls).toHaveLength(1);
+    expect(logWriter.messages[0]).toContain(
+      `docker.elastic.co/elasticsearch/elasticsearch:8.15-SNAPSHOT`
+    );
+    expect(logWriter.messages[0]).toContain(
+      `https://github.com/elastic/elasticsearch/commit/deadbeef12345678`
+    );
   });
 });
diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts
index 60232c97897d2..0e8182920feba 100644
--- a/packages/kbn-es/src/utils/docker.ts
+++ b/packages/kbn-es/src/utils/docker.ts
@@ -26,6 +26,7 @@ import {
   createMockIdpMetadata,
 } from '@kbn/mock-idp-utils';
 
+import { getServerlessImageTag, getCommitUrl } from './extract_image_info';
 import { waitForSecurityIndex } from './wait_for_security_index';
 import { createCliError } from '../errors';
 import { EsClusterExecOptions } from '../cluster_exec_options';
@@ -393,15 +394,29 @@ export async function maybePullDockerImage(log: ToolingLog, image: string) {
     // inherit is required to show Docker pull output
     stdio: ['ignore', 'inherit', 'pipe'],
   }).catch(({ message }) => {
-    throw createCliError(
-      `Error pulling image. This is likely an issue authenticating with ${DOCKER_REGISTRY}.
+    const errorMessage = `Error pulling image. This is likely an issue authenticating with ${DOCKER_REGISTRY}.
 Visit ${chalk.bold.cyan('https://docker-auth.elastic.co/github_auth')} to login.
 
-${message}`
-    );
+${message}`;
+    throw createCliError(errorMessage);
   });
 }
 
+/**
+ * When we're working with :latest or :latest-verified, it is useful to expand what version they refer to
+ */
+export async function printESImageInfo(log: ToolingLog, image: string) {
+  let imageFullName = image;
+  if (image.includes('serverless')) {
+    const imageTag = (await getServerlessImageTag(image)) ?? image.split(':').pop() ?? '';
+    const imageBase = image.replace(/:.*/, '');
+    imageFullName = `${imageBase}:${imageTag}`;
+  }
+
+  const revisionUrl = await getCommitUrl(image);
+  log.info(`Using ES image: ${imageFullName} (${revisionUrl})`);
+}
+
 export async function detectRunningNodes(
   log: ToolingLog,
   options: ServerlessOptions | DockerOptions
@@ -445,6 +460,7 @@ async function setupDocker({
   await detectRunningNodes(log, options);
   await maybeCreateDockerNetwork(log);
   await maybePullDockerImage(log, image);
+  await printESImageInfo(log, image);
 }
 
 /**
diff --git a/packages/kbn-es/src/utils/extract_image_info.ts b/packages/kbn-es/src/utils/extract_image_info.ts
new file mode 100644
index 0000000000000..7576ab6ddeff3
--- /dev/null
+++ b/packages/kbn-es/src/utils/extract_image_info.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import execa from 'execa';
+import memoize from 'lodash/memoize';
+
+export const extractImageInfo = memoize(async (image: string) => {
+  try {
+    const { stdout: labelsJson } = await execa(
+      'docker',
+      ['inspect', '--format', '{{json .Config.Labels}}', image],
+      {
+        encoding: 'utf8',
+      }
+    );
+    return JSON.parse(labelsJson);
+  } catch (e) {
+    return {};
+  }
+});
+
+export async function getImageVersion(image: string): Promise<string | null> {
+  const imageLabels = await extractImageInfo(image);
+  return imageLabels['org.opencontainers.image.revision'] || null;
+}
+
+export async function getCommitUrl(image: string): Promise<string | null> {
+  const imageLabels = await extractImageInfo(image);
+  const repoSource = imageLabels['org.opencontainers.image.source'] || null;
+  const revision = imageLabels['org.opencontainers.image.revision'] || null;
+
+  if (!repoSource || !revision) {
+    return null;
+  } else {
+    return `${repoSource}/commit/${revision}`;
+  }
+}
+
+export async function getServerlessImageTag(image: string): Promise<string | null> {
+  const sha = await getImageVersion(image);
+  if (!sha) {
+    return null;
+  } else {
+    return `git-${sha.slice(0, 12)}`;
+  }
+}
diff --git a/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts b/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts
new file mode 100644
index 0000000000000..afd9d3e56a29b
--- /dev/null
+++ b/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import {
+  extractImageInfo,
+  getCommitUrl,
+  getImageVersion,
+  getServerlessImageTag,
+} from './extract_image_info';
+
+jest.mock('execa');
+const execa = jest.requireMock('execa');
+
+describe('extractImageInfo', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('calls docker, once, and only once for one image', async () => {
+    const image = 'nevermind';
+    const image2 = 'nevermind2';
+    const labelsJson = '{"org.opencontainers.image.revision": "revision"}';
+    execa.mockResolvedValue({ stdout: labelsJson });
+
+    await extractImageInfo(image);
+    await extractImageInfo(image);
+    expect(execa).toHaveBeenCalledTimes(1);
+
+    await extractImageInfo(image2);
+    expect(execa).toHaveBeenCalledTimes(2);
+  });
+
+  it('should return image labels as an object', () => {
+    const image = 'nevermind123';
+    const obj = { 'org.opencontainers.image.revision': 'revision', extra: 123 };
+    const labelsJson = JSON.stringify(obj);
+    execa.mockResolvedValue({ stdout: labelsJson });
+
+    const imageInfo = extractImageInfo(image);
+
+    expect(imageInfo).resolves.toEqual(obj);
+  });
+});
+
+describe('getImageVersion', () => {
+  it("should return the image's revision", () => {
+    const image = 'test-image';
+    const labels = { 'org.opencontainers.image.revision': 'deadbeef1234' };
+    execa.mockResolvedValue({ stdout: JSON.stringify(labels) });
+
+    const imageVersion = getImageVersion(image);
+
+    expect(imageVersion).resolves.toBe('deadbeef1234');
+  });
+});
+
+describe('getCommitUrl', () => {
+  it('should return the commit url', () => {
+    const image = 'docker.elastic.co/elasticsearch/elasticsearch:7.15.0';
+    const labels = {
+      'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch',
+      'org.opencontainers.image.revision': 'deadbeef1234',
+    };
+    execa.mockResolvedValue({ stdout: JSON.stringify(labels) });
+
+    expect(getCommitUrl(image)).resolves.toBe(
+      'https://github.com/elastic/elasticsearch/commit/deadbeef1234'
+    );
+  });
+});
+
+describe('getServerlessImageTag', () => {
+  it('should return the image tag', () => {
+    const image = 'docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:latest';
+    const labels = { 'org.opencontainers.image.revision': 'deadbeef12345678' };
+    execa.mockResolvedValue({ stdout: JSON.stringify(labels) });
+
+    const imageTag = getServerlessImageTag(image);
+
+    expect(imageTag).resolves.toBe('git-deadbeef1234');
+  });
+});
diff --git a/packages/kbn-esql-validation-autocomplete/scripts/generate_function_validation_tests.ts b/packages/kbn-esql-validation-autocomplete/scripts/generate_function_validation_tests.ts
index b7cc5c4481e66..0ace35433b67e 100644
--- a/packages/kbn-esql-validation-autocomplete/scripts/generate_function_validation_tests.ts
+++ b/packages/kbn-esql-validation-autocomplete/scripts/generate_function_validation_tests.ts
@@ -15,7 +15,7 @@ import { statsAggregationFunctionDefinitions } from '../src/definitions/aggs';
 import { evalFunctionDefinitions } from '../src/definitions/functions';
 import { groupingFunctionDefinitions } from '../src/definitions/grouping';
 import { getFunctionSignatures } from '../src/definitions/helpers';
-import { chronoLiterals, timeLiterals } from '../src/definitions/literals';
+import { timeUnits, chronoLiterals } from '../src/definitions/literals';
 import { nonNullable } from '../src/shared/helpers';
 import {
   SupportedFieldType,
@@ -1046,7 +1046,7 @@ function getFieldName(
 
 const literals = {
   chrono_literal: chronoLiterals[0].name,
-  time_literal: timeLiterals[0].name,
+  time_literal: timeUnits[0],
 };
 
 function getLiteralType(typeString: 'chrono_literal' | 'time_literal') {
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.test.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.test.ts
index 828511762a5f4..8edbcd5472593 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.test.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.test.ts
@@ -10,7 +10,7 @@ import { suggest } from './autocomplete';
 import { evalFunctionDefinitions } from '../definitions/functions';
 import { builtinFunctions } from '../definitions/builtin';
 import { statsAggregationFunctionDefinitions } from '../definitions/aggs';
-import { chronoLiterals, timeLiterals } from '../definitions/literals';
+import { chronoLiterals, timeUnitsToSuggest } from '../definitions/literals';
 import { commandDefinitions } from '../definitions/commands';
 import { getUnitDuration, TRIGGER_SUGGESTION_COMMAND } from './factories';
 import { camelCase, partition } from 'lodash';
@@ -203,7 +203,7 @@ function getLiteralsByType(_type: string | string[]) {
   const type = Array.isArray(_type) ? _type : [_type];
   if (type.includes('time_literal')) {
     // return only singular
-    return timeLiterals.map(({ name }) => `1 ${name}`).filter((s) => !/s$/.test(s));
+    return timeUnitsToSuggest.map(({ name }) => `1 ${name}`).filter((s) => !/s$/.test(s));
   }
   if (type.includes('chrono_literal')) {
     return chronoLiterals.map(({ name }) => name);
@@ -1238,7 +1238,7 @@ describe('autocomplete', () => {
     testSuggestions('from a | eval var0 = bucket(@timestamp,', getUnitDuration(1));
 
     describe('date math', () => {
-      const dateSuggestions = timeLiterals.map(({ name }) => name);
+      const dateSuggestions = timeUnitsToSuggest.map(({ name }) => name);
       // If a literal number is detected then suggest also date period keywords
       testSuggestions('from a | eval a = 1 ', [
         ...dateSuggestions,
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/complete_items.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/complete_items.ts
index 204f5b1b4855d..e0ab600aa1382 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/complete_items.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/complete_items.ts
@@ -93,7 +93,7 @@ function buildCharCompleteItem(
   return {
     label,
     text: quoted ? `"${label}"` : label,
-    kind: 'Operator',
+    kind: 'Keyword',
     detail,
     sortText,
   };
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/factories.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/factories.ts
index 34c28b4b50d09..1bc93193bd39a 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/factories.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/factories.ts
@@ -12,7 +12,7 @@ import { groupingFunctionDefinitions } from '../definitions/grouping';
 import { statsAggregationFunctionDefinitions } from '../definitions/aggs';
 import { evalFunctionDefinitions } from '../definitions/functions';
 import { getFunctionSignatures, getCommandSignature } from '../definitions/helpers';
-import { chronoLiterals, timeLiterals } from '../definitions/literals';
+import { chronoLiterals, timeUnitsToSuggest } from '../definitions/literals';
 import {
   FunctionDefinition,
   CommandDefinition,
@@ -298,7 +298,7 @@ export const buildNoPoliciesAvailableDefinition = (): SuggestionRawDefinition =>
 });
 
 export function getUnitDuration(unit: number = 1) {
-  const filteredTimeLiteral = timeLiterals.filter(({ name }) => {
+  const filteredTimeLiteral = timeUnitsToSuggest.filter(({ name }) => {
     const result = /s$/.test(name);
     return unit > 1 ? result : !result;
   });
@@ -332,7 +332,7 @@ export function getCompatibleLiterals(commandName: string, types: string[], name
   }
   // this is a special type built from the suggestion system, not inherited from the AST
   if (types.includes('time_literal_unit')) {
-    suggestions.push(...buildConstantsDefinitions(timeLiterals.map(({ name }) => name))); // i.e. year, month, ...
+    suggestions.push(...buildConstantsDefinitions(timeUnitsToSuggest.map(({ name }) => name))); // i.e. year, month, ...
   }
   if (types.includes('chrono_literal')) {
     suggestions.push(...buildConstantsDefinitions(chronoLiterals.map(({ name }) => name))); // i.e. EPOC_DAY, ...
diff --git a/packages/kbn-esql-validation-autocomplete/src/definitions/literals.ts b/packages/kbn-esql-validation-autocomplete/src/definitions/literals.ts
index 9369414378385..45c41476f04e9 100644
--- a/packages/kbn-esql-validation-autocomplete/src/definitions/literals.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/definitions/literals.ts
@@ -9,7 +9,7 @@
 import { i18n } from '@kbn/i18n';
 import type { Literals } from './types';
 
-export const timeLiterals: Literals[] = [
+export const timeUnitsToSuggest: Literals[] = [
   {
     name: 'year',
     description: i18n.translate(
@@ -28,6 +28,24 @@ export const timeLiterals: Literals[] = [
       }
     ),
   },
+  {
+    name: 'quarter',
+    description: i18n.translate(
+      'kbn-esql-validation-autocomplete.esql.definitions.dateDurationDefinition.quarter',
+      {
+        defaultMessage: 'Quarter',
+      }
+    ),
+  },
+  {
+    name: 'quarters',
+    description: i18n.translate(
+      'kbn-esql-validation-autocomplete.esql.definitions.dateDurationDefinition.quarters',
+      {
+        defaultMessage: 'Quarters (Plural)',
+      }
+    ),
+  },
   {
     name: 'month',
     description: i18n.translate(
@@ -156,6 +174,20 @@ export const timeLiterals: Literals[] = [
   },
 ];
 
+export const timeUnits: string[] = [
+  ...timeUnitsToSuggest.map((literal) => literal.name),
+  'ms',
+  's',
+  'm',
+  'h',
+  'd',
+  'w',
+  'mo',
+  'q',
+  'y',
+  'yr',
+];
+
 export const chronoLiterals: Literals[] = [
   'ALIGNED_DAY_OF_WEEK_IN_MONTH',
   'ALIGNED_DAY_OF_WEEK_IN_YEAR',
diff --git a/packages/kbn-esql-validation-autocomplete/src/shared/helpers.ts b/packages/kbn-esql-validation-autocomplete/src/shared/helpers.ts
index b7ef6e0ba9e88..4a89a6b72d166 100644
--- a/packages/kbn-esql-validation-autocomplete/src/shared/helpers.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/shared/helpers.ts
@@ -24,7 +24,7 @@ import { commandDefinitions } from '../definitions/commands';
 import { evalFunctionDefinitions } from '../definitions/functions';
 import { groupingFunctionDefinitions } from '../definitions/grouping';
 import { getFunctionSignatures } from '../definitions/helpers';
-import { chronoLiterals, timeLiterals } from '../definitions/literals';
+import { timeUnits, chronoLiterals } from '../definitions/literals';
 import {
   byOption,
   metadataOption,
@@ -376,7 +376,7 @@ export function getAllArrayTypes(
 }
 
 export function inKnownTimeInterval(item: ESQLTimeInterval): boolean {
-  return timeLiterals.some(({ name }) => name === item.unit.toLowerCase());
+  return timeUnits.some((unit) => unit === item.unit.toLowerCase());
 }
 
 /**
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/esql_validation_meta_tests.json b/packages/kbn-esql-validation-autocomplete/src/validation/esql_validation_meta_tests.json
index 9b03737786c12..0c84fe2bf113d 100644
--- a/packages/kbn-esql-validation-autocomplete/src/validation/esql_validation_meta_tests.json
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/esql_validation_meta_tests.json
@@ -1052,6 +1052,136 @@
       ],
       "warning": []
     },
+    {
+      "query": "row 1 quarter",
+      "error": [
+        "ROW does not support [date_period] in expression [1 quarter]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row 1                quarter",
+      "error": [
+        "ROW does not support [date_period] in expression [1 quarter]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 QUARTER",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 Quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() + 1 quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row 1 quarter + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() * 1 quarter",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() / 1 quarter",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() % 1 quarter",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row 1 quarters",
+      "error": [
+        "ROW does not support [date_period] in expression [1 quarters]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row 1                quarters",
+      "error": [
+        "ROW does not support [date_period] in expression [1 quarters]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 QUARTERS",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() - 1 Quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row var = now() + 1 quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "row 1 quarters + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() * 1 quarters",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() / 1 quarters",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "row var = now() % 1 quarters",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
     {
       "query": "row 1 month",
       "error": [
@@ -6479,6 +6609,146 @@
       ],
       "warning": []
     },
+    {
+      "query": "from a_index | eval 1 quarter",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 quarter]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                quarter",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 quarter]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 QUARTER",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 quarter",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 quarter + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 quarter",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 quarter",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 quarter",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 quarter] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 quarters",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 quarters]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                quarters",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 quarters]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 QUARTERS",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 quarters",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 quarters + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 quarters",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 quarters",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 quarters",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 quarters] type [duration]"
+      ],
+      "warning": []
+    },
     {
       "query": "from a_index | eval 1 month",
       "error": [
@@ -7459,6 +7729,706 @@
       ],
       "warning": []
     },
+    {
+      "query": "from a_index | eval 1 ms",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 ms]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                ms",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 ms]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 ms",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 ms",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 MS",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Ms",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 ms",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 ms + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 ms] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 ms",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 ms] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 ms",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 ms] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 ms",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 ms] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 s",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 s]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                s",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 s]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 s",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 s",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 S",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 S",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 s",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 s + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 s] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 s",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 s] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 s",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 s] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 s",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 s] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 m",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 m]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                m",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 m]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 m",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 m",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 M",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 M",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 m",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 m + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 m] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 m",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 m] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 m",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 m] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 m",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 m] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 h",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 h]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                h",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 h]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 h",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 h",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 H",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 H",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 h",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 h + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 h] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 h",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 h] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 h",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 h] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 h",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 h] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 d",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 d]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                d",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 d]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 d",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 d",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 D",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 D",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 d",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 d + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 d] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 d",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 d] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 d",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 d] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 d",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 d] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 w",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 w]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                w",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 w]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 w",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 w",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 W",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 W",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 w",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 w + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 w] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 w",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 w] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 w",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 w] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 w",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 w] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 mo",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 mo]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                mo",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 mo]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 mo",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 mo",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 MO",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Mo",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 mo",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 mo + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 mo] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 mo",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 mo] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 mo",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 mo] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 mo",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 mo] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 q",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 q]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                q",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 q]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 q",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 q",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Q",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Q",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 q",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 q + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 q] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 q",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 q] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 q",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 q] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 q",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 q] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 y",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 y]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                y",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 y]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 y",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 y",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Y",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Y",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 y",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 y + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 y] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 y",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 y] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 y",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 y] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 y",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 y] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 yr",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 yr]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1                yr",
+      "error": [
+        "EVAL does not support [date_period] in expression [1 yr]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() - 1 yr",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 yr",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 YR",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField - 1 Yr",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = dateField + 1 yr",
+      "error": [],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval 1 yr + 1 year",
+      "error": [
+        "Argument of [+] must be [date], found value [1 yr] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() * 1 yr",
+      "error": [
+        "Argument of [*] must be [number], found value [now()] type [date]",
+        "Argument of [*] must be [number], found value [1 yr] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() / 1 yr",
+      "error": [
+        "Argument of [/] must be [number], found value [now()] type [date]",
+        "Argument of [/] must be [number], found value [1 yr] type [duration]"
+      ],
+      "warning": []
+    },
+    {
+      "query": "from a_index | eval var = now() % 1 yr",
+      "error": [
+        "Argument of [%] must be [number], found value [now()] type [date]",
+        "Argument of [%] must be [number], found value [1 yr] type [duration]"
+      ],
+      "warning": []
+    },
     {
       "query": "from a_index | sort ",
       "error": [
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/validation.test.ts b/packages/kbn-esql-validation-autocomplete/src/validation/validation.test.ts
index 86e8c216946f6..f866d82767890 100644
--- a/packages/kbn-esql-validation-autocomplete/src/validation/validation.test.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/validation.test.ts
@@ -12,7 +12,7 @@ import { ignoreErrorsMap, validateQuery } from './validation';
 import { evalFunctionDefinitions } from '../definitions/functions';
 import { getFunctionSignatures } from '../definitions/helpers';
 import { FunctionDefinition, SupportedFieldType, supportedFieldTypes } from '../definitions/types';
-import { chronoLiterals, timeLiterals } from '../definitions/literals';
+import { chronoLiterals, timeUnits, timeUnitsToSuggest } from '../definitions/literals';
 import { statsAggregationFunctionDefinitions } from '../definitions/aggs';
 import capitalize from 'lodash/capitalize';
 import { camelCase } from 'lodash';
@@ -59,7 +59,7 @@ const nestedFunctions = {
 
 const literals = {
   chrono_literal: chronoLiterals[0].name,
-  time_literal: timeLiterals[0].name,
+  time_literal: timeUnitsToSuggest[0].name,
 };
 function getLiteralType(typeString: 'chrono_literal' | 'time_literal') {
   if (typeString === 'chrono_literal') {
@@ -421,7 +421,7 @@ describe('validation logic', () => {
         ]);
         testErrorsAndWarnings('row var = 1 anno', ["Unexpected time interval qualifier: 'anno'"]);
         testErrorsAndWarnings('row now() + 1 anno', ["Unexpected time interval qualifier: 'anno'"]);
-        for (const timeLiteral of timeLiterals) {
+        for (const timeLiteral of timeUnitsToSuggest) {
           testErrorsAndWarnings(`row 1 ${timeLiteral.name}`, [
             `ROW does not support [date_period] in expression [1 ${timeLiteral.name}]`,
           ]);
@@ -1247,36 +1247,33 @@ describe('validation logic', () => {
         testErrorsAndWarnings('from a_index | eval now() + 1 anno', [
           "Unexpected time interval qualifier: 'anno'",
         ]);
-        for (const timeLiteral of timeLiterals) {
-          testErrorsAndWarnings(`from a_index | eval 1 ${timeLiteral.name}`, [
-            `EVAL does not support [date_period] in expression [1 ${timeLiteral.name}]`,
+        for (const unit of timeUnits) {
+          testErrorsAndWarnings(`from a_index | eval 1 ${unit}`, [
+            `EVAL does not support [date_period] in expression [1 ${unit}]`,
           ]);
-          testErrorsAndWarnings(`from a_index | eval 1                ${timeLiteral.name}`, [
-            `EVAL does not support [date_period] in expression [1 ${timeLiteral.name}]`,
+          testErrorsAndWarnings(`from a_index | eval 1                ${unit}`, [
+            `EVAL does not support [date_period] in expression [1 ${unit}]`,
           ]);
 
           // this is not possible for now
           // testErrorsAndWarnings(`from a_index | eval var = 1 ${timeLiteral.name}`, [
           //   `Eval does not support [date_period] in expression [1 ${timeLiteral.name}]`,
           // ]);
-          testErrorsAndWarnings(`from a_index | eval var = now() - 1 ${timeLiteral.name}`, []);
-          testErrorsAndWarnings(`from a_index | eval var = dateField - 1 ${timeLiteral.name}`, []);
+          testErrorsAndWarnings(`from a_index | eval var = now() - 1 ${unit}`, []);
+          testErrorsAndWarnings(`from a_index | eval var = dateField - 1 ${unit}`, []);
           testErrorsAndWarnings(
-            `from a_index | eval var = dateField - 1 ${timeLiteral.name.toUpperCase()}`,
+            `from a_index | eval var = dateField - 1 ${unit.toUpperCase()}`,
             []
           );
-          testErrorsAndWarnings(
-            `from a_index | eval var = dateField - 1 ${capitalize(timeLiteral.name)}`,
-            []
-          );
-          testErrorsAndWarnings(`from a_index | eval var = dateField + 1 ${timeLiteral.name}`, []);
-          testErrorsAndWarnings(`from a_index | eval 1 ${timeLiteral.name} + 1 year`, [
-            `Argument of [+] must be [date], found value [1 ${timeLiteral.name}] type [duration]`,
+          testErrorsAndWarnings(`from a_index | eval var = dateField - 1 ${capitalize(unit)}`, []);
+          testErrorsAndWarnings(`from a_index | eval var = dateField + 1 ${unit}`, []);
+          testErrorsAndWarnings(`from a_index | eval 1 ${unit} + 1 year`, [
+            `Argument of [+] must be [date], found value [1 ${unit}] type [duration]`,
           ]);
           for (const op of ['*', '/', '%']) {
-            testErrorsAndWarnings(`from a_index | eval var = now() ${op} 1 ${timeLiteral.name}`, [
+            testErrorsAndWarnings(`from a_index | eval var = now() ${op} 1 ${unit}`, [
               `Argument of [${op}] must be [number], found value [now()] type [date]`,
-              `Argument of [${op}] must be [number], found value [1 ${timeLiteral.name}] type [duration]`,
+              `Argument of [${op}] must be [number], found value [1 ${unit}] type [duration]`,
             ]);
           }
         }
diff --git a/packages/kbn-expandable-flyout/src/components/preview_section.test.tsx b/packages/kbn-expandable-flyout/src/components/preview_section.test.tsx
index 223d73fa5cf43..27cff985534e8 100644
--- a/packages/kbn-expandable-flyout/src/components/preview_section.test.tsx
+++ b/packages/kbn-expandable-flyout/src/components/preview_section.test.tsx
@@ -31,32 +31,18 @@ describe('PreviewSection', () => {
   const component = <div>{'component'}</div>;
   const left = 500;
 
-  it('should render close button in header', () => {
-    const showBackButton = false;
-
+  it('should render back button and close button in header', () => {
     const { getByTestId } = render(
       <TestProvider state={context}>
-        <PreviewSection component={component} leftPosition={left} showBackButton={showBackButton} />
+        <PreviewSection component={component} leftPosition={left} />
       </TestProvider>
     );
 
     expect(getByTestId(PREVIEW_SECTION_CLOSE_BUTTON_TEST_ID)).toBeInTheDocument();
-  });
-
-  it('should render back button in header', () => {
-    const showBackButton = true;
-
-    const { getByTestId } = render(
-      <TestProvider state={context}>
-        <PreviewSection component={component} leftPosition={left} showBackButton={showBackButton} />
-      </TestProvider>
-    );
-
     expect(getByTestId(PREVIEW_SECTION_BACK_BUTTON_TEST_ID)).toBeInTheDocument();
   });
 
   it('should render banner', () => {
-    const showBackButton = false;
     const title = 'test';
     const banner: PreviewBanner = {
       title,
@@ -66,12 +52,7 @@ describe('PreviewSection', () => {
 
     const { getByTestId, getByText } = render(
       <TestProvider state={context}>
-        <PreviewSection
-          component={component}
-          leftPosition={left}
-          showBackButton={showBackButton}
-          banner={banner}
-        />
+        <PreviewSection component={component} leftPosition={left} banner={banner} />
       </TestProvider>
     );
 
diff --git a/packages/kbn-expandable-flyout/src/components/preview_section.tsx b/packages/kbn-expandable-flyout/src/components/preview_section.tsx
index e572e477f725d..bc0c1c2e9d93a 100644
--- a/packages/kbn-expandable-flyout/src/components/preview_section.tsx
+++ b/packages/kbn-expandable-flyout/src/components/preview_section.tsx
@@ -68,10 +68,6 @@ interface PreviewSectionProps {
    * Left position used when rendering the panel
    */
   leftPosition: number;
-  /**
-   * Display the back button in the header
-   */
-  showBackButton: boolean;
   /**
    * Preview banner shown at the top of preview panel
    */
@@ -84,7 +80,6 @@ interface PreviewSectionProps {
  */
 export const PreviewSection: React.FC<PreviewSectionProps> = ({
   component,
-  showBackButton,
   leftPosition,
   banner,
 }: PreviewSectionProps) => {
@@ -103,7 +98,7 @@ export const PreviewSection: React.FC<PreviewSectionProps> = ({
       />
     </EuiFlexItem>
   );
-  const header = showBackButton ? (
+  const header = (
     <EuiFlexGroup justifyContent="spaceBetween" responsive={false}>
       <EuiFlexItem grow={false}>
         <EuiButtonEmpty
@@ -119,10 +114,6 @@ export const PreviewSection: React.FC<PreviewSectionProps> = ({
       </EuiFlexItem>
       {closeButton}
     </EuiFlexGroup>
-  ) : (
-    <EuiFlexGroup justifyContent="flexEnd" responsive={false}>
-      {closeButton}
-    </EuiFlexGroup>
   );
 
   return (
@@ -141,8 +132,8 @@ export const PreviewSection: React.FC<PreviewSectionProps> = ({
           margin: ${euiTheme.size.xs};
           box-shadow: 0 0 4px 4px ${euiTheme.colors.darkShade};
         `}
-        className="eui-yScroll"
         data-test-subj={PREVIEW_SECTION_TEST_ID}
+        className="eui-fullHeight"
       >
         {isPreviewBanner(banner) && (
           <EuiSplitPanel.Inner
@@ -168,7 +159,7 @@ export const PreviewSection: React.FC<PreviewSectionProps> = ({
         >
           {header}
         </EuiSplitPanel.Inner>
-        <EuiSplitPanel.Inner paddingSize="none">{component}</EuiSplitPanel.Inner>
+        {component}
       </EuiSplitPanel.Outer>
     </div>
   );
diff --git a/packages/kbn-expandable-flyout/src/hooks/use_expandable_flyout_api.ts b/packages/kbn-expandable-flyout/src/hooks/use_expandable_flyout_api.ts
index dcfcf429e1086..5c7b716b003b5 100644
--- a/packages/kbn-expandable-flyout/src/hooks/use_expandable_flyout_api.ts
+++ b/packages/kbn-expandable-flyout/src/hooks/use_expandable_flyout_api.ts
@@ -7,6 +7,7 @@
  */
 
 import { useCallback, useMemo } from 'react';
+import { useHistory } from 'react-router-dom';
 import { REDUX_ID_FOR_MEMORY_STORAGE } from '../constants';
 import { useExpandableFlyoutContext } from '../context';
 import {
@@ -30,6 +31,7 @@ export type { ExpandableFlyoutApi };
  */
 export const useExpandableFlyoutApi = () => {
   const dispatch = useDispatch();
+  const history = useHistory();
 
   const { urlKey } = useExpandableFlyoutContext();
   // if no urlKey is provided, we are in memory storage mode and use the reserved word 'memory'
@@ -75,10 +77,13 @@ export const useExpandableFlyoutApi = () => {
     [dispatch, id]
   );
 
-  const previousPreviewPanel = useCallback(
-    () => dispatch(previousPreviewPanelAction({ id })),
-    [dispatch, id]
-  );
+  const previousPreviewPanel = useCallback(() => {
+    dispatch(previousPreviewPanelAction({ id }));
+
+    if (id !== REDUX_ID_FOR_MEMORY_STORAGE) {
+      history.goBack();
+    }
+  }, [dispatch, id, history]);
 
   const closePanels = useCallback(() => dispatch(closePanelsAction({ id })), [dispatch, id]);
 
diff --git a/packages/kbn-expandable-flyout/src/index.tsx b/packages/kbn-expandable-flyout/src/index.tsx
index 7bcfa050fbfa5..ba11b597e0b06 100644
--- a/packages/kbn-expandable-flyout/src/index.tsx
+++ b/packages/kbn-expandable-flyout/src/index.tsx
@@ -70,7 +70,6 @@ export const ExpandableFlyout: React.FC<ExpandableFlyoutProps> = ({
     ? mostRecentPreview?.params?.banner
     : undefined;
 
-  const showBackButton = !!preview && preview.length > 1;
   const previewSection = useMemo(
     () => registeredPanels.find((panel) => panel.key === mostRecentPreview?.id),
     [mostRecentPreview, registeredPanels]
@@ -129,7 +128,6 @@ export const ExpandableFlyout: React.FC<ExpandableFlyoutProps> = ({
       {showPreview ? (
         <PreviewSection
           component={previewSection.component({ ...(mostRecentPreview as FlyoutPanelProps) })}
-          showBackButton={showBackButton}
           leftPosition={previewSectionLeft}
           banner={previewBanner}
         />
diff --git a/packages/kbn-expandable-flyout/src/provider.test.tsx b/packages/kbn-expandable-flyout/src/provider.test.tsx
index c6246eff9fa32..f47b538ed851e 100644
--- a/packages/kbn-expandable-flyout/src/provider.test.tsx
+++ b/packages/kbn-expandable-flyout/src/provider.test.tsx
@@ -67,7 +67,7 @@ describe('UrlSynchronizer', () => {
     expect(mockSet).toHaveBeenCalledWith('urlKey', {
       left: undefined,
       right: undefined,
-      preview: undefined,
+      preview: [undefined],
     });
   });
 
diff --git a/packages/kbn-expandable-flyout/src/provider.tsx b/packages/kbn-expandable-flyout/src/provider.tsx
index d88df39ab61eb..7ad9ddd084963 100644
--- a/packages/kbn-expandable-flyout/src/provider.tsx
+++ b/packages/kbn-expandable-flyout/src/provider.tsx
@@ -49,14 +49,14 @@ export const UrlSynchronizer = () => {
       dispatch(
         urlChangedAction({
           ...currentValue,
-          preview: currentValue?.preview?.[0],
+          preview: currentValue?.preview?.at(-1),
           id: urlKey,
         })
       );
     }
 
     const subscription = urlStorage.change$<FlyoutState>(urlKey).subscribe((value) => {
-      dispatch(urlChangedAction({ ...value, preview: value?.preview?.[0], id: urlKey }));
+      dispatch(urlChangedAction({ ...value, preview: value?.preview?.at(-1), id: urlKey }));
     });
 
     return () => subscription.unsubscribe();
@@ -68,7 +68,7 @@ export const UrlSynchronizer = () => {
     }
 
     const { left, right, preview } = panels;
-    urlStorage.set(urlKey, { left, right, preview });
+    urlStorage.set(urlKey, { left, right, preview: [preview?.at(-1)] });
   }, [needsSync, panels, urlKey, urlStorage]);
 
   return null;
diff --git a/packages/kbn-expandable-flyout/src/reducer.test.ts b/packages/kbn-expandable-flyout/src/reducer.test.ts
index df03d9277f946..7f0a5c289e295 100644
--- a/packages/kbn-expandable-flyout/src/reducer.test.ts
+++ b/packages/kbn-expandable-flyout/src/reducer.test.ts
@@ -622,7 +622,7 @@ describe('reducer', () => {
       const action = previousPreviewPanelAction({ id: id1 });
       const newState: State = reducer(state, action);
 
-      expect(newState).toEqual({ ...initialState, needsSync: true });
+      expect(newState).toEqual({ ...initialState, needsSync: false });
     });
 
     it(`should return unmodified state when previous preview panel when no preview panel exist`, () => {
@@ -638,7 +638,7 @@ describe('reducer', () => {
       const action = previousPreviewPanelAction({ id: id1 });
       const newState: State = reducer(state, action);
 
-      expect(newState).toEqual({ ...state, needsSync: true });
+      expect(newState).toEqual({ ...state, needsSync: false });
     });
 
     it('should remove only last preview panel', () => {
@@ -662,7 +662,7 @@ describe('reducer', () => {
             preview: [previewPanel1],
           },
         },
-        needsSync: true,
+        needsSync: false,
       });
     });
 
@@ -687,7 +687,7 @@ describe('reducer', () => {
             preview: [previewPanel1],
           },
         },
-        needsSync: true,
+        needsSync: false,
       });
     });
   });
diff --git a/packages/kbn-expandable-flyout/src/reducer.ts b/packages/kbn-expandable-flyout/src/reducer.ts
index 617ad5e3a7c95..32465f554ab7f 100644
--- a/packages/kbn-expandable-flyout/src/reducer.ts
+++ b/packages/kbn-expandable-flyout/src/reducer.ts
@@ -7,6 +7,7 @@
  */
 
 import { createReducer } from '@reduxjs/toolkit';
+import deepEqual from 'react-fast-compare';
 import {
   openPanelsAction,
   openLeftPanelAction,
@@ -69,7 +70,11 @@ export const reducer = createReducer(initialState, (builder) => {
   builder.addCase(openPreviewPanelAction, (state, { payload: { preview, id } }) => {
     if (id in state.byId) {
       if (state.byId[id].preview) {
-        state.byId[id].preview?.push(preview);
+        const previewIdenticalToLastOne = deepEqual(preview, state.byId[id].preview?.at(-1));
+        // Only append preview when it does not match the last item in state.byId[id].preview
+        if (!previewIdenticalToLastOne) {
+          state.byId[id].preview?.push(preview);
+        }
       } else {
         state.byId[id].preview = preview ? [preview] : undefined;
       }
@@ -89,7 +94,8 @@ export const reducer = createReducer(initialState, (builder) => {
       state.byId[id].preview?.pop();
     }
 
-    state.needsSync = true;
+    // if state is stored in url, click go back in preview should utilize browser history
+    state.needsSync = false;
   });
 
   builder.addCase(closePanelsAction, (state, { payload: { id } }) => {
diff --git a/packages/kbn-ftr-common-functional-ui-services/services/browser.ts b/packages/kbn-ftr-common-functional-ui-services/services/browser.ts
index 8e26a0d9dac9f..c017433446d75 100644
--- a/packages/kbn-ftr-common-functional-ui-services/services/browser.ts
+++ b/packages/kbn-ftr-common-functional-ui-services/services/browser.ts
@@ -53,7 +53,10 @@ class BrowserService extends FtrService {
    * https://seleniumhq.github.io/selenium/docs/api/javascript/module/selenium-webdriver/lib/webdriver_exports_WebDriver.html#actions
    */
   public getActions() {
-    return this.driver.actions();
+    return this.driver.actions({
+      async: undefined,
+      bridge: undefined,
+    });
   }
 
   /**
diff --git a/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts b/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts
index 40c9fff679653..4789a7566756d 100644
--- a/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts
+++ b/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts
@@ -121,7 +121,7 @@ function initChromiumOptions(browserType: Browsers, acceptInsecureCerts: boolean
   }
 
   if (browserBinaryPath) {
-    options.setChromeBinaryPath(browserBinaryPath);
+    options.setBinaryPath(browserBinaryPath);
   }
 
   if (noCache === '1') {
diff --git a/packages/kbn-ftr-common-functional-ui-services/services/web_element_wrapper/web_element_wrapper.ts b/packages/kbn-ftr-common-functional-ui-services/services/web_element_wrapper/web_element_wrapper.ts
index e7083d7f17587..c1fb7d471c7f3 100644
--- a/packages/kbn-ftr-common-functional-ui-services/services/web_element_wrapper/web_element_wrapper.ts
+++ b/packages/kbn-ftr-common-functional-ui-services/services/web_element_wrapper/web_element_wrapper.ts
@@ -141,7 +141,10 @@ export class WebElementWrapper {
   }
 
   private getActions() {
-    return this.driver.actions();
+    return this.driver.actions({
+      async: undefined,
+      bridge: undefined,
+    });
   }
 
   /**
diff --git a/packages/kbn-management/cards_navigation/src/consts.tsx b/packages/kbn-management/cards_navigation/src/consts.tsx
index 97b62eca90a4c..ba0d370c9577f 100644
--- a/packages/kbn-management/cards_navigation/src/consts.tsx
+++ b/packages/kbn-management/cards_navigation/src/consts.tsx
@@ -63,6 +63,13 @@ export const appDefinitions: Record<AppId, AppDefinition> = {
     }),
     icon: 'logstashQueue',
   },
+  [AppIds.DATA_QUALITY]: {
+    category: appCategories.DATA,
+    description: i18n.translate('management.landing.withCardNavigation.dataQualityDescription', {
+      defaultMessage: 'Find and manage quality issues in your log data.',
+    }),
+    icon: 'documents',
+  },
 
   [AppIds.RULES]: {
     category: appCategories.ALERTS,
diff --git a/packages/kbn-management/cards_navigation/src/types.ts b/packages/kbn-management/cards_navigation/src/types.ts
index f03544342abb0..5be90d5b7c147 100644
--- a/packages/kbn-management/cards_navigation/src/types.ts
+++ b/packages/kbn-management/cards_navigation/src/types.ts
@@ -28,6 +28,7 @@ export enum AppIds {
   SERVERLESS_SETTINGS = 'settings',
   ROLES = 'roles',
   API_KEYS = 'api_keys',
+  DATA_QUALITY = 'data_quality',
 }
 
 // Create new type that is a union of all the appId values
diff --git a/packages/kbn-management/settings/components/field_input/input/image_input.tsx b/packages/kbn-management/settings/components/field_input/input/image_input.tsx
index 9bcacf620c1fe..0bcc61789953c 100644
--- a/packages/kbn-management/settings/components/field_input/input/image_input.tsx
+++ b/packages/kbn-management/settings/components/field_input/input/image_input.tsx
@@ -8,7 +8,11 @@
 
 import React, { useImperativeHandle, useRef } from 'react';
 import { i18n } from '@kbn/i18n';
-import { EuiFilePicker, EuiFilePickerProps, EuiImage } from '@elastic/eui';
+import { EuiFilePicker, EuiImage } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 
 import { ResetInputRef } from '@kbn/management-settings-types';
 import { getFieldInputValue, useUpdate } from '@kbn/management-settings-utilities';
@@ -45,7 +49,7 @@ const errorMessage = i18n.translate('management.settings.field.imageChangeErrorM
  */
 export const ImageInput = React.forwardRef<ResetInputRef, ImageInputProps>(
   ({ field, unsavedChange, isSavingEnabled, onInputChange }, ref) => {
-    const inputRef = useRef<EuiFilePicker>(null);
+    const inputRef = useRef<EuiFilePickerClass>(null);
 
     useImperativeHandle(ref, () => ({
       reset: () => inputRef.current?.removeFiles(),
@@ -99,7 +103,7 @@ export const ImageInput = React.forwardRef<ResetInputRef, ImageInputProps>(
           accept=".jpg,.jpeg,.png"
           data-test-subj={`${TEST_SUBJ_PREFIX_FIELD}-${id}`}
           disabled={!isSavingEnabled}
-          ref={inputRef}
+          ref={inputRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
           fullWidth
           {...{ onChange, ...a11yProps }}
         />
diff --git a/packages/kbn-openapi-generator/src/template_service/templates/zod_schema_item.handlebars b/packages/kbn-openapi-generator/src/template_service/templates/zod_schema_item.handlebars
index 7ad0abaf1cad8..8e4c5aef616fb 100644
--- a/packages/kbn-openapi-generator/src/template_service/templates/zod_schema_item.handlebars
+++ b/packages/kbn-openapi-generator/src/template_service/templates/zod_schema_item.handlebars
@@ -68,7 +68,6 @@ z.unknown()
 
 {{~#*inline "type_boolean"~}}
   z.boolean()
-  {{~#if nullable}}.nullable(){{/if~}}
 {{~/inline~}}
 
 {{~#*inline "type_integer"~}}
diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
index c3ffc507387b8..73d9f0e23af29 100644
--- a/packages/kbn-optimizer/limits.yml
+++ b/packages/kbn-optimizer/limits.yml
@@ -5,7 +5,6 @@ pageLoadAssetSize:
   aiops: 10000
   alerting: 106936
   apm: 64385
-  assetManager: 25000
   banners: 17946
   bfetch: 22837
   canvas: 29355
@@ -42,6 +41,7 @@ pageLoadAssetSize:
   embeddable: 87309
   embeddableEnhanced: 22107
   enterpriseSearch: 66810
+  entityManager: 17175
   esqlDataGrid: 24582
   esUiShared: 326654
   eventAnnotation: 30000
@@ -82,6 +82,7 @@ pageLoadAssetSize:
   ingestPipelines: 58003
   inputControlVis: 172675
   inspector: 148711
+  integrationAssistant: 19524
   interactiveSetup: 80000
   investigate: 17970
   kibanaOverview: 56279
@@ -101,13 +102,13 @@ pageLoadAssetSize:
   maps: 90000
   mapsEms: 26072
   metricsDataAccess: 73287
-  ml: 82187
+  ml: 82210
   mockIdpPlugin: 30000
   monitoring: 80000
   navigation: 37269
   newsfeed: 42228
   noDataPage: 5000
-  observability: 167673
+  observability: 76678
   observabilityAIAssistant: 58230
   observabilityAIAssistantApp: 27680
   observabilityAiAssistantManagement: 19279
diff --git a/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts b/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts
index 2fb821018dcee..5b28a7b9296c5 100644
--- a/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts
+++ b/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts
@@ -8,32 +8,7 @@
 
 import { schema } from '@kbn/config-schema';
 import type { CoreVersionedRouter, Router } from '@kbn/core-http-router-server-internal';
-
-/** Intended to cover a wide set of schema configurations */
-export const testSchema = schema.object({
-  string: schema.string({ maxLength: 10, minLength: 1 }),
-  maybeNumber: schema.maybe(schema.number({ max: 1000, min: 1 })),
-  booleanDefault: schema.boolean({
-    defaultValue: true,
-    meta: {
-      description: 'defaults to to true',
-    },
-  }),
-  ipType: schema.ip({ versions: ['ipv4'] }),
-  literalType: schema.literal('literallythis'),
-  neverType: schema.never(),
-  map: schema.mapOf(schema.string(), schema.string()),
-  record: schema.recordOf(schema.string(), schema.string()),
-  union: schema.oneOf([
-    schema.string({ maxLength: 1, meta: { description: 'Union string' } }),
-    schema.number({ min: 0, meta: { description: 'Union number' } }),
-  ]),
-  uri: schema.uri({
-    scheme: ['prototest'],
-    defaultValue: () => 'prototest://something',
-  }),
-  any: schema.any({ meta: { description: 'any type' } }),
-});
+import { createLargeSchema } from './oas_converter/kbn_config_schema/lib.test.util';
 
 type RoutesMeta = ReturnType<Router['getRoutes']>[number];
 type VersionedRoutesMeta = ReturnType<CoreVersionedRouter['getRoutes']>[number];
@@ -67,7 +42,7 @@ export const getRouterDefaults = () => ({
       query: schema.object({
         page: schema.number({ max: 999, min: 1, defaultValue: 1, meta: { description: 'page' } }),
       }),
-      body: testSchema,
+      body: createLargeSchema(),
     },
     response: {
       200: {
diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts
index 8c0df00303d73..1e0d79d9786d2 100644
--- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts
+++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts
@@ -7,7 +7,169 @@
  */
 
 import { schema } from '@kbn/config-schema';
-import { is, isNullableObjectType, getParamSchema } from './lib';
+import {
+  is,
+  convert,
+  convertPathParameters,
+  convertQuery,
+  isNullableObjectType,
+  getParamSchema,
+} from './lib';
+
+import { createLargeSchema } from './lib.test.util';
+
+describe('convert', () => {
+  test('base case', () => {
+    expect(convert(createLargeSchema())).toEqual({
+      schema: {
+        additionalProperties: false,
+        properties: {
+          any: {},
+          booleanDefault: {
+            default: true,
+            description: 'defaults to to true',
+            type: 'boolean',
+          },
+          ipType: {
+            format: 'ipv4',
+            type: 'string',
+          },
+          literalType: {
+            enum: ['literallythis'],
+            type: 'string',
+          },
+          map: {
+            additionalProperties: {
+              type: 'string',
+            },
+            type: 'object',
+          },
+          maybeNumber: {
+            maximum: 1000,
+            minimum: 1,
+            type: 'number',
+          },
+          record: {
+            additionalProperties: {
+              type: 'string',
+            },
+            type: 'object',
+          },
+          string: {
+            maxLength: 10,
+            minLength: 1,
+            type: 'string',
+          },
+          union: {
+            anyOf: [
+              {
+                description: 'Union string',
+                maxLength: 1,
+                type: 'string',
+              },
+              {
+                description: 'Union number',
+                minimum: 0,
+                type: 'number',
+              },
+            ],
+          },
+          uri: {
+            default: 'prototest://something',
+            format: 'uri',
+            type: 'string',
+          },
+        },
+        required: ['string', 'ipType', 'literalType', 'map', 'record', 'union', 'any'],
+        type: 'object',
+      },
+      shared: {},
+    });
+  });
+
+  test('shared schemas', () => {
+    const idSchema = schema.object({ a: schema.string() }, { meta: { id: 'myId' } });
+    const otherSchema = schema.object({ id: idSchema });
+    expect(convert(otherSchema)).toEqual({
+      schema: {
+        additionalProperties: false,
+        properties: {
+          id: {
+            $ref: '#/components/schemas/myId',
+          },
+        },
+        required: ['id'],
+        type: 'object',
+      },
+      shared: {
+        myId: {
+          additionalProperties: false,
+          properties: {
+            a: {
+              type: 'string',
+            },
+          },
+          required: ['a'],
+          type: 'object',
+        },
+      },
+    });
+  });
+});
+
+describe('convertPathParameters', () => {
+  test('base conversion', () => {
+    expect(
+      convertPathParameters(schema.object({ a: schema.string() }), { a: { optional: false } })
+    ).toEqual({
+      params: [
+        {
+          in: 'path',
+          name: 'a',
+          required: true,
+          schema: {
+            type: 'string',
+          },
+        },
+      ],
+      shared: {},
+    });
+  });
+  test('conversion with refs is disallowed', () => {
+    const sharedSchema = schema.object({ a: schema.string() }, { meta: { id: 'myparams' } });
+    expect(() => convertPathParameters(sharedSchema, { a: { optional: false } })).toThrow(
+      /myparams.*not supported/
+    );
+  });
+  test('throws if known parameters not found', () => {
+    expect(() =>
+      convertPathParameters(schema.object({ b: schema.string() }), { a: { optional: false } })
+    ).toThrow(/Unknown parameter: b/);
+  });
+});
+
+describe('convertQuery', () => {
+  test('base conversion', () => {
+    expect(convertQuery(schema.object({ a: schema.string() }))).toEqual({
+      query: [
+        {
+          in: 'query',
+          name: 'a',
+          required: true,
+          schema: {
+            type: 'string',
+          },
+        },
+      ],
+      shared: {},
+    });
+  });
+
+  test('conversion with refs is disallowed', () => {
+    const sharedSchema = schema.object({ a: schema.string() }, { meta: { id: 'myparams' } });
+    expect(() => convertQuery(sharedSchema)).toThrow(/myparams.*not supported/);
+  });
+});
 
 describe('is', () => {
   test.each([
diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts
new file mode 100644
index 0000000000000..a8f7547a129fe
--- /dev/null
+++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export function createLargeSchema() {
+  return schema.object({
+    string: schema.string({ maxLength: 10, minLength: 1 }),
+    maybeNumber: schema.maybe(schema.number({ max: 1000, min: 1 })),
+    booleanDefault: schema.boolean({
+      defaultValue: true,
+      meta: {
+        description: 'defaults to to true',
+      },
+    }),
+    ipType: schema.ip({ versions: ['ipv4'] }),
+    literalType: schema.literal('literallythis'),
+    neverType: schema.never(),
+    map: schema.mapOf(schema.string(), schema.string()),
+    record: schema.recordOf(schema.string(), schema.string()),
+    union: schema.oneOf([
+      schema.string({ maxLength: 1, meta: { description: 'Union string' } }),
+      schema.number({ min: 0, meta: { description: 'Union number' } }),
+    ]),
+    uri: schema.uri({
+      scheme: ['prototest'],
+      defaultValue: () => 'prototest://something',
+    }),
+    any: schema.any({ meta: { description: 'any type' } }),
+  });
+}
diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts
index 0e59ed3dde5ec..94a321a2379df 100644
--- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts
+++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts
@@ -94,7 +94,11 @@ const convertObjectMembersToParameterObjects = (
     const anyOf = (result as OpenAPIV3.SchemaObject).anyOf as OpenAPIV3.SchemaObject[];
     properties = anyOf.find((s) => s.type === 'object')!.properties!;
   } else if (isObjectType(schema)) {
-    const { result } = parse({ schema, ctx }) as { result: OpenAPIV3.SchemaObject };
+    const { result } = parse({ schema, ctx });
+    if ('$ref' in result)
+      throw new Error(
+        `Found a reference to "${result.$ref}". Runtime types with IDs are not supported in path or query parameters.`
+      );
     properties = (result as OpenAPIV3.SchemaObject).properties!;
     (result.required ?? []).forEach((key) => required.set(key, true));
   } else if (isRecordType(schema)) {
diff --git a/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts b/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts
index ce334e5d0fc55..4503679686bab 100644
--- a/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts
+++ b/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts
@@ -24,6 +24,12 @@ const VERSION = `${KIBANA_NAMESPACE}.version` as const;
 // kibana.alert.action_group - framework action group ID for this alert
 const ALERT_ACTION_GROUP = `${ALERT_NAMESPACE}.action_group` as const;
 
+// kibana.alert.previous_action_group
+const ALERT_PREVIOUS_ACTION_GROUP = `${ALERT_NAMESPACE}.previous_action_group` as const;
+
+// kibana.alert.severity_improving
+const ALERT_SEVERITY_IMPROVING = `${ALERT_NAMESPACE}.severity_improving` as const;
+
 // kibana.alert.case_ids - array of cases associated with the alert
 const ALERT_CASE_IDS = `${ALERT_NAMESPACE}.case_ids` as const;
 
@@ -129,6 +135,7 @@ const fields = {
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_INSTANCE_ID,
   ALERT_LAST_DETECTED,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_REASON,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -141,6 +148,7 @@ const fields = {
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_START,
   ALERT_STATUS,
   ALERT_TIME_RANGE,
@@ -171,6 +179,7 @@ export {
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_INSTANCE_ID,
   ALERT_LAST_DETECTED,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_REASON,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -183,6 +192,7 @@ export {
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_START,
   ALERT_STATUS,
   ALERT_TIME_RANGE,
diff --git a/packages/kbn-search-connectors/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap b/packages/kbn-search-connectors/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
index ba8acd3925f10..5625124ec3efb 100644
--- a/packages/kbn-search-connectors/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
+++ b/packages/kbn-search-connectors/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
@@ -1,11314 +1,3676 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
 exports[`CronEditor is rendered with a DAY frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="DAY"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
     >
-      <div
-        className="euiFormRow__labelWrapper"
-      >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
-        >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-          >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
-      </div>
-      <div
-        className="euiFormRow__fieldWrapper"
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
       >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="DAY"
-        >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
-          >
-            <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-            >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
-              >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  Every
-                </label>
-              </EuiFormLabel>
-              <div
-                className="euiFormControlLayout__childrenWrapper"
-              >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="DAY"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
-              </div>
-            </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
-      </div>
+        Frequency
+      </label>
     </div>
-  </EuiFormRow>
-  <CronDaily
-    hour="*"
-    hourOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-      ]
-    }
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-        Object {
-          "text": "24",
-          "value": "24",
-        },
-        Object {
-          "text": "25",
-          "value": "25",
-        },
-        Object {
-          "text": "26",
-          "value": "26",
-        },
-        Object {
-          "text": "27",
-          "value": "27",
-        },
-        Object {
-          "text": "28",
-          "value": "28",
-        },
-        Object {
-          "text": "29",
-          "value": "29",
-        },
-        Object {
-          "text": "30",
-          "value": "30",
-        },
-        Object {
-          "text": "31",
-          "value": "31",
-        },
-        Object {
-          "text": "32",
-          "value": "32",
-        },
-        Object {
-          "text": "33",
-          "value": "33",
-        },
-        Object {
-          "text": "34",
-          "value": "34",
-        },
-        Object {
-          "text": "35",
-          "value": "35",
-        },
-        Object {
-          "text": "36",
-          "value": "36",
-        },
-        Object {
-          "text": "37",
-          "value": "37",
-        },
-        Object {
-          "text": "38",
-          "value": "38",
-        },
-        Object {
-          "text": "39",
-          "value": "39",
-        },
-        Object {
-          "text": "40",
-          "value": "40",
-        },
-        Object {
-          "text": "41",
-          "value": "41",
-        },
-        Object {
-          "text": "42",
-          "value": "42",
-        },
-        Object {
-          "text": "43",
-          "value": "43",
-        },
-        Object {
-          "text": "44",
-          "value": "44",
-        },
-        Object {
-          "text": "45",
-          "value": "45",
-        },
-        Object {
-          "text": "46",
-          "value": "46",
-        },
-        Object {
-          "text": "47",
-          "value": "47",
-        },
-        Object {
-          "text": "48",
-          "value": "48",
-        },
-        Object {
-          "text": "49",
-          "value": "49",
-        },
-        Object {
-          "text": "50",
-          "value": "50",
-        },
-        Object {
-          "text": "51",
-          "value": "51",
-        },
-        Object {
-          "text": "52",
-          "value": "52",
-        },
-        Object {
-          "text": "53",
-          "value": "53",
-        },
-        Object {
-          "text": "54",
-          "value": "54",
-        },
-        Object {
-          "text": "55",
-          "value": "55",
-        },
-        Object {
-          "text": "56",
-          "value": "56",
-        },
-        Object {
-          "text": "57",
-          "value": "57",
-        },
-        Object {
-          "text": "58",
-          "value": "58",
-        },
-        Object {
-          "text": "59",
-          "value": "59",
-        },
-      ]
-    }
-    onChange={[Function]}
-  >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Time"
-          id="searchConnectors.cronEditor.cronDaily.fieldTimeLabel"
-        />
-      }
-      labelType="label"
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Time"
-                id="searchConnectors.cronEditor.cronDaily.fieldTimeLabel"
-              >
-                Time
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          Every
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiFlexGroup
-            gutterSize="xs"
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
             id="generated-id"
-            onBlur={[Function]}
-            onFocus={[Function]}
           >
-            <div
-              css="unknown styles"
-              id="generated-id"
-              onBlur={[Function]}
-              onFocus={[Function]}
-            >
-              <Insertion
-                cache={
-                  Object {
-                    "insert": [Function],
-                    "inserted": Object {
-                      "9sbomz-euiFlexItem-grow-1": true,
-                      "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                      "kpsrin-euiFlexItem-growZero": true,
-                    },
-                    "key": "css",
-                    "nonce": undefined,
-                    "registered": Object {},
-                    "sheet": StyleSheet {
-                      "_alreadyInsertedOrderInsensitiveRule": true,
-                      "_insertTag": [Function],
-                      "before": null,
-                      "container": <head>
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>
-                      </head>,
-                      "ctr": 4,
-                      "insertionPoint": undefined,
-                      "isSpeedy": false,
-                      "key": "css",
-                      "nonce": undefined,
-                      "prepend": undefined,
-                      "tags": Array [
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>,
-                      ],
-                    },
-                  }
-                }
-                isStringTag={true}
-                serialized={
-                  Object {
-                    "map": undefined,
-                    "name": "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row",
-                    "next": undefined,
-                    "styles": "display:flex;align-items:stretch;flex-grow:1;label:euiFlexGroup;;;@media only screen and (max-width: 767px){flex-wrap:wrap;&>.euiFlexItem{inline-size: 100%; flex-basis:100%;}};label:responsive;;;;gap:4px;;label:xs;;;justify-content:flex-start;label:flexStart;;;align-items:stretch;label:stretch;;;flex-direction:row;label:row;;;",
-                    "toString": [Function],
-                  }
-                }
+            <option
+              value="MINUTE"
+            >
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
               />
-              <div
-                className="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
-                id="generated-id"
-                onBlur={[Function]}
-                onFocus={[Function]}
-              >
-                <EuiFlexItem
-                  grow={false}
-                >
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "kpsrin-euiFlexItem-growZero",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-grow:0;flex-basis:auto;label:growZero;;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-growZero"
-                    >
-                      <EuiSelect
-                        aria-label="Hour"
-                        data-test-subj="cronFrequencyDailyHourSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                          ]
-                        }
-                        prepend="At"
-                        value="*"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend="At"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                At
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Hour"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyDailyHourSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="*"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-                <EuiFlexItem>
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "9sbomz-euiFlexItem-grow-1",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-basis:0%;label:grow;;;flex-grow:1;label:1;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-grow-1"
-                    >
-                      <EuiSelect
-                        aria-label="Minute"
-                        data-test-subj="cronFrequencyDailyMinuteSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                            Object {
-                              "text": "24",
-                              "value": "24",
-                            },
-                            Object {
-                              "text": "25",
-                              "value": "25",
-                            },
-                            Object {
-                              "text": "26",
-                              "value": "26",
-                            },
-                            Object {
-                              "text": "27",
-                              "value": "27",
-                            },
-                            Object {
-                              "text": "28",
-                              "value": "28",
-                            },
-                            Object {
-                              "text": "29",
-                              "value": "29",
-                            },
-                            Object {
-                              "text": "30",
-                              "value": "30",
-                            },
-                            Object {
-                              "text": "31",
-                              "value": "31",
-                            },
-                            Object {
-                              "text": "32",
-                              "value": "32",
-                            },
-                            Object {
-                              "text": "33",
-                              "value": "33",
-                            },
-                            Object {
-                              "text": "34",
-                              "value": "34",
-                            },
-                            Object {
-                              "text": "35",
-                              "value": "35",
-                            },
-                            Object {
-                              "text": "36",
-                              "value": "36",
-                            },
-                            Object {
-                              "text": "37",
-                              "value": "37",
-                            },
-                            Object {
-                              "text": "38",
-                              "value": "38",
-                            },
-                            Object {
-                              "text": "39",
-                              "value": "39",
-                            },
-                            Object {
-                              "text": "40",
-                              "value": "40",
-                            },
-                            Object {
-                              "text": "41",
-                              "value": "41",
-                            },
-                            Object {
-                              "text": "42",
-                              "value": "42",
-                            },
-                            Object {
-                              "text": "43",
-                              "value": "43",
-                            },
-                            Object {
-                              "text": "44",
-                              "value": "44",
-                            },
-                            Object {
-                              "text": "45",
-                              "value": "45",
-                            },
-                            Object {
-                              "text": "46",
-                              "value": "46",
-                            },
-                            Object {
-                              "text": "47",
-                              "value": "47",
-                            },
-                            Object {
-                              "text": "48",
-                              "value": "48",
-                            },
-                            Object {
-                              "text": "49",
-                              "value": "49",
-                            },
-                            Object {
-                              "text": "50",
-                              "value": "50",
-                            },
-                            Object {
-                              "text": "51",
-                              "value": "51",
-                            },
-                            Object {
-                              "text": "52",
-                              "value": "52",
-                            },
-                            Object {
-                              "text": "53",
-                              "value": "53",
-                            },
-                            Object {
-                              "text": "54",
-                              "value": "54",
-                            },
-                            Object {
-                              "text": "55",
-                              "value": "55",
-                            },
-                            Object {
-                              "text": "56",
-                              "value": "56",
-                            },
-                            Object {
-                              "text": "57",
-                              "value": "57",
-                            },
-                            Object {
-                              "text": "58",
-                              "value": "58",
-                            },
-                            Object {
-                              "text": "59",
-                              "value": "59",
-                            },
-                          ]
-                        }
-                        prepend=":"
-                        value="10"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend=":"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                :
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Minute"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyDailyMinuteSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="10"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                  <option
-                                    key="24"
-                                    value="24"
-                                  >
-                                    24
-                                  </option>
-                                  <option
-                                    key="25"
-                                    value="25"
-                                  >
-                                    25
-                                  </option>
-                                  <option
-                                    key="26"
-                                    value="26"
-                                  >
-                                    26
-                                  </option>
-                                  <option
-                                    key="27"
-                                    value="27"
-                                  >
-                                    27
-                                  </option>
-                                  <option
-                                    key="28"
-                                    value="28"
-                                  >
-                                    28
-                                  </option>
-                                  <option
-                                    key="29"
-                                    value="29"
-                                  >
-                                    29
-                                  </option>
-                                  <option
-                                    key="30"
-                                    value="30"
-                                  >
-                                    30
-                                  </option>
-                                  <option
-                                    key="31"
-                                    value="31"
-                                  >
-                                    31
-                                  </option>
-                                  <option
-                                    key="32"
-                                    value="32"
-                                  >
-                                    32
-                                  </option>
-                                  <option
-                                    key="33"
-                                    value="33"
-                                  >
-                                    33
-                                  </option>
-                                  <option
-                                    key="34"
-                                    value="34"
-                                  >
-                                    34
-                                  </option>
-                                  <option
-                                    key="35"
-                                    value="35"
-                                  >
-                                    35
-                                  </option>
-                                  <option
-                                    key="36"
-                                    value="36"
-                                  >
-                                    36
-                                  </option>
-                                  <option
-                                    key="37"
-                                    value="37"
-                                  >
-                                    37
-                                  </option>
-                                  <option
-                                    key="38"
-                                    value="38"
-                                  >
-                                    38
-                                  </option>
-                                  <option
-                                    key="39"
-                                    value="39"
-                                  >
-                                    39
-                                  </option>
-                                  <option
-                                    key="40"
-                                    value="40"
-                                  >
-                                    40
-                                  </option>
-                                  <option
-                                    key="41"
-                                    value="41"
-                                  >
-                                    41
-                                  </option>
-                                  <option
-                                    key="42"
-                                    value="42"
-                                  >
-                                    42
-                                  </option>
-                                  <option
-                                    key="43"
-                                    value="43"
-                                  >
-                                    43
-                                  </option>
-                                  <option
-                                    key="44"
-                                    value="44"
-                                  >
-                                    44
-                                  </option>
-                                  <option
-                                    key="45"
-                                    value="45"
-                                  >
-                                    45
-                                  </option>
-                                  <option
-                                    key="46"
-                                    value="46"
-                                  >
-                                    46
-                                  </option>
-                                  <option
-                                    key="47"
-                                    value="47"
-                                  >
-                                    47
-                                  </option>
-                                  <option
-                                    key="48"
-                                    value="48"
-                                  >
-                                    48
-                                  </option>
-                                  <option
-                                    key="49"
-                                    value="49"
-                                  >
-                                    49
-                                  </option>
-                                  <option
-                                    key="50"
-                                    value="50"
-                                  >
-                                    50
-                                  </option>
-                                  <option
-                                    key="51"
-                                    value="51"
-                                  >
-                                    51
-                                  </option>
-                                  <option
-                                    key="52"
-                                    value="52"
-                                  >
-                                    52
-                                  </option>
-                                  <option
-                                    key="53"
-                                    value="53"
-                                  >
-                                    53
-                                  </option>
-                                  <option
-                                    key="54"
-                                    value="54"
-                                  >
-                                    54
-                                  </option>
-                                  <option
-                                    key="55"
-                                    value="55"
-                                  >
-                                    55
-                                  </option>
-                                  <option
-                                    key="56"
-                                    value="56"
-                                  >
-                                    56
-                                  </option>
-                                  <option
-                                    key="57"
-                                    value="57"
-                                  >
-                                    57
-                                  </option>
-                                  <option
-                                    key="58"
-                                    value="58"
-                                  >
-                                    58
-                                  </option>
-                                  <option
-                                    key="59"
-                                    value="59"
-                                  >
-                                    59
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-              </div>
-            </div>
-          </EuiFlexGroup>
+            </span>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-  </CronDaily>
-</CronEditor>
-`;
-
-exports[`CronEditor is rendered with a HOUR frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="HOUR"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
     >
-      <div
-        className="euiFormRow__labelWrapper"
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
       >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
-        >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-          >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
-      </div>
+        Time
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
       <div
-        className="euiFormRow__fieldWrapper"
+        class="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
+        id="generated-id"
       >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="HOUR"
+        <div
+          class="euiFlexItem emotion-euiFlexItem-growZero"
         >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
           >
+            <label
+              class="euiFormLabel euiFormControlLayout__prepend"
+            >
+              At
+            </label>
             <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
+              <select
+                aria-label="Hour"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyDailyHourSelect"
               >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
                 >
-                  Every
-                </label>
-              </EuiFormLabel>
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+              </select>
               <div
-                className="euiFormControlLayout__childrenWrapper"
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
               >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="HOUR"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
               </div>
             </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
-      </div>
-    </div>
-  </EuiFormRow>
-  <CronHourly
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-        Object {
-          "text": "24",
-          "value": "24",
-        },
-        Object {
-          "text": "25",
-          "value": "25",
-        },
-        Object {
-          "text": "26",
-          "value": "26",
-        },
-        Object {
-          "text": "27",
-          "value": "27",
-        },
-        Object {
-          "text": "28",
-          "value": "28",
-        },
-        Object {
-          "text": "29",
-          "value": "29",
-        },
-        Object {
-          "text": "30",
-          "value": "30",
-        },
-        Object {
-          "text": "31",
-          "value": "31",
-        },
-        Object {
-          "text": "32",
-          "value": "32",
-        },
-        Object {
-          "text": "33",
-          "value": "33",
-        },
-        Object {
-          "text": "34",
-          "value": "34",
-        },
-        Object {
-          "text": "35",
-          "value": "35",
-        },
-        Object {
-          "text": "36",
-          "value": "36",
-        },
-        Object {
-          "text": "37",
-          "value": "37",
-        },
-        Object {
-          "text": "38",
-          "value": "38",
-        },
-        Object {
-          "text": "39",
-          "value": "39",
-        },
-        Object {
-          "text": "40",
-          "value": "40",
-        },
-        Object {
-          "text": "41",
-          "value": "41",
-        },
-        Object {
-          "text": "42",
-          "value": "42",
-        },
-        Object {
-          "text": "43",
-          "value": "43",
-        },
-        Object {
-          "text": "44",
-          "value": "44",
-        },
-        Object {
-          "text": "45",
-          "value": "45",
-        },
-        Object {
-          "text": "46",
-          "value": "46",
-        },
-        Object {
-          "text": "47",
-          "value": "47",
-        },
-        Object {
-          "text": "48",
-          "value": "48",
-        },
-        Object {
-          "text": "49",
-          "value": "49",
-        },
-        Object {
-          "text": "50",
-          "value": "50",
-        },
-        Object {
-          "text": "51",
-          "value": "51",
-        },
-        Object {
-          "text": "52",
-          "value": "52",
-        },
-        Object {
-          "text": "53",
-          "value": "53",
-        },
-        Object {
-          "text": "54",
-          "value": "54",
-        },
-        Object {
-          "text": "55",
-          "value": "55",
-        },
-        Object {
-          "text": "56",
-          "value": "56",
-        },
-        Object {
-          "text": "57",
-          "value": "57",
-        },
-        Object {
-          "text": "58",
-          "value": "58",
-        },
-        Object {
-          "text": "59",
-          "value": "59",
-        },
-      ]
-    }
-    onChange={[Function]}
-  >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Minute"
-          id="searchConnectors.cronEditor.cronHourly.fieldTimeLabel"
-        />
-      }
-      labelType="label"
-    >
-      <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
-      >
+          </div>
+        </div>
         <div
-          className="euiFormRow__labelWrapper"
+          class="euiFlexItem emotion-euiFlexItem-grow-1"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
           >
             <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
+              class="euiFormLabel euiFormControlLayout__prepend"
             >
-              <FormattedMessage
-                defaultMessage="Minute"
-                id="searchConnectors.cronEditor.cronHourly.fieldTimeLabel"
-              >
-                Minute
-              </FormattedMessage>
+              :
             </label>
-          </EuiFormLabel>
-        </div>
-        <div
-          className="euiFormRow__fieldWrapper"
-        >
-          <EuiSelect
-            data-test-subj="cronFrequencyHourlyMinuteSelect"
-            fullWidth={true}
-            id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "00",
-                  "value": "0",
-                },
-                Object {
-                  "text": "01",
-                  "value": "1",
-                },
-                Object {
-                  "text": "02",
-                  "value": "2",
-                },
-                Object {
-                  "text": "03",
-                  "value": "3",
-                },
-                Object {
-                  "text": "04",
-                  "value": "4",
-                },
-                Object {
-                  "text": "05",
-                  "value": "5",
-                },
-                Object {
-                  "text": "06",
-                  "value": "6",
-                },
-                Object {
-                  "text": "07",
-                  "value": "7",
-                },
-                Object {
-                  "text": "08",
-                  "value": "8",
-                },
-                Object {
-                  "text": "09",
-                  "value": "9",
-                },
-                Object {
-                  "text": "10",
-                  "value": "10",
-                },
-                Object {
-                  "text": "11",
-                  "value": "11",
-                },
-                Object {
-                  "text": "12",
-                  "value": "12",
-                },
-                Object {
-                  "text": "13",
-                  "value": "13",
-                },
-                Object {
-                  "text": "14",
-                  "value": "14",
-                },
-                Object {
-                  "text": "15",
-                  "value": "15",
-                },
-                Object {
-                  "text": "16",
-                  "value": "16",
-                },
-                Object {
-                  "text": "17",
-                  "value": "17",
-                },
-                Object {
-                  "text": "18",
-                  "value": "18",
-                },
-                Object {
-                  "text": "19",
-                  "value": "19",
-                },
-                Object {
-                  "text": "20",
-                  "value": "20",
-                },
-                Object {
-                  "text": "21",
-                  "value": "21",
-                },
-                Object {
-                  "text": "22",
-                  "value": "22",
-                },
-                Object {
-                  "text": "23",
-                  "value": "23",
-                },
-                Object {
-                  "text": "24",
-                  "value": "24",
-                },
-                Object {
-                  "text": "25",
-                  "value": "25",
-                },
-                Object {
-                  "text": "26",
-                  "value": "26",
-                },
-                Object {
-                  "text": "27",
-                  "value": "27",
-                },
-                Object {
-                  "text": "28",
-                  "value": "28",
-                },
-                Object {
-                  "text": "29",
-                  "value": "29",
-                },
-                Object {
-                  "text": "30",
-                  "value": "30",
-                },
-                Object {
-                  "text": "31",
-                  "value": "31",
-                },
-                Object {
-                  "text": "32",
-                  "value": "32",
-                },
-                Object {
-                  "text": "33",
-                  "value": "33",
-                },
-                Object {
-                  "text": "34",
-                  "value": "34",
-                },
-                Object {
-                  "text": "35",
-                  "value": "35",
-                },
-                Object {
-                  "text": "36",
-                  "value": "36",
-                },
-                Object {
-                  "text": "37",
-                  "value": "37",
-                },
-                Object {
-                  "text": "38",
-                  "value": "38",
-                },
-                Object {
-                  "text": "39",
-                  "value": "39",
-                },
-                Object {
-                  "text": "40",
-                  "value": "40",
-                },
-                Object {
-                  "text": "41",
-                  "value": "41",
-                },
-                Object {
-                  "text": "42",
-                  "value": "42",
-                },
-                Object {
-                  "text": "43",
-                  "value": "43",
-                },
-                Object {
-                  "text": "44",
-                  "value": "44",
-                },
-                Object {
-                  "text": "45",
-                  "value": "45",
-                },
-                Object {
-                  "text": "46",
-                  "value": "46",
-                },
-                Object {
-                  "text": "47",
-                  "value": "47",
-                },
-                Object {
-                  "text": "48",
-                  "value": "48",
-                },
-                Object {
-                  "text": "49",
-                  "value": "49",
-                },
-                Object {
-                  "text": "50",
-                  "value": "50",
-                },
-                Object {
-                  "text": "51",
-                  "value": "51",
-                },
-                Object {
-                  "text": "52",
-                  "value": "52",
-                },
-                Object {
-                  "text": "53",
-                  "value": "53",
-                },
-                Object {
-                  "text": "54",
-                  "value": "54",
-                },
-                Object {
-                  "text": "55",
-                  "value": "55",
-                },
-                Object {
-                  "text": "56",
-                  "value": "56",
-                },
-                Object {
-                  "text": "57",
-                  "value": "57",
-                },
-                Object {
-                  "text": "58",
-                  "value": "58",
-                },
-                Object {
-                  "text": "59",
-                  "value": "59",
-                },
-              ]
-            }
-            prepend="At"
-            value="10"
-          >
-            <EuiFormControlLayout
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="At"
+            <div
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
+              <select
+                aria-label="Minute"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyDailyMinuteSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+                <option
+                  value="24"
+                >
+                  24
+                </option>
+                <option
+                  value="25"
+                >
+                  25
+                </option>
+                <option
+                  value="26"
+                >
+                  26
+                </option>
+                <option
+                  value="27"
+                >
+                  27
+                </option>
+                <option
+                  value="28"
+                >
+                  28
+                </option>
+                <option
+                  value="29"
+                >
+                  29
+                </option>
+                <option
+                  value="30"
+                >
+                  30
+                </option>
+                <option
+                  value="31"
+                >
+                  31
+                </option>
+                <option
+                  value="32"
+                >
+                  32
+                </option>
+                <option
+                  value="33"
+                >
+                  33
+                </option>
+                <option
+                  value="34"
+                >
+                  34
+                </option>
+                <option
+                  value="35"
+                >
+                  35
+                </option>
+                <option
+                  value="36"
+                >
+                  36
+                </option>
+                <option
+                  value="37"
+                >
+                  37
+                </option>
+                <option
+                  value="38"
+                >
+                  38
+                </option>
+                <option
+                  value="39"
+                >
+                  39
+                </option>
+                <option
+                  value="40"
+                >
+                  40
+                </option>
+                <option
+                  value="41"
+                >
+                  41
+                </option>
+                <option
+                  value="42"
+                >
+                  42
+                </option>
+                <option
+                  value="43"
+                >
+                  43
+                </option>
+                <option
+                  value="44"
+                >
+                  44
+                </option>
+                <option
+                  value="45"
+                >
+                  45
+                </option>
+                <option
+                  value="46"
+                >
+                  46
+                </option>
+                <option
+                  value="47"
+                >
+                  47
+                </option>
+                <option
+                  value="48"
+                >
+                  48
+                </option>
+                <option
+                  value="49"
+                >
+                  49
+                </option>
+                <option
+                  value="50"
+                >
+                  50
+                </option>
+                <option
+                  value="51"
+                >
+                  51
+                </option>
+                <option
+                  value="52"
+                >
+                  52
+                </option>
+                <option
+                  value="53"
+                >
+                  53
+                </option>
+                <option
+                  value="54"
+                >
+                  54
+                </option>
+                <option
+                  value="55"
+                >
+                  55
+                </option>
+                <option
+                  value="56"
+                >
+                  56
+                </option>
+                <option
+                  value="57"
+                >
+                  57
+                </option>
+                <option
+                  value="58"
+                >
+                  58
+                </option>
+                <option
+                  value="59"
+                >
+                  59
+                </option>
+              </select>
               <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
               >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    At
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyHourlyMinuteSelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="10"
-                    >
-                      <option
-                        key="0"
-                        value="0"
-                      >
-                        00
-                      </option>
-                      <option
-                        key="1"
-                        value="1"
-                      >
-                        01
-                      </option>
-                      <option
-                        key="2"
-                        value="2"
-                      >
-                        02
-                      </option>
-                      <option
-                        key="3"
-                        value="3"
-                      >
-                        03
-                      </option>
-                      <option
-                        key="4"
-                        value="4"
-                      >
-                        04
-                      </option>
-                      <option
-                        key="5"
-                        value="5"
-                      >
-                        05
-                      </option>
-                      <option
-                        key="6"
-                        value="6"
-                      >
-                        06
-                      </option>
-                      <option
-                        key="7"
-                        value="7"
-                      >
-                        07
-                      </option>
-                      <option
-                        key="8"
-                        value="8"
-                      >
-                        08
-                      </option>
-                      <option
-                        key="9"
-                        value="9"
-                      >
-                        09
-                      </option>
-                      <option
-                        key="10"
-                        value="10"
-                      >
-                        10
-                      </option>
-                      <option
-                        key="11"
-                        value="11"
-                      >
-                        11
-                      </option>
-                      <option
-                        key="12"
-                        value="12"
-                      >
-                        12
-                      </option>
-                      <option
-                        key="13"
-                        value="13"
-                      >
-                        13
-                      </option>
-                      <option
-                        key="14"
-                        value="14"
-                      >
-                        14
-                      </option>
-                      <option
-                        key="15"
-                        value="15"
-                      >
-                        15
-                      </option>
-                      <option
-                        key="16"
-                        value="16"
-                      >
-                        16
-                      </option>
-                      <option
-                        key="17"
-                        value="17"
-                      >
-                        17
-                      </option>
-                      <option
-                        key="18"
-                        value="18"
-                      >
-                        18
-                      </option>
-                      <option
-                        key="19"
-                        value="19"
-                      >
-                        19
-                      </option>
-                      <option
-                        key="20"
-                        value="20"
-                      >
-                        20
-                      </option>
-                      <option
-                        key="21"
-                        value="21"
-                      >
-                        21
-                      </option>
-                      <option
-                        key="22"
-                        value="22"
-                      >
-                        22
-                      </option>
-                      <option
-                        key="23"
-                        value="23"
-                      >
-                        23
-                      </option>
-                      <option
-                        key="24"
-                        value="24"
-                      >
-                        24
-                      </option>
-                      <option
-                        key="25"
-                        value="25"
-                      >
-                        25
-                      </option>
-                      <option
-                        key="26"
-                        value="26"
-                      >
-                        26
-                      </option>
-                      <option
-                        key="27"
-                        value="27"
-                      >
-                        27
-                      </option>
-                      <option
-                        key="28"
-                        value="28"
-                      >
-                        28
-                      </option>
-                      <option
-                        key="29"
-                        value="29"
-                      >
-                        29
-                      </option>
-                      <option
-                        key="30"
-                        value="30"
-                      >
-                        30
-                      </option>
-                      <option
-                        key="31"
-                        value="31"
-                      >
-                        31
-                      </option>
-                      <option
-                        key="32"
-                        value="32"
-                      >
-                        32
-                      </option>
-                      <option
-                        key="33"
-                        value="33"
-                      >
-                        33
-                      </option>
-                      <option
-                        key="34"
-                        value="34"
-                      >
-                        34
-                      </option>
-                      <option
-                        key="35"
-                        value="35"
-                      >
-                        35
-                      </option>
-                      <option
-                        key="36"
-                        value="36"
-                      >
-                        36
-                      </option>
-                      <option
-                        key="37"
-                        value="37"
-                      >
-                        37
-                      </option>
-                      <option
-                        key="38"
-                        value="38"
-                      >
-                        38
-                      </option>
-                      <option
-                        key="39"
-                        value="39"
-                      >
-                        39
-                      </option>
-                      <option
-                        key="40"
-                        value="40"
-                      >
-                        40
-                      </option>
-                      <option
-                        key="41"
-                        value="41"
-                      >
-                        41
-                      </option>
-                      <option
-                        key="42"
-                        value="42"
-                      >
-                        42
-                      </option>
-                      <option
-                        key="43"
-                        value="43"
-                      >
-                        43
-                      </option>
-                      <option
-                        key="44"
-                        value="44"
-                      >
-                        44
-                      </option>
-                      <option
-                        key="45"
-                        value="45"
-                      >
-                        45
-                      </option>
-                      <option
-                        key="46"
-                        value="46"
-                      >
-                        46
-                      </option>
-                      <option
-                        key="47"
-                        value="47"
-                      >
-                        47
-                      </option>
-                      <option
-                        key="48"
-                        value="48"
-                      >
-                        48
-                      </option>
-                      <option
-                        key="49"
-                        value="49"
-                      >
-                        49
-                      </option>
-                      <option
-                        key="50"
-                        value="50"
-                      >
-                        50
-                      </option>
-                      <option
-                        key="51"
-                        value="51"
-                      >
-                        51
-                      </option>
-                      <option
-                        key="52"
-                        value="52"
-                      >
-                        52
-                      </option>
-                      <option
-                        key="53"
-                        value="53"
-                      >
-                        53
-                      </option>
-                      <option
-                        key="54"
-                        value="54"
-                      >
-                        54
-                      </option>
-                      <option
-                        key="55"
-                        value="55"
-                      >
-                        55
-                      </option>
-                      <option
-                        key="56"
-                        value="56"
-                      >
-                        56
-                      </option>
-                      <option
-                        key="57"
-                        value="57"
-                      >
-                        57
-                      </option>
-                      <option
-                        key="58"
-                        value="58"
-                      >
-                        58
-                      </option>
-                      <option
-                        key="59"
-                        value="59"
-                      >
-                        59
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
               </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
+            </div>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-  </CronHourly>
-</CronEditor>
+    </div>
+  </div>,
+]
 `;
 
-exports[`CronEditor is rendered with a MINUTE frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="MINUTE"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+exports[`CronEditor is rendered with a HOUR frequency 1`] = `
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
     >
-      <div
-        className="euiFormRow__labelWrapper"
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
       >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
-        >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-          >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
-      </div>
-      <div
-        className="euiFormRow__fieldWrapper"
-      >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="MINUTE"
-        >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
-          >
-            <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-            >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
-              >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  Every
-                </label>
-              </EuiFormLabel>
-              <div
-                className="euiFormControlLayout__childrenWrapper"
-              >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="MINUTE"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
-              </div>
-            </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
-      </div>
+        Frequency
+      </label>
     </div>
-  </EuiFormRow>
-  <CronMinutely
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "5",
-          "value": "0,5,10,15,20,25,30,35,40,45,50,55",
-        },
-        Object {
-          "text": "10",
-          "value": "0,10,20,30,40,50",
-        },
-        Object {
-          "text": "15",
-          "value": "0,15,30,45",
-        },
-        Object {
-          "text": "30",
-          "value": "0,30",
-        },
-      ]
-    }
-    onChange={[Function]}
-  >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Minute"
-          id="searchConnectors.cronEditor.cronMinutely.fieldTimeLabel"
-        />
-      }
-      labelType="label"
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Minute"
-                id="searchConnectors.cronEditor.cronMinutely.fieldTimeLabel"
-              >
-                Minute
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          Every
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiSelect
-            append="minutes"
-            data-test-subj="cronFrequencyMinutelyMinuteSelect"
-            fullWidth={true}
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
             id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "5",
-                  "value": "0,5,10,15,20,25,30,35,40,45,50,55",
-                },
-                Object {
-                  "text": "10",
-                  "value": "0,10,20,30,40,50",
-                },
-                Object {
-                  "text": "15",
-                  "value": "0,15,30,45",
-                },
-                Object {
-                  "text": "30",
-                  "value": "0,30",
-                },
-              ]
-            }
-            prepend="Every"
-            value="10"
           >
-            <EuiFormControlLayout
-              append="minutes"
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="Every"
+            <option
+              value="MINUTE"
             >
-              <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-              >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    Every
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyMinutelyMinuteSelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="10"
-                    >
-                      <option
-                        key="0"
-                        value="0,5,10,15,20,25,30,35,40,45,50,55"
-                      >
-                        5
-                      </option>
-                      <option
-                        key="1"
-                        value="0,10,20,30,40,50"
-                      >
-                        10
-                      </option>
-                      <option
-                        key="2"
-                        value="0,15,30,45"
-                      >
-                        15
-                      </option>
-                      <option
-                        key="3"
-                        value="0,30"
-                      >
-                        30
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
-                <EuiFormLabel
-                  className="euiFormControlLayout__append"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__append"
-                    htmlFor="generated-id"
-                  >
-                    minutes
-                  </label>
-                </EuiFormLabel>
-              </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-  </CronMinutely>
-</CronEditor>
-`;
-
-exports[`CronEditor is rendered with a MONTH frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="MONTH"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
     >
-      <div
-        className="euiFormRow__labelWrapper"
-      >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
-        >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-          >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
-      </div>
-      <div
-        className="euiFormRow__fieldWrapper"
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
       >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="MONTH"
-        >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
-          >
-            <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-            >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
-              >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  Every
-                </label>
-              </EuiFormLabel>
-              <div
-                className="euiFormControlLayout__childrenWrapper"
-              >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="MONTH"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
-              </div>
-            </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
-      </div>
+        Minute
+      </label>
     </div>
-  </EuiFormRow>
-  <CronMonthly
-    date="*"
-    dateOptions={
-      Array [
-        Object {
-          "text": "1st",
-          "value": "1",
-        },
-        Object {
-          "text": "2nd",
-          "value": "2",
-        },
-        Object {
-          "text": "3rd",
-          "value": "3",
-        },
-        Object {
-          "text": "4th",
-          "value": "4",
-        },
-        Object {
-          "text": "5th",
-          "value": "5",
-        },
-        Object {
-          "text": "6th",
-          "value": "6",
-        },
-        Object {
-          "text": "7th",
-          "value": "7",
-        },
-        Object {
-          "text": "8th",
-          "value": "8",
-        },
-        Object {
-          "text": "9th",
-          "value": "9",
-        },
-        Object {
-          "text": "10th",
-          "value": "10",
-        },
-        Object {
-          "text": "11st",
-          "value": "11",
-        },
-        Object {
-          "text": "12nd",
-          "value": "12",
-        },
-        Object {
-          "text": "13rd",
-          "value": "13",
-        },
-        Object {
-          "text": "14th",
-          "value": "14",
-        },
-        Object {
-          "text": "15th",
-          "value": "15",
-        },
-        Object {
-          "text": "16th",
-          "value": "16",
-        },
-        Object {
-          "text": "17th",
-          "value": "17",
-        },
-        Object {
-          "text": "18th",
-          "value": "18",
-        },
-        Object {
-          "text": "19th",
-          "value": "19",
-        },
-        Object {
-          "text": "20th",
-          "value": "20",
-        },
-        Object {
-          "text": "21st",
-          "value": "21",
-        },
-        Object {
-          "text": "22nd",
-          "value": "22",
-        },
-        Object {
-          "text": "23rd",
-          "value": "23",
-        },
-        Object {
-          "text": "24th",
-          "value": "24",
-        },
-        Object {
-          "text": "25th",
-          "value": "25",
-        },
-        Object {
-          "text": "26th",
-          "value": "26",
-        },
-        Object {
-          "text": "27th",
-          "value": "27",
-        },
-        Object {
-          "text": "28th",
-          "value": "28",
-        },
-        Object {
-          "text": "29th",
-          "value": "29",
-        },
-        Object {
-          "text": "30th",
-          "value": "30",
-        },
-        Object {
-          "text": "31st",
-          "value": "31",
-        },
-      ]
-    }
-    hour="*"
-    hourOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-      ]
-    }
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-        Object {
-          "text": "24",
-          "value": "24",
-        },
-        Object {
-          "text": "25",
-          "value": "25",
-        },
-        Object {
-          "text": "26",
-          "value": "26",
-        },
-        Object {
-          "text": "27",
-          "value": "27",
-        },
-        Object {
-          "text": "28",
-          "value": "28",
-        },
-        Object {
-          "text": "29",
-          "value": "29",
-        },
-        Object {
-          "text": "30",
-          "value": "30",
-        },
-        Object {
-          "text": "31",
-          "value": "31",
-        },
-        Object {
-          "text": "32",
-          "value": "32",
-        },
-        Object {
-          "text": "33",
-          "value": "33",
-        },
-        Object {
-          "text": "34",
-          "value": "34",
-        },
-        Object {
-          "text": "35",
-          "value": "35",
-        },
-        Object {
-          "text": "36",
-          "value": "36",
-        },
-        Object {
-          "text": "37",
-          "value": "37",
-        },
-        Object {
-          "text": "38",
-          "value": "38",
-        },
-        Object {
-          "text": "39",
-          "value": "39",
-        },
-        Object {
-          "text": "40",
-          "value": "40",
-        },
-        Object {
-          "text": "41",
-          "value": "41",
-        },
-        Object {
-          "text": "42",
-          "value": "42",
-        },
-        Object {
-          "text": "43",
-          "value": "43",
-        },
-        Object {
-          "text": "44",
-          "value": "44",
-        },
-        Object {
-          "text": "45",
-          "value": "45",
-        },
-        Object {
-          "text": "46",
-          "value": "46",
-        },
-        Object {
-          "text": "47",
-          "value": "47",
-        },
-        Object {
-          "text": "48",
-          "value": "48",
-        },
-        Object {
-          "text": "49",
-          "value": "49",
-        },
-        Object {
-          "text": "50",
-          "value": "50",
-        },
-        Object {
-          "text": "51",
-          "value": "51",
-        },
-        Object {
-          "text": "52",
-          "value": "52",
-        },
-        Object {
-          "text": "53",
-          "value": "53",
-        },
-        Object {
-          "text": "54",
-          "value": "54",
-        },
-        Object {
-          "text": "55",
-          "value": "55",
-        },
-        Object {
-          "text": "56",
-          "value": "56",
-        },
-        Object {
-          "text": "57",
-          "value": "57",
-        },
-        Object {
-          "text": "58",
-          "value": "58",
-        },
-        Object {
-          "text": "59",
-          "value": "59",
-        },
-      ]
-    }
-    onChange={[Function]}
-  >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Date"
-          id="searchConnectors.cronEditor.cronMonthly.fieldDateLabel"
-        />
-      }
-      labelType="label"
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Date"
-                id="searchConnectors.cronEditor.cronMonthly.fieldDateLabel"
-              >
-                Date
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          At
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiSelect
-            data-test-subj="cronFrequencyMonthlyDateSelect"
-            fullWidth={true}
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyHourlyMinuteSelect"
             id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "1st",
-                  "value": "1",
-                },
-                Object {
-                  "text": "2nd",
-                  "value": "2",
-                },
-                Object {
-                  "text": "3rd",
-                  "value": "3",
-                },
-                Object {
-                  "text": "4th",
-                  "value": "4",
-                },
-                Object {
-                  "text": "5th",
-                  "value": "5",
-                },
-                Object {
-                  "text": "6th",
-                  "value": "6",
-                },
-                Object {
-                  "text": "7th",
-                  "value": "7",
-                },
-                Object {
-                  "text": "8th",
-                  "value": "8",
-                },
-                Object {
-                  "text": "9th",
-                  "value": "9",
-                },
-                Object {
-                  "text": "10th",
-                  "value": "10",
-                },
-                Object {
-                  "text": "11st",
-                  "value": "11",
-                },
-                Object {
-                  "text": "12nd",
-                  "value": "12",
-                },
-                Object {
-                  "text": "13rd",
-                  "value": "13",
-                },
-                Object {
-                  "text": "14th",
-                  "value": "14",
-                },
-                Object {
-                  "text": "15th",
-                  "value": "15",
-                },
-                Object {
-                  "text": "16th",
-                  "value": "16",
-                },
-                Object {
-                  "text": "17th",
-                  "value": "17",
-                },
-                Object {
-                  "text": "18th",
-                  "value": "18",
-                },
-                Object {
-                  "text": "19th",
-                  "value": "19",
-                },
-                Object {
-                  "text": "20th",
-                  "value": "20",
-                },
-                Object {
-                  "text": "21st",
-                  "value": "21",
-                },
-                Object {
-                  "text": "22nd",
-                  "value": "22",
-                },
-                Object {
-                  "text": "23rd",
-                  "value": "23",
-                },
-                Object {
-                  "text": "24th",
-                  "value": "24",
-                },
-                Object {
-                  "text": "25th",
-                  "value": "25",
-                },
-                Object {
-                  "text": "26th",
-                  "value": "26",
-                },
-                Object {
-                  "text": "27th",
-                  "value": "27",
-                },
-                Object {
-                  "text": "28th",
-                  "value": "28",
-                },
-                Object {
-                  "text": "29th",
-                  "value": "29",
-                },
-                Object {
-                  "text": "30th",
-                  "value": "30",
-                },
-                Object {
-                  "text": "31st",
-                  "value": "31",
-                },
-              ]
-            }
-            prepend="On the"
-            value="*"
           >
-            <EuiFormControlLayout
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="On the"
+            <option
+              value="0"
             >
-              <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-              >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    On the
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyMonthlyDateSelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="*"
-                    >
-                      <option
-                        key="0"
-                        value="1"
-                      >
-                        1st
-                      </option>
-                      <option
-                        key="1"
-                        value="2"
-                      >
-                        2nd
-                      </option>
-                      <option
-                        key="2"
-                        value="3"
-                      >
-                        3rd
-                      </option>
-                      <option
-                        key="3"
-                        value="4"
-                      >
-                        4th
-                      </option>
-                      <option
-                        key="4"
-                        value="5"
-                      >
-                        5th
-                      </option>
-                      <option
-                        key="5"
-                        value="6"
-                      >
-                        6th
-                      </option>
-                      <option
-                        key="6"
-                        value="7"
-                      >
-                        7th
-                      </option>
-                      <option
-                        key="7"
-                        value="8"
-                      >
-                        8th
-                      </option>
-                      <option
-                        key="8"
-                        value="9"
-                      >
-                        9th
-                      </option>
-                      <option
-                        key="9"
-                        value="10"
-                      >
-                        10th
-                      </option>
-                      <option
-                        key="10"
-                        value="11"
-                      >
-                        11st
-                      </option>
-                      <option
-                        key="11"
-                        value="12"
-                      >
-                        12nd
-                      </option>
-                      <option
-                        key="12"
-                        value="13"
-                      >
-                        13rd
-                      </option>
-                      <option
-                        key="13"
-                        value="14"
-                      >
-                        14th
-                      </option>
-                      <option
-                        key="14"
-                        value="15"
-                      >
-                        15th
-                      </option>
-                      <option
-                        key="15"
-                        value="16"
-                      >
-                        16th
-                      </option>
-                      <option
-                        key="16"
-                        value="17"
-                      >
-                        17th
-                      </option>
-                      <option
-                        key="17"
-                        value="18"
-                      >
-                        18th
-                      </option>
-                      <option
-                        key="18"
-                        value="19"
-                      >
-                        19th
-                      </option>
-                      <option
-                        key="19"
-                        value="20"
-                      >
-                        20th
-                      </option>
-                      <option
-                        key="20"
-                        value="21"
-                      >
-                        21st
-                      </option>
-                      <option
-                        key="21"
-                        value="22"
-                      >
-                        22nd
-                      </option>
-                      <option
-                        key="22"
-                        value="23"
-                      >
-                        23rd
-                      </option>
-                      <option
-                        key="23"
-                        value="24"
-                      >
-                        24th
-                      </option>
-                      <option
-                        key="24"
-                        value="25"
-                      >
-                        25th
-                      </option>
-                      <option
-                        key="25"
-                        value="26"
-                      >
-                        26th
-                      </option>
-                      <option
-                        key="26"
-                        value="27"
-                      >
-                        27th
-                      </option>
-                      <option
-                        key="27"
-                        value="28"
-                      >
-                        28th
-                      </option>
-                      <option
-                        key="28"
-                        value="29"
-                      >
-                        29th
-                      </option>
-                      <option
-                        key="29"
-                        value="30"
-                      >
-                        30th
-                      </option>
-                      <option
-                        key="30"
-                        value="31"
-                      >
-                        31st
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
-              </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
-        </div>
-      </div>
-    </EuiFormRow>
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Time"
-          id="searchConnectors.cronEditor.cronMonthly.fieldTimeLabel"
-        />
-      }
-      labelType="label"
-    >
-      <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
-      >
-        <div
-          className="euiFormRow__labelWrapper"
-        >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
+              00
+            </option>
+            <option
+              value="1"
             >
-              <FormattedMessage
-                defaultMessage="Time"
-                id="searchConnectors.cronEditor.cronMonthly.fieldTimeLabel"
-              >
-                Time
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
-        <div
-          className="euiFormRow__fieldWrapper"
-        >
-          <EuiFlexGroup
-            gutterSize="xs"
-            id="generated-id"
-            onBlur={[Function]}
-            onFocus={[Function]}
-          >
-            <div
-              css="unknown styles"
-              id="generated-id"
-              onBlur={[Function]}
-              onFocus={[Function]}
-            >
-              <Insertion
-                cache={
-                  Object {
-                    "insert": [Function],
-                    "inserted": Object {
-                      "9sbomz-euiFlexItem-grow-1": true,
-                      "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                      "kpsrin-euiFlexItem-growZero": true,
-                    },
-                    "key": "css",
-                    "nonce": undefined,
-                    "registered": Object {},
-                    "sheet": StyleSheet {
-                      "_alreadyInsertedOrderInsensitiveRule": true,
-                      "_insertTag": [Function],
-                      "before": null,
-                      "container": <head>
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>
-                      </head>,
-                      "ctr": 4,
-                      "insertionPoint": undefined,
-                      "isSpeedy": false,
-                      "key": "css",
-                      "nonce": undefined,
-                      "prepend": undefined,
-                      "tags": Array [
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>,
-                      ],
-                    },
-                  }
-                }
-                isStringTag={true}
-                serialized={
-                  Object {
-                    "map": undefined,
-                    "name": "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row",
-                    "next": undefined,
-                    "styles": "display:flex;align-items:stretch;flex-grow:1;label:euiFlexGroup;;;@media only screen and (max-width: 767px){flex-wrap:wrap;&>.euiFlexItem{inline-size: 100%; flex-basis:100%;}};label:responsive;;;;gap:4px;;label:xs;;;justify-content:flex-start;label:flexStart;;;align-items:stretch;label:stretch;;;flex-direction:row;label:row;;;",
-                    "toString": [Function],
-                  }
-                }
-              />
-              <div
-                className="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
-                id="generated-id"
-                onBlur={[Function]}
-                onFocus={[Function]}
-              >
-                <EuiFlexItem
-                  grow={false}
-                >
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "kpsrin-euiFlexItem-growZero",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-grow:0;flex-basis:auto;label:growZero;;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-growZero"
-                    >
-                      <EuiSelect
-                        aria-label="Hour"
-                        data-test-subj="cronFrequencyMonthlyHourSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                          ]
-                        }
-                        prepend="At"
-                        value="*"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend="At"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                At
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Hour"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyMonthlyHourSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="*"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-                <EuiFlexItem>
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "9sbomz-euiFlexItem-grow-1",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-basis:0%;label:grow;;;flex-grow:1;label:1;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-grow-1"
-                    >
-                      <EuiSelect
-                        aria-label="Minute"
-                        data-test-subj="cronFrequencyMonthlyMinuteSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                            Object {
-                              "text": "24",
-                              "value": "24",
-                            },
-                            Object {
-                              "text": "25",
-                              "value": "25",
-                            },
-                            Object {
-                              "text": "26",
-                              "value": "26",
-                            },
-                            Object {
-                              "text": "27",
-                              "value": "27",
-                            },
-                            Object {
-                              "text": "28",
-                              "value": "28",
-                            },
-                            Object {
-                              "text": "29",
-                              "value": "29",
-                            },
-                            Object {
-                              "text": "30",
-                              "value": "30",
-                            },
-                            Object {
-                              "text": "31",
-                              "value": "31",
-                            },
-                            Object {
-                              "text": "32",
-                              "value": "32",
-                            },
-                            Object {
-                              "text": "33",
-                              "value": "33",
-                            },
-                            Object {
-                              "text": "34",
-                              "value": "34",
-                            },
-                            Object {
-                              "text": "35",
-                              "value": "35",
-                            },
-                            Object {
-                              "text": "36",
-                              "value": "36",
-                            },
-                            Object {
-                              "text": "37",
-                              "value": "37",
-                            },
-                            Object {
-                              "text": "38",
-                              "value": "38",
-                            },
-                            Object {
-                              "text": "39",
-                              "value": "39",
-                            },
-                            Object {
-                              "text": "40",
-                              "value": "40",
-                            },
-                            Object {
-                              "text": "41",
-                              "value": "41",
-                            },
-                            Object {
-                              "text": "42",
-                              "value": "42",
-                            },
-                            Object {
-                              "text": "43",
-                              "value": "43",
-                            },
-                            Object {
-                              "text": "44",
-                              "value": "44",
-                            },
-                            Object {
-                              "text": "45",
-                              "value": "45",
-                            },
-                            Object {
-                              "text": "46",
-                              "value": "46",
-                            },
-                            Object {
-                              "text": "47",
-                              "value": "47",
-                            },
-                            Object {
-                              "text": "48",
-                              "value": "48",
-                            },
-                            Object {
-                              "text": "49",
-                              "value": "49",
-                            },
-                            Object {
-                              "text": "50",
-                              "value": "50",
-                            },
-                            Object {
-                              "text": "51",
-                              "value": "51",
-                            },
-                            Object {
-                              "text": "52",
-                              "value": "52",
-                            },
-                            Object {
-                              "text": "53",
-                              "value": "53",
-                            },
-                            Object {
-                              "text": "54",
-                              "value": "54",
-                            },
-                            Object {
-                              "text": "55",
-                              "value": "55",
-                            },
-                            Object {
-                              "text": "56",
-                              "value": "56",
-                            },
-                            Object {
-                              "text": "57",
-                              "value": "57",
-                            },
-                            Object {
-                              "text": "58",
-                              "value": "58",
-                            },
-                            Object {
-                              "text": "59",
-                              "value": "59",
-                            },
-                          ]
-                        }
-                        prepend=":"
-                        value="10"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend=":"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                :
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Minute"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyMonthlyMinuteSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="10"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                  <option
-                                    key="24"
-                                    value="24"
-                                  >
-                                    24
-                                  </option>
-                                  <option
-                                    key="25"
-                                    value="25"
-                                  >
-                                    25
-                                  </option>
-                                  <option
-                                    key="26"
-                                    value="26"
-                                  >
-                                    26
-                                  </option>
-                                  <option
-                                    key="27"
-                                    value="27"
-                                  >
-                                    27
-                                  </option>
-                                  <option
-                                    key="28"
-                                    value="28"
-                                  >
-                                    28
-                                  </option>
-                                  <option
-                                    key="29"
-                                    value="29"
-                                  >
-                                    29
-                                  </option>
-                                  <option
-                                    key="30"
-                                    value="30"
-                                  >
-                                    30
-                                  </option>
-                                  <option
-                                    key="31"
-                                    value="31"
-                                  >
-                                    31
-                                  </option>
-                                  <option
-                                    key="32"
-                                    value="32"
-                                  >
-                                    32
-                                  </option>
-                                  <option
-                                    key="33"
-                                    value="33"
-                                  >
-                                    33
-                                  </option>
-                                  <option
-                                    key="34"
-                                    value="34"
-                                  >
-                                    34
-                                  </option>
-                                  <option
-                                    key="35"
-                                    value="35"
-                                  >
-                                    35
-                                  </option>
-                                  <option
-                                    key="36"
-                                    value="36"
-                                  >
-                                    36
-                                  </option>
-                                  <option
-                                    key="37"
-                                    value="37"
-                                  >
-                                    37
-                                  </option>
-                                  <option
-                                    key="38"
-                                    value="38"
-                                  >
-                                    38
-                                  </option>
-                                  <option
-                                    key="39"
-                                    value="39"
-                                  >
-                                    39
-                                  </option>
-                                  <option
-                                    key="40"
-                                    value="40"
-                                  >
-                                    40
-                                  </option>
-                                  <option
-                                    key="41"
-                                    value="41"
-                                  >
-                                    41
-                                  </option>
-                                  <option
-                                    key="42"
-                                    value="42"
-                                  >
-                                    42
-                                  </option>
-                                  <option
-                                    key="43"
-                                    value="43"
-                                  >
-                                    43
-                                  </option>
-                                  <option
-                                    key="44"
-                                    value="44"
-                                  >
-                                    44
-                                  </option>
-                                  <option
-                                    key="45"
-                                    value="45"
-                                  >
-                                    45
-                                  </option>
-                                  <option
-                                    key="46"
-                                    value="46"
-                                  >
-                                    46
-                                  </option>
-                                  <option
-                                    key="47"
-                                    value="47"
-                                  >
-                                    47
-                                  </option>
-                                  <option
-                                    key="48"
-                                    value="48"
-                                  >
-                                    48
-                                  </option>
-                                  <option
-                                    key="49"
-                                    value="49"
-                                  >
-                                    49
-                                  </option>
-                                  <option
-                                    key="50"
-                                    value="50"
-                                  >
-                                    50
-                                  </option>
-                                  <option
-                                    key="51"
-                                    value="51"
-                                  >
-                                    51
-                                  </option>
-                                  <option
-                                    key="52"
-                                    value="52"
-                                  >
-                                    52
-                                  </option>
-                                  <option
-                                    key="53"
-                                    value="53"
-                                  >
-                                    53
-                                  </option>
-                                  <option
-                                    key="54"
-                                    value="54"
-                                  >
-                                    54
-                                  </option>
-                                  <option
-                                    key="55"
-                                    value="55"
-                                  >
-                                    55
-                                  </option>
-                                  <option
-                                    key="56"
-                                    value="56"
-                                  >
-                                    56
-                                  </option>
-                                  <option
-                                    key="57"
-                                    value="57"
-                                  >
-                                    57
-                                  </option>
-                                  <option
-                                    key="58"
-                                    value="58"
-                                  >
-                                    58
-                                  </option>
-                                  <option
-                                    key="59"
-                                    value="59"
-                                  >
-                                    59
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-              </div>
-            </div>
-          </EuiFlexGroup>
-        </div>
-      </div>
-    </EuiFormRow>
-  </CronMonthly>
-</CronEditor>
+              01
+            </option>
+            <option
+              value="2"
+            >
+              02
+            </option>
+            <option
+              value="3"
+            >
+              03
+            </option>
+            <option
+              value="4"
+            >
+              04
+            </option>
+            <option
+              value="5"
+            >
+              05
+            </option>
+            <option
+              value="6"
+            >
+              06
+            </option>
+            <option
+              value="7"
+            >
+              07
+            </option>
+            <option
+              value="8"
+            >
+              08
+            </option>
+            <option
+              value="9"
+            >
+              09
+            </option>
+            <option
+              value="10"
+            >
+              10
+            </option>
+            <option
+              value="11"
+            >
+              11
+            </option>
+            <option
+              value="12"
+            >
+              12
+            </option>
+            <option
+              value="13"
+            >
+              13
+            </option>
+            <option
+              value="14"
+            >
+              14
+            </option>
+            <option
+              value="15"
+            >
+              15
+            </option>
+            <option
+              value="16"
+            >
+              16
+            </option>
+            <option
+              value="17"
+            >
+              17
+            </option>
+            <option
+              value="18"
+            >
+              18
+            </option>
+            <option
+              value="19"
+            >
+              19
+            </option>
+            <option
+              value="20"
+            >
+              20
+            </option>
+            <option
+              value="21"
+            >
+              21
+            </option>
+            <option
+              value="22"
+            >
+              22
+            </option>
+            <option
+              value="23"
+            >
+              23
+            </option>
+            <option
+              value="24"
+            >
+              24
+            </option>
+            <option
+              value="25"
+            >
+              25
+            </option>
+            <option
+              value="26"
+            >
+              26
+            </option>
+            <option
+              value="27"
+            >
+              27
+            </option>
+            <option
+              value="28"
+            >
+              28
+            </option>
+            <option
+              value="29"
+            >
+              29
+            </option>
+            <option
+              value="30"
+            >
+              30
+            </option>
+            <option
+              value="31"
+            >
+              31
+            </option>
+            <option
+              value="32"
+            >
+              32
+            </option>
+            <option
+              value="33"
+            >
+              33
+            </option>
+            <option
+              value="34"
+            >
+              34
+            </option>
+            <option
+              value="35"
+            >
+              35
+            </option>
+            <option
+              value="36"
+            >
+              36
+            </option>
+            <option
+              value="37"
+            >
+              37
+            </option>
+            <option
+              value="38"
+            >
+              38
+            </option>
+            <option
+              value="39"
+            >
+              39
+            </option>
+            <option
+              value="40"
+            >
+              40
+            </option>
+            <option
+              value="41"
+            >
+              41
+            </option>
+            <option
+              value="42"
+            >
+              42
+            </option>
+            <option
+              value="43"
+            >
+              43
+            </option>
+            <option
+              value="44"
+            >
+              44
+            </option>
+            <option
+              value="45"
+            >
+              45
+            </option>
+            <option
+              value="46"
+            >
+              46
+            </option>
+            <option
+              value="47"
+            >
+              47
+            </option>
+            <option
+              value="48"
+            >
+              48
+            </option>
+            <option
+              value="49"
+            >
+              49
+            </option>
+            <option
+              value="50"
+            >
+              50
+            </option>
+            <option
+              value="51"
+            >
+              51
+            </option>
+            <option
+              value="52"
+            >
+              52
+            </option>
+            <option
+              value="53"
+            >
+              53
+            </option>
+            <option
+              value="54"
+            >
+              54
+            </option>
+            <option
+              value="55"
+            >
+              55
+            </option>
+            <option
+              value="56"
+            >
+              56
+            </option>
+            <option
+              value="57"
+            >
+              57
+            </option>
+            <option
+              value="58"
+            >
+              58
+            </option>
+            <option
+              value="59"
+            >
+              59
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+]
+`;
+
+exports[`CronEditor is rendered with a MINUTE frequency 1`] = `
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Frequency
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+      >
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          Every
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
+        >
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
+            id="generated-id"
+          >
+            <option
+              value="MINUTE"
+            >
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Minute
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+      >
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          Every
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
+        >
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyMinutelyMinuteSelect"
+            id="generated-id"
+          >
+            <option
+              value="0,5,10,15,20,25,30,35,40,45,50,55"
+            >
+              5
+            </option>
+            <option
+              value="0,10,20,30,40,50"
+            >
+              10
+            </option>
+            <option
+              value="0,15,30,45"
+            >
+              15
+            </option>
+            <option
+              value="0,30"
+            >
+              30
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+        <label
+          class="euiFormLabel euiFormControlLayout__append"
+          for="generated-id"
+        >
+          minutes
+        </label>
+      </div>
+    </div>
+  </div>,
+]
+`;
+
+exports[`CronEditor is rendered with a MONTH frequency 1`] = `
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Frequency
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+      >
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          Every
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
+        >
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
+            id="generated-id"
+          >
+            <option
+              value="MINUTE"
+            >
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Date
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+      >
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          On the
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
+        >
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyMonthlyDateSelect"
+            id="generated-id"
+          >
+            <option
+              value="1"
+            >
+              1st
+            </option>
+            <option
+              value="2"
+            >
+              2nd
+            </option>
+            <option
+              value="3"
+            >
+              3rd
+            </option>
+            <option
+              value="4"
+            >
+              4th
+            </option>
+            <option
+              value="5"
+            >
+              5th
+            </option>
+            <option
+              value="6"
+            >
+              6th
+            </option>
+            <option
+              value="7"
+            >
+              7th
+            </option>
+            <option
+              value="8"
+            >
+              8th
+            </option>
+            <option
+              value="9"
+            >
+              9th
+            </option>
+            <option
+              value="10"
+            >
+              10th
+            </option>
+            <option
+              value="11"
+            >
+              11st
+            </option>
+            <option
+              value="12"
+            >
+              12nd
+            </option>
+            <option
+              value="13"
+            >
+              13rd
+            </option>
+            <option
+              value="14"
+            >
+              14th
+            </option>
+            <option
+              value="15"
+            >
+              15th
+            </option>
+            <option
+              value="16"
+            >
+              16th
+            </option>
+            <option
+              value="17"
+            >
+              17th
+            </option>
+            <option
+              value="18"
+            >
+              18th
+            </option>
+            <option
+              value="19"
+            >
+              19th
+            </option>
+            <option
+              value="20"
+            >
+              20th
+            </option>
+            <option
+              value="21"
+            >
+              21st
+            </option>
+            <option
+              value="22"
+            >
+              22nd
+            </option>
+            <option
+              value="23"
+            >
+              23rd
+            </option>
+            <option
+              value="24"
+            >
+              24th
+            </option>
+            <option
+              value="25"
+            >
+              25th
+            </option>
+            <option
+              value="26"
+            >
+              26th
+            </option>
+            <option
+              value="27"
+            >
+              27th
+            </option>
+            <option
+              value="28"
+            >
+              28th
+            </option>
+            <option
+              value="29"
+            >
+              29th
+            </option>
+            <option
+              value="30"
+            >
+              30th
+            </option>
+            <option
+              value="31"
+            >
+              31st
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Time
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
+        id="generated-id"
+      >
+        <div
+          class="euiFlexItem emotion-euiFlexItem-growZero"
+        >
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+          >
+            <label
+              class="euiFormLabel euiFormControlLayout__prepend"
+            >
+              At
+            </label>
+            <div
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
+            >
+              <select
+                aria-label="Hour"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyMonthlyHourSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+              </select>
+              <div
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+              >
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div
+          class="euiFlexItem emotion-euiFlexItem-grow-1"
+        >
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+          >
+            <label
+              class="euiFormLabel euiFormControlLayout__prepend"
+            >
+              :
+            </label>
+            <div
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
+            >
+              <select
+                aria-label="Minute"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyMonthlyMinuteSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+                <option
+                  value="24"
+                >
+                  24
+                </option>
+                <option
+                  value="25"
+                >
+                  25
+                </option>
+                <option
+                  value="26"
+                >
+                  26
+                </option>
+                <option
+                  value="27"
+                >
+                  27
+                </option>
+                <option
+                  value="28"
+                >
+                  28
+                </option>
+                <option
+                  value="29"
+                >
+                  29
+                </option>
+                <option
+                  value="30"
+                >
+                  30
+                </option>
+                <option
+                  value="31"
+                >
+                  31
+                </option>
+                <option
+                  value="32"
+                >
+                  32
+                </option>
+                <option
+                  value="33"
+                >
+                  33
+                </option>
+                <option
+                  value="34"
+                >
+                  34
+                </option>
+                <option
+                  value="35"
+                >
+                  35
+                </option>
+                <option
+                  value="36"
+                >
+                  36
+                </option>
+                <option
+                  value="37"
+                >
+                  37
+                </option>
+                <option
+                  value="38"
+                >
+                  38
+                </option>
+                <option
+                  value="39"
+                >
+                  39
+                </option>
+                <option
+                  value="40"
+                >
+                  40
+                </option>
+                <option
+                  value="41"
+                >
+                  41
+                </option>
+                <option
+                  value="42"
+                >
+                  42
+                </option>
+                <option
+                  value="43"
+                >
+                  43
+                </option>
+                <option
+                  value="44"
+                >
+                  44
+                </option>
+                <option
+                  value="45"
+                >
+                  45
+                </option>
+                <option
+                  value="46"
+                >
+                  46
+                </option>
+                <option
+                  value="47"
+                >
+                  47
+                </option>
+                <option
+                  value="48"
+                >
+                  48
+                </option>
+                <option
+                  value="49"
+                >
+                  49
+                </option>
+                <option
+                  value="50"
+                >
+                  50
+                </option>
+                <option
+                  value="51"
+                >
+                  51
+                </option>
+                <option
+                  value="52"
+                >
+                  52
+                </option>
+                <option
+                  value="53"
+                >
+                  53
+                </option>
+                <option
+                  value="54"
+                >
+                  54
+                </option>
+                <option
+                  value="55"
+                >
+                  55
+                </option>
+                <option
+                  value="56"
+                >
+                  56
+                </option>
+                <option
+                  value="57"
+                >
+                  57
+                </option>
+                <option
+                  value="58"
+                >
+                  58
+                </option>
+                <option
+                  value="59"
+                >
+                  59
+                </option>
+              </select>
+              <div
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+              >
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+]
 `;
 
 exports[`CronEditor is rendered with a WEEK frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="WEEK"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Frequency
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
+      <div
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+      >
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          Every
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
+        >
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
+            id="generated-id"
+          >
+            <option
+              value="MINUTE"
+            >
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Day
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow__labelWrapper"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
+        >
+          On
+        </label>
+        <div
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyWeeklyDaySelect"
+            id="generated-id"
           >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
+            <option
+              value="1"
+            >
+              Sunday
+            </option>
+            <option
+              value="2"
+            >
+              Monday
+            </option>
+            <option
+              value="3"
+            >
+              Tuesday
+            </option>
+            <option
+              value="4"
+            >
+              Wednesday
+            </option>
+            <option
+              value="5"
+            >
+              Thursday
+            </option>
+            <option
+              value="6"
+            >
+              Friday
+            </option>
+            <option
+              value="7"
+            >
+              Saturday
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
+        </div>
       </div>
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Time
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
+    >
       <div
-        className="euiFormRow__fieldWrapper"
+        class="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
+        id="generated-id"
       >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="WEEK"
+        <div
+          class="euiFlexItem emotion-euiFlexItem-growZero"
+        >
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+          >
+            <label
+              class="euiFormLabel euiFormControlLayout__prepend"
+            >
+              At
+            </label>
+            <div
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
+            >
+              <select
+                aria-label="Hour"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyWeeklyHourSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+              </select>
+              <div
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+              >
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div
+          class="euiFlexItem emotion-euiFlexItem-grow-1"
         >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
           >
+            <label
+              class="euiFormLabel euiFormControlLayout__prepend"
+            >
+              :
+            </label>
             <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
+              <select
+                aria-label="Minute"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyWeeklyMinuteSelect"
               >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+                <option
+                  value="24"
+                >
+                  24
+                </option>
+                <option
+                  value="25"
+                >
+                  25
+                </option>
+                <option
+                  value="26"
+                >
+                  26
+                </option>
+                <option
+                  value="27"
+                >
+                  27
+                </option>
+                <option
+                  value="28"
+                >
+                  28
+                </option>
+                <option
+                  value="29"
+                >
+                  29
+                </option>
+                <option
+                  value="30"
+                >
+                  30
+                </option>
+                <option
+                  value="31"
+                >
+                  31
+                </option>
+                <option
+                  value="32"
+                >
+                  32
+                </option>
+                <option
+                  value="33"
+                >
+                  33
+                </option>
+                <option
+                  value="34"
+                >
+                  34
+                </option>
+                <option
+                  value="35"
+                >
+                  35
+                </option>
+                <option
+                  value="36"
+                >
+                  36
+                </option>
+                <option
+                  value="37"
+                >
+                  37
+                </option>
+                <option
+                  value="38"
+                >
+                  38
+                </option>
+                <option
+                  value="39"
+                >
+                  39
+                </option>
+                <option
+                  value="40"
+                >
+                  40
+                </option>
+                <option
+                  value="41"
+                >
+                  41
+                </option>
+                <option
+                  value="42"
+                >
+                  42
+                </option>
+                <option
+                  value="43"
+                >
+                  43
+                </option>
+                <option
+                  value="44"
+                >
+                  44
+                </option>
+                <option
+                  value="45"
+                >
+                  45
+                </option>
+                <option
+                  value="46"
+                >
+                  46
+                </option>
+                <option
+                  value="47"
+                >
+                  47
+                </option>
+                <option
+                  value="48"
+                >
+                  48
+                </option>
+                <option
+                  value="49"
+                >
+                  49
+                </option>
+                <option
+                  value="50"
+                >
+                  50
+                </option>
+                <option
+                  value="51"
                 >
-                  Every
-                </label>
-              </EuiFormLabel>
+                  51
+                </option>
+                <option
+                  value="52"
+                >
+                  52
+                </option>
+                <option
+                  value="53"
+                >
+                  53
+                </option>
+                <option
+                  value="54"
+                >
+                  54
+                </option>
+                <option
+                  value="55"
+                >
+                  55
+                </option>
+                <option
+                  value="56"
+                >
+                  56
+                </option>
+                <option
+                  value="57"
+                >
+                  57
+                </option>
+                <option
+                  value="58"
+                >
+                  58
+                </option>
+                <option
+                  value="59"
+                >
+                  59
+                </option>
+              </select>
               <div
-                className="euiFormControlLayout__childrenWrapper"
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
               >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="WEEK"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
               </div>
             </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
+          </div>
+        </div>
       </div>
     </div>
-  </EuiFormRow>
-  <CronWeekly
-    day="?"
-    dayOptions={
-      Array [
-        Object {
-          "text": "Sunday",
-          "value": "1",
-        },
-        Object {
-          "text": "Monday",
-          "value": "2",
-        },
-        Object {
-          "text": "Tuesday",
-          "value": "3",
-        },
-        Object {
-          "text": "Wednesday",
-          "value": "4",
-        },
-        Object {
-          "text": "Thursday",
-          "value": "5",
-        },
-        Object {
-          "text": "Friday",
-          "value": "6",
-        },
-        Object {
-          "text": "Saturday",
-          "value": "7",
-        },
-      ]
-    }
-    hour="*"
-    hourOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-      ]
-    }
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-        Object {
-          "text": "24",
-          "value": "24",
-        },
-        Object {
-          "text": "25",
-          "value": "25",
-        },
-        Object {
-          "text": "26",
-          "value": "26",
-        },
-        Object {
-          "text": "27",
-          "value": "27",
-        },
-        Object {
-          "text": "28",
-          "value": "28",
-        },
-        Object {
-          "text": "29",
-          "value": "29",
-        },
-        Object {
-          "text": "30",
-          "value": "30",
-        },
-        Object {
-          "text": "31",
-          "value": "31",
-        },
-        Object {
-          "text": "32",
-          "value": "32",
-        },
-        Object {
-          "text": "33",
-          "value": "33",
-        },
-        Object {
-          "text": "34",
-          "value": "34",
-        },
-        Object {
-          "text": "35",
-          "value": "35",
-        },
-        Object {
-          "text": "36",
-          "value": "36",
-        },
-        Object {
-          "text": "37",
-          "value": "37",
-        },
-        Object {
-          "text": "38",
-          "value": "38",
-        },
-        Object {
-          "text": "39",
-          "value": "39",
-        },
-        Object {
-          "text": "40",
-          "value": "40",
-        },
-        Object {
-          "text": "41",
-          "value": "41",
-        },
-        Object {
-          "text": "42",
-          "value": "42",
-        },
-        Object {
-          "text": "43",
-          "value": "43",
-        },
-        Object {
-          "text": "44",
-          "value": "44",
-        },
-        Object {
-          "text": "45",
-          "value": "45",
-        },
-        Object {
-          "text": "46",
-          "value": "46",
-        },
-        Object {
-          "text": "47",
-          "value": "47",
-        },
-        Object {
-          "text": "48",
-          "value": "48",
-        },
-        Object {
-          "text": "49",
-          "value": "49",
-        },
-        Object {
-          "text": "50",
-          "value": "50",
-        },
-        Object {
-          "text": "51",
-          "value": "51",
-        },
-        Object {
-          "text": "52",
-          "value": "52",
-        },
-        Object {
-          "text": "53",
-          "value": "53",
-        },
-        Object {
-          "text": "54",
-          "value": "54",
-        },
-        Object {
-          "text": "55",
-          "value": "55",
-        },
-        Object {
-          "text": "56",
-          "value": "56",
-        },
-        Object {
-          "text": "57",
-          "value": "57",
-        },
-        Object {
-          "text": "58",
-          "value": "58",
-        },
-        Object {
-          "text": "59",
-          "value": "59",
-        },
-      ]
-    }
-    onChange={[Function]}
+  </div>,
+]
+`;
+
+exports[`CronEditor is rendered with a YEAR frequency 1`] = `
+Array [
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    id="generated-id-row"
   >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Day"
-          id="searchConnectors.cronEditor.cronWeekly.fieldDateLabel"
-        />
-      }
-      labelType="label"
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Frequency
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Day"
-                id="searchConnectors.cronEditor.cronWeekly.fieldDateLabel"
-              >
-                Day
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          Every
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiSelect
-            data-test-subj="cronFrequencyWeeklyDaySelect"
-            fullWidth={true}
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencySelect"
             id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "Sunday",
-                  "value": "1",
-                },
-                Object {
-                  "text": "Monday",
-                  "value": "2",
-                },
-                Object {
-                  "text": "Tuesday",
-                  "value": "3",
-                },
-                Object {
-                  "text": "Wednesday",
-                  "value": "4",
-                },
-                Object {
-                  "text": "Thursday",
-                  "value": "5",
-                },
-                Object {
-                  "text": "Friday",
-                  "value": "6",
-                },
-                Object {
-                  "text": "Saturday",
-                  "value": "7",
-                },
-              ]
-            }
-            prepend="On"
-            value="?"
           >
-            <EuiFormControlLayout
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="On"
+            <option
+              value="MINUTE"
             >
-              <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-              >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    On
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyWeeklyDaySelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="?"
-                    >
-                      <option
-                        key="0"
-                        value="1"
-                      >
-                        Sunday
-                      </option>
-                      <option
-                        key="1"
-                        value="2"
-                      >
-                        Monday
-                      </option>
-                      <option
-                        key="2"
-                        value="3"
-                      >
-                        Tuesday
-                      </option>
-                      <option
-                        key="3"
-                        value="4"
-                      >
-                        Wednesday
-                      </option>
-                      <option
-                        key="4"
-                        value="5"
-                      >
-                        Thursday
-                      </option>
-                      <option
-                        key="5"
-                        value="6"
-                      >
-                        Friday
-                      </option>
-                      <option
-                        key="6"
-                        value="7"
-                      >
-                        Saturday
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
-              </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
+              minute
+            </option>
+            <option
+              value="HOUR"
+            >
+              hour
+            </option>
+            <option
+              value="DAY"
+            >
+              day
+            </option>
+            <option
+              value="WEEK"
+            >
+              week
+            </option>
+            <option
+              value="MONTH"
+            >
+              month
+            </option>
+            <option
+              value="YEAR"
+            >
+              year
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Time"
-          id="searchConnectors.cronEditor.cronWeekly.fieldTimeLabel"
-        />
-      }
-      labelType="label"
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Month
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Time"
-                id="searchConnectors.cronEditor.cronWeekly.fieldTimeLabel"
-              >
-                Time
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          In
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiFlexGroup
-            gutterSize="xs"
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyYearlyMonthSelect"
             id="generated-id"
-            onBlur={[Function]}
-            onFocus={[Function]}
           >
-            <div
-              css="unknown styles"
-              id="generated-id"
-              onBlur={[Function]}
-              onFocus={[Function]}
-            >
-              <Insertion
-                cache={
-                  Object {
-                    "insert": [Function],
-                    "inserted": Object {
-                      "9sbomz-euiFlexItem-grow-1": true,
-                      "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                      "kpsrin-euiFlexItem-growZero": true,
-                    },
-                    "key": "css",
-                    "nonce": undefined,
-                    "registered": Object {},
-                    "sheet": StyleSheet {
-                      "_alreadyInsertedOrderInsensitiveRule": true,
-                      "_insertTag": [Function],
-                      "before": null,
-                      "container": <head>
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>
-                      </head>,
-                      "ctr": 4,
-                      "insertionPoint": undefined,
-                      "isSpeedy": false,
-                      "key": "css",
-                      "nonce": undefined,
-                      "prepend": undefined,
-                      "tags": Array [
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>,
-                      ],
-                    },
-                  }
-                }
-                isStringTag={true}
-                serialized={
-                  Object {
-                    "map": undefined,
-                    "name": "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row",
-                    "next": undefined,
-                    "styles": "display:flex;align-items:stretch;flex-grow:1;label:euiFlexGroup;;;@media only screen and (max-width: 767px){flex-wrap:wrap;&>.euiFlexItem{inline-size: 100%; flex-basis:100%;}};label:responsive;;;;gap:4px;;label:xs;;;justify-content:flex-start;label:flexStart;;;align-items:stretch;label:stretch;;;flex-direction:row;label:row;;;",
-                    "toString": [Function],
-                  }
-                }
+            <option
+              value="1"
+            >
+              January
+            </option>
+            <option
+              value="2"
+            >
+              February
+            </option>
+            <option
+              value="3"
+            >
+              March
+            </option>
+            <option
+              value="4"
+            >
+              April
+            </option>
+            <option
+              value="5"
+            >
+              May
+            </option>
+            <option
+              value="6"
+            >
+              June
+            </option>
+            <option
+              value="7"
+            >
+              July
+            </option>
+            <option
+              value="8"
+            >
+              August
+            </option>
+            <option
+              value="9"
+            >
+              September
+            </option>
+            <option
+              value="10"
+            >
+              October
+            </option>
+            <option
+              value="11"
+            >
+              November
+            </option>
+            <option
+              value="12"
+            >
+              December
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
               />
-              <div
-                className="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
-                id="generated-id"
-                onBlur={[Function]}
-                onFocus={[Function]}
-              >
-                <EuiFlexItem
-                  grow={false}
-                >
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "kpsrin-euiFlexItem-growZero",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-grow:0;flex-basis:auto;label:growZero;;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-growZero"
-                    >
-                      <EuiSelect
-                        aria-label="Hour"
-                        data-test-subj="cronFrequencyWeeklyHourSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                          ]
-                        }
-                        prepend="At"
-                        value="*"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend="At"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                At
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Hour"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyWeeklyHourSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="*"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-                <EuiFlexItem>
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "9sbomz-euiFlexItem-grow-1",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-basis:0%;label:grow;;;flex-grow:1;label:1;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-grow-1"
-                    >
-                      <EuiSelect
-                        aria-label="Minute"
-                        data-test-subj="cronFrequencyWeeklyMinuteSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                            Object {
-                              "text": "24",
-                              "value": "24",
-                            },
-                            Object {
-                              "text": "25",
-                              "value": "25",
-                            },
-                            Object {
-                              "text": "26",
-                              "value": "26",
-                            },
-                            Object {
-                              "text": "27",
-                              "value": "27",
-                            },
-                            Object {
-                              "text": "28",
-                              "value": "28",
-                            },
-                            Object {
-                              "text": "29",
-                              "value": "29",
-                            },
-                            Object {
-                              "text": "30",
-                              "value": "30",
-                            },
-                            Object {
-                              "text": "31",
-                              "value": "31",
-                            },
-                            Object {
-                              "text": "32",
-                              "value": "32",
-                            },
-                            Object {
-                              "text": "33",
-                              "value": "33",
-                            },
-                            Object {
-                              "text": "34",
-                              "value": "34",
-                            },
-                            Object {
-                              "text": "35",
-                              "value": "35",
-                            },
-                            Object {
-                              "text": "36",
-                              "value": "36",
-                            },
-                            Object {
-                              "text": "37",
-                              "value": "37",
-                            },
-                            Object {
-                              "text": "38",
-                              "value": "38",
-                            },
-                            Object {
-                              "text": "39",
-                              "value": "39",
-                            },
-                            Object {
-                              "text": "40",
-                              "value": "40",
-                            },
-                            Object {
-                              "text": "41",
-                              "value": "41",
-                            },
-                            Object {
-                              "text": "42",
-                              "value": "42",
-                            },
-                            Object {
-                              "text": "43",
-                              "value": "43",
-                            },
-                            Object {
-                              "text": "44",
-                              "value": "44",
-                            },
-                            Object {
-                              "text": "45",
-                              "value": "45",
-                            },
-                            Object {
-                              "text": "46",
-                              "value": "46",
-                            },
-                            Object {
-                              "text": "47",
-                              "value": "47",
-                            },
-                            Object {
-                              "text": "48",
-                              "value": "48",
-                            },
-                            Object {
-                              "text": "49",
-                              "value": "49",
-                            },
-                            Object {
-                              "text": "50",
-                              "value": "50",
-                            },
-                            Object {
-                              "text": "51",
-                              "value": "51",
-                            },
-                            Object {
-                              "text": "52",
-                              "value": "52",
-                            },
-                            Object {
-                              "text": "53",
-                              "value": "53",
-                            },
-                            Object {
-                              "text": "54",
-                              "value": "54",
-                            },
-                            Object {
-                              "text": "55",
-                              "value": "55",
-                            },
-                            Object {
-                              "text": "56",
-                              "value": "56",
-                            },
-                            Object {
-                              "text": "57",
-                              "value": "57",
-                            },
-                            Object {
-                              "text": "58",
-                              "value": "58",
-                            },
-                            Object {
-                              "text": "59",
-                              "value": "59",
-                            },
-                          ]
-                        }
-                        prepend=":"
-                        value="10"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend=":"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                :
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Minute"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyWeeklyMinuteSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="10"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                  <option
-                                    key="24"
-                                    value="24"
-                                  >
-                                    24
-                                  </option>
-                                  <option
-                                    key="25"
-                                    value="25"
-                                  >
-                                    25
-                                  </option>
-                                  <option
-                                    key="26"
-                                    value="26"
-                                  >
-                                    26
-                                  </option>
-                                  <option
-                                    key="27"
-                                    value="27"
-                                  >
-                                    27
-                                  </option>
-                                  <option
-                                    key="28"
-                                    value="28"
-                                  >
-                                    28
-                                  </option>
-                                  <option
-                                    key="29"
-                                    value="29"
-                                  >
-                                    29
-                                  </option>
-                                  <option
-                                    key="30"
-                                    value="30"
-                                  >
-                                    30
-                                  </option>
-                                  <option
-                                    key="31"
-                                    value="31"
-                                  >
-                                    31
-                                  </option>
-                                  <option
-                                    key="32"
-                                    value="32"
-                                  >
-                                    32
-                                  </option>
-                                  <option
-                                    key="33"
-                                    value="33"
-                                  >
-                                    33
-                                  </option>
-                                  <option
-                                    key="34"
-                                    value="34"
-                                  >
-                                    34
-                                  </option>
-                                  <option
-                                    key="35"
-                                    value="35"
-                                  >
-                                    35
-                                  </option>
-                                  <option
-                                    key="36"
-                                    value="36"
-                                  >
-                                    36
-                                  </option>
-                                  <option
-                                    key="37"
-                                    value="37"
-                                  >
-                                    37
-                                  </option>
-                                  <option
-                                    key="38"
-                                    value="38"
-                                  >
-                                    38
-                                  </option>
-                                  <option
-                                    key="39"
-                                    value="39"
-                                  >
-                                    39
-                                  </option>
-                                  <option
-                                    key="40"
-                                    value="40"
-                                  >
-                                    40
-                                  </option>
-                                  <option
-                                    key="41"
-                                    value="41"
-                                  >
-                                    41
-                                  </option>
-                                  <option
-                                    key="42"
-                                    value="42"
-                                  >
-                                    42
-                                  </option>
-                                  <option
-                                    key="43"
-                                    value="43"
-                                  >
-                                    43
-                                  </option>
-                                  <option
-                                    key="44"
-                                    value="44"
-                                  >
-                                    44
-                                  </option>
-                                  <option
-                                    key="45"
-                                    value="45"
-                                  >
-                                    45
-                                  </option>
-                                  <option
-                                    key="46"
-                                    value="46"
-                                  >
-                                    46
-                                  </option>
-                                  <option
-                                    key="47"
-                                    value="47"
-                                  >
-                                    47
-                                  </option>
-                                  <option
-                                    key="48"
-                                    value="48"
-                                  >
-                                    48
-                                  </option>
-                                  <option
-                                    key="49"
-                                    value="49"
-                                  >
-                                    49
-                                  </option>
-                                  <option
-                                    key="50"
-                                    value="50"
-                                  >
-                                    50
-                                  </option>
-                                  <option
-                                    key="51"
-                                    value="51"
-                                  >
-                                    51
-                                  </option>
-                                  <option
-                                    key="52"
-                                    value="52"
-                                  >
-                                    52
-                                  </option>
-                                  <option
-                                    key="53"
-                                    value="53"
-                                  >
-                                    53
-                                  </option>
-                                  <option
-                                    key="54"
-                                    value="54"
-                                  >
-                                    54
-                                  </option>
-                                  <option
-                                    key="55"
-                                    value="55"
-                                  >
-                                    55
-                                  </option>
-                                  <option
-                                    key="56"
-                                    value="56"
-                                  >
-                                    56
-                                  </option>
-                                  <option
-                                    key="57"
-                                    value="57"
-                                  >
-                                    57
-                                  </option>
-                                  <option
-                                    key="58"
-                                    value="58"
-                                  >
-                                    58
-                                  </option>
-                                  <option
-                                    key="59"
-                                    value="59"
-                                  >
-                                    59
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-              </div>
-            </div>
-          </EuiFlexGroup>
+            </span>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-  </CronWeekly>
-</CronEditor>
-`;
-
-exports[`CronEditor is rendered with a YEAR frequency 1`] = `
-<CronEditor
-  cronExpression="0 10 * * * ?"
-  fieldToPreferredValueMap={Object {}}
-  frequency="YEAR"
-  onChange={[Function]}
->
-  <EuiFormRow
-    describedByIds={Array []}
-    display="row"
-    fullWidth={true}
-    hasChildLabel={true}
-    hasEmptyLabelSpace={false}
-    label={
-      <Memo(MemoizedFormattedMessage)
-        defaultMessage="Frequency"
-        id="searchConnectors.cronEditor.fieldFrequencyLabel"
-      />
-    }
-    labelType="label"
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
   >
     <div
-      className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-      id="generated-id-row"
+      class="euiFormRow__labelWrapper"
     >
-      <div
-        className="euiFormRow__labelWrapper"
-      >
-        <EuiFormLabel
-          className="euiFormRow__label"
-          htmlFor="generated-id"
-          id="generated-id-label"
-          isFocused={false}
-          type="label"
-        >
-          <label
-            className="euiFormLabel euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-          >
-            <FormattedMessage
-              defaultMessage="Frequency"
-              id="searchConnectors.cronEditor.fieldFrequencyLabel"
-            >
-              Frequency
-            </FormattedMessage>
-          </label>
-        </EuiFormLabel>
-      </div>
-      <div
-        className="euiFormRow__fieldWrapper"
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
       >
-        <EuiSelect
-          data-test-subj="cronFrequencySelect"
-          fullWidth={true}
-          id="generated-id"
-          onBlur={[Function]}
-          onChange={[Function]}
-          onFocus={[Function]}
-          options={
-            Array [
-              Object {
-                "text": "minute",
-                "value": "MINUTE",
-              },
-              Object {
-                "text": "hour",
-                "value": "HOUR",
-              },
-              Object {
-                "text": "day",
-                "value": "DAY",
-              },
-              Object {
-                "text": "week",
-                "value": "WEEK",
-              },
-              Object {
-                "text": "month",
-                "value": "MONTH",
-              },
-              Object {
-                "text": "year",
-                "value": "YEAR",
-              },
-            ]
-          }
-          prepend="Every"
-          value="YEAR"
-        >
-          <EuiFormControlLayout
-            compressed={false}
-            fullWidth={true}
-            inputId="generated-id"
-            isDropdown={true}
-            isLoading={false}
-            prepend="Every"
-          >
-            <div
-              className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-            >
-              <EuiFormLabel
-                className="euiFormControlLayout__prepend"
-                htmlFor="generated-id"
-              >
-                <label
-                  className="euiFormLabel euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  Every
-                </label>
-              </EuiFormLabel>
-              <div
-                className="euiFormControlLayout__childrenWrapper"
-              >
-                <EuiValidatableControl>
-                  <select
-                    className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                    data-test-subj="cronFrequencySelect"
-                    id="generated-id"
-                    onBlur={[Function]}
-                    onChange={[Function]}
-                    onFocus={[Function]}
-                    onMouseUp={[Function]}
-                    value="YEAR"
-                  >
-                    <option
-                      key="0"
-                      value="MINUTE"
-                    >
-                      minute
-                    </option>
-                    <option
-                      key="1"
-                      value="HOUR"
-                    >
-                      hour
-                    </option>
-                    <option
-                      key="2"
-                      value="DAY"
-                    >
-                      day
-                    </option>
-                    <option
-                      key="3"
-                      value="WEEK"
-                    >
-                      week
-                    </option>
-                    <option
-                      key="4"
-                      value="MONTH"
-                    >
-                      month
-                    </option>
-                    <option
-                      key="5"
-                      value="YEAR"
-                    >
-                      year
-                    </option>
-                  </select>
-                </EuiValidatableControl>
-                <EuiFormControlLayoutIcons
-                  compressed={false}
-                  isDropdown={true}
-                  isLoading={false}
-                  side="right"
-                >
-                  <div
-                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                  >
-                    <EuiFormControlLayoutCustomIcon
-                      size="m"
-                      type="arrowDown"
-                    >
-                      <span
-                        className="euiFormControlLayoutCustomIcon"
-                      >
-                        <EuiIcon
-                          aria-hidden="true"
-                          className="euiFormControlLayoutCustomIcon__icon"
-                          size="m"
-                          type="arrowDown"
-                        >
-                          <span
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            data-euiicon-type="arrowDown"
-                            size="m"
-                          />
-                        </EuiIcon>
-                      </span>
-                    </EuiFormControlLayoutCustomIcon>
-                  </div>
-                </EuiFormControlLayoutIcons>
-              </div>
-            </div>
-          </EuiFormControlLayout>
-        </EuiSelect>
-      </div>
+        Date
+      </label>
     </div>
-  </EuiFormRow>
-  <CronYearly
-    date="*"
-    dateOptions={
-      Array [
-        Object {
-          "text": "1st",
-          "value": "1",
-        },
-        Object {
-          "text": "2nd",
-          "value": "2",
-        },
-        Object {
-          "text": "3rd",
-          "value": "3",
-        },
-        Object {
-          "text": "4th",
-          "value": "4",
-        },
-        Object {
-          "text": "5th",
-          "value": "5",
-        },
-        Object {
-          "text": "6th",
-          "value": "6",
-        },
-        Object {
-          "text": "7th",
-          "value": "7",
-        },
-        Object {
-          "text": "8th",
-          "value": "8",
-        },
-        Object {
-          "text": "9th",
-          "value": "9",
-        },
-        Object {
-          "text": "10th",
-          "value": "10",
-        },
-        Object {
-          "text": "11st",
-          "value": "11",
-        },
-        Object {
-          "text": "12nd",
-          "value": "12",
-        },
-        Object {
-          "text": "13rd",
-          "value": "13",
-        },
-        Object {
-          "text": "14th",
-          "value": "14",
-        },
-        Object {
-          "text": "15th",
-          "value": "15",
-        },
-        Object {
-          "text": "16th",
-          "value": "16",
-        },
-        Object {
-          "text": "17th",
-          "value": "17",
-        },
-        Object {
-          "text": "18th",
-          "value": "18",
-        },
-        Object {
-          "text": "19th",
-          "value": "19",
-        },
-        Object {
-          "text": "20th",
-          "value": "20",
-        },
-        Object {
-          "text": "21st",
-          "value": "21",
-        },
-        Object {
-          "text": "22nd",
-          "value": "22",
-        },
-        Object {
-          "text": "23rd",
-          "value": "23",
-        },
-        Object {
-          "text": "24th",
-          "value": "24",
-        },
-        Object {
-          "text": "25th",
-          "value": "25",
-        },
-        Object {
-          "text": "26th",
-          "value": "26",
-        },
-        Object {
-          "text": "27th",
-          "value": "27",
-        },
-        Object {
-          "text": "28th",
-          "value": "28",
-        },
-        Object {
-          "text": "29th",
-          "value": "29",
-        },
-        Object {
-          "text": "30th",
-          "value": "30",
-        },
-        Object {
-          "text": "31st",
-          "value": "31",
-        },
-      ]
-    }
-    hour="*"
-    hourOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-      ]
-    }
-    minute="10"
-    minuteOptions={
-      Array [
-        Object {
-          "text": "00",
-          "value": "0",
-        },
-        Object {
-          "text": "01",
-          "value": "1",
-        },
-        Object {
-          "text": "02",
-          "value": "2",
-        },
-        Object {
-          "text": "03",
-          "value": "3",
-        },
-        Object {
-          "text": "04",
-          "value": "4",
-        },
-        Object {
-          "text": "05",
-          "value": "5",
-        },
-        Object {
-          "text": "06",
-          "value": "6",
-        },
-        Object {
-          "text": "07",
-          "value": "7",
-        },
-        Object {
-          "text": "08",
-          "value": "8",
-        },
-        Object {
-          "text": "09",
-          "value": "9",
-        },
-        Object {
-          "text": "10",
-          "value": "10",
-        },
-        Object {
-          "text": "11",
-          "value": "11",
-        },
-        Object {
-          "text": "12",
-          "value": "12",
-        },
-        Object {
-          "text": "13",
-          "value": "13",
-        },
-        Object {
-          "text": "14",
-          "value": "14",
-        },
-        Object {
-          "text": "15",
-          "value": "15",
-        },
-        Object {
-          "text": "16",
-          "value": "16",
-        },
-        Object {
-          "text": "17",
-          "value": "17",
-        },
-        Object {
-          "text": "18",
-          "value": "18",
-        },
-        Object {
-          "text": "19",
-          "value": "19",
-        },
-        Object {
-          "text": "20",
-          "value": "20",
-        },
-        Object {
-          "text": "21",
-          "value": "21",
-        },
-        Object {
-          "text": "22",
-          "value": "22",
-        },
-        Object {
-          "text": "23",
-          "value": "23",
-        },
-        Object {
-          "text": "24",
-          "value": "24",
-        },
-        Object {
-          "text": "25",
-          "value": "25",
-        },
-        Object {
-          "text": "26",
-          "value": "26",
-        },
-        Object {
-          "text": "27",
-          "value": "27",
-        },
-        Object {
-          "text": "28",
-          "value": "28",
-        },
-        Object {
-          "text": "29",
-          "value": "29",
-        },
-        Object {
-          "text": "30",
-          "value": "30",
-        },
-        Object {
-          "text": "31",
-          "value": "31",
-        },
-        Object {
-          "text": "32",
-          "value": "32",
-        },
-        Object {
-          "text": "33",
-          "value": "33",
-        },
-        Object {
-          "text": "34",
-          "value": "34",
-        },
-        Object {
-          "text": "35",
-          "value": "35",
-        },
-        Object {
-          "text": "36",
-          "value": "36",
-        },
-        Object {
-          "text": "37",
-          "value": "37",
-        },
-        Object {
-          "text": "38",
-          "value": "38",
-        },
-        Object {
-          "text": "39",
-          "value": "39",
-        },
-        Object {
-          "text": "40",
-          "value": "40",
-        },
-        Object {
-          "text": "41",
-          "value": "41",
-        },
-        Object {
-          "text": "42",
-          "value": "42",
-        },
-        Object {
-          "text": "43",
-          "value": "43",
-        },
-        Object {
-          "text": "44",
-          "value": "44",
-        },
-        Object {
-          "text": "45",
-          "value": "45",
-        },
-        Object {
-          "text": "46",
-          "value": "46",
-        },
-        Object {
-          "text": "47",
-          "value": "47",
-        },
-        Object {
-          "text": "48",
-          "value": "48",
-        },
-        Object {
-          "text": "49",
-          "value": "49",
-        },
-        Object {
-          "text": "50",
-          "value": "50",
-        },
-        Object {
-          "text": "51",
-          "value": "51",
-        },
-        Object {
-          "text": "52",
-          "value": "52",
-        },
-        Object {
-          "text": "53",
-          "value": "53",
-        },
-        Object {
-          "text": "54",
-          "value": "54",
-        },
-        Object {
-          "text": "55",
-          "value": "55",
-        },
-        Object {
-          "text": "56",
-          "value": "56",
-        },
-        Object {
-          "text": "57",
-          "value": "57",
-        },
-        Object {
-          "text": "58",
-          "value": "58",
-        },
-        Object {
-          "text": "59",
-          "value": "59",
-        },
-      ]
-    }
-    month="*"
-    monthOptions={
-      Array [
-        Object {
-          "text": "January",
-          "value": "1",
-        },
-        Object {
-          "text": "February",
-          "value": "2",
-        },
-        Object {
-          "text": "March",
-          "value": "3",
-        },
-        Object {
-          "text": "April",
-          "value": "4",
-        },
-        Object {
-          "text": "May",
-          "value": "5",
-        },
-        Object {
-          "text": "June",
-          "value": "6",
-        },
-        Object {
-          "text": "July",
-          "value": "7",
-        },
-        Object {
-          "text": "August",
-          "value": "8",
-        },
-        Object {
-          "text": "September",
-          "value": "9",
-        },
-        Object {
-          "text": "October",
-          "value": "10",
-        },
-        Object {
-          "text": "November",
-          "value": "11",
-        },
-        Object {
-          "text": "December",
-          "value": "12",
-        },
-      ]
-    }
-    onChange={[Function]}
-  >
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Month"
-          id="searchConnectors.cronEditor.cronYearly.fieldMonthLabel"
-        />
-      }
-      labelType="label"
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
       >
-        <div
-          className="euiFormRow__labelWrapper"
+        <label
+          class="euiFormLabel euiFormControlLayout__prepend"
+          for="generated-id"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
-          >
-            <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
-            >
-              <FormattedMessage
-                defaultMessage="Month"
-                id="searchConnectors.cronEditor.cronYearly.fieldMonthLabel"
-              >
-                Month
-              </FormattedMessage>
-            </label>
-          </EuiFormLabel>
-        </div>
+          On the
+        </label>
         <div
-          className="euiFormRow__fieldWrapper"
+          class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
-          <EuiSelect
-            data-test-subj="cronFrequencyYearlyMonthSelect"
-            fullWidth={true}
+          <select
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+            data-test-subj="cronFrequencyYearlyDateSelect"
             id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "January",
-                  "value": "1",
-                },
-                Object {
-                  "text": "February",
-                  "value": "2",
-                },
-                Object {
-                  "text": "March",
-                  "value": "3",
-                },
-                Object {
-                  "text": "April",
-                  "value": "4",
-                },
-                Object {
-                  "text": "May",
-                  "value": "5",
-                },
-                Object {
-                  "text": "June",
-                  "value": "6",
-                },
-                Object {
-                  "text": "July",
-                  "value": "7",
-                },
-                Object {
-                  "text": "August",
-                  "value": "8",
-                },
-                Object {
-                  "text": "September",
-                  "value": "9",
-                },
-                Object {
-                  "text": "October",
-                  "value": "10",
-                },
-                Object {
-                  "text": "November",
-                  "value": "11",
-                },
-                Object {
-                  "text": "December",
-                  "value": "12",
-                },
-              ]
-            }
-            prepend="In"
-            value="*"
           >
-            <EuiFormControlLayout
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="In"
+            <option
+              value="1"
             >
-              <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-              >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    In
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyYearlyMonthSelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="*"
-                    >
-                      <option
-                        key="0"
-                        value="1"
-                      >
-                        January
-                      </option>
-                      <option
-                        key="1"
-                        value="2"
-                      >
-                        February
-                      </option>
-                      <option
-                        key="2"
-                        value="3"
-                      >
-                        March
-                      </option>
-                      <option
-                        key="3"
-                        value="4"
-                      >
-                        April
-                      </option>
-                      <option
-                        key="4"
-                        value="5"
-                      >
-                        May
-                      </option>
-                      <option
-                        key="5"
-                        value="6"
-                      >
-                        June
-                      </option>
-                      <option
-                        key="6"
-                        value="7"
-                      >
-                        July
-                      </option>
-                      <option
-                        key="7"
-                        value="8"
-                      >
-                        August
-                      </option>
-                      <option
-                        key="8"
-                        value="9"
-                      >
-                        September
-                      </option>
-                      <option
-                        key="9"
-                        value="10"
-                      >
-                        October
-                      </option>
-                      <option
-                        key="10"
-                        value="11"
-                      >
-                        November
-                      </option>
-                      <option
-                        key="11"
-                        value="12"
-                      >
-                        December
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
-              </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
+              1st
+            </option>
+            <option
+              value="2"
+            >
+              2nd
+            </option>
+            <option
+              value="3"
+            >
+              3rd
+            </option>
+            <option
+              value="4"
+            >
+              4th
+            </option>
+            <option
+              value="5"
+            >
+              5th
+            </option>
+            <option
+              value="6"
+            >
+              6th
+            </option>
+            <option
+              value="7"
+            >
+              7th
+            </option>
+            <option
+              value="8"
+            >
+              8th
+            </option>
+            <option
+              value="9"
+            >
+              9th
+            </option>
+            <option
+              value="10"
+            >
+              10th
+            </option>
+            <option
+              value="11"
+            >
+              11st
+            </option>
+            <option
+              value="12"
+            >
+              12nd
+            </option>
+            <option
+              value="13"
+            >
+              13rd
+            </option>
+            <option
+              value="14"
+            >
+              14th
+            </option>
+            <option
+              value="15"
+            >
+              15th
+            </option>
+            <option
+              value="16"
+            >
+              16th
+            </option>
+            <option
+              value="17"
+            >
+              17th
+            </option>
+            <option
+              value="18"
+            >
+              18th
+            </option>
+            <option
+              value="19"
+            >
+              19th
+            </option>
+            <option
+              value="20"
+            >
+              20th
+            </option>
+            <option
+              value="21"
+            >
+              21st
+            </option>
+            <option
+              value="22"
+            >
+              22nd
+            </option>
+            <option
+              value="23"
+            >
+              23rd
+            </option>
+            <option
+              value="24"
+            >
+              24th
+            </option>
+            <option
+              value="25"
+            >
+              25th
+            </option>
+            <option
+              value="26"
+            >
+              26th
+            </option>
+            <option
+              value="27"
+            >
+              27th
+            </option>
+            <option
+              value="28"
+            >
+              28th
+            </option>
+            <option
+              value="29"
+            >
+              29th
+            </option>
+            <option
+              value="30"
+            >
+              30th
+            </option>
+            <option
+              value="31"
+            >
+              31st
+            </option>
+          </select>
+          <div
+            class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
+          >
+            <span
+              class="euiFormControlLayoutCustomIcon"
+            >
+              <span
+                aria-hidden="true"
+                class="euiFormControlLayoutCustomIcon__icon"
+                data-euiicon-type="arrowDown"
+              />
+            </span>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Date"
-          id="searchConnectors.cronEditor.cronYearly.fieldDateLabel"
-        />
-      }
-      labelType="label"
+    </div>
+  </div>,
+  <div
+    class="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
+    data-test-subj="cronFrequencyConfiguration"
+    id="generated-id-row"
+  >
+    <div
+      class="euiFormRow__labelWrapper"
+    >
+      <label
+        class="euiFormLabel euiFormRow__label"
+        for="generated-id"
+        id="generated-id-label"
+      >
+        Time
+      </label>
+    </div>
+    <div
+      class="euiFormRow__fieldWrapper"
     >
       <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
+        class="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
+        id="generated-id"
       >
         <div
-          className="euiFormRow__labelWrapper"
+          class="euiFlexItem emotion-euiFlexItem-growZero"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
           >
             <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
+              class="euiFormLabel euiFormControlLayout__prepend"
             >
-              <FormattedMessage
-                defaultMessage="Date"
-                id="searchConnectors.cronEditor.cronYearly.fieldDateLabel"
-              >
-                Date
-              </FormattedMessage>
+              At
             </label>
-          </EuiFormLabel>
-        </div>
-        <div
-          className="euiFormRow__fieldWrapper"
-        >
-          <EuiSelect
-            data-test-subj="cronFrequencyYearlyDateSelect"
-            fullWidth={true}
-            id="generated-id"
-            onBlur={[Function]}
-            onChange={[Function]}
-            onFocus={[Function]}
-            options={
-              Array [
-                Object {
-                  "text": "1st",
-                  "value": "1",
-                },
-                Object {
-                  "text": "2nd",
-                  "value": "2",
-                },
-                Object {
-                  "text": "3rd",
-                  "value": "3",
-                },
-                Object {
-                  "text": "4th",
-                  "value": "4",
-                },
-                Object {
-                  "text": "5th",
-                  "value": "5",
-                },
-                Object {
-                  "text": "6th",
-                  "value": "6",
-                },
-                Object {
-                  "text": "7th",
-                  "value": "7",
-                },
-                Object {
-                  "text": "8th",
-                  "value": "8",
-                },
-                Object {
-                  "text": "9th",
-                  "value": "9",
-                },
-                Object {
-                  "text": "10th",
-                  "value": "10",
-                },
-                Object {
-                  "text": "11st",
-                  "value": "11",
-                },
-                Object {
-                  "text": "12nd",
-                  "value": "12",
-                },
-                Object {
-                  "text": "13rd",
-                  "value": "13",
-                },
-                Object {
-                  "text": "14th",
-                  "value": "14",
-                },
-                Object {
-                  "text": "15th",
-                  "value": "15",
-                },
-                Object {
-                  "text": "16th",
-                  "value": "16",
-                },
-                Object {
-                  "text": "17th",
-                  "value": "17",
-                },
-                Object {
-                  "text": "18th",
-                  "value": "18",
-                },
-                Object {
-                  "text": "19th",
-                  "value": "19",
-                },
-                Object {
-                  "text": "20th",
-                  "value": "20",
-                },
-                Object {
-                  "text": "21st",
-                  "value": "21",
-                },
-                Object {
-                  "text": "22nd",
-                  "value": "22",
-                },
-                Object {
-                  "text": "23rd",
-                  "value": "23",
-                },
-                Object {
-                  "text": "24th",
-                  "value": "24",
-                },
-                Object {
-                  "text": "25th",
-                  "value": "25",
-                },
-                Object {
-                  "text": "26th",
-                  "value": "26",
-                },
-                Object {
-                  "text": "27th",
-                  "value": "27",
-                },
-                Object {
-                  "text": "28th",
-                  "value": "28",
-                },
-                Object {
-                  "text": "29th",
-                  "value": "29",
-                },
-                Object {
-                  "text": "30th",
-                  "value": "30",
-                },
-                Object {
-                  "text": "31st",
-                  "value": "31",
-                },
-              ]
-            }
-            prepend="On the"
-            value="*"
-          >
-            <EuiFormControlLayout
-              compressed={false}
-              fullWidth={true}
-              inputId="generated-id"
-              isDropdown={true}
-              isLoading={false}
-              prepend="On the"
+            <div
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
+              <select
+                aria-label="Hour"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyYearlyHourSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+              </select>
               <div
-                className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
               >
-                <EuiFormLabel
-                  className="euiFormControlLayout__prepend"
-                  htmlFor="generated-id"
-                >
-                  <label
-                    className="euiFormLabel euiFormControlLayout__prepend"
-                    htmlFor="generated-id"
-                  >
-                    On the
-                  </label>
-                </EuiFormLabel>
-                <div
-                  className="euiFormControlLayout__childrenWrapper"
-                >
-                  <EuiValidatableControl>
-                    <select
-                      className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                      data-test-subj="cronFrequencyYearlyDateSelect"
-                      id="generated-id"
-                      onBlur={[Function]}
-                      onChange={[Function]}
-                      onFocus={[Function]}
-                      onMouseUp={[Function]}
-                      value="*"
-                    >
-                      <option
-                        key="0"
-                        value="1"
-                      >
-                        1st
-                      </option>
-                      <option
-                        key="1"
-                        value="2"
-                      >
-                        2nd
-                      </option>
-                      <option
-                        key="2"
-                        value="3"
-                      >
-                        3rd
-                      </option>
-                      <option
-                        key="3"
-                        value="4"
-                      >
-                        4th
-                      </option>
-                      <option
-                        key="4"
-                        value="5"
-                      >
-                        5th
-                      </option>
-                      <option
-                        key="5"
-                        value="6"
-                      >
-                        6th
-                      </option>
-                      <option
-                        key="6"
-                        value="7"
-                      >
-                        7th
-                      </option>
-                      <option
-                        key="7"
-                        value="8"
-                      >
-                        8th
-                      </option>
-                      <option
-                        key="8"
-                        value="9"
-                      >
-                        9th
-                      </option>
-                      <option
-                        key="9"
-                        value="10"
-                      >
-                        10th
-                      </option>
-                      <option
-                        key="10"
-                        value="11"
-                      >
-                        11st
-                      </option>
-                      <option
-                        key="11"
-                        value="12"
-                      >
-                        12nd
-                      </option>
-                      <option
-                        key="12"
-                        value="13"
-                      >
-                        13rd
-                      </option>
-                      <option
-                        key="13"
-                        value="14"
-                      >
-                        14th
-                      </option>
-                      <option
-                        key="14"
-                        value="15"
-                      >
-                        15th
-                      </option>
-                      <option
-                        key="15"
-                        value="16"
-                      >
-                        16th
-                      </option>
-                      <option
-                        key="16"
-                        value="17"
-                      >
-                        17th
-                      </option>
-                      <option
-                        key="17"
-                        value="18"
-                      >
-                        18th
-                      </option>
-                      <option
-                        key="18"
-                        value="19"
-                      >
-                        19th
-                      </option>
-                      <option
-                        key="19"
-                        value="20"
-                      >
-                        20th
-                      </option>
-                      <option
-                        key="20"
-                        value="21"
-                      >
-                        21st
-                      </option>
-                      <option
-                        key="21"
-                        value="22"
-                      >
-                        22nd
-                      </option>
-                      <option
-                        key="22"
-                        value="23"
-                      >
-                        23rd
-                      </option>
-                      <option
-                        key="23"
-                        value="24"
-                      >
-                        24th
-                      </option>
-                      <option
-                        key="24"
-                        value="25"
-                      >
-                        25th
-                      </option>
-                      <option
-                        key="25"
-                        value="26"
-                      >
-                        26th
-                      </option>
-                      <option
-                        key="26"
-                        value="27"
-                      >
-                        27th
-                      </option>
-                      <option
-                        key="27"
-                        value="28"
-                      >
-                        28th
-                      </option>
-                      <option
-                        key="28"
-                        value="29"
-                      >
-                        29th
-                      </option>
-                      <option
-                        key="29"
-                        value="30"
-                      >
-                        30th
-                      </option>
-                      <option
-                        key="30"
-                        value="31"
-                      >
-                        31st
-                      </option>
-                    </select>
-                  </EuiValidatableControl>
-                  <EuiFormControlLayoutIcons
-                    compressed={false}
-                    isDropdown={true}
-                    isLoading={false}
-                    side="right"
-                  >
-                    <div
-                      className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                    >
-                      <EuiFormControlLayoutCustomIcon
-                        size="m"
-                        type="arrowDown"
-                      >
-                        <span
-                          className="euiFormControlLayoutCustomIcon"
-                        >
-                          <EuiIcon
-                            aria-hidden="true"
-                            className="euiFormControlLayoutCustomIcon__icon"
-                            size="m"
-                            type="arrowDown"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className="euiFormControlLayoutCustomIcon__icon"
-                              data-euiicon-type="arrowDown"
-                              size="m"
-                            />
-                          </EuiIcon>
-                        </span>
-                      </EuiFormControlLayoutCustomIcon>
-                    </div>
-                  </EuiFormControlLayoutIcons>
-                </div>
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
               </div>
-            </EuiFormControlLayout>
-          </EuiSelect>
+            </div>
+          </div>
         </div>
-      </div>
-    </EuiFormRow>
-    <EuiFormRow
-      data-test-subj="cronFrequencyConfiguration"
-      describedByIds={Array []}
-      display="row"
-      fullWidth={true}
-      hasChildLabel={true}
-      hasEmptyLabelSpace={false}
-      label={
-        <Memo(MemoizedFormattedMessage)
-          defaultMessage="Time"
-          id="searchConnectors.cronEditor.cronYearly.fieldTimeLabel"
-        />
-      }
-      labelType="label"
-    >
-      <div
-        className="euiFormRow euiFormRow--fullWidth euiFormRow--hasLabel"
-        data-test-subj="cronFrequencyConfiguration"
-        id="generated-id-row"
-      >
         <div
-          className="euiFormRow__labelWrapper"
+          class="euiFlexItem emotion-euiFlexItem-grow-1"
         >
-          <EuiFormLabel
-            className="euiFormRow__label"
-            htmlFor="generated-id"
-            id="generated-id-label"
-            isFocused={false}
-            type="label"
+          <div
+            class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
           >
             <label
-              className="euiFormLabel euiFormRow__label"
-              htmlFor="generated-id"
-              id="generated-id-label"
+              class="euiFormLabel euiFormControlLayout__prepend"
             >
-              <FormattedMessage
-                defaultMessage="Time"
-                id="searchConnectors.cronEditor.cronYearly.fieldTimeLabel"
-              >
-                Time
-              </FormattedMessage>
+              :
             </label>
-          </EuiFormLabel>
-        </div>
-        <div
-          className="euiFormRow__fieldWrapper"
-        >
-          <EuiFlexGroup
-            gutterSize="xs"
-            id="generated-id"
-            onBlur={[Function]}
-            onFocus={[Function]}
-          >
             <div
-              css="unknown styles"
-              id="generated-id"
-              onBlur={[Function]}
-              onFocus={[Function]}
-            >
-              <Insertion
-                cache={
-                  Object {
-                    "insert": [Function],
-                    "inserted": Object {
-                      "9sbomz-euiFlexItem-grow-1": true,
-                      "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                      "kpsrin-euiFlexItem-growZero": true,
-                    },
-                    "key": "css",
-                    "nonce": undefined,
-                    "registered": Object {},
-                    "sheet": StyleSheet {
-                      "_alreadyInsertedOrderInsensitiveRule": true,
-                      "_insertTag": [Function],
-                      "before": null,
-                      "container": <head>
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-styled="active"
-                          data-styled-version="5.1.0"
-                        />
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>
-                      </head>,
-                      "ctr": 4,
-                      "insertionPoint": undefined,
-                      "isSpeedy": false,
-                      "key": "css",
-                      "nonce": undefined,
-                      "prepend": undefined,
-                      "tags": Array [
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                        </style>,
-                        <style
-                          data-emotion="css"
-                          data-s=""
-                        >
-                          
-                          .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                        </style>,
-                      ],
-                    },
-                  }
-                }
-                isStringTag={true}
-                serialized={
-                  Object {
-                    "map": undefined,
-                    "name": "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row",
-                    "next": undefined,
-                    "styles": "display:flex;align-items:stretch;flex-grow:1;label:euiFlexGroup;;;@media only screen and (max-width: 767px){flex-wrap:wrap;&>.euiFlexItem{inline-size: 100%; flex-basis:100%;}};label:responsive;;;;gap:4px;;label:xs;;;justify-content:flex-start;label:flexStart;;;align-items:stretch;label:stretch;;;flex-direction:row;label:row;;;",
-                    "toString": [Function],
-                  }
-                }
-              />
+              class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
+            >
+              <select
+                aria-label="Minute"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
+                data-test-subj="cronFrequencyYearlyMinuteSelect"
+              >
+                <option
+                  value="0"
+                >
+                  00
+                </option>
+                <option
+                  value="1"
+                >
+                  01
+                </option>
+                <option
+                  value="2"
+                >
+                  02
+                </option>
+                <option
+                  value="3"
+                >
+                  03
+                </option>
+                <option
+                  value="4"
+                >
+                  04
+                </option>
+                <option
+                  value="5"
+                >
+                  05
+                </option>
+                <option
+                  value="6"
+                >
+                  06
+                </option>
+                <option
+                  value="7"
+                >
+                  07
+                </option>
+                <option
+                  value="8"
+                >
+                  08
+                </option>
+                <option
+                  value="9"
+                >
+                  09
+                </option>
+                <option
+                  value="10"
+                >
+                  10
+                </option>
+                <option
+                  value="11"
+                >
+                  11
+                </option>
+                <option
+                  value="12"
+                >
+                  12
+                </option>
+                <option
+                  value="13"
+                >
+                  13
+                </option>
+                <option
+                  value="14"
+                >
+                  14
+                </option>
+                <option
+                  value="15"
+                >
+                  15
+                </option>
+                <option
+                  value="16"
+                >
+                  16
+                </option>
+                <option
+                  value="17"
+                >
+                  17
+                </option>
+                <option
+                  value="18"
+                >
+                  18
+                </option>
+                <option
+                  value="19"
+                >
+                  19
+                </option>
+                <option
+                  value="20"
+                >
+                  20
+                </option>
+                <option
+                  value="21"
+                >
+                  21
+                </option>
+                <option
+                  value="22"
+                >
+                  22
+                </option>
+                <option
+                  value="23"
+                >
+                  23
+                </option>
+                <option
+                  value="24"
+                >
+                  24
+                </option>
+                <option
+                  value="25"
+                >
+                  25
+                </option>
+                <option
+                  value="26"
+                >
+                  26
+                </option>
+                <option
+                  value="27"
+                >
+                  27
+                </option>
+                <option
+                  value="28"
+                >
+                  28
+                </option>
+                <option
+                  value="29"
+                >
+                  29
+                </option>
+                <option
+                  value="30"
+                >
+                  30
+                </option>
+                <option
+                  value="31"
+                >
+                  31
+                </option>
+                <option
+                  value="32"
+                >
+                  32
+                </option>
+                <option
+                  value="33"
+                >
+                  33
+                </option>
+                <option
+                  value="34"
+                >
+                  34
+                </option>
+                <option
+                  value="35"
+                >
+                  35
+                </option>
+                <option
+                  value="36"
+                >
+                  36
+                </option>
+                <option
+                  value="37"
+                >
+                  37
+                </option>
+                <option
+                  value="38"
+                >
+                  38
+                </option>
+                <option
+                  value="39"
+                >
+                  39
+                </option>
+                <option
+                  value="40"
+                >
+                  40
+                </option>
+                <option
+                  value="41"
+                >
+                  41
+                </option>
+                <option
+                  value="42"
+                >
+                  42
+                </option>
+                <option
+                  value="43"
+                >
+                  43
+                </option>
+                <option
+                  value="44"
+                >
+                  44
+                </option>
+                <option
+                  value="45"
+                >
+                  45
+                </option>
+                <option
+                  value="46"
+                >
+                  46
+                </option>
+                <option
+                  value="47"
+                >
+                  47
+                </option>
+                <option
+                  value="48"
+                >
+                  48
+                </option>
+                <option
+                  value="49"
+                >
+                  49
+                </option>
+                <option
+                  value="50"
+                >
+                  50
+                </option>
+                <option
+                  value="51"
+                >
+                  51
+                </option>
+                <option
+                  value="52"
+                >
+                  52
+                </option>
+                <option
+                  value="53"
+                >
+                  53
+                </option>
+                <option
+                  value="54"
+                >
+                  54
+                </option>
+                <option
+                  value="55"
+                >
+                  55
+                </option>
+                <option
+                  value="56"
+                >
+                  56
+                </option>
+                <option
+                  value="57"
+                >
+                  57
+                </option>
+                <option
+                  value="58"
+                >
+                  58
+                </option>
+                <option
+                  value="59"
+                >
+                  59
+                </option>
+              </select>
               <div
-                className="euiFlexGroup emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row"
-                id="generated-id"
-                onBlur={[Function]}
-                onFocus={[Function]}
+                class="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
               >
-                <EuiFlexItem
-                  grow={false}
-                >
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "kpsrin-euiFlexItem-growZero",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-grow:0;flex-basis:auto;label:growZero;;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-growZero"
-                    >
-                      <EuiSelect
-                        aria-label="Hour"
-                        data-test-subj="cronFrequencyYearlyHourSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                          ]
-                        }
-                        prepend="At"
-                        value="*"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend="At"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                At
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Hour"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyYearlyHourSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="*"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
-                <EuiFlexItem>
-                  <div
-                    css="unknown styles"
-                  >
-                    <Insertion
-                      cache={
-                        Object {
-                          "insert": [Function],
-                          "inserted": Object {
-                            "9sbomz-euiFlexItem-grow-1": true,
-                            "bqv98l-euiFlexGroup-responsive-xs-flexStart-stretch-row": true,
-                            "kpsrin-euiFlexItem-growZero": true,
-                          },
-                          "key": "css",
-                          "nonce": undefined,
-                          "registered": Object {},
-                          "sheet": StyleSheet {
-                            "_alreadyInsertedOrderInsensitiveRule": true,
-                            "_insertTag": [Function],
-                            "before": null,
-                            "container": <head>
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-styled="active"
-                                data-styled-version="5.1.0"
-                              />
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>
-                            </head>,
-                            "ctr": 4,
-                            "insertionPoint": undefined,
-                            "isSpeedy": false,
-                            "key": "css",
-                            "nonce": undefined,
-                            "prepend": undefined,
-                            "tags": Array [
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;gap:4px;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                @media only screen and (max-width: 767px){.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row{-webkit-box-flex-wrap:wrap;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;}.emotion-euiFlexGroup-responsive-xs-flexStart-stretch-row&gt;.euiFlexItem{inline-size:100%;-webkit-flex-basis:100%;-ms-flex-preferred-size:100%;flex-basis:100%;}}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-growZero{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-basis:auto;-ms-flex-preferred-size:auto;flex-basis:auto;}
-                              </style>,
-                              <style
-                                data-emotion="css"
-                                data-s=""
-                              >
-                                
-                                .emotion-euiFlexItem-grow-1{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex-basis:0%;-ms-flex-preferred-size:0%;flex-basis:0%;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}
-                              </style>,
-                            ],
-                          },
-                        }
-                      }
-                      isStringTag={true}
-                      serialized={
-                        Object {
-                          "map": undefined,
-                          "name": "9sbomz-euiFlexItem-grow-1",
-                          "next": undefined,
-                          "styles": "display:flex;flex-direction:column;label:euiFlexItem;;;flex-basis:0%;label:grow;;;flex-grow:1;label:1;;;",
-                          "toString": [Function],
-                        }
-                      }
-                    />
-                    <div
-                      className="euiFlexItem emotion-euiFlexItem-grow-1"
-                    >
-                      <EuiSelect
-                        aria-label="Minute"
-                        data-test-subj="cronFrequencyYearlyMinuteSelect"
-                        fullWidth={true}
-                        onChange={[Function]}
-                        options={
-                          Array [
-                            Object {
-                              "text": "00",
-                              "value": "0",
-                            },
-                            Object {
-                              "text": "01",
-                              "value": "1",
-                            },
-                            Object {
-                              "text": "02",
-                              "value": "2",
-                            },
-                            Object {
-                              "text": "03",
-                              "value": "3",
-                            },
-                            Object {
-                              "text": "04",
-                              "value": "4",
-                            },
-                            Object {
-                              "text": "05",
-                              "value": "5",
-                            },
-                            Object {
-                              "text": "06",
-                              "value": "6",
-                            },
-                            Object {
-                              "text": "07",
-                              "value": "7",
-                            },
-                            Object {
-                              "text": "08",
-                              "value": "8",
-                            },
-                            Object {
-                              "text": "09",
-                              "value": "9",
-                            },
-                            Object {
-                              "text": "10",
-                              "value": "10",
-                            },
-                            Object {
-                              "text": "11",
-                              "value": "11",
-                            },
-                            Object {
-                              "text": "12",
-                              "value": "12",
-                            },
-                            Object {
-                              "text": "13",
-                              "value": "13",
-                            },
-                            Object {
-                              "text": "14",
-                              "value": "14",
-                            },
-                            Object {
-                              "text": "15",
-                              "value": "15",
-                            },
-                            Object {
-                              "text": "16",
-                              "value": "16",
-                            },
-                            Object {
-                              "text": "17",
-                              "value": "17",
-                            },
-                            Object {
-                              "text": "18",
-                              "value": "18",
-                            },
-                            Object {
-                              "text": "19",
-                              "value": "19",
-                            },
-                            Object {
-                              "text": "20",
-                              "value": "20",
-                            },
-                            Object {
-                              "text": "21",
-                              "value": "21",
-                            },
-                            Object {
-                              "text": "22",
-                              "value": "22",
-                            },
-                            Object {
-                              "text": "23",
-                              "value": "23",
-                            },
-                            Object {
-                              "text": "24",
-                              "value": "24",
-                            },
-                            Object {
-                              "text": "25",
-                              "value": "25",
-                            },
-                            Object {
-                              "text": "26",
-                              "value": "26",
-                            },
-                            Object {
-                              "text": "27",
-                              "value": "27",
-                            },
-                            Object {
-                              "text": "28",
-                              "value": "28",
-                            },
-                            Object {
-                              "text": "29",
-                              "value": "29",
-                            },
-                            Object {
-                              "text": "30",
-                              "value": "30",
-                            },
-                            Object {
-                              "text": "31",
-                              "value": "31",
-                            },
-                            Object {
-                              "text": "32",
-                              "value": "32",
-                            },
-                            Object {
-                              "text": "33",
-                              "value": "33",
-                            },
-                            Object {
-                              "text": "34",
-                              "value": "34",
-                            },
-                            Object {
-                              "text": "35",
-                              "value": "35",
-                            },
-                            Object {
-                              "text": "36",
-                              "value": "36",
-                            },
-                            Object {
-                              "text": "37",
-                              "value": "37",
-                            },
-                            Object {
-                              "text": "38",
-                              "value": "38",
-                            },
-                            Object {
-                              "text": "39",
-                              "value": "39",
-                            },
-                            Object {
-                              "text": "40",
-                              "value": "40",
-                            },
-                            Object {
-                              "text": "41",
-                              "value": "41",
-                            },
-                            Object {
-                              "text": "42",
-                              "value": "42",
-                            },
-                            Object {
-                              "text": "43",
-                              "value": "43",
-                            },
-                            Object {
-                              "text": "44",
-                              "value": "44",
-                            },
-                            Object {
-                              "text": "45",
-                              "value": "45",
-                            },
-                            Object {
-                              "text": "46",
-                              "value": "46",
-                            },
-                            Object {
-                              "text": "47",
-                              "value": "47",
-                            },
-                            Object {
-                              "text": "48",
-                              "value": "48",
-                            },
-                            Object {
-                              "text": "49",
-                              "value": "49",
-                            },
-                            Object {
-                              "text": "50",
-                              "value": "50",
-                            },
-                            Object {
-                              "text": "51",
-                              "value": "51",
-                            },
-                            Object {
-                              "text": "52",
-                              "value": "52",
-                            },
-                            Object {
-                              "text": "53",
-                              "value": "53",
-                            },
-                            Object {
-                              "text": "54",
-                              "value": "54",
-                            },
-                            Object {
-                              "text": "55",
-                              "value": "55",
-                            },
-                            Object {
-                              "text": "56",
-                              "value": "56",
-                            },
-                            Object {
-                              "text": "57",
-                              "value": "57",
-                            },
-                            Object {
-                              "text": "58",
-                              "value": "58",
-                            },
-                            Object {
-                              "text": "59",
-                              "value": "59",
-                            },
-                          ]
-                        }
-                        prepend=":"
-                        value="10"
-                      >
-                        <EuiFormControlLayout
-                          compressed={false}
-                          fullWidth={true}
-                          isDropdown={true}
-                          isLoading={false}
-                          prepend=":"
-                        >
-                          <div
-                            className="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--group"
-                          >
-                            <EuiFormLabel
-                              className="euiFormControlLayout__prepend"
-                            >
-                              <label
-                                className="euiFormLabel euiFormControlLayout__prepend"
-                              >
-                                :
-                              </label>
-                            </EuiFormLabel>
-                            <div
-                              className="euiFormControlLayout__childrenWrapper"
-                            >
-                              <EuiValidatableControl>
-                                <select
-                                  aria-label="Minute"
-                                  className="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
-                                  data-test-subj="cronFrequencyYearlyMinuteSelect"
-                                  onChange={[Function]}
-                                  onMouseUp={[Function]}
-                                  value="10"
-                                >
-                                  <option
-                                    key="0"
-                                    value="0"
-                                  >
-                                    00
-                                  </option>
-                                  <option
-                                    key="1"
-                                    value="1"
-                                  >
-                                    01
-                                  </option>
-                                  <option
-                                    key="2"
-                                    value="2"
-                                  >
-                                    02
-                                  </option>
-                                  <option
-                                    key="3"
-                                    value="3"
-                                  >
-                                    03
-                                  </option>
-                                  <option
-                                    key="4"
-                                    value="4"
-                                  >
-                                    04
-                                  </option>
-                                  <option
-                                    key="5"
-                                    value="5"
-                                  >
-                                    05
-                                  </option>
-                                  <option
-                                    key="6"
-                                    value="6"
-                                  >
-                                    06
-                                  </option>
-                                  <option
-                                    key="7"
-                                    value="7"
-                                  >
-                                    07
-                                  </option>
-                                  <option
-                                    key="8"
-                                    value="8"
-                                  >
-                                    08
-                                  </option>
-                                  <option
-                                    key="9"
-                                    value="9"
-                                  >
-                                    09
-                                  </option>
-                                  <option
-                                    key="10"
-                                    value="10"
-                                  >
-                                    10
-                                  </option>
-                                  <option
-                                    key="11"
-                                    value="11"
-                                  >
-                                    11
-                                  </option>
-                                  <option
-                                    key="12"
-                                    value="12"
-                                  >
-                                    12
-                                  </option>
-                                  <option
-                                    key="13"
-                                    value="13"
-                                  >
-                                    13
-                                  </option>
-                                  <option
-                                    key="14"
-                                    value="14"
-                                  >
-                                    14
-                                  </option>
-                                  <option
-                                    key="15"
-                                    value="15"
-                                  >
-                                    15
-                                  </option>
-                                  <option
-                                    key="16"
-                                    value="16"
-                                  >
-                                    16
-                                  </option>
-                                  <option
-                                    key="17"
-                                    value="17"
-                                  >
-                                    17
-                                  </option>
-                                  <option
-                                    key="18"
-                                    value="18"
-                                  >
-                                    18
-                                  </option>
-                                  <option
-                                    key="19"
-                                    value="19"
-                                  >
-                                    19
-                                  </option>
-                                  <option
-                                    key="20"
-                                    value="20"
-                                  >
-                                    20
-                                  </option>
-                                  <option
-                                    key="21"
-                                    value="21"
-                                  >
-                                    21
-                                  </option>
-                                  <option
-                                    key="22"
-                                    value="22"
-                                  >
-                                    22
-                                  </option>
-                                  <option
-                                    key="23"
-                                    value="23"
-                                  >
-                                    23
-                                  </option>
-                                  <option
-                                    key="24"
-                                    value="24"
-                                  >
-                                    24
-                                  </option>
-                                  <option
-                                    key="25"
-                                    value="25"
-                                  >
-                                    25
-                                  </option>
-                                  <option
-                                    key="26"
-                                    value="26"
-                                  >
-                                    26
-                                  </option>
-                                  <option
-                                    key="27"
-                                    value="27"
-                                  >
-                                    27
-                                  </option>
-                                  <option
-                                    key="28"
-                                    value="28"
-                                  >
-                                    28
-                                  </option>
-                                  <option
-                                    key="29"
-                                    value="29"
-                                  >
-                                    29
-                                  </option>
-                                  <option
-                                    key="30"
-                                    value="30"
-                                  >
-                                    30
-                                  </option>
-                                  <option
-                                    key="31"
-                                    value="31"
-                                  >
-                                    31
-                                  </option>
-                                  <option
-                                    key="32"
-                                    value="32"
-                                  >
-                                    32
-                                  </option>
-                                  <option
-                                    key="33"
-                                    value="33"
-                                  >
-                                    33
-                                  </option>
-                                  <option
-                                    key="34"
-                                    value="34"
-                                  >
-                                    34
-                                  </option>
-                                  <option
-                                    key="35"
-                                    value="35"
-                                  >
-                                    35
-                                  </option>
-                                  <option
-                                    key="36"
-                                    value="36"
-                                  >
-                                    36
-                                  </option>
-                                  <option
-                                    key="37"
-                                    value="37"
-                                  >
-                                    37
-                                  </option>
-                                  <option
-                                    key="38"
-                                    value="38"
-                                  >
-                                    38
-                                  </option>
-                                  <option
-                                    key="39"
-                                    value="39"
-                                  >
-                                    39
-                                  </option>
-                                  <option
-                                    key="40"
-                                    value="40"
-                                  >
-                                    40
-                                  </option>
-                                  <option
-                                    key="41"
-                                    value="41"
-                                  >
-                                    41
-                                  </option>
-                                  <option
-                                    key="42"
-                                    value="42"
-                                  >
-                                    42
-                                  </option>
-                                  <option
-                                    key="43"
-                                    value="43"
-                                  >
-                                    43
-                                  </option>
-                                  <option
-                                    key="44"
-                                    value="44"
-                                  >
-                                    44
-                                  </option>
-                                  <option
-                                    key="45"
-                                    value="45"
-                                  >
-                                    45
-                                  </option>
-                                  <option
-                                    key="46"
-                                    value="46"
-                                  >
-                                    46
-                                  </option>
-                                  <option
-                                    key="47"
-                                    value="47"
-                                  >
-                                    47
-                                  </option>
-                                  <option
-                                    key="48"
-                                    value="48"
-                                  >
-                                    48
-                                  </option>
-                                  <option
-                                    key="49"
-                                    value="49"
-                                  >
-                                    49
-                                  </option>
-                                  <option
-                                    key="50"
-                                    value="50"
-                                  >
-                                    50
-                                  </option>
-                                  <option
-                                    key="51"
-                                    value="51"
-                                  >
-                                    51
-                                  </option>
-                                  <option
-                                    key="52"
-                                    value="52"
-                                  >
-                                    52
-                                  </option>
-                                  <option
-                                    key="53"
-                                    value="53"
-                                  >
-                                    53
-                                  </option>
-                                  <option
-                                    key="54"
-                                    value="54"
-                                  >
-                                    54
-                                  </option>
-                                  <option
-                                    key="55"
-                                    value="55"
-                                  >
-                                    55
-                                  </option>
-                                  <option
-                                    key="56"
-                                    value="56"
-                                  >
-                                    56
-                                  </option>
-                                  <option
-                                    key="57"
-                                    value="57"
-                                  >
-                                    57
-                                  </option>
-                                  <option
-                                    key="58"
-                                    value="58"
-                                  >
-                                    58
-                                  </option>
-                                  <option
-                                    key="59"
-                                    value="59"
-                                  >
-                                    59
-                                  </option>
-                                </select>
-                              </EuiValidatableControl>
-                              <EuiFormControlLayoutIcons
-                                compressed={false}
-                                isDropdown={true}
-                                isLoading={false}
-                                side="right"
-                              >
-                                <div
-                                  className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right euiFormControlLayoutIcons--absolute"
-                                >
-                                  <EuiFormControlLayoutCustomIcon
-                                    size="m"
-                                    type="arrowDown"
-                                  >
-                                    <span
-                                      className="euiFormControlLayoutCustomIcon"
-                                    >
-                                      <EuiIcon
-                                        aria-hidden="true"
-                                        className="euiFormControlLayoutCustomIcon__icon"
-                                        size="m"
-                                        type="arrowDown"
-                                      >
-                                        <span
-                                          aria-hidden="true"
-                                          className="euiFormControlLayoutCustomIcon__icon"
-                                          data-euiicon-type="arrowDown"
-                                          size="m"
-                                        />
-                                      </EuiIcon>
-                                    </span>
-                                  </EuiFormControlLayoutCustomIcon>
-                                </div>
-                              </EuiFormControlLayoutIcons>
-                            </div>
-                          </div>
-                        </EuiFormControlLayout>
-                      </EuiSelect>
-                    </div>
-                  </div>
-                </EuiFlexItem>
+                <span
+                  class="euiFormControlLayoutCustomIcon"
+                >
+                  <span
+                    aria-hidden="true"
+                    class="euiFormControlLayoutCustomIcon__icon"
+                    data-euiicon-type="arrowDown"
+                  />
+                </span>
               </div>
             </div>
-          </EuiFlexGroup>
+          </div>
         </div>
       </div>
-    </EuiFormRow>
-  </CronYearly>
-</CronEditor>
+    </div>
+  </div>,
+]
 `;
diff --git a/packages/kbn-search-connectors/components/cron_editor/cron_editor.test.tsx b/packages/kbn-search-connectors/components/cron_editor/cron_editor.test.tsx
index cb867b91951cc..060bef2930142 100644
--- a/packages/kbn-search-connectors/components/cron_editor/cron_editor.test.tsx
+++ b/packages/kbn-search-connectors/components/cron_editor/cron_editor.test.tsx
@@ -28,7 +28,7 @@ describe('CronEditor', () => {
         />
       );
 
-      expect(component).toMatchSnapshot();
+      expect(component.render()).toMatchSnapshot();
     });
   });
 
diff --git a/packages/kbn-search-connectors/types/native_connectors.ts b/packages/kbn-search-connectors/types/native_connectors.ts
index 5cd8ee5311a1d..b48e069b1c78f 100644
--- a/packages/kbn-search-connectors/types/native_connectors.ts
+++ b/packages/kbn-search-connectors/types/native_connectors.ts
@@ -1861,14 +1861,20 @@ export const NATIVE_CONNECTOR_DEFINITIONS: Record<string, NativeConnector | unde
         ],
         display: DisplayType.TEXTBOX,
         label: i18n.translate('searchConnectors.nativeConnectors.jira.cloudServiceAccountLabel', {
-          defaultMessage: 'Jira Cloud service account id',
+          defaultMessage: 'Jira Cloud email address',
         }),
         options: [],
         order: 6,
         placeholder: 'me@example.com',
         required: true,
         sensitive: false,
-        tooltip: null,
+        tooltip: i18n.translate(
+          'searchConnectors.nativeConnectors.jira.cloudServiceAccountTooltip',
+          {
+            defaultMessage:
+              'Email address associated with Jira Cloud account. E.g. jane.doe@gmail.com',
+          }
+        ),
         type: FieldType.STRING,
         ui_restrictions: [],
         validations: [],
diff --git a/packages/kbn-search-index-documents/components/result/result_metadata.ts b/packages/kbn-search-index-documents/components/result/result_metadata.ts
index 629b09779a01b..51d7c74eadde8 100644
--- a/packages/kbn-search-index-documents/components/result/result_metadata.ts
+++ b/packages/kbn-search-index-documents/components/result/result_metadata.ts
@@ -33,6 +33,6 @@ export const resultTitle = (result: SearchHit): string | undefined => {
 };
 
 export const resultMetaData = (result: SearchHit): MetaDataProps => ({
-  id: result._id,
+  id: result._id!,
   title: resultTitle(result),
 });
diff --git a/packages/kbn-securitysolution-autocomplete/src/field/__tests__/__snapshots__/index.test.tsx.snap b/packages/kbn-securitysolution-autocomplete/src/field/__tests__/__snapshots__/index.test.tsx.snap
index 1a4c9076a20d6..1bfa3200b4243 100644
--- a/packages/kbn-securitysolution-autocomplete/src/field/__tests__/__snapshots__/index.test.tsx.snap
+++ b/packages/kbn-securitysolution-autocomplete/src/field/__tests__/__snapshots__/index.test.tsx.snap
@@ -17,6 +17,7 @@ Object {
           >
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 2;"
             >
               <div
                 class="euiComboBox__inputWrap euiFormControlLayout--2icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -28,6 +29,7 @@ Object {
                   aria-controls=""
                   aria-expanded="false"
                   aria-invalid="false"
+                  autocomplete="off"
                   class="euiComboBox__input"
                   data-test-subj="comboBoxSearchInput"
                   id="generated-id__eui-combobox-id"
@@ -83,6 +85,7 @@ Object {
         >
           <div
             class="euiFormControlLayout__childrenWrapper"
+            style="--euiFormControlRightIconsCount: 2;"
           >
             <div
               class="euiComboBox__inputWrap euiFormControlLayout--2icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -94,6 +97,7 @@ Object {
                 aria-controls=""
                 aria-expanded="false"
                 aria-invalid="false"
+                autocomplete="off"
                 class="euiComboBox__input"
                 data-test-subj="comboBoxSearchInput"
                 id="generated-id__eui-combobox-id"
@@ -217,6 +221,7 @@ Object {
                   aria-controls=""
                   aria-expanded="false"
                   aria-invalid="false"
+                  autocomplete="off"
                   class="euiComboBox__input"
                   data-test-subj="comboBoxSearchInput"
                   disabled=""
@@ -256,6 +261,7 @@ Object {
                 aria-controls=""
                 aria-expanded="false"
                 aria-invalid="false"
+                autocomplete="off"
                 class="euiComboBox__input"
                 data-test-subj="comboBoxSearchInput"
                 disabled=""
@@ -341,6 +347,7 @@ Object {
           >
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <div
                 class="euiComboBox__inputWrap euiFormControlLayout--1icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -352,6 +359,7 @@ Object {
                   aria-controls=""
                   aria-expanded="false"
                   aria-invalid="false"
+                  autocomplete="off"
                   class="euiComboBox__input"
                   data-test-subj="comboBoxSearchInput"
                   id="generated-id__eui-combobox-id"
@@ -396,6 +404,7 @@ Object {
         >
           <div
             class="euiFormControlLayout__childrenWrapper"
+            style="--euiFormControlRightIconsCount: 1;"
           >
             <div
               class="euiComboBox__inputWrap euiFormControlLayout--1icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -407,6 +416,7 @@ Object {
                 aria-controls=""
                 aria-expanded="false"
                 aria-invalid="false"
+                autocomplete="off"
                 class="euiComboBox__input"
                 data-test-subj="comboBoxSearchInput"
                 id="generated-id__eui-combobox-id"
@@ -508,6 +518,7 @@ Object {
           >
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <div
                 class="euiComboBox__inputWrap euiFormControlLayout--2icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -519,6 +530,7 @@ Object {
                   aria-controls=""
                   aria-expanded="false"
                   aria-invalid="false"
+                  autocomplete="off"
                   class="euiComboBox__input"
                   data-test-subj="comboBoxSearchInput"
                   disabled=""
@@ -556,6 +568,7 @@ Object {
         >
           <div
             class="euiFormControlLayout__childrenWrapper"
+            style="--euiFormControlRightIconsCount: 1;"
           >
             <div
               class="euiComboBox__inputWrap euiFormControlLayout--2icons euiComboBox__inputWrap--fullWidth euiComboBox__inputWrap--noWrap euiComboBox__inputWrap--plainText"
@@ -567,6 +580,7 @@ Object {
                 aria-controls=""
                 aria-expanded="false"
                 aria-invalid="false"
+                autocomplete="off"
                 class="euiComboBox__input"
                 data-test-subj="comboBoxSearchInput"
                 disabled=""
diff --git a/packages/kbn-securitysolution-exception-list-components/src/list_header/__snapshots__/list_header.test.tsx.snap b/packages/kbn-securitysolution-exception-list-components/src/list_header/__snapshots__/list_header.test.tsx.snap
index 7e2a43f715166..8996152dad75d 100644
--- a/packages/kbn-securitysolution-exception-list-components/src/list_header/__snapshots__/list_header.test.tsx.snap
+++ b/packages/kbn-securitysolution-exception-list-components/src/list_header/__snapshots__/list_header.test.tsx.snap
@@ -299,7 +299,7 @@ Object {
                         class="euiFormControlLayout__childrenWrapper"
                       >
                         <input
-                          class="euiFieldText euiFieldText--fullWidth"
+                          class="euiFieldText emotion-euiFieldText-fullWidth"
                           data-test-subj="editModalNameTextField"
                           id="generated-id"
                           name="name"
@@ -329,13 +329,13 @@ Object {
                     class="euiFormRow__fieldWrapper"
                   >
                     <div
-                      class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--euiTextArea"
+                      class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--euiTextArea emotion-euiTextArea"
                     >
                       <div
                         class="euiFormControlLayout__childrenWrapper"
                       >
                         <textarea
-                          class="euiTextArea euiTextArea--resizeVertical euiTextArea--fullWidth"
+                          class="euiTextArea emotion-euiTextArea-vertical-fullWidth"
                           data-test-subj="editModalDescriptionTextField"
                           id="generated-id"
                           name="description"
diff --git a/packages/kbn-securitysolution-exception-list-components/src/list_header/edit_modal/__snapshots__/edit_modal.test.tsx.snap b/packages/kbn-securitysolution-exception-list-components/src/list_header/edit_modal/__snapshots__/edit_modal.test.tsx.snap
index 119d2f33d10be..e4c3f1debc3fb 100644
--- a/packages/kbn-securitysolution-exception-list-components/src/list_header/edit_modal/__snapshots__/edit_modal.test.tsx.snap
+++ b/packages/kbn-securitysolution-exception-list-components/src/list_header/edit_modal/__snapshots__/edit_modal.test.tsx.snap
@@ -79,7 +79,7 @@ Object {
                         class="euiFormControlLayout__childrenWrapper"
                       >
                         <input
-                          class="euiFieldText euiFieldText--fullWidth"
+                          class="euiFieldText emotion-euiFieldText-fullWidth"
                           data-test-subj="editModalNameTextField"
                           id="generated-id"
                           name="name"
@@ -109,13 +109,13 @@ Object {
                     class="euiFormRow__fieldWrapper"
                   >
                     <div
-                      class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--euiTextArea"
+                      class="euiFormControlLayout euiFormControlLayout--fullWidth euiFormControlLayout--euiTextArea emotion-euiTextArea"
                     >
                       <div
                         class="euiFormControlLayout__childrenWrapper"
                       >
                         <textarea
-                          class="euiTextArea euiTextArea--resizeVertical euiTextArea--fullWidth"
+                          class="euiTextArea emotion-euiTextArea-vertical-fullWidth"
                           data-test-subj="editModalDescriptionTextField"
                           id="generated-id"
                           name="description"
diff --git a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts
index 22bd50fcf0f35..96fcaa5eefca4 100644
--- a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts
+++ b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts
@@ -24,7 +24,7 @@ export type FindListsCursor = z.infer<typeof FindListsCursor>;
 export const FindListsCursor = NonEmptyString;
 
 export type FindListsFilter = z.infer<typeof FindListsFilter>;
-export const FindListsFilter = NonEmptyString;
+export const FindListsFilter = z.string();
 
 export type FindListsRequestQuery = z.infer<typeof FindListsRequestQuery>;
 export const FindListsRequestQuery = z.object({
diff --git a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml
index 7fa5f1ac581ac..236fa747599ac 100644
--- a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml
+++ b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml
@@ -116,4 +116,4 @@ components:
       $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
 
     FindListsFilter:
-      $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
+      type: string
diff --git a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts
index ef23adf7a7dcd..6288ece0cf179 100644
--- a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts
+++ b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts
@@ -25,7 +25,7 @@ export type FindListItemsCursor = z.infer<typeof FindListItemsCursor>;
 export const FindListItemsCursor = NonEmptyString;
 
 export type FindListItemsFilter = z.infer<typeof FindListItemsFilter>;
-export const FindListItemsFilter = NonEmptyString;
+export const FindListItemsFilter = z.string();
 
 export type FindListItemsRequestQuery = z.infer<typeof FindListItemsRequestQuery>;
 export const FindListItemsRequestQuery = z.object({
diff --git a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml
index 92dbc361b7ad2..67df0f4e8d031 100644
--- a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml
+++ b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml
@@ -122,4 +122,4 @@ components:
       $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
 
     FindListItemsFilter:
-      $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
+      type: string
diff --git a/packages/kbn-test/src/auth/saml_auth.test.ts b/packages/kbn-test/src/auth/saml_auth.test.ts
index e64f18023a676..6ad972d8f3b5b 100644
--- a/packages/kbn-test/src/auth/saml_auth.test.ts
+++ b/packages/kbn-test/src/auth/saml_auth.test.ts
@@ -42,8 +42,11 @@ const mockGetOnce = (mockedUrl: string, response: any) => {
 
 describe('saml_auth', () => {
   describe('createCloudSession', () => {
+    afterEach(() => {
+      axiosRequestMock.mockClear();
+    });
     test('returns token value', async () => {
-      mockRequestOnce('/api/v1/saas/auth/_login', { data: { token: 'mocked_token' } });
+      mockRequestOnce('/api/v1/saas/auth/_login', { data: { token: 'mocked_token' }, status: 200 });
 
       const sessionToken = await createCloudSession({
         hostname: 'cloud',
@@ -52,23 +55,124 @@ describe('saml_auth', () => {
         log,
       });
       expect(sessionToken).toBe('mocked_token');
+      expect(axiosRequestMock).toBeCalledTimes(1);
     });
 
-    test('throws error when response has no token', async () => {
-      mockRequestOnce('/api/v1/saas/auth/_login', { data: { message: 'no token' } });
+    test('retries until response has the token value', async () => {
+      let callCount = 0;
+      axiosRequestMock.mockImplementation((config: AxiosRequestConfig) => {
+        if (config.url?.endsWith('/api/v1/saas/auth/_login')) {
+          callCount += 1;
+          if (callCount !== 3) {
+            return Promise.resolve({ data: { message: 'no token' }, status: 503 });
+          } else {
+            return Promise.resolve({
+              data: { token: 'mocked_token' },
+              status: 200,
+            });
+          }
+        }
+        return Promise.reject(new Error(`Unexpected URL: ${config.url}`));
+      });
 
-      await expect(
-        createCloudSession({
+      const sessionToken = await createCloudSession(
+        {
           hostname: 'cloud',
           email: 'viewer@elastic.co',
           password: 'changeme',
           log,
-        })
-      ).rejects.toThrow('Unable to create Cloud session, token is missing.');
+        },
+        {
+          attemptsCount: 3,
+          attemptDelay: 100,
+        }
+      );
+
+      expect(sessionToken).toBe('mocked_token');
+      expect(axiosRequestMock).toBeCalledTimes(3);
+    });
+
+    test('retries and throws error when response code is not 200', async () => {
+      axiosRequestMock.mockImplementation((config: AxiosRequestConfig) => {
+        if (config.url?.endsWith('/api/v1/saas/auth/_login')) {
+          return Promise.resolve({ data: { message: 'no token' }, status: 503 });
+        }
+        return Promise.reject(new Error(`Unexpected URL: ${config.url}`));
+      });
+
+      await expect(
+        createCloudSession(
+          {
+            hostname: 'cloud',
+            email: 'viewer@elastic.co',
+            password: 'changeme',
+            log,
+          },
+          {
+            attemptsCount: 2,
+            attemptDelay: 100,
+          }
+        )
+      ).rejects.toThrow(
+        `Failed to create the new cloud session: 'POST https://cloud/api/v1/saas/auth/_login' returned 503`
+      );
+      expect(axiosRequestMock).toBeCalledTimes(2);
+    });
+
+    test('retries and throws error when response has no token value', async () => {
+      axiosRequestMock.mockImplementation((config: AxiosRequestConfig) => {
+        if (config.url?.endsWith('/api/v1/saas/auth/_login')) {
+          return Promise.resolve({
+            data: { user_id: 1234, okta_session_id: 5678, authenticated: false },
+            status: 200,
+          });
+        }
+        return Promise.reject(new Error(`Unexpected URL: ${config.url}`));
+      });
+
+      await expect(
+        createCloudSession(
+          {
+            hostname: 'cloud',
+            email: 'viewer@elastic.co',
+            password: 'changeme',
+            log,
+          },
+          {
+            attemptsCount: 3,
+            attemptDelay: 100,
+          }
+        )
+      ).rejects.toThrow(
+        `Failed to create the new cloud session: token is missing in response data\n{"user_id":"REDACTED","okta_session_id":"REDACTED","authenticated":false}`
+      );
+      expect(axiosRequestMock).toBeCalledTimes(3);
+    });
+
+    test(`throws error when retry 'attemptsCount' is below 1`, async () => {
+      await expect(
+        createCloudSession(
+          {
+            hostname: 'cloud',
+            email: 'viewer@elastic.co',
+            password: 'changeme',
+            log,
+          },
+          {
+            attemptsCount: 0,
+            attemptDelay: 100,
+          }
+        )
+      ).rejects.toThrow(
+        'Failed to create the new cloud session, check retry arguments: {"attemptsCount":0,"attemptDelay":100}'
+      );
     });
   });
 
   describe('createSAMLRequest', () => {
+    afterEach(() => {
+      axiosRequestMock.mockClear();
+    });
     test('returns { location, sid }', async () => {
       mockRequestOnce('/internal/security/login', {
         data: {
@@ -130,6 +234,9 @@ describe('saml_auth', () => {
   });
 
   describe('createSAMLResponse', () => {
+    afterEach(() => {
+      axiosGetMock.mockClear();
+    });
     const location = 'https://cloud.test/saml?SAMLRequest=fVLLbtswEPwVgXe9K6%2F';
     const createSAMLResponseParams = {
       location,
@@ -163,6 +270,9 @@ https://kbn.test.co in the same window.`);
   });
 
   describe('finishSAMLHandshake', () => {
+    afterEach(() => {
+      axiosRequestMock.mockClear();
+    });
     const cookieStr = 'mocked_cookie';
     test('returns valid cookie', async () => {
       mockRequestOnce('/api/security/saml/callback', {
diff --git a/packages/kbn-test/src/auth/saml_auth.ts b/packages/kbn-test/src/auth/saml_auth.ts
index 99343c8c6912b..fc84c6081dfe1 100644
--- a/packages/kbn-test/src/auth/saml_auth.ts
+++ b/packages/kbn-test/src/auth/saml_auth.ts
@@ -17,6 +17,7 @@ import {
   CloudSamlSessionParams,
   CreateSamlSessionParams,
   LocalSamlSessionParams,
+  RetryParams,
   SAMLResponseValueParams,
   UserProfile,
 } from './types';
@@ -34,6 +35,8 @@ export class Session {
   }
 }
 
+const REQUEST_TIMEOUT_MS = 60_000;
+
 const cleanException = (url: string, ex: any) => {
   if (ex.isAxiosError) {
     ex.url = url;
@@ -81,7 +84,13 @@ const getCloudUrl = (hostname: string, pathname: string) => {
   });
 };
 
-export const createCloudSession = async (params: CreateSamlSessionParams) => {
+export const createCloudSession = async (
+  params: CreateSamlSessionParams,
+  retryParams: RetryParams = {
+    attemptsCount: 3,
+    attemptDelay: 15_000,
+  }
+): Promise<string> => {
   const { hostname, email, password, log } = params;
   const cloudLoginUrl = getCloudUrl(hostname, '/api/v1/saas/auth/_login');
   let sessionResponse: AxiosResponse | undefined;
@@ -89,6 +98,7 @@ export const createCloudSession = async (params: CreateSamlSessionParams) => {
     return {
       url: cloudUrl,
       method: 'post',
+      timeout: REQUEST_TIMEOUT_MS,
       data: {
         email,
         password,
@@ -102,24 +112,55 @@ export const createCloudSession = async (params: CreateSamlSessionParams) => {
     };
   };
 
-  try {
-    sessionResponse = await axios.request(requestConfig(cloudLoginUrl));
-  } catch (ex) {
-    log.error(`Failed to create the new cloud session with 'POST ${cloudLoginUrl}'`);
-    cleanException(cloudLoginUrl, ex);
-    throw ex;
+  let attemptsLeft = retryParams.attemptsCount;
+  while (attemptsLeft > 0) {
+    try {
+      sessionResponse = await axios.request(requestConfig(cloudLoginUrl));
+      if (sessionResponse?.status !== 200) {
+        throw new Error(
+          `Failed to create the new cloud session: 'POST ${cloudLoginUrl}' returned ${sessionResponse?.status}`
+        );
+      } else {
+        const token = sessionResponse?.data?.token as string;
+        if (token) {
+          return token;
+        } else {
+          const keysToRedact = ['user_id', 'okta_session_id'];
+          const data = sessionResponse?.data;
+          if (data !== null && typeof data === 'object') {
+            Object.keys(data).forEach((key) => {
+              if (keysToRedact.includes(key)) {
+                data[key] = 'REDACTED';
+              }
+            });
+          }
+          throw new Error(
+            `Failed to create the new cloud session: token is missing in response data\n${JSON.stringify(
+              data
+            )}`
+          );
+        }
+      }
+    } catch (ex) {
+      cleanException(cloudLoginUrl, ex);
+      if (--attemptsLeft > 0) {
+        // log only error message
+        log.error(`${ex.message}\nWaiting ${retryParams.attemptDelay} ms before the next attempt`);
+        await new Promise((resolve) => setTimeout(resolve, retryParams.attemptDelay));
+      } else {
+        log.error(
+          `Failed to create the new cloud session with ${retryParams.attemptsCount} attempts`
+        );
+        // throw original error with stacktrace
+        throw ex;
+      }
+    }
   }
 
-  const token = sessionResponse?.data?.token as string;
-  if (!token) {
-    log.error(
-      `Failed to create cloud session, token is missing in response data: ${JSON.stringify(
-        sessionResponse?.data
-      )}`
-    );
-    throw new Error(`Unable to create Cloud session, token is missing.`);
-  }
-  return token;
+  // should never be reached
+  throw new Error(
+    `Failed to create the new cloud session, check retry arguments: ${JSON.stringify(retryParams)}`
+  );
 };
 
 export const createSAMLRequest = async (kbnUrl: string, kbnVersion: string, log: ToolingLog) => {
diff --git a/packages/kbn-test/src/auth/types.ts b/packages/kbn-test/src/auth/types.ts
index 62ee5ac428934..3b83ca158df90 100644
--- a/packages/kbn-test/src/auth/types.ts
+++ b/packages/kbn-test/src/auth/types.ts
@@ -55,3 +55,8 @@ export interface UserProfile {
   enabled: boolean;
   elastic_cloud_user: boolean;
 }
+
+export interface RetryParams {
+  attemptsCount: number;
+  attemptDelay: number;
+}
diff --git a/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx b/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx
index b33d8125bfd25..14767da922ed9 100644
--- a/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx
+++ b/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx
@@ -221,7 +221,7 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({
   );
 
   const onQuerySubmit = useCallback(() => {
-    if (isQueryLoading && allowQueryCancellation) {
+    if (isQueryLoading && isLoading && allowQueryCancellation) {
       abortController?.abort();
       setIsQueryLoading(false);
     } else {
@@ -235,7 +235,14 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({
       }
       onTextLangQuerySubmit({ [language]: currentValue } as AggregateQuery, abc);
     }
-  }, [language, onTextLangQuerySubmit, abortController, isQueryLoading, allowQueryCancellation]);
+  }, [
+    isQueryLoading,
+    isLoading,
+    allowQueryCancellation,
+    abortController,
+    onTextLangQuerySubmit,
+    language,
+  ]);
 
   const onCommentLine = useCallback(() => {
     const currentSelection = editor1?.current?.getSelection();
@@ -691,9 +698,7 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({
     },
     quickSuggestions: true,
     readOnly:
-      isLoading ||
-      isDisabled ||
-      Boolean(!isCompactFocused && codeOneLiner && codeOneLiner.includes('...')),
+      isDisabled || Boolean(!isCompactFocused && codeOneLiner && codeOneLiner.includes('...')),
     renderLineHighlight: !isCodeEditorExpanded ? 'none' : 'line',
     renderLineHighlightOnlyWhenFocus: true,
     scrollbar: {
diff --git a/src/plugins/dashboard/public/triggers/index.ts b/packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts
similarity index 76%
rename from src/plugins/dashboard/public/triggers/index.ts
rename to packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts
index 96dfa814b949a..74e894d2b5563 100644
--- a/src/plugins/dashboard/public/triggers/index.ts
+++ b/packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts
@@ -5,16 +5,18 @@
  * in compliance with, at your election, the Elastic License 2.0 or the Server
  * Side Public License, v 1.
  */
+
 import { i18n } from '@kbn/i18n';
-import type { Trigger } from '@kbn/ui-actions-plugin/public';
+import { Trigger } from '.';
 
 export const ADD_PANEL_TRIGGER = 'ADD_PANEL_TRIGGER';
+
 export const addPanelMenuTrigger: Trigger = {
   id: ADD_PANEL_TRIGGER,
-  title: i18n.translate('dashboard.addPanelMenuTrigger.title', {
+  title: i18n.translate('uiActions.triggers.dashboard.addPanelMenu.title', {
     defaultMessage: 'Add panel menu',
   }),
-  description: i18n.translate('dashboard.addPanelMenuTrigger.description', {
+  description: i18n.translate('uiActions.triggers.dashboard.addPanelMenu.description', {
     defaultMessage: "A new action will appear to the dashboard's add panel menu",
   }),
 };
diff --git a/packages/kbn-ui-actions-browser/src/triggers/index.ts b/packages/kbn-ui-actions-browser/src/triggers/index.ts
index 091305791d858..d298be1524411 100644
--- a/packages/kbn-ui-actions-browser/src/triggers/index.ts
+++ b/packages/kbn-ui-actions-browser/src/triggers/index.ts
@@ -11,3 +11,4 @@ export * from './row_click_trigger';
 export * from './default_trigger';
 export * from './visualize_field_trigger';
 export * from './visualize_geo_field_trigger';
+export * from './dashboard_app_panel_trigger';
diff --git a/packages/kbn-unified-data-table/src/components/data_table.scss b/packages/kbn-unified-data-table/src/components/data_table.scss
index 28864457af269..4e56e3450ffcb 100644
--- a/packages/kbn-unified-data-table/src/components/data_table.scss
+++ b/packages/kbn-unified-data-table/src/components/data_table.scss
@@ -138,6 +138,7 @@
   padding-inline: 0;
   background: transparent;
   font-weight: $euiFontWeightBold;
+  line-height: inherit; // Required for EuiDataGrid lineCount to work correctly
 }
 
 .unifiedDataTable__descriptionListDescription {
@@ -145,6 +146,7 @@
   padding-inline: 0;
   word-break: break-all;
   white-space: normal;
+  line-height: inherit; // Required for EuiDataGrid lineCount to work correctly
 
   // Special handling for images coming from the image field formatter
   img {
diff --git a/packages/kbn-unified-data-table/src/components/data_table.tsx b/packages/kbn-unified-data-table/src/components/data_table.tsx
index 3a64947fe39ca..1262619401ab6 100644
--- a/packages/kbn-unified-data-table/src/components/data_table.tsx
+++ b/packages/kbn-unified-data-table/src/components/data_table.tsx
@@ -650,10 +650,10 @@ export const UnifiedDataTable = ({
   const editField = useMemo(
     () =>
       onFieldEdited
-        ? (fieldName: string) => {
+        ? async (fieldName: string) => {
             closeFieldEditor.current =
               onFieldEdited &&
-              services?.dataViewFieldEditor?.openEditor({
+              (await services?.dataViewFieldEditor?.openEditor({
                 ctx: {
                   dataView,
                 },
@@ -661,7 +661,7 @@ export const UnifiedDataTable = ({
                 onSave: async () => {
                   await onFieldEdited();
                 },
-              });
+              }));
           }
         : undefined,
     [dataView, onFieldEdited, services?.dataViewFieldEditor]
diff --git a/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar_container.tsx b/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar_container.tsx
index 7bf3317aabe22..68b3380b712ad 100644
--- a/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar_container.tsx
+++ b/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar_container.tsx
@@ -163,8 +163,8 @@ const UnifiedFieldListSidebarContainer = memo(
       const editField = useMemo(
         () =>
           dataView && dataViewFieldEditor && searchMode === 'documents' && canEditDataView
-            ? (fieldName?: string) => {
-                const ref = dataViewFieldEditor.openEditor({
+            ? async (fieldName?: string) => {
+                const ref = await dataViewFieldEditor.openEditor({
                   ctx: {
                     dataView,
                   },
diff --git a/packages/presentation/presentation_containers/interfaces/child_state.ts b/packages/presentation/presentation_containers/interfaces/child_state.ts
index c197974c67add..3a399d8a3c913 100644
--- a/packages/presentation/presentation_containers/interfaces/child_state.ts
+++ b/packages/presentation/presentation_containers/interfaces/child_state.ts
@@ -9,7 +9,9 @@
 import { SerializedPanelState } from './serialized_state';
 
 export interface HasSerializedChildState<SerializedState extends object = object> {
-  getSerializedStateForChild: (childId: string) => SerializedPanelState<SerializedState>;
+  getSerializedStateForChild: (
+    childId: string
+  ) => SerializedPanelState<SerializedState> | undefined;
 }
 
 export interface HasRuntimeChildState<RuntimeState extends object = object> {
diff --git a/packages/presentation/presentation_containers/interfaces/panel_management.ts b/packages/presentation/presentation_containers/interfaces/panel_management.ts
index 1d18f43bc4442..834c0871ca589 100644
--- a/packages/presentation/presentation_containers/interfaces/panel_management.ts
+++ b/packages/presentation/presentation_containers/interfaces/panel_management.ts
@@ -19,7 +19,7 @@ export const apiCanDuplicatePanels = (
 };
 
 export interface CanExpandPanels {
-  expandPanel: (panelId?: string) => void;
+  expandPanel: (panelId: string) => void;
   expandedPanelId: PublishingSubject<string | undefined>;
 }
 
diff --git a/packages/presentation/presentation_containers/interfaces/serialized_state.ts b/packages/presentation/presentation_containers/interfaces/serialized_state.ts
index 593362ab6a7e1..be9e9d4236c33 100644
--- a/packages/presentation/presentation_containers/interfaces/serialized_state.ts
+++ b/packages/presentation/presentation_containers/interfaces/serialized_state.ts
@@ -32,8 +32,8 @@ export const apiHasSerializableState = (api: unknown | null): api is HasSerializ
 
 export interface HasSnapshottableState<RuntimeState extends object = object> {
   /**
-   * Serializes all runtime state exactly as it appears. This could be used
-   * to rehydrate a component's state without needing to deserialize it.
+   * Serializes all runtime state exactly as it appears. This can be used
+   * to rehydrate a component's state without needing to serialize then deserialize it.
    */
   snapshotRuntimeState: () => RuntimeState;
 }
diff --git a/packages/presentation/presentation_publishing/index.ts b/packages/presentation/presentation_publishing/index.ts
index e3136215f3d40..669baa06f677f 100644
--- a/packages/presentation/presentation_publishing/index.ts
+++ b/packages/presentation/presentation_publishing/index.ts
@@ -16,8 +16,8 @@ export interface EmbeddableApiContext {
 
 export {
   getInitialValuesFromComparators,
-  runComparators,
   getUnchangingComparator,
+  runComparators,
   type ComparatorDefinition,
   type ComparatorFunction,
   type StateComparators,
@@ -35,22 +35,23 @@ export {
   type SerializedTimeRange,
 } from './interfaces/fetch/initialize_time_range';
 export {
-  apiPublishesPartialUnifiedSearch,
   apiPublishesFilters,
+  apiPublishesPartialUnifiedSearch,
   apiPublishesTimeRange,
+  apiPublishesTimeslice,
   apiPublishesUnifiedSearch,
   apiPublishesWritableUnifiedSearch,
   useSearchApi,
-  type PublishesTimeRange,
   type PublishesFilters,
+  type PublishesTimeRange,
+  type PublishesTimeslice,
   type PublishesUnifiedSearch,
   type PublishesWritableUnifiedSearch,
-  type PublishesTimeslice,
 } from './interfaces/fetch/publishes_unified_search';
 export {
   apiHasAppContext,
-  type HasAppContext,
   type EmbeddableAppContext,
+  type HasAppContext,
 } from './interfaces/has_app_context';
 export {
   apiHasDisableTriggers,
@@ -63,9 +64,9 @@ export {
   type HasExecutionContext,
 } from './interfaces/has_execution_context';
 export {
+  apiHasInPlaceLibraryTransforms,
   apiHasLegacyLibraryTransforms,
   apiHasLibraryTransforms,
-  apiHasInPlaceLibraryTransforms,
   type HasInPlaceLibraryTransforms,
   type HasLegacyLibraryTransforms,
   type HasLibraryTransforms,
@@ -130,7 +131,11 @@ export {
   type PublishesPanelTitle,
   type PublishesWritablePanelTitle,
 } from './interfaces/titles/publishes_panel_title';
-export { initializeTitles, type SerializedTitles } from './interfaces/titles/titles_api';
+export {
+  initializeTitles,
+  stateHasTitles,
+  type SerializedTitles,
+} from './interfaces/titles/titles_api';
 export {
   useBatchedOptionalPublishingSubjects,
   useBatchedPublishingSubjects,
diff --git a/packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts b/packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts
index f426859cc29b3..c240bddd7b421 100644
--- a/packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts
+++ b/packages/presentation/presentation_publishing/interfaces/fetch/publishes_unified_search.ts
@@ -12,10 +12,10 @@ import { BehaviorSubject } from 'rxjs';
 import { PublishingSubject } from '../../publishing_subject';
 
 export interface PublishesTimeslice {
-  timeslice$?: PublishingSubject<[number, number] | undefined>;
+  timeslice$: PublishingSubject<[number, number] | undefined>;
 }
 
-export interface PublishesTimeRange extends PublishesTimeslice {
+export interface PublishesTimeRange extends Partial<PublishesTimeslice> {
   timeRange$: PublishingSubject<TimeRange | undefined>;
   timeRestore$?: PublishingSubject<boolean | undefined>;
 }
@@ -40,6 +40,12 @@ export type PublishesWritableUnifiedSearch = PublishesUnifiedSearch &
     setQuery: (query: Query | undefined) => void;
   };
 
+export const apiPublishesTimeslice = (
+  unknownApi: null | unknown
+): unknownApi is PublishesTimeslice => {
+  return Boolean(unknownApi && (unknownApi as PublishesTimeslice)?.timeslice$ !== undefined);
+};
+
 export const apiPublishesTimeRange = (
   unknownApi: null | unknown
 ): unknownApi is PublishesTimeRange => {
@@ -56,7 +62,7 @@ export const apiPublishesUnifiedSearch = (
   return Boolean(
     unknownApi &&
       apiPublishesTimeRange(unknownApi) &&
-      (unknownApi as PublishesUnifiedSearch)?.filters$ !== undefined &&
+      apiPublishesFilters(unknownApi) &&
       (unknownApi as PublishesUnifiedSearch)?.query$ !== undefined
   );
 };
@@ -66,7 +72,7 @@ export const apiPublishesPartialUnifiedSearch = (
 ): unknownApi is Partial<PublishesUnifiedSearch> => {
   return Boolean(
     apiPublishesTimeRange(unknownApi) ||
-      (unknownApi as PublishesUnifiedSearch)?.filters$ !== undefined ||
+      apiPublishesFilters(unknownApi) ||
       (unknownApi as PublishesUnifiedSearch)?.query$ !== undefined
   );
 };
diff --git a/packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts b/packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts
index 17d48eca51be7..778748f0e1f2c 100644
--- a/packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts
+++ b/packages/presentation/presentation_publishing/interfaces/has_library_transforms.ts
@@ -34,7 +34,7 @@ interface LibraryTransformGuards {
  * APIs that inherit this interface can be linked to and unlinked from the library in place without
  * re-initialization.
  */
-export interface HasInPlaceLibraryTransforms
+export interface HasInPlaceLibraryTransforms<RuntimeState extends object = object>
   extends Partial<LibraryTransformGuards>,
     DuplicateTitleCheck {
   /**
@@ -49,6 +49,11 @@ export interface HasInPlaceLibraryTransforms
    */
   saveToLibrary: (title: string) => Promise<string>;
 
+  /**
+   * gets a snapshot of this embeddable's runtime state without any state that links it to a library item.
+   */
+  getByValueRuntimeSnapshot: () => RuntimeState;
+
   /**
    * Un-links this embeddable from the library. This method is optional, and only needed if the Embeddable
    * is not meant to be re-initialized as part of the unlink operation. If the embeddable needs to be re-initialized
@@ -69,6 +74,7 @@ export const apiHasInPlaceLibraryTransforms = (
 };
 
 /**
+ * @deprecated use HasInPlaceLibraryTransforms instead
  * APIs that inherit this interface can be linked to and unlinked from the library. After the save or unlink
  * operation, the embeddable will be reinitialized.
  */
diff --git a/packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts b/packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts
index 026ceb1cc84fc..772e7fe6b113a 100644
--- a/packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts
+++ b/packages/presentation/presentation_publishing/interfaces/titles/titles_api.ts
@@ -17,6 +17,14 @@ export interface SerializedTitles {
   hidePanelTitles?: boolean;
 }
 
+export const stateHasTitles = (state: unknown): state is SerializedTitles => {
+  return (
+    (state as SerializedTitles)?.title !== undefined ||
+    (state as SerializedTitles)?.description !== undefined ||
+    (state as SerializedTitles)?.hidePanelTitles !== undefined
+  );
+};
+
 export interface TitlesApi extends PublishesWritablePanelTitle, PublishesWritablePanelDescription {}
 
 export const initializeTitles = (
diff --git a/packages/shared-ux/file/file_upload/impl/src/file_upload.component.tsx b/packages/shared-ux/file/file_upload/impl/src/file_upload.component.tsx
index 06cd2c6d27de0..a10fa1085c11e 100644
--- a/packages/shared-ux/file/file_upload/impl/src/file_upload.component.tsx
+++ b/packages/shared-ux/file/file_upload/impl/src/file_upload.component.tsx
@@ -16,6 +16,10 @@ import {
   useEuiTheme,
   useGeneratedHtmlId,
 } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 import { euiThemeVars } from '@kbn/ui-theme';
 import { useBehaviorSubject } from '@kbn/shared-ux-file-util';
 import { css } from '@emotion/react';
@@ -48,7 +52,7 @@ const styles = {
   `,
 };
 
-export const FileUpload = React.forwardRef<EuiFilePicker, Props>(
+export const FileUpload = React.forwardRef<EuiFilePickerClass, Props>(
   (
     {
       compressed,
@@ -90,7 +94,7 @@ export const FileUpload = React.forwardRef<EuiFilePicker, Props>(
           fullWidth={fullWidth}
           aria-label={i18nTexts.defaultPickerLabel}
           id={id}
-          ref={ref}
+          ref={ref as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
           onChange={(fs) => {
             uploadState.setFiles(Array.from(fs ?? []));
             if (immediate && uploadState.hasFiles()) uploadState.upload(meta);
diff --git a/packages/shared-ux/file/file_upload/impl/src/file_upload.tsx b/packages/shared-ux/file/file_upload/impl/src/file_upload.tsx
index 45e74312e1e55..8fdc292bc5431 100644
--- a/packages/shared-ux/file/file_upload/impl/src/file_upload.tsx
+++ b/packages/shared-ux/file/file_upload/impl/src/file_upload.tsx
@@ -6,8 +6,8 @@
  * Side Public License, v 1.
  */
 
-import { EuiFilePicker } from '@elastic/eui';
 import React, { type FunctionComponent, useRef, useEffect, useMemo } from 'react';
+import type { EuiFilePickerClass } from '@elastic/eui/src/components/form/file_picker/file_picker';
 
 import type { FileJSON } from '@kbn/shared-ux-file-types';
 import { useFilesContext } from '@kbn/shared-ux-file-context';
@@ -136,7 +136,7 @@ export const FileUpload = <Kind extends string = string>({
   className,
 }: Props<Kind>): ReturnType<FunctionComponent> => {
   const { client } = useFilesContext();
-  const ref = useRef<null | EuiFilePicker>(null);
+  const ref = useRef<null | EuiFilePickerClass>(null);
   const fileKind = client.getFileKind(kindId);
   const repeatedUploads = compressed || allowRepeatedUploads;
   const uploadState = useMemo(
diff --git a/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx b/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx
index e00bcdaf9c2fa..eb52f6628b2c7 100644
--- a/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx
+++ b/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx
@@ -25,6 +25,7 @@ import {
   EuiTab,
   type EuiTabProps,
   type CommonProps,
+  useGeneratedHtmlId,
 } from '@elastic/eui';
 import {
   ModalContextProvider,
@@ -69,8 +70,9 @@ const TabbedModalInner: FC<ITabbedModalInner> = ({
 }) => {
   const { tabs, state, dispatch } =
     useModalContext<Array<IModalTabDeclaration<Record<string, any>>>>();
-
   const selectedTabId = state.meta.selectedTabId;
+  const shareModalHeadingId = useGeneratedHtmlId();
+
   const selectedTabState = useMemo(
     () => (selectedTabId ? state[selectedTabId] : {}),
     [selectedTabId, state]
@@ -114,9 +116,10 @@ const TabbedModalInner: FC<ITabbedModalInner> = ({
       style={{ ...(modalWidth ? { width: modalWidth } : {}) }}
       maxWidth={true}
       data-test-subj="shareContextModal"
+      aria-labelledby={shareModalHeadingId}
     >
       <EuiModalHeader>
-        <EuiModalHeaderTitle>{modalTitle}</EuiModalHeaderTitle>
+        <EuiModalHeaderTitle id={shareModalHeadingId}>{modalTitle}</EuiModalHeaderTitle>
       </EuiModalHeader>
       <EuiModalBody>
         <Fragment>
diff --git a/renovate.json b/renovate.json
index f0995502bb1bc..2da4773622aac 100644
--- a/renovate.json
+++ b/renovate.json
@@ -50,7 +50,6 @@
       "reviewers": ["team:kibana-security", "team:kibana-core"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "Team:Security", "Team:Core", "backport:prev-minor"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -68,7 +67,6 @@
       "reviewers": ["team:kibana-core"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "Team:Core", "backport:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -78,7 +76,6 @@
       "reviewers": ["team:kibana-core"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "Team:Core", "backport:all-open"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -89,7 +86,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -99,7 +95,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -109,7 +104,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -120,7 +114,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -130,7 +123,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "backport:all-open", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -140,7 +132,6 @@
       "reviewers": ["team:kibana-visualizations"],
       "matchBaseBranches": ["main"],
       "labels": ["Feature:Vega", "Team:Visualizations"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -150,7 +141,6 @@
       "reviewers": ["Team:apm", "Team: SecuritySolution"],
       "matchBaseBranches": ["main"],
       "labels": ["buildkite-ci", "ci:all-cypress-suites"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -160,7 +150,6 @@
       "reviewers": ["Team: SecuritySolution"],
       "matchBaseBranches": ["main"],
       "labels": ["Team: SecuritySolution"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -181,7 +170,6 @@
       "reviewers": ["team:kibana-security"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Security", "release_note:skip", "backport:all-open"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -198,7 +186,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -208,7 +195,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip", "backport:all-open"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -218,7 +204,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -235,7 +220,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -260,7 +244,6 @@
       "reviewers": ["team:kibana-operations"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Operations", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -271,7 +254,6 @@
       "matchDepPatterns": ["^@storybook"],
       "excludeDepNames": ["@storybook/testing-react"],
       "labels": ["Team:Operations", "release_note:skip", "ci:build-storybooks", "backport:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "allowedVersions": "<7.0",
       "enabled": true
@@ -282,7 +264,6 @@
       "matchBaseBranches": ["main"],
       "matchDepNames": ["@storybook/testing-react"],
       "labels": ["Team:Operations", "release_note:skip", "ci:build-storybooks", "backport:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "allowedVersions": "<2.0",
       "enabled": true
@@ -300,7 +281,6 @@
       ],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -310,7 +290,6 @@
       "reviewers": ["team:security-asset-management", "team:uptime"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -327,7 +306,6 @@
       ],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -364,7 +342,6 @@
       "reviewers": ["team:response-ops", "team:kibana-core"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:all-open"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -384,7 +361,6 @@
       "reviewers": ["team:monitoring"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:Monitoring"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -394,7 +370,6 @@
       "reviewers": ["team:kibana-security", "team:kibana-core"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:skip", "ci:serverless-test-all"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -404,7 +379,6 @@
       "reviewers": ["team:response-ops"],
       "matchBaseBranches": ["main"],
       "labels": ["release_note:skip", "backport:prev-minor"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -414,7 +388,6 @@
       "reviewers": ["team:ml-ui"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:ML", "release_note:skip", "backport:all-open"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
@@ -424,7 +397,6 @@
       "reviewers": ["team:kibana-esql"],
       "matchBaseBranches": ["main"],
       "labels": ["Team:ESQL", "release_note:skip"],
-      "prCreation": "not-pending",
       "minimumReleaseAge": "7 days",
       "enabled": true
     },
diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
index 2337bbfaaa89e..732685c732ff7 100644
--- a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
+++ b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
@@ -88,7 +88,9 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "endpoint:unified-user-artifact-manifest": "71c7fcb52c658b21ea2800a6b6a76972ae1c776e",
         "endpoint:user-artifact-manifest": "1c3533161811a58772e30cdc77bac4631da3ef2b",
         "enterprise_search_telemetry": "9ac912e1417fc8681e0cd383775382117c9e3d3d",
-        "epm-packages": "f8ee125b57df31fd035dc04ad81aef475fd2f5bd",
+        "entity-definition": "33fe0194bd896f0bfe479d55f6de20f8ba1d7713",
+        "entity-discovery-api-key": "c267a65c69171d1804362155c1378365f5acef88",
+        "epm-packages": "8042d4a1522f6c4e6f5486e791b3ffe3a22f88fd",
         "epm-packages-assets": "7a3e58efd9a14191d0d1a00b8aaed30a145fd0b1",
         "event-annotation-group": "715ba867d8c68f3c9438052210ea1c30a9362582",
         "event_loop_delays_daily": "01b967e8e043801357503de09199dfa3853bab88",
@@ -113,7 +115,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "ingest-agent-policies": "90625b4a5ded9d4867358fcccc14a57c0454fcee",
         "ingest-download-sources": "279a68147e62e4d8858c09ad1cf03bd5551ce58d",
         "ingest-outputs": "daafff49255ab700e07491376fe89f04fc998b91",
-        "ingest-package-policies": "579cd432aa814145f59587354c0f55c71341e5dd",
+        "ingest-package-policies": "2c0f7c72d211bb7d3076ce2fc0bd368f9c16d274",
         "ingest_manager_settings": "91445219e7115ff0c45d1dabd5d614a80b421797",
         "inventory-view": "b8683c8e352a286b4aca1ab21003115a4800af83",
         "kql-telemetry": "93c1d16c1a0dfca9c8842062cf5ef8f62ae401ad",
diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
index f6a9bfd089008..a137b905f07a7 100644
--- a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
+++ b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
@@ -51,6 +51,8 @@ const previouslyRegisteredTypes = [
   'endpoint:user-artifact-manifest',
   'endpoint:unified-user-artifact-manifest',
   'enterprise_search_telemetry',
+  'entity-definition',
+  'entity-discovery-api-key',
   'epm-packages',
   'epm-packages-assets',
   'event_loop_delays_daily',
diff --git a/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts
index 8f765010e37a8..c4c56442c23f8 100644
--- a/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts
+++ b/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts
@@ -208,6 +208,8 @@ describe('split .kibana index into multiple system indices', () => {
             "endpoint:unified-user-artifact-manifest",
             "endpoint:user-artifact-manifest",
             "enterprise_search_telemetry",
+            "entity-definition",
+            "entity-discovery-api-key",
             "epm-packages",
             "epm-packages-assets",
             "event-annotation-group",
diff --git a/src/dev/build/args.test.ts b/src/dev/build/args.test.ts
index 5d1aabc85a7f6..1ef318099a657 100644
--- a/src/dev/build/args.test.ts
+++ b/src/dev/build/args.test.ts
@@ -31,13 +31,13 @@ it('build default and oss dist for current platform, without packages, by defaul
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": false,
-        "createDockerChainguard": false,
         "createDockerCloud": false,
         "createDockerContexts": true,
         "createDockerFIPS": false,
         "createDockerServerless": false,
         "createDockerUBI": false,
         "createDockerUbuntu": false,
+        "createDockerWolfi": false,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": false,
@@ -73,13 +73,13 @@ it('builds packages if --all-platforms is passed', () => {
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": true,
-        "createDockerChainguard": true,
         "createDockerCloud": true,
         "createDockerContexts": true,
         "createDockerFIPS": true,
         "createDockerServerless": true,
         "createDockerUBI": true,
         "createDockerUbuntu": true,
+        "createDockerWolfi": true,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": true,
@@ -115,13 +115,13 @@ it('limits packages if --rpm passed with --all-platforms', () => {
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": false,
-        "createDockerChainguard": false,
         "createDockerCloud": false,
         "createDockerContexts": true,
         "createDockerFIPS": false,
         "createDockerServerless": false,
         "createDockerUBI": false,
         "createDockerUbuntu": false,
+        "createDockerWolfi": false,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": true,
@@ -157,13 +157,13 @@ it('limits packages if --deb passed with --all-platforms', () => {
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": true,
-        "createDockerChainguard": false,
         "createDockerCloud": false,
         "createDockerContexts": true,
         "createDockerFIPS": false,
         "createDockerServerless": false,
         "createDockerUBI": false,
         "createDockerUbuntu": false,
+        "createDockerWolfi": false,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": false,
@@ -200,13 +200,13 @@ it('limits packages if --docker passed with --all-platforms', () => {
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": false,
-        "createDockerChainguard": true,
         "createDockerCloud": true,
         "createDockerContexts": true,
         "createDockerFIPS": true,
         "createDockerServerless": true,
         "createDockerUBI": true,
         "createDockerUbuntu": true,
+        "createDockerWolfi": true,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": false,
@@ -250,13 +250,13 @@ it('limits packages if --docker passed with --skip-docker-ubi and --all-platform
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": false,
-        "createDockerChainguard": true,
         "createDockerCloud": true,
         "createDockerContexts": true,
         "createDockerFIPS": true,
         "createDockerServerless": true,
         "createDockerUBI": false,
         "createDockerUbuntu": true,
+        "createDockerWolfi": true,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": false,
@@ -293,13 +293,13 @@ it('limits packages if --all-platforms passed with --skip-docker-ubuntu', () =>
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": true,
-        "createDockerChainguard": true,
         "createDockerCloud": true,
         "createDockerContexts": true,
         "createDockerFIPS": true,
         "createDockerServerless": true,
         "createDockerUBI": true,
         "createDockerUbuntu": false,
+        "createDockerWolfi": true,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": true,
@@ -336,13 +336,13 @@ it('limits packages if --all-platforms passed with --skip-docker-fips', () => {
         "createArchives": true,
         "createCdnAssets": true,
         "createDebPackage": true,
-        "createDockerChainguard": true,
         "createDockerCloud": true,
         "createDockerContexts": true,
         "createDockerFIPS": false,
         "createDockerServerless": true,
         "createDockerUBI": true,
         "createDockerUbuntu": true,
+        "createDockerWolfi": true,
         "createGenericFolders": true,
         "createPlatformFolders": true,
         "createRpmPackage": true,
diff --git a/src/dev/build/args.ts b/src/dev/build/args.ts
index 2ffab8ccb17b9..1bc68c751119d 100644
--- a/src/dev/build/args.ts
+++ b/src/dev/build/args.ts
@@ -31,7 +31,7 @@ export function readCliArgs(argv: string[]) {
       'skip-docker-contexts',
       'skip-docker-ubi',
       'skip-docker-ubuntu',
-      'skip-docker-chainguard',
+      'skip-docker-wolfi',
       'skip-docker-cloud',
       'skip-docker-serverless',
       'skip-docker-fips',
@@ -141,8 +141,7 @@ export function readCliArgs(argv: string[]) {
     createDebPackage: isOsPackageDesired('deb'),
     createDockerUbuntu:
       isOsPackageDesired('docker-images') && !Boolean(flags['skip-docker-ubuntu']),
-    createDockerChainguard:
-      isOsPackageDesired('docker-images') && !Boolean(flags['skip-docker-chainguard']),
+    createDockerWolfi: isOsPackageDesired('docker-images') && !Boolean(flags['skip-docker-wolfi']),
     createDockerCloud: isOsPackageDesired('docker-images') && !Boolean(flags['skip-docker-cloud']),
     createDockerServerless:
       (isOsPackageDesired('docker-images') && !Boolean(flags['skip-docker-serverless'])) ||
diff --git a/src/dev/build/build_distributables.ts b/src/dev/build/build_distributables.ts
index fca37dd46769b..9e8fa29979cf5 100644
--- a/src/dev/build/build_distributables.ts
+++ b/src/dev/build/build_distributables.ts
@@ -31,7 +31,7 @@ export interface BuildOptions {
   createDebPackage: boolean;
   createDockerUBI: boolean;
   createDockerUbuntu: boolean;
-  createDockerChainguard: boolean;
+  createDockerWolfi: boolean;
   createDockerCloud: boolean;
   createDockerServerless: boolean;
   createDockerContexts: boolean;
@@ -151,9 +151,9 @@ export async function buildDistributables(log: ToolingLog, options: BuildOptions
     await run(Tasks.CreateDockerUbuntu);
   }
 
-  if (options.createDockerChainguard) {
-    // control w/ --docker-images or --skip-docker-chainguard or --skip-os-packages
-    await run(Tasks.CreateDockerChainguard);
+  if (options.createDockerWolfi) {
+    // control w/ --docker-images or --skip-docker-wolfi or --skip-os-packages
+    await run(Tasks.CreateDockerWolfi);
   }
   if (options.createDockerCloud) {
     // control w/ --docker-images and --skip-docker-cloud
diff --git a/src/dev/build/cli.ts b/src/dev/build/cli.ts
index 105ce366742a5..73abe4322f647 100644
--- a/src/dev/build/cli.ts
+++ b/src/dev/build/cli.ts
@@ -47,7 +47,7 @@ if (showHelp) {
         --skip-cdn-assets                    {dim Don't build CDN assets}
         --skip-docker-ubi                    {dim Don't build the docker ubi image}
         --skip-docker-ubuntu                 {dim Don't build the docker ubuntu image}
-        --skip-docker-chainguard             {dim Don't build the docker chainguard image}
+        --skip-docker-wolfi                  {dim Don't build the docker wolfi image}
         --skip-docker-fips                   {dim Don't build the docker fips image}
         --release                            {dim Produce a release-ready distributable}
         --version-qualifier                  {dim Suffix version with a qualifier}
diff --git a/src/dev/build/tasks/os_packages/create_os_package_tasks.ts b/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
index b71f900986380..f422d9fae221a 100644
--- a/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
+++ b/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
@@ -80,20 +80,20 @@ export const CreateDockerUbuntu: Task = {
   },
 };
 
-export const CreateDockerChainguard: Task = {
-  description: 'Creating Docker Chainguard image',
+export const CreateDockerWolfi: Task = {
+  description: 'Creating Docker Wolfi image',
 
   async run(config, log, build) {
     await runDockerGenerator(config, log, build, {
       architecture: 'x64',
-      baseImage: 'chainguard',
+      baseImage: 'wolfi',
       context: false,
       image: true,
       dockerBuildDate,
     });
     await runDockerGenerator(config, log, build, {
       architecture: 'aarch64',
-      baseImage: 'chainguard',
+      baseImage: 'wolfi',
       context: false,
       image: true,
       dockerBuildDate,
@@ -183,7 +183,7 @@ export const CreateDockerContexts: Task = {
       dockerBuildDate,
     });
     await runDockerGenerator(config, log, build, {
-      baseImage: 'chainguard',
+      baseImage: 'wolfi',
       context: true,
       image: false,
       dockerBuildDate,
diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
index 0ca827fcbcd8e..27d7a465186a4 100755
--- a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
+++ b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
@@ -117,6 +117,7 @@ kibana_vars=(
     monitoring.cluster_alerts.email_notifications.email_address
     monitoring.kibana.collection.enabled
     monitoring.kibana.collection.interval
+    monitoring.ui.ccs.enabled
     monitoring.ui.container.elasticsearch.enabled
     monitoring.ui.container.logstash.enabled
     monitoring.ui.elasticsearch.hosts
@@ -362,6 +363,7 @@ kibana_vars=(
     xpack.reporting.roles.allow
     xpack.reporting.roles.enabled
     xpack.ruleRegistry.write.enabled
+    xpack.screenshotting.browser.chromium.disableSandbox
     xpack.security.accessAgreement.message
     xpack.security.audit.appender.fileName
     xpack.security.audit.appender.layout.highlight
diff --git a/src/dev/build/tasks/os_packages/docker_generator/run.ts b/src/dev/build/tasks/os_packages/docker_generator/run.ts
index 88de0e92e868f..25cb0d8d0d2d1 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/run.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/run.ts
@@ -29,7 +29,7 @@ export async function runDockerGenerator(
   build: Build,
   flags: {
     architecture?: string;
-    baseImage: 'none' | 'chainguard' | 'ubi' | 'ubuntu';
+    baseImage: 'none' | 'wolfi' | 'ubi' | 'ubuntu';
     context: boolean;
     image: boolean;
     ironbank?: boolean;
@@ -42,12 +42,12 @@ export async function runDockerGenerator(
   let baseImageName = '';
   if (flags.baseImage === 'ubuntu') baseImageName = 'ubuntu:20.04';
   if (flags.baseImage === 'ubi') baseImageName = 'docker.elastic.co/ubi9/ubi-minimal:latest';
-  if (flags.baseImage === 'chainguard')
+  if (flags.baseImage === 'wolfi')
     baseImageName = 'docker.elastic.co/wolfi/chainguard-base:20230214';
 
   let imageFlavor = '';
   if (flags.baseImage === 'ubi') imageFlavor += `-ubi`;
-  if (flags.baseImage === 'chainguard') imageFlavor += `-chainguard`;
+  if (flags.baseImage === 'wolfi') imageFlavor += `-wolfi`;
   if (flags.ironbank) imageFlavor += '-ironbank';
   if (flags.cloud) imageFlavor += '-cloud';
   if (flags.serverless) imageFlavor += '-serverless';
diff --git a/src/dev/build/tasks/os_packages/docker_generator/template_context.ts b/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
index b6cdd9e549956..2d6d2fbd200bd 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
@@ -24,7 +24,7 @@ export interface TemplateContext {
   dockerBuildDate: string;
   usePublicArtifact?: boolean;
   publicArtifactSubdomain: string;
-  baseImage: 'none' | 'ubi' | 'ubuntu' | 'chainguard';
+  baseImage: 'none' | 'ubi' | 'ubuntu' | 'wolfi';
   baseImageName: string;
   cloud?: boolean;
   serverless?: boolean;
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile b/src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
index e7f515ed3bfe2..ecb93cfd50792 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
@@ -17,9 +17,9 @@ RUN microdnf install -y findutils tar gzip
 {{#ubuntu}}
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl
 {{/ubuntu}}
-{{#chainguard}}
+{{#wolfi}}
 RUN apk --no-cache add curl
-{{/chainguard}}
+{{/wolfi}}
 
 {{#usePublicArtifact}}
 RUN cd /tmp && \
@@ -109,9 +109,9 @@ RUN for iter in {1..10}; do \
     done; \
     (exit $exit_code)
 {{/ubuntu}}
-{{#chainguard}}
+{{#wolfi}}
 RUN apk --no-cache add bash curl fontconfig libstdc++ freetype nss findutils shadow
-{{/chainguard}}
+{{/wolfi}}
 
 # Bring in Kibana from the initial stage.
 COPY --from=builder --chown=1000:0 /usr/share/kibana /usr/share/kibana
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
index b07be8b073747..a0e50fb3528ff 100755
--- a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
@@ -16,7 +16,7 @@ function generator(options: TemplateContext) {
   const dir = options.ironbank ? 'ironbank' : 'base';
   const template = readFileSync(resolve(__dirname, dir, './Dockerfile'));
   return Mustache.render(template.toString(), {
-    chainguard: options.baseImage === 'chainguard',
+    wolfi: options.baseImage === 'wolfi',
     ubi: options.baseImage === 'ubi',
     ubuntu: options.baseImage === 'ubuntu',
     opensslLegacyProvider: !(options.cloud || options.serverless || options.fips),
diff --git a/src/dev/license_checker/config.ts b/src/dev/license_checker/config.ts
index 45262fd3a57cc..fabd250b29137 100644
--- a/src/dev/license_checker/config.ts
+++ b/src/dev/license_checker/config.ts
@@ -86,7 +86,7 @@ export const LICENSE_OVERRIDES = {
   'jsts@1.6.2': ['Eclipse Distribution License - v 1.0'], // cf. https://github.com/bjornharrtell/jsts
   '@mapbox/jsonlint-lines-primitives@2.0.2': ['MIT'], // license in readme https://github.com/tmcw/jsonlint
   '@elastic/ems-client@8.5.1': ['Elastic License 2.0'],
-  '@elastic/eui@95.0.0-backport.0': ['SSPL-1.0 OR Elastic License 2.0'],
+  '@elastic/eui@95.2.0': ['SSPL-1.0 OR Elastic License 2.0'],
   'language-subtag-registry@0.3.21': ['CC-BY-4.0'], // retired ODC‑By license https://github.com/mattcg/language-subtag-registry
   'buffers@0.1.1': ['MIT'], // license in importing module https://www.npmjs.com/package/binary
   '@bufbuild/protobuf@1.2.1': ['Apache-2.0'], // license (Apache-2.0 AND BSD-3-Clause)
diff --git a/src/plugins/advanced_settings/public/plugin.tsx b/src/plugins/advanced_settings/public/plugin.tsx
index aca337c70ceac..23e52787207ce 100644
--- a/src/plugins/advanced_settings/public/plugin.tsx
+++ b/src/plugins/advanced_settings/public/plugin.tsx
@@ -30,10 +30,7 @@ const title = i18n.translate('advancedSettings.advancedSettingsLabel', {
 export class AdvancedSettingsPlugin
   implements Plugin<AdvancedSettingsSetup, AdvancedSettingsStart, AdvancedSettingsPluginSetup>
 {
-  public setup(
-    core: CoreSetup,
-    { management, home, usageCollection }: AdvancedSettingsPluginSetup
-  ) {
+  public setup(core: CoreSetup, { management, home }: AdvancedSettingsPluginSetup) {
     const kibanaSection = management.sections.section.kibana;
 
     kibanaSection.registerApp({
@@ -42,6 +39,9 @@ export class AdvancedSettingsPlugin
       order: 3,
       async mount({ element, setBreadcrumbs, history }) {
         const [coreStart] = await core.getStartServices();
+
+        const { docTitle } = coreStart.chrome;
+        docTitle.change(title);
         setBreadcrumbs([{ text: title }]);
 
         ReactDOM.render(
@@ -53,6 +53,7 @@ export class AdvancedSettingsPlugin
           element
         );
         return () => {
+          docTitle.reset();
           ReactDOM.unmountComponentAtNode(element);
         };
       },
diff --git a/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx b/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx
index 41422212fa08b..9b0941d86a5d4 100644
--- a/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx
+++ b/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx
@@ -9,6 +9,7 @@
 import React, { useEffect } from 'react';
 import { i18n } from '@kbn/i18n';
 import {
+  EuiButton,
   EuiCallOut,
   EuiCard,
   EuiFlexGrid,
@@ -86,32 +87,48 @@ export function AiAssistantSelectionPage() {
                     <EuiSpacer size="s" />
                   </>
                 ) : null}
-                <EuiLink
-                  data-test-subj="pluginsAiAssistantSelectionPageDocumentationLink"
-                  external
-                  target="_blank"
-                  href="https://www.elastic.co/guide/en/observability/current/obs-ai-assistant.html"
+                <p>
+                  {i18n.translate(
+                    'aiAssistantManagementSelection.aiAssistantSelectionPage.obsAssistant.documentationLinkDescription',
+                    { defaultMessage: 'For more info, see our' }
+                  )}{' '}
+                  <EuiLink
+                    data-test-subj="pluginsAiAssistantSelectionPageDocumentationLink"
+                    external
+                    target="_blank"
+                    href="https://www.elastic.co/guide/en/observability/current/obs-ai-assistant.html"
+                  >
+                    {i18n.translate(
+                      'aiAssistantManagementSelection.aiAssistantSelectionPage.obsAssistant.documentationLinkLabel',
+                      { defaultMessage: 'documentation' }
+                    )}
+                  </EuiLink>
+                </p>
+                <EuiButton
+                  iconType="gear"
+                  data-test-subj="pluginsAiAssistantSelectionPageButton"
+                  onClick={() =>
+                    navigateToApp('management', {
+                      path: 'kibana/observabilityAiAssistantManagement',
+                    })
+                  }
                 >
                   {i18n.translate(
-                    'aiAssistantManagementSelection.aiAssistantSettingsPage.obsAssistant.documentationLinkLabel',
-                    { defaultMessage: 'Documentation' }
+                    'aiAssistantManagementSelection.aiAssistantSelectionPage.obsAssistant.manageSettingsButtonLabel',
+                    { defaultMessage: 'Manage Settings' }
                   )}
-                </EuiLink>
+                </EuiButton>
               </div>
             }
             display="plain"
             hasBorder
-            icon={<EuiIcon size="l" type="logoObservability" />}
+            icon={<EuiIcon size="xxl" type="logoObservability" />}
             isDisabled={!observabilityAIAssistantEnabled}
-            layout="horizontal"
             title={i18n.translate(
               'aiAssistantManagementSelection.aiAssistantSelectionPage.observabilityLabel',
               { defaultMessage: 'Elastic AI Assistant for Observability' }
             )}
             titleSize="xs"
-            onClick={() =>
-              navigateToApp('management', { path: 'kibana/observabilityAiAssistantManagement' })
-            }
           />
         </EuiFlexItem>
         <EuiFlexItem grow>
@@ -135,32 +152,46 @@ export function AiAssistantSelectionPage() {
                     <EuiSpacer size="s" />
                   </>
                 ) : null}
-                <EuiLink
-                  data-test-subj="securityAiAssistantSelectionPageDocumentationLink"
-                  external
-                  target="_blank"
-                  href="https://www.elastic.co/guide/en/security/current/security-assistant.html"
+                <p>
+                  {i18n.translate(
+                    'aiAssistantManagementSelection.aiAssistantSelectionPage.securityAssistant.documentationLinkDescription',
+                    { defaultMessage: 'For more info, see our' }
+                  )}{' '}
+                  <EuiLink
+                    data-test-subj="securityAiAssistantSelectionPageDocumentationLink"
+                    external
+                    target="_blank"
+                    href="https://www.elastic.co/guide/en/security/current/security-assistant.html"
+                  >
+                    {i18n.translate(
+                      'aiAssistantManagementSelection.aiAssistantSettingsPage.securityAssistant.documentationLinkLabel',
+                      { defaultMessage: 'documentation' }
+                    )}
+                  </EuiLink>
+                </p>
+                <EuiButton
+                  data-test-subj="pluginsAiAssistantSelectionPageButton"
+                  iconType="gear"
+                  onClick={() =>
+                    navigateToApp('management', { path: 'kibana/securityAiAssistantManagement' })
+                  }
                 >
                   {i18n.translate(
-                    'aiAssistantManagementSelection.aiAssistantSettingsPage.securityAssistant.documentationLinkLabel',
-                    { defaultMessage: 'Documentation' }
+                    'aiAssistantManagementSelection.aiAssistantSelectionPage.securityAssistant.manageSettingsButtonLabel',
+                    { defaultMessage: 'Manage Settings' }
                   )}
-                </EuiLink>
+                </EuiButton>
               </div>
             }
             display="plain"
             hasBorder
-            icon={<EuiIcon size="l" type="logoSecurity" />}
+            icon={<EuiIcon size="xxl" type="logoSecurity" />}
             isDisabled={!securityAIAssistantEnabled}
-            layout="horizontal"
             title={i18n.translate(
               'aiAssistantManagementSelection.aiAssistantSelectionPage.securityLabel',
               { defaultMessage: 'Elastic AI Assistant for Security' }
             )}
             titleSize="xs"
-            onClick={() =>
-              navigateToApp('management', { path: 'kibana/securityAiAssistantManagement' })
-            }
           />
         </EuiFlexItem>
       </EuiFlexGrid>
diff --git a/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap b/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap
index 0f9ddb6fb3490..1211da678af7a 100644
--- a/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap
+++ b/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap
@@ -38,6 +38,7 @@ exports[`GaugeComponent renders the chart 1`] = `
             },
           },
           "isolatedPoint": Object {
+            "enabled": true,
             "fill": "white",
             "opacity": 1,
             "radius": 2,
@@ -427,6 +428,7 @@ exports[`GaugeComponent renders the chart 1`] = `
             },
           },
           "isolatedPoint": Object {
+            "enabled": true,
             "fill": "white",
             "opacity": 1,
             "radius": 2,
@@ -452,12 +454,15 @@ exports[`GaugeComponent renders the chart 1`] = `
           "barBackground": "#EDF0F5",
           "border": "#EDF0F5",
           "emptyBackground": "transparent",
+          "iconAlign": "left",
           "minHeight": 64,
+          "minValueFontSize": 12,
           "nonFiniteText": "N/A",
-          "text": Object {
-            "darkColor": "#343741",
-            "lightColor": "#E0E5EE",
-          },
+          "textDarkColor": "#343741",
+          "textLightColor": "#E0E5EE",
+          "titlesTextAlign": "left",
+          "valueFontSize": "default",
+          "valuesTextAlign": "right",
         },
         "partition": Object {
           "circlePadding": 4,
diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap b/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap
index 5951739fd053f..db39a86f8ae4c 100644
--- a/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap
+++ b/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap
@@ -268,6 +268,7 @@ exports[`PartitionVisComponent should render correct structure for donut 1`] = `
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -657,6 +658,7 @@ exports[`PartitionVisComponent should render correct structure for donut 1`] = `
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -682,12 +684,15 @@ exports[`PartitionVisComponent should render correct structure for donut 1`] = `
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
@@ -1197,6 +1202,7 @@ exports[`PartitionVisComponent should render correct structure for mosaic 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -1586,6 +1592,7 @@ exports[`PartitionVisComponent should render correct structure for mosaic 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -1611,12 +1618,15 @@ exports[`PartitionVisComponent should render correct structure for mosaic 1`] =
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
@@ -2186,6 +2196,7 @@ exports[`PartitionVisComponent should render correct structure for multi-metric
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -2575,6 +2586,7 @@ exports[`PartitionVisComponent should render correct structure for multi-metric
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -2600,12 +2612,15 @@ exports[`PartitionVisComponent should render correct structure for multi-metric
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
@@ -3177,6 +3192,7 @@ exports[`PartitionVisComponent should render correct structure for pie 1`] = `
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -3566,6 +3582,7 @@ exports[`PartitionVisComponent should render correct structure for pie 1`] = `
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -3591,12 +3608,15 @@ exports[`PartitionVisComponent should render correct structure for pie 1`] = `
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
@@ -4106,6 +4126,7 @@ exports[`PartitionVisComponent should render correct structure for treemap 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -4495,6 +4516,7 @@ exports[`PartitionVisComponent should render correct structure for treemap 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -4520,12 +4542,15 @@ exports[`PartitionVisComponent should render correct structure for treemap 1`] =
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
@@ -4990,6 +5015,7 @@ exports[`PartitionVisComponent should render correct structure for waffle 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -5379,6 +5405,7 @@ exports[`PartitionVisComponent should render correct structure for waffle 1`] =
                   },
                 },
                 "isolatedPoint": Object {
+                  "enabled": true,
                   "fill": "white",
                   "opacity": 1,
                   "radius": 2,
@@ -5404,12 +5431,15 @@ exports[`PartitionVisComponent should render correct structure for waffle 1`] =
                 "barBackground": "#EDF0F5",
                 "border": "#EDF0F5",
                 "emptyBackground": "transparent",
+                "iconAlign": "left",
                 "minHeight": 64,
+                "minValueFontSize": 12,
                 "nonFiniteText": "N/A",
-                "text": Object {
-                  "darkColor": "#343741",
-                  "lightColor": "#E0E5EE",
-                },
+                "textDarkColor": "#343741",
+                "textLightColor": "#E0E5EE",
+                "titlesTextAlign": "left",
+                "valueFontSize": "default",
+                "valuesTextAlign": "right",
               },
               "partition": Object {
                 "circlePadding": 4,
diff --git a/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap b/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap
index f421ecb99d18e..12e7f4c4a93a5 100644
--- a/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap
+++ b/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap
@@ -610,6 +610,7 @@ exports[`XYChart component it renders area 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -999,6 +1000,7 @@ exports[`XYChart component it renders area 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -1024,12 +1026,15 @@ exports[`XYChart component it renders area 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -2160,6 +2165,7 @@ exports[`XYChart component it renders bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -2549,6 +2555,7 @@ exports[`XYChart component it renders bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -2574,12 +2581,15 @@ exports[`XYChart component it renders bar 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -3710,6 +3720,7 @@ exports[`XYChart component it renders horizontal bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -4099,6 +4110,7 @@ exports[`XYChart component it renders horizontal bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -4124,12 +4136,15 @@ exports[`XYChart component it renders horizontal bar 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -5260,6 +5275,7 @@ exports[`XYChart component it renders line 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -5649,6 +5665,7 @@ exports[`XYChart component it renders line 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -5674,12 +5691,15 @@ exports[`XYChart component it renders line 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -6810,6 +6830,7 @@ exports[`XYChart component it renders stacked area 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -7199,6 +7220,7 @@ exports[`XYChart component it renders stacked area 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -7224,12 +7246,15 @@ exports[`XYChart component it renders stacked area 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -8360,6 +8385,7 @@ exports[`XYChart component it renders stacked bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -8749,6 +8775,7 @@ exports[`XYChart component it renders stacked bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -8774,12 +8801,15 @@ exports[`XYChart component it renders stacked bar 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -9910,6 +9940,7 @@ exports[`XYChart component it renders stacked horizontal bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -10299,6 +10330,7 @@ exports[`XYChart component it renders stacked horizontal bar 1`] = `
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -10324,12 +10356,15 @@ exports[`XYChart component it renders stacked horizontal bar 1`] = `
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -11490,6 +11525,7 @@ exports[`XYChart component split chart should render split chart if both, splitR
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -11879,6 +11915,7 @@ exports[`XYChart component split chart should render split chart if both, splitR
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -11904,12 +11941,15 @@ exports[`XYChart component split chart should render split chart if both, splitR
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -13278,6 +13318,7 @@ exports[`XYChart component split chart should render split chart if splitColumnA
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -13667,6 +13708,7 @@ exports[`XYChart component split chart should render split chart if splitColumnA
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -13692,12 +13734,15 @@ exports[`XYChart component split chart should render split chart if splitColumnA
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
@@ -15059,6 +15104,7 @@ exports[`XYChart component split chart should render split chart if splitRowAcce
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -15448,6 +15494,7 @@ exports[`XYChart component split chart should render split chart if splitRowAcce
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -15473,12 +15520,15 @@ exports[`XYChart component split chart should render split chart if splitRowAcce
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
diff --git a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts
index 600b5f4a98e4a..e31864e4c05c6 100644
--- a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts
+++ b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts
@@ -25,6 +25,11 @@ describe('tokens_utils', () => {
       const result = removeTrailingWhitespaces(url);
       expect(result).toBe('_search');
     });
+    it(`doesn't split a query parameter with whitespaces`, () => {
+      const url = '_search?q="with whitespace"';
+      const result = removeTrailingWhitespaces(url);
+      expect(result).toBe(url);
+    });
   });
 
   describe('parseBody', () => {
diff --git a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts
index decbe0d4fdd9a..2ff755b12af1d 100644
--- a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts
+++ b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts
@@ -405,7 +405,24 @@ export const parseBody = (value: string): string[] => {
  * Ideally the parser would do that, but currently they are included in url.
  */
 export const removeTrailingWhitespaces = (url: string): string => {
-  return url.trim().split(whitespacesRegex)[0];
+  let index = 0;
+  let whitespaceIndex = -1;
+  let isQueryParam = false;
+  let char = url[index];
+  while (char) {
+    if (char === '"') {
+      isQueryParam = !isQueryParam;
+    } else if (char === ' ' && !isQueryParam) {
+      whitespaceIndex = index;
+      break;
+    }
+    index++;
+    char = url[index];
+  }
+  if (whitespaceIndex > 0) {
+    return url.slice(0, whitespaceIndex);
+  }
+  return url;
 };
 
 /*
diff --git a/src/plugins/console/public/application/models/sense_editor/integration.test.js b/src/plugins/console/public/application/models/sense_editor/integration.test.js
index 8327e4d15da78..f74a0a0c10341 100644
--- a/src/plugins/console/public/application/models/sense_editor/integration.test.js
+++ b/src/plugins/console/public/application/models/sense_editor/integration.test.js
@@ -948,8 +948,6 @@ describe('Integration', () => {
         autoCompleteSet: [
           tt('field1.1.1', { f: 1 }, 'string'),
           tt('field1.1.2', { f: 1 }, 'string'),
-          tt('field2.1.1', { f: 1 }, 'string'),
-          tt('field2.1.2', { f: 1 }, 'string'),
         ],
       },
       {
@@ -958,8 +956,6 @@ describe('Integration', () => {
         autoCompleteSet: [
           { name: 'field1.1.1', meta: 'string' },
           { name: 'field1.1.2', meta: 'string' },
-          { name: 'field2.1.1', meta: 'string' },
-          { name: 'field2.1.2', meta: 'string' },
         ],
       },
     ]
diff --git a/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js b/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js
index 752e69c09614e..7615c511148b0 100644
--- a/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js
+++ b/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js
@@ -24,4 +24,12 @@ export class IndexAutocompleteComponent extends ListComponent {
     }
     return !_.find(tokens, nonValidIndexType);
   }
+
+  getDefaultTermMeta() {
+    return 'index';
+  }
+
+  getContextKey() {
+    return 'indices';
+  }
 }
diff --git a/src/plugins/console/public/lib/kb/kb.test.js b/src/plugins/console/public/lib/kb/kb.test.js
index e14ceb6445c8d..b23bdf8ea0846 100644
--- a/src/plugins/console/public/lib/kb/kb.test.js
+++ b/src/plugins/console/public/lib/kb/kb.test.js
@@ -133,12 +133,12 @@ describe('Knowledge base', () => {
   );
 
   indexTest('Index integration 2', ['index1'], [], {
-    index: ['index1'],
+    indices: ['index1'],
     autoCompleteSet: ['_multi_indices', '_single_index'],
   });
 
   indexTest('Index integration 2', [['index1', 'index2']], [], {
-    index: ['index1', 'index2'],
+    indices: ['index1', 'index2'],
     autoCompleteSet: ['_multi_indices', '_single_index'],
   });
 });
diff --git a/src/plugins/console/public/styles/_app.scss b/src/plugins/console/public/styles/_app.scss
index a4a7469a69bfe..f2353821ec93f 100644
--- a/src/plugins/console/public/styles/_app.scss
+++ b/src/plugins/console/public/styles/_app.scss
@@ -133,3 +133,11 @@
 .console__monaco_editor__selectedRequests {
   background: transparentize($euiColorLightShade, .3);
 }
+/*
+ * The z-index for the autocomplete suggestions popup
+ */
+
+.kibanaCodeEditor .monaco-editor .suggest-widget {
+  // the value needs to be above the z-index of the resizer bar
+  z-index: $euiZLevel1 + 2;
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/js/query/dsl.ts b/src/plugins/console/server/lib/spec_definitions/js/query/dsl.ts
index 273c5eab9c889..c56a38e04df11 100644
--- a/src/plugins/console/server/lib/spec_definitions/js/query/dsl.ts
+++ b/src/plugins/console/server/lib/spec_definitions/js/query/dsl.ts
@@ -517,15 +517,23 @@ export const query = (specService: SpecDefinitionsService) => {
         format: 'dd/MM/yyyy||yyyy',
       },
     },
-    rule_query: {
+    rule: {
       __template: {
         organic: {},
-        ruleset_id: '',
+        ruleset_ids: [''],
         match_criteria: {
           FIELD: 'VALUE',
         },
       },
     },
+    semantic: {
+      __template: {
+        field: '',
+        query: '',
+      },
+      field: '{field}',
+      query: '',
+    },
     span_first: {
       __template: spanFirstTemplate,
       match: SPAN_QUERIES,
@@ -575,6 +583,18 @@ export const query = (specService: SpecDefinitionsService) => {
       little: SPAN_QUERIES,
       big: SPAN_QUERIES,
     },
+    sparse_vector: {
+      field: 'NAME',
+      inference_id: '',
+      query: '',
+      prune: true,
+      pruning_config: {
+        tokens_freq_ratio_threshold: 5,
+        tokens_weight_threshold: 0.4,
+        only_score_pruned_tokens: false,
+      },
+      query_vector: [],
+    },
     term: {
       __template: {
         FIELD: {
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/capabilities.json b/src/plugins/console/server/lib/spec_definitions/json/generated/capabilities.json
new file mode 100644
index 0000000000000..148c9f1ad027b
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/capabilities.json
@@ -0,0 +1,15 @@
+{
+  "capabilities": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_capabilities"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/capabilities.html",
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/cluster.put_component_template.json b/src/plugins/console/server/lib/spec_definitions/json/generated/cluster.put_component_template.json
index 3caf19f4084e1..a7afc71940327 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/cluster.put_component_template.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/cluster.put_component_template.json
@@ -10,8 +10,7 @@
         "30s",
         "-1",
         "0"
-      ],
-      "cause": ""
+      ]
     },
     "methods": [
       "PUT",
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.put.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.put.json
index 3565e6933f0d3..613a82ceacfe8 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.put.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.put.json
@@ -10,7 +10,8 @@
       "PUT"
     ],
     "patterns": [
-      "_connector/{connector_id}"
+      "_connector/{connector_id}",
+      "_connector"
     ],
     "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/create-connector-api.html",
     "availability": {
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_delete.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_delete.json
new file mode 100644
index 0000000000000..845c8a0b7510a
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_delete.json
@@ -0,0 +1,15 @@
+{
+  "connector.secret_delete": {
+    "methods": [
+      "DELETE"
+    ],
+    "patterns": [
+      "_connector/_secret/{id}"
+    ],
+    "documentation": null,
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_get.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_get.json
new file mode 100644
index 0000000000000..989e599eb66f7
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_get.json
@@ -0,0 +1,15 @@
+{
+  "connector.secret_get": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_connector/_secret/{id}"
+    ],
+    "documentation": null,
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_post.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_post.json
new file mode 100644
index 0000000000000..a26ec68bf8689
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_post.json
@@ -0,0 +1,15 @@
+{
+  "connector.secret_post": {
+    "methods": [
+      "POST"
+    ],
+    "patterns": [
+      "_connector/_secret"
+    ],
+    "documentation": null,
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_put.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_put.json
new file mode 100644
index 0000000000000..79f61c764ccc5
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.secret_put.json
@@ -0,0 +1,15 @@
+{
+  "connector.secret_put": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/_secret/{id}"
+    ],
+    "documentation": null,
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_check_in.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_check_in.json
new file mode 100644
index 0000000000000..54be708a6e7fe
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_check_in.json
@@ -0,0 +1,15 @@
+{
+  "connector.sync_job_check_in": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/_sync_job/{connector_sync_job_id}/_check_in"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/check-in-connector-sync-job-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_claim.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_claim.json
new file mode 100644
index 0000000000000..7abe3c845a22d
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_claim.json
@@ -0,0 +1,15 @@
+{
+  "connector.sync_job_claim": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/_sync_job/{connector_sync_job_id}/_claim"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/claim-connector-sync-job-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_error.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_error.json
new file mode 100644
index 0000000000000..c312d25bfb3ac
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_error.json
@@ -0,0 +1,15 @@
+{
+  "connector.sync_job_error": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/_sync_job/{connector_sync_job_id}/_error"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/set-connector-sync-job-error-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_update_stats.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_update_stats.json
new file mode 100644
index 0000000000000..f6b09c8a5b658
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.sync_job_update_stats.json
@@ -0,0 +1,15 @@
+{
+  "connector.sync_job_update_stats": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/_sync_job/{connector_sync_job_id}/_stats"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/set-connector-sync-job-stats-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/connector.update_features.json b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.update_features.json
new file mode 100644
index 0000000000000..fd9ef3fbcced0
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/connector.update_features.json
@@ -0,0 +1,15 @@
+{
+  "connector.update_features": {
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_connector/{connector_id}/_features"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/update-connector-features-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query.json b/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query.json
new file mode 100644
index 0000000000000..5e1a042cbd99b
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query.json
@@ -0,0 +1,15 @@
+{
+  "esql.async_query": {
+    "methods": [
+      "POST"
+    ],
+    "patterns": [
+      "_query/async"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/esql-async-query-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query_get.json b/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query_get.json
new file mode 100644
index 0000000000000..4a459ad7a5dfc
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/esql.async_query_get.json
@@ -0,0 +1,15 @@
+{
+  "esql.async_query_get": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_query/async/{id}"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/esql-async-query-get-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete_model.json b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete.json
similarity index 84%
rename from src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete_model.json
rename to src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete.json
index 7e082d86a8bcc..6fa19254ec50a 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete_model.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.delete.json
@@ -1,10 +1,12 @@
 {
-  "inference.delete_model": {
+  "inference.delete": {
     "url_params": {
       "error_trace": "__flag__",
       "filter_path": [],
       "human": "__flag__",
-      "pretty": "__flag__"
+      "pretty": "__flag__",
+      "dry_run": "__flag__",
+      "force": "__flag__"
     },
     "url_components": {
       "task_type": [
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.get_model.json b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.get.json
similarity index 95%
rename from src/plugins/console/server/lib/spec_definitions/json/generated/inference.get_model.json
rename to src/plugins/console/server/lib/spec_definitions/json/generated/inference.get.json
index 0fe3602233280..906eb3f584541 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.get_model.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.get.json
@@ -1,5 +1,5 @@
 {
-  "inference.get_model": {
+  "inference.get": {
     "url_params": {
       "error_trace": "__flag__",
       "filter_path": [],
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.put_model.json b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.put.json
similarity index 95%
rename from src/plugins/console/server/lib/spec_definitions/json/generated/inference.put_model.json
rename to src/plugins/console/server/lib/spec_definitions/json/generated/inference.put.json
index 9bd3f0df09de3..9109c3cb909f1 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/inference.put_model.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/inference.put.json
@@ -1,5 +1,5 @@
 {
-  "inference.put_model": {
+  "inference.put": {
     "url_params": {
       "error_trace": "__flag__",
       "filter_path": [],
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/ml.get_trained_models.json b/src/plugins/console/server/lib/spec_definitions/json/generated/ml.get_trained_models.json
index 285c38fee485b..a192a36c17057 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/ml.get_trained_models.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/ml.get_trained_models.json
@@ -19,7 +19,7 @@
       "size": [
         "100"
       ],
-      "tags": ""
+      "tags": []
     },
     "methods": [
       "GET"
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/ml.update_trained_model_deployment.json b/src/plugins/console/server/lib/spec_definitions/json/generated/ml.update_trained_model_deployment.json
index 8e7f488299c84..15a3ee7ef9750 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/ml.update_trained_model_deployment.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/ml.update_trained_model_deployment.json
@@ -1,5 +1,14 @@
 {
   "ml.update_trained_model_deployment": {
+    "url_params": {
+      "error_trace": "__flag__",
+      "filter_path": [],
+      "human": "__flag__",
+      "pretty": "__flag__",
+      "number_of_allocations": [
+        "1"
+      ]
+    },
     "methods": [
       "POST"
     ],
@@ -9,7 +18,7 @@
     "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/update-trained-model-deployment.html",
     "availability": {
       "stack": true,
-      "serverless": false
+      "serverless": true
     }
   }
 }
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.flamegraph.json b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.flamegraph.json
new file mode 100644
index 0000000000000..0d5b3b76fcd48
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.flamegraph.json
@@ -0,0 +1,15 @@
+{
+  "profiling.flamegraph": {
+    "methods": [
+      "POST"
+    ],
+    "patterns": [
+      "_profiling/flamegraph"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/observability/current/universal-profiling.html",
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.stacktraces.json b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.stacktraces.json
new file mode 100644
index 0000000000000..61dbb1147fe13
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.stacktraces.json
@@ -0,0 +1,15 @@
+{
+  "profiling.stacktraces": {
+    "methods": [
+      "POST"
+    ],
+    "patterns": [
+      "_profiling/stacktraces"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/observability/current/universal-profiling.html",
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.status.json b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.status.json
new file mode 100644
index 0000000000000..c64acf2e2e6b7
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.status.json
@@ -0,0 +1,15 @@
+{
+  "profiling.status": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_profiling/status"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/observability/current/universal-profiling.html",
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.topn_functions.json b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.topn_functions.json
new file mode 100644
index 0000000000000..b47ff26f3f53b
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/profiling.topn_functions.json
@@ -0,0 +1,15 @@
+{
+  "profiling.topn_functions": {
+    "methods": [
+      "POST"
+    ],
+    "patterns": [
+      "_profiling/topn/functions"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/observability/current/universal-profiling.html",
+    "availability": {
+      "stack": false,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.delete.json b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.delete.json
new file mode 100644
index 0000000000000..eea5d085b03bc
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.delete.json
@@ -0,0 +1,21 @@
+{
+  "query_rule.delete": {
+    "url_params": {
+      "error_trace": "__flag__",
+      "filter_path": [],
+      "human": "__flag__",
+      "pretty": "__flag__"
+    },
+    "methods": [
+      "DELETE"
+    ],
+    "patterns": [
+      "_query_rules/{ruleset_id}/_rule/{rule_id}"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/delete-query-rule.html",
+    "availability": {
+      "stack": true,
+      "serverless": true
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.get.json b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.get.json
new file mode 100644
index 0000000000000..27564d1fe7b16
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.get.json
@@ -0,0 +1,21 @@
+{
+  "query_rule.get": {
+    "url_params": {
+      "error_trace": "__flag__",
+      "filter_path": [],
+      "human": "__flag__",
+      "pretty": "__flag__"
+    },
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_query_rules/{ruleset_id}/_rule/{rule_id}"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/get-query-rule.html",
+    "availability": {
+      "stack": true,
+      "serverless": true
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.put.json b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.put.json
new file mode 100644
index 0000000000000..346eeba09e6ed
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/query_rule.put.json
@@ -0,0 +1,21 @@
+{
+  "query_rule.put": {
+    "url_params": {
+      "error_trace": "__flag__",
+      "filter_path": [],
+      "human": "__flag__",
+      "pretty": "__flag__"
+    },
+    "methods": [
+      "PUT"
+    ],
+    "patterns": [
+      "_query_rules/{ruleset_id}/_rule/{rule_id}"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/put-query-rule.html",
+    "availability": {
+      "stack": true,
+      "serverless": true
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/search_application.search.json b/src/plugins/console/server/lib/spec_definitions/json/generated/search_application.search.json
index f631d4d66edb3..7c56913704d1c 100644
--- a/src/plugins/console/server/lib/spec_definitions/json/generated/search_application.search.json
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/search_application.search.json
@@ -4,7 +4,8 @@
       "error_trace": "__flag__",
       "filter_path": [],
       "human": "__flag__",
-      "pretty": "__flag__"
+      "pretty": "__flag__",
+      "typed_keys": "__flag__"
     },
     "methods": [
       "GET",
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/security.query_user.json b/src/plugins/console/server/lib/spec_definitions/json/generated/security.query_user.json
new file mode 100644
index 0000000000000..4b8f22799b4bc
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/security.query_user.json
@@ -0,0 +1,16 @@
+{
+  "security.query_user": {
+    "methods": [
+      "GET",
+      "POST"
+    ],
+    "patterns": [
+      "_security/_query/user"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/simulate.ingest.json b/src/plugins/console/server/lib/spec_definitions/json/generated/simulate.ingest.json
new file mode 100644
index 0000000000000..9f7c9a4e91b3d
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/simulate.ingest.json
@@ -0,0 +1,17 @@
+{
+  "simulate.ingest": {
+    "methods": [
+      "GET",
+      "POST"
+    ],
+    "patterns": [
+      "_ingest/_simulate",
+      "_ingest/{index}/_simulate"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/master/simulate-ingest-api.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_field_structure.json b/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_field_structure.json
new file mode 100644
index 0000000000000..08d0ca5f33c4f
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_field_structure.json
@@ -0,0 +1,15 @@
+{
+  "text_structure.find_field_structure": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_text_structure/find_field_structure"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/find-field-structure.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_message_structure.json b/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_message_structure.json
new file mode 100644
index 0000000000000..6d01c9d1fc96f
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/text_structure.find_message_structure.json
@@ -0,0 +1,16 @@
+{
+  "text_structure.find_message_structure": {
+    "methods": [
+      "GET",
+      "POST"
+    ],
+    "patterns": [
+      "_text_structure/find_message_structure"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/find-message-structure.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/console/server/lib/spec_definitions/json/generated/transform.get_node_stats.json b/src/plugins/console/server/lib/spec_definitions/json/generated/transform.get_node_stats.json
new file mode 100644
index 0000000000000..f876a6c186ba1
--- /dev/null
+++ b/src/plugins/console/server/lib/spec_definitions/json/generated/transform.get_node_stats.json
@@ -0,0 +1,15 @@
+{
+  "transform.get_node_stats": {
+    "methods": [
+      "GET"
+    ],
+    "patterns": [
+      "_transform/_node_stats"
+    ],
+    "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/get-transform-node-stats.html",
+    "availability": {
+      "stack": true,
+      "serverless": false
+    }
+  }
+}
diff --git a/src/plugins/controls/public/control_group/component/control_group_sortable_item.tsx b/src/plugins/controls/public/control_group/component/control_group_sortable_item.tsx
index fb0e2a1c370ae..31ef22f47fc9e 100644
--- a/src/plugins/controls/public/control_group/component/control_group_sortable_item.tsx
+++ b/src/plugins/controls/public/control_group/component/control_group_sortable_item.tsx
@@ -70,6 +70,7 @@ const SortableControlInner = forwardRef<
   ) => {
     const { isOver, isDragging, draggingIndex, index } = dragInfo;
     const panels = controlGroupSelector((state) => state.explicitInput.panels);
+    const controlStyle = controlGroupSelector((state) => state.explicitInput.controlStyle);
 
     const grow = panels[embeddableId].grow;
     const width = panels[embeddableId].width;
@@ -84,9 +85,9 @@ const SortableControlInner = forwardRef<
       >
         <EuiIcon type="grabHorizontal" />
       </button>
-    ) : (
+    ) : controlStyle === 'oneLine' ? (
       <EuiIcon type="empty" size="s" />
-    );
+    ) : undefined;
 
     return (
       <EuiFlexItem
diff --git a/src/plugins/controls/public/control_group/control_group.scss b/src/plugins/controls/public/control_group/control_group.scss
index 985e8e1603d0d..badc53cf7bec1 100644
--- a/src/plugins/controls/public/control_group/control_group.scss
+++ b/src/plugins/controls/public/control_group/control_group.scss
@@ -84,6 +84,12 @@ $controlMinWidth: $euiSize * 14;
   flex-basis: auto;
   position: relative;
 
+  &:not(.controlFrameWrapper-isEditable) {
+    .controlFrame--twoLine {
+      border-radius: $euiFormControlBorderRadius !important;
+    }
+  }
+
   .controlFrame__labelToolTip {
     max-width: 40%;
   }
diff --git a/src/plugins/dashboard/public/dashboard_actions/expand_panel_action.tsx b/src/plugins/dashboard/public/dashboard_actions/expand_panel_action.tsx
index dd43e5967d6c7..adc0c8389e2cf 100644
--- a/src/plugins/dashboard/public/dashboard_actions/expand_panel_action.tsx
+++ b/src/plugins/dashboard/public/dashboard_actions/expand_panel_action.tsx
@@ -50,8 +50,6 @@ export class ExpandPanelAction implements Action<EmbeddableApiContext> {
 
   public async execute({ embeddable }: EmbeddableApiContext) {
     if (!isApiCompatible(embeddable)) throw new IncompatibleActionError();
-    embeddable.parentApi.expandPanel(
-      embeddable.parentApi.expandedPanelId.value ? undefined : embeddable.uuid
-    );
+    embeddable.parentApi.expandPanel(embeddable.uuid);
   }
 }
diff --git a/src/plugins/dashboard/public/dashboard_actions/index.ts b/src/plugins/dashboard/public/dashboard_actions/index.ts
index ecffeaa5643ae..ba93db83247d4 100644
--- a/src/plugins/dashboard/public/dashboard_actions/index.ts
+++ b/src/plugins/dashboard/public/dashboard_actions/index.ts
@@ -8,7 +8,6 @@
 
 import { CoreStart } from '@kbn/core/public';
 import { CONTEXT_MENU_TRIGGER, PANEL_NOTIFICATION_TRIGGER } from '@kbn/embeddable-plugin/public';
-
 import { DashboardStartDependencies } from '../plugin';
 import { AddToLibraryAction } from './add_to_library_action';
 import { LegacyAddToLibraryAction } from './legacy_add_to_library_action';
diff --git a/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx b/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx
index 17612fa9c6ef7..77aa1e5036c7b 100644
--- a/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx
+++ b/src/plugins/dashboard/public/dashboard_actions/unlink_from_library_action.tsx
@@ -77,7 +77,7 @@ export class UnlinkFromLibraryAction implements Action<EmbeddableApiContext> {
       return api.canUnlinkFromLibrary();
     } else if (apiHasInPlaceLibraryTransforms(api)) {
       const canUnLink = api.canUnlinkFromLibrary ? await api.canUnlinkFromLibrary() : true;
-      return canUnLink && api.libraryId$.value !== undefined;
+      return canUnLink && Boolean(api.libraryId$.value);
     }
     throw new IncompatibleActionError();
   }
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts
index ed2fadd359db7..180b9b7eb2ff9 100644
--- a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts
@@ -7,7 +7,7 @@
  */
 
 import { getMockPresentationContainer } from '@kbn/presentation-containers/mocks';
-import { getAddPanelActionMenuItems } from './add_panel_action_menu_items';
+import { getAddPanelActionMenuItemsGroup } from './add_panel_action_menu_items';
 
 describe('getAddPanelActionMenuItems', () => {
   it('returns the items correctly', async () => {
@@ -54,39 +54,53 @@ describe('getAddPanelActionMenuItems', () => {
         ],
       },
     ];
-    const [items, grouped] = getAddPanelActionMenuItems(
+    const grouped = getAddPanelActionMenuItemsGroup(
       getMockPresentationContainer(),
       registeredActions,
       jest.fn()
     );
-    expect(items).toStrictEqual([
-      {
-        'data-test-subj': 'create-action-Action name',
-        icon: 'pencil',
-        name: 'Action name',
-        onClick: expect.any(Function),
-        toolTipContent: 'Action tooltip',
-      },
-    ]);
+
     expect(grouped).toStrictEqual({
       groupedAddPanelAction: {
         id: 'groupedAddPanelAction',
         title: 'Custom group',
-        icon: 'logoElasticsearch',
+        order: 0,
+        'data-test-subj': 'dashboardEditorMenu-groupedAddPanelActionGroup',
         items: [
           {
             'data-test-subj': 'create-action-Action name 01',
             icon: 'pencil',
+            id: 'TEST_ACTION_01',
             name: 'Action name 01',
             onClick: expect.any(Function),
-            toolTipContent: 'Action tooltip',
+            description: 'Action tooltip',
+            order: 0,
           },
           {
             'data-test-subj': 'create-action-Action name',
             icon: 'empty',
+            id: 'TEST_ACTION_02',
+            name: 'Action name',
+            onClick: expect.any(Function),
+            description: 'Action tooltip',
+            order: 0,
+          },
+        ],
+      },
+      other: {
+        id: 'other',
+        title: 'Other',
+        order: -1,
+        'data-test-subj': 'dashboardEditorMenu-otherGroup',
+        items: [
+          {
+            id: 'ACTION_CREATE_ESQL_CHART',
             name: 'Action name',
+            icon: 'pencil',
+            description: 'Action tooltip',
             onClick: expect.any(Function),
-            toolTipContent: 'Action tooltip',
+            'data-test-subj': 'create-action-Action name',
+            order: 0,
           },
         ],
       },
@@ -94,12 +108,8 @@ describe('getAddPanelActionMenuItems', () => {
   });
 
   it('returns empty array if no actions have been registered', async () => {
-    const [items, grouped] = getAddPanelActionMenuItems(
-      getMockPresentationContainer(),
-      [],
-      jest.fn()
-    );
-    expect(items).toStrictEqual([]);
+    const grouped = getAddPanelActionMenuItemsGroup(getMockPresentationContainer(), [], jest.fn());
+
     expect(grouped).toStrictEqual({});
   });
 });
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts
index 678129d0f5808..4e90d94caa388 100644
--- a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts
@@ -5,13 +5,35 @@
  * in compliance with, at your election, the Elastic License 2.0 or the Server
  * Side Public License, v 1.
  */
-import type { ActionExecutionContext, Action } from '@kbn/ui-actions-plugin/public';
+
+import {
+  type ActionExecutionContext,
+  type Action,
+  addPanelMenuTrigger,
+} from '@kbn/ui-actions-plugin/public';
 import { PresentationContainer } from '@kbn/presentation-containers';
-import type {
-  EuiContextMenuPanelDescriptor,
-  EuiContextMenuPanelItemDescriptor,
-} from '@elastic/eui';
-import { addPanelMenuTrigger } from '../../triggers';
+import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public';
+import type { IconType, CommonProps } from '@elastic/eui';
+import React, { type MouseEventHandler } from 'react';
+
+export interface PanelSelectionMenuItem extends Pick<CommonProps, 'data-test-subj'> {
+  id: string;
+  name: string;
+  icon: IconType;
+  onClick: MouseEventHandler;
+  description?: string;
+  isDisabled?: boolean;
+  isDeprecated?: boolean;
+  order: number;
+}
+
+export type GroupedAddPanelActions = Pick<
+  PanelSelectionMenuItem,
+  'id' | 'isDisabled' | 'data-test-subj' | 'order'
+> & {
+  title: string;
+  items: PanelSelectionMenuItem[];
+};
 
 const onAddPanelActionClick =
   (action: Action, context: ActionExecutionContext<object>, closePopover: () => void) =>
@@ -30,16 +52,11 @@ const onAddPanelActionClick =
     } else action.execute(context);
   };
 
-export type GroupedAddPanelActions = EuiContextMenuPanelDescriptor & {
-  icon?: string;
-};
-
-export const getAddPanelActionMenuItems = (
+export const getAddPanelActionMenuItemsGroup = (
   api: PresentationContainer,
   actions: Array<Action<object>> | undefined,
   closePopover: () => void
-): [EuiContextMenuPanelItemDescriptor[], Record<string, GroupedAddPanelActions>] => {
-  const ungrouped: EuiContextMenuPanelItemDescriptor[] = [];
+) => {
   const grouped: Record<string, GroupedAddPanelActions> = {};
 
   const context = {
@@ -47,29 +64,31 @@ export const getAddPanelActionMenuItems = (
     trigger: addPanelMenuTrigger,
   };
 
-  const getMenuItem = (item: Action<object>) => {
+  const getMenuItem = (item: Action<object>): PanelSelectionMenuItem => {
     const actionName = item.getDisplayName(context);
 
     return {
+      id: item.id,
       name: actionName,
       icon:
         (typeof item.getIconType === 'function' ? item.getIconType(context) : undefined) ?? 'empty',
       onClick: onAddPanelActionClick(item, context, closePopover),
       'data-test-subj': `create-action-${actionName}`,
-      toolTipContent: item?.getDisplayNameTooltip?.(context),
+      description: item?.getDisplayNameTooltip?.(context),
+      order: item.order ?? 0,
     };
   };
 
   actions?.forEach((item) => {
     if (Array.isArray(item.grouping)) {
       item.grouping.forEach((group) => {
-        if (!grouped[group.id]) {
-          grouped[group.id] = {
-            id: group.id,
-            icon:
-              (typeof group.getIconType === 'function' ? group.getIconType(context) : undefined) ??
-              'empty',
-            title: group.getDisplayName ? group.getDisplayName(context) : undefined,
+        const groupId = group.id;
+        if (!grouped[groupId]) {
+          grouped[groupId] = {
+            id: groupId,
+            title: group.getDisplayName ? group.getDisplayName(context) : '',
+            'data-test-subj': `dashboardEditorMenu-${groupId}Group`,
+            order: group.order ?? 0,
             items: [],
           };
         }
@@ -77,9 +96,22 @@ export const getAddPanelActionMenuItems = (
         grouped[group.id]!.items!.push(getMenuItem(item));
       });
     } else {
-      ungrouped.push(getMenuItem(item));
+      // use other group as the default for definitions that don't have a group
+      const fallbackGroup = COMMON_EMBEDDABLE_GROUPING.other;
+
+      if (!grouped[fallbackGroup.id]) {
+        grouped[fallbackGroup.id] = {
+          id: fallbackGroup.id,
+          title: fallbackGroup.getDisplayName?.({ embeddable: api }) || '',
+          'data-test-subj': `dashboardEditorMenu-${fallbackGroup.id}Group`,
+          order: fallbackGroup.order || 0,
+          items: [],
+        };
+      }
+
+      grouped[fallbackGroup.id].items.push(getMenuItem(item));
     }
   });
 
-  return [ungrouped, grouped];
+  return grouped;
 };
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss
index 859a0ee11067e..0f463926908f3 100644
--- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss
@@ -3,4 +3,4 @@
   @include euiOverflowShadow;
   max-height: 60vh;
   overflow-y: scroll;
-}
\ No newline at end of file
+}
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx
index 6b2ff3f1900a3..c2b51a5e0eda5 100644
--- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx
@@ -34,9 +34,10 @@ describe('mergeGroupedItemsProvider', () => {
 
   const factoryGroupMap = {
     group1: {
-      panelId: 'panel1',
+      id: 'panel1',
       appName: 'App 1',
       icon: 'icon1',
+      order: 10,
       factories: [mockFactory],
     },
   } as unknown as Record<string, FactoryGroup>;
@@ -46,29 +47,23 @@ describe('mergeGroupedItemsProvider', () => {
       id: 'panel2',
       title: 'Panel 2',
       icon: 'icon2',
+      order: 10,
       items: [
         {
           id: 'addPanelActionId',
+          order: 0,
         },
       ],
     },
   } as unknown as Record<string, GroupedAddPanelActions>;
 
   it('should merge factoryGroupMap and groupedAddPanelAction correctly', () => {
-    const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider(
-      getEmbeddableFactoryMenuItem
-    )(factoryGroupMap, groupedAddPanelAction);
+    const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)(
+      factoryGroupMap,
+      groupedAddPanelAction
+    );
 
-    expect(initialPanelGroups).toEqual([
-      {
-        'data-test-subj': 'dashboardEditorMenu-group1Group',
-        name: 'App 1',
-        icon: 'icon1',
-        panel: 'panel1',
-      },
-    ]);
-
-    expect(additionalPanels).toEqual([
+    expect(groupedPanels).toEqual([
       {
         id: 'panel1',
         title: 'App 1',
@@ -76,72 +71,68 @@ describe('mergeGroupedItemsProvider', () => {
           {
             icon: 'icon1',
             name: 'Factory 1',
-            toolTipContent: 'Factory 1 description',
+            id: 'mockFactory',
+            description: 'Factory 1 description',
             'data-test-subj': 'createNew-mockFactory',
             onClick: expect.any(Function),
+            order: 0,
           },
           {
             id: 'addPanelActionId',
+            order: 0,
           },
         ],
+        'data-test-subj': 'dashboardEditorMenu-group1Group',
+        order: 10,
       },
     ]);
   });
 
   it('should handle missing factoryGroup correctly', () => {
-    const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider(
-      getEmbeddableFactoryMenuItem
-    )({}, groupedAddPanelAction);
+    const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)(
+      {},
+      groupedAddPanelAction
+    );
 
-    expect(initialPanelGroups).toEqual([
-      {
-        'data-test-subj': 'dashboardEditorMenu-group1Group',
-        name: 'Panel 2',
-        icon: 'icon2',
-        panel: 'panel2',
-      },
-    ]);
-
-    expect(additionalPanels).toEqual([
+    expect(groupedPanels).toEqual([
       {
         id: 'panel2',
+        icon: 'icon2',
         title: 'Panel 2',
         items: [
           {
             id: 'addPanelActionId',
+            order: 0,
           },
         ],
+        order: 10,
       },
     ]);
   });
 
   it('should handle missing groupedAddPanelAction correctly', () => {
-    const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider(
-      getEmbeddableFactoryMenuItem
-    )(factoryGroupMap, {});
+    const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)(
+      factoryGroupMap,
+      {}
+    );
 
-    expect(initialPanelGroups).toEqual([
-      {
-        'data-test-subj': 'dashboardEditorMenu-group1Group',
-        name: 'App 1',
-        icon: 'icon1',
-        panel: 'panel1',
-      },
-    ]);
-
-    expect(additionalPanels).toEqual([
+    expect(groupedPanels).toEqual([
       {
         id: 'panel1',
         title: 'App 1',
         items: [
           {
             icon: 'icon1',
+            id: 'mockFactory',
             name: 'Factory 1',
-            toolTipContent: 'Factory 1 description',
+            description: 'Factory 1 description',
             'data-test-subj': 'createNew-mockFactory',
             onClick: expect.any(Function),
+            order: 0,
           },
         ],
+        order: 10,
+        'data-test-subj': 'dashboardEditorMenu-group1Group',
       },
     ]);
   });
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx
index d92b913c28b5d..ba7811dfec360 100644
--- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx
@@ -8,37 +8,30 @@
 
 import './editor_menu.scss';
 
-import React, { useCallback, useEffect, useMemo, useState, useRef } from 'react';
-import {
-  EuiBadge,
-  EuiContextMenu,
-  EuiContextMenuItemIcon,
-  type EuiContextMenuPanelDescriptor,
-  type EuiContextMenuPanelItemDescriptor,
-  EuiFlexGroup,
-  EuiFlexItem,
-  useEuiTheme,
-} from '@elastic/eui';
+import React, { useEffect, useMemo, useState, useRef } from 'react';
+import { type IconType } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
-import type { Action } from '@kbn/ui-actions-plugin/public';
-import { ToolbarPopover } from '@kbn/shared-ux-button-toolbar';
+import { type Action, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
+import { ToolbarButton } from '@kbn/shared-ux-button-toolbar';
 import { PresentationContainer } from '@kbn/presentation-containers';
 import { type BaseVisType, VisGroups, type VisTypeAlias } from '@kbn/visualizations-plugin/public';
-import type { EmbeddableFactory } from '@kbn/embeddable-plugin/public';
+import { EmbeddableFactory, COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public';
 import { pluginServices } from '../../services/plugin_services';
-import { DASHBOARD_APP_ID } from '../../dashboard_constants';
-import { ADD_PANEL_TRIGGER } from '../../triggers';
 import {
-  getAddPanelActionMenuItems,
+  getAddPanelActionMenuItemsGroup,
+  type PanelSelectionMenuItem,
   type GroupedAddPanelActions,
 } from './add_panel_action_menu_items';
+import { openDashboardPanelSelectionFlyout } from './open_dashboard_panel_selection_flyout';
+import type { DashboardServices } from '../../services/types';
+import { useDashboardAPI } from '../dashboard_app';
 
 export interface FactoryGroup {
   id: string;
   appName: string;
-  icon: EuiContextMenuItemIcon;
-  panelId: number;
+  icon?: IconType;
   factories: EmbeddableFactory[];
+  order: number;
 }
 
 interface UnwrappedEmbeddableFactory {
@@ -49,31 +42,38 @@ interface UnwrappedEmbeddableFactory {
 export type GetEmbeddableFactoryMenuItem = ReturnType<typeof getEmbeddableFactoryMenuItemProvider>;
 
 export const getEmbeddableFactoryMenuItemProvider =
-  (api: PresentationContainer, closePopover: () => void) => (factory: EmbeddableFactory) => {
+  (api: PresentationContainer, closePopover: () => void) =>
+  (factory: EmbeddableFactory): PanelSelectionMenuItem => {
     const icon = factory?.getIconType ? factory.getIconType() : 'empty';
 
-    const toolTipContent = factory?.getDescription ? factory.getDescription() : undefined;
-
     return {
+      id: factory.type,
       name: factory.getDisplayName(),
       icon,
-      toolTipContent,
+      description: factory.getDescription?.(),
       onClick: async () => {
         closePopover();
         api.addNewPanel({ panelType: factory.type }, true);
       },
       'data-test-subj': `createNew-${factory.type}`,
+      order: factory.order ?? 0,
     };
   };
 
+const sortGroupPanelsByOrder = <T extends { order: number }>(panelGroups: T[]): T[] => {
+  return panelGroups.sort(
+    // larger number sorted to the top
+    (panelGroupA, panelGroupB) => panelGroupB.order - panelGroupA.order
+  );
+};
+
 export const mergeGroupedItemsProvider =
   (getEmbeddableFactoryMenuItem: GetEmbeddableFactoryMenuItem) =>
   (
     factoryGroupMap: Record<string, FactoryGroup>,
     groupedAddPanelAction: Record<string, GroupedAddPanelActions>
-  ): [EuiContextMenuPanelItemDescriptor[], EuiContextMenuPanelDescriptor[]] => {
-    const initialPanelGroups: EuiContextMenuPanelItemDescriptor[] = [];
-    const additionalPanels: EuiContextMenuPanelDescriptor[] = [];
+  ) => {
+    const panelGroups: GroupedAddPanelActions[] = [];
 
     new Set(Object.keys(factoryGroupMap).concat(Object.keys(groupedAddPanelAction))).forEach(
       (groupId) => {
@@ -83,87 +83,60 @@ export const mergeGroupedItemsProvider =
         const addPanelGroup = groupedAddPanelAction[groupId];
 
         if (factoryGroup && addPanelGroup) {
-          const panelId = factoryGroup.panelId;
-
-          initialPanelGroups.push({
-            'data-test-subj': dataTestSubj,
-            name: factoryGroup.appName,
-            icon: factoryGroup.icon,
-            panel: panelId,
-          });
-
-          additionalPanels.push({
-            id: panelId,
+          panelGroups.push({
+            id: factoryGroup.id,
             title: factoryGroup.appName,
+            'data-test-subj': dataTestSubj,
+            order: factoryGroup.order,
             items: [
               ...factoryGroup.factories.map(getEmbeddableFactoryMenuItem),
               ...(addPanelGroup?.items ?? []),
             ],
           });
         } else if (factoryGroup) {
-          const panelId = factoryGroup.panelId;
-
-          initialPanelGroups.push({
-            'data-test-subj': dataTestSubj,
-            name: factoryGroup.appName,
-            icon: factoryGroup.icon,
-            panel: panelId,
-          });
-
-          additionalPanels.push({
-            id: panelId,
+          panelGroups.push({
+            id: factoryGroup.id,
             title: factoryGroup.appName,
+            'data-test-subj': dataTestSubj,
+            order: factoryGroup.order,
             items: factoryGroup.factories.map(getEmbeddableFactoryMenuItem),
           });
         } else if (addPanelGroup) {
-          const panelId = addPanelGroup.id;
-
-          initialPanelGroups.push({
-            'data-test-subj': dataTestSubj,
-            name: addPanelGroup.title,
-            icon: addPanelGroup.icon,
-            panel: panelId,
-          });
-
-          additionalPanels.push({
-            id: panelId,
-            title: addPanelGroup.title,
-            items: addPanelGroup.items,
-          });
+          panelGroups.push(addPanelGroup);
         }
       }
     );
 
-    return [initialPanelGroups, additionalPanels];
+    return panelGroups;
   };
 
-export const EditorMenu = ({
-  createNewVisType,
-  isDisabled,
-  api,
-}: {
+interface EditorMenuProps {
   api: PresentationContainer;
   isDisabled?: boolean;
   /** Handler for creating new visualization of a specified type */
   createNewVisType: (visType: BaseVisType | VisTypeAlias) => () => void;
-}) => {
+}
+
+export const EditorMenu = ({ createNewVisType, isDisabled, api }: EditorMenuProps) => {
   const isMounted = useRef(false);
+  const flyoutRef = useRef<ReturnType<DashboardServices['overlays']['openFlyout']>>();
+  const dashboard = useDashboardAPI();
+
+  useEffect(() => {
+    isMounted.current = true;
+
+    return () => {
+      isMounted.current = false;
+      flyoutRef.current?.close();
+    };
+  }, []);
+
   const {
     embeddable,
-    visualizations: {
-      getAliases: getVisTypeAliases,
-      getByGroup: getVisTypesByGroup,
-      showNewVisModal,
-    },
+    visualizations: { getAliases: getVisTypeAliases, getByGroup: getVisTypesByGroup },
     uiActions,
   } = pluginServices.getServices();
 
-  const { euiTheme } = useEuiTheme();
-
-  const embeddableFactories = useMemo(
-    () => Array.from(embeddable.getEmbeddableFactories()),
-    [embeddable]
-  );
   const [unwrappedEmbeddableFactories, setUnwrappedEmbeddableFactories] = useState<
     UnwrappedEmbeddableFactory[]
   >([]);
@@ -172,6 +145,11 @@ export const EditorMenu = ({
     undefined
   );
 
+  const embeddableFactories = useMemo(
+    () => Array.from(embeddable.getEmbeddableFactories()),
+    [embeddable]
+  );
+
   useEffect(() => {
     Promise.all(
       embeddableFactories.map<Promise<UnwrappedEmbeddableFactory>>(async (factory) => ({
@@ -183,17 +161,6 @@ export const EditorMenu = ({
     });
   }, [embeddableFactories]);
 
-  const createNewAggsBasedVis = useCallback(
-    (visType?: BaseVisType) => () =>
-      showNewVisModal({
-        originatingApp: DASHBOARD_APP_ID,
-        outsideVisualizeApp: true,
-        showAggsSelection: true,
-        selectedVisType: visType,
-      }),
-    [showNewVisModal]
-  );
-
   const getSortedVisTypesByGroup = (group: VisGroups) =>
     getVisTypesByGroup(group)
       .sort((a: BaseVisType | VisTypeAlias, b: BaseVisType | VisTypeAlias) => {
@@ -210,8 +177,9 @@ export const EditorMenu = ({
       .filter(({ disableCreate }: BaseVisType) => !disableCreate);
 
   const promotedVisTypes = getSortedVisTypesByGroup(VisGroups.PROMOTED);
-  const aggsBasedVisTypes = getSortedVisTypesByGroup(VisGroups.AGGBASED);
   const toolVisTypes = getSortedVisTypesByGroup(VisGroups.TOOLS);
+  const legacyVisTypes = getSortedVisTypesByGroup(VisGroups.LEGACY);
+
   const visTypeAliases = getVisTypeAliases()
     .sort(({ promotion: a = false }: VisTypeAlias, { promotion: b = false }: VisTypeAlias) =>
       a === b ? 0 : a ? -1 : 1
@@ -224,18 +192,6 @@ export const EditorMenu = ({
   );
 
   const factoryGroupMap: Record<string, FactoryGroup> = {};
-  const ungroupedFactories: EmbeddableFactory[] = [];
-  const aggBasedPanelID = 1;
-
-  let panelCount = 1 + aggBasedPanelID;
-
-  useEffect(() => {
-    isMounted.current = true;
-
-    return () => {
-      isMounted.current = false;
-    };
-  }, []);
 
   // Retrieve ADD_PANEL_TRIGGER actions
   useEffect(() => {
@@ -243,6 +199,7 @@ export const EditorMenu = ({
       const registeredActions = await uiActions?.getTriggerCompatibleActions?.(ADD_PANEL_TRIGGER, {
         embeddable: api,
       });
+
       if (isMounted.current) {
         setAddPanelActions(registeredActions);
       }
@@ -260,142 +217,160 @@ export const EditorMenu = ({
         } else {
           factoryGroupMap[group.id] = {
             id: group.id,
-            appName: group.getDisplayName ? group.getDisplayName({ embeddable }) : group.id,
-            icon: (group.getIconType
-              ? group.getIconType({ embeddable })
-              : 'empty') as EuiContextMenuItemIcon,
+            appName: group.getDisplayName
+              ? group.getDisplayName({ embeddable: dashboard })
+              : group.id,
+            icon: group.getIconType?.({ embeddable: dashboard }),
             factories: [factory],
-            panelId: panelCount,
+            order: group.order ?? 0,
           };
-
-          panelCount++;
         }
       });
     } else {
-      ungroupedFactories.push(factory);
+      const fallbackGroup = COMMON_EMBEDDABLE_GROUPING.other;
+
+      if (!factoryGroupMap[fallbackGroup.id]) {
+        factoryGroupMap[fallbackGroup.id] = {
+          id: fallbackGroup.id,
+          appName: fallbackGroup.getDisplayName
+            ? fallbackGroup.getDisplayName({ embeddable: dashboard })
+            : fallbackGroup.id,
+          icon: fallbackGroup.getIconType?.({ embeddable: dashboard }) || 'empty',
+          factories: [],
+          order: fallbackGroup.order ?? 0,
+        };
+      }
+
+      factoryGroupMap[fallbackGroup.id].factories.push(factory);
     }
   });
 
-  const getVisTypeMenuItem = (visType: BaseVisType): EuiContextMenuPanelItemDescriptor => {
+  const augmentedCreateNewVisType = (
+    visType: Parameters<EditorMenuProps['createNewVisType']>[0],
+    cb: () => void
+  ) => {
+    const visClickHandler = createNewVisType(visType);
+    return () => {
+      visClickHandler();
+      cb();
+    };
+  };
+
+  const getVisTypeMenuItem = (
+    onClickCb: () => void,
+    visType: BaseVisType
+  ): PanelSelectionMenuItem => {
     const {
       name,
       title,
       titleInWizard,
       description,
       icon = 'empty',
-      group,
       isDeprecated,
+      order,
     } = visType;
     return {
-      name: !isDeprecated ? (
-        titleInWizard || title
-      ) : (
-        <EuiFlexGroup wrap responsive={false} gutterSize="s">
-          <EuiFlexItem grow={false}>{titleInWizard || title}</EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiBadge color="warning">
-              {i18n.translate('dashboard.editorMenu.deprecatedTag', {
-                defaultMessage: 'Deprecated',
-              })}
-            </EuiBadge>
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      ),
-      icon: icon as string,
-      onClick:
-        // not all the agg-based visualizations need to be created via the wizard
-        group === VisGroups.AGGBASED && visType.options.showIndexSelection
-          ? createNewAggsBasedVis(visType)
-          : createNewVisType(visType),
+      id: name,
+      name: titleInWizard || title,
+      isDeprecated,
+      icon,
+      onClick: augmentedCreateNewVisType(visType, onClickCb),
       'data-test-subj': `visType-${name}`,
-      toolTipContent: description,
+      description,
+      order,
     };
   };
 
   const getVisTypeAliasMenuItem = (
+    onClickCb: () => void,
     visTypeAlias: VisTypeAlias
-  ): EuiContextMenuPanelItemDescriptor => {
-    const { name, title, description, icon = 'empty' } = visTypeAlias;
+  ): PanelSelectionMenuItem => {
+    const { name, title, description, icon = 'empty', order } = visTypeAlias;
 
     return {
+      id: name,
       name: title,
       icon,
-      onClick: createNewVisType(visTypeAlias),
+      onClick: augmentedCreateNewVisType(visTypeAlias, onClickCb),
       'data-test-subj': `visType-${name}`,
-      toolTipContent: description,
+      description,
+      order: order ?? 0,
     };
   };
 
-  const aggsPanelTitle = i18n.translate('dashboard.editorMenu.aggBasedGroupTitle', {
-    defaultMessage: 'Aggregation based',
-  });
-
-  const getEditorMenuPanels = (closePopover: () => void): EuiContextMenuPanelDescriptor[] => {
-    const getEmbeddableFactoryMenuItem = getEmbeddableFactoryMenuItemProvider(api, closePopover);
+  const getEditorMenuPanels = (closeFlyout: () => void): GroupedAddPanelActions[] => {
+    const getEmbeddableFactoryMenuItem = getEmbeddableFactoryMenuItemProvider(api, closeFlyout);
 
-    const [ungroupedAddPanelActions, groupedAddPanelAction] = getAddPanelActionMenuItems(
+    const groupedAddPanelAction = getAddPanelActionMenuItemsGroup(
       api,
       addPanelActions,
-      closePopover
+      closeFlyout
     );
 
-    const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider(
-      getEmbeddableFactoryMenuItem
-    )(factoryGroupMap, groupedAddPanelAction);
-
-    const initialPanelItems = [
-      ...visTypeAliases.map(getVisTypeAliasMenuItem),
-      ...ungroupedAddPanelActions,
-      ...toolVisTypes.map(getVisTypeMenuItem),
-      ...ungroupedFactories.map(getEmbeddableFactoryMenuItem),
-      ...initialPanelGroups,
-      ...promotedVisTypes.map(getVisTypeMenuItem),
-    ];
-    if (aggsBasedVisTypes.length > 0) {
-      initialPanelItems.push({
-        name: aggsPanelTitle,
-        icon: 'visualizeApp',
-        panel: aggBasedPanelID,
-        'data-test-subj': `dashboardEditorAggBasedMenuItem`,
-      });
-    }
+    const initialPanelGroups = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)(
+      factoryGroupMap,
+      groupedAddPanelAction
+    );
 
-    return [
-      {
-        id: 0,
-        items: initialPanelItems,
-      },
-      {
-        id: aggBasedPanelID,
-        title: aggsPanelTitle,
-        items: aggsBasedVisTypes.map(getVisTypeMenuItem),
-      },
-      ...additionalPanels,
-    ];
+    // enhance panel groups
+    return sortGroupPanelsByOrder<GroupedAddPanelActions>(initialPanelGroups).map((panelGroup) => {
+      switch (panelGroup.id) {
+        case 'visualizations': {
+          return {
+            ...panelGroup,
+            items: sortGroupPanelsByOrder<PanelSelectionMenuItem>(
+              (panelGroup.items ?? []).concat(
+                // TODO: actually add grouping to vis type alias so we wouldn't randomly display an unintended item
+                visTypeAliases.map(getVisTypeAliasMenuItem.bind(null, closeFlyout)),
+                promotedVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout))
+              )
+            ),
+          };
+        }
+        case COMMON_EMBEDDABLE_GROUPING.legacy.id: {
+          return {
+            ...panelGroup,
+            items: sortGroupPanelsByOrder<PanelSelectionMenuItem>(
+              (panelGroup.items ?? []).concat(
+                legacyVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout))
+              )
+            ),
+          };
+        }
+        case COMMON_EMBEDDABLE_GROUPING.annotation.id: {
+          return {
+            ...panelGroup,
+            items: sortGroupPanelsByOrder<PanelSelectionMenuItem>(
+              (panelGroup.items ?? []).concat(
+                toolVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout))
+              )
+            ),
+          };
+        }
+        default: {
+          return {
+            ...panelGroup,
+            items: sortGroupPanelsByOrder(panelGroup.items),
+          };
+        }
+      }
+    });
   };
 
   return (
-    <ToolbarPopover
-      zIndex={Number(euiTheme.levels.header) - 1}
-      repositionOnScroll
-      ownFocus
+    <ToolbarButton
+      data-test-subj="dashboardEditorMenuButton"
+      isDisabled={isDisabled}
+      iconType="plusInCircle"
       label={i18n.translate('dashboard.solutionToolbar.editorMenuButtonLabel', {
         defaultMessage: 'Add panel',
       })}
-      isDisabled={isDisabled}
+      onClick={() => {
+        flyoutRef.current = openDashboardPanelSelectionFlyout({
+          getPanels: getEditorMenuPanels,
+        });
+      }}
       size="s"
-      iconType="plusInCircle"
-      panelPaddingSize="none"
-      data-test-subj="dashboardEditorMenuButton"
-    >
-      {({ closePopover }: { closePopover: () => void }) => (
-        <EuiContextMenu
-          initialPanelId={0}
-          panels={getEditorMenuPanels(closePopover)}
-          className={`dshSolutionToolbar__editorContextMenu`}
-          data-test-subj="dashboardEditorContextMenu"
-        />
-      )}
-    </ToolbarPopover>
+    />
   );
 };
diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx
new file mode 100644
index 0000000000000..8bd8dffc67c97
--- /dev/null
+++ b/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx
@@ -0,0 +1,255 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React, { useEffect, useState, useRef } from 'react';
+import { toMountPoint } from '@kbn/react-kibana-mount';
+import { i18n as i18nFn } from '@kbn/i18n';
+import orderBy from 'lodash/orderBy';
+import {
+  EuiButtonEmpty,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFlyoutBody,
+  EuiFlyoutFooter,
+  EuiFlyoutHeader,
+  EuiForm,
+  EuiBadge,
+  EuiFormRow,
+  EuiTitle,
+  EuiFieldSearch,
+  useEuiTheme,
+  type EuiFlyoutProps,
+  EuiListGroup,
+  EuiListGroupItem,
+  EuiToolTip,
+  EuiText,
+} from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { pluginServices } from '../../services/plugin_services';
+import type { DashboardServices } from '../../services/types';
+import type { GroupedAddPanelActions, PanelSelectionMenuItem } from './add_panel_action_menu_items';
+
+interface OpenDashboardPanelSelectionFlyoutArgs {
+  getPanels: (closePopover: () => void) => GroupedAddPanelActions[];
+  flyoutPanelPaddingSize?: Exclude<EuiFlyoutProps['paddingSize'], 'none'>;
+}
+
+interface Props extends Pick<OpenDashboardPanelSelectionFlyoutArgs, 'getPanels'> {
+  /** Handler to close flyout */
+  close: () => void;
+  /** Padding for flyout  */
+  paddingSize: Exclude<OpenDashboardPanelSelectionFlyoutArgs['flyoutPanelPaddingSize'], undefined>;
+}
+
+export function openDashboardPanelSelectionFlyout({
+  getPanels,
+  flyoutPanelPaddingSize = 'l',
+}: OpenDashboardPanelSelectionFlyoutArgs) {
+  const {
+    overlays,
+    analytics,
+    settings: { i18n, theme },
+  } = pluginServices.getServices();
+  // eslint-disable-next-line prefer-const
+  let flyoutRef: ReturnType<DashboardServices['overlays']['openFlyout']>;
+
+  const mount = toMountPoint(
+    React.createElement(function () {
+      const closeFlyout = () => flyoutRef.close();
+      return (
+        <DashboardPanelSelectionListFlyout
+          close={closeFlyout}
+          {...{ paddingSize: flyoutPanelPaddingSize, getPanels }}
+        />
+      );
+    }),
+    { analytics, theme, i18n }
+  );
+
+  flyoutRef = overlays.openFlyout(mount, {
+    size: 'm',
+    maxWidth: 500,
+    paddingSize: flyoutPanelPaddingSize,
+    'aria-labelledby': 'addPanelsFlyout',
+    'data-test-subj': 'dashboardPanelSelectionFlyout',
+  });
+
+  return flyoutRef;
+}
+
+export const DashboardPanelSelectionListFlyout: React.FC<Props> = ({
+  close,
+  getPanels,
+  paddingSize,
+}) => {
+  const { euiTheme } = useEuiTheme();
+  const panels = useRef(getPanels(close));
+  const [searchTerm, setSearchTerm] = useState<string>('');
+  const [panelsSearchResult, setPanelsSearchResult] = useState<GroupedAddPanelActions[]>(
+    panels.current
+  );
+
+  useEffect(() => {
+    if (!searchTerm) {
+      return setPanelsSearchResult(panels.current);
+    }
+
+    const q = searchTerm.toLowerCase();
+
+    setPanelsSearchResult(
+      orderBy(
+        panels.current.map((panel) => {
+          const groupSearchMatch = panel.title.toLowerCase().includes(q);
+
+          const [groupSearchMatchAgg, items] = panel.items.reduce(
+            (acc, cur) => {
+              const searchMatch = cur.name.toLowerCase().includes(q);
+
+              acc[0] = acc[0] || searchMatch;
+              acc[1].push({
+                ...cur,
+                isDisabled: !(groupSearchMatch || searchMatch),
+              });
+
+              return acc;
+            },
+            [groupSearchMatch, [] as PanelSelectionMenuItem[]]
+          );
+
+          return {
+            ...panel,
+            isDisabled: !groupSearchMatchAgg,
+            items,
+          };
+        }),
+        ['isDisabled']
+      )
+    );
+  }, [searchTerm]);
+
+  return (
+    <>
+      <EuiFlyoutHeader hasBorder>
+        <EuiTitle size="m">
+          <h1 id="addPanelsFlyout">
+            <FormattedMessage
+              id="dashboard.solutionToolbar.addPanelFlyout.headingText"
+              defaultMessage="Add panel"
+            />
+          </h1>
+        </EuiTitle>
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
+        <EuiFlexGroup direction="column" responsive={false} gutterSize="m">
+          <EuiFlexItem
+            grow={false}
+            css={{
+              position: 'sticky',
+              top: euiTheme.size[paddingSize],
+              zIndex: 1,
+              boxShadow: `0 -${euiTheme.size[paddingSize]} 0 4px ${euiTheme.colors.emptyShade}`,
+            }}
+          >
+            <EuiForm component="form" fullWidth>
+              <EuiFormRow css={{ backgroundColor: euiTheme.colors.emptyShade }}>
+                <EuiFieldSearch
+                  autoFocus
+                  value={searchTerm}
+                  onChange={(e) => {
+                    setSearchTerm(e.target.value);
+                  }}
+                  aria-label={i18nFn.translate(
+                    'dashboard.editorMenu.addPanelFlyout.searchLabelText',
+                    { defaultMessage: 'search field for panels' }
+                  )}
+                  className="nsPanelSelectionFlyout__searchInput"
+                  data-test-subj="dashboardPanelSelectionFlyout__searchInput"
+                />
+              </EuiFormRow>
+            </EuiForm>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiFlexGroup direction="column" gutterSize="m">
+              {panelsSearchResult.some(({ isDisabled }) => !isDisabled) ? (
+                panelsSearchResult.map(
+                  ({ id, title, items, isDisabled, ['data-test-subj']: dataTestSubj }) =>
+                    !isDisabled ? (
+                      <EuiFlexItem key={id} data-test-subj={dataTestSubj}>
+                        <EuiTitle id={`${id}-group`} size="xxs">
+                          {typeof title === 'string' ? <h3>{title}</h3> : title}
+                        </EuiTitle>
+                        <EuiListGroup
+                          aria-labelledby={`${id}-group`}
+                          size="s"
+                          gutterSize="none"
+                          maxWidth={false}
+                          flush
+                        >
+                          {items?.map((item, idx) => {
+                            return (
+                              <EuiListGroupItem
+                                key={`${id}.${idx}`}
+                                label={
+                                  <EuiToolTip position="right" content={item.description}>
+                                    {!item.isDeprecated ? (
+                                      <EuiText size="s">{item.name}</EuiText>
+                                    ) : (
+                                      <EuiFlexGroup wrap responsive={false} gutterSize="s">
+                                        <EuiFlexItem grow={false}>
+                                          <EuiText size="s">{item.name}</EuiText>
+                                        </EuiFlexItem>
+                                        <EuiFlexItem grow={false}>
+                                          <EuiBadge color="warning">
+                                            <FormattedMessage
+                                              id="dashboard.editorMenu.deprecatedTag"
+                                              defaultMessage="Deprecated"
+                                            />
+                                          </EuiBadge>
+                                        </EuiFlexItem>
+                                      </EuiFlexGroup>
+                                    )}
+                                  </EuiToolTip>
+                                }
+                                onClick={item?.onClick}
+                                iconType={item.icon}
+                                data-test-subj={item['data-test-subj']}
+                                isDisabled={item.isDisabled}
+                              />
+                            );
+                          })}
+                        </EuiListGroup>
+                      </EuiFlexItem>
+                    ) : null
+                )
+              ) : (
+                <EuiText size="s" textAlign="center">
+                  <FormattedMessage
+                    id="dashboard.solutionToolbar.addPanelFlyout.noResultsDescription"
+                    defaultMessage="No panel types found"
+                  />
+                </EuiText>
+              )}
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlyoutBody>
+      <EuiFlyoutFooter>
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiFlexItem grow={false}>
+            <EuiButtonEmpty onClick={close}>
+              <FormattedMessage
+                id="dashboard.solutionToolbar.addPanelFlyout.cancelButtonText"
+                defaultMessage="Close"
+              />
+            </EuiButtonEmpty>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlyoutFooter>
+    </>
+  );
+};
diff --git a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
index b33e35647e216..f6e7918fb1b0b 100644
--- a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
+++ b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
@@ -40,7 +40,6 @@
  * Shifting the rendered panels offscreen prevents a quick flash when redrawing the panels on minimize
  */
 .dshDashboardGrid__item--hidden {
-  position: absolute;
   top: -9999px;
   left: -9999px;
 }
diff --git a/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx b/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx
index 7d4a87f7209e1..d4fd84618747d 100644
--- a/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx
+++ b/src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx
@@ -64,14 +64,15 @@ export const Item = React.forwardRef<HTMLDivElement, Props>(
 
     useLayoutEffect(() => {
       if (typeof ref !== 'function' && ref?.current) {
+        const panelRef = ref.current;
         if (scrollToPanelId === id) {
-          container.scrollToPanel(ref.current);
+          container.scrollToPanel(panelRef);
         }
         if (highlightPanelId === id) {
-          container.highlightPanel(ref.current);
+          container.highlightPanel(panelRef);
         }
 
-        ref.current.querySelectorAll('*').forEach((e) => {
+        panelRef.querySelectorAll('*').forEach((e) => {
           if (blurPanel) {
             // remove blurred panels and nested elements from tab order
             e.setAttribute('tabindex', '-1');
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts b/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts
deleted file mode 100644
index 256d03681447d..0000000000000
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.ts
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-import { CoreStart } from '@kbn/core/public';
-import { coreMock } from '@kbn/core/public/mocks';
-import { isErrorEmbeddable, ReferenceOrValueEmbeddable } from '@kbn/embeddable-plugin/public';
-import {
-  ContactCardEmbeddable,
-  ContactCardEmbeddableFactory,
-  ContactCardEmbeddableInput,
-  ContactCardEmbeddableOutput,
-  CONTACT_CARD_EMBEDDABLE,
-} from '@kbn/embeddable-plugin/public/lib/test_samples/embeddables';
-import { embeddablePluginMock } from '@kbn/embeddable-plugin/public/mocks';
-import { duplicateDashboardPanel, incrementPanelTitle } from './duplicate_dashboard_panel';
-import { buildMockDashboard, getSampleDashboardPanel } from '../../../mocks';
-import { pluginServices } from '../../../services/plugin_services';
-import { DashboardContainer } from '../dashboard_container';
-
-let container: DashboardContainer;
-let genericEmbeddable: ContactCardEmbeddable;
-let byRefOrValEmbeddable: ContactCardEmbeddable & ReferenceOrValueEmbeddable;
-let coreStart: CoreStart;
-beforeEach(async () => {
-  coreStart = coreMock.createStart();
-  coreStart.savedObjects.client = {
-    ...coreStart.savedObjects.client,
-    get: jest.fn().mockImplementation(() => ({ attributes: { title: 'Holy moly' } })),
-    find: jest.fn().mockImplementation(() => ({ total: 15 })),
-    create: jest.fn().mockImplementation(() => ({ id: 'brandNewSavedObject' })),
-  };
-
-  const mockEmbeddableFactory = new ContactCardEmbeddableFactory((() => null) as any, {} as any);
-
-  pluginServices.getServices().embeddable.getEmbeddableFactory = jest
-    .fn()
-    .mockReturnValue(mockEmbeddableFactory);
-  container = buildMockDashboard({
-    overrides: {
-      panels: {
-        '123': getSampleDashboardPanel<ContactCardEmbeddableInput>({
-          explicitInput: { firstName: 'Kibanana', id: '123' },
-          type: CONTACT_CARD_EMBEDDABLE,
-        }),
-      },
-    },
-  });
-
-  const refOrValContactCardEmbeddable = await container.addNewEmbeddable<
-    ContactCardEmbeddableInput,
-    ContactCardEmbeddableOutput,
-    ContactCardEmbeddable
-  >(CONTACT_CARD_EMBEDDABLE, {
-    firstName: 'RefOrValEmbeddable',
-  });
-
-  const nonRefOrValueContactCard = await container.addNewEmbeddable<
-    ContactCardEmbeddableInput,
-    ContactCardEmbeddableOutput,
-    ContactCardEmbeddable
-  >(CONTACT_CARD_EMBEDDABLE, {
-    firstName: 'Not a refOrValEmbeddable',
-  });
-
-  if (
-    isErrorEmbeddable(refOrValContactCardEmbeddable) ||
-    isErrorEmbeddable(nonRefOrValueContactCard)
-  ) {
-    throw new Error('Failed to create embeddables');
-  } else {
-    genericEmbeddable = nonRefOrValueContactCard;
-    byRefOrValEmbeddable = embeddablePluginMock.mockRefOrValEmbeddable<
-      ContactCardEmbeddable,
-      ContactCardEmbeddableInput
-    >(refOrValContactCardEmbeddable, {
-      mockedByReferenceInput: {
-        savedObjectId: 'testSavedObjectId',
-        id: refOrValContactCardEmbeddable.id,
-      },
-      mockedByValueInput: { firstName: 'RefOrValEmbeddable', id: refOrValContactCardEmbeddable.id },
-    });
-    jest.spyOn(byRefOrValEmbeddable, 'getInputAsValueType');
-  }
-});
-
-test('Duplication adds a new embeddable', async () => {
-  const originalPanelCount = Object.keys(container.getInput().panels).length;
-  const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
-  await duplicateDashboardPanel.bind(container)(byRefOrValEmbeddable.id);
-
-  expect(Object.keys(container.getInput().panels).length).toEqual(originalPanelCount + 1);
-  const newPanelId = Object.keys(container.getInput().panels).find(
-    (key) => !originalPanelKeySet.has(key)
-  );
-  expect(newPanelId).toBeDefined();
-  const newPanel = container.getInput().panels[newPanelId!];
-  expect(newPanel.type).toEqual(byRefOrValEmbeddable.type);
-});
-
-test('Duplicates a RefOrVal embeddable by value', async () => {
-  const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
-  await duplicateDashboardPanel.bind(container)(byRefOrValEmbeddable.id);
-  const newPanelId = Object.keys(container.getInput().panels).find(
-    (key) => !originalPanelKeySet.has(key)
-  );
-
-  const originalFirstName = (
-    container.getInput().panels[byRefOrValEmbeddable.id].explicitInput as ContactCardEmbeddableInput
-  ).firstName;
-
-  const newFirstName = (
-    container.getInput().panels[newPanelId!].explicitInput as ContactCardEmbeddableInput
-  ).firstName;
-
-  expect(byRefOrValEmbeddable.getInputAsValueType).toHaveBeenCalled();
-
-  expect(originalFirstName).toEqual(newFirstName);
-  expect(container.getInput().panels[newPanelId!].type).toEqual(byRefOrValEmbeddable.type);
-});
-
-test('Duplicates a non RefOrVal embeddable by value', async () => {
-  const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
-  await duplicateDashboardPanel.bind(container)(genericEmbeddable.id);
-  const newPanelId = Object.keys(container.getInput().panels).find(
-    (key) => !originalPanelKeySet.has(key)
-  );
-
-  const originalFirstName = (
-    container.getInput().panels[genericEmbeddable.id].explicitInput as ContactCardEmbeddableInput
-  ).firstName;
-
-  const newFirstName = (
-    container.getInput().panels[newPanelId!].explicitInput as ContactCardEmbeddableInput
-  ).firstName;
-
-  expect(originalFirstName).toEqual(newFirstName);
-  expect(container.getInput().panels[newPanelId!].type).toEqual(genericEmbeddable.type);
-});
-
-test('Gets a unique title from the dashboard', async () => {
-  expect(await incrementPanelTitle(container, '')).toEqual('');
-
-  container.getPanelTitles = jest.fn().mockImplementation(() => {
-    return ['testDuplicateTitle', 'testDuplicateTitle (copy)', 'testUniqueTitle'];
-  });
-  expect(await incrementPanelTitle(container, 'testUniqueTitle')).toEqual('testUniqueTitle (copy)');
-  expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
-    'testDuplicateTitle (copy 1)'
-  );
-
-  container.getPanelTitles = jest.fn().mockImplementation(() => {
-    return ['testDuplicateTitle', 'testDuplicateTitle (copy)'].concat(
-      Array.from([...Array(39)], (_, index) => `testDuplicateTitle (copy ${index + 1})`)
-    );
-  });
-  expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
-    'testDuplicateTitle (copy 40)'
-  );
-  expect(await incrementPanelTitle(container, 'testDuplicateTitle (copy 100)')).toEqual(
-    'testDuplicateTitle (copy 40)'
-  );
-
-  container.getPanelTitles = jest.fn().mockImplementation(() => {
-    return ['testDuplicateTitle (copy 100)'];
-  });
-  expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
-    'testDuplicateTitle (copy 101)'
-  );
-  expect(await incrementPanelTitle(container, 'testDuplicateTitle (copy 100)')).toEqual(
-    'testDuplicateTitle (copy 101)'
-  );
-});
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.tsx b/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.tsx
new file mode 100644
index 0000000000000..39bb0f754cfbe
--- /dev/null
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.test.tsx
@@ -0,0 +1,328 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { CoreStart } from '@kbn/core/public';
+import { coreMock } from '@kbn/core/public/mocks';
+import {
+  isErrorEmbeddable,
+  ReactEmbeddableFactory,
+  ReferenceOrValueEmbeddable,
+} from '@kbn/embeddable-plugin/public';
+import {
+  ContactCardEmbeddable,
+  ContactCardEmbeddableFactory,
+  ContactCardEmbeddableInput,
+  ContactCardEmbeddableOutput,
+  CONTACT_CARD_EMBEDDABLE,
+} from '@kbn/embeddable-plugin/public/lib/test_samples/embeddables';
+import { embeddablePluginMock } from '@kbn/embeddable-plugin/public/mocks';
+import {
+  DefaultEmbeddableApi,
+  ReactEmbeddableRenderer,
+  registerReactEmbeddableFactory,
+} from '@kbn/embeddable-plugin/public/react_embeddable_system';
+import { BuildReactEmbeddableApiRegistration } from '@kbn/embeddable-plugin/public/react_embeddable_system/types';
+import { HasSnapshottableState, SerializedPanelState } from '@kbn/presentation-containers';
+import { HasInPlaceLibraryTransforms, HasLibraryTransforms } from '@kbn/presentation-publishing';
+import { render } from '@testing-library/react';
+import React from 'react';
+import { BehaviorSubject, lastValueFrom, Subject } from 'rxjs';
+import { buildMockDashboard, getSampleDashboardPanel } from '../../../mocks';
+import { pluginServices } from '../../../services/plugin_services';
+import { DashboardContainer } from '../dashboard_container';
+import { duplicateDashboardPanel, incrementPanelTitle } from './duplicate_dashboard_panel';
+
+describe('Legacy embeddables', () => {
+  let container: DashboardContainer;
+  let genericEmbeddable: ContactCardEmbeddable;
+  let byRefOrValEmbeddable: ContactCardEmbeddable & ReferenceOrValueEmbeddable;
+  let coreStart: CoreStart;
+  beforeEach(async () => {
+    coreStart = coreMock.createStart();
+    coreStart.savedObjects.client = {
+      ...coreStart.savedObjects.client,
+      get: jest.fn().mockImplementation(() => ({ attributes: { title: 'Holy moly' } })),
+      find: jest.fn().mockImplementation(() => ({ total: 15 })),
+      create: jest.fn().mockImplementation(() => ({ id: 'brandNewSavedObject' })),
+    };
+
+    const mockEmbeddableFactory = new ContactCardEmbeddableFactory((() => null) as any, {} as any);
+
+    pluginServices.getServices().embeddable.getEmbeddableFactory = jest
+      .fn()
+      .mockReturnValue(mockEmbeddableFactory);
+    container = buildMockDashboard({
+      overrides: {
+        panels: {
+          '123': getSampleDashboardPanel<ContactCardEmbeddableInput>({
+            explicitInput: { firstName: 'Kibanana', id: '123' },
+            type: CONTACT_CARD_EMBEDDABLE,
+          }),
+        },
+      },
+    });
+
+    const refOrValContactCardEmbeddable = await container.addNewEmbeddable<
+      ContactCardEmbeddableInput,
+      ContactCardEmbeddableOutput,
+      ContactCardEmbeddable
+    >(CONTACT_CARD_EMBEDDABLE, {
+      firstName: 'RefOrValEmbeddable',
+    });
+
+    const nonRefOrValueContactCard = await container.addNewEmbeddable<
+      ContactCardEmbeddableInput,
+      ContactCardEmbeddableOutput,
+      ContactCardEmbeddable
+    >(CONTACT_CARD_EMBEDDABLE, {
+      firstName: 'Not a refOrValEmbeddable',
+    });
+
+    if (
+      isErrorEmbeddable(refOrValContactCardEmbeddable) ||
+      isErrorEmbeddable(nonRefOrValueContactCard)
+    ) {
+      throw new Error('Failed to create embeddables');
+    } else {
+      genericEmbeddable = nonRefOrValueContactCard;
+      byRefOrValEmbeddable = embeddablePluginMock.mockRefOrValEmbeddable<
+        ContactCardEmbeddable,
+        ContactCardEmbeddableInput
+      >(refOrValContactCardEmbeddable, {
+        mockedByReferenceInput: {
+          savedObjectId: 'testSavedObjectId',
+          id: refOrValContactCardEmbeddable.id,
+        },
+        mockedByValueInput: {
+          firstName: 'RefOrValEmbeddable',
+          id: refOrValContactCardEmbeddable.id,
+        },
+      });
+      jest.spyOn(byRefOrValEmbeddable, 'getInputAsValueType');
+    }
+  });
+  test('Duplication adds a new embeddable', async () => {
+    const originalPanelCount = Object.keys(container.getInput().panels).length;
+    const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
+    await duplicateDashboardPanel.bind(container)(byRefOrValEmbeddable.id);
+
+    expect(Object.keys(container.getInput().panels).length).toEqual(originalPanelCount + 1);
+    const newPanelId = Object.keys(container.getInput().panels).find(
+      (key) => !originalPanelKeySet.has(key)
+    );
+    expect(newPanelId).toBeDefined();
+    const newPanel = container.getInput().panels[newPanelId!];
+    expect(newPanel.type).toEqual(byRefOrValEmbeddable.type);
+  });
+
+  test('Duplicates a RefOrVal embeddable by value', async () => {
+    const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
+    await duplicateDashboardPanel.bind(container)(byRefOrValEmbeddable.id);
+    const newPanelId = Object.keys(container.getInput().panels).find(
+      (key) => !originalPanelKeySet.has(key)
+    );
+
+    const originalFirstName = (
+      container.getInput().panels[byRefOrValEmbeddable.id]
+        .explicitInput as ContactCardEmbeddableInput
+    ).firstName;
+
+    const newFirstName = (
+      container.getInput().panels[newPanelId!].explicitInput as ContactCardEmbeddableInput
+    ).firstName;
+
+    expect(byRefOrValEmbeddable.getInputAsValueType).toHaveBeenCalled();
+
+    expect(originalFirstName).toEqual(newFirstName);
+    expect(container.getInput().panels[newPanelId!].type).toEqual(byRefOrValEmbeddable.type);
+  });
+
+  test('Duplicates a non RefOrVal embeddable by value', async () => {
+    const originalPanelKeySet = new Set(Object.keys(container.getInput().panels));
+    await duplicateDashboardPanel.bind(container)(genericEmbeddable.id);
+    const newPanelId = Object.keys(container.getInput().panels).find(
+      (key) => !originalPanelKeySet.has(key)
+    );
+
+    const originalFirstName = (
+      container.getInput().panels[genericEmbeddable.id].explicitInput as ContactCardEmbeddableInput
+    ).firstName;
+
+    const newFirstName = (
+      container.getInput().panels[newPanelId!].explicitInput as ContactCardEmbeddableInput
+    ).firstName;
+
+    expect(originalFirstName).toEqual(newFirstName);
+    expect(container.getInput().panels[newPanelId!].type).toEqual(genericEmbeddable.type);
+  });
+
+  test('Gets a unique title from the dashboard', async () => {
+    expect(await incrementPanelTitle(container, '')).toEqual('');
+
+    container.getPanelTitles = jest.fn().mockImplementation(() => {
+      return ['testDuplicateTitle', 'testDuplicateTitle (copy)', 'testUniqueTitle'];
+    });
+    expect(await incrementPanelTitle(container, 'testUniqueTitle')).toEqual(
+      'testUniqueTitle (copy)'
+    );
+    expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
+      'testDuplicateTitle (copy 1)'
+    );
+
+    container.getPanelTitles = jest.fn().mockImplementation(() => {
+      return ['testDuplicateTitle', 'testDuplicateTitle (copy)'].concat(
+        Array.from([...Array(39)], (_, index) => `testDuplicateTitle (copy ${index + 1})`)
+      );
+    });
+    expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
+      'testDuplicateTitle (copy 40)'
+    );
+    expect(await incrementPanelTitle(container, 'testDuplicateTitle (copy 100)')).toEqual(
+      'testDuplicateTitle (copy 40)'
+    );
+
+    container.getPanelTitles = jest.fn().mockImplementation(() => {
+      return ['testDuplicateTitle (copy 100)'];
+    });
+    expect(await incrementPanelTitle(container, 'testDuplicateTitle')).toEqual(
+      'testDuplicateTitle (copy 101)'
+    );
+    expect(await incrementPanelTitle(container, 'testDuplicateTitle (copy 100)')).toEqual(
+      'testDuplicateTitle (copy 101)'
+    );
+  });
+});
+
+describe('React embeddables', () => {
+  const testId = '1234';
+  const buildDashboardWithReactEmbeddable = async <Api extends DefaultEmbeddableApi>(
+    testType: string,
+    mockApi: BuildReactEmbeddableApiRegistration<{}, {}, Api>
+  ) => {
+    const fullApi$ = new Subject<Api & HasSnapshottableState<{}>>();
+    const reactEmbeddableFactory: ReactEmbeddableFactory<{}, {}, Api> = {
+      type: testType,
+      deserializeState: jest.fn().mockImplementation((state) => state.rawState),
+      buildEmbeddable: async (state, registerApi) => {
+        const fullApi = registerApi(
+          {
+            ...mockApi,
+          },
+          {}
+        );
+        fullApi$.next(fullApi);
+        fullApi$.complete();
+        return {
+          Component: () => <div> TEST DUPLICATE </div>,
+          api: fullApi,
+        };
+      },
+    };
+    registerReactEmbeddableFactory(testType, async () => reactEmbeddableFactory);
+    const dashboard = buildMockDashboard({
+      overrides: {
+        panels: {
+          [testId]: getSampleDashboardPanel<ContactCardEmbeddableInput>({
+            explicitInput: { id: testId },
+            type: testType,
+          }),
+        },
+      },
+    });
+    // render a fake Dashboard to initialize react embeddables
+    const FakeDashboard = () => {
+      return (
+        <div>
+          {Object.keys(dashboard.getInput().panels).map((panelId) => {
+            const panel = dashboard.getInput().panels[panelId];
+            return (
+              <div style={{ width: '100%', height: '100px' }} key={panelId}>
+                <ReactEmbeddableRenderer
+                  type={panel.type}
+                  onApiAvailable={(api) => dashboard.children$.next({ [panelId]: api })}
+                  getParentApi={() => ({
+                    getSerializedStateForChild: () =>
+                      panel.explicitInput as unknown as SerializedPanelState<object> | undefined,
+                  })}
+                />
+              </div>
+            );
+          })}
+        </div>
+      );
+    };
+    render(<FakeDashboard />);
+
+    return { dashboard, apiPromise: lastValueFrom(fullApi$) };
+  };
+
+  it('Duplicates child without library transforms', async () => {
+    const mockApi = {
+      serializeState: jest.fn().mockImplementation(() => ({ rawState: {} })),
+    };
+    const { dashboard, apiPromise } = await buildDashboardWithReactEmbeddable(
+      'byValueOnly',
+      mockApi
+    );
+    const api = await apiPromise;
+
+    const snapshotSpy = jest.spyOn(api, 'snapshotRuntimeState');
+
+    await duplicateDashboardPanel.bind(dashboard)(testId);
+
+    expect(snapshotSpy).toHaveBeenCalled();
+    expect(Object.keys(dashboard.getInput().panels).length).toBe(2);
+  });
+
+  it('Duplicates child with library transforms', async () => {
+    const libraryTransformsMockApi: BuildReactEmbeddableApiRegistration<
+      {},
+      {},
+      DefaultEmbeddableApi & HasLibraryTransforms
+    > = {
+      serializeState: jest.fn().mockImplementation(() => ({ rawState: {} })),
+      saveToLibrary: jest.fn(),
+      getByReferenceState: jest.fn(),
+      getByValueState: jest.fn(),
+      canLinkToLibrary: jest.fn(),
+      canUnlinkFromLibrary: jest.fn(),
+      checkForDuplicateTitle: jest.fn(),
+    };
+    const { dashboard, apiPromise } = await buildDashboardWithReactEmbeddable(
+      'libraryTransforms',
+      libraryTransformsMockApi
+    );
+    await apiPromise;
+
+    await duplicateDashboardPanel.bind(dashboard)(testId);
+    expect(libraryTransformsMockApi.getByValueState).toHaveBeenCalled();
+  });
+
+  it('Duplicates a child with in place library transforms', async () => {
+    const inPlaceLibraryTransformsMockApi: BuildReactEmbeddableApiRegistration<
+      {},
+      {},
+      DefaultEmbeddableApi & HasInPlaceLibraryTransforms
+    > = {
+      unlinkFromLibrary: jest.fn(),
+      saveToLibrary: jest.fn(),
+      checkForDuplicateTitle: jest.fn(),
+      libraryId$: new BehaviorSubject<string | undefined>(''),
+      getByValueRuntimeSnapshot: jest.fn(),
+      serializeState: jest.fn().mockImplementation(() => ({ rawState: {} })),
+    };
+    const { dashboard, apiPromise } = await buildDashboardWithReactEmbeddable(
+      'inPlaceLibraryTransforms',
+      inPlaceLibraryTransformsMockApi
+    );
+    await apiPromise;
+
+    await duplicateDashboardPanel.bind(dashboard)(testId);
+    expect(inPlaceLibraryTransformsMockApi.getByValueRuntimeSnapshot).toHaveBeenCalled();
+  });
+});
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.ts b/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.ts
index 225e89109639a..e0840ad0912b3 100644
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.ts
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/api/duplicate_dashboard_panel.ts
@@ -7,7 +7,14 @@
  */
 
 import { isReferenceOrValueEmbeddable, PanelNotFoundError } from '@kbn/embeddable-plugin/public';
-import { apiPublishesPanelTitle, getPanelTitle } from '@kbn/presentation-publishing';
+import { apiHasSnapshottableState } from '@kbn/presentation-containers/interfaces/serialized_state';
+import {
+  apiHasInPlaceLibraryTransforms,
+  apiHasLibraryTransforms,
+  apiPublishesPanelTitle,
+  getPanelTitle,
+  stateHasTitles,
+} from '@kbn/presentation-publishing';
 import { filter, map, max } from 'lodash';
 import { v4 as uuidv4 } from 'uuid';
 import { DashboardPanelState, prefixReferencesFromPanel } from '../../../../common';
@@ -52,18 +59,45 @@ const duplicateReactEmbeddableInput = async (
   panelToClone: DashboardPanelState,
   idToDuplicate: string
 ) => {
+  const id = uuidv4();
   const child = dashboard.children$.value[idToDuplicate];
   const lastTitle = apiPublishesPanelTitle(child) ? getPanelTitle(child) ?? '' : '';
   const newTitle = await incrementPanelTitle(dashboard, lastTitle);
-  const id = uuidv4();
-  if (panelToClone.references) {
-    dashboard.savedObjectReferences.push(...prefixReferencesFromPanel(id, panelToClone.references));
+
+  /**
+   * For react embeddables that have library transforms, we need to ensure
+   * to clone them with serialized state and references.
+   *
+   * TODO: remove this section once all by reference capable react embeddables
+   * use in-place library transforms
+   */
+  if (apiHasLibraryTransforms(child)) {
+    const byValueSerializedState = await child.getByValueState();
+    if (panelToClone.references) {
+      dashboard.savedObjectReferences.push(
+        ...prefixReferencesFromPanel(id, panelToClone.references)
+      );
+    }
+    return {
+      type: panelToClone.type,
+      explicitInput: {
+        ...byValueSerializedState,
+        title: newTitle,
+        id,
+      },
+    };
   }
+
+  const runtimeSnapshot = (() => {
+    if (apiHasInPlaceLibraryTransforms(child)) return child.getByValueRuntimeSnapshot();
+    return apiHasSnapshottableState(child) ? child.snapshotRuntimeState() : {};
+  })();
+  if (stateHasTitles(runtimeSnapshot)) runtimeSnapshot.title = newTitle;
+
+  dashboard.setRuntimeStateForChild(id, runtimeSnapshot);
   return {
     type: panelToClone.type,
     explicitInput: {
-      ...panelToClone.explicitInput,
-      title: newTitle,
       id,
     },
   };
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts b/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts
index f20e9f8c46c1b..e3a321f2355df 100644
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts
@@ -275,7 +275,7 @@ test('pulls panels from override input', async () => {
 
   // instead, the unsaved changes for React embeddables should be applied to the "restored runtime state" property of the Dashboard.
   expect(
-    (dashboard!.restoredRuntimeState!.someReactEmbeddablePanel as { title: string }).title
+    (dashboard!.getRuntimeStateForChild('someReactEmbeddablePanel') as { title: string }).title
   ).toEqual('an elegant override, from a more civilized age');
 });
 
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts b/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts
index 8f7e8bdb21bb5..32b21f0cf1c1e 100644
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.ts
@@ -277,10 +277,14 @@ export const initializeDashboard = async ({
   };
 
   // --------------------------------------------------------------------------------------
-  // Set latest runtime state for react embeddables.
+  // Set restored runtime state for react embeddables.
   // --------------------------------------------------------------------------------------
   untilDashboardReady().then((dashboardContainer) => {
-    dashboardContainer.restoredRuntimeState = runtimePanelsToRestore;
+    for (const idWithRuntimeState of Object.keys(runtimePanelsToRestore)) {
+      const restoredRuntimeStateForChild = runtimePanelsToRestore[idWithRuntimeState];
+      if (!restoredRuntimeStateForChild) continue;
+      dashboardContainer.setRuntimeStateForChild(idWithRuntimeState, restoredRuntimeStateForChild);
+    }
   });
 
   // --------------------------------------------------------------------------------------
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
index bb49255d41711..45f3b2535ff6d 100644
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
@@ -170,6 +170,7 @@ export class DashboardContainer
   public creationEndTime?: number;
   public firstLoad: boolean = true;
   private hadContentfulRender = false;
+  private scrollPosition?: number;
 
   // cleanup
   public stopSyncingWithUnifiedSearch?: () => void;
@@ -585,11 +586,18 @@ export class DashboardContainer
     return panel;
   };
 
-  public expandPanel = (panelId?: string) => {
-    this.setExpandedPanelId(panelId);
+  public expandPanel = (panelId: string) => {
+    const isPanelExpanded = Boolean(this.getExpandedPanelId());
 
-    if (!panelId) {
+    if (isPanelExpanded) {
+      this.setExpandedPanelId(undefined);
       this.setScrollToPanelId(panelId);
+      return;
+    }
+
+    this.setExpandedPanelId(panelId);
+    if (window.scrollY > 0) {
+      this.scrollPosition = window.scrollY;
     }
   };
 
@@ -765,6 +773,17 @@ export class DashboardContainer
 
     this.untilEmbeddableLoaded(id).then(() => {
       this.setScrollToPanelId(undefined);
+      if (this.scrollPosition) {
+        panelRef.ontransitionend = () => {
+          // Scroll to the last scroll position after the transition ends to ensure the panel is back in the right position before scrolling
+          // This is necessary because when an expanded panel collapses, it takes some time for the panel to return to its original position
+          window.scrollTo({ top: this.scrollPosition });
+          this.scrollPosition = undefined;
+          panelRef.ontransitionend = null;
+        };
+        return;
+      }
+
       panelRef.scrollIntoView({ block: 'center' });
     });
   };
@@ -810,14 +829,22 @@ export class DashboardContainer
   public saveNotification$: Subject<void> = new Subject<void>();
 
   public getSerializedStateForChild = (childId: string) => {
+    const rawState = this.getInput().panels[childId].explicitInput;
+    const { id, ...serializedState } = rawState;
+    if (!rawState || Object.keys(serializedState).length === 0) return;
     const references = getReferencesForPanelId(childId, this.savedObjectReferences);
     return {
-      rawState: this.getInput().panels[childId].explicitInput,
+      rawState,
       references,
     };
   };
 
-  public restoredRuntimeState: UnsavedPanelState | undefined = undefined;
+  private restoredRuntimeState: UnsavedPanelState | undefined = undefined;
+  public setRuntimeStateForChild = (childId: string, state: object) => {
+    const runtimeState = this.restoredRuntimeState ?? {};
+    runtimeState[childId] = state;
+    this.restoredRuntimeState = runtimeState;
+  };
   public getRuntimeStateForChild = (childId: string) => {
     return this.restoredRuntimeState?.[childId];
   };
diff --git a/src/plugins/dashboard/public/plugin.tsx b/src/plugins/dashboard/public/plugin.tsx
index 0a231492d70b9..c2838187d5eca 100644
--- a/src/plugins/dashboard/public/plugin.tsx
+++ b/src/plugins/dashboard/public/plugin.tsx
@@ -30,6 +30,7 @@ import type {
   UsageCollectionStart,
 } from '@kbn/usage-collection-plugin/public';
 import { APP_WRAPPER_CLASS } from '@kbn/core/public';
+import { type UiActionsSetup, type UiActionsStart } from '@kbn/ui-actions-plugin/public';
 import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
 import type { HomePublicPluginSetup } from '@kbn/home-plugin/public';
 import { replaceUrlHashQuery } from '@kbn/kibana-utils-plugin/common';
@@ -39,7 +40,6 @@ import type { DataViewEditorStart } from '@kbn/data-view-editor-plugin/public';
 import type { NavigationPublicPluginStart } from '@kbn/navigation-plugin/public';
 import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
 import type { Start as InspectorStartContract } from '@kbn/inspector-plugin/public';
-import type { UiActionsSetup, UiActionsStart } from '@kbn/ui-actions-plugin/public';
 import type { EmbeddableSetup, EmbeddableStart } from '@kbn/embeddable-plugin/public';
 import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
 import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
@@ -70,7 +70,6 @@ import {
 import { DashboardMountContextProps } from './dashboard_app/types';
 import type { FindDashboardsService } from './services/dashboard_content_management/types';
 import { CONTENT_ID, LATEST_VERSION } from '../common/content_management';
-import { addPanelMenuTrigger } from './triggers';
 import { GetPanelPlacementSettings } from './dashboard_container/panel_placement';
 
 export interface DashboardFeatureFlagConfig {
@@ -167,10 +166,6 @@ export class DashboardPlugin
     this.dashboardFeatureFlagConfig =
       this.initializerContext.config.get<DashboardFeatureFlagConfig>();
 
-    // this trigger enables external consumers to register actions for
-    // adding items to the add panel menu
-    uiActions.registerTrigger(addPanelMenuTrigger);
-
     core.analytics.registerEventType({
       eventType: 'dashboard_loaded_with_data',
       schema: {},
diff --git a/src/plugins/dashboard/public/services/dashboard_backup/dashboard_backup_service.ts b/src/plugins/dashboard/public/services/dashboard_backup/dashboard_backup_service.ts
index 5a121ef430400..f97d88fd1c4fe 100644
--- a/src/plugins/dashboard/public/services/dashboard_backup/dashboard_backup_service.ts
+++ b/src/plugins/dashboard/public/services/dashboard_backup/dashboard_backup_service.ts
@@ -133,7 +133,7 @@ class DashboardBackupService implements DashboardBackupServiceType {
 
       const panelsStorage = this.sessionStorage.get(DASHBOARD_PANELS_SESSION_KEY) ?? {};
       set(panelsStorage, [this.activeSpaceId, id], unsavedPanels);
-      this.sessionStorage.set(DASHBOARD_PANELS_SESSION_KEY, panelsStorage);
+      this.sessionStorage.set(DASHBOARD_PANELS_SESSION_KEY, panelsStorage, true);
     } catch (e) {
       this.notifications.toasts.addDanger({
         title: backupServiceStrings.getPanelsSetError(e.message),
diff --git a/src/plugins/data/kibana.jsonc b/src/plugins/data/kibana.jsonc
index 2881da532d63a..c109bde374680 100644
--- a/src/plugins/data/kibana.jsonc
+++ b/src/plugins/data/kibana.jsonc
@@ -27,8 +27,7 @@
       "management"
     ],
     "optionalPlugins": [
-      "usageCollection",
-      "security"
+      "usageCollection"
     ],
     "requiredBundles": [
       "kibanaUtils",
diff --git a/src/plugins/data/server/plugin.ts b/src/plugins/data/server/plugin.ts
index dfe88a12026bb..77f90393a6164 100644
--- a/src/plugins/data/server/plugin.ts
+++ b/src/plugins/data/server/plugin.ts
@@ -12,7 +12,6 @@ import { BfetchServerSetup } from '@kbn/bfetch-plugin/server';
 import { PluginStart as DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 import { FieldFormatsSetup, FieldFormatsStart } from '@kbn/field-formats-plugin/server';
-import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
 import { ConfigSchema } from '../config';
 import type { ISearchSetup, ISearchStart } from './search';
 import { DatatableUtilitiesService } from './datatable_utilities';
@@ -51,7 +50,6 @@ export interface DataPluginSetupDependencies {
   expressions: ExpressionsServerSetup;
   usageCollection?: UsageCollectionSetup;
   fieldFormats: FieldFormatsSetup;
-  security?: SecurityPluginSetup;
 }
 
 export interface DataPluginStartDependencies {
@@ -86,7 +84,7 @@ export class DataServerPlugin
 
   public setup(
     core: CoreSetup<DataPluginStartDependencies, DataPluginStart>,
-    { bfetch, expressions, usageCollection, fieldFormats, security }: DataPluginSetupDependencies
+    { bfetch, expressions, usageCollection, fieldFormats }: DataPluginSetupDependencies
   ) {
     this.scriptsService.setup(core);
     const querySetup = this.queryService.setup(core);
@@ -98,7 +96,6 @@ export class DataServerPlugin
       bfetch,
       expressions,
       usageCollection,
-      security,
     });
 
     return {
diff --git a/src/plugins/data/server/search/search_service.ts b/src/plugins/data/server/search/search_service.ts
index 4de7cec4dade6..09bee9bb8bab8 100644
--- a/src/plugins/data/server/search/search_service.ts
+++ b/src/plugins/data/server/search/search_service.ts
@@ -32,7 +32,6 @@ import { ExpressionsServerSetup } from '@kbn/expressions-plugin/server';
 import { FieldFormatsStart } from '@kbn/field-formats-plugin/server';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 import { KbnServerError } from '@kbn/kibana-utils-plugin/server';
-import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
 import type { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
 import type {
   DataRequestHandlerContext,
@@ -110,7 +109,6 @@ export interface SearchServiceSetupDependencies {
   bfetch: BfetchServerSetup;
   expressions: ExpressionsServerSetup;
   usageCollection?: UsageCollectionSetup;
-  security?: SecurityPluginSetup;
 }
 
 /** @internal */
@@ -147,7 +145,7 @@ export class SearchService implements Plugin<ISearchSetup, ISearchStart> {
 
   public setup(
     core: CoreSetup<DataPluginStartDependencies, DataPluginStart>,
-    { bfetch, expressions, usageCollection, security }: SearchServiceSetupDependencies
+    { bfetch, expressions, usageCollection }: SearchServiceSetupDependencies
   ): ISearchSetup {
     core.savedObjects.registerType(searchSessionSavedObjectType);
     const usage = usageCollection ? usageProvider(core) : undefined;
@@ -156,7 +154,7 @@ export class SearchService implements Plugin<ISearchSetup, ISearchStart> {
     registerSearchRoute(router);
     registerSessionRoutes(router, this.logger);
 
-    this.sessionService.setup(core, { security });
+    this.sessionService.setup(core, {});
 
     core.http.registerRouteHandlerContext<DataRequestHandlerContext, 'search'>(
       'search',
diff --git a/src/plugins/data/server/search/session/session_service.test.ts b/src/plugins/data/server/search/session/session_service.test.ts
index 212eb810f227e..5a31cefe7b998 100644
--- a/src/plugins/data/server/search/session/session_service.test.ts
+++ b/src/plugins/data/server/search/session/session_service.test.ts
@@ -18,7 +18,7 @@ import { createRequestHash } from './utils';
 import moment from 'moment';
 import { coreMock } from '@kbn/core/server/mocks';
 import { ConfigSchema } from '../../../config';
-import type { AuthenticatedUser } from '@kbn/security-plugin/common';
+import type { AuthenticatedUser } from '@kbn/core/server';
 import { SEARCH_SESSION_TYPE, SearchSessionStatus } from '../../../common';
 import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
 
diff --git a/src/plugins/data/server/search/session/session_service.ts b/src/plugins/data/server/search/session/session_service.ts
index 8eeff580ca450..d729795d4f8fe 100644
--- a/src/plugins/data/server/search/session/session_service.ts
+++ b/src/plugins/data/server/search/session/session_service.ts
@@ -18,7 +18,7 @@ import {
   SavedObjectsFindOptions,
   ElasticsearchClient,
 } from '@kbn/core/server';
-import type { AuthenticatedUser, SecurityPluginSetup } from '@kbn/security-plugin/server';
+import type { AuthenticatedUser } from '@kbn/core/server';
 import { defer } from '@kbn/kibana-utils-plugin/common';
 import type { IKibanaSearchRequest, ISearchOptions } from '@kbn/search-types';
 import { debounce } from 'lodash';
@@ -43,10 +43,8 @@ export interface SearchSessionStatusDependencies extends SearchSessionDependenci
   internalElasticsearchClient: ElasticsearchClient;
 }
 
-interface SetupDependencies {
-  security?: SecurityPluginSetup;
-}
-
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface SetupDependencies {}
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
 interface StartDependencies {}
 
@@ -68,7 +66,6 @@ interface TrackIdQueueEntry {
 
 export class SearchSessionService implements ISearchSessionService {
   private sessionConfig: SearchSessionsConfigSchema;
-  private security?: SecurityPluginSetup;
   private setupCompleted = false;
 
   constructor(
@@ -80,8 +77,6 @@ export class SearchSessionService implements ISearchSessionService {
   }
 
   public setup(core: CoreSetup, deps: SetupDependencies) {
-    this.security = deps.security;
-
     this.setupCompleted = true;
   }
 
@@ -419,9 +414,9 @@ export class SearchSessionService implements ISearchSessionService {
     return session.attributes.idMapping[requestHash].id;
   };
 
-  public asScopedProvider = ({ savedObjects, elasticsearch }: CoreStart) => {
+  public asScopedProvider = ({ security, savedObjects, elasticsearch }: CoreStart) => {
     return (request: KibanaRequest) => {
-      const user = this.security?.authc.getCurrentUser(request) ?? null;
+      const user = security.authc.getCurrentUser(request) ?? null;
       const savedObjectsClient = savedObjects.getScopedClient(request, {
         includedHiddenTypes: [SEARCH_SESSION_TYPE],
       });
diff --git a/src/plugins/data/tsconfig.json b/src/plugins/data/tsconfig.json
index ea92ad9289b13..3c8d6b1718439 100644
--- a/src/plugins/data/tsconfig.json
+++ b/src/plugins/data/tsconfig.json
@@ -25,7 +25,6 @@
     "@kbn/field-formats-plugin",
     "@kbn/data-views-plugin",
     "@kbn/screenshot-mode-plugin",
-    "@kbn/security-plugin",
     "@kbn/expressions-plugin",
     "@kbn/field-types",
     "@kbn/es-query",
diff --git a/src/plugins/data_view_editor/public/open_editor.tsx b/src/plugins/data_view_editor/public/open_editor.tsx
index 779f141ab0fdc..a2c38c82d290e 100644
--- a/src/plugins/data_view_editor/public/open_editor.tsx
+++ b/src/plugins/data_view_editor/public/open_editor.tsx
@@ -85,6 +85,10 @@ export const getEditorOpener =
         {
           hideCloseButton: true,
           size: 'l',
+          maskProps: {
+            // EUI TODO: This z-index override of EuiOverlayMask is a workaround, and ideally should be resolved with a cleaner UI/UX flow long-term
+            style: 'z-index: 1003', // we need this flyout to be above the timeline flyout (which has a z-index of 1002)
+          },
         }
       );
 
diff --git a/src/plugins/data_view_field_editor/public/components/field_format_editor/editors/url/__snapshots__/url.test.tsx.snap b/src/plugins/data_view_field_editor/public/components/field_format_editor/editors/url/__snapshots__/url.test.tsx.snap
index 7e9d3080654f8..2968748f1a7b8 100644
--- a/src/plugins/data_view_field_editor/public/components/field_format_editor/editors/url/__snapshots__/url.test.tsx.snap
+++ b/src/plugins/data_view_field_editor/public/components/field_format_editor/editors/url/__snapshots__/url.test.tsx.snap
@@ -25,9 +25,10 @@ exports[`UrlFormatEditor should render normally 1`] = `
       >
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons"
+            class="euiSelect emotion-euiSelect"
             data-test-subj="urlEditorType"
             id="generated-id"
           >
@@ -149,7 +150,7 @@ exports[`UrlFormatEditor should render normally 1`] = `
         >
           <input
             aria-describedby="generated-id-help-0"
-            class="euiFieldText"
+            class="euiFieldText emotion-euiFieldText"
             data-test-subj="urlEditorUrlTemplate"
             id="generated-id"
             type="text"
@@ -210,7 +211,7 @@ exports[`UrlFormatEditor should render normally 1`] = `
         >
           <input
             aria-describedby="generated-id-help-0"
-            class="euiFieldText"
+            class="euiFieldText emotion-euiFieldText"
             data-test-subj="urlEditorLabelTemplate"
             id="generated-id"
             type="text"
diff --git a/src/plugins/data_view_field_editor/public/open_editor.tsx b/src/plugins/data_view_field_editor/public/open_editor.tsx
index cbd9650f82245..e6caeacdfa7d9 100644
--- a/src/plugins/data_view_field_editor/public/open_editor.tsx
+++ b/src/plugins/data_view_field_editor/public/open_editor.tsx
@@ -15,13 +15,14 @@ import { euiFlyoutClassname } from './constants';
 import type { ApiService } from './lib/api';
 import type {
   DataPublicPluginStart,
-  DataView,
   UsageCollectionStart,
   RuntimeType,
   DataViewsPublicPluginStart,
   FieldFormatsStart,
   DataViewField,
+  DataViewLazy,
 } from './shared_imports';
+import { DataView } from './shared_imports';
 import { createKibanaReactContext } from './shared_imports';
 import type { CloseEditor, Field, InternalFieldType, PluginStart } from './types';
 
@@ -34,7 +35,7 @@ export interface OpenFieldEditorOptions {
    * context containing the data view the field belongs to
    */
   ctx: {
-    dataView: DataView;
+    dataView: DataView | DataViewLazy;
   };
   /**
    * action to take after field is saved
@@ -72,7 +73,7 @@ export const getFieldEditorOpener =
     usageCollection,
     apiService,
   }: Dependencies) =>
-  (options: OpenFieldEditorOptions): CloseEditor => {
+  async (options: OpenFieldEditorOptions): Promise<CloseEditor> => {
     const { uiSettings, overlays, docLinks, notifications, settings, theme } = core;
     const { Provider: KibanaReactContextProvider } = createKibanaReactContext({
       uiSettings,
@@ -91,12 +92,12 @@ export const getFieldEditorOpener =
       canCloseValidator.current = args.canCloseValidator;
     };
 
-    const openEditor = ({
+    const openEditor = async ({
       onSave,
       fieldName: fieldNameToEdit,
       fieldToCreate,
-      ctx: { dataView },
-    }: OpenFieldEditorOptions): CloseEditor => {
+      ctx: { dataView: dataViewLazyOrNot },
+    }: OpenFieldEditorOptions): Promise<CloseEditor> => {
       const closeEditor = () => {
         if (overlayRef) {
           overlayRef.close();
@@ -113,7 +114,7 @@ export const getFieldEditorOpener =
       };
 
       const getRuntimeField = (name: string) => {
-        const fld = dataView.getAllRuntimeFields()[name];
+        const fld = dataViewLazyOrNot.getAllRuntimeFields()[name];
         return {
           name,
           runtimeField: fld,
@@ -129,6 +130,11 @@ export const getFieldEditorOpener =
         };
       };
 
+      const dataView =
+        dataViewLazyOrNot instanceof DataView
+          ? dataViewLazyOrNot
+          : await dataViews.toDataView(dataViewLazyOrNot);
+
       const dataViewField = fieldNameToEdit
         ? dataView.getFieldByName(fieldNameToEdit) || getRuntimeField(fieldNameToEdit)
         : undefined;
diff --git a/src/plugins/data_view_field_editor/public/plugin.test.tsx b/src/plugins/data_view_field_editor/public/plugin.test.tsx
index a527f3b09de83..317faa7bf5c63 100644
--- a/src/plugins/data_view_field_editor/public/plugin.test.tsx
+++ b/src/plugins/data_view_field_editor/public/plugin.test.tsx
@@ -63,7 +63,7 @@ describe('DataViewFieldEditorPlugin', () => {
     };
     const { openEditor } = plugin.start(coreStartMocked, pluginStart);
 
-    openEditor({ onSave: onSaveSpy, ctx: { dataView: {} as any } });
+    await openEditor({ onSave: onSaveSpy, ctx: { dataView: {} as any } });
 
     expect(openFlyout).toHaveBeenCalled();
 
@@ -82,7 +82,7 @@ describe('DataViewFieldEditorPlugin', () => {
   test('should return a handler to close the flyout', async () => {
     const { openEditor } = plugin.start(coreStart, pluginStart);
 
-    const closeEditorHandler = openEditor({ onSave: noop, ctx: { dataView: {} as any } });
+    const closeEditorHandler = await openEditor({ onSave: noop, ctx: { dataView: {} as any } });
     expect(typeof closeEditorHandler).toBe('function');
   });
 
diff --git a/src/plugins/data_view_field_editor/public/shared_imports.ts b/src/plugins/data_view_field_editor/public/shared_imports.ts
index 62fad495cd22b..8042b1594c618 100644
--- a/src/plugins/data_view_field_editor/public/shared_imports.ts
+++ b/src/plugins/data_view_field_editor/public/shared_imports.ts
@@ -8,11 +8,8 @@
 
 export type { DataPublicPluginStart } from '@kbn/data-plugin/public';
 
-export type {
-  DataViewsPublicPluginStart,
-  DataView,
-  DataViewField,
-} from '@kbn/data-views-plugin/public';
+export type { DataViewsPublicPluginStart, DataViewField } from '@kbn/data-views-plugin/public';
+export { DataView } from '@kbn/data-views-plugin/public';
 export type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
 
 export type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public';
@@ -24,6 +21,7 @@ export type {
   RuntimeFieldSubField,
   RuntimeFieldSubFields,
   RuntimePrimitiveTypes,
+  DataViewLazy,
 } from '@kbn/data-views-plugin/common';
 export { KBN_FIELD_TYPES, ES_FIELD_TYPES } from '@kbn/data-plugin/common';
 
diff --git a/src/plugins/data_view_field_editor/public/types.ts b/src/plugins/data_view_field_editor/public/types.ts
index 3688f79c16689..46c0725d78339 100644
--- a/src/plugins/data_view_field_editor/public/types.ts
+++ b/src/plugins/data_view_field_editor/public/types.ts
@@ -38,12 +38,12 @@ export interface PluginStart {
   /**
    * Method to open the data view field editor fly-out
    */
-  openEditor(options: OpenFieldEditorOptions): () => void;
+  openEditor(options: OpenFieldEditorOptions): Promise<CloseEditor>;
   /**
    * Method to open the data view field delete fly-out
    * @param options Configuration options for the fly-out
    */
-  openDeleteModal(options: OpenFieldDeleteModalOptions): () => void;
+  openDeleteModal(options: OpenFieldDeleteModalOptions): CloseEditor;
   fieldFormatEditors: FormatEditorServiceStart['fieldFormatEditors'];
   /**
    * Convenience method for user permissions checks
diff --git a/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx b/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx
index e3f40560f7c87..1933a3e97e42c 100644
--- a/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx
+++ b/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx
@@ -31,6 +31,7 @@ import {
 import { pickBy } from 'lodash';
 import { setStateToKbnUrl } from '@kbn/kibana-utils-plugin/public';
 import type * as CSS from 'csstype';
+import { RollupDeprecationTooltip } from '@kbn/rollup';
 import { IndexPatternManagmentContext } from '../../types';
 import { Tabs } from './tabs';
 import { IndexHeader } from './index_header';
@@ -292,6 +293,10 @@ export const EditIndexPattern = withRouter(
                   >
                     {tag.name}
                   </EuiBadge>
+                ) : tag.key === 'rollup' ? (
+                  <RollupDeprecationTooltip>
+                    <EuiBadge color="warning">{tag.name}</EuiBadge>
+                  </RollupDeprecationTooltip>
                 ) : (
                   <EuiBadge color="hollow">{tag.name}</EuiBadge>
                 )}
diff --git a/src/plugins/data_view_management/public/components/edit_index_pattern/tabs/tabs.tsx b/src/plugins/data_view_management/public/components/edit_index_pattern/tabs/tabs.tsx
index b72ef13a6cfdc..2cf6916f25868 100644
--- a/src/plugins/data_view_management/public/components/edit_index_pattern/tabs/tabs.tsx
+++ b/src/plugins/data_view_management/public/components/edit_index_pattern/tabs/tabs.tsx
@@ -308,8 +308,8 @@ export const Tabs: React.FC<TabsProps> = ({
   }, []);
 
   const openFieldEditor = useCallback(
-    (fieldName?: string) => {
-      closeEditorHandler.current = dataViewFieldEditor.openEditor({
+    async (fieldName?: string) => {
+      closeEditorHandler.current = await dataViewFieldEditor.openEditor({
         ctx: {
           dataView: indexPattern,
         },
diff --git a/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx b/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx
index 7b8075f6eca46..50d46eab93cd5 100644
--- a/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx
+++ b/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx
@@ -28,6 +28,7 @@ import { reactRouterNavigate, useKibana } from '@kbn/kibana-react-plugin/public'
 import { NoDataViewsPromptComponent } from '@kbn/shared-ux-prompt-no-data-views';
 import type { SpacesContextProps } from '@kbn/spaces-plugin/public';
 import { DataViewType } from '@kbn/data-views-plugin/public';
+import { RollupDeprecationTooltip } from '@kbn/rollup';
 import type { IndexPatternManagmentContext } from '../../types';
 import { getListBreadcrumbs } from '../breadcrumbs';
 import { type RemoveDataViewProps, removeDataView } from '../edit_index_pattern';
@@ -247,7 +248,14 @@ export const IndexPatternTable = ({
           )}
           {dataView?.tags?.map(({ key: tagKey, name: tagName }) => (
             <span key={tagKey}>
-              &emsp;<EuiBadge>{tagName}</EuiBadge>
+              &emsp;
+              {tagKey === DataViewType.ROLLUP ? (
+                <RollupDeprecationTooltip>
+                  <EuiBadge color="warning">{tagName}</EuiBadge>
+                </RollupDeprecationTooltip>
+              ) : (
+                <EuiBadge>{tagName}</EuiBadge>
+              )}
             </span>
           ))}
         </div>
diff --git a/src/plugins/data_view_management/public/components/utils.ts b/src/plugins/data_view_management/public/components/utils.ts
index c7acc48df329c..21fcb792438a0 100644
--- a/src/plugins/data_view_management/public/components/utils.ts
+++ b/src/plugins/data_view_management/public/components/utils.ts
@@ -14,6 +14,7 @@ import {
   DataViewType,
 } from '@kbn/data-views-plugin/public';
 import { i18n } from '@kbn/i18n';
+import { ROLLUP_DEPRECATION_BADGE_LABEL } from '@kbn/rollup';
 
 const defaultIndexPatternListName = i18n.translate(
   'indexPatternManagement.editIndexPattern.list.defaultIndexPatternListName',
@@ -22,13 +23,6 @@ const defaultIndexPatternListName = i18n.translate(
   }
 );
 
-const rollupIndexPatternListName = i18n.translate(
-  'indexPatternManagement.editIndexPattern.list.rollupIndexPatternListName',
-  {
-    defaultMessage: 'Rollup',
-  }
-);
-
 export const isRollup = (indexPatternType: string = '') => {
   return indexPatternType === DataViewType.ROLLUP;
 };
@@ -85,7 +79,7 @@ export const getTags = (
   if (isRollup(indexPattern.type) && rollupsEnabled) {
     tags.push({
       key: DataViewType.ROLLUP,
-      name: rollupIndexPatternListName,
+      name: ROLLUP_DEPRECATION_BADGE_LABEL,
       'data-test-subj': 'rollup-tag',
     });
   }
diff --git a/src/plugins/data_view_management/tsconfig.json b/src/plugins/data_view_management/tsconfig.json
index 5098d92c97bf3..ea0c96cc66b74 100644
--- a/src/plugins/data_view_management/tsconfig.json
+++ b/src/plugins/data_view_management/tsconfig.json
@@ -44,6 +44,7 @@
     "@kbn/core-http-browser",
     "@kbn/code-editor",
     "@kbn/react-kibana-mount",
+    "@kbn/rollup",
   ],
   "exclude": [
     "target/**/*",
diff --git a/src/plugins/data_views/common/data_views/data_view_lazy.ts b/src/plugins/data_views/common/data_views/data_view_lazy.ts
index 0fbb7f2ae21e0..5bab48ff7b300 100644
--- a/src/plugins/data_views/common/data_views/data_view_lazy.ts
+++ b/src/plugins/data_views/common/data_views/data_view_lazy.ts
@@ -503,7 +503,6 @@ export class DataViewLazy extends AbstractDataView {
   }
 
   getRuntimeMappings(): estypes.MappingRuntimeFields {
-    // @ts-expect-error composite type is not yet supported by es client but it can be forced
     return this.runtimeFieldMap;
   }
 
diff --git a/src/plugins/data_views/public/index.ts b/src/plugins/data_views/public/index.ts
index 96380665548dd..f690552b5a147 100644
--- a/src/plugins/data_views/public/index.ts
+++ b/src/plugins/data_views/public/index.ts
@@ -67,7 +67,6 @@ export type {
   DataViewsContract,
   HasDataViewsResponse,
   IndicesViaSearchResponse,
-  UserIdGetter,
 } from './types';
 
 // Export plugin after all other imports
diff --git a/src/plugins/data_views/public/mocks.ts b/src/plugins/data_views/public/mocks.ts
index e9d5b487b8b00..47b1eb8f8d2e3 100644
--- a/src/plugins/data_views/public/mocks.ts
+++ b/src/plugins/data_views/public/mocks.ts
@@ -40,6 +40,7 @@ const createStartContract = (): Start => {
     getIdsWithTitle: jest.fn(),
     getFieldsForIndexPattern: jest.fn(),
     create: jest.fn().mockReturnValue(Promise.resolve({})),
+    toDataView: jest.fn().mockReturnValue(Promise.resolve({})),
   } as unknown as jest.Mocked<DataViewsContract>;
 };
 
diff --git a/src/plugins/data_views/public/plugin.ts b/src/plugins/data_views/public/plugin.ts
index 8ff545d8585e1..3a847ce939981 100644
--- a/src/plugins/data_views/public/plugin.ts
+++ b/src/plugins/data_views/public/plugin.ts
@@ -8,7 +8,6 @@
 
 import { CoreSetup, CoreStart, Plugin, PluginInitializerContext } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
-import type { SecurityPluginStart } from '@kbn/security-plugin-types-public';
 import { getIndexPatternLoad } from './expressions';
 import type { ClientConfigType } from '../common/types';
 import {
@@ -16,7 +15,6 @@ import {
   DataViewsPublicPluginStart,
   DataViewsPublicSetupDependencies,
   DataViewsPublicStartDependencies,
-  UserIdGetter,
 } from './types';
 
 import { DataViewsApiClient } from '.';
@@ -43,7 +41,6 @@ export class DataViewsPublicPlugin
 {
   private readonly hasData = new HasData();
   private rollupsEnabled: boolean = false;
-  private userIdGetter: UserIdGetter = async () => undefined;
 
   constructor(private readonly initializerContext: PluginInitializerContext) {}
 
@@ -63,18 +60,6 @@ export class DataViewsPublicPlugin
       }),
     });
 
-    core.plugins.onStart<{ security: SecurityPluginStart }>('security').then(({ security }) => {
-      if (security.found) {
-        const getUserId = async function getUserId(): Promise<string | undefined> {
-          const currentUser = await security.contract.authc.getCurrentUser();
-          return currentUser?.profile_uid;
-        };
-        this.userIdGetter = getUserId;
-      } else {
-        throw new Error('Security plugin is not available, but is required for Data Views plugin');
-      }
-    });
-
     return {
       enableRollups: () => (this.rollupsEnabled = true),
     };
@@ -101,7 +86,10 @@ export class DataViewsPublicPlugin
       hasData: this.hasData.start(core),
       uiSettings: new UiSettingsPublicToCommon(uiSettings),
       savedObjectsClient: new ContentMagementWrapper(contentManagement.client),
-      apiClient: new DataViewsApiClient(http, () => this.userIdGetter()),
+      apiClient: new DataViewsApiClient(http, async () => {
+        const currentUser = await core.security.authc.getCurrentUser();
+        return currentUser?.profile_uid;
+      }),
       fieldFormats,
       http,
       onNotification: (toastInputFields, key) => {
diff --git a/src/plugins/data_views/public/types.ts b/src/plugins/data_views/public/types.ts
index 98db0382f641f..7d6cbbc6cf533 100644
--- a/src/plugins/data_views/public/types.ts
+++ b/src/plugins/data_views/public/types.ts
@@ -106,8 +106,6 @@ export interface DataViewsPublicStartDependencies {
   contentManagement: ContentManagementPublicStart;
 }
 
-export type UserIdGetter = () => Promise<string | undefined>;
-
 /**
  * Data plugin public Setup contract
  */
diff --git a/src/plugins/data_views/tsconfig.json b/src/plugins/data_views/tsconfig.json
index 13fc03be53996..312de968d6408 100644
--- a/src/plugins/data_views/tsconfig.json
+++ b/src/plugins/data_views/tsconfig.json
@@ -33,7 +33,6 @@
     "@kbn/object-versioning",
     "@kbn/core-saved-objects-server",
     "@kbn/logging",
-    "@kbn/security-plugin-types-public",
     "@kbn/crypto-browser",
   ],
   "exclude": [
diff --git a/src/plugins/discover/public/application/context/context_app.tsx b/src/plugins/discover/public/application/context/context_app.tsx
index 5c7372f8d1d24..dc22a77fecede 100644
--- a/src/plugins/discover/public/application/context/context_app.tsx
+++ b/src/plugins/discover/public/application/context/context_app.tsx
@@ -141,7 +141,7 @@ export const ContextApp = ({ dataView, anchorId, referrer }: ContextAppProps) =>
         await fetchContextRows();
       }
 
-      if (analytics) {
+      if (analytics && fetchType) {
         const fetchDuration = window.performance.now() - startTime;
         reportPerformanceMetricEvent(analytics, {
           eventName: 'discoverSurroundingDocsFetch',
diff --git a/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx b/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx
index f0feaa2d63230..0428ff131238f 100644
--- a/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx
+++ b/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx
@@ -184,8 +184,10 @@ export function useContextAppFetch({
     [fetchSurroundingRows]
   );
 
-  const fetchAllRows = useCallback(() => {
-    fetchAnchorRow().then((anchor) => anchor && fetchContextRows(anchor));
+  const fetchAllRows = useCallback(async () => {
+    const anchor = await fetchAnchorRow();
+    if (!anchor) return;
+    return await fetchContextRows(anchor);
   }, [fetchAnchorRow, fetchContextRows]);
 
   const resetFetchedState = useCallback(() => {
diff --git a/src/plugins/discover/public/application/main/components/top_nav/discover_topnav.tsx b/src/plugins/discover/public/application/main/components/top_nav/discover_topnav.tsx
index d05226a0098ce..55fe8825477d9 100644
--- a/src/plugins/discover/public/application/main/components/top_nav/discover_topnav.tsx
+++ b/src/plugins/discover/public/application/main/components/top_nav/discover_topnav.tsx
@@ -92,7 +92,7 @@ export const DiscoverTopNav = ({
         ? async (fieldName?: string, uiAction: 'edit' | 'add' = 'edit') => {
             if (dataView?.id) {
               const dataViewInstance = await data.dataViews.get(dataView.id);
-              closeFieldEditor.current = dataViewFieldEditor.openEditor({
+              closeFieldEditor.current = await dataViewFieldEditor.openEditor({
                 ctx: {
                   dataView: dataViewInstance,
                 },
diff --git a/src/plugins/embeddable/public/index.ts b/src/plugins/embeddable/public/index.ts
index b00adeb711a5b..88faa59b51c81 100644
--- a/src/plugins/embeddable/public/index.ts
+++ b/src/plugins/embeddable/public/index.ts
@@ -108,3 +108,5 @@ export {
   embeddableInputToSubject,
   embeddableOutputToSubject,
 } from './lib/embeddables/compatibility/embeddable_compatibility_utils';
+
+export { COMMON_EMBEDDABLE_GROUPING } from './lib/embeddables/common/constants';
diff --git a/src/plugins/embeddable/public/lib/embeddables/common/constants.ts b/src/plugins/embeddable/public/lib/embeddables/common/constants.ts
new file mode 100644
index 0000000000000..78228ec370a0e
--- /dev/null
+++ b/src/plugins/embeddable/public/lib/embeddables/common/constants.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { UiActionsPresentableGroup } from '@kbn/ui-actions-plugin/public';
+
+export const COMMON_EMBEDDABLE_GROUPING: { [key: string]: UiActionsPresentableGroup<unknown> } = {
+  legacy: {
+    id: 'legacy',
+    getDisplayName: () =>
+      i18n.translate('embeddableApi.common.constants.grouping.legacy', {
+        defaultMessage: 'Legacy',
+      }),
+    order: -2,
+  },
+  annotation: {
+    id: 'annotation-and-navigation',
+    getDisplayName: () =>
+      i18n.translate('embeddableApi.common.constants.grouping.annotations', {
+        defaultMessage: 'Annotations and Navigation',
+      }),
+  },
+  other: {
+    id: 'other',
+    getDisplayName: () =>
+      i18n.translate('embeddableApi.common.constants.grouping.other', {
+        defaultMessage: 'Other',
+      }),
+    getIconType: () => 'empty',
+    order: -1,
+  },
+};
diff --git a/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts b/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts
index cb19b82d75c98..39e32f756ae0c 100644
--- a/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts
+++ b/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts
@@ -148,4 +148,6 @@ export interface EmbeddableFactory<
     initialInput: TEmbeddableInput,
     parent?: IContainer
   ): Promise<TEmbeddable | ErrorEmbeddable | undefined>;
+
+  order?: number;
 }
diff --git a/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_renderer.tsx b/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_renderer.tsx
index 002328cf22274..91f4e02527bbb 100644
--- a/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_renderer.tsx
+++ b/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_renderer.tsx
@@ -9,6 +9,7 @@
 import {
   apiIsPresentationContainer,
   HasSerializedChildState,
+  HasSnapshottableState,
   SerializedPanelState,
 } from '@kbn/presentation-containers';
 import { PresentationPanel, PresentationPanelProps } from '@kbn/presentation-panel-plugin/public';
@@ -170,7 +171,7 @@ export const ReactEmbeddableRenderer = <
             } as unknown as SetReactEmbeddableApiRegistration<SerializedState, RuntimeState, Api>);
 
             cleanupFunction.current = () => cleanup();
-            return fullApi;
+            return fullApi as Api & HasSnapshottableState<RuntimeState>;
           };
 
           const { api, Component } = await factory.buildEmbeddable(
@@ -188,7 +189,6 @@ export const ReactEmbeddableRenderer = <
           } else {
             reportPhaseChange(false);
           }
-
           return { api, Component };
         };
 
diff --git a/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_state.ts b/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_state.ts
index ddfaf10953821..f29d418bd3963 100644
--- a/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_state.ts
+++ b/src/plugins/embeddable/public/react_embeddable_system/react_embeddable_state.ts
@@ -39,9 +39,10 @@ export const initializeReactEmbeddableState = async <
   factory: ReactEmbeddableFactory<SerializedState, RuntimeState, Api>,
   parentApi: HasSerializedChildState<SerializedState>
 ) => {
-  const lastSavedRuntimeState = await factory.deserializeState(
-    parentApi.getSerializedStateForChild(uuid)
-  );
+  const serializedState = parentApi.getSerializedStateForChild(uuid);
+  const lastSavedRuntimeState = serializedState
+    ? await factory.deserializeState(serializedState)
+    : ({} as RuntimeState);
 
   // If the parent provides runtime state for the child (usually as a state backup or cache),
   // we merge it with the last saved runtime state.
diff --git a/src/plugins/embeddable/public/react_embeddable_system/types.ts b/src/plugins/embeddable/public/react_embeddable_system/types.ts
index cc4b9cf9b7976..e9a5a697f07e5 100644
--- a/src/plugins/embeddable/public/react_embeddable_system/types.ts
+++ b/src/plugins/embeddable/public/react_embeddable_system/types.ts
@@ -114,7 +114,7 @@ export interface ReactEmbeddableFactory<
     buildApi: (
       apiRegistration: BuildReactEmbeddableApiRegistration<SerializedState, RuntimeState, Api>,
       comparators: StateComparators<RuntimeState>
-    ) => Api,
+    ) => Api & HasSnapshottableState<RuntimeState>,
     uuid: string,
     parentApi: unknown | undefined,
     /** `setApi` should be used when the unsaved changes logic in `buildApi` is unnecessary */
diff --git a/src/plugins/es_ui_shared/public/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap b/src/plugins/es_ui_shared/public/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
index 1250bf484a2af..2ce85f8c1a74c 100644
--- a/src/plugins/es_ui_shared/public/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
+++ b/src/plugins/es_ui_shared/public/components/cron_editor/__snapshots__/cron_editor.test.tsx.snap
@@ -31,9 +31,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencySelect"
             id="generated-id"
           >
@@ -121,10 +122,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Hour"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyDailyHourSelect"
               >
                 <option
@@ -277,10 +279,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Minute"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyDailyMinuteSelect"
               >
                 <option
@@ -637,9 +640,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencySelect"
             id="generated-id"
           >
@@ -721,9 +725,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencyHourlyMinuteSelect"
             id="generated-id"
           >
@@ -1078,9 +1083,10 @@ exports[`CronEditor is rendered with a MINUTE frequency 1`] = `
       </label>
       <div
         class="euiFormControlLayout__childrenWrapper"
+        style="--euiFormControlRightIconsCount: 1;"
       >
         <select
-          class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+          class="euiSelect emotion-euiSelect-fullWidth-inGroup"
           data-test-subj="cronFrequencySelect"
           id="generated-id"
         >
@@ -1165,9 +1171,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencySelect"
             id="generated-id"
           >
@@ -1249,9 +1256,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencyMonthlyDateSelect"
             id="generated-id"
           >
@@ -1464,10 +1472,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Hour"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyMonthlyHourSelect"
               >
                 <option
@@ -1620,10 +1629,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Minute"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyMonthlyMinuteSelect"
               >
                 <option
@@ -1980,9 +1990,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencySelect"
             id="generated-id"
           >
@@ -2064,9 +2075,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencyWeeklyDaySelect"
             id="generated-id"
           >
@@ -2159,10 +2171,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Hour"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyWeeklyHourSelect"
               >
                 <option
@@ -2315,10 +2328,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Minute"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyWeeklyMinuteSelect"
               >
                 <option
@@ -2675,9 +2689,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencySelect"
             id="generated-id"
           >
@@ -2759,9 +2774,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencyYearlyMonthSelect"
             id="generated-id"
           >
@@ -2873,9 +2889,10 @@ Array [
         </label>
         <div
           class="euiFormControlLayout__childrenWrapper"
+          style="--euiFormControlRightIconsCount: 1;"
         >
           <select
-            class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+            class="euiSelect emotion-euiSelect-fullWidth-inGroup"
             data-test-subj="cronFrequencyYearlyDateSelect"
             id="generated-id"
           >
@@ -3088,10 +3105,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Hour"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyYearlyHourSelect"
               >
                 <option
@@ -3244,10 +3262,11 @@ Array [
             </label>
             <div
               class="euiFormControlLayout__childrenWrapper"
+              style="--euiFormControlRightIconsCount: 1;"
             >
               <select
                 aria-label="Minute"
-                class="euiSelect euiFormControlLayout--1icons euiSelect--fullWidth euiSelect--inGroup"
+                class="euiSelect emotion-euiSelect-fullWidth-inGroup"
                 data-test-subj="cronFrequencyYearlyMinuteSelect"
               >
                 <option
diff --git a/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts b/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts
index 37f8d3ddd6791..3aed345e7692f 100644
--- a/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts
+++ b/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts
@@ -253,7 +253,7 @@ export class EsIndexFilesMetadataClient<M = unknown> implements FileMetadataClie
 
     return {
       total: (result.hits.total as SearchTotalHits).value,
-      files: result.hits.hits.map((r) => ({ id: r._id, metadata: r._source?.file! })),
+      files: result.hits.hits.map((r) => ({ id: r._id!, metadata: r._source?.file! })),
     };
   }
 
diff --git a/src/plugins/files/server/routes/file_kind/create.ts b/src/plugins/files/server/routes/file_kind/create.ts
index 9121e27df0ac1..b15cb96a2ce93 100644
--- a/src/plugins/files/server/routes/file_kind/create.ts
+++ b/src/plugins/files/server/routes/file_kind/create.ts
@@ -31,12 +31,12 @@ export type Endpoint<M = unknown> = CreateRouteDefinition<
   FilesClient['create']
 >;
 
-export const handler: CreateHandler<Endpoint> = async ({ fileKind, files }, req, res) => {
-  const { fileService, security } = await files;
+export const handler: CreateHandler<Endpoint> = async ({ core, fileKind, files }, req, res) => {
+  const [{ security }, { fileService }] = await Promise.all([core, files]);
   const {
     body: { name, alt, meta, mimeType },
   } = req;
-  const user = security?.authc.getCurrentUser(req);
+  const user = security.authc.getCurrentUser();
   const file = await fileService.asCurrentUser().create({
     fileKind,
     name,
diff --git a/src/plugins/files/server/routes/types.ts b/src/plugins/files/server/routes/types.ts
index 9a1332137c811..5095ae8ab51a2 100644
--- a/src/plugins/files/server/routes/types.ts
+++ b/src/plugins/files/server/routes/types.ts
@@ -17,14 +17,12 @@ import type {
   ResponseError,
   RouteMethod,
 } from '@kbn/core/server';
-import type { SecurityPluginStart } from '@kbn/security-plugin/server';
 import type { FileServiceStart } from '../file_service';
 import { Counters } from '../usage';
 import { AnyEndpoint } from './api_routes';
 
 export interface FilesRequestHandlerContext extends RequestHandlerContext {
   files: Promise<{
-    security?: SecurityPluginStart;
     fileService: {
       asCurrentUser: () => FileServiceStart;
       asInternalUser: () => FileServiceStart;
diff --git a/src/plugins/files_management/common/index.ts b/src/plugins/files_management/common/index.ts
index fca412a874276..74b3801773f50 100755
--- a/src/plugins/files_management/common/index.ts
+++ b/src/plugins/files_management/common/index.ts
@@ -12,3 +12,12 @@ export const PLUGIN_ID = 'filesManagement';
 export const PLUGIN_NAME = i18n.translate('filesManagement.name', {
   defaultMessage: 'Files',
 });
+
+export const LIST_BREADCRUMB = [
+  {
+    text: i18n.translate('filesManagement.listBreadcrumb', {
+      defaultMessage: 'Files',
+    }),
+    href: '#/management/kibana/filesManagement',
+  },
+];
diff --git a/src/plugins/files_management/public/plugin.ts b/src/plugins/files_management/public/plugin.ts
index b380cd63b17c6..50ed3bb7cb79b 100755
--- a/src/plugins/files_management/public/plugin.ts
+++ b/src/plugins/files_management/public/plugin.ts
@@ -8,7 +8,7 @@
 
 import type { CoreSetup, Plugin } from '@kbn/core/public';
 import type { ManagementAppMountParams } from '@kbn/management-plugin/public';
-import { PLUGIN_ID, PLUGIN_NAME } from '../common';
+import { LIST_BREADCRUMB, PLUGIN_ID, PLUGIN_NAME } from '../common';
 import type { SetupDependencies, StartDependencies } from './types';
 
 export class FilesManagementPlugin
@@ -22,7 +22,18 @@ export class FilesManagementPlugin
       async mount(params: ManagementAppMountParams) {
         const { mountManagementSection } = await import('./mount_management_section');
         const [coreStart, depsStart] = await core.getStartServices();
-        return mountManagementSection(coreStart, depsStart, params);
+
+        const { docTitle } = coreStart.chrome;
+        docTitle.change(PLUGIN_NAME);
+
+        const { setBreadcrumbs } = params;
+        setBreadcrumbs(LIST_BREADCRUMB);
+
+        const unmountAppCallback = mountManagementSection(coreStart, depsStart, params);
+        return () => {
+          docTitle.reset();
+          unmountAppCallback();
+        };
       },
     });
   }
diff --git a/src/plugins/image_embeddable/public/actions/create_image_action.ts b/src/plugins/image_embeddable/public/actions/create_image_action.ts
index 02cd8b26e1182..bbbe0144856e0 100644
--- a/src/plugins/image_embeddable/public/actions/create_image_action.ts
+++ b/src/plugins/image_embeddable/public/actions/create_image_action.ts
@@ -9,7 +9,8 @@
 import { i18n } from '@kbn/i18n';
 import { CanAddNewPanel } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
+import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public';
+import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import {
   ADD_IMAGE_EMBEDDABLE_ACTION_ID,
   IMAGE_EMBEDDABLE_TYPE,
@@ -27,6 +28,7 @@ export const registerCreateImageAction = () => {
   uiActionsService.registerAction<EmbeddableApiContext>({
     id: ADD_IMAGE_EMBEDDABLE_ACTION_ID,
     getIconType: () => 'image',
+    order: 20,
     isCompatible: async ({ embeddable: parentApi }) => {
       return Boolean(await parentApiIsCompatible(parentApi));
     },
@@ -45,13 +47,14 @@ export const registerCreateImageAction = () => {
         // swallow the rejection, since this just means the user closed without saving
       }
     },
+    grouping: [COMMON_EMBEDDABLE_GROUPING.annotation],
     getDisplayName: () =>
       i18n.translate('imageEmbeddable.imageEmbeddableFactory.displayName', {
         defaultMessage: 'Image',
       }),
   });
 
-  uiActionsService.attachAction('ADD_PANEL_TRIGGER', ADD_IMAGE_EMBEDDABLE_ACTION_ID);
+  uiActionsService.attachAction(ADD_PANEL_TRIGGER, ADD_IMAGE_EMBEDDABLE_ACTION_ID);
   if (uiActionsService.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) {
     // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach
     // the create action if the Canvas-specific trigger does indeed exist.
diff --git a/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx b/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx
index dd2932164c014..c737640a4f1b9 100644
--- a/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx
+++ b/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx
@@ -14,7 +14,7 @@ import { FilesContext } from '@kbn/shared-ux-file-context';
 
 import { ImageConfig } from '../../image_embeddable/types';
 import { FileImageMetadata, imageEmbeddableFileKind } from '../../imports';
-import { coreServices, filesService, securityService } from '../../services/kibana_services';
+import { coreServices, filesService } from '../../services/kibana_services';
 import { createValidateUrl } from '../../utils/validate_url';
 import { ImageViewerContext } from '../image_viewer/image_viewer_context';
 
@@ -27,8 +27,8 @@ export const openImageEditor = async ({
 }): Promise<ImageConfig> => {
   const { ImageEditorFlyout } = await import('./image_editor_flyout');
 
-  const { overlays, theme, i18n, http } = coreServices;
-  const user = securityService ? await securityService.authc.getCurrentUser() : undefined;
+  const { overlays, theme, i18n, http, security } = coreServices;
+  const user = await security.authc.getCurrentUser();
   const filesClient = filesService.filesClientFactory.asUnscoped<FileImageMetadata>();
 
   /**
diff --git a/src/plugins/image_embeddable/public/services/kibana_services.ts b/src/plugins/image_embeddable/public/services/kibana_services.ts
index a04328bb6e041..84711a3c2350c 100644
--- a/src/plugins/image_embeddable/public/services/kibana_services.ts
+++ b/src/plugins/image_embeddable/public/services/kibana_services.ts
@@ -11,7 +11,6 @@ import { BehaviorSubject } from 'rxjs';
 import { CoreStart } from '@kbn/core/public';
 import { FilesStart } from '@kbn/files-plugin/public';
 import { ScreenshotModePluginStart } from '@kbn/screenshot-mode-plugin/public';
-import { SecurityPluginStart } from '@kbn/security-plugin-types-public';
 import { UiActionsStart } from '@kbn/ui-actions-plugin/public';
 
 import { ImageEmbeddableStartDependencies } from '../plugin';
@@ -20,7 +19,6 @@ export let coreServices: CoreStart;
 export let filesService: FilesStart;
 export let uiActionsService: UiActionsStart;
 export let screenshotModeService: ScreenshotModePluginStart | undefined;
-export let securityService: SecurityPluginStart | undefined;
 
 export let trackUiMetric: (
   type: string,
@@ -48,7 +46,6 @@ export const setKibanaServices = (
 ) => {
   coreServices = kibanaCore;
   filesService = deps.files;
-  securityService = deps.security;
   uiActionsService = deps.uiActions;
   screenshotModeService = deps.screenshotMode;
 
diff --git a/src/plugins/image_embeddable/tsconfig.json b/src/plugins/image_embeddable/tsconfig.json
index 7e54325cb7762..d9863cf7fd6ac 100644
--- a/src/plugins/image_embeddable/tsconfig.json
+++ b/src/plugins/image_embeddable/tsconfig.json
@@ -23,7 +23,6 @@
     "@kbn/presentation-containers",
     "@kbn/presentation-publishing",
     "@kbn/react-kibana-mount",
-    "@kbn/security-plugin-types-public",
     "@kbn/embeddable-enhanced-plugin"
   ],
   "exclude": ["target/**/*"]
diff --git a/src/plugins/kibana_utils/public/storage/storage.ts b/src/plugins/kibana_utils/public/storage/storage.ts
index 7f759c005daad..497fdef49abc0 100644
--- a/src/plugins/kibana_utils/public/storage/storage.ts
+++ b/src/plugins/kibana_utils/public/storage/storage.ts
@@ -32,9 +32,13 @@ export class Storage implements IStorageWrapper {
     }
   };
 
-  public set = (key: string, value: any) => {
+  public set = (key: string, value: any, includeUndefined: boolean = false) => {
+    const replacer = includeUndefined
+      ? (_: string, currentValue: any) =>
+          typeof currentValue === 'undefined' ? null : currentValue
+      : undefined;
     try {
-      return this.store.setItem(key, JSON.stringify(value));
+      return this.store.setItem(key, JSON.stringify(value, replacer));
     } catch (e) {
       return false;
     }
diff --git a/src/plugins/links/public/embeddable/links_embeddable.tsx b/src/plugins/links/public/embeddable/links_embeddable.tsx
index dcc49a7265a43..523d8706b2b86 100644
--- a/src/plugins/links/public/embeddable/links_embeddable.tsx
+++ b/src/plugins/links/public/embeddable/links_embeddable.tsx
@@ -17,6 +17,7 @@ import {
   Embeddable,
   ReferenceOrValueEmbeddable,
   SavedObjectEmbeddableInput,
+  COMMON_EMBEDDABLE_GROUPING,
 } from '@kbn/embeddable-plugin/public';
 
 import { CONTENT_ID } from '../../common';
@@ -44,6 +45,8 @@ export class LinksEmbeddable
   public attributes?: LinksAttributes;
   public attributes$ = new Subject<LinksAttributes>();
 
+  public grouping = [COMMON_EMBEDDABLE_GROUPING.annotation];
+
   constructor(
     config: LinksConfig,
     initialInput: LinksInput,
diff --git a/src/plugins/links/public/embeddable/links_embeddable_factory.ts b/src/plugins/links/public/embeddable/links_embeddable_factory.ts
index 9ff3877b8a42e..40d377345e4f2 100644
--- a/src/plugins/links/public/embeddable/links_embeddable_factory.ts
+++ b/src/plugins/links/public/embeddable/links_embeddable_factory.ts
@@ -14,6 +14,7 @@ import {
   EmbeddableFactory,
   EmbeddableFactoryDefinition,
   ErrorEmbeddable,
+  COMMON_EMBEDDABLE_GROUPING,
 } from '@kbn/embeddable-plugin/public';
 import {
   GetMigrationFunctionObjectFn,
@@ -55,7 +56,8 @@ export class LinksFactoryDefinition
     | ((state: EmbeddableStateWithType, stats: Record<string, any>) => Record<string, any>)
     | undefined;
   migrations?: MigrateFunctionsObject | GetMigrationFunctionObjectFn | undefined;
-  grouping?: UiActionsPresentableGrouping<unknown> | undefined;
+  grouping: UiActionsPresentableGrouping<unknown> = [COMMON_EMBEDDABLE_GROUPING.annotation];
+
   public readonly type = CONTENT_ID;
 
   public readonly isContainerType = false;
diff --git a/src/plugins/navigation/public/plugin.test.ts b/src/plugins/navigation/public/plugin.test.ts
index 6ebdfbe5003a2..e5c3a88babaf1 100644
--- a/src/plugins/navigation/public/plugin.test.ts
+++ b/src/plugins/navigation/public/plugin.test.ts
@@ -14,7 +14,6 @@ import { cloudExperimentsMock } from '@kbn/cloud-experiments-plugin/common/mocks
 import { spacesPluginMock } from '@kbn/spaces-plugin/public/mocks';
 import type { Space } from '@kbn/spaces-plugin/public';
 import type { BuildFlavor } from '@kbn/config';
-import type { UserSettingsData } from '@kbn/user-profile-components';
 import { SOLUTION_NAV_FEATURE_FLAG_NAME } from '../common';
 import { NavigationPublicPlugin } from './plugin';
 
@@ -32,10 +31,8 @@ const setup = (
   },
   {
     buildFlavor = 'traditional',
-    userSettings = {},
   }: {
     buildFlavor?: BuildFlavor;
-    userSettings?: UserSettingsData;
   } = {}
 ) => {
   const initializerContext = coreMock.createPluginInitializerContext({}, { buildFlavor });
@@ -219,6 +216,85 @@ describe('Navigation Plugin', () => {
     });
 
     describe('isSolutionNavEnabled$', () => {
+      // This test will need to be changed when we remove the feature flag
+      it('should be off by default', async () => {
+        const { plugin, coreStart, unifiedSearch, cloud } = setup({ featureOn });
+
+        const { isSolutionNavEnabled$ } = plugin.start(coreStart, {
+          unifiedSearch,
+          cloud,
+        });
+        await new Promise((resolve) => setTimeout(resolve));
+
+        const isEnabled = await firstValueFrom(isSolutionNavEnabled$);
+        expect(isEnabled).toBe(false);
+      });
+
+      it('should be off if feature flag if "ON" but space solution is "classic" or "undefined"', async () => {
+        const { plugin, coreStart, unifiedSearch, cloud, cloudExperiments, spaces } = setup({
+          featureOn,
+        });
+
+        cloudExperiments.getVariation.mockResolvedValue(true); // Feature flag ON
+
+        {
+          spaces.getActiveSpace$ = jest
+            .fn()
+            .mockReturnValue(of({ solution: undefined } as Pick<Space, 'solution'>));
+
+          const { isSolutionNavEnabled$ } = plugin.start(coreStart, {
+            unifiedSearch,
+            cloud,
+            cloudExperiments,
+            spaces,
+          });
+          await new Promise((resolve) => setTimeout(resolve));
+
+          const isEnabled = await firstValueFrom(isSolutionNavEnabled$);
+          expect(isEnabled).toBe(false);
+        }
+
+        {
+          spaces.getActiveSpace$ = jest
+            .fn()
+            .mockReturnValue(of({ solution: 'classic' } as Pick<Space, 'solution'>));
+
+          const { isSolutionNavEnabled$ } = plugin.start(coreStart, {
+            unifiedSearch,
+            cloud,
+            cloudExperiments,
+            spaces,
+          });
+          await new Promise((resolve) => setTimeout(resolve));
+
+          const isEnabled = await firstValueFrom(isSolutionNavEnabled$);
+          expect(isEnabled).toBe(false);
+        }
+      });
+
+      it('should be on if feature flag if "ON" and space solution is set', async () => {
+        const { plugin, coreStart, unifiedSearch, cloud, cloudExperiments, spaces } = setup({
+          featureOn,
+        });
+
+        cloudExperiments.getVariation.mockResolvedValue(true); // Feature flag ON
+
+        spaces.getActiveSpace$ = jest
+          .fn()
+          .mockReturnValue(of({ solution: 'es' } as Pick<Space, 'solution'>));
+
+        const { isSolutionNavEnabled$ } = plugin.start(coreStart, {
+          unifiedSearch,
+          cloud,
+          cloudExperiments,
+          spaces,
+        });
+        await new Promise((resolve) => setTimeout(resolve));
+
+        const isEnabled = await firstValueFrom(isSolutionNavEnabled$);
+        expect(isEnabled).toBe(true);
+      });
+
       it('on serverless should flag must be disabled', async () => {
         const { plugin, coreStart, unifiedSearch, cloud, cloudExperiments } = setup(
           { featureOn },
diff --git a/src/plugins/navigation/public/plugin.tsx b/src/plugins/navigation/public/plugin.tsx
index 8aa9eea2351d6..bef9b7c3a933c 100644
--- a/src/plugins/navigation/public/plugin.tsx
+++ b/src/plugins/navigation/public/plugin.tsx
@@ -6,7 +6,16 @@
  * Side Public License, v 1.
  */
 import React from 'react';
-import { firstValueFrom, from, of, ReplaySubject, shareReplay, take, combineLatest } from 'rxjs';
+import {
+  firstValueFrom,
+  from,
+  of,
+  ReplaySubject,
+  shareReplay,
+  take,
+  combineLatest,
+  map,
+} from 'rxjs';
 import { PluginInitializerContext, CoreSetup, CoreStart, Plugin } from '@kbn/core/public';
 import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
 import type { Space } from '@kbn/spaces-plugin/public';
@@ -119,7 +128,14 @@ export class NavigationPublicPlugin
           this.addSolutionNavigation(solutionNavigation);
         });
       },
-      isSolutionNavEnabled$: this.isSolutionNavExperiementEnabled$,
+      isSolutionNavEnabled$: combineLatest([
+        this.isSolutionNavExperiementEnabled$,
+        activeSpace$,
+      ]).pipe(
+        map(([isFeatureEnabled, activeSpace]) => {
+          return getIsProjectNav(isFeatureEnabled, activeSpace?.solution) && !isServerless;
+        })
+      ),
     };
   }
 
@@ -169,11 +185,7 @@ export class NavigationPublicPlugin
     }: { isFeatureEnabled: boolean; isServerless: boolean; activeSpace?: Space }
   ) {
     const solutionView = activeSpace?.solution;
-    const isProjectNav =
-      isFeatureEnabled &&
-      Boolean(solutionView) &&
-      isKnownSolutionView(solutionView) &&
-      solutionView !== 'classic';
+    const isProjectNav = getIsProjectNav(isFeatureEnabled, solutionView) && !isServerless;
 
     // On serverless the chrome style is already set by the serverless plugin
     if (!isServerless) {
@@ -186,6 +198,10 @@ export class NavigationPublicPlugin
   }
 }
 
+function getIsProjectNav(isFeatureEnabled: boolean, solutionView?: string) {
+  return isFeatureEnabled && Boolean(solutionView) && isKnownSolutionView(solutionView);
+}
+
 function isKnownSolutionView(solution?: string) {
-  return solution && ['oblt', 'es', 'security'].includes(solution);
+  return Boolean(solution) && ['oblt', 'es', 'security'].includes(solution!);
 }
diff --git a/src/plugins/navigation/tsconfig.json b/src/plugins/navigation/tsconfig.json
index 69c26355ea7eb..53faee865c065 100644
--- a/src/plugins/navigation/tsconfig.json
+++ b/src/plugins/navigation/tsconfig.json
@@ -22,7 +22,6 @@
     "@kbn/shared-ux-chrome-navigation",
     "@kbn/cloud-plugin",
     "@kbn/config",
-    "@kbn/user-profile-components",
     "@kbn/cloud-experiments-plugin",
     "@kbn/spaces-plugin",
   ],
diff --git a/src/plugins/presentation_panel/public/panel_component/panel_header/use_presentation_panel_header_actions.tsx b/src/plugins/presentation_panel/public/panel_component/panel_header/use_presentation_panel_header_actions.tsx
index 740aa18606837..5c31419de3f89 100644
--- a/src/plugins/presentation_panel/public/panel_component/panel_header/use_presentation_panel_header_actions.tsx
+++ b/src/plugins/presentation_panel/public/panel_component/panel_header/use_presentation_panel_header_actions.tsx
@@ -141,7 +141,9 @@ export const usePresentationPanelHeaderActions = <
       );
 
       return tooltipText ? (
-        <EuiToolTip content={tooltipText}>{badgeElement}</EuiToolTip>
+        <EuiToolTip key={badge.id} content={tooltipText}>
+          {badgeElement}
+        </EuiToolTip>
       ) : (
         badgeElement
       );
diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/flyout.test.tsx.snap b/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/flyout.test.tsx.snap
index e3445d77bb541..6f30a6715f023 100644
--- a/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/flyout.test.tsx.snap
+++ b/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/flyout.test.tsx.snap
@@ -314,10 +314,8 @@ exports[`Flyout should render import step 1`] = `
         }
         labelType="label"
       >
-        <EuiFilePicker
+        <EuiFilePickerClass
           accept=".ndjson"
-          compressed={false}
-          display="large"
           fullWidth={true}
           initialPromptText={
             <Memo(MemoizedFormattedMessage)
diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/components/flyout.test.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/components/flyout.test.tsx
index 9509d72bdad40..6307a84597a62 100644
--- a/src/plugins/saved_objects_management/public/management_section/objects_table/components/flyout.test.tsx
+++ b/src/plugins/saved_objects_management/public/management_section/objects_table/components/flyout.test.tsx
@@ -73,7 +73,7 @@ describe('Flyout', () => {
     component.update();
 
     expect(component.state('file')).toBe(undefined);
-    component.find('EuiFilePicker').simulate('change', [mockFile]);
+    component.find('EuiFilePickerClass').simulate('change', [mockFile]);
     expect(component.state('file')).toBe(mockFile);
   });
 
@@ -86,9 +86,9 @@ describe('Flyout', () => {
     component.update();
 
     expect(component.state('file')).toBe(undefined);
-    component.find('EuiFilePicker').simulate('change', [mockFile]);
+    component.find('EuiFilePickerClass').simulate('change', [mockFile]);
     expect(component.state('file')).toBe(mockFile);
-    component.find('EuiFilePicker').simulate('change', []);
+    component.find('EuiFilePickerClass').simulate('change', []);
     expect(component.state('file')).toBe(undefined);
   });
 
@@ -105,7 +105,7 @@ describe('Flyout', () => {
       'EuiButton[data-test-subj="importSavedObjectsImportBtn"]'
     );
     expect(importButton.prop('isDisabled')).toBe(true);
-    component.find('EuiFilePicker').simulate('change', [mockFile]);
+    component.find('EuiFilePickerClass').simulate('change', [mockFile]);
 
     // Ensure state changes are reflected
     component.update();
diff --git a/src/plugins/ui_actions/public/index.ts b/src/plugins/ui_actions/public/index.ts
index 059ebad4b2bed..cb9a2ae53ef03 100644
--- a/src/plugins/ui_actions/public/index.ts
+++ b/src/plugins/ui_actions/public/index.ts
@@ -24,6 +24,7 @@ export { ActionInternal, createAction, IncompatibleActionError } from './actions
 export { buildContextMenuForActions } from './context_menu';
 export type {
   Presentable as UiActionsPresentable,
+  PresentableGroup as UiActionsPresentableGroup,
   PresentableGrouping as UiActionsPresentableGrouping,
 } from '@kbn/ui-actions-browser/src/types';
 export type { Trigger, RowClickContext } from '@kbn/ui-actions-browser/src/triggers';
@@ -34,6 +35,8 @@ export {
   visualizeGeoFieldTrigger,
   ROW_CLICK_TRIGGER,
   rowClickTrigger,
+  ADD_PANEL_TRIGGER,
+  addPanelMenuTrigger,
 } from '@kbn/ui-actions-browser/src/triggers';
 export type { VisualizeFieldContext } from './types';
 export {
diff --git a/src/plugins/ui_actions/public/plugin.ts b/src/plugins/ui_actions/public/plugin.ts
index 1dbff5b9729a0..5da343a0f6400 100644
--- a/src/plugins/ui_actions/public/plugin.ts
+++ b/src/plugins/ui_actions/public/plugin.ts
@@ -12,6 +12,7 @@ import {
   rowClickTrigger,
   visualizeFieldTrigger,
   visualizeGeoFieldTrigger,
+  addPanelMenuTrigger,
 } from '@kbn/ui-actions-browser/src/triggers';
 import { UiActionsService } from './service';
 import { setAnalytics, setI18n, setTheme } from './services';
@@ -48,6 +49,7 @@ export class UiActionsPlugin
   constructor(_initializerContext: PluginInitializerContext) {}
 
   public setup(_core: CoreSetup): UiActionsPublicSetup {
+    this.service.registerTrigger(addPanelMenuTrigger);
     this.service.registerTrigger(rowClickTrigger);
     this.service.registerTrigger(visualizeFieldTrigger);
     this.service.registerTrigger(visualizeGeoFieldTrigger);
diff --git a/src/plugins/vis_default_editor/public/components/controls/size.test.tsx b/src/plugins/vis_default_editor/public/components/controls/size.test.tsx
index 9081ed5745254..fd27fad7bb2ef 100644
--- a/src/plugins/vis_default_editor/public/components/controls/size.test.tsx
+++ b/src/plugins/vis_default_editor/public/components/controls/size.test.tsx
@@ -63,7 +63,7 @@ describe('SizeParamEditor', () => {
 
   it('should set new parsed value', () => {
     const comp = mountWithIntl(<SizeParamEditor {...defaultProps} />);
-    const input = comp.find('[type="number"]');
+    const input = comp.find('input[type="number"]');
     input.simulate('change', { target: { value: '3' } });
 
     expect(defaultProps.setValue).toBeCalledWith(3);
@@ -76,7 +76,7 @@ describe('SizeParamEditor', () => {
 
   it('should call setTouched on blur', () => {
     const comp = mountWithIntl(<SizeParamEditor {...defaultProps} />);
-    comp.find('[type="number"]').simulate('blur');
+    comp.find('input[type="number"]').simulate('blur');
 
     expect(defaultProps.setTouched).toHaveBeenCalledTimes(1);
   });
diff --git a/src/plugins/vis_type_markdown/public/markdown_vis.ts b/src/plugins/vis_type_markdown/public/markdown_vis.ts
index 33acfa21cd0b0..4ebda6058777d 100644
--- a/src/plugins/vis_type_markdown/public/markdown_vis.ts
+++ b/src/plugins/vis_type_markdown/public/markdown_vis.ts
@@ -27,6 +27,7 @@ export const markdownVisDefinition: VisTypeDefinition<MarkdownVisParams> = {
   description: i18n.translate('visTypeMarkdown.markdownDescription', {
     defaultMessage: 'Add text and images to your dashboard.',
   }),
+  order: 30,
   toExpressionAst,
   visConfig: {
     defaults: {
diff --git a/src/plugins/vis_types/timeseries/public/metrics_type.ts b/src/plugins/vis_types/timeseries/public/metrics_type.ts
index 51b0fcce5a58d..92361c6c53e19 100644
--- a/src/plugins/vis_types/timeseries/public/metrics_type.ts
+++ b/src/plugins/vis_types/timeseries/public/metrics_type.ts
@@ -104,7 +104,8 @@ export const metricsVisDefinition: VisTypeDefinition<
     defaultMessage: 'Perform advanced analysis of your time series data.',
   }),
   icon: 'visVisualBuilder',
-  group: VisGroups.PROMOTED,
+  group: VisGroups.LEGACY,
+  order: 10,
   visConfig: {
     defaults: {
       id: () => uuidv4(),
diff --git a/src/plugins/visualizations/public/actions/add_agg_vis_action.ts b/src/plugins/visualizations/public/actions/add_agg_vis_action.ts
new file mode 100644
index 0000000000000..62c8e3654db6e
--- /dev/null
+++ b/src/plugins/visualizations/public/actions/add_agg_vis_action.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { i18n } from '@kbn/i18n';
+import {
+  apiHasAppContext,
+  EmbeddableApiContext,
+  HasType,
+  HasAppContext,
+} from '@kbn/presentation-publishing';
+import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public';
+import { Action, IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
+import { apiHasType } from '@kbn/presentation-publishing';
+import { apiCanAddNewPanel, CanAddNewPanel } from '@kbn/presentation-containers';
+import { showNewVisModal } from '../wizard/show_new_vis';
+
+const ADD_AGG_VIS_ACTION_ID = 'ADD_AGG_VIS';
+
+type AddAggVisualizationPanelActionApi = HasType & CanAddNewPanel & HasAppContext;
+
+const isApiCompatible = (api: unknown | null): api is AddAggVisualizationPanelActionApi => {
+  return apiHasType(api) && apiCanAddNewPanel(api) && apiHasAppContext(api);
+};
+
+export class AddAggVisualizationPanelAction implements Action<EmbeddableApiContext> {
+  public readonly type = ADD_AGG_VIS_ACTION_ID;
+  public readonly id = ADD_AGG_VIS_ACTION_ID;
+  public readonly grouping = [COMMON_EMBEDDABLE_GROUPING.legacy];
+
+  public readonly order = 20;
+
+  constructor() {}
+
+  public getIconType() {
+    return 'visualizeApp';
+  }
+
+  public getDisplayName() {
+    return i18n.translate('visualizations.uiAction.addAggVis.displayName', {
+      defaultMessage: 'Aggregation based',
+    });
+  }
+
+  public async isCompatible({ embeddable }: EmbeddableApiContext) {
+    return isApiCompatible(embeddable);
+  }
+
+  public async execute({ embeddable }: EmbeddableApiContext): Promise<void> {
+    if (!isApiCompatible(embeddable)) {
+      throw new IncompatibleActionError();
+    }
+
+    showNewVisModal({
+      originatingApp: embeddable.getAppContext().currentAppId,
+      outsideVisualizeApp: true,
+      showAggsSelection: true,
+    });
+  }
+}
diff --git a/src/plugins/visualizations/public/embeddable/constants.ts b/src/plugins/visualizations/public/embeddable/constants.ts
index cec3bd6cdfc88..9e1e282c94adb 100644
--- a/src/plugins/visualizations/public/embeddable/constants.ts
+++ b/src/plugins/visualizations/public/embeddable/constants.ts
@@ -6,4 +6,20 @@
  * Side Public License, v 1.
  */
 
+import { i18n } from '@kbn/i18n';
+
 export { VISUALIZE_EMBEDDABLE_TYPE } from '../../common/constants';
+
+export const COMMON_VISUALIZATION_GROUPING = [
+  {
+    id: 'visualizations',
+    getDisplayName: () =>
+      i18n.translate('visualizations.common.constants.grouping.legacy', {
+        defaultMessage: 'Visualizations',
+      }),
+    getIconType: () => {
+      return 'visGauge';
+    },
+    order: 1000,
+  },
+];
diff --git a/src/plugins/visualizations/public/embeddable/index.ts b/src/plugins/visualizations/public/embeddable/index.ts
index ae0748f4475c2..ed3fef1c9ad44 100644
--- a/src/plugins/visualizations/public/embeddable/index.ts
+++ b/src/plugins/visualizations/public/embeddable/index.ts
@@ -7,7 +7,7 @@
  */
 
 export { VisualizeEmbeddableFactory } from './visualize_embeddable_factory';
-export { VISUALIZE_EMBEDDABLE_TYPE } from './constants';
+export { VISUALIZE_EMBEDDABLE_TYPE, COMMON_VISUALIZATION_GROUPING } from './constants';
 export { VIS_EVENT_TO_TRIGGER } from './events';
 export { createVisEmbeddableFromObject } from './create_vis_embeddable_from_object';
 
diff --git a/src/plugins/visualizations/public/index.ts b/src/plugins/visualizations/public/index.ts
index 2f00bba142009..838ac3dbd7547 100644
--- a/src/plugins/visualizations/public/index.ts
+++ b/src/plugins/visualizations/public/index.ts
@@ -21,6 +21,7 @@ export {
   apiHasVisualizeConfig,
   VISUALIZE_EMBEDDABLE_TYPE,
   VIS_EVENT_TO_TRIGGER,
+  COMMON_VISUALIZATION_GROUPING,
 } from './embeddable';
 export { VisualizationContainer } from './components';
 export { getVisSchemas } from './vis_schemas';
diff --git a/src/plugins/visualizations/public/plugin.ts b/src/plugins/visualizations/public/plugin.ts
index bc208c6bb785a..c97ff8f4eba45 100644
--- a/src/plugins/visualizations/public/plugin.ts
+++ b/src/plugins/visualizations/public/plugin.ts
@@ -36,7 +36,7 @@ import type {
   ApplicationStart,
   SavedObjectsClientContract,
 } from '@kbn/core/public';
-import type { UiActionsStart, UiActionsSetup } from '@kbn/ui-actions-plugin/public';
+import { UiActionsStart, UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import type { SavedObjectsStart } from '@kbn/saved-objects-plugin/public';
 import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
 import type {
@@ -47,7 +47,11 @@ import type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public';
 import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
 import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
 import type { ExpressionsSetup, ExpressionsStart } from '@kbn/expressions-plugin/public';
-import { EmbeddableSetup, EmbeddableStart } from '@kbn/embeddable-plugin/public';
+import {
+  CONTEXT_MENU_TRIGGER,
+  EmbeddableSetup,
+  EmbeddableStart,
+} from '@kbn/embeddable-plugin/public';
 import type { SavedObjectTaggingOssPluginStart } from '@kbn/saved-objects-tagging-oss-plugin/public';
 import type { NavigationPublicPluginStart as NavigationStart } from '@kbn/navigation-plugin/public';
 import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
@@ -122,6 +126,7 @@ import {
 } from '../common/content_management';
 import { SerializedVisData } from '../common';
 import { VisualizeByValueInput } from './embeddable/visualize_embeddable';
+import { AddAggVisualizationPanelAction } from './actions/add_agg_vis_action';
 
 /**
  * Interface for this plugin's returned setup/start contracts.
@@ -394,7 +399,9 @@ export class VisualizationsPlugin
     uiActions.registerTrigger(visualizeEditorTrigger);
     uiActions.registerTrigger(dashboardVisualizationPanelTrigger);
     const editInLensAction = new EditInLensAction(data.query.timefilter.timefilter);
-    uiActions.addTriggerAction('CONTEXT_MENU_TRIGGER', editInLensAction);
+    uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, editInLensAction);
+    const addAggVisAction = new AddAggVisualizationPanelAction();
+    uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAggVisAction);
     const embeddableFactory = new VisualizeEmbeddableFactory({ start });
     embeddable.registerEmbeddableFactory(VISUALIZE_EMBEDDABLE_TYPE, embeddableFactory);
 
diff --git a/src/plugins/visualizations/public/vis_types/base_vis_type.ts b/src/plugins/visualizations/public/vis_types/base_vis_type.ts
index 26801421159b3..7a412aa40f02e 100644
--- a/src/plugins/visualizations/public/vis_types/base_vis_type.ts
+++ b/src/plugins/visualizations/public/vis_types/base_vis_type.ts
@@ -24,6 +24,7 @@ const defaultOptions: VisTypeOptions = {
 export class BaseVisType<TVisParams extends VisParams = VisParams> {
   public readonly name;
   public readonly title;
+  public readonly order;
   public readonly description;
   public readonly note;
   public readonly getSupportedTriggers;
@@ -67,6 +68,7 @@ export class BaseVisType<TVisParams extends VisParams = VisParams> {
     this.title = opts.title;
     this.icon = opts.icon;
     this.image = opts.image;
+    this.order = opts.order ?? 0;
     this.suppressWarnings = opts.suppressWarnings;
     this.visConfig = defaultsDeep({}, opts.visConfig, { defaults: {} });
     this.editorConfig = defaultsDeep({}, opts.editorConfig, { collections: {} });
diff --git a/src/plugins/visualizations/public/vis_types/types.ts b/src/plugins/visualizations/public/vis_types/types.ts
index 2f689cb81aee0..b1920d5bb3a60 100644
--- a/src/plugins/visualizations/public/vis_types/types.ts
+++ b/src/plugins/visualizations/public/vis_types/types.ts
@@ -217,4 +217,6 @@ export interface VisTypeDefinition<TVisParams extends VisParams> {
    * have incosistencies in legacy visLib visualizations
    */
   readonly visConfig: Record<string, any>;
+
+  readonly order?: number;
 }
diff --git a/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts b/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts
index c8bd320c2f61b..10a38cb69ba1b 100644
--- a/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts
+++ b/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts
@@ -10,4 +10,5 @@ export enum VisGroups {
   PROMOTED = 'promoted',
   TOOLS = 'tools',
   AGGBASED = 'aggbased',
+  LEGACY = 'legacy',
 }
diff --git a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts
index 617f0386f6181..f736455faf046 100644
--- a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts
+++ b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts
@@ -117,6 +117,7 @@ export interface VisTypeAlias {
     visualizations: VisualizationsAppExtension;
     [appName: string]: unknown;
   };
+  order?: number;
 }
 
 let registry: VisTypeAlias[] = [];
diff --git a/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx b/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx
index f4cdd05978830..1cf6ced52f412 100644
--- a/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx
+++ b/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx
@@ -35,6 +35,7 @@ interface VisTypeListEntry {
 }
 
 interface AggBasedSelectionProps {
+  openedAsRoot?: boolean;
   onVisTypeSelected: (visType: BaseVisType) => void;
   visTypesRegistry: TypesStart;
   toggleGroups: (flag: boolean) => void;
@@ -58,13 +59,15 @@ class AggBasedSelection extends React.Component<AggBasedSelectionProps, AggBased
         <EuiModalHeader>
           <EuiModalHeaderTitle>
             <FormattedMessage
-              id="visualizations.newVisWizard.title"
-              defaultMessage="New visualization"
+              id="visualizations.newAggVisWizard.title"
+              defaultMessage="New aggregation based visualization"
             />
           </EuiModalHeaderTitle>
         </EuiModalHeader>
         <EuiModalBody>
-          <DialogNavigation goBack={() => this.props.toggleGroups(true)} />
+          {this.props.openedAsRoot ? null : (
+            <DialogNavigation goBack={() => this.props.toggleGroups(true)} />
+          )}
           <EuiFieldSearch
             placeholder="Filter"
             value={query}
diff --git a/src/plugins/visualizations/public/wizard/group_selection/group_selection.tsx b/src/plugins/visualizations/public/wizard/group_selection/group_selection.tsx
index 3bcdff18c47a7..7f9025f0a9bc7 100644
--- a/src/plugins/visualizations/public/wizard/group_selection/group_selection.tsx
+++ b/src/plugins/visualizations/public/wizard/group_selection/group_selection.tsx
@@ -57,6 +57,8 @@ function GroupSelection(props: GroupSelectionProps) {
         [
           ...props.visTypesRegistry.getAliases(),
           ...props.visTypesRegistry.getByGroup(VisGroups.PROMOTED),
+          // Include so TSVB still gets displayed
+          ...props.visTypesRegistry.getByGroup(VisGroups.LEGACY),
         ].filter((visDefinition) => {
           return !visDefinition.disableCreate;
         }),
@@ -65,6 +67,7 @@ function GroupSelection(props: GroupSelectionProps) {
       ),
     [props.visTypesRegistry]
   );
+
   return (
     <>
       <EuiModalHeader>
diff --git a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
index b1e5de3215260..382474dd11b50 100644
--- a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
+++ b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx
@@ -106,6 +106,7 @@ class NewVisModal extends React.Component<TypeSelectionProps, TypeSelectionState
             visTypesRegistry={this.props.visTypesRegistry}
             docLinks={this.props.docLinks}
             toggleGroups={(flag: boolean) => this.setState({ showGroups: flag })}
+            openedAsRoot={this.props.showAggsSelection && !this.props.selectedVisType}
           />
         </EuiModal>
       );
diff --git a/src/plugins/visualizations/public/wizard/show_new_vis.tsx b/src/plugins/visualizations/public/wizard/show_new_vis.tsx
index 867af06637ce0..e63ddc48f00df 100644
--- a/src/plugins/visualizations/public/wizard/show_new_vis.tsx
+++ b/src/plugins/visualizations/public/wizard/show_new_vis.tsx
@@ -7,9 +7,8 @@
  */
 
 import React, { lazy, Suspense } from 'react';
-import ReactDOM from 'react-dom';
 import { EuiPortal, EuiProgress } from '@elastic/eui';
-import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render';
+import { toMountPoint } from '@kbn/react-kibana-mount';
 import {
   getHttp,
   getTypes,
@@ -50,47 +49,54 @@ export function showNewVisModal({
   selectedVisType,
 }: ShowNewVisModalParams = {}) {
   const container = document.createElement('div');
+
   let isClosed = false;
+
+  // initialize variable that will hold reference for unmount
+  // eslint-disable-next-line prefer-const
+  let unmount: ReturnType<ReturnType<typeof toMountPoint>>;
+
   const handleClose = () => {
     if (isClosed) return;
-    ReactDOM.unmountComponentAtNode(container);
-    document.body.removeChild(container);
-    if (onClose) {
-      onClose();
-    }
+
+    onClose?.();
+    unmount?.();
     isClosed = true;
   };
 
-  document.body.appendChild(container);
-  const element = (
-    <KibanaRenderContextProvider analytics={getAnalytics()} i18n={getI18n()} theme={getTheme()}>
-      <Suspense
-        fallback={
-          <EuiPortal>
-            <EuiProgress size="xs" position="fixed" />
-          </EuiPortal>
-        }
-      >
-        <NewVisModal
-          isOpen={true}
-          onClose={handleClose}
-          originatingApp={originatingApp}
-          stateTransfer={getEmbeddable().getStateTransfer()}
-          outsideVisualizeApp={outsideVisualizeApp}
-          editorParams={editorParams}
-          visTypesRegistry={getTypes()}
-          contentClient={getContentManagement().client}
-          uiSettings={getUISettings()}
-          addBasePath={getHttp().basePath.prepend}
-          application={getApplication()}
-          docLinks={getDocLinks()}
-          showAggsSelection={showAggsSelection}
-          selectedVisType={selectedVisType}
-        />
-      </Suspense>
-    </KibanaRenderContextProvider>
+  const mount = toMountPoint(
+    React.createElement(function () {
+      return (
+        <Suspense
+          fallback={
+            <EuiPortal>
+              <EuiProgress size="xs" position="fixed" />
+            </EuiPortal>
+          }
+        >
+          <NewVisModal
+            isOpen={true}
+            onClose={handleClose}
+            originatingApp={originatingApp}
+            stateTransfer={getEmbeddable().getStateTransfer()}
+            outsideVisualizeApp={outsideVisualizeApp}
+            editorParams={editorParams}
+            visTypesRegistry={getTypes()}
+            contentClient={getContentManagement().client}
+            uiSettings={getUISettings()}
+            addBasePath={getHttp().basePath.prepend}
+            application={getApplication()}
+            docLinks={getDocLinks()}
+            showAggsSelection={showAggsSelection}
+            selectedVisType={selectedVisType}
+          />
+        </Suspense>
+      );
+    }),
+    { analytics: getAnalytics(), i18n: getI18n(), theme: getTheme() }
   );
-  ReactDOM.render(element, container);
+
+  unmount = mount(container);
 
   return () => handleClose();
 }
diff --git a/src/plugins/visualizations/tsconfig.json b/src/plugins/visualizations/tsconfig.json
index 56d8275f80eaa..1592eff839af3 100644
--- a/src/plugins/visualizations/tsconfig.json
+++ b/src/plugins/visualizations/tsconfig.json
@@ -72,7 +72,8 @@
     "@kbn/presentation-publishing",
     "@kbn/shared-ux-markdown",
     "@kbn/react-kibana-context-render",
-    "@kbn/react-kibana-mount"
+    "@kbn/react-kibana-mount",
+    "@kbn/presentation-containers"
   ],
   "exclude": [
     "target/**/*",
diff --git a/src/setup_node_env/harden/child_process.js b/src/setup_node_env/harden/child_process.js
index c4524da367fcd..0ca891f69f9ce 100644
--- a/src/setup_node_env/harden/child_process.js
+++ b/src/setup_node_env/harden/child_process.js
@@ -30,31 +30,34 @@ function patchChildProcess(cp) {
 function patchOptions(hasArgs) {
   return function apply(target, thisArg, args) {
     var pos = 1;
-    if (pos === args.length) {
+    var newArgs = Object.setPrototypeOf([].concat(args), null);
+
+    if (pos === newArgs.length) {
       // fn(arg1)
-      args[pos] = prototypelessSpawnOpts();
-    } else if (pos < args.length) {
-      if (hasArgs && (Array.isArray(args[pos]) || args[pos] == null)) {
+      newArgs[pos] = prototypelessSpawnOpts();
+    } else if (pos < newArgs.length) {
+      if (hasArgs && (Array.isArray(newArgs[pos]) || newArgs[pos] == null)) {
         // fn(arg1, args, ...)
         pos++;
       }
 
-      if (typeof args[pos] === 'object' && args[pos] !== null) {
+      if (typeof newArgs[pos] === 'object' && newArgs[pos] !== null) {
         // fn(arg1, {}, ...)
         // fn(arg1, args, {}, ...)
-        args[pos] = prototypelessSpawnOpts(args[pos]);
-      } else if (args[pos] == null) {
+        newArgs[pos] = prototypelessSpawnOpts(newArgs[pos]);
+      } else if (newArgs[pos] == null) {
         // fn(arg1, null/undefined, ...)
         // fn(arg1, args, null/undefined, ...)
-        args[pos] = prototypelessSpawnOpts();
-      } else if (typeof args[pos] === 'function') {
+        newArgs[pos] = prototypelessSpawnOpts();
+      } else if (typeof newArgs[pos] === 'function') {
         // fn(arg1, callback)
         // fn(arg1, args, callback)
-        args.splice(pos, 0, prototypelessSpawnOpts());
+        // `newArgs` doesn't have prototype and hence `splice` method anymore.
+        Array.prototype.splice.call(newArgs, pos, 0, prototypelessSpawnOpts());
       }
     }
 
-    return target.apply(thisArg, args);
+    return target.apply(thisArg, newArgs);
   };
 }
 
diff --git a/test/api_integration/apis/saved_objects/delete_unknown_types.ts b/test/api_integration/apis/saved_objects/delete_unknown_types.ts
index f361199a8fdfa..5a821e6e609a9 100644
--- a/test/api_integration/apis/saved_objects/delete_unknown_types.ts
+++ b/test/api_integration/apis/saved_objects/delete_unknown_types.ts
@@ -48,7 +48,7 @@ export default function ({ getService }: FtrProviderContext) {
           id: hit._id,
         }))
         .sort((a, b) => {
-          return a.id > b.id ? 1 : -1;
+          return a.id! > b.id! ? 1 : -1;
         });
     };
 
diff --git a/test/api_integration/apis/ui_metric/ui_metric.ts b/test/api_integration/apis/ui_metric/ui_metric.ts
index 1c965d3533367..fe15c3d7f37be 100644
--- a/test/api_integration/apis/ui_metric/ui_metric.ts
+++ b/test/api_integration/apis/ui_metric/ui_metric.ts
@@ -51,7 +51,7 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       const response = await es.search({ index: '.kibana', q: 'type:ui-metric' });
-      const ids = response.hits.hits.map(({ _id }: { _id: string }) => _id);
+      const ids = response.hits.hits.map(({ _id }: { _id?: string }) => _id!);
       expect(ids.includes('ui-metric:myApp:myEvent')).to.eql(true);
     });
 
@@ -76,7 +76,7 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       const response = await es.search({ index: '.kibana', q: 'type:ui-metric' });
-      const ids = response.hits.hits.map(({ _id }: { _id: string }) => _id);
+      const ids = response.hits.hits.map(({ _id }: { _id?: string }) => _id!);
       expect(ids.includes('ui-metric:myApp:myEvent')).to.eql(true);
       expect(ids.includes(`ui-metric:myApp:${uniqueEventName}`)).to.eql(true);
       expect(ids.includes(`ui-metric:kibana-user_agent:${userAgentMetric.userAgent}`)).to.eql(true);
@@ -103,7 +103,7 @@ export default function ({ getService }: FtrProviderContext) {
       } = await es.search<any>({ index: '.kibana', q: 'type:ui-metric' });
 
       const countTypeEvent = hits.find(
-        (hit: { _id: string }) => hit._id === `ui-metric:myApp:${uniqueEventName}`
+        (hit: { _id?: string }) => hit._id! === `ui-metric:myApp:${uniqueEventName}`
       );
       expect(countTypeEvent?._source['ui-metric'].count).to.eql(3);
     });
diff --git a/test/common/configure_http2.ts b/test/common/configure_http2.ts
index 7b43650e9b023..58a56c3d0bee0 100644
--- a/test/common/configure_http2.ts
+++ b/test/common/configure_http2.ts
@@ -28,7 +28,7 @@ export const configureHTTP2 = (config: ConfigType): ConfigType => {
   process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
   // tell webdriver browser to accept self-signed certificates
-  config.browser.acceptInsecureCerts = true;
+  config.browser = { ...(config.browser ?? {}), acceptInsecureCerts: true };
 
   // change the configured kibana server to run on https with the dev CA
   config.servers.kibana = {
diff --git a/test/functional/apps/console/monaco/_autocomplete.ts b/test/functional/apps/console/monaco/_autocomplete.ts
index e6ed83ad26338..755ffa0364a01 100644
--- a/test/functional/apps/console/monaco/_autocomplete.ts
+++ b/test/functional/apps/console/monaco/_autocomplete.ts
@@ -44,7 +44,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       expect(PageObjects.console.monaco.isAutocompleteVisible()).to.be.eql(true);
     });
 
-    describe('Autocomplete behavior', () => {
+    // FLAKY: https://github.com/elastic/kibana/issues/186501
+    describe.skip('Autocomplete behavior', () => {
       beforeEach(async () => {
         await PageObjects.console.monaco.clearEditorText();
       });
@@ -370,5 +371,32 @@ GET _search
         });
       });
     });
+
+    // FLAKY: https://github.com/elastic/kibana/issues/186935
+    describe.skip('index fields autocomplete', () => {
+      const indexName = `index_field_test-${Date.now()}-${Math.random()}`;
+
+      before(async () => {
+        await PageObjects.console.monaco.clearEditorText();
+        // create an index with only 1 field
+        await PageObjects.console.monaco.enterText(`PUT ${indexName}/_doc/1\n{\n"test":1\n}`);
+        await PageObjects.console.clickPlay();
+      });
+
+      after(async () => {
+        await PageObjects.console.monaco.clearEditorText();
+        // delete the test index
+        await PageObjects.console.monaco.enterText(`DELETE ${indexName}`);
+        await PageObjects.console.clickPlay();
+      });
+
+      it('fields autocomplete only shows fields of the index', async () => {
+        await PageObjects.console.monaco.clearEditorText();
+        await PageObjects.console.monaco.enterText('GET _search\n{\n"fields": ["');
+
+        expect(await PageObjects.console.monaco.getAutocompleteSuggestion(0)).to.be.eql('test');
+        expect(await PageObjects.console.monaco.getAutocompleteSuggestion(1)).to.be.eql(undefined);
+      });
+    });
   });
 }
diff --git a/test/functional/apps/console/monaco/_console.ts b/test/functional/apps/console/monaco/_console.ts
index 36bb893d5b90f..b48ba75529579 100644
--- a/test/functional/apps/console/monaco/_console.ts
+++ b/test/functional/apps/console/monaco/_console.ts
@@ -36,8 +36,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       });
     });
 
-    // issue with the url params with whitespaces https://github.com/elastic/kibana/issues/184927
-    it.skip('default request response should include `"timed_out" : false`', async () => {
+    it('default request response should include `"timed_out" : false`', async () => {
       const expectedResponseContains = `"timed_out": false`;
       await PageObjects.console.monaco.selectAllRequests();
       await PageObjects.console.clickPlay();
diff --git a/test/functional/apps/dashboard/group5/empty_dashboard.ts b/test/functional/apps/dashboard/group5/empty_dashboard.ts
index 6939833a80086..a26382daa91a7 100644
--- a/test/functional/apps/dashboard/group5/empty_dashboard.ts
+++ b/test/functional/apps/dashboard/group5/empty_dashboard.ts
@@ -60,7 +60,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
     it('should open editor menu when editor button is clicked', async () => {
       await dashboardAddPanel.clickEditorMenuButton();
-      await testSubjects.existOrFail('dashboardEditorContextMenu');
+      await testSubjects.existOrFail('dashboardPanelSelectionFlyout');
     });
   });
 }
diff --git a/test/functional/page_objects/console_page.ts b/test/functional/page_objects/console_page.ts
index 84267de85a595..aae93bacc965c 100644
--- a/test/functional/page_objects/console_page.ts
+++ b/test/functional/page_objects/console_page.ts
@@ -77,7 +77,11 @@ export class ConsolePageObject extends FtrService {
     getAutocompleteSuggestion: async (index: number) => {
       const suggestionsWidget = await this.find.byClassName('suggest-widget');
       const suggestions = await suggestionsWidget.findAllByClassName('monaco-list-row');
-      const label = await suggestions[index].findByClassName('label-name');
+      const suggestion = suggestions[index];
+      if (!suggestion) {
+        return undefined;
+      }
+      const label = await suggestion.findByClassName('label-name');
       return label.getVisibleText();
     },
     pressUp: async (shift: boolean = false) => {
diff --git a/test/functional/services/dashboard/add_panel.ts b/test/functional/services/dashboard/add_panel.ts
index 1f4fa6b14aeb9..ffc62bdfdb68a 100644
--- a/test/functional/services/dashboard/add_panel.ts
+++ b/test/functional/services/dashboard/add_panel.ts
@@ -52,16 +52,16 @@ export class DashboardAddPanelService extends FtrService {
   async clickEditorMenuButton() {
     this.log.debug('DashboardAddPanel.clickEditorMenuButton');
     await this.testSubjects.click('dashboardEditorMenuButton');
-    await this.testSubjects.existOrFail('dashboardEditorContextMenu');
+    await this.testSubjects.existOrFail('dashboardPanelSelectionFlyout');
   }
 
   async expectEditorMenuClosed() {
-    await this.testSubjects.missingOrFail('dashboardEditorContextMenu');
+    await this.testSubjects.missingOrFail('dashboardPanelSelectionFlyout');
   }
 
   async clickAggBasedVisualizations() {
     this.log.debug('DashboardAddPanel.clickEditorMenuAggBasedMenuItem');
-    await this.testSubjects.click('dashboardEditorAggBasedMenuItem');
+    await this.clickAddNewPanelFromUIActionLink('Aggregation based');
   }
 
   async clickVisType(visType: string) {
@@ -69,9 +69,9 @@ export class DashboardAddPanelService extends FtrService {
     await this.testSubjects.click(`visType-${visType}`);
   }
 
-  async clickEmbeddableFactoryGroupButton(groupId: string) {
-    this.log.debug('DashboardAddPanel.clickEmbeddableFactoryGroupButton');
-    await this.testSubjects.click(`dashboardEditorMenu-${groupId}Group`);
+  async verifyEmbeddableFactoryGroupExists(groupId: string) {
+    this.log.debug('DashboardAddPanel.verifyEmbeddableFactoryGroupExists');
+    await this.testSubjects.existOrFail(`dashboardEditorMenu-${groupId}Group`);
   }
 
   async clickAddNewEmbeddableLink(type: string) {
diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/start_api_ftr_execution.js b/test/harden/_node_script.js
similarity index 80%
rename from .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/start_api_ftr_execution.js
rename to test/harden/_node_script.js
index 2ee5715a0fe2b..442221706b30f 100644
--- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/start_api_ftr_execution.js
+++ b/test/harden/_node_script.js
@@ -6,5 +6,4 @@
  * Side Public License, v 1.
  */
 
-require('../../../../../src/setup_node_env');
-require('./api_ftr_execution').cli();
+console.log('Hello from _node_script.js!');
diff --git a/test/harden/child_process.js b/test/harden/child_process.js
index f15f5aceb39e7..029b1a038fcbf 100644
--- a/test/harden/child_process.js
+++ b/test/harden/child_process.js
@@ -307,6 +307,50 @@ for (const name of functions) {
     assertProcess(t, cp.spawn(command, [], { env: { custom: 'custom' } }), { stdout: 'custom' });
   });
 
+  test('spawn(command, options) - prevent object prototype pollution', (t) => {
+    const pathName = path.join(__dirname, '_node_script.js');
+    const options = {};
+    const pollutedObject = {
+      env: {
+        NODE_OPTIONS: `--require ${pathName}`,
+      },
+      shell: process.argv[0],
+    };
+    // eslint-disable-next-line no-proto
+    options.__proto__['2'] = pollutedObject;
+
+    const argsArray = [];
+
+    /**
+     * Declares that 3 assertions should be run.
+     * We don't use the assertProcess function here as we need an extra assertion
+     * for the polluted prototype
+     */
+    t.plan(3);
+
+    t.deepEqual(
+      argsArray[2],
+      pollutedObject,
+      'Prototype should be polluted with the object at index 2'
+    );
+
+    const stdout = '';
+
+    const cmd = cp.spawn(command, argsArray);
+    cmd.stdout.on('data', (data) => {
+      t.equal(data.toString().trim(), stdout);
+    });
+
+    cmd.stderr.on('data', (data) => {
+      t.fail(`Unexpected data on STDERR: "${data}"`);
+    });
+
+    cmd.on('close', (code) => {
+      t.equal(code, 0);
+      t.end();
+    });
+  });
+
   for (const unset of notSet) {
     test(`spawn(command, ${unset})`, (t) => {
       assertProcess(t, cp.spawn(command, unset));
diff --git a/test/package/Vagrantfile b/test/package/Vagrantfile
index b8c24d02c8eba..30f4dc618a22d 100644
--- a/test/package/Vagrantfile
+++ b/test/package/Vagrantfile
@@ -39,16 +39,4 @@ Vagrant.configure("2") do |config|
     end
     docker.vm.network "private_network", ip: "192.168.56.7"
   end
-
-  config.vm.define "fips" do |fips|
-    fips.vm.synced_folder '../../', '/home/vagrant/kibana', SharedFoldersEnableSymlinksCreate: false
-    fips.vm.provider :virtualbox do |vb|
-      vb.memory = 4096
-      vb.cpus = 2
-    end
-    fips.vm.box = 'ubuntu/jammy64'
-    fips.vm.provision "ansible" do |ansible|
-      ansible.playbook = "fips.yml"
-    end
-  end
 end
diff --git a/test/package/fips.yml b/test/package/fips.yml
deleted file mode 100644
index 6682e32b0f6be..0000000000000
--- a/test/package/fips.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-- name: test kibana fips docker package
-  hosts: fips
-  vars:
-    kibana_dist_path: "/usr/share/kibana"
-    kibana_src_path: "/home/vagrant/kibana"
-    nvm_ver: "0.39.7"
-    openssl_sha: "sha256:6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
-    openssl_ver: "3.0.8"
-    openssl_src_path: "{{ kibana_dist_path }}/openssl-{{ openssl_ver }}"
-    openssl_path: "{{ kibana_dist_path }}/openssl"
-  roles:
-    - upgrade_apt_packages
-    - install_kibana_fips
-    - assert_fips_enabled
diff --git a/test/package/roles/assert_fips_enabled/tasks/main.yml b/test/package/roles/assert_fips_enabled/tasks/main.yml
deleted file mode 100644
index 74ebe283673cb..0000000000000
--- a/test/package/roles/assert_fips_enabled/tasks/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-- name: register kibana node getFips
-  shell: 
-    cmd: "source /home/vagrant/.profile && {{ kibana_dist_path }}/node/bin/node --enable-fips --openssl-config={{ kibana_dist_path }}/config/nodejs.cnf -p 'crypto.getFips()'"
-    executable: /bin/bash
-  register: kibana_node_fips
-
-- debug:
-    msg: "{{ kibana_node_fips }}"
-
-- name: assert FIPS enabled
-  assert:
-    that:
-      - kibana_node_fips.stdout == "1"
diff --git a/test/package/roles/install_kibana_fips/tasks/main.yml b/test/package/roles/install_kibana_fips/tasks/main.yml
deleted file mode 100644
index 49376106171bd..0000000000000
--- a/test/package/roles/install_kibana_fips/tasks/main.yml
+++ /dev/null
@@ -1,170 +0,0 @@
-- name: gather ansible processor facts
-  setup:
-    gather_subset:
-      - "!all"
-      - "!min"
-      - "processor_cores"
-  when: ansible_processor_vcpus is not defined
-
-- name: setup env variables
-  blockinfile:
-    path: "/home/vagrant/.profile"
-    block: |
-      export OPENSSL_MODULES=/usr/share/kibana/openssl/lib/ossl-modules
-      export TEST_BROWSER_HEADLESS=1
-      export FTR_DISABLE_ES_TMPDIR=true
-    owner: vagrant
-    group: vagrant
-    mode: '0644'
-
-- name: add chrome apt signing key
-  become: yes
-  apt_key:
-    url: https://dl.google.com/linux/linux_signing_key.pub
-    state: present
-
-- name: add chrome apt repository
-  become: yes
-  apt_repository:
-    repo: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
-    state: present
-
-- name: install apt packages
-  become: yes
-  apt:
-    pkg:
-      - build-essential
-      - google-chrome-stable
-      - unzip
-    state: latest
-
-- name: slurp kibana node version
-  slurp:
-    src: "{{ kibana_src_path }}/.node-version"
-  register: node_ver_file
-
-- name: set kibana node version
-  set_fact:
-    node_version: "{{ node_ver_file['content'] | b64decode | trim }}"
-
-- name: install nvm
-  shell:
-    chdir: "$HOME"
-    cmd: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v{{ nvm_ver }}/install.sh | PROFILE=/home/vagrant/.profile bash
-
-- name: install kibana node version
-  shell:
-    chdir: "$HOME/.nvm"
-    cmd: "source nvm.sh && nvm install {{ node_version }}"
-  args:
-    executable: /bin/bash
-
-- name: "ensure {{ openssl_path }} dir exists"
-  become: yes
-  file:
-    path: "{{ openssl_path }}"
-    state: directory
-
-- name: find kibana distribution
-  find:
-    paths: /packages/
-    patterns: kibana-default.tar.gz
-  register: kibana_tar
-
-- name: extract kibana distribution
-  become: yes
-  unarchive:
-    src: "{{ kibana_tar.files[0].path }}"
-    dest: "{{ kibana_dist_path }}"
-    remote_src: yes
-    extra_opts: ["--strip-components=1"]
-
-- name: find kibana plugins distribution
-  find:
-    paths: /packages/
-    patterns: kibana-default-plugins.tar.gz
-  register: kibana_plugins_tar
-
-- name: extract kibana plugins distribution
-  become: yes
-  unarchive:
-    src: "{{ kibana_plugins_tar.files[0].path }}"
-    dest: "{{ kibana_dist_path }}"
-    remote_src: yes
-
-- name: copy kibana yml configuration
-  become: yes
-  template:
-    src: templates/fips/kibana.yml
-    dest: "{{ kibana_dist_path }}/config/kibana.yml"
-  register: config
-
-- name: copy FIPS node.options
-  become: yes
-  template:
-    src: templates/fips/node.options
-    dest: "{{ kibana_dist_path }}/config/node.options"
-
-- name: copy FIPS openssl config
-  become: yes
-  template:
-    src: templates/fips/nodejs.cnf
-    dest: "{{ kibana_dist_path }}/config/nodejs.cnf"
-
-- name: download FIPS certified OpenSSL
-  become: yes
-  retries: 5
-  delay: 10
-  get_url:
-    url: "https://www.openssl.org/source/openssl-{{ openssl_ver }}.tar.gz"
-    dest: "{{ openssl_src_path }}.tar.gz"
-    checksum: "{{ openssl_sha }}"
-
-- name: extract OpenSSL
-  become: yes
-  unarchive:
-    src: "{{ openssl_src_path }}.tar.gz"
-    dest: "{{ kibana_dist_path }}"
-    remote_src: yes
-
-- name: configure OpenSSL for FIPS
-  become: yes
-  shell:
-    chdir: "{{ openssl_src_path }}"
-    cmd: "./Configure --prefix={{ openssl_path }} --openssldir={{ openssl_path }}/ssl --libdir={{ openssl_path }}/lib enable-fips"
-
-- name: compile OpenSSL with FIPS
-  become: yes
-  make:
-    chdir: "{{ openssl_src_path }}"
-    jobs: "{{ ansible_facts['processor_vcpus'] }}"
-
-- name: install OpenSSL with FIPS
-  become: yes
-  make:
-    chdir: "{{ openssl_src_path }}"
-    target: install
-
-- name: "change owner of {{ kibana_dist_path }} to vagrant"
-  become: yes
-  file:
-    path: "{{ kibana_dist_path }}"
-    owner: vagrant
-    group: vagrant
-    recurse: yes
-
-- name: fix /var/log permissions for kibana
-  become: yes
-  file:
-    path: /var/log
-    state: directory
-    recurse: true
-    mode: "0777"
-
-- name: increase vm.max_map_count for ES
-  become: yes
-  sysctl:
-    name: vm.max_map_count
-    value: '262144'
-    state: present
-    reload: yes
\ No newline at end of file
diff --git a/test/package/templates/fips/kibana.yml b/test/package/templates/fips/kibana.yml
deleted file mode 100644
index d33cb21c383cb..0000000000000
--- a/test/package/templates/fips/kibana.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-server.host: 0.0.0.0
-
-elasticsearch.username: "{{ elasticsearch_username }}"
-elasticsearch.password: "{{ elasticsearch_password }}"
-
-logging:
-  appenders:
-    file:
-      type: file
-      fileName: /var/log/kibana/kibana.log
-      layout:
-        type: json
-  root:
-    appenders:
-      - default
-      - file
diff --git a/test/package/templates/fips/node.options b/test/package/templates/fips/node.options
deleted file mode 100644
index b01af3c27a7b3..0000000000000
--- a/test/package/templates/fips/node.options
+++ /dev/null
@@ -1,4 +0,0 @@
---max-old-space-size=812
---unhandled-rejections=warn
---enable-fips
---openssl-config=/usr/share/kibana/config/nodejs.cnf
\ No newline at end of file
diff --git a/test/package/templates/fips/nodejs.cnf b/test/package/templates/fips/nodejs.cnf
deleted file mode 100644
index f4f3a076975eb..0000000000000
--- a/test/package/templates/fips/nodejs.cnf
+++ /dev/null
@@ -1,28 +0,0 @@
-##########################################################################
-##                                                                      ##
-## This OpenSSL config is only loaded when running Kibana in FIPS mode. ##
-##                                                                      ##
-## See:                                                                 ##
-## https://github.com/openssl/openssl/blob/openssl-3.0/README-FIPS.md   ##
-## https://www.openssl.org/docs/man3.0/man7/fips_module.html            ##
-##                                                                      ##
-##########################################################################
-
-nodejs_conf = nodejs_init
-.include /usr/share/kibana/openssl/ssl/fipsmodule.cnf
-
-[nodejs_init]
-providers = provider_sect
-alg_section = algorithm_sect
-
-[provider_sect]
-default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-fips = fips_sect
-
-[default_sect]
-activate = 1
-
-[algorithm_sect]
-default_properties = fips=yes 
\ No newline at end of file
diff --git a/test/plugin_functional/test_suites/core_plugins/rendering.ts b/test/plugin_functional/test_suites/core_plugins/rendering.ts
index 5a16b46a366e2..b9bb6183b22b0 100644
--- a/test/plugin_functional/test_suites/core_plugins/rendering.ts
+++ b/test/plugin_functional/test_suites/core_plugins/rendering.ts
@@ -220,7 +220,6 @@ export default function ({ getService }: PluginFunctionalProviderContext) {
         'xpack.apm.featureFlags.storageExplorerAvailable (any)',
         'xpack.apm.featureFlags.profilingIntegrationAvailable (boolean)',
         'xpack.apm.serverless.enabled (any)', // It's a boolean (any because schema.conditional)
-        'xpack.assetManager.alphaEnabled (boolean)',
         'xpack.observability_onboarding.serverless.enabled (any)', // It's a boolean (any because schema.conditional)
         'xpack.cases.files.allowedMimeTypes (array)',
         'xpack.cases.files.maxSize (number)',
@@ -261,6 +260,7 @@ export default function ({ getService }: PluginFunctionalProviderContext) {
         'xpack.discoverEnhanced.actions.exploreDataInChart.enabled (boolean)',
         'xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled (boolean)',
         'xpack.fleet.agents.enabled (boolean)',
+        'xpack.fleet.agentless.api.url (string)',
         'xpack.fleet.enableExperimental (array)',
         'xpack.fleet.internal.activeAgentsSoftLimit (number)',
         'xpack.fleet.internal.fleetServerStandalone (boolean)',
@@ -290,8 +290,8 @@ export default function ({ getService }: PluginFunctionalProviderContext) {
         'xpack.index_management.enableIndexActions (any)',
         'xpack.index_management.enableLegacyTemplates (any)',
         'xpack.index_management.enableIndexStats (any)',
+        'xpack.index_management.enableDataStreamStats (any)',
         'xpack.index_management.editableIndexSettings (any)',
-        'xpack.index_management.enableDataStreamsStorageColumn (any)',
         'xpack.index_management.enableMappingsSourceFieldSection (any)',
         'xpack.index_management.dev.enableSemanticText (boolean)',
         'xpack.license_management.ui.enabled (boolean)',
diff --git a/tsconfig.base.json b/tsconfig.base.json
index 0f8d9a11563e0..689df41bae17a 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -88,8 +88,6 @@
       "@kbn/app-link-test-plugin/*": ["test/plugin_functional/plugins/app_link_test/*"],
       "@kbn/application-usage-test-plugin": ["x-pack/test/usage_collection/plugins/application_usage_test"],
       "@kbn/application-usage-test-plugin/*": ["x-pack/test/usage_collection/plugins/application_usage_test/*"],
-      "@kbn/assetManager-plugin": ["x-pack/plugins/observability_solution/asset_manager"],
-      "@kbn/assetManager-plugin/*": ["x-pack/plugins/observability_solution/asset_manager/*"],
       "@kbn/assets-data-access-plugin": ["x-pack/plugins/observability_solution/assets_data_access"],
       "@kbn/assets-data-access-plugin/*": ["x-pack/plugins/observability_solution/assets_data_access/*"],
       "@kbn/audit-log-plugin": ["x-pack/test/security_api_integration/plugins/audit_log"],
@@ -776,6 +774,8 @@
       "@kbn/enterprise-search-plugin/*": ["x-pack/plugins/enterprise_search/*"],
       "@kbn/entities-schema": ["x-pack/packages/kbn-entities-schema"],
       "@kbn/entities-schema/*": ["x-pack/packages/kbn-entities-schema/*"],
+      "@kbn/entityManager-plugin": ["x-pack/plugins/observability_solution/entity_manager"],
+      "@kbn/entityManager-plugin/*": ["x-pack/plugins/observability_solution/entity_manager/*"],
       "@kbn/error-boundary-example-plugin": ["examples/error_boundary"],
       "@kbn/error-boundary-example-plugin/*": ["examples/error_boundary/*"],
       "@kbn/es": ["packages/kbn-es"],
@@ -1014,6 +1014,8 @@
       "@kbn/journeys/*": ["packages/kbn-journeys/*"],
       "@kbn/json-ast": ["packages/kbn-json-ast"],
       "@kbn/json-ast/*": ["packages/kbn-json-ast/*"],
+      "@kbn/json-schemas": ["x-pack/packages/ml/json_schemas"],
+      "@kbn/json-schemas/*": ["x-pack/packages/ml/json_schemas/*"],
       "@kbn/kbn-health-gateway-status-plugin": ["test/health_gateway/plugins/status"],
       "@kbn/kbn-health-gateway-status-plugin/*": ["test/health_gateway/plugins/status/*"],
       "@kbn/kbn-sample-panel-action-plugin": ["test/plugin_functional/plugins/kbn_sample_panel_action"],
@@ -1360,6 +1362,8 @@
       "@kbn/response-stream-plugin/*": ["examples/response_stream/*"],
       "@kbn/rison": ["packages/kbn-rison"],
       "@kbn/rison/*": ["packages/kbn-rison/*"],
+      "@kbn/rollup": ["x-pack/packages/rollup"],
+      "@kbn/rollup/*": ["x-pack/packages/rollup/*"],
       "@kbn/rollup-plugin": ["x-pack/plugins/rollup"],
       "@kbn/rollup-plugin/*": ["x-pack/plugins/rollup/*"],
       "@kbn/router-to-openapispec": ["packages/kbn-router-to-openapispec"],
@@ -1444,6 +1448,10 @@
       "@kbn/searchprofiler-plugin/*": ["x-pack/plugins/searchprofiler/*"],
       "@kbn/security-api-integration-helpers": ["x-pack/test/security_api_integration/packages/helpers"],
       "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"],
+      "@kbn/security-api-key-management": ["x-pack/packages/security/api_key_management"],
+      "@kbn/security-api-key-management/*": ["x-pack/packages/security/api_key_management/*"],
+      "@kbn/security-form-components": ["x-pack/packages/security/form_components"],
+      "@kbn/security-form-components/*": ["x-pack/packages/security/form_components/*"],
       "@kbn/security-hardening": ["packages/kbn-security-hardening"],
       "@kbn/security-hardening/*": ["packages/kbn-security-hardening/*"],
       "@kbn/security-plugin": ["x-pack/plugins/security"],
@@ -1868,7 +1876,9 @@
       "@kbn/zod-helpers/*": ["packages/kbn-zod-helpers/*"],
       // END AUTOMATED PACKAGE LISTING
       // Allows for importing from `kibana` package for the exported types.
-      "@emotion/core": ["typings/@emotion"]
+      "@emotion/core": [
+        "typings/@emotion"
+      ]
     },
     // Support .tsx files and transform JSX into calls to React.createElement
     "jsx": "react",
diff --git a/x-pack/.i18nrc.json b/x-pack/.i18nrc.json
index 1f224ca164e52..dd3409451e704 100644
--- a/x-pack/.i18nrc.json
+++ b/x-pack/.i18nrc.json
@@ -51,6 +51,7 @@
     "xpack.logsShared": "plugins/observability_solution/logs_shared",
     "xpack.fleet": "plugins/fleet",
     "xpack.ingestPipelines": "plugins/ingest_pipelines",
+    "xpack.integrationAssistant": "plugins/integration_assistant",
     "xpack.investigate": "plugins/observability_solution/investigate",
     "xpack.kubernetesSecurity": "plugins/kubernetes_security",
     "xpack.lens": "plugins/lens",
@@ -89,7 +90,7 @@
     "xpack.profiling": ["plugins/observability_solution/profiling"],
     "xpack.remoteClusters": "plugins/remote_clusters",
     "xpack.reporting": ["plugins/reporting"],
-    "xpack.rollupJobs": ["plugins/rollup"],
+    "xpack.rollupJobs": ["packages/rollup", "plugins/rollup"],
     "xpack.runtimeFields": "plugins/runtime_fields",
     "xpack.screenshotting": "plugins/screenshotting",
     "xpack.searchHomepage": "plugins/search_homepage",
@@ -97,7 +98,7 @@
     "xpack.searchPlayground": "plugins/search_playground",
     "xpack.searchInferenceEndpoints": "plugins/search_inference_endpoints",
     "xpack.searchProfiler": "plugins/searchprofiler",
-    "xpack.security": "plugins/security",
+    "xpack.security": ["plugins/security", "packages/security"],
     "xpack.server": "legacy/server",
     "xpack.serverless": "plugins/serverless",
     "xpack.serverlessSearch": "plugins/serverless_search",
diff --git a/x-pack/README.md b/x-pack/README.md
index 421f16e8ca92a..c3c6d9666397b 100644
--- a/x-pack/README.md
+++ b/x-pack/README.md
@@ -8,12 +8,6 @@ from files dual-licensed under the Server Side Public License and the Elastic Li
 
 If you have:
 
-```yaml
-xpack.observability.unsafe.alertDetails.metrics.enabled: true
-```
-
-**[For Infrastructure rule types]** In Kibana configuration, will allow the user to navigate to the new Alert Details page, instead of the Alert Flyout when clicking on `View alert details` in the Alert table
-
 ```yaml
 xpack.observability.unsafe.alertDetails.uptime.enabled: true
 ```
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts
new file mode 100644
index 0000000000000..bc59404e0abff
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Cancel Attack Discovery API endpoint
+ *   version: 1
+ */
+
+import { z } from 'zod';
+
+import { NonEmptyString } from '../common_attributes.gen';
+import { AttackDiscoveryResponse } from './common_attributes.gen';
+
+export type AttackDiscoveryCancelRequestParams = z.infer<typeof AttackDiscoveryCancelRequestParams>;
+export const AttackDiscoveryCancelRequestParams = z.object({
+  /**
+   * The connector id for which to cancel a pending attack discovery
+   */
+  connectorId: NonEmptyString,
+});
+export type AttackDiscoveryCancelRequestParamsInput = z.input<
+  typeof AttackDiscoveryCancelRequestParams
+>;
+
+export type AttackDiscoveryCancelResponse = z.infer<typeof AttackDiscoveryCancelResponse>;
+export const AttackDiscoveryCancelResponse = AttackDiscoveryResponse;
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml
new file mode 100644
index 0000000000000..553d741089cd0
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml
@@ -0,0 +1,41 @@
+openapi: 3.0.0
+info:
+  title: Cancel Attack Discovery API endpoint
+  version: '1'
+paths:
+  /internal/elastic_assistant/attack_discovery/cancel/{connectorId}:
+    put:
+      operationId: AttackDiscoveryCancel
+      x-codegen-enabled: true
+      description: Cancel relevant data for performing an attack discovery like pending requests
+      summary: Cancel relevant data for performing an attack discovery
+      tags:
+        - attack_discovery
+      parameters:
+        - name: 'connectorId'
+          in: path
+          required: true
+          description: The connector id for which to cancel a pending attack discovery
+          schema:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse'
+
+        '400':
+          description: Generic Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts
new file mode 100644
index 0000000000000..57b79b87fe4f9
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts
@@ -0,0 +1,249 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Common Attack Discovery Attributes
+ *   version: not applicable
+ */
+
+import { z } from 'zod';
+
+import { NonEmptyString, User } from '../common_attributes.gen';
+import { Replacements, ApiConfig } from '../conversations/common_attributes.gen';
+
+/**
+ * An attack discovery generated from one or more alerts
+ */
+export type AttackDiscovery = z.infer<typeof AttackDiscovery>;
+export const AttackDiscovery = z.object({
+  /**
+   * The alert IDs that the attack discovery is based on
+   */
+  alertIds: z.array(z.string()),
+  /**
+   * UUID of attack discovery
+   */
+  id: z.string().optional(),
+  /**
+   * Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data.
+   */
+  detailsMarkdown: z.string(),
+  /**
+   * A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax
+   */
+  entitySummaryMarkdown: z.string(),
+  /**
+   * An array of MITRE ATT&CK tactic for the attack discovery
+   */
+  mitreAttackTactics: z.array(z.string()).optional(),
+  /**
+   * A markdown summary of attack discovery, using the same syntax
+   */
+  summaryMarkdown: z.string(),
+  /**
+   * A title for the attack discovery, in plain text
+   */
+  title: z.string(),
+  /**
+   * The time the attack discovery was generated
+   */
+  timestamp: NonEmptyString,
+});
+
+/**
+ * Array of attack discoveries
+ */
+export type AttackDiscoveries = z.infer<typeof AttackDiscoveries>;
+export const AttackDiscoveries = z.array(AttackDiscovery);
+
+/**
+ * The status of the attack discovery.
+ */
+export type AttackDiscoveryStatus = z.infer<typeof AttackDiscoveryStatus>;
+export const AttackDiscoveryStatus = z.enum(['running', 'succeeded', 'failed', 'canceled']);
+export type AttackDiscoveryStatusEnum = typeof AttackDiscoveryStatus.enum;
+export const AttackDiscoveryStatusEnum = AttackDiscoveryStatus.enum;
+
+/**
+ * Run durations for the attack discovery
+ */
+export type GenerationInterval = z.infer<typeof GenerationInterval>;
+export const GenerationInterval = z.object({
+  /**
+   * The time the attack discovery was generated
+   */
+  date: z.string(),
+  /**
+   * The duration of the attack discovery generation
+   */
+  durationMs: z.number().int(),
+});
+
+/**
+ * Attack discovery stats
+ */
+export type AttackDiscoveryStat = z.infer<typeof AttackDiscoveryStat>;
+export const AttackDiscoveryStat = z.object({
+  /**
+   * Whether the user has viewed the results of the attack discovery run
+   */
+  hasViewed: z.boolean(),
+  /**
+   * The number of attack discoveries for the connector
+   */
+  count: z.number().int(),
+  /**
+   * The connector ID for the attack discovery
+   */
+  connectorId: z.string(),
+  /**
+   * The status of the attack discovery.
+   */
+  status: AttackDiscoveryStatus,
+});
+
+/**
+ * Stats on existing attack discovery documents
+ */
+export type AttackDiscoveryStats = z.infer<typeof AttackDiscoveryStats>;
+export const AttackDiscoveryStats = z.object({
+  /**
+   * The number of attack discoveries that have not yet been viewed
+   */
+  newDiscoveriesCount: z.number().int(),
+  /**
+   * The number of connectors with new results that have not yet been viewed
+   */
+  newConnectorResultsCount: z.number().int(),
+  /**
+   * Attack discovery stats per connector
+   */
+  statsPerConnector: z.array(AttackDiscoveryStat),
+});
+
+export type AttackDiscoveryResponse = z.infer<typeof AttackDiscoveryResponse>;
+export const AttackDiscoveryResponse = z.object({
+  id: NonEmptyString,
+  timestamp: NonEmptyString.optional(),
+  /**
+   * The last time attack discovery was updated.
+   */
+  updatedAt: z.string(),
+  /**
+   * The last time attack discovery was viewed in the browser.
+   */
+  lastViewedAt: z.string(),
+  /**
+   * The number of alerts in the context.
+   */
+  alertsContextCount: z.number().int().optional(),
+  /**
+   * The time attack discovery was created.
+   */
+  createdAt: z.string(),
+  replacements: Replacements.optional(),
+  users: z.array(User),
+  /**
+   * The status of the attack discovery.
+   */
+  status: AttackDiscoveryStatus,
+  /**
+   * The attack discoveries.
+   */
+  attackDiscoveries: AttackDiscoveries,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
+  /**
+   * Kibana space
+   */
+  namespace: z.string(),
+  /**
+   * The backing index required for update requests.
+   */
+  backingIndex: z.string(),
+  /**
+   * The most 5 recent generation intervals
+   */
+  generationIntervals: z.array(GenerationInterval),
+  /**
+   * The average generation interval in milliseconds
+   */
+  averageIntervalMs: z.number().int(),
+  /**
+   * The reason for a status of failed.
+   */
+  failureReason: z.string().optional(),
+});
+
+export type AttackDiscoveryUpdateProps = z.infer<typeof AttackDiscoveryUpdateProps>;
+export const AttackDiscoveryUpdateProps = z.object({
+  id: NonEmptyString,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig.optional(),
+  /**
+   * The number of alerts in the context.
+   */
+  alertsContextCount: z.number().int().optional(),
+  /**
+   * The attack discoveries.
+   */
+  attackDiscoveries: AttackDiscoveries.optional(),
+  /**
+   * The status of the attack discovery.
+   */
+  status: AttackDiscoveryStatus.optional(),
+  replacements: Replacements.optional(),
+  /**
+   * The most 5 recent generation intervals
+   */
+  generationIntervals: z.array(GenerationInterval).optional(),
+  /**
+   * The backing index required for update requests.
+   */
+  backingIndex: z.string(),
+  /**
+   * The reason for a status of failed.
+   */
+  failureReason: z.string().optional(),
+  /**
+   * The last time attack discovery was viewed in the browser.
+   */
+  lastViewedAt: z.string().optional(),
+});
+
+export type AttackDiscoveryCreateProps = z.infer<typeof AttackDiscoveryCreateProps>;
+export const AttackDiscoveryCreateProps = z.object({
+  /**
+   * The attack discovery id.
+   */
+  id: z.string().optional(),
+  /**
+   * The status of the attack discovery.
+   */
+  status: AttackDiscoveryStatus,
+  /**
+   * The number of alerts in the context.
+   */
+  alertsContextCount: z.number().int().optional(),
+  /**
+   * The attack discoveries.
+   */
+  attackDiscoveries: AttackDiscoveries,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
+  replacements: Replacements.optional(),
+});
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml
new file mode 100644
index 0000000000000..dcb72147f9408
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml
@@ -0,0 +1,246 @@
+openapi: 3.0.0
+info:
+  title: Common Attack Discovery Attributes
+  version: 'not applicable'
+paths: {}
+components:
+  x-codegen-enabled: true
+  schemas:
+    AttackDiscovery:
+      type: object
+      description: An attack discovery generated from one or more alerts
+      required:
+        - 'alertIds'
+        - 'detailsMarkdown'
+        - 'entitySummaryMarkdown'
+        - 'summaryMarkdown'
+        - 'timestamp'
+        - 'title'
+      properties:
+        alertIds:
+          description: The alert IDs that the attack discovery is based on
+          items:
+            type: string
+          type: array
+        id:
+          description: UUID of attack discovery
+          type: string
+        detailsMarkdown:
+          description: Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data.
+          type: string
+        entitySummaryMarkdown:
+          description: A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax
+          type: string
+        mitreAttackTactics:
+          description: An array of MITRE ATT&CK tactic for the attack discovery
+          items:
+            type: string
+          type: array
+        summaryMarkdown:
+          description: A markdown summary of attack discovery, using the same syntax
+          type: string
+        title:
+          description: A title for the attack discovery, in plain text
+          type: string
+        timestamp:
+          description: The time the attack discovery was generated
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+    AttackDiscoveries:
+      type: array
+      description: Array of attack discoveries
+      items:
+        $ref: '#/components/schemas/AttackDiscovery'
+
+    AttackDiscoveryStatus:
+      type: string
+      description: The status of the attack discovery.
+      enum:
+        - running
+        - succeeded
+        - failed
+        - canceled
+
+    GenerationInterval:
+      type: object
+      description: Run durations for the attack discovery
+      required:
+        - 'date'
+        - 'durationMs'
+      properties:
+        date:
+          description: The time the attack discovery was generated
+          type: string
+        durationMs:
+          description: The duration of the attack discovery generation
+          type: integer
+
+    AttackDiscoveryStat:
+      type: object
+      description: Attack discovery stats
+      required:
+        - 'hasViewed'
+        - 'status'
+        - 'count'
+        - 'connectorId'
+      properties:
+        hasViewed:
+          description: Whether the user has viewed the results of the attack discovery run
+          type: boolean
+        count:
+          description: The number of attack discoveries for the connector
+          type: integer
+        connectorId:
+          description: The connector ID for the attack discovery
+          type: string
+        status:
+          $ref: '#/components/schemas/AttackDiscoveryStatus'
+          description: The status of the attack discovery.
+
+    AttackDiscoveryStats:
+      type: object
+      description: Stats on existing attack discovery documents
+      required:
+        - 'newDiscoveriesCount'
+        - 'newConnectorResultsCount'
+        - 'statsPerConnector'
+      properties:
+        newDiscoveriesCount:
+          description: The number of attack discoveries that have not yet been viewed
+          type: integer
+        newConnectorResultsCount:
+          description: The number of connectors with new results that have not yet been viewed
+          type: integer
+        statsPerConnector:
+          type: array
+          description: Attack discovery stats per connector
+          items:
+            $ref: '#/components/schemas/AttackDiscoveryStat'
+
+
+    AttackDiscoveryResponse:
+      type: object
+      required:
+        - apiConfig
+        - id
+        - createdAt
+        - updatedAt
+        - lastViewedAt
+        - users
+        - namespace
+        - attackDiscoveries
+        - status
+        - backingIndex
+        - generationIntervals
+        - averageIntervalMs
+      properties:
+        id:
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        'timestamp':
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        updatedAt:
+          description: The last time attack discovery was updated.
+          type: string
+        lastViewedAt:
+          description: The last time attack discovery was viewed in the browser.
+          type: string
+        alertsContextCount:
+            type: integer
+            description: The number of alerts in the context.
+        createdAt:
+          description: The time attack discovery was created.
+          type: string
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+        users:
+          type: array
+          items:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/User'
+        status:
+          $ref: '#/components/schemas/AttackDiscoveryStatus'
+          description: The status of the attack discovery.
+        attackDiscoveries:
+          $ref: '#/components/schemas/AttackDiscoveries'
+          description: The attack discoveries.
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        namespace:
+          type: string
+          description: Kibana space
+        backingIndex:
+          type: string
+          description: The backing index required for update requests.
+        generationIntervals:
+          type: array
+          description: The most 5 recent generation intervals
+          items:
+            $ref: '#/components/schemas/GenerationInterval'
+        averageIntervalMs:
+          type: integer
+          description: The average generation interval in milliseconds
+        failureReason:
+          type: string
+          description: The reason for a status of failed.
+
+    AttackDiscoveryUpdateProps:
+      type: object
+      required:
+        - id
+        - backingIndex
+      properties:
+        id:
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        alertsContextCount:
+          type: integer
+          description: The number of alerts in the context.
+        attackDiscoveries:
+          $ref: '#/components/schemas/AttackDiscoveries'
+          description: The attack discoveries.
+        status:
+          $ref: '#/components/schemas/AttackDiscoveryStatus'
+          description: The status of the attack discovery.
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+        generationIntervals:
+          type: array
+          description: The most 5 recent generation intervals
+          items:
+            $ref: '#/components/schemas/GenerationInterval'
+        backingIndex:
+          type: string
+          description: The backing index required for update requests.
+        failureReason:
+          type: string
+          description: The reason for a status of failed.
+        lastViewedAt:
+          description: The last time attack discovery was viewed in the browser.
+          type: string
+
+    AttackDiscoveryCreateProps:
+      type: object
+      required:
+        - attackDiscoveries
+        - apiConfig
+        - status
+      properties:
+        id:
+          type: string
+          description: The attack discovery id.
+        status:
+          $ref: '#/components/schemas/AttackDiscoveryStatus'
+          description: The status of the attack discovery.
+        alertsContextCount:
+          type: integer
+          description: The number of alerts in the context.
+        attackDiscoveries:
+          $ref: '#/components/schemas/AttackDiscoveries'
+          description: The attack discoveries.
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts
new file mode 100644
index 0000000000000..00eb09809614b
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get Attack Discovery API endpoint
+ *   version: 1
+ */
+
+import { z } from 'zod';
+
+import { NonEmptyString } from '../common_attributes.gen';
+import { AttackDiscoveryResponse, AttackDiscoveryStat } from './common_attributes.gen';
+
+export type AttackDiscoveryGetRequestParams = z.infer<typeof AttackDiscoveryGetRequestParams>;
+export const AttackDiscoveryGetRequestParams = z.object({
+  /**
+   * The connector id for which to get the attack discovery
+   */
+  connectorId: NonEmptyString,
+});
+export type AttackDiscoveryGetRequestParamsInput = z.input<typeof AttackDiscoveryGetRequestParams>;
+
+export type AttackDiscoveryGetResponse = z.infer<typeof AttackDiscoveryGetResponse>;
+export const AttackDiscoveryGetResponse = z.object({
+  data: AttackDiscoveryResponse.optional(),
+  /**
+   * Attack discovery stats per connector
+   */
+  stats: z.array(AttackDiscoveryStat),
+});
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml
new file mode 100644
index 0000000000000..33638a588679a
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml
@@ -0,0 +1,50 @@
+openapi: 3.0.0
+info:
+  title: Get Attack Discovery API endpoint
+  version: '1'
+paths:
+  /internal/elastic_assistant/attack_discovery/{connectorId}:
+    get:
+      operationId: AttackDiscoveryGet
+      x-codegen-enabled: true
+      description: Get relevant data for performing an attack discovery like pending requests
+      summary: Get relevant data for performing an attack discovery
+      tags:
+        - attack_discovery
+      parameters:
+        - name: 'connectorId'
+          in: path
+          required: true
+          description: The connector id for which to get the attack discovery
+          schema:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  data:
+                    $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse'
+                  stats:
+                    type: array
+                    description: Attack discovery stats per connector
+                    items:
+                      $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryStat'
+                required:
+                  - stats
+        '400':
+          description: Generic Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts
index cfc7d5285ddac..d2912c6e09ba2 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts
@@ -10,52 +10,24 @@
  * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
  *
  * info:
- *   title: Attack discovery API endpoint
+ *   title: Post Attack discovery API endpoint
  *   version: 1
  */
 
 import { z } from 'zod';
 
 import { AnonymizationFieldResponse } from '../anonymization_fields/bulk_crud_anonymization_fields_route.gen';
-import { Replacements, TraceData } from '../conversations/common_attributes.gen';
-
-/**
- * An attack discovery generated from one or more alerts
- */
-export type AttackDiscovery = z.infer<typeof AttackDiscovery>;
-export const AttackDiscovery = z.object({
-  /**
-   * The alert IDs that the attack discovery is based on
-   */
-  alertIds: z.array(z.string()),
-  /**
-   * Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data.
-   */
-  detailsMarkdown: z.string(),
-  /**
-   * A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax
-   */
-  entitySummaryMarkdown: z.string(),
-  /**
-   * An array of MITRE ATT&CK tactic for the attack discovery
-   */
-  mitreAttackTactics: z.array(z.string()).optional(),
-  /**
-   * A markdown summary of attack discovery, using the same syntax
-   */
-  summaryMarkdown: z.string(),
-  /**
-   * A title for the attack discovery, in plain text
-   */
-  title: z.string(),
-});
+import { ApiConfig, Replacements } from '../conversations/common_attributes.gen';
+import { AttackDiscoveryResponse } from './common_attributes.gen';
 
 export type AttackDiscoveryPostRequestBody = z.infer<typeof AttackDiscoveryPostRequestBody>;
 export const AttackDiscoveryPostRequestBody = z.object({
   alertsIndexPattern: z.string(),
   anonymizationFields: z.array(AnonymizationFieldResponse),
-  connectorId: z.string(),
-  actionTypeId: z.string(),
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
   langSmithProject: z.string().optional(),
   langSmithApiKey: z.string().optional(),
   model: z.string().optional(),
@@ -66,11 +38,4 @@ export const AttackDiscoveryPostRequestBody = z.object({
 export type AttackDiscoveryPostRequestBodyInput = z.input<typeof AttackDiscoveryPostRequestBody>;
 
 export type AttackDiscoveryPostResponse = z.infer<typeof AttackDiscoveryPostResponse>;
-export const AttackDiscoveryPostResponse = z.object({
-  connector_id: z.string().optional(),
-  alertsContextCount: z.number().optional(),
-  attackDiscoveries: z.array(AttackDiscovery).optional(),
-  replacements: Replacements.optional(),
-  status: z.string().optional(),
-  trace_data: TraceData.optional(),
-});
+export const AttackDiscoveryPostResponse = AttackDiscoveryResponse;
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml
index 44acb268700a5..1c658174abd5c 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml
@@ -1,43 +1,9 @@
 openapi: 3.0.0
 info:
-  title: Attack discovery API endpoint
+  title: Post Attack discovery API endpoint
   version: '1'
 components:
   x-codegen-enabled: true
-  schemas:
-    AttackDiscovery:
-      type: object
-      description: An attack discovery generated from one or more alerts
-      required:
-        - 'alertIds'
-        - 'detailsMarkdown'
-        - 'entitySummaryMarkdown'
-        - 'summaryMarkdown'
-        - 'title'
-      properties:
-        alertIds:
-          description: The alert IDs that the attack discovery is based on
-          items:
-            type: string
-          type: array
-        detailsMarkdown:
-          description: Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data.
-          type: string
-        entitySummaryMarkdown:
-          description: A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax
-          type: string
-        mitreAttackTactics:
-          description: An array of MITRE ATT&CK tactic for the attack discovery
-          items:
-            type: string
-          type: array
-        summaryMarkdown:
-          description: A markdown summary of attack discovery, using the same syntax
-          type: string
-        title:
-          description: A title for the attack discovery, in plain text
-          type: string
-
 
 paths:
   /internal/elastic_assistant/attack_discovery:
@@ -56,10 +22,9 @@ paths:
             schema:
               type: object
               required:
-                - actionTypeId
+                - apiConfig
                 - alertsIndexPattern
                 - anonymizationFields
-                - connectorId
                 - size
                 - subAction
               properties:
@@ -69,10 +34,9 @@ paths:
                   items:
                     $ref: '../anonymization_fields/bulk_crud_anonymization_fields_route.schema.yaml#/components/schemas/AnonymizationFieldResponse'
                   type: array
-                connectorId:
-                  type: string
-                actionTypeId:
-                  type: string
+                apiConfig:
+                  $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+                  description: LLM API configuration.
                 langSmithProject:
                   type: string
                 langSmithApiKey:
@@ -94,22 +58,7 @@ paths:
           content:
             application/json:
               schema:
-                type: object
-                properties:
-                  connector_id:
-                    type: string
-                  alertsContextCount:
-                    type: number
-                  attackDiscoveries:
-                    type: array
-                    items:
-                        $ref: '#/components/schemas/AttackDiscovery'
-                  replacements:
-                    $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
-                  status:
-                    type: string
-                  trace_data:
-                    $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/TraceData'
+                $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse'
         '400':
           description: Bad request
           content:
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts
index bbed67f4814fc..03f63ec0f2d29 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts
@@ -108,11 +108,11 @@ export const Message = z.object({
 export type ApiConfig = z.infer<typeof ApiConfig>;
 export const ApiConfig = z.object({
   /**
-   * connector Id
+   * connector id
    */
   connectorId: z.string(),
   /**
-   * action type Id
+   * action type id
    */
   actionTypeId: z.string(),
   /**
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml
index 49aaaa5663a1c..f6a8189182474 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml
@@ -93,10 +93,10 @@ components:
       properties:
         connectorId:
           type: string
-          description: connector Id
+          description: connector id
         actionTypeId:
           type: string
-          description: action type Id
+          description: action type id
         defaultSystemPromptId:
           type: string
           description: defaultSystemPromptId
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
index ae66432af3076..8f47731694cf3 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
@@ -22,7 +22,10 @@ export const INTERNAL_API_ACCESS = 'internal';
 export * from './common_attributes.gen';
 
 // Attack discovery Schemas
+export * from './attack_discovery/common_attributes.gen';
+export * from './attack_discovery/get_attack_discovery_route.gen';
 export * from './attack_discovery/post_attack_discovery_route.gen';
+export * from './attack_discovery/cancel_attack_discovery_route.gen';
 
 // Evaluation Schemas
 export * from './evaluation/post_evaluate_route.gen';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/assistant_header_flyout.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/assistant_header_flyout.tsx
index be97f716b2740..d9ba27b96655f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/assistant_header_flyout.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/assistant_header_flyout.tsx
@@ -43,6 +43,7 @@ interface OwnProps {
   setChatHistoryVisible?: React.Dispatch<React.SetStateAction<boolean>>;
   onConversationSelected: ({ cId, cTitle }: { cId: string; cTitle: string }) => void;
   conversations: Record<string, Conversation>;
+  conversationsLoaded: boolean;
   refetchConversationsState: () => Promise<void>;
   onConversationCreate: () => Promise<void>;
   isAssistantEnabled: boolean;
@@ -69,6 +70,7 @@ export const AssistantHeaderFlyout: React.FC<Props> = ({
   onCloseFlyout,
   onConversationSelected,
   conversations,
+  conversationsLoaded,
   refetchConversationsState,
   onConversationCreate,
   isAssistantEnabled,
@@ -158,6 +160,7 @@ export const AssistantHeaderFlyout: React.FC<Props> = ({
               setIsSettingsModalVisible={setIsSettingsModalVisible}
               onConversationSelected={onConversationSelected}
               conversations={conversations}
+              conversationsLoaded={conversationsLoaded}
               refetchConversationsState={refetchConversationsState}
               isFlyoutMode={true}
             />
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.test.tsx
index 4cf6afada5367..2301078d57ba1 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.test.tsx
@@ -19,6 +19,7 @@ const mockConversations = {
   [welcomeConvo.title]: welcomeConvo,
 };
 const testProps = {
+  conversationsLoaded: true,
   currentConversation: welcomeConvo,
   title: 'Test Title',
   docLinks: {
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
index bb2e72e2936d3..ac7ca235b36ee 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
@@ -38,6 +38,7 @@ interface OwnProps {
   showAnonymizedValues: boolean;
   title: string;
   conversations: Record<string, Conversation>;
+  conversationsLoaded: boolean;
   refetchConversationsState: () => Promise<void>;
 }
 
@@ -61,6 +62,7 @@ export const AssistantHeader: React.FC<Props> = ({
   showAnonymizedValues,
   title,
   conversations,
+  conversationsLoaded,
   refetchConversationsState,
 }) => {
   const showAnonymizedValuesChecked = useMemo(
@@ -151,6 +153,7 @@ export const AssistantHeader: React.FC<Props> = ({
                   setIsSettingsModalVisible={setIsSettingsModalVisible}
                   onConversationSelected={onConversationSelected}
                   conversations={conversations}
+                  conversationsLoaded={conversationsLoaded}
                   refetchConversationsState={refetchConversationsState}
                   isFlyoutMode={false}
                 />
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/badges/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/badges/index.tsx
new file mode 100644
index 0000000000000..3a93da1e6f72a
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/badges/index.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiBadge } from '@elastic/eui';
+import React from 'react';
+
+export const BadgesColumn: React.FC<{ items: string[] | null | undefined; prefix: string }> =
+  React.memo(({ items, prefix }) =>
+    items && items.length > 0 ? (
+      <div>
+        {items.map((c, idx) => (
+          <EuiBadge key={`${prefix}-${idx}`} color="hollow">
+            {c}
+          </EuiBadge>
+        ))}
+      </div>
+    ) : null
+  );
+BadgesColumn.displayName = 'BadgesColumn';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/index.tsx
new file mode 100644
index 0000000000000..e749fb483d504
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/index.tsx
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiButton,
+  EuiButtonEmpty,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFlyout,
+  EuiFlyoutBody,
+  EuiFlyoutFooter,
+  EuiFlyoutHeader,
+  EuiTitle,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import React from 'react';
+import * as i18n from './translations';
+
+interface Props {
+  children: React.ReactNode;
+  title: string;
+  flyoutVisible: boolean;
+  onClose: () => void;
+  onSaveCancelled: () => void;
+  onSaveConfirmed: () => void;
+}
+
+const FlyoutComponent: React.FC<Props> = ({
+  title,
+  flyoutVisible,
+  children,
+  onClose,
+  onSaveCancelled,
+  onSaveConfirmed,
+}) => {
+  return flyoutVisible ? (
+    <EuiFlyout
+      ownFocus
+      onClose={onClose}
+      css={css`
+        max-width: 656px;
+      `}
+    >
+      <EuiFlyoutHeader>
+        <EuiTitle size={'s'}>
+          <h2>{title}</h2>
+        </EuiTitle>
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>{children}</EuiFlyoutBody>
+      <EuiFlyoutFooter>
+        <EuiFlexGroup justifyContent="spaceBetween" gutterSize="s">
+          <EuiFlexItem grow={false}>
+            <EuiButtonEmpty
+              size="m"
+              color="text"
+              iconType="cross"
+              data-test-subj="cancel-button"
+              onClick={onSaveCancelled}
+            >
+              {i18n.FLYOUT_CANCEL_BUTTON_TITLE}
+            </EuiButtonEmpty>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiButton
+              size="m"
+              type="submit"
+              data-test-subj="save-button"
+              onClick={onSaveConfirmed}
+              iconType="check"
+              fill
+            >
+              {i18n.FLYOUT_SAVE_BUTTON_TITLE}
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlyoutFooter>
+    </EuiFlyout>
+  ) : null;
+};
+
+export const Flyout = React.memo(FlyoutComponent);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/translations.ts
new file mode 100644
index 0000000000000..f25348cd8b5d6
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/translations.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const FLYOUT_SAVE_BUTTON_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.flyout.saveButtonTitle',
+  {
+    defaultMessage: 'Save',
+  }
+);
+
+export const FLYOUT_CANCEL_BUTTON_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.flyout.cancelButtonTitle',
+  {
+    defaultMessage: 'Cancel',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/use_flyout_modal_visibility.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/use_flyout_modal_visibility.ts
new file mode 100644
index 0000000000000..ad3da6b12242e
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/flyout/use_flyout_modal_visibility.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useMemo, useState } from 'react';
+
+export const useFlyoutModalVisibility = () => {
+  const [isFlyoutOpen, setIsFlyoutOpen] = useState(false);
+
+  const openFlyout = () => {
+    setIsFlyoutOpen(true);
+  };
+
+  const closeFlyout = () => {
+    setIsFlyoutOpen(false);
+  };
+
+  return useMemo(
+    () => ({
+      isFlyoutOpen,
+      openFlyout,
+      closeFlyout,
+    }),
+    [isFlyoutOpen]
+  );
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/pagination/use_session_pagination.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/pagination/use_session_pagination.ts
new file mode 100644
index 0000000000000..daaccc1fc6992
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/pagination/use_session_pagination.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Direction } from '@elastic/eui';
+import { useCallback, useMemo } from 'react';
+import useSessionStorage from 'react-use/lib/useSessionStorage';
+import { DEFAULT_ASSISTANT_NAMESPACE } from '../../../../../assistant_context/constants';
+import { DEFAULT_PAGE_SIZE } from '../../../../settings/const';
+
+export const DEFAULT_TABLE_OPTIONS = {
+  page: { size: DEFAULT_PAGE_SIZE, index: 0 },
+  sort: { field: '', direction: 'asc' as const },
+};
+
+export const useSessionPagination = ({
+  defaultTableOptions,
+  nameSpace = DEFAULT_ASSISTANT_NAMESPACE,
+  storageKey,
+}: {
+  defaultTableOptions: {
+    page: { size: number; index: number };
+    sort: { field: string; direction: Direction };
+  };
+  nameSpace?: string;
+  storageKey: string;
+}) => {
+  const [sessionStorageTableOptions = defaultTableOptions, setSessionStorageTableOptions] =
+    useSessionStorage(`${nameSpace}.${storageKey}`, defaultTableOptions);
+
+  const pagination = useMemo(
+    () => ({
+      initialPageSize: sessionStorageTableOptions.page.size,
+      pageSizeOptions: [5, 10, DEFAULT_PAGE_SIZE, 50],
+      pageIndex: sessionStorageTableOptions.page.index,
+    }),
+    [sessionStorageTableOptions]
+  );
+
+  const sorting = useMemo(
+    () => ({
+      sort: sessionStorageTableOptions.sort,
+    }),
+    [sessionStorageTableOptions.sort]
+  );
+
+  const onTableChange = useCallback(
+    ({ page, sort }) => {
+      setSessionStorageTableOptions({
+        page,
+        sort,
+      });
+    },
+    [setSessionStorageTableOptions]
+  );
+
+  return {
+    onTableChange,
+    pagination,
+    sorting,
+  };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/index.tsx
new file mode 100644
index 0000000000000..b2d31ec80433f
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/index.tsx
@@ -0,0 +1,89 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiButtonEmpty, EuiButtonIcon, EuiFlexGroup, EuiFlexItem, EuiPopover } from '@elastic/eui';
+import React, { useCallback, useState } from 'react';
+import * as i18n from './translations';
+
+interface Props<T> {
+  isDeletable?: boolean;
+  isEditable?: boolean;
+  onDelete?: (rowItem: T) => void;
+  onEdit?: (rowItem: T) => void;
+  rowItem: T;
+}
+
+type RowActionsComponentType = <T>(props: Props<T>) => JSX.Element;
+
+const RowActionsComponent = <T,>({
+  isDeletable = true,
+  isEditable = true,
+  onDelete,
+  onEdit,
+  rowItem,
+}: Props<T>) => {
+  const [isPopoverOpen, setIsPopoverOpen] = useState(false);
+
+  const closePopover = useCallback(() => setIsPopoverOpen(false), []);
+  const handleEdit = useCallback(() => {
+    closePopover();
+    onEdit?.(rowItem);
+  }, [closePopover, onEdit, rowItem]);
+
+  const handleDelete = useCallback(() => {
+    closePopover();
+    onDelete?.(rowItem);
+  }, [closePopover, onDelete, rowItem]);
+
+  const onButtonClick = useCallback(() => setIsPopoverOpen((prevState) => !prevState), []);
+  return onEdit || onDelete ? (
+    <EuiPopover
+      button={
+        <EuiButtonIcon
+          color="success"
+          iconType="boxesHorizontal"
+          disabled={rowItem == null}
+          onClick={onButtonClick}
+        />
+      }
+      isOpen={isPopoverOpen}
+      closePopover={closePopover}
+      anchorPosition="downLeft"
+    >
+      <EuiFlexGroup direction="column" gutterSize="none" alignItems="flexStart">
+        {onEdit != null && (
+          <EuiFlexItem>
+            <EuiButtonEmpty
+              iconType="pencil"
+              onClick={handleEdit}
+              disabled={!isEditable}
+              color="text"
+            >
+              {i18n.EDIT_BUTTON}
+            </EuiButtonEmpty>
+          </EuiFlexItem>
+        )}
+        {onDelete != null && (
+          <EuiFlexItem>
+            <EuiButtonEmpty
+              aria-label={i18n.DELETE_BUTTON}
+              iconType="trash"
+              onClick={handleDelete}
+              disabled={!isDeletable}
+              color="text"
+            >
+              {i18n.DELETE_BUTTON}
+            </EuiButtonEmpty>
+          </EuiFlexItem>
+        )}
+      </EuiFlexGroup>
+    </EuiPopover>
+  ) : null;
+};
+
+// casting to correctly infer the param of onEdit and onDelete when reusing this component
+export const RowActions = React.memo(RowActionsComponent) as RowActionsComponentType;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/translations.ts
new file mode 100644
index 0000000000000..1a2430cb6428c
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/common/components/assistant_settings_management/row_actions/translations.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const EDIT_BUTTON = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.editButtonTitle',
+  {
+    defaultMessage: 'Edit',
+  }
+);
+
+export const DELETE_BUTTON = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.deleteButtonTitle',
+  {
+    defaultMessage: 'Delete',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/index.tsx
index 286be81f531f3..f4b8f9a79412f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/index.tsx
@@ -8,7 +8,6 @@
 import {
   EuiButtonIcon,
   EuiComboBox,
-  EuiComboBoxOptionOption,
   EuiFlexGroup,
   EuiFlexItem,
   EuiFormRow,
@@ -21,6 +20,7 @@ import { css } from '@emotion/react';
 import { Conversation } from '../../../..';
 import * as i18n from '../conversation_selector/translations';
 import { SystemPromptSelectorOption } from '../../prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector';
+import { ConversationSelectorSettingsOption } from './types';
 
 interface Props {
   conversations: Record<string, Conversation>;
@@ -49,10 +49,6 @@ const getNextConversationTitle = (
     : conversationTitles[conversationTitles.indexOf(selectedConversationTitle) + 1];
 };
 
-export type ConversationSelectorSettingsOption = EuiComboBoxOptionOption<{
-  isDefault: boolean;
-}>;
-
 /**
  * A disconnected variant of the ConversationSelector component that allows for
  * modifiable settings without persistence. Also changes some styling and removes
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/types.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/types.ts
new file mode 100644
index 0000000000000..548149ffe0c7b
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_selector_settings/types.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiComboBoxOptionOption } from '@elastic/eui';
+
+export type ConversationSelectorSettingsOption = EuiComboBoxOptionOption<{
+  isDefault: boolean;
+}>;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.test.tsx
index 10fbcdbb842a7..104b55987bc42 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.test.tsx
@@ -180,7 +180,10 @@ describe('ConversationSettings', () => {
     );
     fireEvent.click(getByTestId('change-new-convo'));
 
-    expect(onSelectedConversationChange).toHaveBeenCalledWith({ ...mockConvo, id: '' });
+    expect(onSelectedConversationChange).toHaveBeenCalledWith({
+      ...mockConvo,
+      id: mockConvo.title,
+    });
     expect(setConversationsSettingsBulkActions).toHaveBeenCalledWith({
       create: {
         [mockConvo.title]: { ...mockConvo, id: '' },
@@ -205,7 +208,7 @@ describe('ConversationSettings', () => {
       ...mockConvos,
       [newConvo.title]: newConvo,
     });
-    expect(onSelectedConversationChange).toHaveBeenCalledWith(newConvo);
+    expect(onSelectedConversationChange).toHaveBeenCalledWith({ ...newConvo, id: newConvo.title });
   });
   it('Deleting a conversation removes it from the convo settings', () => {
     const { getByTestId } = render(
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.tsx
index 179ff7524bd88..adf2e012c0b8f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings.tsx
@@ -6,37 +6,35 @@
  */
 
 import {
-  EuiFormRow,
-  EuiLink,
   EuiTitle,
   EuiText,
   EuiHorizontalRule,
   EuiSpacer,
+  EuiFormRow,
   EuiSwitch,
 } from '@elastic/eui';
-import React, { useCallback, useMemo } from 'react';
+import React, { useMemo } from 'react';
 
 import { HttpSetup } from '@kbn/core-http-browser';
-import { FormattedMessage } from '@kbn/i18n-react';
-import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
-import { noop } from 'lodash/fp';
+
 import { ActionTypeRegistryContract } from '@kbn/triggers-actions-ui-plugin/public';
 import { Conversation, Prompt } from '../../../..';
 import * as i18n from './translations';
-import * as i18nModel from '../../../connectorland/models/model_selector/translations';
 
-import { AIConnector, ConnectorSelector } from '../../../connectorland/connector_selector';
-import { SelectSystemPrompt } from '../../prompt_editor/system_prompt/select_system_prompt';
-import { ModelSelector } from '../../../connectorland/models/model_selector/model_selector';
+import { AIConnector } from '../../../connectorland/connector_selector';
+
 import { ConversationSelectorSettings } from '../conversation_selector_settings';
-import { getDefaultSystemPrompt } from '../../use_conversation/helpers';
-import { useLoadConnectors } from '../../../connectorland/use_load_connectors';
-import { getGenAiConfig } from '../../../connectorland/helpers';
+
 import { ConversationsBulkActions } from '../../api';
+import { useConversationDeleted } from './use_conversation_deleted';
+import { ConversationSettingsEditor } from './conversation_settings_editor';
+import { useConversationChanged } from './use_conversation_changed';
+import { getConversationApiConfig } from '../../use_conversation/helpers';
 
 export interface ConversationSettingsProps {
   actionTypeRegistry: ActionTypeRegistryContract;
   allSystemPrompts: Prompt[];
+  connectors?: AIConnector[];
   conversationSettings: Record<string, Conversation>;
   conversationsSettingsBulkActions: ConversationsBulkActions;
   defaultConnector?: AIConnector;
@@ -60,6 +58,7 @@ export const ConversationSettings: React.FC<ConversationSettingsProps> = React.m
   ({
     allSystemPrompts,
     assistantStreamingEnabled,
+    connectors,
     defaultConnector,
     selectedConversation,
     onSelectedConversationChange,
@@ -72,300 +71,39 @@ export const ConversationSettings: React.FC<ConversationSettingsProps> = React.m
     conversationsSettingsBulkActions,
     setConversationsSettingsBulkActions,
   }) => {
-    const defaultSystemPrompt = useMemo(() => {
-      return getDefaultSystemPrompt({ allSystemPrompts, conversation: undefined });
-    }, [allSystemPrompts]);
-
-    const selectedSystemPrompt = useMemo(() => {
-      return getDefaultSystemPrompt({ allSystemPrompts, conversation: selectedConversation });
-    }, [allSystemPrompts, selectedConversation]);
+    const onConversationSelectionChange = useConversationChanged({
+      allSystemPrompts,
+      conversationSettings,
+      conversationsSettingsBulkActions,
+      defaultConnector,
+      setConversationSettings,
+      setConversationsSettingsBulkActions,
+      onSelectedConversationChange,
+    });
 
-    const { data: connectors, isSuccess: areConnectorsFetched } = useLoadConnectors({
-      http,
+    const onConversationDeleted = useConversationDeleted({
+      conversationSettings,
+      conversationsSettingsBulkActions,
+      setConversationSettings,
+      setConversationsSettingsBulkActions,
     });
 
-    const selectedConversationId = useMemo(
+    const selectedConversationWithApiConfig = useMemo(
       () =>
-        selectedConversation?.id === ''
-          ? selectedConversation.title
-          : (selectedConversation?.id as string),
-      [selectedConversation]
-    );
-
-    // Conversation callbacks
-    // When top level conversation selection changes
-    const onConversationSelectionChange = useCallback(
-      (c?: Conversation | string) => {
-        const isNew = typeof c === 'string';
-
-        const newSelectedConversation: Conversation | undefined = isNew
+        selectedConversation
           ? {
-              id: '',
-              title: c ?? '',
-              category: 'assistant',
-              messages: [],
-              replacements: {},
-              ...(defaultConnector
-                ? {
-                    apiConfig: {
-                      connectorId: defaultConnector.id,
-                      actionTypeId: defaultConnector.actionTypeId,
-                      provider: defaultConnector.apiProvider,
-                      defaultSystemPromptId: defaultSystemPrompt?.id,
-                    },
-                  }
-                : {}),
+              ...selectedConversation,
+              ...getConversationApiConfig({
+                allSystemPrompts,
+                conversation: selectedConversation,
+                connectors,
+                defaultConnector,
+              }),
             }
-          : c;
-
-        if (newSelectedConversation && (isNew || newSelectedConversation.id === '')) {
-          setConversationSettings({
-            ...conversationSettings,
-            [isNew ? c : newSelectedConversation.title]: newSelectedConversation,
-          });
-          setConversationsSettingsBulkActions({
-            ...conversationsSettingsBulkActions,
-            create: {
-              ...(conversationsSettingsBulkActions.create ?? {}),
-              [newSelectedConversation.title]: newSelectedConversation,
-            },
-          });
-        } else if (newSelectedConversation != null) {
-          setConversationSettings((prev) => {
-            return {
-              ...prev,
-              [newSelectedConversation.id]: newSelectedConversation,
-            };
-          });
-        }
-
-        onSelectedConversationChange(newSelectedConversation);
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        defaultConnector,
-        defaultSystemPrompt?.id,
-        onSelectedConversationChange,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
+          : selectedConversation,
+      [allSystemPrompts, connectors, defaultConnector, selectedConversation]
     );
 
-    const onConversationDeleted = useCallback(
-      (conversationTitle: string) => {
-        const conversationId =
-          Object.values(conversationSettings).find((c) => c.title === conversationTitle)?.id ?? '';
-        const updatedConversationSettings = { ...conversationSettings };
-        delete updatedConversationSettings[conversationId];
-        setConversationSettings(updatedConversationSettings);
-
-        setConversationsSettingsBulkActions({
-          ...conversationsSettingsBulkActions,
-          delete: {
-            ids: [...(conversationsSettingsBulkActions.delete?.ids ?? []), conversationId],
-          },
-        });
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
-    );
-
-    const handleOnSystemPromptSelectionChange = useCallback(
-      (systemPromptId?: string | undefined) => {
-        if (selectedConversation != null && selectedConversation.apiConfig) {
-          const updatedConversation = {
-            ...selectedConversation,
-            apiConfig: {
-              ...selectedConversation.apiConfig,
-              defaultSystemPromptId: systemPromptId,
-            },
-          };
-          setConversationSettings({
-            ...conversationSettings,
-            [updatedConversation.id]: updatedConversation,
-          });
-          if (selectedConversation.id !== '') {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              update: {
-                ...(conversationsSettingsBulkActions.update ?? {}),
-                [updatedConversation.id]: {
-                  ...updatedConversation,
-                  ...(conversationsSettingsBulkActions.update
-                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                    : {}),
-                  apiConfig: {
-                    ...updatedConversation.apiConfig,
-                    ...((conversationsSettingsBulkActions.update
-                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                      : {}
-                    ).apiConfig ?? {}),
-                    defaultSystemPromptId: systemPromptId,
-                  },
-                },
-              },
-            });
-          } else {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              create: {
-                ...(conversationsSettingsBulkActions.create ?? {}),
-                [updatedConversation.id]: updatedConversation,
-              },
-            });
-          }
-        }
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        selectedConversation,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
-    );
-
-    const selectedConnector = useMemo(() => {
-      const selectedConnectorId = selectedConversation?.apiConfig?.connectorId;
-      if (areConnectorsFetched) {
-        return connectors?.find((c) => c.id === selectedConnectorId);
-      }
-      return undefined;
-    }, [areConnectorsFetched, connectors, selectedConversation?.apiConfig?.connectorId]);
-
-    const selectedProvider = useMemo(
-      () => selectedConversation?.apiConfig?.provider,
-      [selectedConversation?.apiConfig?.provider]
-    );
-
-    const handleOnConnectorSelectionChange = useCallback(
-      (connector) => {
-        if (selectedConversation != null) {
-          const config = getGenAiConfig(connector);
-          const updatedConversation = {
-            ...selectedConversation,
-            apiConfig: {
-              ...selectedConversation.apiConfig,
-              connectorId: connector.id,
-              actionTypeId: connector.actionTypeId,
-              provider: config?.apiProvider,
-              model: config?.defaultModel,
-            },
-          };
-          setConversationSettings({
-            ...conversationSettings,
-            [selectedConversationId]: updatedConversation,
-          });
-          if (selectedConversation.id !== '') {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              update: {
-                ...(conversationsSettingsBulkActions.update ?? {}),
-                [updatedConversation.id]: {
-                  ...updatedConversation,
-                  ...(conversationsSettingsBulkActions.update
-                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                    : {}),
-                  apiConfig: {
-                    ...updatedConversation.apiConfig,
-                    ...((conversationsSettingsBulkActions.update
-                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                      : {}
-                    ).apiConfig ?? {}),
-                    connectorId: connector?.id,
-                    actionTypeId: connector?.actionTypeId,
-                    provider: config?.apiProvider,
-                    model: config?.defaultModel,
-                  },
-                },
-              },
-            });
-          } else {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              create: {
-                ...(conversationsSettingsBulkActions.create ?? {}),
-                [updatedConversation.id]: updatedConversation,
-              },
-            });
-          }
-        }
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        selectedConversation,
-        selectedConversationId,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
-    );
-
-    const selectedModel = useMemo(() => {
-      const connectorModel = getGenAiConfig(selectedConnector)?.defaultModel;
-      // Prefer conversation configuration over connector default
-      return selectedConversation?.apiConfig?.model ?? connectorModel;
-    }, [selectedConnector, selectedConversation?.apiConfig?.model]);
-
-    const handleOnModelSelectionChange = useCallback(
-      (model?: string) => {
-        if (selectedConversation != null && selectedConversation.apiConfig) {
-          const updatedConversation = {
-            ...selectedConversation,
-            apiConfig: {
-              ...selectedConversation.apiConfig,
-              model,
-            },
-          };
-          setConversationSettings({
-            ...conversationSettings,
-            [updatedConversation.id]: updatedConversation,
-          });
-          if (selectedConversation.id !== '') {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              update: {
-                ...(conversationsSettingsBulkActions.update ?? {}),
-                [updatedConversation.id]: {
-                  ...updatedConversation,
-                  ...(conversationsSettingsBulkActions.update
-                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                    : {}),
-                  apiConfig: {
-                    ...updatedConversation.apiConfig,
-                    ...((conversationsSettingsBulkActions.update
-                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
-                      : {}
-                    ).apiConfig ?? {}),
-                    model,
-                  },
-                },
-              },
-            });
-          } else {
-            setConversationsSettingsBulkActions({
-              ...conversationsSettingsBulkActions,
-              create: {
-                ...(conversationsSettingsBulkActions.create ?? {}),
-                [updatedConversation.id]: updatedConversation,
-              },
-            });
-          }
-        }
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        selectedConversation,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
-    );
     return (
       <>
         <EuiTitle size={'s'}>
@@ -382,67 +120,18 @@ export const ConversationSettings: React.FC<ConversationSettingsProps> = React.m
           onConversationSelectionChange={onConversationSelectionChange}
         />
 
-        <EuiFormRow
-          data-test-subj="prompt-field"
-          display="rowCompressed"
-          fullWidth
-          label={i18n.SETTINGS_PROMPT_TITLE}
-          helpText={i18n.SETTINGS_PROMPT_HELP_TEXT_TITLE}
-        >
-          <SelectSystemPrompt
-            allSystemPrompts={allSystemPrompts}
-            compressed
-            conversation={selectedConversation}
-            isEditing={true}
-            isDisabled={isDisabled}
-            onSystemPromptSelectionChange={handleOnSystemPromptSelectionChange}
-            selectedPrompt={selectedSystemPrompt}
-            showTitles={true}
-            isSettingsModalVisible={true}
-            setIsSettingsModalVisible={noop} // noop, already in settings
-            isFlyoutMode={isFlyoutMode}
-          />
-        </EuiFormRow>
-
-        <EuiFormRow
-          data-test-subj="connector-field"
-          display="rowCompressed"
-          label={i18n.CONNECTOR_TITLE}
-          helpText={
-            <EuiLink
-              href={`${http.basePath.get()}/app/management/insightsAndAlerting/triggersActionsConnectors/connectors`}
-              target="_blank"
-              external
-            >
-              <FormattedMessage
-                id="xpack.elasticAssistant.assistant.settings.connectorHelpTextTitle"
-                defaultMessage="Kibana Connector to make requests with"
-              />
-            </EuiLink>
-          }
-        >
-          <ConnectorSelector
-            isDisabled={isDisabled}
-            onConnectorSelectionChange={handleOnConnectorSelectionChange}
-            selectedConnectorId={selectedConnector?.id}
-            isFlyoutMode={isFlyoutMode}
-          />
-        </EuiFormRow>
+        <ConversationSettingsEditor
+          allSystemPrompts={allSystemPrompts}
+          conversationSettings={conversationSettings}
+          conversationsSettingsBulkActions={conversationsSettingsBulkActions}
+          http={http}
+          isDisabled={isDisabled}
+          isFlyoutMode={isFlyoutMode}
+          selectedConversation={selectedConversationWithApiConfig}
+          setConversationSettings={setConversationSettings}
+          setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+        />
 
-        {selectedConnector?.isPreconfigured === false &&
-          selectedProvider === OpenAiProviderType.OpenAi && (
-            <EuiFormRow
-              data-test-subj="model-field"
-              display="rowCompressed"
-              label={i18nModel.MODEL_TITLE}
-              helpText={i18nModel.HELP_LABEL}
-            >
-              <ModelSelector
-                onModelSelectionChange={handleOnModelSelectionChange}
-                selectedModel={selectedModel}
-              />
-            </EuiFormRow>
-          )}
         <EuiSpacer size="l" />
         <EuiTitle size={'s'}>
           <h2>{i18n.SETTINGS_ALL_TITLE}</h2>
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx
new file mode 100644
index 0000000000000..a0ddd33b34d05
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx
@@ -0,0 +1,328 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFormRow, EuiLink } from '@elastic/eui';
+import React, { useCallback, useMemo } from 'react';
+
+import { HttpSetup } from '@kbn/core-http-browser';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
+import { noop } from 'lodash/fp';
+import { Conversation, Prompt } from '../../../..';
+import * as i18n from './translations';
+import * as i18nModel from '../../../connectorland/models/model_selector/translations';
+
+import { ConnectorSelector } from '../../../connectorland/connector_selector';
+import { SelectSystemPrompt } from '../../prompt_editor/system_prompt/select_system_prompt';
+import { ModelSelector } from '../../../connectorland/models/model_selector/model_selector';
+import { useLoadConnectors } from '../../../connectorland/use_load_connectors';
+import { getGenAiConfig } from '../../../connectorland/helpers';
+import { ConversationsBulkActions } from '../../api';
+import { getDefaultSystemPrompt } from '../../use_conversation/helpers';
+
+export interface ConversationSettingsEditorProps {
+  allSystemPrompts: Prompt[];
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  http: HttpSetup;
+  isDisabled?: boolean;
+  isFlyoutMode: boolean;
+  selectedConversation?: Conversation;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+}
+
+/**
+ * Settings for adding/removing conversation and configuring default system prompt and connector.
+ */
+export const ConversationSettingsEditor: React.FC<ConversationSettingsEditorProps> = React.memo(
+  ({
+    allSystemPrompts,
+    selectedConversation,
+    conversationSettings,
+    http,
+    isDisabled = false,
+    isFlyoutMode,
+    setConversationSettings,
+    conversationsSettingsBulkActions,
+    setConversationsSettingsBulkActions,
+  }) => {
+    const { data: connectors, isSuccess: areConnectorsFetched } = useLoadConnectors({
+      http,
+    });
+
+    const selectedSystemPrompt = useMemo(() => {
+      return getDefaultSystemPrompt({ allSystemPrompts, conversation: selectedConversation });
+    }, [allSystemPrompts, selectedConversation]);
+    const handleOnSystemPromptSelectionChange = useCallback(
+      (systemPromptId?: string | undefined) => {
+        if (selectedConversation != null && selectedConversation.apiConfig) {
+          const updatedConversation = {
+            ...selectedConversation,
+            apiConfig: {
+              ...selectedConversation.apiConfig,
+              defaultSystemPromptId: systemPromptId,
+            },
+          };
+          setConversationSettings({
+            ...conversationSettings,
+            [updatedConversation.id || updatedConversation.title]: updatedConversation,
+          });
+          if (selectedConversation.id !== '') {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              update: {
+                ...(conversationsSettingsBulkActions.update ?? {}),
+                [updatedConversation.id]: {
+                  ...updatedConversation,
+                  ...(conversationsSettingsBulkActions.update
+                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                    : {}),
+                  apiConfig: {
+                    ...updatedConversation.apiConfig,
+                    ...((conversationsSettingsBulkActions.update
+                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                      : {}
+                    ).apiConfig ?? {}),
+                    defaultSystemPromptId: systemPromptId,
+                  },
+                },
+              },
+            });
+          } else {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              create: {
+                ...(conversationsSettingsBulkActions.create ?? {}),
+                [updatedConversation.title]: updatedConversation,
+              },
+            });
+          }
+        }
+      },
+      [
+        conversationSettings,
+        conversationsSettingsBulkActions,
+        selectedConversation,
+        setConversationSettings,
+        setConversationsSettingsBulkActions,
+      ]
+    );
+
+    const selectedConnector = useMemo(() => {
+      const selectedConnectorId: string | undefined = selectedConversation?.apiConfig?.connectorId;
+      if (areConnectorsFetched) {
+        return connectors?.find((c) => c.id === selectedConnectorId);
+      }
+      return undefined;
+    }, [areConnectorsFetched, connectors, selectedConversation?.apiConfig?.connectorId]);
+
+    const selectedProvider = useMemo(
+      () => selectedConversation?.apiConfig?.provider,
+      [selectedConversation?.apiConfig?.provider]
+    );
+
+    const selectedConversationId = useMemo(
+      () =>
+        selectedConversation?.id === ''
+          ? selectedConversation.title
+          : (selectedConversation?.id as string),
+      [selectedConversation]
+    );
+    const handleOnConnectorSelectionChange = useCallback(
+      (connector) => {
+        if (selectedConversation != null) {
+          const config = getGenAiConfig(connector);
+          const updatedConversation = {
+            ...selectedConversation,
+            apiConfig: {
+              ...selectedConversation.apiConfig,
+              connectorId: connector.id,
+              actionTypeId: connector.actionTypeId,
+              provider: config?.apiProvider,
+              model: config?.defaultModel,
+            },
+          };
+          setConversationSettings({
+            ...conversationSettings,
+            [selectedConversationId]: updatedConversation,
+          });
+          if (selectedConversation.id !== '') {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              update: {
+                ...(conversationsSettingsBulkActions.update ?? {}),
+                [updatedConversation.id || updatedConversation.title]: {
+                  ...updatedConversation,
+                  ...(conversationsSettingsBulkActions.update
+                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                    : {}),
+                  apiConfig: {
+                    ...updatedConversation.apiConfig,
+                    ...((conversationsSettingsBulkActions.update
+                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                      : {}
+                    ).apiConfig ?? {}),
+                    connectorId: connector?.id,
+                    actionTypeId: connector?.actionTypeId,
+                    provider: config?.apiProvider,
+                    model: config?.defaultModel,
+                  },
+                },
+              },
+            });
+          } else {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              create: {
+                ...(conversationsSettingsBulkActions.create ?? {}),
+                [updatedConversation.title || updatedConversation.id]: updatedConversation,
+              },
+            });
+          }
+        }
+      },
+      [
+        conversationSettings,
+        conversationsSettingsBulkActions,
+        selectedConversation,
+        selectedConversationId,
+        setConversationSettings,
+        setConversationsSettingsBulkActions,
+      ]
+    );
+
+    const selectedModel = useMemo(() => {
+      const connectorModel = getGenAiConfig(selectedConnector)?.defaultModel;
+      // Prefer conversation configuration over connector default
+      return selectedConversation?.apiConfig?.model ?? connectorModel;
+    }, [selectedConnector, selectedConversation?.apiConfig?.model]);
+
+    const handleOnModelSelectionChange = useCallback(
+      (model?: string) => {
+        if (selectedConversation != null && selectedConversation.apiConfig) {
+          const updatedConversation = {
+            ...selectedConversation,
+            apiConfig: {
+              ...selectedConversation.apiConfig,
+              model,
+            },
+          };
+          setConversationSettings({
+            ...conversationSettings,
+            [updatedConversation.id || updatedConversation.title]: updatedConversation,
+          });
+          if (selectedConversation.id !== '') {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              update: {
+                ...(conversationsSettingsBulkActions.update ?? {}),
+                [updatedConversation.id]: {
+                  ...updatedConversation,
+                  ...(conversationsSettingsBulkActions.update
+                    ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                    : {}),
+                  apiConfig: {
+                    ...updatedConversation.apiConfig,
+                    ...((conversationsSettingsBulkActions.update
+                      ? conversationsSettingsBulkActions.update[updatedConversation.id] ?? {}
+                      : {}
+                    ).apiConfig ?? {}),
+                    model,
+                  },
+                },
+              },
+            });
+          } else {
+            setConversationsSettingsBulkActions({
+              ...conversationsSettingsBulkActions,
+              create: {
+                ...(conversationsSettingsBulkActions.create ?? {}),
+                [updatedConversation.id || updatedConversation.title]: updatedConversation,
+              },
+            });
+          }
+        }
+      },
+      [
+        conversationSettings,
+        conversationsSettingsBulkActions,
+        selectedConversation,
+        setConversationSettings,
+        setConversationsSettingsBulkActions,
+      ]
+    );
+    return (
+      <>
+        <EuiFormRow
+          data-test-subj="prompt-field"
+          display="rowCompressed"
+          fullWidth
+          label={i18n.SETTINGS_PROMPT_TITLE}
+          helpText={i18n.SETTINGS_PROMPT_HELP_TEXT_TITLE}
+        >
+          <SelectSystemPrompt
+            allSystemPrompts={allSystemPrompts}
+            compressed
+            conversation={selectedConversation}
+            isEditing={true}
+            isDisabled={isDisabled}
+            onSystemPromptSelectionChange={handleOnSystemPromptSelectionChange}
+            selectedPrompt={selectedSystemPrompt}
+            showTitles={true}
+            isSettingsModalVisible={true}
+            setIsSettingsModalVisible={noop} // noop, already in settings
+            isFlyoutMode={isFlyoutMode}
+          />
+        </EuiFormRow>
+
+        <EuiFormRow
+          data-test-subj="connector-field"
+          display="rowCompressed"
+          label={i18n.CONNECTOR_TITLE}
+          helpText={
+            <EuiLink
+              href={`${http.basePath.get()}/app/management/insightsAndAlerting/triggersActionsConnectors/connectors`}
+              target="_blank"
+              external
+            >
+              <FormattedMessage
+                id="xpack.elasticAssistant.assistant.settings.connectorHelpTextTitle"
+                defaultMessage="Kibana Connector to make requests with"
+              />
+            </EuiLink>
+          }
+        >
+          <ConnectorSelector
+            isDisabled={isDisabled}
+            onConnectorSelectionChange={handleOnConnectorSelectionChange}
+            selectedConnectorId={selectedConnector?.id}
+            isFlyoutMode={isFlyoutMode}
+          />
+        </EuiFormRow>
+
+        {selectedConnector?.isPreconfigured === false &&
+          selectedProvider === OpenAiProviderType.OpenAi && (
+            <EuiFormRow
+              data-test-subj="model-field"
+              display="rowCompressed"
+              label={i18nModel.MODEL_TITLE}
+              helpText={i18nModel.HELP_LABEL}
+            >
+              <ModelSelector
+                onModelSelectionChange={handleOnModelSelectionChange}
+                selectedModel={selectedModel}
+              />
+            </EuiFormRow>
+          )}
+      </>
+    );
+  }
+);
+ConversationSettingsEditor.displayName = 'ConversationSettingsEditor';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_streaming_switch.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_streaming_switch.tsx
new file mode 100644
index 0000000000000..3f8fa6fba4ae5
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_streaming_switch.tsx
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFormRow, EuiSwitch, EuiText, useEuiTheme } from '@elastic/eui';
+import { css } from '@emotion/react';
+import React from 'react';
+import { STREAMING_TITLE, STREAMING_HELP_TEXT_TITLE } from './translations';
+
+interface Props {
+  assistantStreamingEnabled: boolean;
+  setAssistantStreamingEnabled: React.Dispatch<React.SetStateAction<boolean>>;
+  compressed?: boolean;
+}
+
+const ConversationStreamingSwitchComponent: React.FC<Props> = ({
+  assistantStreamingEnabled,
+  compressed,
+  setAssistantStreamingEnabled,
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  return (
+    <EuiFormRow
+      fullWidth
+      display="rowCompressed"
+      label={
+        <EuiText
+          size="xs"
+          css={
+            compressed
+              ? undefined
+              : css`
+                  padding: ${euiTheme.size.m} 0;
+                  font-weight: ${euiTheme.font.weight.bold};
+                  line-height: ${euiTheme.size.m};
+                `
+          }
+        >
+          {STREAMING_TITLE}
+        </EuiText>
+      }
+    >
+      <EuiSwitch
+        label={<EuiText size={compressed ? 'xs' : 's'}>{STREAMING_HELP_TEXT_TITLE}</EuiText>}
+        checked={assistantStreamingEnabled}
+        onChange={(e) => setAssistantStreamingEnabled(e.target.checked)}
+        compressed={compressed}
+      />
+    </EuiFormRow>
+  );
+};
+
+export const ConversationStreamingSwitch = React.memo(ConversationStreamingSwitchComponent);
+
+ConversationStreamingSwitch.displayName = 'ConversationStreamingSwitch';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conveersation_changed.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conveersation_changed.test.tsx
new file mode 100644
index 0000000000000..091c691d8e324
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conveersation_changed.test.tsx
@@ -0,0 +1,125 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { renderHook, act } from '@testing-library/react-hooks';
+import { useConversationChanged } from './use_conversation_changed';
+import { customConvo } from '../../../mock/conversation';
+import { mockConnectors } from '../../../mock/connectors';
+import { mockSystemPrompts } from '../../../mock/system_prompt';
+import { getDefaultSystemPrompt } from '../../use_conversation/helpers';
+import { Conversation, ConversationsBulkActions } from '../../../..';
+
+jest.mock('../../use_conversation/helpers', () => ({
+  getDefaultSystemPrompt: jest.fn(),
+}));
+
+const mockAllSystemPrompts = mockSystemPrompts;
+
+const mockDefaultConnector = mockConnectors[0];
+
+const mockConversationSettings = {};
+const mockConversationsSettingsBulkActions: ConversationsBulkActions = {};
+const mockSetConversationSettings = jest.fn();
+const mockSetConversationsSettingsBulkActions = jest.fn();
+const mockOnSelectedConversationChange = jest.fn();
+
+describe('useConversationChanged', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    (getDefaultSystemPrompt as jest.Mock).mockReturnValue(mockAllSystemPrompts[2]);
+  });
+
+  test('should return a function', () => {
+    const { result } = renderHook(() =>
+      useConversationChanged({
+        allSystemPrompts: mockAllSystemPrompts,
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        defaultConnector: mockDefaultConnector,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+        onSelectedConversationChange: mockOnSelectedConversationChange,
+      })
+    );
+
+    expect(typeof result.current).toBe('function');
+  });
+
+  test('should handle new conversation selection', () => {
+    const newConversationTitle = 'New Conversation';
+    const { result } = renderHook(() =>
+      useConversationChanged({
+        allSystemPrompts: mockAllSystemPrompts,
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        defaultConnector: mockDefaultConnector,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+        onSelectedConversationChange: mockOnSelectedConversationChange,
+      })
+    );
+
+    act(() => {
+      result.current(newConversationTitle);
+    });
+
+    const expectedNewConversation: Conversation = {
+      id: '',
+      title: newConversationTitle,
+      category: 'assistant',
+      messages: [],
+      replacements: {},
+      apiConfig: {
+        connectorId: mockDefaultConnector.id,
+        actionTypeId: mockDefaultConnector.actionTypeId,
+        provider: mockDefaultConnector.apiProvider,
+        defaultSystemPromptId: mockAllSystemPrompts[2].id,
+      },
+    };
+
+    expect(mockSetConversationSettings).toHaveBeenCalledWith({
+      ...mockConversationSettings,
+      [newConversationTitle]: expectedNewConversation,
+    });
+    expect(mockSetConversationsSettingsBulkActions).toHaveBeenCalledWith({
+      ...mockConversationsSettingsBulkActions,
+      create: {
+        ...(mockConversationsSettingsBulkActions.create ?? {}),
+        [newConversationTitle]: expectedNewConversation,
+      },
+    });
+    expect(mockOnSelectedConversationChange).toHaveBeenCalledWith({
+      ...expectedNewConversation,
+      id: expectedNewConversation.title,
+    });
+  });
+
+  test('should handle existing conversation selection', () => {
+    const existingConversation = { ...customConvo, id: 'mock-id' };
+
+    const { result } = renderHook(() =>
+      useConversationChanged({
+        allSystemPrompts: mockAllSystemPrompts,
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        defaultConnector: mockDefaultConnector,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+        onSelectedConversationChange: mockOnSelectedConversationChange,
+      })
+    );
+
+    act(() => {
+      result.current(existingConversation);
+    });
+
+    expect(mockSetConversationSettings.mock.calls[0][0](mockConversationSettings)).toEqual({
+      ...mockConversationSettings,
+      [existingConversation.id]: existingConversation,
+    });
+    expect(mockOnSelectedConversationChange).toHaveBeenCalledWith(existingConversation);
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_changed.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_changed.tsx
new file mode 100644
index 0000000000000..670832ac83798
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_changed.tsx
@@ -0,0 +1,104 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback, useMemo } from 'react';
+import { Conversation, Prompt } from '../../../..';
+import { getDefaultSystemPrompt } from '../../use_conversation/helpers';
+import { ConversationsBulkActions } from '../../api';
+import { AIConnector } from '../../../connectorland/connector_selector';
+
+interface Props {
+  allSystemPrompts: Prompt[];
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  defaultConnector?: AIConnector;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+  onSelectedConversationChange: (conversation?: Conversation) => void;
+}
+
+type OnConversationSelectionChange = (c?: string | Conversation) => void;
+
+export const useConversationChanged = ({
+  allSystemPrompts,
+  conversationSettings,
+  conversationsSettingsBulkActions,
+  defaultConnector,
+  setConversationSettings,
+  setConversationsSettingsBulkActions,
+  onSelectedConversationChange,
+}: Props) => {
+  const defaultSystemPrompt = useMemo(() => {
+    return getDefaultSystemPrompt({ allSystemPrompts, conversation: undefined });
+  }, [allSystemPrompts]);
+
+  // Conversation callbacks
+  // When top level conversation selection changes
+  const onConversationSelectionChange: OnConversationSelectionChange = useCallback(
+    (c = '') => {
+      const isNew = typeof c === 'string';
+      const newSelectedConversation: Conversation | undefined = isNew
+        ? {
+            id: '',
+            title: c ?? '',
+            category: 'assistant',
+            messages: [],
+            replacements: {},
+            ...(defaultConnector
+              ? {
+                  apiConfig: {
+                    connectorId: defaultConnector.id,
+                    actionTypeId: defaultConnector.actionTypeId,
+                    provider: defaultConnector.apiProvider,
+                    defaultSystemPromptId: defaultSystemPrompt?.id,
+                  },
+                }
+              : {}),
+          }
+        : c;
+
+      if (newSelectedConversation && (isNew || newSelectedConversation.id === '')) {
+        setConversationSettings({
+          ...conversationSettings,
+          [isNew ? c : newSelectedConversation.title]: newSelectedConversation,
+        });
+        setConversationsSettingsBulkActions({
+          ...conversationsSettingsBulkActions,
+          create: {
+            ...(conversationsSettingsBulkActions.create ?? {}),
+            [newSelectedConversation.title]: newSelectedConversation,
+          },
+        });
+      } else if (newSelectedConversation != null) {
+        setConversationSettings((prev) => {
+          return {
+            ...prev,
+            [newSelectedConversation.id]: newSelectedConversation,
+          };
+        });
+      }
+
+      onSelectedConversationChange({
+        ...newSelectedConversation,
+        id: newSelectedConversation.id || newSelectedConversation.title,
+      });
+    },
+    [
+      conversationSettings,
+      conversationsSettingsBulkActions,
+      defaultConnector,
+      defaultSystemPrompt?.id,
+      onSelectedConversationChange,
+      setConversationSettings,
+      setConversationsSettingsBulkActions,
+    ]
+  );
+
+  return onConversationSelectionChange;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deleted.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deleted.tsx
new file mode 100644
index 0000000000000..c8e5fcfbab01e
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deleted.tsx
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { Conversation, ConversationsBulkActions } from '../../../..';
+
+interface Props {
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+}
+
+export const useConversationDeleted = ({
+  conversationSettings,
+  conversationsSettingsBulkActions,
+  setConversationSettings,
+  setConversationsSettingsBulkActions,
+}: Props) => {
+  const onConversationDeleted = useCallback(
+    (conversationTitle: string) => {
+      const conversationId = Object.values(conversationSettings).find(
+        (c) => c.title === conversationTitle
+      )?.id;
+      // If matching conversation is not found, do nothing
+      if (!conversationId) {
+        return;
+      }
+
+      const updatedConversationSettings = { ...conversationSettings };
+      delete updatedConversationSettings[conversationId];
+
+      setConversationSettings(updatedConversationSettings);
+      setConversationsSettingsBulkActions({
+        ...conversationsSettingsBulkActions,
+        delete: {
+          ids: [...(conversationsSettingsBulkActions.delete?.ids ?? []), conversationId],
+        },
+      });
+    },
+    [
+      conversationSettings,
+      conversationsSettingsBulkActions,
+      setConversationSettings,
+      setConversationsSettingsBulkActions,
+    ]
+  );
+
+  return onConversationDeleted;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deletex.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deletex.test.tsx
new file mode 100644
index 0000000000000..f96de69b8ae7c
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/use_conversation_deletex.test.tsx
@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { renderHook, act } from '@testing-library/react-hooks';
+import { useConversationDeleted } from './use_conversation_deleted';
+import { customConvo, alertConvo, welcomeConvo } from '../../../mock/conversation';
+import { Conversation, ConversationsBulkActions } from '../../../..';
+
+const customConveId = '1';
+const alertConvoId = '2';
+const welcomeConvoId = '3';
+const mockConversationSettings: Record<string, Conversation> = {
+  [customConveId]: { ...customConvo, id: customConveId },
+  [alertConvoId]: { ...alertConvo, id: alertConvoId },
+  [welcomeConvoId]: { ...welcomeConvo, id: welcomeConvoId },
+};
+
+const mockConversationsSettingsBulkActions: ConversationsBulkActions = {
+  create: {},
+  update: {},
+  delete: { ids: [] },
+};
+
+const mockSetConversationSettings = jest.fn();
+const mockSetConversationsSettingsBulkActions = jest.fn();
+
+describe('useConversationDeleted', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should return a function', () => {
+    const { result } = renderHook(() =>
+      useConversationDeleted({
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+      })
+    );
+
+    expect(typeof result.current).toBe('function');
+  });
+
+  test('should handle conversation deletion', () => {
+    const conversationTitleToDelete = customConvo.title;
+    const { result } = renderHook(() =>
+      useConversationDeleted({
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+      })
+    );
+
+    act(() => {
+      result.current(conversationTitleToDelete);
+    });
+
+    const expectedConversationSettings = { ...mockConversationSettings };
+    delete expectedConversationSettings[customConveId];
+    expect(mockSetConversationSettings).toHaveBeenCalledWith(expectedConversationSettings);
+
+    expect(mockSetConversationsSettingsBulkActions).toHaveBeenCalledWith({
+      ...mockConversationsSettingsBulkActions,
+      delete: {
+        ids: [customConveId],
+      },
+    });
+  });
+
+  test('should do nothing when no matching conversation title exists', () => {
+    const conversationTitleToDelete = 'Non-existent Conversation';
+    const { result } = renderHook(() =>
+      useConversationDeleted({
+        conversationSettings: mockConversationSettings,
+        conversationsSettingsBulkActions: mockConversationsSettingsBulkActions,
+        setConversationSettings: mockSetConversationSettings,
+        setConversationsSettingsBulkActions: mockSetConversationsSettingsBulkActions,
+      })
+    );
+
+    act(() => {
+      result.current(conversationTitleToDelete);
+    });
+
+    expect(mockSetConversationSettings).not.toHaveBeenCalled();
+
+    expect(mockSetConversationsSettingsBulkActions).not.toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/index.tsx
new file mode 100644
index 0000000000000..c4b2f834ecec5
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/index.tsx
@@ -0,0 +1,252 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiPanel, EuiSpacer, EuiConfirmModal, EuiInMemoryTable } from '@elastic/eui';
+import React, { useCallback, useMemo, useState } from 'react';
+
+import { Conversation } from '../../../assistant_context/types';
+import { ConversationTableItem, useConversationsTable } from './use_conversations_table';
+import { ConversationStreamingSwitch } from '../conversation_settings/conversation_streaming_switch';
+import { AIConnector } from '../../../connectorland/connector_selector';
+import * as i18n from './translations';
+
+import { Prompt } from '../../types';
+import { ConversationsBulkActions } from '../../api';
+import { useAssistantContext } from '../../../assistant_context';
+import { useConversationDeleted } from '../conversation_settings/use_conversation_deleted';
+import { useFlyoutModalVisibility } from '../../common/components/assistant_settings_management/flyout/use_flyout_modal_visibility';
+import { Flyout } from '../../common/components/assistant_settings_management/flyout';
+import { CANCEL, DELETE } from '../../settings/translations';
+import { ConversationSettingsEditor } from '../conversation_settings/conversation_settings_editor';
+import { useConversationChanged } from '../conversation_settings/use_conversation_changed';
+import { CONVERSATION_TABLE_SESSION_STORAGE_KEY } from '../../../assistant_context/constants';
+import { useSessionPagination } from '../../common/components/assistant_settings_management/pagination/use_session_pagination';
+import { DEFAULT_PAGE_SIZE } from '../../settings/const';
+interface Props {
+  allSystemPrompts: Prompt[];
+  assistantStreamingEnabled: boolean;
+  connectors: AIConnector[] | undefined;
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  conversationsLoaded: boolean;
+  defaultConnector?: AIConnector;
+  handleSave: (shouldRefetchConversation?: boolean) => void;
+  isDisabled?: boolean;
+  isFlyoutMode: boolean;
+  onCancelClick: () => void;
+  setAssistantStreamingEnabled: React.Dispatch<React.SetStateAction<boolean>>;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+  selectedConversation: Conversation | undefined;
+  onSelectedConversationChange: (conversation?: Conversation) => void;
+}
+
+export const DEFAULT_TABLE_OPTIONS = {
+  page: { size: DEFAULT_PAGE_SIZE, index: 0 },
+  sort: { field: 'createdAt', direction: 'desc' as const },
+};
+
+const ConversationSettingsManagementComponent: React.FC<Props> = ({
+  allSystemPrompts,
+  assistantStreamingEnabled,
+  connectors,
+  defaultConnector,
+  conversationSettings,
+  conversationsSettingsBulkActions,
+  conversationsLoaded,
+  handleSave,
+  isDisabled,
+  isFlyoutMode,
+  onSelectedConversationChange,
+  onCancelClick,
+  selectedConversation,
+  setAssistantStreamingEnabled,
+  setConversationSettings,
+  setConversationsSettingsBulkActions,
+}) => {
+  const { http, nameSpace, actionTypeRegistry } = useAssistantContext();
+
+  const {
+    isFlyoutOpen: editFlyoutVisible,
+    openFlyout: openEditFlyout,
+    closeFlyout: closeEditFlyout,
+  } = useFlyoutModalVisibility();
+  const [deletedConversation, setDeletedConversation] = useState<ConversationTableItem | null>();
+
+  const {
+    isFlyoutOpen: deleteConfirmModalVisibility,
+    openFlyout: openConfirmModal,
+    closeFlyout: closeConfirmModal,
+  } = useFlyoutModalVisibility();
+
+  const onConversationSelectionChange = useConversationChanged({
+    allSystemPrompts,
+    conversationSettings,
+    conversationsSettingsBulkActions,
+    defaultConnector,
+    setConversationSettings,
+    setConversationsSettingsBulkActions,
+    onSelectedConversationChange,
+  });
+
+  const onEditActionClicked = useCallback(
+    (rowItem: ConversationTableItem) => {
+      openEditFlyout();
+      onConversationSelectionChange(rowItem);
+    },
+    [onConversationSelectionChange, openEditFlyout]
+  );
+
+  const onConversationDeleted = useConversationDeleted({
+    conversationSettings,
+    conversationsSettingsBulkActions,
+    setConversationSettings,
+    setConversationsSettingsBulkActions,
+  });
+
+  const onDeleteActionClicked = useCallback(
+    (rowItem: ConversationTableItem) => {
+      setDeletedConversation(rowItem);
+      onConversationDeleted(rowItem.title);
+
+      closeEditFlyout();
+      openConfirmModal();
+    },
+    [closeEditFlyout, onConversationDeleted, openConfirmModal]
+  );
+
+  const onDeleteConfirmed = useCallback(() => {
+    if (Object.keys(conversationsSettingsBulkActions).length === 0) {
+      return;
+    }
+    closeConfirmModal();
+    handleSave(true);
+    setConversationsSettingsBulkActions({});
+  }, [
+    closeConfirmModal,
+    conversationsSettingsBulkActions,
+    handleSave,
+    setConversationsSettingsBulkActions,
+  ]);
+
+  const onDeleteCancelled = useCallback(() => {
+    setDeletedConversation(null);
+    closeConfirmModal();
+    onCancelClick();
+  }, [closeConfirmModal, onCancelClick]);
+
+  const { getConversationsList, getColumns } = useConversationsTable();
+
+  const { onTableChange, pagination, sorting } = useSessionPagination({
+    nameSpace,
+    storageKey: CONVERSATION_TABLE_SESSION_STORAGE_KEY,
+    defaultTableOptions: DEFAULT_TABLE_OPTIONS,
+  });
+
+  const conversationOptions = getConversationsList({
+    allSystemPrompts,
+    actionTypeRegistry,
+    connectors,
+    conversations: conversationSettings,
+    defaultConnector,
+  });
+
+  const onSaveCancelled = useCallback(() => {
+    closeEditFlyout();
+    onCancelClick();
+  }, [closeEditFlyout, onCancelClick]);
+
+  const onSaveConfirmed = useCallback(() => {
+    closeEditFlyout();
+    handleSave(true);
+    setConversationsSettingsBulkActions({});
+  }, [closeEditFlyout, handleSave, setConversationsSettingsBulkActions]);
+
+  const columns = useMemo(
+    () =>
+      getColumns({
+        conversations: conversationSettings,
+        onDeleteActionClicked,
+        onEditActionClicked,
+      }),
+    [conversationSettings, getColumns, onDeleteActionClicked, onEditActionClicked]
+  );
+
+  const confirmationTitle = useMemo(
+    () =>
+      deletedConversation?.title
+        ? i18n.DELETE_CONVERSATION_CONFIRMATION_TITLE(deletedConversation?.title)
+        : i18n.DELETE_CONVERSATION_CONFIRMATION_DEFAULT_TITLE,
+    [deletedConversation?.title]
+  );
+
+  if (!conversationsLoaded) {
+    return null;
+  }
+
+  return (
+    <>
+      <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+        <ConversationStreamingSwitch
+          assistantStreamingEnabled={assistantStreamingEnabled}
+          setAssistantStreamingEnabled={setAssistantStreamingEnabled}
+          compressed={false}
+        />
+        <EuiSpacer size="m" />
+        <EuiInMemoryTable
+          items={conversationOptions}
+          columns={columns}
+          pagination={pagination}
+          sorting={sorting}
+          onTableChange={onTableChange}
+        />
+      </EuiPanel>
+      {editFlyoutVisible && (
+        <Flyout
+          flyoutVisible={editFlyoutVisible}
+          onClose={onSaveCancelled}
+          onSaveConfirmed={onSaveConfirmed}
+          onSaveCancelled={onSaveCancelled}
+          title={selectedConversation?.title ?? i18n.CONVERSATIONS_FLYOUT_DEFAULT_TITLE}
+        >
+          <ConversationSettingsEditor
+            allSystemPrompts={allSystemPrompts}
+            conversationSettings={conversationSettings}
+            conversationsSettingsBulkActions={conversationsSettingsBulkActions}
+            http={http}
+            isDisabled={isDisabled}
+            isFlyoutMode={isFlyoutMode}
+            selectedConversation={selectedConversation}
+            setConversationSettings={setConversationSettings}
+            setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+          />
+        </Flyout>
+      )}
+      {deleteConfirmModalVisibility && deletedConversation?.title && (
+        <EuiConfirmModal
+          aria-labelledby={confirmationTitle}
+          title={confirmationTitle}
+          titleProps={{ id: deletedConversation?.id ?? undefined }}
+          onCancel={onDeleteCancelled}
+          onConfirm={onDeleteConfirmed}
+          cancelButtonText={CANCEL}
+          confirmButtonText={DELETE}
+          buttonColor="danger"
+          defaultFocusedButton="confirm"
+        >
+          <p />
+        </EuiConfirmModal>
+      )}
+    </>
+  );
+};
+
+export const ConversationSettingsManagement = React.memo(ConversationSettingsManagementComponent);
+
+ConversationSettingsManagement.displayName = 'ConversationSettingsManagement';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/translations.ts
new file mode 100644
index 0000000000000..5761ba8e6e99f
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/translations.ts
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const CONVERSATIONS_TABLE_COLUMN_NAME = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.column.name',
+  {
+    defaultMessage: 'Name',
+  }
+);
+
+export const CONVERSATIONS_TABLE_COLUMN_SYSTEM_PROMPT = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.column.systemPrompt',
+  {
+    defaultMessage: 'System prompt',
+  }
+);
+
+export const CONVERSATIONS_TABLE_COLUMN_CONNECTOR = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.column.connector',
+  {
+    defaultMessage: 'Connector',
+  }
+);
+
+export const CONVERSATIONS_TABLE_COLUMN_UPDATED_AT = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.column.updatedAt',
+  {
+    defaultMessage: 'Date updated',
+  }
+);
+
+export const CONVERSATIONS_TABLE_COLUMN_ACTIONS = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.column.actions',
+  {
+    defaultMessage: 'Actions',
+  }
+);
+
+export const CONVERSATIONS_FLYOUT_DEFAULT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.flyout.defaultTitle',
+  {
+    defaultMessage: 'Conversation',
+  }
+);
+
+export const DELETE_CONVERSATION_CONFIRMATION_DEFAULT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.conversationSettings.deleteConfirmation.defaultTitle',
+  {
+    defaultMessage: 'Delete conversation?',
+  }
+);
+
+export const DELETE_CONVERSATION_CONFIRMATION_TITLE = (conversationTitle: string) =>
+  i18n.translate('xpack.elasticAssistant.assistant.conversationSettings.deleteConfirmation.Title', {
+    values: { conversationTitle },
+    defaultMessage: 'Delete "{conversationTitle}"?',
+  });
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.test.tsx
new file mode 100644
index 0000000000000..465ffa792fb0b
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.test.tsx
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { renderHook } from '@testing-library/react-hooks';
+import {
+  useConversationsTable,
+  GetConversationsListParams,
+  ConversationTableItem,
+} from './use_conversations_table';
+import { alertConvo, welcomeConvo, customConvo } from '../../../mock/conversation';
+import { mockActionTypes, mockConnectors } from '../../../mock/connectors';
+import { mockSystemPrompts } from '../../../mock/system_prompt';
+import { ActionTypeRegistryContract } from '@kbn/triggers-actions-ui-plugin/public';
+import * as i18n from './translations';
+import { EuiTableFieldDataColumnType } from '@elastic/eui';
+
+const mockActionTypeRegistry: ActionTypeRegistryContract = {
+  has: jest
+    .fn()
+    .mockImplementation((id: string) =>
+      mockActionTypes.some((actionType: { id: string }) => actionType.id === id)
+    ),
+  get: jest
+    .fn()
+    .mockImplementation((id: string) =>
+      mockActionTypes.find((actionType: { id: string }) => actionType.id === id)
+    ),
+  list: jest.fn().mockReturnValue(mockActionTypes),
+  register: jest.fn(),
+};
+
+describe('useConversationsTable', () => {
+  it('should return columns', () => {
+    const { result } = renderHook(() => useConversationsTable());
+    const columns = result.current.getColumns({
+      onDeleteActionClicked: jest.fn(),
+      onEditActionClicked: jest.fn(),
+    });
+
+    expect(columns).toHaveLength(5);
+
+    expect(columns[0].name).toBe(i18n.CONVERSATIONS_TABLE_COLUMN_NAME);
+    expect((columns[1] as EuiTableFieldDataColumnType<ConversationTableItem>).field).toBe(
+      'systemPromptTitle'
+    );
+    expect((columns[2] as EuiTableFieldDataColumnType<ConversationTableItem>).field).toBe(
+      'connectorTypeTitle'
+    );
+    expect((columns[3] as EuiTableFieldDataColumnType<ConversationTableItem>).field).toBe(
+      'updatedAt'
+    );
+    expect(columns[4].name).toBe(i18n.CONVERSATIONS_TABLE_COLUMN_ACTIONS);
+  });
+
+  it('should return a list of conversations', () => {
+    const alertConvoId = 'alert-convo-id';
+    const welcomeConvoId = 'welcome-convo-id';
+    const customConvoId = 'custom-convo-id';
+    const params: GetConversationsListParams = {
+      allSystemPrompts: mockSystemPrompts,
+      actionTypeRegistry: mockActionTypeRegistry,
+      connectors: mockConnectors,
+      conversations: {
+        [alertConvoId]: { ...alertConvo, id: alertConvoId },
+        [welcomeConvoId]: { ...welcomeConvo, id: welcomeConvoId },
+        [customConvoId]: { ...customConvo, id: customConvoId },
+      },
+      defaultConnector: mockConnectors[0],
+    };
+
+    const { result } = renderHook(() => useConversationsTable());
+    const conversationsList: ConversationTableItem[] = result.current.getConversationsList(params);
+
+    expect(conversationsList).toHaveLength(3);
+
+    expect(conversationsList[0].title).toBe(alertConvo.title);
+    expect(conversationsList[0].connectorTypeTitle).toBe('OpenAI');
+    expect(conversationsList[0].systemPromptTitle).toBe('Mock system prompt');
+
+    expect(conversationsList[1].title).toBe(welcomeConvo.title);
+    expect(conversationsList[1].connectorTypeTitle).toBe('OpenAI');
+    expect(conversationsList[1].systemPromptTitle).toBe('Mock system prompt');
+
+    expect(conversationsList[2].title).toBe(customConvo.title);
+    expect(conversationsList[2].connectorTypeTitle).toBe('OpenAI');
+    expect(conversationsList[2].systemPromptTitle).toBe('Mock system prompt');
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.tsx
new file mode 100644
index 0000000000000..fb705db6bb33c
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings_management/use_conversations_table.tsx
@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback } from 'react';
+
+import { ActionTypeRegistryContract } from '@kbn/triggers-actions-ui-plugin/public';
+import { EuiBadge, EuiBasicTableColumn, EuiLink } from '@elastic/eui';
+
+import { FormattedDate } from '@kbn/i18n-react';
+import { Conversation } from '../../../assistant_context/types';
+import { AIConnector } from '../../../connectorland/connector_selector';
+import { getConnectorTypeTitle } from '../../../connectorland/helpers';
+import { Prompt } from '../../../..';
+import {
+  getConversationApiConfig,
+  getInitialDefaultSystemPrompt,
+} from '../../use_conversation/helpers';
+import * as i18n from './translations';
+import { RowActions } from '../../common/components/assistant_settings_management/row_actions';
+
+const emptyConversations = {};
+
+export interface GetConversationsListParams {
+  allSystemPrompts: Prompt[];
+  actionTypeRegistry: ActionTypeRegistryContract;
+  connectors: AIConnector[] | undefined;
+  conversations: Record<string, Conversation>;
+  defaultConnector?: AIConnector;
+}
+
+export type ConversationTableItem = Conversation & {
+  connectorTypeTitle?: string | null;
+  systemPromptTitle?: string | null;
+};
+
+export const useConversationsTable = () => {
+  const getColumns = useCallback(
+    ({
+      onDeleteActionClicked,
+      onEditActionClicked,
+    }): Array<EuiBasicTableColumn<ConversationTableItem>> => {
+      return [
+        {
+          name: i18n.CONVERSATIONS_TABLE_COLUMN_NAME,
+          render: (conversation: ConversationTableItem) => (
+            <EuiLink onClick={() => onEditActionClicked(conversation)}>
+              {conversation.title}
+            </EuiLink>
+          ),
+          sortable: ({ title }: ConversationTableItem) => title,
+        },
+        {
+          field: 'systemPromptTitle',
+          name: i18n.CONVERSATIONS_TABLE_COLUMN_SYSTEM_PROMPT,
+          align: 'left',
+          render: (systemPromptTitle: ConversationTableItem['systemPromptTitle']) =>
+            systemPromptTitle ? <EuiBadge color="hollow">{systemPromptTitle}</EuiBadge> : null,
+          sortable: true,
+        },
+        {
+          field: 'connectorTypeTitle',
+          name: i18n.CONVERSATIONS_TABLE_COLUMN_CONNECTOR,
+          align: 'left',
+          render: (connectorTypeTitle: ConversationTableItem['connectorTypeTitle']) =>
+            connectorTypeTitle ? <EuiBadge color="hollow">{connectorTypeTitle}</EuiBadge> : null,
+          sortable: true,
+        },
+        {
+          field: 'updatedAt',
+          name: i18n.CONVERSATIONS_TABLE_COLUMN_UPDATED_AT,
+          align: 'center',
+          render: (updatedAt: ConversationTableItem['updatedAt']) =>
+            updatedAt ? (
+              <EuiBadge color="hollow">
+                <FormattedDate
+                  value={new Date(updatedAt)}
+                  year="numeric"
+                  month="2-digit"
+                  day="numeric"
+                />
+              </EuiBadge>
+            ) : null,
+          sortable: true,
+        },
+        {
+          name: i18n.CONVERSATIONS_TABLE_COLUMN_ACTIONS,
+          width: '120px',
+          align: 'center',
+          render: (conversation: ConversationTableItem) => {
+            const isDeletable = !conversation.isDefault;
+            return (
+              <RowActions<ConversationTableItem>
+                rowItem={conversation}
+                onDelete={isDeletable ? onDeleteActionClicked : undefined}
+                onEdit={onEditActionClicked}
+                isDeletable={isDeletable}
+              />
+            );
+          },
+        },
+      ];
+    },
+    []
+  );
+  const getConversationsList = useCallback(
+    ({
+      allSystemPrompts,
+      actionTypeRegistry,
+      connectors,
+      conversations = emptyConversations,
+      defaultConnector,
+    }: GetConversationsListParams): ConversationTableItem[] =>
+      Object.values(conversations).map((conversation) => {
+        const conversationApiConfig = getConversationApiConfig({
+          allSystemPrompts,
+          connectors,
+          conversation,
+          defaultConnector,
+        });
+        const connector: AIConnector | undefined = connectors?.find(
+          (c) => c.id === conversationApiConfig.apiConfig?.connectorId
+        );
+        const connectorTypeTitle = getConnectorTypeTitle(connector, actionTypeRegistry);
+
+        const systemPrompt: Prompt | undefined = allSystemPrompts.find(
+          ({ id }) => id === conversation.apiConfig?.defaultSystemPromptId
+        );
+        const defaultSystemPrompt = getInitialDefaultSystemPrompt({
+          allSystemPrompts,
+          conversation,
+        });
+
+        const systemPromptTitle =
+          systemPrompt?.label ||
+          systemPrompt?.name ||
+          defaultSystemPrompt?.label ||
+          defaultSystemPrompt?.name;
+
+        return {
+          ...conversation,
+          connectorTypeTitle,
+          systemPromptTitle,
+          ...conversationApiConfig,
+        };
+      }),
+    []
+  );
+
+  return {
+    getColumns,
+    getConversationsList,
+  };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/index.tsx
index dd96b4883c969..830c5d2b7080a 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/index.tsx
@@ -947,6 +947,7 @@ const AssistantComponent: React.FC<Props> = ({
                     setChatHistoryVisible={setChatHistoryVisible}
                     onConversationSelected={handleOnConversationSelected}
                     conversations={conversations}
+                    conversationsLoaded={conversationsLoaded}
                     refetchConversationsState={refetchConversationsState}
                     onConversationCreate={handleCreateConversation}
                     isAssistantEnabled={isAssistantEnabled}
@@ -1115,6 +1116,7 @@ const AssistantComponent: React.FC<Props> = ({
             showAnonymizedValues={showAnonymizedValues}
             title={title}
             conversations={conversations}
+            conversationsLoaded={conversationsLoaded}
             onConversationDeleted={handleOnConversationDeleted}
             refetchConversationsState={refetchConversationsState}
           />
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/select_system_prompt/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/select_system_prompt/index.tsx
index a2b8d0e1c4b7b..2cbbdf68b307c 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/select_system_prompt/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/select_system_prompt/index.tsx
@@ -24,9 +24,9 @@ import * as i18n from '../translations';
 import type { Prompt } from '../../../types';
 import { useAssistantContext } from '../../../../assistant_context';
 import { useConversation } from '../../../use_conversation';
-import { SYSTEM_PROMPTS_TAB } from '../../../settings/assistant_settings';
 import { TEST_IDS } from '../../../constants';
 import { PROMPT_CONTEXT_SELECTOR_PREFIX } from '../../../quick_prompts/prompt_context_selector/translations';
+import { SYSTEM_PROMPTS_TAB } from '../../../settings/const';
 
 export interface Props {
   allSystemPrompts: Prompt[];
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_editor.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_editor.tsx
new file mode 100644
index 0000000000000..3fd7dfeb00e73
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_editor.tsx
@@ -0,0 +1,333 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import {
+  EuiFormRow,
+  EuiTextArea,
+  EuiCheckbox,
+  EuiIcon,
+  EuiFlexGroup,
+  EuiFlexItem,
+} from '@elastic/eui';
+
+import { keyBy } from 'lodash/fp';
+
+import { css } from '@emotion/react';
+import { ApiConfig } from '@kbn/elastic-assistant-common';
+import { AIConnector } from '../../../../connectorland/connector_selector';
+import { Conversation, Prompt } from '../../../../..';
+import * as i18n from './translations';
+import { ConversationMultiSelector } from './conversation_multi_selector/conversation_multi_selector';
+import { SystemPromptSelector } from './system_prompt_selector/system_prompt_selector';
+import { TEST_IDS } from '../../../constants';
+import { ConversationsBulkActions } from '../../../api';
+import { getSelectedConversations } from '../system_prompt_settings_management/utils';
+import { useSystemPromptEditor } from './use_system_prompt_editor';
+import { getConversationApiConfig } from '../../../use_conversation/helpers';
+
+interface Props {
+  connectors: AIConnector[] | undefined;
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  onSelectedSystemPromptChange: (systemPrompt?: Prompt) => void;
+  selectedSystemPrompt: Prompt | undefined;
+  setUpdatedSystemPromptSettings: React.Dispatch<React.SetStateAction<Prompt[]>>;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  systemPromptSettings: Prompt[];
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+  defaultConnector?: AIConnector;
+  resetSettings?: () => void;
+}
+
+/**
+ * Settings for adding/removing system prompts. Configure name, prompt and default conversations.
+ */
+export const SystemPromptEditorComponent: React.FC<Props> = ({
+  connectors,
+  conversationSettings,
+  onSelectedSystemPromptChange,
+  selectedSystemPrompt,
+  setUpdatedSystemPromptSettings,
+  setConversationSettings,
+  systemPromptSettings,
+  conversationsSettingsBulkActions,
+  setConversationsSettingsBulkActions,
+  defaultConnector,
+  resetSettings,
+}) => {
+  // Prompt
+  const promptContent = useMemo(
+    // Fixing Cursor Jump in text area
+    () => systemPromptSettings.find((sp) => sp.id === selectedSystemPrompt?.id)?.content ?? '',
+    [selectedSystemPrompt?.id, systemPromptSettings]
+  );
+
+  const handlePromptContentChange = useCallback(
+    (e: React.ChangeEvent<HTMLTextAreaElement>) => {
+      if (selectedSystemPrompt != null) {
+        setUpdatedSystemPromptSettings((prev): Prompt[] => {
+          const alreadyExists = prev.some((sp) => sp.id === selectedSystemPrompt.id);
+
+          if (alreadyExists) {
+            return prev.map((sp): Prompt => {
+              if (sp.id === selectedSystemPrompt.id) {
+                return {
+                  ...sp,
+                  content: e.target.value,
+                };
+              }
+              return sp;
+            });
+          }
+
+          return prev;
+        });
+      }
+    },
+    [selectedSystemPrompt, setUpdatedSystemPromptSettings]
+  );
+
+  const conversationsWithApiConfig = Object.entries(conversationSettings).reduce<
+    Record<string, Conversation>
+  >((acc, [key, conversation]) => {
+    acc[key] = {
+      ...conversation,
+      ...getConversationApiConfig({
+        allSystemPrompts: systemPromptSettings,
+        connectors,
+        conversation,
+        defaultConnector,
+      }),
+    };
+    return acc;
+  }, {});
+  // Conversations this system prompt should be a default for
+  const conversationOptions = useMemo(
+    () => Object.values(conversationsWithApiConfig),
+    [conversationsWithApiConfig]
+  );
+
+  const selectedConversations = useMemo(() => {
+    return selectedSystemPrompt != null
+      ? getSelectedConversations(
+          systemPromptSettings,
+          conversationsWithApiConfig,
+          selectedSystemPrompt.id
+        )
+      : [];
+  }, [conversationsWithApiConfig, selectedSystemPrompt, systemPromptSettings]);
+
+  const handleConversationSelectionChange = useCallback(
+    (currentPromptConversations: Conversation[]) => {
+      const currentPromptConversationTitles = currentPromptConversations.map(
+        (convo) => convo.title
+      );
+
+      const getDefaultSystemPromptId = (convo: Conversation) =>
+        currentPromptConversationTitles.includes(convo.title)
+          ? selectedSystemPrompt?.id
+          : convo.apiConfig && convo.apiConfig.defaultSystemPromptId === selectedSystemPrompt?.id
+          ? // remove the default System Prompt if it is assigned to a conversation
+            // but that conversation is not in the currentPromptConversationList
+            // This means conversation was removed in the current transaction
+            systemPromptSettings?.[0].id
+          : //  leave it as it is .. if that conversation was neither added nor removed.
+            convo.apiConfig?.defaultSystemPromptId;
+
+      if (selectedSystemPrompt != null) {
+        setConversationSettings((prev) =>
+          keyBy(
+            'title',
+            /*
+             * updatedConversationWithPrompts calculates the present of prompt for
+             * each conversation. Based on the values of selected conversation, it goes
+             * through each conversation adds/removed the selected prompt on each conversation.
+             *
+             * */
+            Object.values(prev).map((convo) => ({
+              ...convo,
+              ...(convo.apiConfig
+                ? {
+                    apiConfig: {
+                      ...convo.apiConfig,
+                      defaultSystemPromptId: getDefaultSystemPromptId(convo),
+                    },
+                  }
+                : {
+                    apiConfig: {
+                      defaultSystemPromptId: getDefaultSystemPromptId(convo),
+                      connectorId: defaultConnector?.id ?? '',
+                      actionTypeId: defaultConnector?.actionTypeId ?? '',
+                    },
+                  }),
+            }))
+          )
+        );
+
+        let updatedConversationsSettingsBulkActions = { ...conversationsSettingsBulkActions };
+        Object.values(conversationsWithApiConfig).forEach((convo) => {
+          const getApiConfigWithSelectedPrompt = (): ApiConfig | {} => {
+            if (convo.apiConfig) {
+              return {
+                apiConfig: {
+                  ...getConversationApiConfig({
+                    allSystemPrompts: systemPromptSettings,
+                    connectors,
+                    conversation: convo,
+                    defaultConnector,
+                  }).apiConfig,
+                  defaultSystemPromptId: getDefaultSystemPromptId(convo),
+                },
+              };
+            }
+
+            return {};
+          };
+          const createOperation =
+            convo.id === ''
+              ? {
+                  create: {
+                    ...(updatedConversationsSettingsBulkActions.create ?? {}),
+                    [convo.title]: {
+                      ...convo,
+                      ...(convo.apiConfig ? getApiConfigWithSelectedPrompt() : {}),
+                    },
+                  },
+                }
+              : {};
+          const updateOperation =
+            convo.id !== ''
+              ? {
+                  update: {
+                    ...(updatedConversationsSettingsBulkActions.update ?? {}),
+                    [convo.id]: {
+                      ...(updatedConversationsSettingsBulkActions.update
+                        ? updatedConversationsSettingsBulkActions.update[convo.id] ?? {}
+                        : {}),
+                      ...getApiConfigWithSelectedPrompt(),
+                    },
+                  },
+                }
+              : {};
+
+          updatedConversationsSettingsBulkActions = {
+            ...updatedConversationsSettingsBulkActions,
+            ...createOperation,
+            ...updateOperation,
+          };
+        });
+
+        setConversationsSettingsBulkActions(updatedConversationsSettingsBulkActions);
+      }
+    },
+    [
+      connectors,
+      conversationsSettingsBulkActions,
+      conversationsWithApiConfig,
+      defaultConnector,
+      selectedSystemPrompt,
+      setConversationSettings,
+      setConversationsSettingsBulkActions,
+      systemPromptSettings,
+    ]
+  );
+
+  // Whether this system prompt should be the default for new conversations
+  const isNewConversationDefault = useMemo(
+    () => selectedSystemPrompt?.isNewConversationDefault ?? false,
+    [selectedSystemPrompt?.isNewConversationDefault]
+  );
+
+  const handleNewConversationDefaultChange = useCallback(
+    (e) => {
+      const isChecked = e.target.checked;
+
+      if (selectedSystemPrompt != null) {
+        setUpdatedSystemPromptSettings((prev) => {
+          return prev.map((pp) => {
+            return {
+              ...pp,
+              isNewConversationDefault: selectedSystemPrompt.id === pp.id && isChecked,
+            };
+          });
+        });
+      }
+    },
+    [selectedSystemPrompt, setUpdatedSystemPromptSettings]
+  );
+
+  const { onSystemPromptSelectionChange, onSystemPromptDeleted } = useSystemPromptEditor({
+    setUpdatedSystemPromptSettings,
+    onSelectedSystemPromptChange,
+  });
+
+  return (
+    <>
+      <EuiFormRow display="rowCompressed" label={i18n.SYSTEM_PROMPT_NAME} fullWidth>
+        <SystemPromptSelector
+          onSystemPromptDeleted={onSystemPromptDeleted}
+          onSystemPromptSelectionChange={onSystemPromptSelectionChange}
+          selectedSystemPrompt={selectedSystemPrompt}
+          resetSettings={resetSettings}
+          systemPrompts={systemPromptSettings}
+        />
+      </EuiFormRow>
+      <EuiFormRow display="rowCompressed" label={i18n.SYSTEM_PROMPT_PROMPT} fullWidth>
+        <EuiTextArea
+          data-test-subj={TEST_IDS.SYSTEM_PROMPT_MODAL.PROMPT_TEXT}
+          disabled={selectedSystemPrompt == null}
+          onChange={handlePromptContentChange}
+          placeholder={i18n.SYSTEM_PROMPT_PROMPT_PLACEHOLDER}
+          value={promptContent}
+          compressed
+          fullWidth
+          css={css`
+            min-height: 150px;
+          `}
+        />
+      </EuiFormRow>
+      <EuiFormRow
+        display="rowCompressed"
+        fullWidth
+        helpText={i18n.SYSTEM_PROMPT_DEFAULT_CONVERSATIONS_HELP_TEXT}
+        label={i18n.SYSTEM_PROMPT_DEFAULT_CONVERSATIONS}
+      >
+        <ConversationMultiSelector
+          conversations={conversationOptions}
+          isDisabled={selectedSystemPrompt == null}
+          onConversationSelectionChange={handleConversationSelectionChange}
+          selectedConversations={selectedConversations}
+        />
+      </EuiFormRow>
+
+      <EuiFormRow display="rowCompressed">
+        <EuiCheckbox
+          data-test-subj={TEST_IDS.SYSTEM_PROMPT_MODAL.TOGGLE_ALL_DEFAULT_CONVERSATIONS}
+          disabled={selectedSystemPrompt == null}
+          id={'defaultNewConversation'}
+          label={
+            <EuiFlexGroup alignItems="center" gutterSize={'xs'}>
+              <EuiFlexItem>{i18n.SYSTEM_PROMPT_DEFAULT_NEW_CONVERSATION}</EuiFlexItem>
+              <EuiFlexItem grow={false}>
+                <EuiIcon type={isNewConversationDefault ? 'starFilled' : 'starEmpty'} />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          }
+          checked={isNewConversationDefault}
+          onChange={handleNewConversationDefaultChange}
+        />
+      </EuiFormRow>
+    </>
+  );
+};
+
+export const SystemPromptEditor = React.memo(SystemPromptEditorComponent);
+
+SystemPromptEditor.displayName = 'SystemPromptEditor';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.test.tsx
index d8d14a8ffebe0..45f320528ec64 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.test.tsx
@@ -23,7 +23,7 @@ describe('SystemPromptSelector', () => {
   beforeEach(() => {
     jest.clearAllMocks();
   });
-  it('Selects an existing quick prompt', () => {
+  it('Selects an existing system prompt', () => {
     const { getByTestId } = render(<SystemPromptSelector {...testProps} />);
     expect(getByTestId('comboBoxSearchInput')).toHaveValue(mockSystemPrompts[0].name);
     fireEvent.click(getByTestId('comboBoxToggleListButton'));
@@ -33,7 +33,7 @@ describe('SystemPromptSelector', () => {
   it('Deletes a system prompt that is not selected', () => {
     const { getByTestId, getAllByTestId } = render(<SystemPromptSelector {...testProps} />);
     fireEvent.click(getByTestId('comboBoxToggleListButton'));
-    // there is only one delete quick prompt because there is only one custom option
+    // there is only one delete system prompt because there is only one custom option
     fireEvent.click(getAllByTestId('delete-prompt')[1]);
     expect(onSystemPromptDeleted).toHaveBeenCalledWith(mockSystemPrompts[1].name);
     expect(onSystemPromptSelectionChange).not.toHaveBeenCalled();
@@ -41,12 +41,12 @@ describe('SystemPromptSelector', () => {
   it('Deletes a system prompt that is selected', () => {
     const { getByTestId, getAllByTestId } = render(<SystemPromptSelector {...testProps} />);
     fireEvent.click(getByTestId('comboBoxToggleListButton'));
-    // there is only one delete quick prompt because there is only one custom option
+    // there is only one delete system prompt because there is only one custom option
     fireEvent.click(getAllByTestId('delete-prompt')[0]);
     expect(onSystemPromptDeleted).toHaveBeenCalledWith(mockSystemPrompts[0].name);
     expect(onSystemPromptSelectionChange).toHaveBeenCalledWith(undefined);
   });
-  it('Selects existing quick prompt from the search  input', () => {
+  it('Selects existing system prompt from the search input', () => {
     const { getByTestId } = render(<SystemPromptSelector {...testProps} />);
     fireEvent.change(getByTestId('comboBoxSearchInput'), {
       target: { value: mockSystemPrompts[1].name },
@@ -58,6 +58,22 @@ describe('SystemPromptSelector', () => {
     });
     expect(onSystemPromptSelectionChange).toHaveBeenCalledWith(mockSystemPrompts[1]);
   });
+  it('Reset settings every time before selecting an system prompt from the input if resetSettings is provided', () => {
+    const mockResetSettings = jest.fn();
+    const { getByTestId } = render(
+      <SystemPromptSelector {...testProps} resetSettings={mockResetSettings} />
+    );
+    // changing the selection
+    fireEvent.change(getByTestId('comboBoxSearchInput'), {
+      target: { value: mockSystemPrompts[1].name },
+    });
+    fireEvent.keyDown(getByTestId('comboBoxSearchInput'), {
+      key: 'Enter',
+      code: 'Enter',
+      charCode: 13,
+    });
+    expect(mockResetSettings).toHaveBeenCalled();
+  });
   it('Creates a new system prompt', () => {
     const { getByTestId } = render(<SystemPromptSelector {...testProps} />);
     const customOption = 'Cool new prompt';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.tsx
index 1ec1c4b721065..53b6414d05b53 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_selector/system_prompt_selector.tsx
@@ -26,11 +26,12 @@ import { SYSTEM_PROMPT_DEFAULT_NEW_CONVERSATION } from '../translations';
 export const SYSTEM_PROMPT_SELECTOR_CLASSNAME = 'systemPromptSelector';
 
 interface Props {
+  autoFocus?: boolean;
   onSystemPromptDeleted: (systemPromptTitle: string) => void;
   onSystemPromptSelectionChange: (systemPrompt?: Prompt | string) => void;
-  systemPrompts: Prompt[];
-  autoFocus?: boolean;
+  resetSettings?: () => void;
   selectedSystemPrompt?: Prompt;
+  systemPrompts: Prompt[];
 }
 
 export type SystemPromptSelectorOption = EuiComboBoxOptionOption<{
@@ -44,10 +45,11 @@ export type SystemPromptSelectorOption = EuiComboBoxOptionOption<{
 export const SystemPromptSelector: React.FC<Props> = React.memo(
   ({
     autoFocus = false,
-    systemPrompts,
     onSystemPromptDeleted,
     onSystemPromptSelectionChange,
+    resetSettings,
     selectedSystemPrompt,
+    systemPrompts,
   }) => {
     // Form options
     const [options, setOptions] = useState<SystemPromptSelectorOption[]>(
@@ -76,6 +78,8 @@ export const SystemPromptSelector: React.FC<Props> = React.memo(
 
     const handleSelectionChange = useCallback(
       (systemPromptSelectorOption: SystemPromptSelectorOption[]) => {
+        // Reset settings on every selection change to avoid option saved automatically on settings management page
+        resetSettings?.();
         const newSystemPrompt =
           systemPromptSelectorOption.length === 0
             ? undefined
@@ -83,7 +87,7 @@ export const SystemPromptSelector: React.FC<Props> = React.memo(
               systemPromptSelectorOption[0]?.label;
         onSystemPromptSelectionChange(newSystemPrompt);
       },
-      [onSystemPromptSelectionChange, systemPrompts]
+      [onSystemPromptSelectionChange, resetSettings, systemPrompts]
     );
 
     // Callback for when user types to create a new system prompt
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.test.tsx
index 3892383b3d584..be9e33f615e4b 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.test.tsx
@@ -25,6 +25,7 @@ const setConversationSettings = jest.fn().mockImplementation((fn) => {
 });
 
 const testProps = {
+  connectors: [],
   conversationSettings: {
     [welcomeConvo.title]: welcomeConvo,
   },
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.tsx
index 88f00de57f444..b7f66acba85c7 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/system_prompt_settings.tsx
@@ -5,51 +5,19 @@
  * 2.0.
  */
 
-import React, { useCallback, useMemo } from 'react';
-import {
-  EuiFormRow,
-  EuiTextArea,
-  EuiCheckbox,
-  EuiIcon,
-  EuiFlexGroup,
-  EuiFlexItem,
-  EuiTitle,
-  EuiText,
-  EuiHorizontalRule,
-  EuiSpacer,
-} from '@elastic/eui';
+import React from 'react';
+import { EuiTitle, EuiText, EuiHorizontalRule, EuiSpacer } from '@elastic/eui';
 
-import { keyBy } from 'lodash/fp';
-
-import { css } from '@emotion/react';
-import { ApiConfig } from '@kbn/elastic-assistant-common';
-import { AIConnector } from '../../../../connectorland/connector_selector';
-import { Conversation, Prompt } from '../../../../..';
 import * as i18n from './translations';
-import { ConversationMultiSelector } from './conversation_multi_selector/conversation_multi_selector';
-import { SystemPromptSelector } from './system_prompt_selector/system_prompt_selector';
-import { TEST_IDS } from '../../../constants';
-import { ConversationsBulkActions } from '../../../api';
-
-interface Props {
-  conversationSettings: Record<string, Conversation>;
-  conversationsSettingsBulkActions: ConversationsBulkActions;
-  onSelectedSystemPromptChange: (systemPrompt?: Prompt) => void;
-  selectedSystemPrompt: Prompt | undefined;
-  setUpdatedSystemPromptSettings: React.Dispatch<React.SetStateAction<Prompt[]>>;
-  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
-  systemPromptSettings: Prompt[];
-  setConversationsSettingsBulkActions: React.Dispatch<
-    React.SetStateAction<ConversationsBulkActions>
-  >;
-  defaultConnector?: AIConnector;
-}
+import { SystemPromptEditor } from './system_prompt_editor';
+import { SystemPromptSettingsProps } from './types';
 
 /**
  * Settings for adding/removing system prompts. Configure name, prompt and default conversations.
  */
-export const SystemPromptSettings: React.FC<Props> = React.memo(
+export const SystemPromptSettings: React.FC<SystemPromptSettingsProps> = React.memo(
   ({
+    connectors,
     conversationSettings,
     onSelectedSystemPromptChange,
     selectedSystemPrompt,
@@ -60,226 +28,6 @@ export const SystemPromptSettings: React.FC<Props> = React.memo(
     setConversationsSettingsBulkActions,
     defaultConnector,
   }) => {
-    // Prompt
-    const promptContent = useMemo(
-      () => selectedSystemPrompt?.content ?? '',
-      [selectedSystemPrompt?.content]
-    );
-
-    const handlePromptContentChange = useCallback(
-      (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-        if (selectedSystemPrompt != null) {
-          setUpdatedSystemPromptSettings((prev): Prompt[] => {
-            const alreadyExists = prev.some((sp) => sp.id === selectedSystemPrompt.id);
-
-            if (alreadyExists) {
-              return prev.map((sp): Prompt => {
-                if (sp.id === selectedSystemPrompt.id) {
-                  return {
-                    ...sp,
-                    content: e.target.value,
-                  };
-                }
-                return sp;
-              });
-            }
-
-            return prev;
-          });
-        }
-      },
-      [selectedSystemPrompt, setUpdatedSystemPromptSettings]
-    );
-
-    // Conversations this system prompt should be a default for
-    const conversationOptions = useMemo(
-      () => Object.values(conversationSettings),
-      [conversationSettings]
-    );
-    const selectedConversations = useMemo(() => {
-      return selectedSystemPrompt != null
-        ? Object.values(conversationSettings).filter(
-            (conversation) =>
-              conversation.apiConfig?.defaultSystemPromptId === selectedSystemPrompt.id
-          )
-        : [];
-    }, [conversationSettings, selectedSystemPrompt]);
-
-    const handleConversationSelectionChange = useCallback(
-      (currentPromptConversations: Conversation[]) => {
-        const currentPromptConversationTitles = currentPromptConversations.map(
-          (convo) => convo.title
-        );
-        const getDefaultSystemPromptId = (convo: Conversation) =>
-          currentPromptConversationTitles.includes(convo.title)
-            ? selectedSystemPrompt?.id
-            : convo.apiConfig && convo.apiConfig.defaultSystemPromptId === selectedSystemPrompt?.id
-            ? // remove the default System Prompt if it is assigned to a conversation
-              // but that conversation is not in the currentPromptConversationList
-              // This means conversation was removed in the current transaction
-              undefined
-            : //  leave it as it is .. if that conversation was neither added nor removed.
-              convo.apiConfig?.defaultSystemPromptId;
-
-        if (selectedSystemPrompt != null) {
-          setConversationSettings((prev) =>
-            keyBy(
-              'title',
-              /*
-               * updatedConversationWithPrompts calculates the present of prompt for
-               * each conversation. Based on the values of selected conversation, it goes
-               * through each conversation adds/removed the selected prompt on each conversation.
-               *
-               * */
-              Object.values(prev).map((convo) => ({
-                ...convo,
-                ...(convo.apiConfig
-                  ? {
-                      apiConfig: {
-                        ...convo.apiConfig,
-                        defaultSystemPromptId: getDefaultSystemPromptId(convo),
-                      },
-                    }
-                  : {
-                      apiConfig: {
-                        defaultSystemPromptId: getDefaultSystemPromptId(convo),
-                        connectorId: defaultConnector?.id ?? '',
-                        actionTypeId: defaultConnector?.actionTypeId ?? '',
-                      },
-                    }),
-              }))
-            )
-          );
-
-          let updatedConversationsSettingsBulkActions = { ...conversationsSettingsBulkActions };
-          Object.values(conversationSettings).forEach((convo) => {
-            const getApiConfig = (): ApiConfig | {} => {
-              if (convo.apiConfig) {
-                return {
-                  apiConfig: {
-                    ...convo.apiConfig,
-                    defaultSystemPromptId: getDefaultSystemPromptId(convo),
-                  },
-                };
-              }
-              return {};
-            };
-            const createOperation =
-              convo.id === ''
-                ? {
-                    create: {
-                      ...(updatedConversationsSettingsBulkActions.create ?? {}),
-                      [convo.id]: {
-                        ...convo,
-                        ...(convo.apiConfig
-                          ? {
-                              apiConfig: {
-                                ...convo.apiConfig,
-                                defaultSystemPromptId: getDefaultSystemPromptId(convo),
-                              },
-                            }
-                          : {}),
-                      },
-                    },
-                  }
-                : {};
-
-            const updateOperation =
-              convo.id !== ''
-                ? {
-                    update: {
-                      ...(updatedConversationsSettingsBulkActions.update ?? {}),
-                      [convo.id]: {
-                        ...(updatedConversationsSettingsBulkActions.update
-                          ? updatedConversationsSettingsBulkActions.update[convo.id] ?? {}
-                          : {}),
-                        ...getApiConfig(),
-                      },
-                    },
-                  }
-                : {};
-
-            updatedConversationsSettingsBulkActions = {
-              ...updatedConversationsSettingsBulkActions,
-              ...createOperation,
-              ...updateOperation,
-            };
-          });
-          setConversationsSettingsBulkActions(updatedConversationsSettingsBulkActions);
-        }
-      },
-      [
-        conversationSettings,
-        conversationsSettingsBulkActions,
-        defaultConnector?.actionTypeId,
-        defaultConnector?.id,
-        selectedSystemPrompt,
-        setConversationSettings,
-        setConversationsSettingsBulkActions,
-      ]
-    );
-
-    // Whether this system prompt should be the default for new conversations
-    const isNewConversationDefault = useMemo(
-      () => selectedSystemPrompt?.isNewConversationDefault ?? false,
-      [selectedSystemPrompt?.isNewConversationDefault]
-    );
-
-    const handleNewConversationDefaultChange = useCallback(
-      (e) => {
-        const isChecked = e.target.checked;
-
-        if (selectedSystemPrompt != null) {
-          setUpdatedSystemPromptSettings((prev) => {
-            return prev.map((pp) => {
-              return {
-                ...pp,
-                isNewConversationDefault: selectedSystemPrompt.id === pp.id && isChecked,
-              };
-            });
-          });
-        }
-      },
-      [selectedSystemPrompt, setUpdatedSystemPromptSettings]
-    );
-
-    // When top level system prompt selection changes
-    const onSystemPromptSelectionChange = useCallback(
-      (systemPrompt?: Prompt | string) => {
-        const isNew = typeof systemPrompt === 'string';
-        const newSelectedSystemPrompt: Prompt | undefined = isNew
-          ? {
-              id: systemPrompt ?? '',
-              content: '',
-              name: systemPrompt ?? '',
-              promptType: 'system',
-            }
-          : systemPrompt;
-
-        if (newSelectedSystemPrompt != null) {
-          setUpdatedSystemPromptSettings((prev) => {
-            const alreadyExists = prev.some((sp) => sp.id === newSelectedSystemPrompt.id);
-
-            if (!alreadyExists) {
-              return [...prev, newSelectedSystemPrompt];
-            }
-
-            return prev;
-          });
-        }
-
-        onSelectedSystemPromptChange(newSelectedSystemPrompt);
-      },
-      [onSelectedSystemPromptChange, setUpdatedSystemPromptSettings]
-    );
-
-    const onSystemPromptDeleted = useCallback(
-      (id: string) => {
-        setUpdatedSystemPromptSettings((prev) => prev.filter((sp) => sp.id !== id));
-      },
-      [setUpdatedSystemPromptSettings]
-    );
-
     return (
       <>
         <EuiTitle size={'s'}>
@@ -289,59 +37,18 @@ export const SystemPromptSettings: React.FC<Props> = React.memo(
         <EuiText size={'s'}>{i18n.SETTINGS_DESCRIPTION}</EuiText>
         <EuiHorizontalRule margin={'s'} />
 
-        <EuiFormRow display="rowCompressed" label={i18n.SYSTEM_PROMPT_NAME} fullWidth>
-          <SystemPromptSelector
-            onSystemPromptDeleted={onSystemPromptDeleted}
-            onSystemPromptSelectionChange={onSystemPromptSelectionChange}
-            systemPrompts={systemPromptSettings}
-            selectedSystemPrompt={selectedSystemPrompt}
-          />
-        </EuiFormRow>
-        <EuiFormRow display="rowCompressed" label={i18n.SYSTEM_PROMPT_PROMPT} fullWidth>
-          <EuiTextArea
-            data-test-subj={TEST_IDS.SYSTEM_PROMPT_MODAL.PROMPT_TEXT}
-            disabled={selectedSystemPrompt == null}
-            onChange={handlePromptContentChange}
-            placeholder={i18n.SYSTEM_PROMPT_PROMPT_PLACEHOLDER}
-            value={promptContent}
-            compressed
-            fullWidth
-            css={css`
-              min-height: 150px;
-            `}
-          />
-        </EuiFormRow>
-        <EuiFormRow
-          display="rowCompressed"
-          fullWidth
-          helpText={i18n.SYSTEM_PROMPT_DEFAULT_CONVERSATIONS_HELP_TEXT}
-          label={i18n.SYSTEM_PROMPT_DEFAULT_CONVERSATIONS}
-        >
-          <ConversationMultiSelector
-            conversations={conversationOptions}
-            isDisabled={selectedSystemPrompt == null}
-            onConversationSelectionChange={handleConversationSelectionChange}
-            selectedConversations={selectedConversations}
-          />
-        </EuiFormRow>
-
-        <EuiFormRow display="rowCompressed">
-          <EuiCheckbox
-            data-test-subj={TEST_IDS.SYSTEM_PROMPT_MODAL.TOGGLE_ALL_DEFAULT_CONVERSATIONS}
-            disabled={selectedSystemPrompt == null}
-            id={'defaultNewConversation'}
-            label={
-              <EuiFlexGroup alignItems="center" gutterSize={'xs'}>
-                <EuiFlexItem>{i18n.SYSTEM_PROMPT_DEFAULT_NEW_CONVERSATION}</EuiFlexItem>
-                <EuiFlexItem grow={false}>
-                  <EuiIcon type={isNewConversationDefault ? 'starFilled' : 'starEmpty'} />
-                </EuiFlexItem>
-              </EuiFlexGroup>
-            }
-            checked={isNewConversationDefault}
-            onChange={handleNewConversationDefaultChange}
-          />
-        </EuiFormRow>
+        <SystemPromptEditor
+          connectors={connectors}
+          conversationSettings={conversationSettings}
+          onSelectedSystemPromptChange={onSelectedSystemPromptChange}
+          selectedSystemPrompt={selectedSystemPrompt}
+          setUpdatedSystemPromptSettings={setUpdatedSystemPromptSettings}
+          setConversationSettings={setConversationSettings}
+          systemPromptSettings={systemPromptSettings}
+          conversationsSettingsBulkActions={conversationsSettingsBulkActions}
+          setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+          defaultConnector={defaultConnector}
+        />
       </>
     );
   }
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/types.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/types.ts
new file mode 100644
index 0000000000000..63025566c9400
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/types.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { AIConnector } from '../../../../connectorland/connector_selector';
+import { Conversation, Prompt } from '../../../../..';
+import { ConversationsBulkActions } from '../../../api';
+
+export interface SystemPromptSettingsProps {
+  connectors: AIConnector[] | undefined;
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  onSelectedSystemPromptChange: (systemPrompt?: Prompt) => void;
+  selectedSystemPrompt: Prompt | undefined;
+  setUpdatedSystemPromptSettings: React.Dispatch<React.SetStateAction<Prompt[]>>;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  systemPromptSettings: Prompt[];
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+  defaultConnector?: AIConnector;
+}
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.test.tsx
new file mode 100644
index 0000000000000..85efe99979650
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.test.tsx
@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { renderHook, act } from '@testing-library/react-hooks';
+import { useSystemPromptEditor } from './use_system_prompt_editor';
+import { Prompt } from '../../../types';
+import {
+  mockSystemPrompt,
+  mockSuperheroSystemPrompt,
+  mockSystemPrompts,
+} from '../../../../mock/system_prompt';
+
+// Mock functions for the tests
+const mockOnSelectedSystemPromptChange = jest.fn();
+const mockSetUpdatedSystemPromptSettings = jest.fn();
+const mockPreviousSystemPrompts = [...mockSystemPrompts];
+
+describe('useSystemPromptEditor', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should delete a system prompt by id', () => {
+    const { result } = renderHook(() =>
+      useSystemPromptEditor({
+        onSelectedSystemPromptChange: mockOnSelectedSystemPromptChange,
+        setUpdatedSystemPromptSettings: mockSetUpdatedSystemPromptSettings,
+      })
+    );
+
+    act(() => {
+      result.current.onSystemPromptDeleted('mock-system-prompt-1');
+    });
+
+    expect(
+      mockSetUpdatedSystemPromptSettings.mock.calls[0][0]?.(mockPreviousSystemPrompts)
+    ).toEqual(mockSystemPrompts.filter((sp) => sp.id !== 'mock-system-prompt-1'));
+  });
+
+  test('should handle selection of an existing system prompt', () => {
+    const existingPrompt: Prompt = mockSystemPrompt;
+    const { result } = renderHook(() =>
+      useSystemPromptEditor({
+        onSelectedSystemPromptChange: mockOnSelectedSystemPromptChange,
+        setUpdatedSystemPromptSettings: mockSetUpdatedSystemPromptSettings,
+      })
+    );
+
+    act(() => {
+      result.current.onSystemPromptSelectionChange(existingPrompt);
+    });
+
+    expect(mockOnSelectedSystemPromptChange).toHaveBeenCalledWith(existingPrompt);
+    expect(
+      mockSetUpdatedSystemPromptSettings.mock.calls[0][0]?.(mockPreviousSystemPrompts)
+    ).toEqual(mockSystemPrompts);
+  });
+
+  test('should handle selection of a new system prompt', () => {
+    const newPromptId = 'new-system-prompt';
+    const { result } = renderHook(() =>
+      useSystemPromptEditor({
+        onSelectedSystemPromptChange: mockOnSelectedSystemPromptChange,
+        setUpdatedSystemPromptSettings: mockSetUpdatedSystemPromptSettings,
+      })
+    );
+
+    act(() => {
+      result.current.onSystemPromptSelectionChange(newPromptId);
+    });
+
+    const newPrompt: Prompt = {
+      id: newPromptId,
+      content: '',
+      name: newPromptId,
+      promptType: 'system',
+    };
+
+    expect(mockOnSelectedSystemPromptChange).toHaveBeenCalledWith(newPrompt);
+    expect(
+      mockSetUpdatedSystemPromptSettings.mock.calls[0][0]?.(mockPreviousSystemPrompts)
+    ).toEqual([...mockSystemPrompts, newPrompt]);
+  });
+
+  test('should handle prompt selection with an existing system prompt id', () => {
+    const { result } = renderHook(() =>
+      useSystemPromptEditor({
+        onSelectedSystemPromptChange: mockOnSelectedSystemPromptChange,
+        setUpdatedSystemPromptSettings: mockSetUpdatedSystemPromptSettings,
+      })
+    );
+
+    const expectedPrompt: Prompt = mockSuperheroSystemPrompt;
+
+    act(() => {
+      result.current.onSystemPromptSelectionChange(expectedPrompt);
+    });
+
+    expect(mockOnSelectedSystemPromptChange).toHaveBeenCalledWith(expectedPrompt);
+    expect(
+      mockSetUpdatedSystemPromptSettings.mock.calls[0][0]?.(mockPreviousSystemPrompts)
+    ).toContain(expectedPrompt);
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.tsx
new file mode 100644
index 0000000000000..87e284d6dcf25
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_modal/use_system_prompt_editor.tsx
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { Prompt } from '../../../types';
+
+interface Props {
+  setUpdatedSystemPromptSettings: React.Dispatch<React.SetStateAction<Prompt[]>>;
+  onSelectedSystemPromptChange: (systemPrompt?: Prompt) => void;
+}
+
+export const useSystemPromptEditor = ({
+  setUpdatedSystemPromptSettings,
+  onSelectedSystemPromptChange,
+}: Props) => {
+  // When top level system prompt selection changes
+  const onSystemPromptSelectionChange = useCallback(
+    (systemPrompt?: Prompt | string) => {
+      const isNew = typeof systemPrompt === 'string';
+      const newSelectedSystemPrompt: Prompt | undefined = isNew
+        ? {
+            id: systemPrompt ?? '',
+            content: '',
+            name: systemPrompt ?? '',
+            promptType: 'system',
+          }
+        : systemPrompt;
+
+      if (newSelectedSystemPrompt != null) {
+        setUpdatedSystemPromptSettings((prev) => {
+          const alreadyExists = prev.some((sp) => sp.id === newSelectedSystemPrompt.id);
+
+          if (!alreadyExists) {
+            return [...prev, newSelectedSystemPrompt];
+          }
+
+          return prev;
+        });
+      }
+
+      onSelectedSystemPromptChange(newSelectedSystemPrompt);
+    },
+    [onSelectedSystemPromptChange, setUpdatedSystemPromptSettings]
+  );
+
+  const onSystemPromptDeleted = useCallback(
+    (id: string) => {
+      setUpdatedSystemPromptSettings((prev) => prev.filter((sp) => sp.id !== id));
+    },
+    [setUpdatedSystemPromptSettings]
+  );
+
+  return { onSystemPromptSelectionChange, onSystemPromptDeleted };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/default_conversations_column.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/default_conversations_column.tsx
new file mode 100644
index 0000000000000..7567775909a09
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/default_conversations_column.tsx
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiBadge, EuiLink } from '@elastic/eui';
+import React, { useCallback, useState } from 'react';
+
+interface Props {
+  defaultConversations: string[];
+}
+
+export const DefaultConversationsColumn: React.FC<Props> = React.memo(
+  ({ defaultConversations }) => {
+    const maxConversationsToShow = 5;
+    const isOverflow = defaultConversations.length > maxConversationsToShow;
+
+    const [isExpanded, setIsExpanded] = useState(false);
+
+    const currentDisplaying = isExpanded
+      ? defaultConversations.length
+      : Math.min(maxConversationsToShow, defaultConversations.length);
+    const itemsToDisplay = defaultConversations.slice(0, currentDisplaying - 1);
+
+    const toggleContent = useCallback((prev) => {
+      setIsExpanded(!prev);
+    }, []);
+
+    if (!defaultConversations || defaultConversations?.length === 0) {
+      return null;
+    }
+
+    return (
+      <>
+        {itemsToDisplay.map((c, idx) => (
+          <EuiBadge id={`${idx}`} color="hollow">
+            {c}
+          </EuiBadge>
+        ))}
+        {isOverflow && (
+          <EuiLink onClick={toggleContent}>{isExpanded ? 'Show less' : 'Show All'}</EuiLink>
+        )}
+      </>
+    );
+  }
+);
+
+DefaultConversationsColumn.displayName = 'DefaultConversationsColumn';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/index.tsx
new file mode 100644
index 0000000000000..e0f27f3fa8c7d
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/index.tsx
@@ -0,0 +1,224 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiInMemoryTable,
+  EuiPanel,
+  EuiConfirmModal,
+  EuiButton,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+} from '@elastic/eui';
+import React, { useCallback, useMemo, useState } from 'react';
+
+import { Conversation, ConversationsBulkActions, useAssistantContext } from '../../../../..';
+import { SYSTEM_PROMPT_TABLE_SESSION_STORAGE_KEY } from '../../../../assistant_context/constants';
+import { AIConnector } from '../../../../connectorland/connector_selector';
+import { Flyout } from '../../../common/components/assistant_settings_management/flyout';
+import { useFlyoutModalVisibility } from '../../../common/components/assistant_settings_management/flyout/use_flyout_modal_visibility';
+import {
+  DEFAULT_TABLE_OPTIONS,
+  useSessionPagination,
+} from '../../../common/components/assistant_settings_management/pagination/use_session_pagination';
+import { CANCEL, DELETE } from '../../../settings/translations';
+import { Prompt } from '../../../types';
+import { SystemPromptEditor } from '../system_prompt_modal/system_prompt_editor';
+import { SETTINGS_TITLE } from '../system_prompt_modal/translations';
+import { useSystemPromptEditor } from '../system_prompt_modal/use_system_prompt_editor';
+import * as i18n from './translations';
+import { useSystemPromptTable } from './use_system_prompt_table';
+
+interface Props {
+  connectors: AIConnector[] | undefined;
+  conversationSettings: Record<string, Conversation>;
+  conversationsSettingsBulkActions: ConversationsBulkActions;
+  onSelectedSystemPromptChange: (systemPrompt?: Prompt) => void;
+  selectedSystemPrompt: Prompt | undefined;
+  setUpdatedSystemPromptSettings: React.Dispatch<React.SetStateAction<Prompt[]>>;
+  setConversationSettings: React.Dispatch<React.SetStateAction<Record<string, Conversation>>>;
+  systemPromptSettings: Prompt[];
+  setConversationsSettingsBulkActions: React.Dispatch<
+    React.SetStateAction<ConversationsBulkActions>
+  >;
+  defaultConnector?: AIConnector;
+  handleSave: (shouldRefetchConversation?: boolean) => void;
+  onCancelClick: () => void;
+  resetSettings: () => void;
+}
+
+const SystemPromptSettingsManagementComponent = ({
+  connectors,
+  conversationSettings,
+  onSelectedSystemPromptChange,
+  setUpdatedSystemPromptSettings,
+  setConversationSettings,
+  selectedSystemPrompt,
+  systemPromptSettings,
+  conversationsSettingsBulkActions,
+  setConversationsSettingsBulkActions,
+  defaultConnector,
+  handleSave,
+  onCancelClick,
+  resetSettings,
+}: Props) => {
+  const { nameSpace } = useAssistantContext();
+  const { isFlyoutOpen: editFlyoutVisible, openFlyout, closeFlyout } = useFlyoutModalVisibility();
+  const {
+    isFlyoutOpen: deleteConfirmModalVisibility,
+    openFlyout: openConfirmModal,
+    closeFlyout: closeConfirmModal,
+  } = useFlyoutModalVisibility();
+  const [deletedPrompt, setDeletedPrompt] = useState<Prompt | null>();
+
+  const onCreate = useCallback(() => {
+    onSelectedSystemPromptChange({
+      id: '',
+      content: '',
+      name: '',
+      promptType: 'system',
+    });
+    openFlyout();
+  }, [onSelectedSystemPromptChange, openFlyout]);
+
+  const { onSystemPromptSelectionChange, onSystemPromptDeleted } = useSystemPromptEditor({
+    setUpdatedSystemPromptSettings,
+    onSelectedSystemPromptChange,
+  });
+
+  const onEditActionClicked = useCallback(
+    (prompt: Prompt) => {
+      onSystemPromptSelectionChange(prompt);
+      openFlyout();
+    },
+    [onSystemPromptSelectionChange, openFlyout]
+  );
+
+  const onDeleteActionClicked = useCallback(
+    (prompt: Prompt) => {
+      setDeletedPrompt(prompt);
+      onSystemPromptDeleted(prompt.id);
+      openConfirmModal();
+    },
+    [onSystemPromptDeleted, openConfirmModal]
+  );
+
+  const onDeleteCancelled = useCallback(() => {
+    setDeletedPrompt(null);
+    closeConfirmModal();
+    onCancelClick();
+  }, [closeConfirmModal, onCancelClick]);
+
+  const onDeleteConfirmed = useCallback(() => {
+    closeConfirmModal();
+    handleSave(true);
+    setConversationsSettingsBulkActions({});
+  }, [closeConfirmModal, handleSave, setConversationsSettingsBulkActions]);
+
+  const onSaveCancelled = useCallback(() => {
+    closeFlyout();
+    onCancelClick();
+  }, [closeFlyout, onCancelClick]);
+
+  const onSaveConfirmed = useCallback(() => {
+    closeFlyout();
+    handleSave(true);
+    setConversationsSettingsBulkActions({});
+  }, [closeFlyout, handleSave, setConversationsSettingsBulkActions]);
+
+  const confirmationTitle = useMemo(
+    () =>
+      deletedPrompt?.name
+        ? i18n.DELETE_SYSTEM_PROMPT_MODAL_TITLE(deletedPrompt?.name)
+        : i18n.DELETE_SYSTEM_PROMPT_MODAL_DEFAULT_TITLE,
+    [deletedPrompt?.name]
+  );
+
+  const { getColumns, getSystemPromptsList } = useSystemPromptTable();
+
+  const { onTableChange, pagination, sorting } = useSessionPagination({
+    defaultTableOptions: DEFAULT_TABLE_OPTIONS,
+    nameSpace,
+    storageKey: SYSTEM_PROMPT_TABLE_SESSION_STORAGE_KEY,
+  });
+
+  const columns = useMemo(
+    () => getColumns({ onEditActionClicked, onDeleteActionClicked }),
+    [getColumns, onEditActionClicked, onDeleteActionClicked]
+  );
+  const systemPromptListItems = useMemo(
+    () =>
+      getSystemPromptsList({
+        connectors,
+        conversationSettings,
+        defaultConnector,
+        systemPromptSettings,
+      }),
+    [getSystemPromptsList, connectors, conversationSettings, defaultConnector, systemPromptSettings]
+  );
+
+  return (
+    <>
+      <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+        <EuiFlexGroup justifyContent="flexEnd">
+          <EuiFlexItem grow={false}>
+            <EuiButton iconType="plusInCircle" onClick={onCreate}>
+              {SETTINGS_TITLE}
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+
+        <EuiSpacer size="s" />
+        <EuiInMemoryTable
+          columns={columns}
+          items={systemPromptListItems}
+          onTableChange={onTableChange}
+          pagination={pagination}
+          sorting={sorting}
+        />
+      </EuiPanel>
+      <Flyout
+        flyoutVisible={editFlyoutVisible}
+        title={SETTINGS_TITLE}
+        onClose={onSaveCancelled}
+        onSaveCancelled={onSaveCancelled}
+        onSaveConfirmed={onSaveConfirmed}
+      >
+        <SystemPromptEditor
+          connectors={connectors}
+          conversationSettings={conversationSettings}
+          onSelectedSystemPromptChange={onSelectedSystemPromptChange}
+          selectedSystemPrompt={selectedSystemPrompt}
+          setUpdatedSystemPromptSettings={setUpdatedSystemPromptSettings}
+          setConversationSettings={setConversationSettings}
+          systemPromptSettings={systemPromptSettings}
+          conversationsSettingsBulkActions={conversationsSettingsBulkActions}
+          setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+          defaultConnector={defaultConnector}
+          resetSettings={resetSettings}
+        />
+      </Flyout>
+      {deleteConfirmModalVisibility && deletedPrompt?.name && (
+        <EuiConfirmModal
+          aria-labelledby={confirmationTitle}
+          title={confirmationTitle}
+          titleProps={{ id: deletedPrompt?.id ?? undefined }}
+          onCancel={onDeleteCancelled}
+          onConfirm={onDeleteConfirmed}
+          cancelButtonText={CANCEL}
+          confirmButtonText={DELETE}
+          buttonColor="danger"
+          defaultFocusedButton="confirm"
+        >
+          <p>{i18n.DELETE_SYSTEM_PROMPT_MODAL_DESCRIPTION}</p>
+        </EuiConfirmModal>
+      )}
+    </>
+  );
+};
+
+export const SystemPromptSettingsManagement = React.memo(SystemPromptSettingsManagementComponent);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/translations.ts
new file mode 100644
index 0000000000000..b1ff676486954
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/translations.ts
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { i18n } from '@kbn/i18n';
+
+export const SYSTEM_PROMPTS_TABLE_COLUMN_NAME = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptsTable.systemPromptsTableColumnName',
+  {
+    defaultMessage: 'Name',
+  }
+);
+
+export const SYSTEM_PROMPTS_TABLE_COLUMN_DEFAULT_CONVERSATIONS = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptsTable.systemPromptsTableColumnDefaultConversations',
+  {
+    defaultMessage: 'Default conversations',
+  }
+);
+
+export const SYSTEM_PROMPTS_TABLE_COLUMN_CREATED_ON = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptsTable.systemPromptsTableColumnCreatedOn',
+  {
+    defaultMessage: 'Created on',
+  }
+);
+
+export const SYSTEM_PROMPTS_TABLE_COLUMN_ACTIONS = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptsTable.systemPromptsTableColumnActions',
+  {
+    defaultMessage: 'Actions',
+  }
+);
+
+export const DELETE_SYSTEM_PROMPT_MODAL_TITLE = (prompt: string) =>
+  i18n.translate(
+    'xpack.elasticAssistant.assistant.promptEditor.modal.deleteSystemPromptConfirmationTitle',
+    {
+      values: { prompt },
+      defaultMessage: 'Delete "{prompt}"?',
+    }
+  );
+
+export const DELETE_SYSTEM_PROMPT_MODAL_DEFAULT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptEditor.modal.deleteSystemPromptConfirmationDefaultTitle',
+  {
+    defaultMessage: 'Delete system prompt?',
+  }
+);
+
+export const DELETE_SYSTEM_PROMPT_MODAL_DESCRIPTION = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptEditor.modal.deleteSystemPromptConfirmationMessage',
+  {
+    defaultMessage: 'You cannot recover the prompt once deleted',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.test.tsx
new file mode 100644
index 0000000000000..90cea2319714d
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.test.tsx
@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react-hooks';
+import { useSystemPromptTable } from './use_system_prompt_table';
+import { Prompt } from '../../../types';
+import { Conversation } from '../../../../assistant_context/types';
+import { AIConnector } from '../../../../connectorland/connector_selector';
+import { customConvo, welcomeConvo } from '../../../../mock/conversation';
+import { mockConnectors } from '../../../../mock/connectors';
+import { ApiConfig } from '@kbn/elastic-assistant-common';
+
+// Mock data for tests
+const mockSystemPrompts: Prompt[] = [
+  {
+    id: 'prompt-1',
+    content: 'Prompt 1',
+    name: 'Prompt 1',
+    promptType: 'user',
+  },
+  {
+    id: 'prompt-2',
+    content: 'Prompt 2',
+    name: 'Prompt 2',
+    promptType: 'user',
+    isNewConversationDefault: true,
+  },
+];
+
+const mockConversationSettings: Record<string, Conversation> = {
+  'conv-1': {
+    ...welcomeConvo,
+    id: 'conv-1',
+    apiConfig: {
+      ...welcomeConvo.apiConfig,
+      defaultSystemPromptId: 'prompt-1',
+    } as ApiConfig,
+  },
+  'conv-2': {
+    ...customConvo,
+    id: 'conv-2',
+    apiConfig: {
+      ...customConvo.apiConfig,
+      defaultSystemPromptId: 'prompt-2',
+    } as ApiConfig,
+  },
+};
+
+const mockAiConnectors: AIConnector[] = [...mockConnectors];
+
+const mockDefaultConnector: AIConnector = {
+  id: 'default-connector',
+  actionTypeId: '.gen-ai',
+  apiProvider: 'OpenAI',
+} as AIConnector;
+
+describe('useSystemPromptTable', () => {
+  const { result } = renderHook(() => useSystemPromptTable());
+
+  describe('getColumns', () => {
+    it('should return columns with correct render functions', () => {
+      const onEditActionClicked = jest.fn();
+      const onDeleteActionClicked = jest.fn();
+      const columns = result.current.getColumns({
+        onEditActionClicked,
+        onDeleteActionClicked,
+      });
+
+      expect(columns).toHaveLength(3);
+      expect(columns[0].name).toBe('Name');
+      expect(columns[1].name).toBe('Default conversations');
+      expect(columns[2].name).toBe('Actions');
+    });
+  });
+
+  describe('getSystemPromptsList', () => {
+    it('should return system prompts with associated default conversations', () => {
+      const systemPromptsList = result.current.getSystemPromptsList({
+        connectors: mockAiConnectors,
+        conversationSettings: mockConversationSettings,
+        defaultConnector: mockDefaultConnector,
+        systemPromptSettings: mockSystemPrompts,
+      });
+
+      expect(systemPromptsList).toHaveLength(2);
+      expect(systemPromptsList[0].defaultConversations).toEqual(['Welcome']);
+      expect(systemPromptsList[1].defaultConversations).toEqual(['Custom option']);
+    });
+
+    it('should return empty defaultConversations if no conversations match', () => {
+      const systemPromptsList = result.current.getSystemPromptsList({
+        connectors: [],
+        conversationSettings: {},
+        defaultConnector: undefined,
+        systemPromptSettings: mockSystemPrompts,
+      });
+
+      systemPromptsList.forEach((prompt) => {
+        expect(prompt.defaultConversations).toEqual([]);
+      });
+    });
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.tsx
new file mode 100644
index 0000000000000..7cf907bb7adf5
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/use_system_prompt_table.tsx
@@ -0,0 +1,135 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EuiBasicTableColumn, EuiIcon, EuiLink } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { Conversation } from '../../../../assistant_context/types';
+import { AIConnector } from '../../../../connectorland/connector_selector';
+import { BadgesColumn } from '../../../common/components/assistant_settings_management/badges';
+import { RowActions } from '../../../common/components/assistant_settings_management/row_actions';
+import { Prompt } from '../../../types';
+import {
+  getConversationApiConfig,
+  getInitialDefaultSystemPrompt,
+} from '../../../use_conversation/helpers';
+import { SYSTEM_PROMPT_DEFAULT_NEW_CONVERSATION } from '../system_prompt_modal/translations';
+import * as i18n from './translations';
+import { getSelectedConversations } from './utils';
+
+type ConversationsWithSystemPrompt = Record<
+  string,
+  Conversation & { systemPrompt: Prompt | undefined }
+>;
+
+type SystemPromptTableItem = Prompt & { defaultConversations: string[] };
+
+export const useSystemPromptTable = () => {
+  const getColumns = useCallback(
+    ({
+      onEditActionClicked,
+      onDeleteActionClicked,
+    }: {
+      onEditActionClicked: (prompt: SystemPromptTableItem) => void;
+      onDeleteActionClicked: (prompt: SystemPromptTableItem) => void;
+    }): Array<EuiBasicTableColumn<SystemPromptTableItem>> => [
+      {
+        align: 'left',
+        name: i18n.SYSTEM_PROMPTS_TABLE_COLUMN_NAME,
+        truncateText: { lines: 3 },
+        render: (prompt: SystemPromptTableItem) =>
+          prompt?.name ? (
+            <EuiLink onClick={() => onEditActionClicked(prompt)}>
+              {prompt?.name}
+              {prompt.isNewConversationDefault && (
+                <EuiIcon
+                  type="starFilled"
+                  aria-label={SYSTEM_PROMPT_DEFAULT_NEW_CONVERSATION}
+                  className="eui-alignTop"
+                />
+              )}
+            </EuiLink>
+          ) : null,
+        sortable: ({ name }: SystemPromptTableItem) => name,
+      },
+      {
+        align: 'left',
+        name: i18n.SYSTEM_PROMPTS_TABLE_COLUMN_DEFAULT_CONVERSATIONS,
+        render: ({ defaultConversations, id }: SystemPromptTableItem) => (
+          <BadgesColumn items={defaultConversations} prefix={id} />
+        ),
+      },
+      /* TODO: enable when createdAt is added
+      {
+        align: 'left',
+        field: 'createdAt',
+        name: i18n.SYSTEM_PROMPTS_TABLE_COLUMN_CREATED_ON,
+      },
+      */
+      {
+        align: 'center',
+        name: 'Actions',
+        width: '120px',
+        render: (prompt: SystemPromptTableItem) => {
+          const isDeletable = !prompt.isDefault;
+          return (
+            <RowActions<SystemPromptTableItem>
+              rowItem={prompt}
+              onEdit={onEditActionClicked}
+              onDelete={isDeletable ? onDeleteActionClicked : undefined}
+              isDeletable={isDeletable}
+            />
+          );
+        },
+      },
+    ],
+    []
+  );
+
+  const getSystemPromptsList = ({
+    connectors,
+    conversationSettings,
+    defaultConnector,
+    systemPromptSettings,
+  }: {
+    connectors: AIConnector[] | undefined;
+    conversationSettings: Record<string, Conversation>;
+    defaultConnector: AIConnector | undefined;
+    systemPromptSettings: Prompt[];
+  }): SystemPromptTableItem[] => {
+    const conversationsWithApiConfig = Object.entries(
+      conversationSettings
+    ).reduce<ConversationsWithSystemPrompt>((acc, [key, conversation]) => {
+      const defaultSystemPrompt = getInitialDefaultSystemPrompt({
+        allSystemPrompts: systemPromptSettings,
+        conversation,
+      });
+
+      acc[key] = {
+        ...conversation,
+        ...getConversationApiConfig({
+          allSystemPrompts: systemPromptSettings,
+          connectors,
+          conversation,
+          defaultConnector,
+        }),
+        systemPrompt: defaultSystemPrompt,
+      };
+      return acc;
+    }, {});
+    return systemPromptSettings.map((systemPrompt) => {
+      return {
+        ...systemPrompt,
+        defaultConversations: getSelectedConversations(
+          systemPromptSettings,
+          conversationsWithApiConfig,
+          systemPrompt?.id
+        ).map(({ title }) => title),
+      };
+    });
+  };
+
+  return { getColumns, getSystemPromptsList };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.test.tsx
new file mode 100644
index 0000000000000..5f10e3bb59c65
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.test.tsx
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { ProviderEnum } from '@kbn/elastic-assistant-common';
+import { mockSystemPrompts } from '../../../../mock/system_prompt';
+import { PromptType } from '../../../types';
+import { getSelectedConversations } from './utils';
+describe('getSelectedConversations', () => {
+  const allSystemPrompts = [...mockSystemPrompts];
+  const conversationSettings = {
+    '8f1e3218-0b02-480a-8791-78c1ed5f3708': {
+      timestamp: '2024-06-25T12:33:26.779Z',
+      createdAt: '2024-06-25T12:33:26.779Z' as unknown as Date,
+      users: [
+        {
+          id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+          name: 'elastic',
+        },
+      ],
+      title: 'New chat',
+      category: 'assistant',
+      apiConfig: {
+        connectorId: 'acdeb074-f863-4e04-a22b-014391dd1be4',
+        actionTypeId: '.gen-ai',
+        provider: ProviderEnum.OpenAI,
+        defaultSystemPromptId: 'mock-system-prompt-1',
+        model: 'gpt-4',
+      },
+      messages: [],
+      updatedAt: '2024-06-25T18:35:28.217Z' as unknown as Date,
+      namespace: 'default',
+      id: '8f1e3218-0b02-480a-8791-78c1ed5f3708',
+      replacements: {},
+      systemPrompt: {
+        id: 'mock-system-prompt-1',
+        content:
+          'You are a helpful, expert assistant who answers questions about Elastic Security. Do not answer questions unrelated to Elastic Security.\nProvide the most detailed and relevant answer possible, as if you were relaying this information back to a cyber security expert.\nIf you answer a question related to KQL, EQL, or ES|QL, it should be immediately usable within an Elastic Security timeline; please always format the output correctly with back ticks. Any answer provided for Query DSL should also be usable in a security timeline. This means you should only ever include the "filter" portion of the query. xxx',
+        name: 'Enhanced system prompt',
+        promptType: 'system' as PromptType,
+        isDefault: true,
+        isNewConversationDefault: true,
+      },
+    },
+  };
+  test('should return selected conversations', () => {
+    const systemPromptId = 'mock-system-prompt-1';
+
+    const conversations = getSelectedConversations(
+      allSystemPrompts,
+      conversationSettings,
+      systemPromptId
+    );
+
+    expect(conversations).toEqual(Object.values(conversationSettings));
+  });
+  test('should return empty array if no conversations are selected', () => {
+    const systemPromptId = 'ooo';
+
+    const conversations = getSelectedConversations(
+      allSystemPrompts,
+      conversationSettings,
+      systemPromptId
+    );
+
+    expect(conversations).toEqual([]);
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.tsx
new file mode 100644
index 0000000000000..5fde200db9b17
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/prompt_editor/system_prompt/system_prompt_settings_management/utils.tsx
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Conversation } from '../../../../assistant_context/types';
+import { Prompt } from '../../../types';
+
+export const getSelectedConversations = (
+  allSystemPrompts: Prompt[],
+  conversationSettings: Record<string, Conversation>,
+  systemPromptId: string
+) => {
+  return Object.values(conversationSettings).filter((conversation) => {
+    const conversationSystemPrompt = allSystemPrompts.find(
+      (prompt) => prompt.id === conversation?.apiConfig?.defaultSystemPromptId
+    );
+    return conversationSystemPrompt?.id === systemPromptId;
+  });
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.test.tsx
index 6e24d662955b1..04ccd478e3bc5 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.test.tsx
@@ -53,6 +53,22 @@ describe('QuickPromptSelector', () => {
       title: 'A_CUSTOM_OPTION',
     });
   });
+  it('Reset settings every time before selecting an system prompt from the input if resetSettings is provided', () => {
+    const mockResetSettings = jest.fn();
+    const { getByTestId } = render(
+      <QuickPromptSelector {...testProps} resetSettings={mockResetSettings} />
+    );
+    // changing the selection
+    fireEvent.change(getByTestId('comboBoxSearchInput'), {
+      target: { value: MOCK_QUICK_PROMPTS[1].title },
+    });
+    fireEvent.keyDown(getByTestId('comboBoxSearchInput'), {
+      key: 'Enter',
+      code: 'Enter',
+      charCode: 13,
+    });
+    expect(mockResetSettings).toHaveBeenCalled();
+  });
   it('Creates a new quick prompt', () => {
     const { getByTestId } = render(<QuickPromptSelector {...testProps} />);
     const customOption = 'Cool new prompt';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.tsx
index 5aaff2bbc8fc9..3fb0ba17cf4bf 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_selector/quick_prompt_selector.tsx
@@ -26,6 +26,7 @@ interface Props {
   onQuickPromptDeleted: (quickPromptTitle: string) => void;
   onQuickPromptSelectionChange: (quickPrompt?: QuickPrompt | string) => void;
   quickPrompts: QuickPrompt[];
+  resetSettings?: () => void;
   selectedQuickPrompt?: QuickPrompt;
 }
 
@@ -40,6 +41,7 @@ export const QuickPromptSelector: React.FC<Props> = React.memo(
     quickPrompts,
     onQuickPromptDeleted,
     onQuickPromptSelectionChange,
+    resetSettings,
     selectedQuickPrompt,
   }) => {
     // Form options
@@ -69,6 +71,8 @@ export const QuickPromptSelector: React.FC<Props> = React.memo(
 
     const handleSelectionChange = useCallback(
       (quickPromptSelectorOption: QuickPromptSelectorOption[]) => {
+        // Reset settings on every selection change to avoid option saved automatically on settings management page
+        resetSettings?.();
         const newQuickPrompt =
           quickPromptSelectorOption.length === 0
             ? undefined
@@ -76,7 +80,7 @@ export const QuickPromptSelector: React.FC<Props> = React.memo(
               quickPromptSelectorOption[0]?.label;
         onQuickPromptSelectionChange(newQuickPrompt);
       },
-      [onQuickPromptSelectionChange, quickPrompts]
+      [onQuickPromptSelectionChange, resetSettings, quickPrompts]
     );
 
     // Callback for when user types to create a new quick prompt
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_editor.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_editor.tsx
new file mode 100644
index 0000000000000..4300e53525b33
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_editor.tsx
@@ -0,0 +1,195 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useMemo } from 'react';
+import { EuiFormRow, EuiColorPicker, EuiTextArea } from '@elastic/eui';
+
+import { EuiSetColorMethod } from '@elastic/eui/src/services/color_picker/color_picker';
+import { css } from '@emotion/react';
+import { PromptContextTemplate } from '../../../..';
+import * as i18n from './translations';
+import { QuickPrompt } from '../types';
+import { QuickPromptSelector } from '../quick_prompt_selector/quick_prompt_selector';
+import { PromptContextSelector } from '../prompt_context_selector/prompt_context_selector';
+import { useAssistantContext } from '../../../assistant_context';
+import { useQuickPromptEditor } from './use_quick_prompt_editor';
+
+const DEFAULT_COLOR = '#D36086';
+
+interface Props {
+  onSelectedQuickPromptChange: (quickPrompt?: QuickPrompt) => void;
+  quickPromptSettings: QuickPrompt[];
+  resetSettings?: () => void;
+  selectedQuickPrompt: QuickPrompt | undefined;
+  setUpdatedQuickPromptSettings: React.Dispatch<React.SetStateAction<QuickPrompt[]>>;
+}
+
+const QuickPromptSettingsEditorComponent = ({
+  onSelectedQuickPromptChange,
+  quickPromptSettings,
+  resetSettings,
+  selectedQuickPrompt,
+  setUpdatedQuickPromptSettings,
+}: Props) => {
+  const { basePromptContexts } = useAssistantContext();
+
+  // Prompt
+  const prompt = useMemo(
+    // Fixing Cursor Jump in text area
+    () => quickPromptSettings.find((p) => p.title === selectedQuickPrompt?.title)?.prompt ?? '',
+    [selectedQuickPrompt?.title, quickPromptSettings]
+  );
+
+  const handlePromptChange = useCallback(
+    (e: React.ChangeEvent<HTMLTextAreaElement>) => {
+      if (selectedQuickPrompt != null) {
+        setUpdatedQuickPromptSettings((prev) => {
+          const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
+
+          if (alreadyExists) {
+            return prev.map((qp) => {
+              if (qp.title === selectedQuickPrompt.title) {
+                return {
+                  ...qp,
+                  prompt: e.target.value,
+                };
+              }
+              return qp;
+            });
+          }
+
+          return prev;
+        });
+      }
+    },
+    [selectedQuickPrompt, setUpdatedQuickPromptSettings]
+  );
+
+  // Color
+  const selectedColor = useMemo(
+    () => selectedQuickPrompt?.color ?? DEFAULT_COLOR,
+    [selectedQuickPrompt?.color]
+  );
+
+  const handleColorChange = useCallback<EuiSetColorMethod>(
+    (color, { hex, isValid }) => {
+      if (selectedQuickPrompt != null) {
+        setUpdatedQuickPromptSettings((prev) => {
+          const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
+
+          if (alreadyExists) {
+            return prev.map((qp) => {
+              if (qp.title === selectedQuickPrompt.title) {
+                return {
+                  ...qp,
+                  color,
+                };
+              }
+              return qp;
+            });
+          }
+          return prev;
+        });
+      }
+    },
+    [selectedQuickPrompt, setUpdatedQuickPromptSettings]
+  );
+
+  // Prompt Contexts
+  const selectedPromptContexts = useMemo(
+    () =>
+      basePromptContexts.filter((bpc) =>
+        selectedQuickPrompt?.categories?.some((cat) => bpc?.category === cat)
+      ) ?? [],
+    [basePromptContexts, selectedQuickPrompt?.categories]
+  );
+
+  const onPromptContextSelectionChange = useCallback(
+    (pc: PromptContextTemplate[]) => {
+      if (selectedQuickPrompt != null) {
+        setUpdatedQuickPromptSettings((prev) => {
+          const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
+
+          if (alreadyExists) {
+            return prev.map((qp) => {
+              if (qp.title === selectedQuickPrompt.title) {
+                return {
+                  ...qp,
+                  categories: pc.map((p) => p.category),
+                };
+              }
+              return qp;
+            });
+          }
+          return prev;
+        });
+      }
+    },
+    [selectedQuickPrompt, setUpdatedQuickPromptSettings]
+  );
+
+  // When top level quick prompt selection changes
+  const { onQuickPromptDeleted, onQuickPromptSelectionChange } = useQuickPromptEditor({
+    onSelectedQuickPromptChange,
+    setUpdatedQuickPromptSettings,
+  });
+
+  return (
+    <>
+      <EuiFormRow label={i18n.QUICK_PROMPT_NAME} display="rowCompressed" fullWidth>
+        <QuickPromptSelector
+          onQuickPromptDeleted={onQuickPromptDeleted}
+          onQuickPromptSelectionChange={onQuickPromptSelectionChange}
+          quickPrompts={quickPromptSettings}
+          resetSettings={resetSettings}
+          selectedQuickPrompt={selectedQuickPrompt}
+        />
+      </EuiFormRow>
+
+      <EuiFormRow label={i18n.QUICK_PROMPT_PROMPT} display="rowCompressed" fullWidth>
+        <EuiTextArea
+          compressed
+          disabled={selectedQuickPrompt == null}
+          fullWidth
+          data-test-subj="quick-prompt-prompt"
+          onChange={handlePromptChange}
+          placeholder={i18n.QUICK_PROMPT_PROMPT_PLACEHOLDER}
+          value={prompt}
+          css={css`
+            min-height: 150px;
+          `}
+        />
+      </EuiFormRow>
+
+      <EuiFormRow
+        display="rowCompressed"
+        fullWidth
+        label={i18n.QUICK_PROMPT_CONTEXTS}
+        helpText={i18n.QUICK_PROMPT_CONTEXTS_HELP_TEXT}
+      >
+        <PromptContextSelector
+          isDisabled={selectedQuickPrompt == null}
+          onPromptContextSelectionChange={onPromptContextSelectionChange}
+          promptContexts={basePromptContexts}
+          selectedPromptContexts={selectedPromptContexts}
+        />
+      </EuiFormRow>
+
+      <EuiFormRow display="rowCompressed" label={i18n.QUICK_PROMPT_BADGE_COLOR}>
+        <EuiColorPicker
+          color={selectedColor}
+          compressed
+          disabled={selectedQuickPrompt == null}
+          onChange={handleColorChange}
+        />
+      </EuiFormRow>
+    </>
+  );
+};
+export const QuickPromptSettingsEditor = memo(QuickPromptSettingsEditorComponent);
+
+QuickPromptSettingsEditor.displayName = 'QuickPromptSettingsEditor';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_settings.tsx
index 38bbb0e6899be..4b8b6a8f8039d 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_settings.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/quick_prompt_settings.tsx
@@ -5,27 +5,12 @@
  * 2.0.
  */
 
-import React, { useCallback, useMemo } from 'react';
-import {
-  EuiFormRow,
-  EuiColorPicker,
-  EuiTextArea,
-  EuiTitle,
-  EuiText,
-  EuiHorizontalRule,
-  EuiSpacer,
-} from '@elastic/eui';
+import React from 'react';
+import { EuiTitle, EuiText, EuiHorizontalRule, EuiSpacer } from '@elastic/eui';
 
-import { EuiSetColorMethod } from '@elastic/eui/src/services/color_picker/color_picker';
-import { css } from '@emotion/react';
-import { PromptContextTemplate } from '../../../..';
 import * as i18n from './translations';
 import { QuickPrompt } from '../types';
-import { QuickPromptSelector } from '../quick_prompt_selector/quick_prompt_selector';
-import { PromptContextSelector } from '../prompt_context_selector/prompt_context_selector';
-import { useAssistantContext } from '../../../assistant_context';
-
-const DEFAULT_COLOR = '#D36086';
+import { QuickPromptSettingsEditor } from './quick_prompt_editor';
 
 interface Props {
   onSelectedQuickPromptChange: (quickPrompt?: QuickPrompt) => void;
@@ -44,136 +29,6 @@ export const QuickPromptSettings: React.FC<Props> = React.memo<Props>(
     selectedQuickPrompt,
     setUpdatedQuickPromptSettings,
   }) => {
-    const { basePromptContexts } = useAssistantContext();
-
-    // Prompt
-    const prompt = useMemo(() => selectedQuickPrompt?.prompt ?? '', [selectedQuickPrompt?.prompt]);
-
-    const handlePromptChange = useCallback(
-      (e: React.ChangeEvent<HTMLTextAreaElement>) => {
-        if (selectedQuickPrompt != null) {
-          setUpdatedQuickPromptSettings((prev) => {
-            const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
-
-            if (alreadyExists) {
-              return prev.map((qp) => {
-                if (qp.title === selectedQuickPrompt.title) {
-                  return {
-                    ...qp,
-                    prompt: e.target.value,
-                  };
-                }
-                return qp;
-              });
-            }
-
-            return prev;
-          });
-        }
-      },
-      [selectedQuickPrompt, setUpdatedQuickPromptSettings]
-    );
-
-    // Color
-    const selectedColor = useMemo(
-      () => selectedQuickPrompt?.color ?? DEFAULT_COLOR,
-      [selectedQuickPrompt?.color]
-    );
-
-    const handleColorChange = useCallback<EuiSetColorMethod>(
-      (color, { hex, isValid }) => {
-        if (selectedQuickPrompt != null) {
-          setUpdatedQuickPromptSettings((prev) => {
-            const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
-
-            if (alreadyExists) {
-              return prev.map((qp) => {
-                if (qp.title === selectedQuickPrompt.title) {
-                  return {
-                    ...qp,
-                    color,
-                  };
-                }
-                return qp;
-              });
-            }
-            return prev;
-          });
-        }
-      },
-      [selectedQuickPrompt, setUpdatedQuickPromptSettings]
-    );
-
-    // Prompt Contexts
-    const selectedPromptContexts = useMemo(
-      () =>
-        basePromptContexts.filter((bpc) =>
-          selectedQuickPrompt?.categories?.some((cat) => bpc?.category === cat)
-        ) ?? [],
-      [basePromptContexts, selectedQuickPrompt?.categories]
-    );
-
-    const onPromptContextSelectionChange = useCallback(
-      (pc: PromptContextTemplate[]) => {
-        if (selectedQuickPrompt != null) {
-          setUpdatedQuickPromptSettings((prev) => {
-            const alreadyExists = prev.some((qp) => qp.title === selectedQuickPrompt.title);
-
-            if (alreadyExists) {
-              return prev.map((qp) => {
-                if (qp.title === selectedQuickPrompt.title) {
-                  return {
-                    ...qp,
-                    categories: pc.map((p) => p.category),
-                  };
-                }
-                return qp;
-              });
-            }
-            return prev;
-          });
-        }
-      },
-      [selectedQuickPrompt, setUpdatedQuickPromptSettings]
-    );
-
-    // When top level quick prompt selection changes
-    const onQuickPromptSelectionChange = useCallback(
-      (quickPrompt?: QuickPrompt | string) => {
-        const isNew = typeof quickPrompt === 'string';
-        const newSelectedQuickPrompt: QuickPrompt | undefined = isNew
-          ? {
-              title: quickPrompt ?? '',
-              prompt: '',
-              color: DEFAULT_COLOR,
-              categories: [],
-            }
-          : quickPrompt;
-
-        if (newSelectedQuickPrompt != null) {
-          setUpdatedQuickPromptSettings((prev) => {
-            const alreadyExists = prev.some((qp) => qp.title === newSelectedQuickPrompt.title);
-
-            if (!alreadyExists) {
-              return [...prev, newSelectedQuickPrompt];
-            }
-
-            return prev;
-          });
-        }
-
-        onSelectedQuickPromptChange(newSelectedQuickPrompt);
-      },
-      [onSelectedQuickPromptChange, setUpdatedQuickPromptSettings]
-    );
-
-    const onQuickPromptDeleted = useCallback(
-      (title: string) => {
-        setUpdatedQuickPromptSettings((prev) => prev.filter((qp) => qp.title !== title));
-      },
-      [setUpdatedQuickPromptSettings]
-    );
-
     return (
       <>
         <EuiTitle size={'s'}>
@@ -183,52 +38,12 @@ export const QuickPromptSettings: React.FC<Props> = React.memo<Props>(
         <EuiText size={'s'}>{i18n.SETTINGS_DESCRIPTION}</EuiText>
         <EuiHorizontalRule margin={'s'} />
 
-        <EuiFormRow label={i18n.QUICK_PROMPT_NAME} display="rowCompressed" fullWidth>
-          <QuickPromptSelector
-            onQuickPromptDeleted={onQuickPromptDeleted}
-            onQuickPromptSelectionChange={onQuickPromptSelectionChange}
-            quickPrompts={quickPromptSettings}
-            selectedQuickPrompt={selectedQuickPrompt}
-          />
-        </EuiFormRow>
-
-        <EuiFormRow label={i18n.QUICK_PROMPT_PROMPT} display="rowCompressed" fullWidth>
-          <EuiTextArea
-            compressed
-            disabled={selectedQuickPrompt == null}
-            fullWidth
-            data-test-subj="quick-prompt-prompt"
-            onChange={handlePromptChange}
-            placeholder={i18n.QUICK_PROMPT_PROMPT_PLACEHOLDER}
-            value={prompt}
-            css={css`
-              min-height: 150px;
-            `}
-          />
-        </EuiFormRow>
-
-        <EuiFormRow
-          display="rowCompressed"
-          fullWidth
-          label={i18n.QUICK_PROMPT_CONTEXTS}
-          helpText={i18n.QUICK_PROMPT_CONTEXTS_HELP_TEXT}
-        >
-          <PromptContextSelector
-            isDisabled={selectedQuickPrompt == null}
-            onPromptContextSelectionChange={onPromptContextSelectionChange}
-            promptContexts={basePromptContexts}
-            selectedPromptContexts={selectedPromptContexts}
-          />
-        </EuiFormRow>
-
-        <EuiFormRow display="rowCompressed" label={i18n.QUICK_PROMPT_BADGE_COLOR}>
-          <EuiColorPicker
-            color={selectedColor}
-            compressed
-            disabled={selectedQuickPrompt == null}
-            onChange={handleColorChange}
-          />
-        </EuiFormRow>
+        <QuickPromptSettingsEditor
+          onSelectedQuickPromptChange={onSelectedQuickPromptChange}
+          quickPromptSettings={quickPromptSettings}
+          selectedQuickPrompt={selectedQuickPrompt}
+          setUpdatedQuickPromptSettings={setUpdatedQuickPromptSettings}
+        />
       </>
     );
   }
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.test.tsx
new file mode 100644
index 0000000000000..ec3a0256716ae
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.test.tsx
@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook, act } from '@testing-library/react-hooks';
+import { useQuickPromptEditor, DEFAULT_COLOR } from './use_quick_prompt_editor';
+import { QuickPrompt } from '../types';
+import { mockAlertPromptContext } from '../../../mock/prompt_context';
+import { MOCK_QUICK_PROMPTS } from '../../../mock/quick_prompt';
+
+// Mock functions for the tests
+const mockOnSelectedQuickPromptChange = jest.fn();
+const mockSetUpdatedQuickPromptSettings = jest.fn();
+const mockPreviousQuickPrompts = [...MOCK_QUICK_PROMPTS];
+
+describe('useQuickPromptEditor', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should delete a quick prompt by title', () => {
+    const { result } = renderHook(() =>
+      useQuickPromptEditor({
+        onSelectedQuickPromptChange: mockOnSelectedQuickPromptChange,
+        setUpdatedQuickPromptSettings: mockSetUpdatedQuickPromptSettings,
+      })
+    );
+
+    act(() => {
+      result.current.onQuickPromptDeleted('ALERT_SUMMARIZATION_TITLE');
+    });
+
+    expect(mockSetUpdatedQuickPromptSettings.mock.calls[0][0]?.(mockPreviousQuickPrompts)).toEqual(
+      MOCK_QUICK_PROMPTS.filter((qp) => qp.title !== 'ALERT_SUMMARIZATION_TITLE')
+    );
+  });
+
+  test('should handle selection of a new quick prompt', () => {
+    const newPromptTitle = 'New Prompt';
+    const { result } = renderHook(() =>
+      useQuickPromptEditor({
+        onSelectedQuickPromptChange: mockOnSelectedQuickPromptChange,
+        setUpdatedQuickPromptSettings: mockSetUpdatedQuickPromptSettings,
+      })
+    );
+
+    act(() => {
+      result.current.onQuickPromptSelectionChange(newPromptTitle);
+    });
+
+    const newPrompt: QuickPrompt = {
+      title: newPromptTitle,
+      prompt: '',
+      color: DEFAULT_COLOR,
+      categories: [],
+    };
+
+    expect(mockOnSelectedQuickPromptChange).toHaveBeenCalledWith(newPrompt);
+    expect(mockSetUpdatedQuickPromptSettings.mock.calls[0][0]?.(mockPreviousQuickPrompts)).toEqual([
+      ...MOCK_QUICK_PROMPTS,
+      newPrompt,
+    ]);
+  });
+
+  test('should handle prompt selection', async () => {
+    const { result } = renderHook(() =>
+      useQuickPromptEditor({
+        onSelectedQuickPromptChange: mockOnSelectedQuickPromptChange,
+        setUpdatedQuickPromptSettings: mockSetUpdatedQuickPromptSettings,
+      })
+    );
+
+    const alertData = await mockAlertPromptContext.getPromptContext();
+
+    const expectedPrompt: QuickPrompt = {
+      title: mockAlertPromptContext.description,
+      prompt: alertData,
+      color: DEFAULT_COLOR,
+      categories: [mockAlertPromptContext.category],
+    } as QuickPrompt;
+
+    act(() => {
+      result.current.onQuickPromptSelectionChange(expectedPrompt);
+    });
+
+    expect(mockOnSelectedQuickPromptChange).toHaveBeenCalledWith(expectedPrompt);
+    expect(
+      mockSetUpdatedQuickPromptSettings.mock.calls[0][0]?.(mockPreviousQuickPrompts)
+    ).toContain(expectedPrompt);
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.tsx
new file mode 100644
index 0000000000000..716298afb21da
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings/use_quick_prompt_editor.tsx
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { QuickPrompt } from '../types';
+
+export const DEFAULT_COLOR = '#D36086';
+
+export const useQuickPromptEditor = ({
+  onSelectedQuickPromptChange,
+  setUpdatedQuickPromptSettings,
+}: {
+  onSelectedQuickPromptChange: (quickPrompt?: QuickPrompt) => void;
+  setUpdatedQuickPromptSettings: React.Dispatch<React.SetStateAction<QuickPrompt[]>>;
+}) => {
+  const onQuickPromptDeleted = useCallback(
+    (title: string) => {
+      setUpdatedQuickPromptSettings((prev) => prev.filter((qp) => qp.title !== title));
+    },
+    [setUpdatedQuickPromptSettings]
+  );
+
+  // When top level quick prompt selection changes
+  const onQuickPromptSelectionChange = useCallback(
+    (quickPrompt?: QuickPrompt | string) => {
+      const isNew = typeof quickPrompt === 'string';
+      const newSelectedQuickPrompt: QuickPrompt | undefined = isNew
+        ? {
+            title: quickPrompt ?? '',
+            prompt: '',
+            color: DEFAULT_COLOR,
+            categories: [],
+          }
+        : quickPrompt;
+
+      if (newSelectedQuickPrompt != null) {
+        setUpdatedQuickPromptSettings((prev) => {
+          const alreadyExists = prev.some((qp) => qp.title === newSelectedQuickPrompt.title);
+
+          if (!alreadyExists) {
+            return [...prev, newSelectedQuickPrompt];
+          }
+
+          return prev;
+        });
+      }
+
+      onSelectedQuickPromptChange(newSelectedQuickPrompt);
+    },
+    [onSelectedQuickPromptChange, setUpdatedQuickPromptSettings]
+  );
+
+  return { onQuickPromptDeleted, onQuickPromptSelectionChange };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/index.tsx
new file mode 100644
index 0000000000000..e8362db441719
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/index.tsx
@@ -0,0 +1,184 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React, { useCallback, useMemo, useState } from 'react';
+import {
+  EuiButton,
+  EuiConfirmModal,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiInMemoryTable,
+  EuiPanel,
+  EuiSpacer,
+} from '@elastic/eui';
+import { QuickPrompt } from '../types';
+import { QuickPromptSettingsEditor } from '../quick_prompt_settings/quick_prompt_editor';
+import * as i18n from './translations';
+import { useFlyoutModalVisibility } from '../../common/components/assistant_settings_management/flyout/use_flyout_modal_visibility';
+import { Flyout } from '../../common/components/assistant_settings_management/flyout';
+import { CANCEL, DELETE } from '../../settings/translations';
+import { useQuickPromptEditor } from '../quick_prompt_settings/use_quick_prompt_editor';
+import { useQuickPromptTable } from './use_quick_prompt_table';
+import {
+  DEFAULT_TABLE_OPTIONS,
+  useSessionPagination,
+} from '../../common/components/assistant_settings_management/pagination/use_session_pagination';
+import { QUICK_PROMPT_TABLE_SESSION_STORAGE_KEY } from '../../../assistant_context/constants';
+import { useAssistantContext } from '../../../assistant_context';
+
+interface Props {
+  handleSave: (shouldRefetchConversation?: boolean) => void;
+  onCancelClick: () => void;
+  onSelectedQuickPromptChange: (quickPrompt?: QuickPrompt) => void;
+  quickPromptSettings: QuickPrompt[];
+  resetSettings?: () => void;
+  selectedQuickPrompt: QuickPrompt | undefined;
+  setUpdatedQuickPromptSettings: React.Dispatch<React.SetStateAction<QuickPrompt[]>>;
+}
+
+const QuickPromptSettingsManagementComponent = ({
+  handleSave,
+  onCancelClick,
+  onSelectedQuickPromptChange,
+  quickPromptSettings,
+  resetSettings,
+  selectedQuickPrompt,
+  setUpdatedQuickPromptSettings,
+}: Props) => {
+  const { nameSpace, basePromptContexts } = useAssistantContext();
+
+  const { isFlyoutOpen: editFlyoutVisible, openFlyout, closeFlyout } = useFlyoutModalVisibility();
+  const [deletedQuickPrompt, setDeletedQuickPrompt] = useState<QuickPrompt | null>();
+  const {
+    isFlyoutOpen: deleteConfirmModalVisibility,
+    openFlyout: openConfirmModal,
+    closeFlyout: closeConfirmModal,
+  } = useFlyoutModalVisibility();
+
+  const { onQuickPromptDeleted, onQuickPromptSelectionChange } = useQuickPromptEditor({
+    onSelectedQuickPromptChange,
+    setUpdatedQuickPromptSettings,
+  });
+
+  const onEditActionClicked = useCallback(
+    (prompt: QuickPrompt) => {
+      onQuickPromptSelectionChange(prompt);
+      openFlyout();
+    },
+    [onQuickPromptSelectionChange, openFlyout]
+  );
+
+  const onDeleteActionClicked = useCallback(
+    (prompt: QuickPrompt) => {
+      setDeletedQuickPrompt(prompt);
+      onQuickPromptDeleted(prompt.title);
+      openConfirmModal();
+    },
+    [onQuickPromptDeleted, openConfirmModal]
+  );
+
+  const onDeleteCancelled = useCallback(() => {
+    setDeletedQuickPrompt(null);
+    closeConfirmModal();
+    onCancelClick();
+  }, [closeConfirmModal, onCancelClick]);
+
+  const onDeleteConfirmed = useCallback(() => {
+    handleSave();
+    closeConfirmModal();
+  }, [closeConfirmModal, handleSave]);
+
+  const onCreate = useCallback(() => {
+    onSelectedQuickPromptChange();
+    openFlyout();
+  }, [onSelectedQuickPromptChange, openFlyout]);
+
+  const onSaveCancelled = useCallback(() => {
+    onSelectedQuickPromptChange();
+    closeFlyout();
+    onCancelClick();
+  }, [closeFlyout, onSelectedQuickPromptChange, onCancelClick]);
+
+  const onSaveConfirmed = useCallback(() => {
+    handleSave();
+    onSelectedQuickPromptChange();
+    closeFlyout();
+  }, [closeFlyout, handleSave, onSelectedQuickPromptChange]);
+
+  const { getColumns } = useQuickPromptTable();
+  const columns = getColumns({
+    basePromptContexts,
+    onEditActionClicked,
+    onDeleteActionClicked,
+  });
+
+  const { onTableChange, pagination, sorting } = useSessionPagination({
+    defaultTableOptions: DEFAULT_TABLE_OPTIONS,
+    nameSpace,
+    storageKey: QUICK_PROMPT_TABLE_SESSION_STORAGE_KEY,
+  });
+
+  const confirmationTitle = useMemo(
+    () =>
+      deletedQuickPrompt?.title
+        ? i18n.DELETE_QUICK_PROMPT_MODAL_TITLE(deletedQuickPrompt.title)
+        : i18n.DELETE_QUICK_PROMPT_MODAL_DEFAULT_TITLE,
+    [deletedQuickPrompt?.title]
+  );
+
+  return (
+    <>
+      <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+        <EuiFlexGroup justifyContent="flexEnd">
+          <EuiFlexItem grow={false}>
+            <EuiButton iconType="plusInCircle" onClick={onCreate}>
+              {i18n.QUICK_PROMPTS_TABLE_CREATE_BUTTON_TITLE}
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiSpacer size="s" />
+        <EuiInMemoryTable
+          columns={columns}
+          items={quickPromptSettings}
+          onTableChange={onTableChange}
+          pagination={pagination}
+          sorting={sorting}
+        />
+      </EuiPanel>
+      <Flyout
+        flyoutVisible={editFlyoutVisible}
+        title={i18n.QUICK_PROMPT_EDIT_FLYOUT_TITLE}
+        onClose={onSaveCancelled}
+        onSaveCancelled={onSaveCancelled}
+        onSaveConfirmed={onSaveConfirmed}
+      >
+        <QuickPromptSettingsEditor
+          onSelectedQuickPromptChange={onSelectedQuickPromptChange}
+          quickPromptSettings={quickPromptSettings}
+          resetSettings={resetSettings}
+          selectedQuickPrompt={selectedQuickPrompt}
+          setUpdatedQuickPromptSettings={setUpdatedQuickPromptSettings}
+        />
+      </Flyout>
+      {deleteConfirmModalVisibility && deletedQuickPrompt && (
+        <EuiConfirmModal
+          aria-labelledby={confirmationTitle}
+          title={confirmationTitle}
+          onCancel={onDeleteCancelled}
+          onConfirm={onDeleteConfirmed}
+          cancelButtonText={CANCEL}
+          confirmButtonText={DELETE}
+          buttonColor="danger"
+          defaultFocusedButton="confirm"
+        >
+          <p>{i18n.DELETE_QUICK_PROMPT_MODAL_DESCRIPTION}</p>
+        </EuiConfirmModal>
+      )}
+    </>
+  );
+};
+
+export const QuickPromptSettingsManagement = QuickPromptSettingsManagementComponent;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/translations.ts
new file mode 100644
index 0000000000000..545fa822a7244
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/translations.ts
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { i18n } from '@kbn/i18n';
+
+export const QUICK_PROMPTS_TABLE_COLUMN_NAME = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.quickPromptsTableColumnName',
+  {
+    defaultMessage: 'Name',
+  }
+);
+
+export const QUICK_PROMPTS_TABLE_COLUMN_CREATED_AT = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.quickPromptsTableColumnCreatedAt',
+  {
+    defaultMessage: 'Created at',
+  }
+);
+
+export const QUICK_PROMPTS_TABLE_COLUMN_ACTIONS = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.quickPromptsTableColumnActions',
+  {
+    defaultMessage: 'Actions',
+  }
+);
+
+export const QUICK_PROMPTS_TABLE_CREATE_BUTTON_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.createButtonTitle',
+  {
+    defaultMessage: 'Quick Prompt',
+  }
+);
+
+export const QUICK_PROMPT_EDIT_FLYOUT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptEditFlyout.title',
+  {
+    defaultMessage: 'Quick Prompt',
+  }
+);
+
+export const QUICK_PROMPTS_TABLE_COLUMN_CONTEXTS = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.quickPromptsTableColumnContexts',
+  {
+    defaultMessage: 'Contexts',
+  }
+);
+
+export const DELETE_QUICK_PROMPT_MODAL_TITLE = (prompt: string) =>
+  i18n.translate(
+    'xpack.elasticAssistant.assistant.quickPromptsTable.modal.deleteQuickPromptConfirmationTitle',
+    {
+      values: { prompt },
+      defaultMessage: 'Delete "{prompt}"?',
+    }
+  );
+
+export const DELETE_QUICK_PROMPT_MODAL_DEFAULT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.modal.deleteQuickPromptConfirmationDefaultTitle',
+  {
+    defaultMessage: 'Delete quick prompt?',
+  }
+);
+
+export const DELETE_QUICK_PROMPT_MODAL_DESCRIPTION = i18n.translate(
+  'xpack.elasticAssistant.assistant.quickPromptsTable.modal.deleteQuickPromptConfirmationMessage',
+  {
+    defaultMessage: 'You cannot recover the prompt once deleted',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.test.tsx
new file mode 100644
index 0000000000000..316b43f6cfb3d
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.test.tsx
@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react-hooks';
+import { useQuickPromptTable } from './use_quick_prompt_table';
+import { EuiTableComputedColumnType } from '@elastic/eui';
+import { QuickPrompt } from '../types';
+import { MOCK_QUICK_PROMPTS } from '../../../mock/quick_prompt';
+import { mockPromptContexts } from '../../../mock/prompt_context';
+
+const mockOnEditActionClicked = jest.fn();
+const mockOnDeleteActionClicked = jest.fn();
+
+describe('useQuickPromptTable', () => {
+  const { result } = renderHook(() => useQuickPromptTable());
+
+  describe('getColumns', () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+    });
+    it('should return columns with correct render functions', () => {
+      const columns = result.current.getColumns({
+        basePromptContexts: mockPromptContexts,
+        onEditActionClicked: mockOnEditActionClicked,
+        onDeleteActionClicked: mockOnDeleteActionClicked,
+      });
+
+      expect(columns).toHaveLength(3);
+      expect(columns[0].name).toBe('Name');
+      expect(columns[1].name).toBe('Contexts');
+      expect(columns[2].name).toBe('Actions');
+    });
+
+    it('should render contexts column correctly', () => {
+      const columns = result.current.getColumns({
+        basePromptContexts: mockPromptContexts,
+        onEditActionClicked: mockOnEditActionClicked,
+        onDeleteActionClicked: mockOnDeleteActionClicked,
+      });
+
+      const mockQuickPrompt = { ...MOCK_QUICK_PROMPTS[0], categories: ['alert'] };
+      const mockBadgesColumn = (columns[1] as EuiTableComputedColumnType<QuickPrompt>).render(
+        mockQuickPrompt
+      );
+      const selectedPromptContexts = mockPromptContexts
+        .filter((bpc) => mockQuickPrompt.categories?.some((cat) => bpc.category === cat))
+        .map((bpc) => bpc.description);
+      expect(mockBadgesColumn).toHaveProperty('props', {
+        items: selectedPromptContexts,
+        prefix: MOCK_QUICK_PROMPTS[0].title,
+      });
+    });
+
+    it('should not render delete action for non-deletable prompt', () => {
+      const columns = result.current.getColumns({
+        basePromptContexts: mockPromptContexts,
+        onEditActionClicked: mockOnEditActionClicked,
+        onDeleteActionClicked: mockOnDeleteActionClicked,
+      });
+
+      const mockRowActions = (columns[2] as EuiTableComputedColumnType<QuickPrompt>).render(
+        MOCK_QUICK_PROMPTS[0]
+      );
+
+      expect(mockRowActions).toHaveProperty('props', {
+        rowItem: MOCK_QUICK_PROMPTS[0],
+        onDelete: undefined,
+        onEdit: mockOnEditActionClicked,
+        isDeletable: false,
+      });
+    });
+
+    it('should render delete actions correctly for deletable prompt', () => {
+      const columns = result.current.getColumns({
+        basePromptContexts: mockPromptContexts,
+        onEditActionClicked: mockOnEditActionClicked,
+        onDeleteActionClicked: mockOnDeleteActionClicked,
+      });
+
+      const nonDefaultPrompt = MOCK_QUICK_PROMPTS.find((qp) => !qp.isDefault);
+      if (nonDefaultPrompt) {
+        const mockRowActions = (columns[2] as EuiTableComputedColumnType<QuickPrompt>).render(
+          nonDefaultPrompt
+        );
+        expect(mockRowActions).toHaveProperty('props', {
+          rowItem: nonDefaultPrompt,
+          onDelete: mockOnDeleteActionClicked,
+          onEdit: mockOnEditActionClicked,
+          isDeletable: true,
+        });
+      }
+    });
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.tsx
new file mode 100644
index 0000000000000..9ec334f817340
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompt_settings_management/use_quick_prompt_table.tsx
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiBasicTableColumn, EuiLink } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { BadgesColumn } from '../../common/components/assistant_settings_management/badges';
+import { RowActions } from '../../common/components/assistant_settings_management/row_actions';
+import { PromptContextTemplate } from '../../prompt_context/types';
+import { QuickPrompt } from '../types';
+import * as i18n from './translations';
+
+export const useQuickPromptTable = () => {
+  const getColumns = useCallback(
+    ({
+      basePromptContexts,
+      onEditActionClicked,
+      onDeleteActionClicked,
+    }: {
+      basePromptContexts: PromptContextTemplate[];
+      onEditActionClicked: (prompt: QuickPrompt) => void;
+      onDeleteActionClicked: (prompt: QuickPrompt) => void;
+    }): Array<EuiBasicTableColumn<QuickPrompt>> => [
+      {
+        align: 'left',
+        name: i18n.QUICK_PROMPTS_TABLE_COLUMN_NAME,
+        render: (prompt: QuickPrompt) =>
+          prompt?.title ? (
+            <EuiLink onClick={() => onEditActionClicked(prompt)}>{prompt?.title}</EuiLink>
+          ) : null,
+        sortable: ({ title }: QuickPrompt) => title,
+      },
+      {
+        align: 'left',
+        name: i18n.QUICK_PROMPTS_TABLE_COLUMN_CONTEXTS,
+        render: (prompt: QuickPrompt) => {
+          const selectedPromptContexts = (
+            basePromptContexts.filter((bpc) =>
+              prompt?.categories?.some((cat) => bpc?.category === cat)
+            ) ?? []
+          ).map((bpc) => bpc?.description);
+          return selectedPromptContexts ? (
+            <BadgesColumn items={selectedPromptContexts} prefix={prompt.title} />
+          ) : null;
+        },
+      },
+      /* TODO: enable when createdAt is added
+      {
+        align: 'left',
+        field: 'createdAt',
+        name: i18n.QUICK_PROMPTS_TABLE_COLUMN_CREATED_AT,
+      },
+      */
+      {
+        align: 'center',
+        name: i18n.QUICK_PROMPTS_TABLE_COLUMN_ACTIONS,
+        width: '120px',
+        render: (prompt: QuickPrompt) => {
+          if (!prompt) {
+            return null;
+          }
+          const isDeletable = !prompt.isDefault;
+          return (
+            <RowActions<QuickPrompt>
+              rowItem={prompt}
+              onDelete={isDeletable ? onDeleteActionClicked : undefined}
+              onEdit={onEditActionClicked}
+              isDeletable={isDeletable}
+            />
+          );
+        },
+      },
+    ],
+    []
+  );
+
+  return { getColumns };
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.test.tsx
index 2632a66ac7f5a..7fb2c9760fc7b 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.test.tsx
@@ -10,7 +10,7 @@ import { fireEvent, render } from '@testing-library/react';
 import { QuickPrompts } from './quick_prompts';
 import { TestProviders } from '../../mock/test_providers/test_providers';
 import { MOCK_QUICK_PROMPTS } from '../../mock/quick_prompt';
-import { QUICK_PROMPTS_TAB } from '../settings/assistant_settings';
+import { QUICK_PROMPTS_TAB } from '../settings/const';
 
 const setInput = jest.fn();
 const setIsSettingsModalVisible = jest.fn();
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.tsx
index 63e57424fa49b..7d08d20f432b9 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/quick_prompts/quick_prompts.tsx
@@ -20,7 +20,7 @@ import { css } from '@emotion/react';
 import { QuickPrompt } from '../../..';
 import * as i18n from './translations';
 import { useAssistantContext } from '../../assistant_context';
-import { QUICK_PROMPTS_TAB } from '../settings/assistant_settings';
+import { QUICK_PROMPTS_TAB } from '../settings/const';
 
 export const KNOWLEDGE_BASE_CATEGORY = 'knowledge-base';
 
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
index 8278cb1559535..8f4a8680f9c57 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
@@ -8,19 +8,19 @@
 import { alertConvo, customConvo, welcomeConvo } from '../../mock/conversation';
 import { useAssistantContext } from '../../assistant_context';
 import { fireEvent, render, act } from '@testing-library/react';
+import { AssistantSettings } from './assistant_settings';
+import React from 'react';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+import { MOCK_QUICK_PROMPTS } from '../../mock/quick_prompt';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import {
-  AssistantSettings,
   ANONYMIZATION_TAB,
   CONVERSATIONS_TAB,
   EVALUATION_TAB,
   KNOWLEDGE_BASE_TAB,
   QUICK_PROMPTS_TAB,
   SYSTEM_PROMPTS_TAB,
-} from './assistant_settings';
-import React from 'react';
-import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
-import { MOCK_QUICK_PROMPTS } from '../../mock/quick_prompt';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+} from './const';
 
 const mockConversations = {
   [alertConvo.title]: alertConvo,
@@ -49,6 +49,7 @@ const onSave = jest.fn().mockResolvedValue(() => {});
 const onConversationSelected = jest.fn();
 
 const testProps = {
+  conversationsLoaded: true,
   defaultConnectorId: '123',
   defaultProvider: OpenAiProviderType.OpenAi,
   selectedConversationId: welcomeConvo.title,
@@ -65,7 +66,7 @@ jest.mock('../../assistant_context');
 jest.mock('.', () => {
   return {
     AnonymizationSettings: () => <span data-test-subj="ANONYMIZATION_TAB-tab" />,
-    ConversationSettings: () => <span data-test-subj={`CONVERSATION_TAB-tab`} />,
+    ConversationSettings: () => <span data-test-subj="CONVERSATIONS_TAB-tab" />,
     EvaluationSettings: () => <span data-test-subj="EVALUATION_TAB-tab" />,
     KnowledgeBaseSettings: () => <span data-test-subj="KNOWLEDGE_BASE_TAB-tab" />,
     QuickPromptSettings: () => <span data-test-subj="QUICK_PROMPTS_TAB-tab" />,
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
index f83e6c0d72ee6..68a8049b825b3 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
@@ -24,7 +24,7 @@ import {
 import styled from 'styled-components';
 import { css } from '@emotion/react';
 import { AIConnector } from '../../connectorland/connector_selector';
-import { Conversation, Prompt, QuickPrompt } from '../../..';
+import { Conversation, Prompt, QuickPrompt, useLoadConnectors } from '../../..';
 import * as i18n from './translations';
 import { useAssistantContext } from '../../assistant_context';
 import { TEST_IDS } from '../constants';
@@ -38,26 +38,20 @@ import {
   SystemPromptSettings,
 } from '.';
 import { useFetchAnonymizationFields } from '../api/anonymization_fields/use_fetch_anonymization_fields';
+import {
+  ANONYMIZATION_TAB,
+  CONVERSATIONS_TAB,
+  EVALUATION_TAB,
+  KNOWLEDGE_BASE_TAB,
+  QUICK_PROMPTS_TAB,
+  SYSTEM_PROMPTS_TAB,
+} from './const';
 
 const StyledEuiModal = styled(EuiModal)`
   width: 800px;
   height: 575px;
 `;
 
-export const CONVERSATIONS_TAB = 'CONVERSATION_TAB' as const;
-export const QUICK_PROMPTS_TAB = 'QUICK_PROMPTS_TAB' as const;
-export const SYSTEM_PROMPTS_TAB = 'SYSTEM_PROMPTS_TAB' as const;
-export const ANONYMIZATION_TAB = 'ANONYMIZATION_TAB' as const;
-export const KNOWLEDGE_BASE_TAB = 'KNOWLEDGE_BASE_TAB' as const;
-export const EVALUATION_TAB = 'EVALUATION_TAB' as const;
-
-export type SettingsTabs =
-  | typeof CONVERSATIONS_TAB
-  | typeof QUICK_PROMPTS_TAB
-  | typeof SYSTEM_PROMPTS_TAB
-  | typeof ANONYMIZATION_TAB
-  | typeof KNOWLEDGE_BASE_TAB
-  | typeof EVALUATION_TAB;
 interface Props {
   defaultConnector?: AIConnector;
   onClose: (
@@ -68,6 +62,7 @@ interface Props {
   selectedConversationId?: string;
   onConversationSelected: ({ cId, cTitle }: { cId: string; cTitle: string }) => void;
   conversations: Record<string, Conversation>;
+  conversationsLoaded: boolean;
 }
 
 /**
@@ -82,6 +77,7 @@ export const AssistantSettings: React.FC<Props> = React.memo(
     selectedConversationId: defaultSelectedConversationId,
     onConversationSelected,
     conversations,
+    conversationsLoaded,
     isFlyoutMode,
   }) => {
     const {
@@ -93,9 +89,19 @@ export const AssistantSettings: React.FC<Props> = React.memo(
       setSelectedSettingsTab,
     } = useAssistantContext();
 
+    useEffect(() => {
+      if (selectedSettingsTab == null) {
+        setSelectedSettingsTab(CONVERSATIONS_TAB);
+      }
+    }, [selectedSettingsTab, setSelectedSettingsTab]);
+
     const { data: anonymizationFields, refetch: refetchAnonymizationFieldsResults } =
       useFetchAnonymizationFields();
 
+    const { data: connectors } = useLoadConnectors({
+      http,
+    });
+
     const {
       conversationSettings,
       setConversationSettings,
@@ -114,7 +120,7 @@ export const AssistantSettings: React.FC<Props> = React.memo(
       anonymizationFieldsBulkActions,
       setAnonymizationFieldsBulkActions,
       setUpdatedAnonymizationData,
-    } = useSettingsUpdater(conversations, anonymizationFields);
+    } = useSettingsUpdater(conversations, conversationsLoaded, anonymizationFields);
 
     // Local state for saving previously selected items so tab switching is friendlier
     // Conversation Selection State
@@ -205,7 +211,7 @@ export const AssistantSettings: React.FC<Props> = React.memo(
               <EuiKeyPadMenuItem
                 id={CONVERSATIONS_TAB}
                 label={i18n.CONVERSATIONS_MENU_ITEM}
-                isSelected={selectedSettingsTab === CONVERSATIONS_TAB}
+                isSelected={!selectedSettingsTab || selectedSettingsTab === CONVERSATIONS_TAB}
                 onClick={() => setSelectedSettingsTab(CONVERSATIONS_TAB)}
                 data-test-subj={`${CONVERSATIONS_TAB}-button`}
               >
@@ -310,24 +316,26 @@ export const AssistantSettings: React.FC<Props> = React.memo(
                   overflow-y: scroll;
                 `}
               >
-                {selectedSettingsTab === CONVERSATIONS_TAB && (
-                  <ConversationSettings
-                    actionTypeRegistry={actionTypeRegistry}
-                    defaultConnector={defaultConnector}
-                    conversationSettings={conversationSettings}
-                    setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
-                    conversationsSettingsBulkActions={conversationsSettingsBulkActions}
-                    setConversationSettings={setConversationSettings}
-                    allSystemPrompts={systemPromptSettings}
-                    selectedConversation={selectedConversation}
-                    isDisabled={selectedConversation == null}
-                    assistantStreamingEnabled={assistantStreamingEnabled}
-                    setAssistantStreamingEnabled={setUpdatedAssistantStreamingEnabled}
-                    onSelectedConversationChange={onHandleSelectedConversationChange}
-                    http={http}
-                    isFlyoutMode={isFlyoutMode}
-                  />
-                )}
+                {!selectedSettingsTab ||
+                  (selectedSettingsTab === CONVERSATIONS_TAB && (
+                    <ConversationSettings
+                      actionTypeRegistry={actionTypeRegistry}
+                      connectors={connectors}
+                      defaultConnector={defaultConnector}
+                      conversationSettings={conversationSettings}
+                      setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+                      conversationsSettingsBulkActions={conversationsSettingsBulkActions}
+                      setConversationSettings={setConversationSettings}
+                      allSystemPrompts={systemPromptSettings}
+                      selectedConversation={selectedConversation}
+                      isDisabled={selectedConversation == null}
+                      assistantStreamingEnabled={assistantStreamingEnabled}
+                      setAssistantStreamingEnabled={setUpdatedAssistantStreamingEnabled}
+                      onSelectedConversationChange={onHandleSelectedConversationChange}
+                      http={http}
+                      isFlyoutMode={isFlyoutMode}
+                    />
+                  ))}
                 {selectedSettingsTab === QUICK_PROMPTS_TAB && (
                   <QuickPromptSettings
                     quickPromptSettings={quickPromptSettings}
@@ -338,6 +346,7 @@ export const AssistantSettings: React.FC<Props> = React.memo(
                 )}
                 {selectedSettingsTab === SYSTEM_PROMPTS_TAB && (
                   <SystemPromptSettings
+                    connectors={connectors}
                     conversationSettings={conversationSettings}
                     defaultConnector={defaultConnector}
                     systemPromptSettings={systemPromptSettings}
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx
index 4fee52fb3bc99..3aab8d1169bfc 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx
@@ -11,7 +11,7 @@ import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/c
 
 import { AssistantSettingsButton } from './assistant_settings_button';
 import { welcomeConvo } from '../../mock/conversation';
-import { CONVERSATIONS_TAB } from './assistant_settings';
+import { CONVERSATIONS_TAB } from './const';
 
 const setIsSettingsModalVisible = jest.fn();
 const onConversationSelected = jest.fn();
@@ -25,6 +25,7 @@ const testProps = {
   isFlyoutMode: false,
   onConversationSelected,
   conversations: {},
+  conversationsLoaded: true,
   refetchConversationsState: jest.fn(),
   anonymizationFields: { total: 0, page: 1, perPage: 1000, data: [] },
   refetchAnonymizationFieldsResults: jest.fn(),
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx
index 47ca1d78de75d..432730194d1a3 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx
@@ -10,9 +10,10 @@ import { EuiButtonIcon, EuiToolTip } from '@elastic/eui';
 
 import { AIConnector } from '../../connectorland/connector_selector';
 import { Conversation } from '../../..';
-import { AssistantSettings, CONVERSATIONS_TAB } from './assistant_settings';
+import { AssistantSettings } from './assistant_settings';
 import * as i18n from './translations';
 import { useAssistantContext } from '../../assistant_context';
+import { CONVERSATIONS_TAB } from './const';
 
 interface Props {
   defaultConnector?: AIConnector;
@@ -23,6 +24,7 @@ interface Props {
   isDisabled?: boolean;
   isFlyoutMode: boolean;
   conversations: Record<string, Conversation>;
+  conversationsLoaded: boolean;
   refetchConversationsState: () => Promise<void>;
 }
 
@@ -39,6 +41,7 @@ export const AssistantSettingsButton: React.FC<Props> = React.memo(
     isFlyoutMode,
     onConversationSelected,
     conversations,
+    conversationsLoaded,
     refetchConversationsState,
   }) => {
     const { toasts, setSelectedSettingsTab } = useAssistantContext();
@@ -94,6 +97,7 @@ export const AssistantSettingsButton: React.FC<Props> = React.memo(
             onSave={handleSave}
             isFlyoutMode={isFlyoutMode}
             conversations={conversations}
+            conversationsLoaded={conversationsLoaded}
           />
         )}
       </>
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx
new file mode 100644
index 0000000000000..3b34b3467aa84
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx
@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { alertConvo, welcomeConvo } from '../../mock/conversation';
+import { useAssistantContext } from '../../assistant_context';
+import { fireEvent, render } from '@testing-library/react';
+
+import React from 'react';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+import { MOCK_QUICK_PROMPTS } from '../../mock/quick_prompt';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { AssistantSettingsManagement } from './assistant_settings_management';
+import {
+  ANONYMIZATION_TAB,
+  CONNECTORS_TAB,
+  CONVERSATIONS_TAB,
+  EVALUATION_TAB,
+  KNOWLEDGE_BASE_TAB,
+  QUICK_PROMPTS_TAB,
+  SYSTEM_PROMPTS_TAB,
+} from './const';
+
+const mockConversations = {
+  [alertConvo.title]: alertConvo,
+  [welcomeConvo.title]: welcomeConvo,
+};
+const saveSettings = jest.fn();
+
+const mockValues = {
+  conversationSettings: mockConversations,
+  saveSettings,
+};
+
+const setSelectedSettingsTab = jest.fn();
+const mockContext = {
+  basePromptContexts: MOCK_QUICK_PROMPTS,
+  setSelectedSettingsTab,
+  http: {
+    get: jest.fn(),
+  },
+  assistantFeatures: { assistantModelEvaluation: true },
+  selectedSettingsTab: null,
+  assistantAvailability: {
+    isAssistantEnabled: true,
+  },
+};
+const onClose = jest.fn();
+const onSave = jest.fn().mockResolvedValue(() => {});
+const onConversationSelected = jest.fn();
+
+const testProps = {
+  conversationsLoaded: true,
+  defaultConnectorId: '123',
+  defaultProvider: OpenAiProviderType.OpenAi,
+  selectedConversation: welcomeConvo,
+  onClose,
+  onSave,
+  isFlyoutMode: false,
+  onConversationSelected,
+  conversations: {},
+  anonymizationFields: { total: 0, page: 1, perPage: 1000, data: [] },
+  refetchAnonymizationFieldsResults: jest.fn(),
+  refetchConversations: jest.fn(),
+};
+jest.mock('../../assistant_context');
+
+jest.mock('../../connectorland/connector_settings_management', () => ({
+  ConnectorsSettingsManagement: () => <span data-test-subj="CONNECTORS_TAB-tab" />,
+}));
+
+jest.mock('../conversations/conversation_settings_management', () => ({
+  ConversationSettingsManagement: () => <span data-test-subj="CONVERSATIONS_TAB-tab" />,
+}));
+
+jest.mock('../quick_prompts/quick_prompt_settings_management', () => ({
+  QuickPromptSettingsManagement: () => <span data-test-subj="QUICK_PROMPTS_TAB-tab" />,
+}));
+
+jest.mock('../prompt_editor/system_prompt/system_prompt_settings_management', () => ({
+  SystemPromptSettingsManagement: () => <span data-test-subj="SYSTEM_PROMPTS_TAB-tab" />,
+}));
+
+jest.mock('../../data_anonymization/settings/anonymization_settings_management', () => ({
+  AnonymizationSettingsManagement: () => <span data-test-subj="ANONYMIZATION_TAB-tab" />,
+}));
+
+jest.mock('.', () => {
+  return {
+    EvaluationSettings: () => <span data-test-subj="EVALUATION_TAB-tab" />,
+    KnowledgeBaseSettings: () => <span data-test-subj="KNOWLEDGE_BASE_TAB-tab" />,
+  };
+});
+
+jest.mock('./use_settings_updater/use_settings_updater', () => {
+  const original = jest.requireActual('./use_settings_updater/use_settings_updater');
+  return {
+    ...original,
+    useSettingsUpdater: jest.fn().mockImplementation(() => mockValues),
+  };
+});
+
+const queryClient = new QueryClient();
+
+const wrapper = (props: { children: React.ReactNode }) => (
+  <QueryClientProvider client={queryClient}>{props.children}</QueryClientProvider>
+);
+
+describe('AssistantSettingsManagement', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    (useAssistantContext as jest.Mock).mockImplementation(() => mockContext);
+  });
+
+  it('Bottom bar is hidden when no pending changes', async () => {
+    const { queryByTestId } = render(<AssistantSettingsManagement {...testProps} />, {
+      wrapper,
+    });
+
+    expect(queryByTestId(`bottom-bar`)).not.toBeInTheDocument();
+  });
+
+  describe.each([
+    CONNECTORS_TAB,
+    ANONYMIZATION_TAB,
+    CONVERSATIONS_TAB,
+    EVALUATION_TAB,
+    KNOWLEDGE_BASE_TAB,
+    QUICK_PROMPTS_TAB,
+    SYSTEM_PROMPTS_TAB,
+  ])('%s', (tab) => {
+    it('Opens the tab on button click', () => {
+      (useAssistantContext as jest.Mock).mockImplementation(() => ({
+        ...mockContext,
+        selectedSettingsTab: tab,
+      }));
+      const { getByTestId } = render(<AssistantSettingsManagement {...testProps} />, {
+        wrapper,
+      });
+      fireEvent.click(getByTestId(`settingsPageTab-${tab}`));
+      expect(setSelectedSettingsTab).toHaveBeenCalledWith(tab);
+    });
+    it('renders with the correct tab open', () => {
+      (useAssistantContext as jest.Mock).mockImplementation(() => ({
+        ...mockContext,
+        selectedSettingsTab: tab,
+      }));
+      const { getByTestId } = render(<AssistantSettingsManagement {...testProps} />, {
+        wrapper,
+      });
+      expect(getByTestId(`${tab}-tab`)).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx
index 79a050b11bb27..4e89bb3bba4fc 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx
@@ -7,12 +7,15 @@
 
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import {
+  EuiAvatar,
   EuiButton,
   EuiButtonEmpty,
-  EuiIcon,
+  EuiFlexGroup,
   EuiFlexItem,
   EuiPageTemplate,
-  EuiFlexGroup,
+  EuiTitle,
+  useEuiShadow,
+  useEuiTheme,
 } from '@elastic/eui';
 
 import { css } from '@emotion/react';
@@ -20,37 +23,32 @@ import { Conversation, Prompt, QuickPrompt } from '../../..';
 import * as i18n from './translations';
 import { useAssistantContext } from '../../assistant_context';
 import { useSettingsUpdater } from './use_settings_updater/use_settings_updater';
-import {
-  AnonymizationSettings,
-  ConversationSettings,
-  EvaluationSettings,
-  KnowledgeBaseSettings,
-  QuickPromptSettings,
-  SystemPromptSettings,
-} from '.';
+import { KnowledgeBaseSettings, EvaluationSettings } from '.';
 import { useLoadConnectors } from '../../connectorland/use_load_connectors';
 import { getDefaultConnector } from '../helpers';
 import { useFetchAnonymizationFields } from '../api/anonymization_fields/use_fetch_anonymization_fields';
+import { ConnectorsSettingsManagement } from '../../connectorland/connector_settings_management';
+import { ConversationSettingsManagement } from '../conversations/conversation_settings_management';
+import { QuickPromptSettingsManagement } from '../quick_prompts/quick_prompt_settings_management';
+import { SystemPromptSettingsManagement } from '../prompt_editor/system_prompt/system_prompt_settings_management';
+import { AnonymizationSettingsManagement } from '../../data_anonymization/settings/anonymization_settings_management';
 
-export const CONVERSATIONS_TAB = 'CONVERSATION_TAB' as const;
-export const QUICK_PROMPTS_TAB = 'QUICK_PROMPTS_TAB' as const;
-export const SYSTEM_PROMPTS_TAB = 'SYSTEM_PROMPTS_TAB' as const;
-export const ANONYMIZATION_TAB = 'ANONYMIZATION_TAB' as const;
-export const KNOWLEDGE_BASE_TAB = 'KNOWLEDGE_BASE_TAB' as const;
-export const EVALUATION_TAB = 'EVALUATION_TAB' as const;
+import {
+  ANONYMIZATION_TAB,
+  CONNECTORS_TAB,
+  CONVERSATIONS_TAB,
+  EVALUATION_TAB,
+  KNOWLEDGE_BASE_TAB,
+  QUICK_PROMPTS_TAB,
+  SYSTEM_PROMPTS_TAB,
+} from './const';
 
-export type SettingsTabs =
-  | typeof CONVERSATIONS_TAB
-  | typeof QUICK_PROMPTS_TAB
-  | typeof SYSTEM_PROMPTS_TAB
-  | typeof ANONYMIZATION_TAB
-  | typeof KNOWLEDGE_BASE_TAB
-  | typeof EVALUATION_TAB;
 interface Props {
   conversations: Record<string, Conversation>;
+  conversationsLoaded: boolean;
   selectedConversation: Conversation;
-  setSelectedConversationId: React.Dispatch<React.SetStateAction<string>>;
   isFlyoutMode: boolean;
+  refetchConversations: () => void;
 }
 
 /**
@@ -59,13 +57,13 @@ interface Props {
  */
 export const AssistantSettingsManagement: React.FC<Props> = React.memo(
   ({
-    selectedConversation: defaultSelectedConversation,
-    setSelectedConversationId,
     conversations,
+    conversationsLoaded,
     isFlyoutMode,
+    refetchConversations,
+    selectedConversation: defaultSelectedConversation,
   }) => {
     const {
-      actionTypeRegistry,
       assistantFeatures: { assistantModelEvaluation: modelEvaluatorEnabled },
       http,
       selectedSettingsTab,
@@ -75,13 +73,14 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
 
     const { data: anonymizationFields } = useFetchAnonymizationFields();
 
-    // Connector details
     const { data: connectors } = useLoadConnectors({
       http,
     });
     const defaultConnector = useMemo(() => getDefaultConnector(connectors), [connectors]);
 
     const [hasPendingChanges, setHasPendingChanges] = useState(false);
+    const { euiTheme } = useEuiTheme();
+    const headerIconShadow = useEuiShadow('s');
 
     const {
       conversationSettings,
@@ -104,6 +103,7 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
       resetSettings,
     } = useSettingsUpdater(
       conversations,
+      conversationsLoaded,
       anonymizationFields ?? { page: 0, perPage: 0, total: 0, data: [] }
     );
 
@@ -121,10 +121,20 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
 
     useEffect(() => {
       if (selectedConversation != null) {
-        setSelectedConversation(conversationSettings[selectedConversation.title]);
+        setSelectedConversation(
+          // conversationSettings has title as key, sometime has id as key
+          conversationSettings[selectedConversation.id] ||
+            conversationSettings[selectedConversation.title]
+        );
       }
     }, [conversationSettings, selectedConversation]);
 
+    useEffect(() => {
+      if (selectedSettingsTab == null) {
+        setSelectedSettingsTab(CONNECTORS_TAB);
+      }
+    }, [selectedSettingsTab, setSelectedSettingsTab]);
+
     // Quick Prompt Selection State
     const [selectedQuickPrompt, setSelectedQuickPrompt] = useState<QuickPrompt | undefined>();
     const onHandleSelectedQuickPromptChange = useCallback((quickPrompt?: QuickPrompt) => {
@@ -149,61 +159,56 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
       }
     }, [selectedSystemPrompt, systemPromptSettings]);
 
-    const handleSave = useCallback(() => {
-      // If the selected conversation is deleted, we need to select a new conversation to prevent a crash creating a conversation that already exists
-      const isSelectedConversationDeleted =
-        conversationSettings[defaultSelectedConversation.title] == null;
-      const newSelectedConversationId: string | undefined = Object.keys(conversationSettings)[0];
-      if (isSelectedConversationDeleted && newSelectedConversationId != null) {
-        setSelectedConversationId(conversationSettings[newSelectedConversationId].title);
-      }
-      saveSettings();
-      toasts?.addSuccess({
-        iconType: 'check',
-        title: i18n.SETTINGS_UPDATED_TOAST_TITLE,
-      });
-      setHasPendingChanges(false);
-    }, [
-      conversationSettings,
-      defaultSelectedConversation.title,
-      saveSettings,
-      setSelectedConversationId,
-      toasts,
-    ]);
+    const handleSave = useCallback(
+      async (shouldRefetchConversation?: boolean) => {
+        await saveSettings();
+        toasts?.addSuccess({
+          iconType: 'check',
+          title: i18n.SETTINGS_UPDATED_TOAST_TITLE,
+        });
+        setHasPendingChanges(false);
+        if (shouldRefetchConversation) {
+          refetchConversations();
+        }
+      },
+      [refetchConversations, saveSettings, toasts]
+    );
+
+    const onSaveButtonClicked = useCallback(() => {
+      handleSave(true);
+    }, [handleSave]);
 
     const tabsConfig = useMemo(
       () => [
         {
-          id: CONVERSATIONS_TAB,
-          label: i18n.CONVERSATIONS_MENU_ITEM,
-          prepend: <EuiIcon type="discuss" />,
+          id: CONNECTORS_TAB,
+          label: i18n.CONNECTORS_MENU_ITEM,
         },
         {
-          id: QUICK_PROMPTS_TAB,
-          label: i18n.QUICK_PROMPTS_MENU_ITEM,
-          prepend: <EuiIcon type="editorComment" />,
+          id: CONVERSATIONS_TAB,
+          label: i18n.CONVERSATIONS_MENU_ITEM,
         },
         {
           id: SYSTEM_PROMPTS_TAB,
           label: i18n.SYSTEM_PROMPTS_MENU_ITEM,
-          prepend: <EuiIcon type="editorComment" />,
+        },
+        {
+          id: QUICK_PROMPTS_TAB,
+          label: i18n.QUICK_PROMPTS_MENU_ITEM,
         },
         {
           id: ANONYMIZATION_TAB,
           label: i18n.ANONYMIZATION_MENU_ITEM,
-          prepend: <EuiIcon type="eyeClosed" />,
         },
         {
           id: KNOWLEDGE_BASE_TAB,
           label: i18n.KNOWLEDGE_BASE_MENU_ITEM,
-          prepend: <EuiIcon type="notebookApp" />,
         },
         ...(modelEvaluatorEnabled
           ? [
               {
                 id: EVALUATION_TAB,
                 label: i18n.EVALUATION_MENU_ITEM,
-                prepend: <EuiIcon type="crossClusterReplicationApp" />,
               },
             ]
           : []),
@@ -232,65 +237,91 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
       resetSettings();
       setHasPendingChanges(false);
     }, [resetSettings]);
-
     return (
       <>
-        <EuiPageTemplate.Header pageTitle="Settings" tabs={tabs} paddingSize="none" />
+        <EuiPageTemplate.Header
+          pageTitle={
+            <>
+              <EuiAvatar
+                iconType="logoSecurity"
+                iconSize="m"
+                color="plain"
+                name={i18n.SECURITY_AI_SETTINGS}
+                css={css`
+                  ${headerIconShadow};
+                  margin-right: ${euiTheme.base * 0.75}px;
+                `}
+              />
+              <EuiTitle size="m" className="eui-displayInlineBlock">
+                <h2>{i18n.SECURITY_AI_SETTINGS}</h2>
+              </EuiTitle>
+            </>
+          }
+          tabs={tabs}
+          paddingSize="none"
+        />
         <EuiPageTemplate.Section
-          paddingSize="l"
+          paddingSize="none"
           css={css`
             padding-left: 0;
             padding-right: 0;
+            padding-top: ${euiTheme.base * 0.75}px;
+            padding-bottom: ${euiTheme.base * 0.75}px;
           `}
         >
+          {selectedSettingsTab === CONNECTORS_TAB && <ConnectorsSettingsManagement />}
           {selectedSettingsTab === CONVERSATIONS_TAB && (
-            <ConversationSettings
-              actionTypeRegistry={actionTypeRegistry}
-              defaultConnector={defaultConnector}
+            <ConversationSettingsManagement
+              allSystemPrompts={systemPromptSettings}
+              assistantStreamingEnabled={assistantStreamingEnabled}
+              connectors={connectors}
               conversationSettings={conversationSettings}
-              setConversationsSettingsBulkActions={handleChange(
-                setConversationsSettingsBulkActions
-              )}
+              conversationsLoaded={conversationsLoaded}
               conversationsSettingsBulkActions={conversationsSettingsBulkActions}
-              setConversationSettings={handleChange(setConversationSettings)}
-              allSystemPrompts={systemPromptSettings}
+              defaultConnector={defaultConnector}
+              handleSave={handleSave}
+              isFlyoutMode={isFlyoutMode}
+              onCancelClick={onCancelClick}
+              onSelectedConversationChange={onHandleSelectedConversationChange}
               selectedConversation={selectedConversation}
-              isDisabled={selectedConversation == null}
-              assistantStreamingEnabled={assistantStreamingEnabled}
               setAssistantStreamingEnabled={handleChange(setUpdatedAssistantStreamingEnabled)}
-              onSelectedConversationChange={onHandleSelectedConversationChange}
-              http={http}
-              isFlyoutMode={isFlyoutMode}
-            />
-          )}
-          {selectedSettingsTab === QUICK_PROMPTS_TAB && (
-            <QuickPromptSettings
-              quickPromptSettings={quickPromptSettings}
-              onSelectedQuickPromptChange={onHandleSelectedQuickPromptChange}
-              selectedQuickPrompt={selectedQuickPrompt}
-              setUpdatedQuickPromptSettings={handleChange(setUpdatedQuickPromptSettings)}
+              setConversationSettings={setConversationSettings}
+              setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
             />
           )}
           {selectedSettingsTab === SYSTEM_PROMPTS_TAB && (
-            <SystemPromptSettings
+            <SystemPromptSettingsManagement
+              connectors={connectors}
               conversationSettings={conversationSettings}
+              conversationsSettingsBulkActions={conversationsSettingsBulkActions}
               defaultConnector={defaultConnector}
-              systemPromptSettings={systemPromptSettings}
+              handleSave={handleSave}
+              onCancelClick={onCancelClick}
               onSelectedSystemPromptChange={onHandleSelectedSystemPromptChange}
+              resetSettings={resetSettings}
               selectedSystemPrompt={selectedSystemPrompt}
-              setConversationSettings={handleChange(setConversationSettings)}
-              setConversationsSettingsBulkActions={handleChange(
-                setConversationsSettingsBulkActions
-              )}
-              conversationsSettingsBulkActions={conversationsSettingsBulkActions}
-              setUpdatedSystemPromptSettings={handleChange(setUpdatedSystemPromptSettings)}
+              setConversationSettings={setConversationSettings}
+              setConversationsSettingsBulkActions={setConversationsSettingsBulkActions}
+              setUpdatedSystemPromptSettings={setUpdatedSystemPromptSettings}
+              systemPromptSettings={systemPromptSettings}
+            />
+          )}
+          {selectedSettingsTab === QUICK_PROMPTS_TAB && (
+            <QuickPromptSettingsManagement
+              handleSave={handleSave}
+              onCancelClick={onCancelClick}
+              onSelectedQuickPromptChange={onHandleSelectedQuickPromptChange}
+              quickPromptSettings={quickPromptSettings}
+              resetSettings={resetSettings}
+              selectedQuickPrompt={selectedQuickPrompt}
+              setUpdatedQuickPromptSettings={setUpdatedQuickPromptSettings}
             />
           )}
           {selectedSettingsTab === ANONYMIZATION_TAB && (
-            <AnonymizationSettings
-              defaultPageSize={5}
+            <AnonymizationSettingsManagement
               anonymizationFields={updatedAnonymizationData}
               anonymizationFieldsBulkActions={anonymizationFieldsBulkActions}
+              defaultPageSize={5}
               setAnonymizationFieldsBulkActions={handleChange(setAnonymizationFieldsBulkActions)}
               setUpdatedAnonymizationData={handleChange(setUpdatedAnonymizationData)}
             />
@@ -304,7 +335,7 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
           {selectedSettingsTab === EVALUATION_TAB && <EvaluationSettings />}
         </EuiPageTemplate.Section>
         {hasPendingChanges && (
-          <EuiPageTemplate.BottomBar paddingSize="s" position="fixed">
+          <EuiPageTemplate.BottomBar paddingSize="s" position="fixed" data-test-subj="bottom-bar">
             <EuiFlexGroup justifyContent="flexEnd" gutterSize="s">
               <EuiFlexItem grow={false}>
                 <EuiButtonEmpty
@@ -322,7 +353,7 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
                   size="s"
                   type="submit"
                   data-test-subj="save-button"
-                  onClick={handleSave}
+                  onClick={onSaveButtonClicked}
                   iconType="check"
                   fill
                 >
@@ -337,4 +368,4 @@ export const AssistantSettingsManagement: React.FC<Props> = React.memo(
   }
 );
 
-AssistantSettingsManagement.displayName = 'AssistantSettingsNew';
+AssistantSettingsManagement.displayName = 'AssistantSettingsManagement';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/const.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/const.ts
new file mode 100644
index 0000000000000..c61a6dda8d235
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/const.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export const CONNECTORS_TAB = 'CONNECTORS_TAB' as const;
+export const CONVERSATIONS_TAB = 'CONVERSATIONS_TAB' as const;
+export const QUICK_PROMPTS_TAB = 'QUICK_PROMPTS_TAB' as const;
+export const SYSTEM_PROMPTS_TAB = 'SYSTEM_PROMPTS_TAB' as const;
+export const ANONYMIZATION_TAB = 'ANONYMIZATION_TAB' as const;
+export const KNOWLEDGE_BASE_TAB = 'KNOWLEDGE_BASE_TAB' as const;
+export const EVALUATION_TAB = 'EVALUATION_TAB' as const;
+
+export const DEFAULT_PAGE_SIZE = 25;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/evaluation_settings/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/evaluation_settings/translations.ts
index d7892b76dce98..517f4456b49e8 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/evaluation_settings/translations.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/evaluation_settings/translations.ts
@@ -24,7 +24,7 @@ export const SETTINGS_DESCRIPTION = i18n.translate(
 export const RUN_DETAILS_TITLE = i18n.translate(
   'xpack.elasticAssistant.assistant.settings.evaluationSettings.runDetailsTitle',
   {
-    defaultMessage: '🏃 Run Details',
+    defaultMessage: 'Run Details',
   }
 );
 
@@ -38,7 +38,7 @@ export const RUN_DETAILS_DESCRIPTION = i18n.translate(
 export const PREDICTION_DETAILS_TITLE = i18n.translate(
   'xpack.elasticAssistant.assistant.settings.evaluationSettings.predictionDetailsTitle',
   {
-    defaultMessage: '🔮 Predictions',
+    defaultMessage: 'Predictions',
   }
 );
 
@@ -53,7 +53,7 @@ export const PREDICTION_DETAILS_DESCRIPTION = i18n.translate(
 export const EVALUATION_DETAILS_TITLE = i18n.translate(
   'xpack.elasticAssistant.assistant.settings.evaluationSettings.evaluationDetailsTitle',
   {
-    defaultMessage: '🧮 Evaluation (Optional)',
+    defaultMessage: 'Evaluation (Optional)',
   }
 );
 
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/translations.ts
index 78d6f462fd3fe..a8c2c85941176 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/translations.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/translations.ts
@@ -21,6 +21,13 @@ export const SETTINGS_TOOLTIP = i18n.translate(
   }
 );
 
+export const SECURITY_AI_SETTINGS = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.securityAiSettingsTitle',
+  {
+    defaultMessage: 'Security AI settings',
+  }
+);
+
 export const SETTINGS_UPDATED_TOAST_TITLE = i18n.translate(
   'xpack.elasticAssistant.assistant.settings.settingsUpdatedToastTitle',
   {
@@ -28,6 +35,13 @@ export const SETTINGS_UPDATED_TOAST_TITLE = i18n.translate(
   }
 );
 
+export const CONNECTORS_MENU_ITEM = i18n.translate(
+  'xpack.elasticAssistant.assistant.settings.settingsConnectorsMenuItemTitle',
+  {
+    defaultMessage: 'Connectors',
+  }
+);
+
 export const CONVERSATIONS_MENU_ITEM = i18n.translate(
   'xpack.elasticAssistant.assistant.settings.settingsConversationsMenuItemTitle',
   {
@@ -90,3 +104,10 @@ export const SAVE = i18n.translate(
     defaultMessage: 'Save',
   }
 );
+
+export const DELETE = i18n.translate(
+  'xpack.elasticAssistant.assistant.promptEditor.systemPrompt.slDeleteButtonTitle',
+  {
+    defaultMessage: 'Delete',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/types.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/types.ts
new file mode 100644
index 0000000000000..ec4c8c90ad2bf
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/types.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ANONYMIZATION_TAB,
+  CONNECTORS_TAB,
+  CONVERSATIONS_TAB,
+  EVALUATION_TAB,
+  KNOWLEDGE_BASE_TAB,
+  QUICK_PROMPTS_TAB,
+  SYSTEM_PROMPTS_TAB,
+} from './const';
+
+export type BaseSettingsTabs =
+  | typeof CONVERSATIONS_TAB
+  | typeof QUICK_PROMPTS_TAB
+  | typeof SYSTEM_PROMPTS_TAB
+  | typeof ANONYMIZATION_TAB
+  | typeof KNOWLEDGE_BASE_TAB
+  | typeof EVALUATION_TAB;
+
+export type AdditionalSettingsTabs = typeof CONNECTORS_TAB;
+
+export type SettingsTabs = BaseSettingsTabs | AdditionalSettingsTabs;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_handle_save.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_handle_save.tsx
new file mode 100644
index 0000000000000..63f937f2fdf7a
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_handle_save.tsx
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { IToasts } from '@kbn/core/public';
+import { Conversation } from '../../..';
+import { SETTINGS_UPDATED_TOAST_TITLE } from './translations';
+
+interface Props {
+  conversationSettings: Record<string, Conversation>;
+  defaultSelectedConversation: Conversation;
+  setSelectedConversationId: React.Dispatch<React.SetStateAction<string>>;
+  saveSettings: () => void;
+  setHasPendingChanges: React.Dispatch<React.SetStateAction<boolean>>;
+  toasts: IToasts | undefined;
+}
+export const useHandleSave = ({
+  conversationSettings,
+  defaultSelectedConversation,
+  setSelectedConversationId,
+  saveSettings,
+  setHasPendingChanges,
+  toasts,
+}: Props) => {
+  const handleSave = useCallback(() => {
+    // If the selected conversation is deleted, we need to select a new conversation to prevent a crash creating a conversation that already exists
+    const isSelectedConversationDeleted =
+      conversationSettings[defaultSelectedConversation.title] == null;
+    const newSelectedConversationId: string | undefined = Object.keys(conversationSettings)[0];
+    if (isSelectedConversationDeleted && newSelectedConversationId != null) {
+      setSelectedConversationId(conversationSettings[newSelectedConversationId].title);
+    }
+    saveSettings();
+    toasts?.addSuccess({
+      iconType: 'check',
+      title: SETTINGS_UPDATED_TOAST_TITLE,
+    });
+    setHasPendingChanges(false);
+  }, [
+    conversationSettings,
+    defaultSelectedConversation.title,
+    saveSettings,
+    setHasPendingChanges,
+    setSelectedConversationId,
+    toasts,
+  ]);
+
+  return handleSave;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.test.tsx
index 08e9fb434b051..20e5c86ddd251 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.test.tsx
@@ -7,7 +7,7 @@
 import { act, renderHook } from '@testing-library/react-hooks';
 
 import { DEFAULT_LATEST_ALERTS } from '../../../assistant_context/constants';
-import { alertConvo, customConvo, welcomeConvo } from '../../../mock/conversation';
+import { alertConvo, welcomeConvo } from '../../../mock/conversation';
 import { useSettingsUpdater } from './use_settings_updater';
 import { Prompt } from '../../../..';
 import {
@@ -21,6 +21,7 @@ const mockConversations = {
   [alertConvo.title]: alertConvo,
   [welcomeConvo.title]: welcomeConvo,
 };
+const conversationsLoaded = true;
 
 const mockHttp = {
   fetch: jest.fn(),
@@ -65,7 +66,7 @@ const mockValues = {
 };
 
 const updatedValues = {
-  conversations: { [customConvo.title]: customConvo },
+  conversations: { ...mockConversations },
   allSystemPrompts: [mockSuperheroSystemPrompt],
   allQuickPrompts: [{ title: 'Prompt 2', prompt: 'Prompt 2', color: 'red' }],
   updatedAnonymizationData: {
@@ -100,7 +101,7 @@ describe('useSettingsUpdater', () => {
   it('should set all state variables to their initial values when resetSettings is called', async () => {
     await act(async () => {
       const { result, waitForNextUpdate } = renderHook(() =>
-        useSettingsUpdater(mockConversations, anonymizationFields)
+        useSettingsUpdater(mockConversations, conversationsLoaded, anonymizationFields)
       );
       await waitForNextUpdate();
       const {
@@ -148,7 +149,7 @@ describe('useSettingsUpdater', () => {
   it('should update all state variables to their updated values when saveSettings is called', async () => {
     await act(async () => {
       const { result, waitForNextUpdate } = renderHook(() =>
-        useSettingsUpdater(mockConversations, anonymizationFields)
+        useSettingsUpdater(mockConversations, conversationsLoaded, anonymizationFields)
       );
       await waitForNextUpdate();
       const {
@@ -189,7 +190,7 @@ describe('useSettingsUpdater', () => {
   it('should track which toggles have been updated when saveSettings is called', async () => {
     await act(async () => {
       const { result, waitForNextUpdate } = renderHook(() =>
-        useSettingsUpdater(mockConversations, anonymizationFields)
+        useSettingsUpdater(mockConversations, conversationsLoaded, anonymizationFields)
       );
       await waitForNextUpdate();
       const { setUpdatedKnowledgeBaseSettings } = result.current;
@@ -206,7 +207,7 @@ describe('useSettingsUpdater', () => {
   it('should track only toggles that updated', async () => {
     await act(async () => {
       const { result, waitForNextUpdate } = renderHook(() =>
-        useSettingsUpdater(mockConversations, anonymizationFields)
+        useSettingsUpdater(mockConversations, conversationsLoaded, anonymizationFields)
       );
       await waitForNextUpdate();
       const { setUpdatedKnowledgeBaseSettings } = result.current;
@@ -224,7 +225,7 @@ describe('useSettingsUpdater', () => {
   it('if no toggles update, do not track anything', async () => {
     await act(async () => {
       const { result, waitForNextUpdate } = renderHook(() =>
-        useSettingsUpdater(mockConversations, anonymizationFields)
+        useSettingsUpdater(mockConversations, conversationsLoaded, anonymizationFields)
       );
       await waitForNextUpdate();
       const { setUpdatedKnowledgeBaseSettings } = result.current;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.tsx
index 1e1c3b0b026d6..c6cf81c4bf949 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/use_settings_updater/use_settings_updater.tsx
@@ -46,6 +46,7 @@ interface UseSettingsUpdater {
 
 export const useSettingsUpdater = (
   conversations: Record<string, Conversation>,
+  conversationsLoaded: boolean,
   anonymizationFields: FindAnonymizationFieldsResponse
 ): UseSettingsUpdater => {
   // Initial state from assistant context
@@ -151,7 +152,6 @@ export const useSettingsUpdater = (
     const bulkAnonymizationFieldsResult = hasBulkAnonymizationFields
       ? await bulkUpdateAnonymizationFields(http, anonymizationFieldsBulkActions, toasts)
       : undefined;
-
     return (bulkResult?.success ?? true) && (bulkAnonymizationFieldsResult?.success ?? true);
   }, [
     setAllQuickPrompts,
@@ -163,9 +163,9 @@ export const useSettingsUpdater = (
     toasts,
     knowledgeBase.isEnabledKnowledgeBase,
     knowledgeBase.isEnabledRAGAlerts,
-    updatedAssistantStreamingEnabled,
     updatedKnowledgeBaseSettings,
     assistantStreamingEnabled,
+    updatedAssistantStreamingEnabled,
     setAssistantStreamingEnabled,
     setKnowledgeBase,
     anonymizationFieldsBulkActions,
@@ -188,6 +188,13 @@ export const useSettingsUpdater = (
     anonymizationFieldsBulkActions.update?.length,
   ]);
 
+  useEffect(() => {
+    // Update conversation settings when conversations are loaded
+    if (conversationsLoaded) {
+      setConversationSettings(conversations);
+    }
+  }, [conversations, conversationsLoaded]);
+
   return {
     conversationSettings,
     conversationsSettingsBulkActions,
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts
index 8b80b87584d35..91ee3468a12d9 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/types.ts
@@ -15,6 +15,7 @@ export interface Prompt {
   isDefault?: boolean; // TODO: Should be renamed to isImmutable as this flag is used to prevent users from deleting prompts
   isNewConversationDefault?: boolean;
   isFlyoutMode?: boolean;
+  label?: string;
 }
 
 export interface KnowledgeBaseConfig {
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.test.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.test.ts
index f348049eec8b6..c8c8ab5ff7727 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.test.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.test.ts
@@ -4,8 +4,15 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
 
-import { analyzeMarkdown, getDefaultSystemPrompt } from './helpers';
+import {
+  analyzeMarkdown,
+  getConversationApiConfig,
+  getDefaultNewSystemPrompt,
+  getDefaultSystemPrompt,
+} from './helpers';
+import { AIConnector } from '../../connectorland/connector_selector';
 import { Conversation, Prompt } from '../../..';
 
 const tilde = '`';
@@ -54,6 +61,31 @@ ${codeDelimiter}
 This query will filter the events based on the condition that the ${tilde}user.name${tilde} field should exactly match the value \"9dcc9960-78cf-4ef6-9a2e-dbd5816daa60\".`;
 
 describe('useConversation helpers', () => {
+  const allSystemPrompts: Prompt[] = [
+    {
+      id: '1',
+      content: 'Prompt 1',
+      name: 'Prompt 1',
+      promptType: 'user',
+    },
+    {
+      id: '2',
+      content: 'Prompt 2',
+      name: 'Prompt 2',
+      promptType: 'user',
+      isNewConversationDefault: true,
+    },
+    {
+      id: '3',
+      content: 'Prompt 3',
+      name: 'Prompt 3',
+      promptType: 'user',
+    },
+  ];
+  const allSystemPromptsNoDefault: Prompt[] = allSystemPrompts.filter(
+    ({ isNewConversationDefault }) => isNewConversationDefault !== true
+  );
+
   describe('analyzeMarkdown', () => {
     it('should identify dsl Query successfully.', () => {
       const result = analyzeMarkdown(markDownWithDSLQuery);
@@ -65,31 +97,27 @@ describe('useConversation helpers', () => {
     });
   });
 
+  describe('getDefaultNewSystemPrompt', () => {
+    test('should return the default (starred) isNewConversationDefault system prompt', () => {
+      const result = getDefaultNewSystemPrompt(allSystemPrompts);
+
+      expect(result).toEqual(allSystemPrompts[1]);
+    });
+
+    test('should return the first prompt if default new system prompt do not exist', () => {
+      const result = getDefaultNewSystemPrompt(allSystemPromptsNoDefault);
+
+      expect(result).toEqual(allSystemPromptsNoDefault[0]);
+    });
+
+    test('should return undefined if default (starred) isNewConversationDefault system prompt does not exist and there are no system prompts', () => {
+      const result = getDefaultNewSystemPrompt([]);
+
+      expect(result).toEqual(undefined);
+    });
+  });
+
   describe('getDefaultSystemPrompt', () => {
-    const allSystemPrompts: Prompt[] = [
-      {
-        id: '1',
-        content: 'Prompt 1',
-        name: 'Prompt 1',
-        promptType: 'user',
-      },
-      {
-        id: '2',
-        content: 'Prompt 2',
-        name: 'Prompt 2',
-        promptType: 'user',
-        isNewConversationDefault: true,
-      },
-      {
-        id: '3',
-        content: 'Prompt 3',
-        name: 'Prompt 3',
-        promptType: 'user',
-      },
-    ];
-    const allSystemPromptsNoDefault: Prompt[] = allSystemPrompts.filter(
-      ({ isNewConversationDefault }) => isNewConversationDefault !== true
-    );
     const conversation: Conversation = {
       apiConfig: {
         connectorId: '123',
@@ -102,7 +130,6 @@ describe('useConversation helpers', () => {
       replacements: {},
       title: '1',
     };
-
     test('should return the conversation system prompt if it exists', () => {
       const result = getDefaultSystemPrompt({ allSystemPrompts, conversation });
 
@@ -208,3 +235,241 @@ describe('useConversation helpers', () => {
     });
   });
 });
+
+describe('getConversationApiConfig', () => {
+  const allSystemPrompts: Prompt[] = [
+    {
+      id: '1',
+      content: 'Prompt 1',
+      name: 'Prompt 1',
+      promptType: 'user',
+    },
+    {
+      id: '2',
+      content: 'Prompt 2',
+      name: 'Prompt 2',
+      promptType: 'user',
+      isNewConversationDefault: true,
+    },
+    {
+      id: '3',
+      content: 'Prompt 3',
+      name: 'Prompt 3',
+      promptType: 'user',
+    },
+  ];
+
+  const conversation: Conversation = {
+    apiConfig: {
+      connectorId: '123',
+      actionTypeId: '.gen-ai',
+      defaultSystemPromptId: '2',
+      model: 'gpt-3',
+    },
+    category: 'assistant',
+    id: '1',
+    messages: [],
+    replacements: {},
+    title: 'Test Conversation',
+  };
+
+  const connectors: AIConnector[] = [
+    {
+      id: '123',
+      actionTypeId: '.gen-ai',
+      apiProvider: OpenAiProviderType.OpenAi,
+    },
+    {
+      id: '456',
+      actionTypeId: '.gen-ai',
+      apiProvider: OpenAiProviderType.AzureAi,
+    },
+  ] as AIConnector[];
+
+  const defaultConnector: AIConnector = {
+    id: '456',
+    actionTypeId: '.gen-ai',
+    apiProvider: OpenAiProviderType.AzureAi,
+  } as AIConnector;
+
+  test('should return the correct API config when connector and system prompt are found', () => {
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '123',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.OpenAi,
+        defaultSystemPromptId: '2',
+        model: 'gpt-3',
+      },
+    });
+  });
+
+  test('should return the default connector when specific connector is not found', () => {
+    const conversationWithMissingConnector: Conversation = {
+      ...conversation,
+      apiConfig: { ...conversation.apiConfig, connectorId: '999' } as Conversation['apiConfig'],
+    };
+
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation: conversationWithMissingConnector,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '456',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.AzureAi,
+        defaultSystemPromptId: '2',
+        model: 'gpt-3',
+      },
+    });
+  });
+
+  test('should return an empty object when no connectors are provided and default connector is missing', () => {
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation,
+    });
+
+    expect(result).toEqual({});
+  });
+
+  test('should return the default system prompt if conversation system prompt is not found', () => {
+    const conversationWithMissingSystemPrompt: Conversation = {
+      ...conversation,
+      apiConfig: {
+        ...conversation.apiConfig,
+        defaultSystemPromptId: '999',
+      } as Conversation['apiConfig'],
+    };
+
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation: conversationWithMissingSystemPrompt,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '123',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.OpenAi,
+        defaultSystemPromptId: '2', // Returns the default system prompt for new conversations
+        model: 'gpt-3',
+      },
+    });
+  });
+
+  test('should return the correct config when connectors are not provided', () => {
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '456',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.AzureAi,
+        defaultSystemPromptId: '2',
+        model: 'gpt-3',
+      },
+    });
+  });
+
+  test('should return the first system prompt if both conversation system prompt and default new system prompt do not exist', () => {
+    const allSystemPromptsNoDefault: Prompt[] = allSystemPrompts.filter(
+      ({ isNewConversationDefault }) => isNewConversationDefault !== true
+    );
+
+    const conversationWithoutSystemPrompt: Conversation = {
+      ...conversation,
+      apiConfig: { connectorId: '123', actionTypeId: '.gen-ai' },
+    };
+
+    const result = getConversationApiConfig({
+      allSystemPrompts: allSystemPromptsNoDefault,
+      conversation: conversationWithoutSystemPrompt,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '123',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.OpenAi,
+        defaultSystemPromptId: '1', // Uses the first prompt in the list
+        model: undefined, // default connector's model
+      },
+    });
+  });
+
+  test('should return the first system prompt if conversation system prompt does not exist within all system prompts', () => {
+    const allSystemPromptsNoDefault: Prompt[] = allSystemPrompts.filter(
+      ({ isNewConversationDefault }) => isNewConversationDefault !== true
+    );
+
+    const conversationWithoutSystemPrompt: Conversation = {
+      ...conversation,
+      apiConfig: { connectorId: '123', actionTypeId: '.gen-ai' },
+      id: '4', // this id does not exist within allSystemPrompts
+    };
+
+    const result = getConversationApiConfig({
+      allSystemPrompts: allSystemPromptsNoDefault,
+      conversation: conversationWithoutSystemPrompt,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '123',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.OpenAi,
+        defaultSystemPromptId: '1', // Uses the first prompt in the list
+        model: undefined, // default connector's model
+      },
+    });
+  });
+
+  test('should return the new default system prompt if defaultSystemPromptId is undefined', () => {
+    const conversationWithUndefinedPrompt: Conversation = {
+      ...conversation,
+      apiConfig: {
+        ...conversation.apiConfig,
+        defaultSystemPromptId: undefined,
+      } as Conversation['apiConfig'],
+    };
+
+    const result = getConversationApiConfig({
+      allSystemPrompts,
+      conversation: conversationWithUndefinedPrompt,
+      connectors,
+      defaultConnector,
+    });
+
+    expect(result).toEqual({
+      apiConfig: {
+        connectorId: '123',
+        actionTypeId: '.gen-ai',
+        provider: OpenAiProviderType.OpenAi,
+        defaultSystemPromptId: '1',
+        model: 'gpt-3',
+      },
+    });
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.ts
index de766085e1aee..2d6c4075fba0e 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_conversation/helpers.ts
@@ -8,6 +8,8 @@
 import React from 'react';
 import { Prompt } from '../types';
 import { Conversation } from '../../assistant_context/types';
+import { AIConnector } from '../../connectorland/connector_selector';
+import { getGenAiConfig } from '../../connectorland/helpers';
 
 export interface CodeBlockDetails {
   type: QueryType;
@@ -69,7 +71,15 @@ export const analyzeMarkdown = (markdown: string): CodeBlockDetails[] => {
 };
 
 /**
- * Returns the default system prompt for a given conversation
+ * Returns the default system prompt
+ *
+ * @param allSystemPrompts All available System Prompts
+ */
+export const getDefaultNewSystemPrompt = (allSystemPrompts: Prompt[]) =>
+  allSystemPrompts.find((prompt) => prompt.isNewConversationDefault) ?? allSystemPrompts?.[0];
+
+/**
+ * Returns the default system prompt for a given (New Custom) conversation
  *
  * @param allSystemPrompts All available System Prompts
  * @param conversation Conversation to get the default system prompt for
@@ -84,7 +94,73 @@ export const getDefaultSystemPrompt = ({
   const conversationSystemPrompt = allSystemPrompts.find(
     (prompt) => prompt.id === conversation?.apiConfig?.defaultSystemPromptId
   );
-  const defaultNewSystemPrompt = allSystemPrompts.find((prompt) => prompt.isNewConversationDefault);
+  const defaultNewSystemPrompt = getDefaultNewSystemPrompt(allSystemPrompts);
+
+  return conversationSystemPrompt ?? defaultNewSystemPrompt;
+};
+
+/**
+ * Returns the default system prompt for an existing conversation that has never been given a system prompt
+ *
+ * @param allSystemPrompts All available System Prompts
+ * @param conversation Conversation to get the default system prompt for
+ */
+export const getInitialDefaultSystemPrompt = ({
+  allSystemPrompts,
+  conversation,
+}: {
+  allSystemPrompts: Prompt[];
+  conversation: Conversation | undefined;
+}): Prompt | undefined => {
+  const conversationSystemPrompt = allSystemPrompts.find(
+    (prompt) => prompt.id === conversation?.apiConfig?.defaultSystemPromptId
+  );
 
-  return conversationSystemPrompt ?? defaultNewSystemPrompt ?? allSystemPrompts?.[0];
+  return conversationSystemPrompt ?? allSystemPrompts?.[0];
+};
+
+/**
+ * Returns the API config for a conversation
+ *
+ * @param allSystemPrompts All available System Prompts
+ * @param conversation Conversation to get the API config for
+ * @param connectors All available connectors
+ * @param defaultConnector Default connector to use
+ */
+export const getConversationApiConfig = ({
+  allSystemPrompts,
+  conversation,
+  connectors,
+  defaultConnector,
+}: {
+  allSystemPrompts: Prompt[];
+  conversation: Conversation;
+  connectors?: AIConnector[];
+  defaultConnector?: AIConnector;
+}) => {
+  const connector: AIConnector | undefined =
+    connectors?.find((c) => c.id === conversation.apiConfig?.connectorId) ?? defaultConnector;
+  const connectorModel = getGenAiConfig(connector)?.defaultModel;
+  const defaultSystemPrompt =
+    conversation.apiConfig?.defaultSystemPromptId == null
+      ? getInitialDefaultSystemPrompt({
+          allSystemPrompts,
+          conversation,
+        })
+      : getDefaultSystemPrompt({
+          allSystemPrompts,
+          conversation,
+        });
+
+  return connector
+    ? {
+        apiConfig: {
+          connectorId: connector.id,
+          actionTypeId: connector.actionTypeId,
+          provider: connector.apiProvider,
+          defaultSystemPromptId: defaultSystemPrompt?.id,
+          model: conversation?.apiConfig?.model ?? connectorModel,
+        },
+      }
+    : {};
 };
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/constants.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/constants.tsx
index d54f6f8b4d28d..0262dbe3ed778 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/constants.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/constants.tsx
@@ -15,6 +15,10 @@ export const LAST_CONVERSATION_ID_LOCAL_STORAGE_KEY = 'lastConversationId';
 export const KNOWLEDGE_BASE_LOCAL_STORAGE_KEY = 'knowledgeBase';
 export const STREAMING_LOCAL_STORAGE_KEY = 'streaming';
 export const TRACE_OPTIONS_SESSION_STORAGE_KEY = 'traceOptions';
+export const CONVERSATION_TABLE_SESSION_STORAGE_KEY = 'conversationTable';
+export const QUICK_PROMPT_TABLE_SESSION_STORAGE_KEY = 'quickPromptTable';
+export const SYSTEM_PROMPT_TABLE_SESSION_STORAGE_KEY = 'systemPromptTable';
+export const ANONYMIZATION_TABLE_SESSION_STORAGE_KEY = 'anonymizationTable';
 
 /** The default `n` latest alerts, ordered by risk score, sent as context to the assistant */
 export const DEFAULT_LATEST_ALERTS = 20;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/index.tsx
index 6a74dab81ac47..ffafb4f704a17 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant_context/index.tsx
@@ -14,6 +14,7 @@ import { ActionTypeRegistryContract } from '@kbn/triggers-actions-ui-plugin/publ
 import { useLocalStorage, useSessionStorage } from 'react-use';
 import type { DocLinksStart } from '@kbn/core-doc-links-browser';
 import { AssistantFeatures, defaultAssistantFeatures } from '@kbn/elastic-assistant-common';
+import { NavigateToAppOptions } from '@kbn/core/public';
 import { updatePromptContexts } from './helpers';
 import type {
   PromptContext,
@@ -37,10 +38,10 @@ import {
   SYSTEM_PROMPT_LOCAL_STORAGE_KEY,
   TRACE_OPTIONS_SESSION_STORAGE_KEY,
 } from './constants';
-import { CONVERSATIONS_TAB, SettingsTabs } from '../assistant/settings/assistant_settings';
 import { AssistantAvailability, AssistantTelemetry } from './types';
 import { useCapabilities } from '../assistant/api/capabilities/use_capabilities';
 import { WELCOME_CONVERSATION_TITLE } from '../assistant/use_conversation/translations';
+import { SettingsTabs } from '../assistant/settings/types';
 
 export interface ShowAssistantOverlayProps {
   showOverlay: boolean;
@@ -83,6 +84,7 @@ export interface AssistantProviderProps {
   http: HttpSetup;
   baseConversations: Record<string, Conversation>;
   nameSpace?: string;
+  navigateToApp: (appId: string, options?: NavigateToAppOptions | undefined) => Promise<void>;
   title?: string;
   toasts?: IToasts;
 }
@@ -128,15 +130,16 @@ export interface UseAssistantContext {
   knowledgeBase: KnowledgeBaseConfig;
   getLastConversationId: (conversationTitle?: string) => string;
   promptContexts: Record<string, PromptContext>;
+  navigateToApp: (appId: string, options?: NavigateToAppOptions | undefined) => Promise<void>;
   nameSpace: string;
   registerPromptContext: RegisterPromptContext;
-  selectedSettingsTab: SettingsTabs;
+  selectedSettingsTab: SettingsTabs | null;
   setAllQuickPrompts: React.Dispatch<React.SetStateAction<QuickPrompt[] | undefined>>;
   setAllSystemPrompts: React.Dispatch<React.SetStateAction<Prompt[] | undefined>>;
   setAssistantStreamingEnabled: React.Dispatch<React.SetStateAction<boolean | undefined>>;
   setKnowledgeBase: React.Dispatch<React.SetStateAction<KnowledgeBaseConfig | undefined>>;
   setLastConversationId: React.Dispatch<React.SetStateAction<string | undefined>>;
-  setSelectedSettingsTab: React.Dispatch<React.SetStateAction<SettingsTabs>>;
+  setSelectedSettingsTab: React.Dispatch<React.SetStateAction<SettingsTabs | null>>;
   setShowAssistantOverlay: (showAssistantOverlay: ShowAssistantOverlay) => void;
   showAssistantOverlay: ShowAssistantOverlay;
   setTraceOptions: (traceOptions: {
@@ -167,6 +170,7 @@ export const AssistantProvider: React.FC<AssistantProviderProps> = ({
   getComments,
   http,
   baseConversations,
+  navigateToApp,
   nameSpace = DEFAULT_ASSISTANT_NAMESPACE,
   title = DEFAULT_ASSISTANT_TITLE,
   toasts,
@@ -264,7 +268,7 @@ export const AssistantProvider: React.FC<AssistantProviderProps> = ({
   /**
    * Settings State
    */
-  const [selectedSettingsTab, setSelectedSettingsTab] = useState<SettingsTabs>(CONVERSATIONS_TAB);
+  const [selectedSettingsTab, setSelectedSettingsTab] = useState<SettingsTabs | null>(null);
 
   const getLastConversationId = useCallback(
     // if a conversationId has been provided, use that
@@ -297,6 +301,7 @@ export const AssistantProvider: React.FC<AssistantProviderProps> = ({
       http,
       knowledgeBase: { ...DEFAULT_KNOWLEDGE_BASE_SETTINGS, ...localStorageKnowledgeBase },
       promptContexts,
+      navigateToApp,
       nameSpace,
       registerPromptContext,
       selectedSettingsTab,
@@ -336,6 +341,7 @@ export const AssistantProvider: React.FC<AssistantProviderProps> = ({
       http,
       localStorageKnowledgeBase,
       promptContexts,
+      navigateToApp,
       nameSpace,
       registerPromptContext,
       selectedSettingsTab,
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_missing_callout/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_missing_callout/index.tsx
index 8cecb7d6332e3..8853ca0a67d33 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_missing_callout/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_missing_callout/index.tsx
@@ -13,8 +13,8 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { css } from '@emotion/react';
 import * as i18n from '../translations';
 import { useAssistantContext } from '../../assistant_context';
-import { CONVERSATIONS_TAB } from '../../assistant/settings/assistant_settings';
 import { ConnectorButton } from '../connector_button';
+import { CONVERSATIONS_TAB } from '../../assistant/settings/const';
 
 interface Props {
   isConnectorConfigured: boolean;
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.test.tsx
new file mode 100644
index 0000000000000..4846091e5ef37
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.test.tsx
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { AttackDiscoveryStatusIndicator } from './attack_discovery_status_indicator';
+import { render } from '@testing-library/react';
+
+describe('AttackDiscoveryStatusIndicator', () => {
+  it('renders loading spinner when status is running and hasViewed is false', () => {
+    const { getByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={false} status={'running'} count={0} />
+    );
+
+    expect(getByTestId('status-running')).toBeInTheDocument();
+  });
+  it('renders loading spinner when status is running and hasViewed is true', () => {
+    const { getByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={true} status={'running'} count={0} />
+    );
+
+    expect(getByTestId('status-running')).toBeInTheDocument();
+  });
+
+  it('renders null when status is not running hasViewed is true', () => {
+    const { queryByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={true} status={'succeeded'} count={5} />
+    );
+
+    expect(queryByTestId('status-succeeded')).not.toBeInTheDocument();
+  });
+
+  it('renders succeeded count badge when status is succeeded and count is not null', () => {
+    const { getByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={false} status={'succeeded'} count={0} />
+    );
+
+    expect(getByTestId('status-succeeded')).toBeInTheDocument();
+  });
+
+  it('renders failed badge when status is failed', () => {
+    const { getByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={false} status={'failed'} count={0} />
+    );
+
+    expect(getByTestId('status-failed')).toBeInTheDocument();
+  });
+
+  it('renders null when status is canceled', () => {
+    const { queryByTestId } = render(
+      <AttackDiscoveryStatusIndicator hasViewed={false} status={'canceled'} count={0} />
+    );
+
+    expect(queryByTestId('status-running')).not.toBeInTheDocument();
+    expect(queryByTestId('status-succeeded')).not.toBeInTheDocument();
+    expect(queryByTestId('status-failed')).not.toBeInTheDocument();
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.tsx
new file mode 100644
index 0000000000000..7041028eb1b61
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/attack_discovery_status_indicator.tsx
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { FunctionComponent } from 'react';
+import { AttackDiscoveryStatus } from '@kbn/elastic-assistant-common';
+import {
+  EuiFlexItem,
+  EuiLoadingSpinner,
+  EuiIconTip,
+  EuiNotificationBadge,
+  EuiToolTip,
+} from '@elastic/eui';
+import * as i18n from './translations';
+
+interface Props {
+  hasViewed: boolean;
+  status: AttackDiscoveryStatus;
+  count: number;
+}
+export const AttackDiscoveryStatusIndicator: FunctionComponent<Props> = ({
+  hasViewed,
+  status,
+  count,
+}) => {
+  if (status === 'running') {
+    return (
+      <EuiFlexItem grow={false} data-test-subj="status-running">
+        <EuiToolTip
+          aria-label={i18n.IN_PROGRESS_MESSAGE}
+          content={i18n.IN_PROGRESS_MESSAGE}
+          position="bottom"
+        >
+          <EuiLoadingSpinner size="s" />
+        </EuiToolTip>
+      </EuiFlexItem>
+    );
+  }
+  if (hasViewed) return null;
+  if (status === 'succeeded' && count != null) {
+    return (
+      <EuiFlexItem grow={false} data-test-subj="status-succeeded">
+        <EuiToolTip
+          aria-label={i18n.SUCCESS_MESSAGE(count)}
+          content={i18n.SUCCESS_MESSAGE(count)}
+          position="bottom"
+        >
+          <EuiNotificationBadge>{count}</EuiNotificationBadge>
+        </EuiToolTip>
+      </EuiFlexItem>
+    );
+  }
+  if (status === 'failed') {
+    return (
+      <EuiFlexItem grow={false} data-test-subj="status-failed">
+        <EuiIconTip
+          aria-label={i18n.FAILURE_MESSAGE}
+          color="warning"
+          content={i18n.FAILURE_MESSAGE}
+          position="bottom"
+          size="m"
+          type="warning"
+        />
+      </EuiFlexItem>
+    );
+  }
+  return null;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx
index a6070bc05a97a..410ee650c43ef 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx
@@ -12,6 +12,8 @@ import { ActionConnector, ActionType } from '@kbn/triggers-actions-ui-plugin/pub
 
 import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
 import { some } from 'lodash';
+import type { AttackDiscoveryStats } from '@kbn/elastic-assistant-common';
+import { AttackDiscoveryStatusIndicator } from './attack_discovery_status_indicator';
 import { useLoadConnectors } from '../use_load_connectors';
 import * as i18n from '../translations';
 import { useLoadActionTypes } from '../use_load_action_types';
@@ -29,6 +31,7 @@ interface Props {
   displayFancy?: (displayText: string) => React.ReactNode;
   setIsOpen?: (isOpen: boolean) => void;
   isFlyoutMode: boolean;
+  stats?: AttackDiscoveryStats | null;
 }
 
 export type AIConnector = ActionConnector & {
@@ -45,6 +48,7 @@ export const ConnectorSelector: React.FC<Props> = React.memo(
     onConnectorSelectionChange,
     setIsOpen,
     isFlyoutMode,
+    stats = null,
   }) => {
     const { actionTypeRegistry, http, assistantAvailability } = useAssistantContext();
     // Connector Modal State
@@ -91,23 +95,35 @@ export const ConnectorSelector: React.FC<Props> = React.memo(
           const connectorDetails = connector.isPreconfigured
             ? i18n.PRECONFIGURED_CONNECTOR
             : connectorTypeTitle;
+          const attackDiscoveryStats =
+            stats !== null
+              ? stats.statsPerConnector.find((s) => s.connectorId === connector.id) ?? null
+              : null;
+
           return {
             value: connector.id,
             'data-test-subj': connector.id,
             inputDisplay: displayFancy?.(connector.name) ?? connector.name,
             dropdownDisplay: (
               <React.Fragment key={connector.id}>
-                <strong>{connector.name}</strong>
-                {connectorDetails && (
-                  <EuiText size="xs" color="subdued">
-                    <p>{connectorDetails}</p>
-                  </EuiText>
-                )}
+                <EuiFlexGroup justifyContent="spaceBetween" gutterSize="none" alignItems="center">
+                  <EuiFlexItem grow={false}>
+                    <strong>{connector.name}</strong>
+                    {connectorDetails && (
+                      <EuiText size="xs" color="subdued">
+                        <p>{connectorDetails}</p>
+                      </EuiText>
+                    )}
+                  </EuiFlexItem>
+                  {attackDiscoveryStats && (
+                    <AttackDiscoveryStatusIndicator {...attackDiscoveryStats} />
+                  )}
+                </EuiFlexGroup>
               </React.Fragment>
             ),
           };
         }),
-      [actionTypeRegistry, aiConnectors, displayFancy]
+      [actionTypeRegistry, aiConnectors, displayFancy, stats]
     );
 
     const connectorExists = useMemo(
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/translations.ts
new file mode 100644
index 0000000000000..2719db05b9d39
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector/translations.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const SUCCESS_MESSAGE = (totalAttacks: number) =>
+  i18n.translate('xpack.elasticAssistant.attackDiscovery.statusSuccess', {
+    values: { totalAttacks },
+    defaultMessage:
+      'The connector has updated with {totalAttacks} potential {totalAttacks, plural, =1 {attack} other {attacks}}',
+  });
+
+export const IN_PROGRESS_MESSAGE = i18n.translate(
+  'xpack.elasticAssistant.attackDiscovery.statusInProgress',
+  {
+    defaultMessage: 'Attack discovery generation in progress.',
+  }
+);
+
+export const FAILURE_MESSAGE = i18n.translate('xpack.elasticAssistant.attackDiscovery.statusFail', {
+  defaultMessage: 'The connector encountered an error while generating attack discoveries.',
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector_inline/connector_selector_inline.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector_inline/connector_selector_inline.tsx
index 65e388862bd53..ebf762530af11 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector_inline/connector_selector_inline.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_selector_inline/connector_selector_inline.tsx
@@ -10,6 +10,7 @@ import React, { useCallback, useState } from 'react';
 
 import { css } from '@emotion/css';
 import { euiThemeVars } from '@kbn/ui-theme';
+import type { AttackDiscoveryStats } from '@kbn/elastic-assistant-common';
 import { AIConnector, ConnectorSelector } from '../connector_selector';
 import { Conversation } from '../../..';
 import { useLoadConnectors } from '../use_load_connectors';
@@ -27,6 +28,7 @@ interface Props {
   isFlyoutMode: boolean;
   onConnectorIdSelected?: (connectorId: string) => void;
   onConnectorSelected?: (conversation: Conversation) => void;
+  stats?: AttackDiscoveryStats | null;
 }
 
 const inputContainerClassName = css`
@@ -71,6 +73,7 @@ export const ConnectorSelectorInline: React.FC<Props> = React.memo(
 
     onConnectorIdSelected,
     onConnectorSelected,
+    stats = null,
   }) => {
     const [isOpen, setIsOpen] = useState<boolean>(false);
     const { assistantAvailability, http } = useAssistantContext();
@@ -153,6 +156,7 @@ export const ConnectorSelectorInline: React.FC<Props> = React.memo(
               setIsOpen={setIsOpen}
               onConnectorSelectionChange={onChange}
               isFlyoutMode={isFlyoutMode}
+              stats={stats}
             />
           </EuiFlexItem>
         </EuiFlexGroup>
@@ -182,6 +186,7 @@ export const ConnectorSelectorInline: React.FC<Props> = React.memo(
               setIsOpen={setIsOpen}
               onConnectorSelectionChange={onChange}
               isFlyoutMode={isFlyoutMode}
+              stats={stats}
             />
           ) : (
             <span>
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/index.tsx
new file mode 100644
index 0000000000000..f144253ea4cce
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/index.tsx
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiButton,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { useAssistantContext } from '../../assistant_context';
+
+import * as i18n from './translations';
+
+const ConnectorsSettingsManagementComponent: React.FC = () => {
+  const { navigateToApp } = useAssistantContext();
+
+  const onClick = useCallback(
+    () =>
+      navigateToApp('management', {
+        path: 'insightsAndAlerting/triggersActionsConnectors/connectors',
+      }),
+    [navigateToApp]
+  );
+
+  return (
+    <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+      <EuiTitle size={'s'}>
+        <h2>{i18n.CONNECTOR_SETTINGS_MANAGEMENT_TITLE}</h2>
+      </EuiTitle>
+      <EuiSpacer size="m" />
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiText>{i18n.CONNECTOR_SETTINGS_MANAGEMENT_DESCRIPTION}</EuiText>
+        </EuiFlexItem>
+
+        <EuiFlexItem grow={false}>
+          <EuiButton onClick={onClick}>{i18n.CONNECTOR_MANAGEMENT_BUTTON_TITLE}</EuiButton>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+};
+
+export const ConnectorsSettingsManagement = React.memo(ConnectorsSettingsManagementComponent);
+ConnectorsSettingsManagementComponent.displayName = 'ConnectorsSettingsManagementComponent';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/translations.ts
new file mode 100644
index 0000000000000..941337761fadc
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_settings_management/translations.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const CONNECTOR_SETTINGS_MANAGEMENT_TITLE = i18n.translate(
+  'xpack.elasticAssistant.connectors.connectorSettingsManagement.title',
+  {
+    defaultMessage: 'Connector Settings',
+  }
+);
+
+export const CONNECTOR_SETTINGS_MANAGEMENT_DESCRIPTION = i18n.translate(
+  'xpack.elasticAssistant.connectors.connectorSettingsManagement.description',
+  {
+    defaultMessage:
+      'Using the Elastic AI Assistant requires setting up a connector with API access to OpenAI or Bedrock large language models. ',
+  }
+);
+
+export const CONNECTOR_MANAGEMENT_BUTTON_TITLE = i18n.translate(
+  'xpack.elasticAssistant.connectors.connectorSettingsManagement.buttonTitle',
+  {
+    defaultMessage: 'Manage Connectors',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_setup/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_setup/index.tsx
index ab552656fc57f..81166bbf90fa1 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_setup/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/connector_setup/index.tsx
@@ -35,7 +35,7 @@ export interface ConnectorSetupProps {
   conversation?: Conversation;
   isFlyoutMode?: boolean;
   onSetupComplete?: () => void;
-  onConversationUpdate: ({ cId, cTitle }: { cId: string; cTitle: string }) => Promise<void>;
+  onConversationUpdate?: ({ cId, cTitle }: { cId: string; cTitle: string }) => Promise<void>;
   updateConversationsOnSaveConnector?: boolean;
 }
 
@@ -198,7 +198,10 @@ export const useConnectorSetup = ({
         });
 
         if (updatedConversation) {
-          onConversationUpdate({ cId: updatedConversation.id, cTitle: updatedConversation.title });
+          onConversationUpdate?.({
+            cId: updatedConversation.id,
+            cTitle: updatedConversation.title,
+          });
 
           refetchConnectors?.();
           setIsConnectorModalVisible(false);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/helpers.tsx b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/helpers.tsx
index c8b17de9906a3..2bbc74af5a45a 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/helpers.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/helpers.tsx
@@ -5,9 +5,14 @@
  * 2.0.
  */
 
-import type { ActionConnector } from '@kbn/triggers-actions-ui-plugin/public';
+import type {
+  ActionConnector,
+  ActionTypeModel,
+  ActionTypeRegistryContract,
+} from '@kbn/triggers-actions-ui-plugin/public';
+
 import { ActionConnectorProps } from '@kbn/triggers-actions-ui-plugin/public/types';
-import { ActionTypeModel } from '@kbn/triggers-actions-ui-plugin/public';
+import { PRECONFIGURED_CONNECTOR } from './translations';
 
 // aligns with OpenAiProviderType from '@kbn/stack-connectors-plugin/common/openai/types'
 enum OpenAiProviderType {
@@ -54,3 +59,18 @@ const getAzureApiVersionParameter = (url: string): string | undefined => {
   const urlSearchParams = new URLSearchParams(new URL(url).search);
   return urlSearchParams.get('api-version') ?? undefined;
 };
+
+export const getConnectorTypeTitle = (
+  connector: ActionConnector | undefined,
+  actionTypeRegistry: ActionTypeRegistryContract
+) => {
+  if (!connector) {
+    return null;
+  }
+  const connectorTypeTitle =
+    getGenAiConfig(connector)?.apiProvider ??
+    getActionTypeTitle(actionTypeRegistry.get(connector.actionTypeId));
+  const actionType = connector.isPreconfigured ? PRECONFIGURED_CONNECTOR : connectorTypeTitle;
+
+  return actionType;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/translations.ts
index 4381da8486497..11d214afc4faf 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/connectorland/translations.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/connectorland/translations.ts
@@ -10,24 +10,14 @@ import { i18n } from '@kbn/i18n';
 export const LOAD_ACTIONS_ERROR_MESSAGE = i18n.translate(
   'xpack.elasticAssistant.connectors.useLoadActionTypes.errorMessage',
   {
-    defaultMessage:
-      'Welcome to your Elastic AI Assistant! I am your 100% open-source portal into your Elastic Life. ',
+    defaultMessage: 'An error occurred loading the Kibana Actions. ',
   }
 );
 
 export const LOAD_CONNECTORS_ERROR_MESSAGE = i18n.translate(
   'xpack.elasticAssistant.connectors.useLoadConnectors.errorMessage',
   {
-    defaultMessage:
-      'Welcome to your Elastic AI Assistant! I am your 100% open-source portal into your Elastic Life. ',
-  }
-);
-
-export const WELCOME_SECURITY = i18n.translate(
-  'xpack.elasticAssistant.content.prompts.welcome.welcomeSecurityPrompt',
-  {
-    defaultMessage:
-      'Welcome to your Elastic AI Assistant! I am your 100% open-source portal into Elastic Security. ',
+    defaultMessage: 'An error occurred loading the Kibana Connectors. ',
   }
 );
 
@@ -59,13 +49,6 @@ export const ADD_CONNECTOR = i18n.translate(
   }
 );
 
-export const INLINE_CONNECTOR_LABEL = i18n.translate(
-  'xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorLabel',
-  {
-    defaultMessage: 'Connector:',
-  }
-);
-
 export const INLINE_CONNECTOR_PLACEHOLDER = i18n.translate(
   'xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorPlaceholder',
   {
@@ -129,13 +112,6 @@ export const CONNECTOR_SETUP_SKIP = i18n.translate(
   }
 );
 
-export const CONNECTOR_SETUP_COMPLETE = i18n.translate(
-  'xpack.elasticAssistant.assistant.connectors.setup.complete',
-  {
-    defaultMessage: 'Connector setup complete!',
-  }
-);
-
 export const MISSING_CONNECTOR_CALLOUT_TITLE = i18n.translate(
   'xpack.elasticAssistant.assistant.connectors.connectorMissingCallout.calloutTitle',
   {
@@ -149,3 +125,17 @@ export const MISSING_CONNECTOR_CONVERSATION_SETTINGS_LINK = i18n.translate(
     defaultMessage: 'Conversation Settings',
   }
 );
+
+export const CREATE_CONNECTOR_BUTTON = i18n.translate(
+  'xpack.elasticAssistant.assistant.connectors.createConnectorButton',
+  {
+    defaultMessage: 'Connector',
+  }
+);
+
+export const REFRESH_CONNECTORS_BUTTON = i18n.translate(
+  'xpack.elasticAssistant.assistant.connectors.refreshConnectorsButton',
+  {
+    defaultMessage: 'Refresh',
+  }
+);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/index.tsx
index e2034cc62c33a..a73fbf4854ef1 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/index.tsx
@@ -7,8 +7,10 @@
 
 import { Prompt } from '../../../..';
 import {
+  DEFAULT_SYSTEM_PROMPT_LABEL,
   DEFAULT_SYSTEM_PROMPT_NAME,
   DEFAULT_SYSTEM_PROMPT_NON_I18N,
+  SUPERHERO_SYSTEM_PROMPT_LABEL,
   SUPERHERO_SYSTEM_PROMPT_NAME,
   SUPERHERO_SYSTEM_PROMPT_NON_I18N,
 } from './translations';
@@ -22,11 +24,13 @@ export const BASE_SYSTEM_PROMPTS: Prompt[] = [
     content: DEFAULT_SYSTEM_PROMPT_NON_I18N,
     name: DEFAULT_SYSTEM_PROMPT_NAME,
     promptType: 'system',
+    label: DEFAULT_SYSTEM_PROMPT_LABEL,
   },
   {
     id: 'CB9FA555-B59F-4F71-AFF9-8A891AC5BC28',
     content: SUPERHERO_SYSTEM_PROMPT_NON_I18N,
     name: SUPERHERO_SYSTEM_PROMPT_NAME,
     promptType: 'system',
+    label: SUPERHERO_SYSTEM_PROMPT_LABEL,
   },
 ];
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/translations.ts b/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/translations.ts
index eecc3b6dea246..8ce92919de1cb 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/translations.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/translations.ts
@@ -39,6 +39,13 @@ export const DEFAULT_SYSTEM_PROMPT_NAME = i18n.translate(
   }
 );
 
+export const DEFAULT_SYSTEM_PROMPT_LABEL = i18n.translate(
+  'xpack.elasticAssistant.assistant.content.prompts.system.defaultSystemPromptLabel',
+  {
+    defaultMessage: 'Default',
+  }
+);
+
 export const SUPERHERO_SYSTEM_PROMPT_NON_I18N = `${YOU_ARE_A_HELPFUL_EXPERT_ASSISTANT} ${IF_YOU_DONT_KNOW_THE_ANSWER}
 ${SUPERHERO_PERSONALITY}`;
 
@@ -49,6 +56,13 @@ export const SUPERHERO_SYSTEM_PROMPT_NAME = i18n.translate(
   }
 );
 
+export const SUPERHERO_SYSTEM_PROMPT_LABEL = i18n.translate(
+  'xpack.elasticAssistant.assistant.content.prompts.system.superheroSystemPromptLabel',
+  {
+    defaultMessage: 'Enhanced',
+  }
+);
+
 export const SYSTEM_PROMPT_CONTEXT_NON_I18N = (context: string) => {
   return `CONTEXT:\n"""\n${context}\n"""`;
 };
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/index.tsx
index e03a965f6c98c..c371c9498dc2f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/index.tsx
@@ -6,14 +6,14 @@
  */
 
 import { EuiFlexGroup, EuiHorizontalRule, EuiSpacer, EuiText, EuiTitle } from '@elastic/eui';
-import React, { useCallback } from 'react';
+import React from 'react';
 
 import { FindAnonymizationFieldsResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/find_anonymization_fields_route.gen';
 import { PerformBulkActionRequestBody } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
 import { Stats } from '../../../data_anonymization_editor/stats';
 import { ContextEditor } from '../../../data_anonymization_editor/context_editor';
-import type { BatchUpdateListItem } from '../../../data_anonymization_editor/context_editor/types';
 import * as i18n from './translations';
+import { useAnonymizationListUpdate } from './use_anonymization_list_update';
 
 export interface Props {
   defaultPageSize?: number;
@@ -34,39 +34,12 @@ const AnonymizationSettingsComponent: React.FC<Props> = ({
   setAnonymizationFieldsBulkActions,
   setUpdatedAnonymizationData,
 }) => {
-  const onListUpdated = useCallback(
-    async (updates: BatchUpdateListItem[]) => {
-      const updatedFieldsKeys = updates.map((u) => u.field);
-
-      const updatedFields = updates.map((u) => ({
-        ...(anonymizationFields.data.find((f) => f.field === u.field) ?? { id: '', field: '' }),
-        ...(u.update === 'allow' || u.update === 'defaultAllow'
-          ? { allowed: u.operation === 'add' }
-          : {}),
-        ...(u.update === 'allowReplacement' || u.update === 'defaultAllowReplacement'
-          ? { anonymized: u.operation === 'add' }
-          : {}),
-      }));
-      setAnonymizationFieldsBulkActions({
-        ...anonymizationFieldsBulkActions,
-        // Only update makes sense now, as long as we don't have an add new field design/UX
-        update: [...(anonymizationFieldsBulkActions?.update ?? []), ...updatedFields],
-      });
-      setUpdatedAnonymizationData({
-        ...anonymizationFields,
-        data: [
-          ...anonymizationFields.data.filter((f) => !updatedFieldsKeys.includes(f.field)),
-          ...updatedFields,
-        ],
-      });
-    },
-    [
-      anonymizationFields,
-      anonymizationFieldsBulkActions,
-      setAnonymizationFieldsBulkActions,
-      setUpdatedAnonymizationData,
-    ]
-  );
+  const onListUpdated = useAnonymizationListUpdate({
+    anonymizationFields,
+    anonymizationFieldsBulkActions,
+    setAnonymizationFieldsBulkActions,
+    setUpdatedAnonymizationData,
+  });
   return (
     <>
       <EuiTitle size={'s'}>
@@ -88,6 +61,7 @@ const AnonymizationSettingsComponent: React.FC<Props> = ({
         onListUpdated={onListUpdated}
         rawData={null}
         pageSize={defaultPageSize}
+        compressed={true}
       />
     </>
   );
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/use_anonymization_list_update.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/use_anonymization_list_update.tsx
new file mode 100644
index 0000000000000..f9ee4875fad23
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings/use_anonymization_list_update.tsx
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { FindAnonymizationFieldsResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/find_anonymization_fields_route.gen';
+import { PerformBulkActionRequestBody } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+
+import { BatchUpdateListItem } from '../../../data_anonymization_editor/context_editor/types';
+
+interface Props {
+  anonymizationFields: FindAnonymizationFieldsResponse;
+  anonymizationFieldsBulkActions: PerformBulkActionRequestBody;
+  setAnonymizationFieldsBulkActions: React.Dispatch<
+    React.SetStateAction<PerformBulkActionRequestBody>
+  >;
+  setUpdatedAnonymizationData: React.Dispatch<
+    React.SetStateAction<FindAnonymizationFieldsResponse>
+  >;
+}
+
+export const useAnonymizationListUpdate = ({
+  anonymizationFields,
+  anonymizationFieldsBulkActions,
+  setAnonymizationFieldsBulkActions,
+  setUpdatedAnonymizationData,
+}: Props) => {
+  const onListUpdated = useCallback(
+    async (updates: BatchUpdateListItem[]) => {
+      const updatedFieldsKeys = updates.map((u) => u.field);
+
+      const updatedFields = updates.map((u) => ({
+        ...(anonymizationFields.data.find((f) => f.field === u.field) ?? { id: '', field: '' }),
+        ...(u.update === 'allow' || u.update === 'defaultAllow'
+          ? { allowed: u.operation === 'add' }
+          : {}),
+        ...(u.update === 'allowReplacement' || u.update === 'defaultAllowReplacement'
+          ? { anonymized: u.operation === 'add' }
+          : {}),
+      }));
+      setAnonymizationFieldsBulkActions({
+        ...anonymizationFieldsBulkActions,
+        // Only update makes sense now, as long as we don't have an add new field design/UX
+        update: [...(anonymizationFieldsBulkActions?.update ?? []), ...updatedFields],
+      });
+      setUpdatedAnonymizationData({
+        ...anonymizationFields,
+        data: [
+          ...anonymizationFields.data.filter((f) => !updatedFieldsKeys.includes(f.field)),
+          ...updatedFields,
+        ],
+      });
+    },
+    [
+      anonymizationFields,
+      anonymizationFieldsBulkActions,
+      setAnonymizationFieldsBulkActions,
+      setUpdatedAnonymizationData,
+    ]
+  );
+
+  return onListUpdated;
+};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings_management/index.tsx
new file mode 100644
index 0000000000000..3e3812510f076
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization/settings/anonymization_settings_management/index.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFlexGroup, EuiPanel, EuiSpacer, EuiText, EuiTitle } from '@elastic/eui';
+import React from 'react';
+
+import { FindAnonymizationFieldsResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/find_anonymization_fields_route.gen';
+import { PerformBulkActionRequestBody } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+import { euiThemeVars } from '@kbn/ui-theme';
+import { Stats } from '../../../data_anonymization_editor/stats';
+import { ContextEditor } from '../../../data_anonymization_editor/context_editor';
+import * as i18n from '../anonymization_settings/translations';
+import { useAnonymizationListUpdate } from '../anonymization_settings/use_anonymization_list_update';
+
+export interface Props {
+  defaultPageSize?: number;
+  anonymizationFields: FindAnonymizationFieldsResponse;
+  anonymizationFieldsBulkActions: PerformBulkActionRequestBody;
+  setAnonymizationFieldsBulkActions: React.Dispatch<
+    React.SetStateAction<PerformBulkActionRequestBody>
+  >;
+  setUpdatedAnonymizationData: React.Dispatch<
+    React.SetStateAction<FindAnonymizationFieldsResponse>
+  >;
+}
+
+const AnonymizationSettingsManagementComponent: React.FC<Props> = ({
+  defaultPageSize,
+  anonymizationFields,
+  anonymizationFieldsBulkActions,
+  setAnonymizationFieldsBulkActions,
+  setUpdatedAnonymizationData,
+}) => {
+  const onListUpdated = useAnonymizationListUpdate({
+    anonymizationFields,
+    anonymizationFieldsBulkActions,
+    setAnonymizationFieldsBulkActions,
+    setUpdatedAnonymizationData,
+  });
+  return (
+    <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+      <EuiTitle size={'xs'}>
+        <h2>{i18n.SETTINGS_TITLE}</h2>
+      </EuiTitle>
+      <EuiSpacer size="s" />
+      <EuiText size={'xs'}>{i18n.SETTINGS_DESCRIPTION}</EuiText>
+
+      <EuiSpacer size="m" />
+
+      <EuiFlexGroup alignItems="center" data-test-subj="summary" gutterSize="none">
+        <Stats
+          isDataAnonymizable={true}
+          anonymizationFields={anonymizationFields.data}
+          titleSize="m"
+          gap={euiThemeVars.euiSizeS}
+        />
+      </EuiFlexGroup>
+
+      <EuiSpacer size="m" />
+
+      <ContextEditor
+        anonymizationFields={anonymizationFields}
+        compressed={false}
+        onListUpdated={onListUpdated}
+        rawData={null}
+        pageSize={defaultPageSize}
+      />
+    </EuiPanel>
+  );
+};
+
+AnonymizationSettingsManagementComponent.displayName = 'AnonymizationSettingsManagementComponent';
+
+export const AnonymizationSettingsManagement = React.memo(AnonymizationSettingsManagementComponent);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/context_editor/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/context_editor/index.tsx
index 6eeb80f2bb911..13ed9bd866513 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/context_editor/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/context_editor/index.tsx
@@ -17,8 +17,10 @@ import { Toolbar } from './toolbar';
 import * as i18n from './translations';
 import { BatchUpdateListItem, ContextEditorRow, FIELDS, SortConfig } from './types';
 import { useAssistantContext } from '../../assistant_context';
+import { useSessionPagination } from '../../assistant/common/components/assistant_settings_management/pagination/use_session_pagination';
+import { ANONYMIZATION_TABLE_SESSION_STORAGE_KEY } from '../../assistant_context/constants';
 
-export const DEFAULT_PAGE_SIZE = 10;
+const DEFAULT_PAGE_SIZE = 10;
 
 const Wrapper = styled.div`
   > div > .euiSpacer {
@@ -33,8 +35,14 @@ const defaultSort: SortConfig = {
   },
 };
 
+export const DEFAULT_TABLE_OPTIONS = {
+  page: { size: DEFAULT_PAGE_SIZE, index: 0 },
+  ...defaultSort,
+};
+
 export interface Props {
   anonymizationFields: FindAnonymizationFieldsResponse;
+  compressed?: boolean;
   onListUpdated: (updates: BatchUpdateListItem[]) => void;
   rawData: Record<string, string[]> | null;
   pageSize?: number;
@@ -60,6 +68,7 @@ const search: EuiSearchBarProps = {
 
 const ContextEditorComponent: React.FC<Props> = ({
   anonymizationFields,
+  compressed = true,
   onListUpdated,
   rawData,
   pageSize = DEFAULT_PAGE_SIZE,
@@ -67,6 +76,7 @@ const ContextEditorComponent: React.FC<Props> = ({
   const isAllSelected = useRef(false); // Must be a ref and not state in order not to re-render `selectionValue`, which fires `onSelectionChange` twice
   const {
     assistantAvailability: { hasUpdateAIAssistantAnonymization },
+    nameSpace,
   } = useAssistantContext();
   const [selected, setSelection] = useState<ContextEditorRow[]>([]);
   const selectionValue: EuiTableSelectionType<ContextEditorRow> = useMemo(
@@ -106,12 +116,11 @@ const ContextEditorComponent: React.FC<Props> = ({
     setSelection(rows);
   }, [rows]);
 
-  const pagination = useMemo(() => {
-    return {
-      initialPageSize: pageSize,
-      pageSizeOptions: [5, DEFAULT_PAGE_SIZE, 25, 50],
-    };
-  }, [pageSize]);
+  const { onTableChange, pagination, sorting } = useSessionPagination({
+    defaultTableOptions: DEFAULT_TABLE_OPTIONS,
+    nameSpace,
+    storageKey: ANONYMIZATION_TABLE_SESSION_STORAGE_KEY,
+  });
 
   const toolbar = useMemo(
     () => (
@@ -131,14 +140,15 @@ const ContextEditorComponent: React.FC<Props> = ({
         allowNeutralSort={false}
         childrenBetween={hasUpdateAIAssistantAnonymization ? toolbar : undefined}
         columns={columns}
-        compressed={true}
+        compressed={compressed}
         data-test-subj="contextEditor"
         itemId={FIELDS.FIELD}
         items={rows}
         pagination={pagination}
         search={search}
         selection={selectionValue}
-        sorting={defaultSort}
+        sorting={sorting}
+        onTableChange={onTableChange}
       />
     </Wrapper>
   );
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/allowed_stat/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/allowed_stat/index.tsx
index 2febee604e4b5..9d893cdaa65a2 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/allowed_stat/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/allowed_stat/index.tsx
@@ -15,11 +15,19 @@ import * as i18n from './translations';
 
 interface Props {
   allowed: number;
+  titleSize?: 'xs' | 's' | 'xxxs' | 'xxs' | 'm' | 'l' | undefined;
+  gap?: string;
   total: number;
   inline?: boolean;
 }
 
-const AllowedStatComponent: React.FC<Props> = ({ allowed, total, inline }) => {
+const AllowedStatComponent: React.FC<Props> = ({
+  allowed,
+  total,
+  inline,
+  titleSize = TITLE_SIZE,
+  gap = euiThemeVars.euiSizeXS,
+}) => {
   const tooltipContent = useMemo(() => i18n.ALLOWED_TOOLTIP({ allowed, total }), [allowed, total]);
 
   return (
@@ -30,7 +38,7 @@ const AllowedStatComponent: React.FC<Props> = ({ allowed, total, inline }) => {
             ? css`
                 display: flex;
                 align-items: center;
-                gap: ${euiThemeVars.euiSizeXS};
+                gap: ${gap};
               `
             : null
         }
@@ -38,7 +46,7 @@ const AllowedStatComponent: React.FC<Props> = ({ allowed, total, inline }) => {
         description={i18n.ALLOWED}
         reverse
         title={allowed}
-        titleSize={TITLE_SIZE}
+        titleSize={titleSize}
       />
     </EuiToolTip>
   );
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/anonymized_stat/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/anonymized_stat/index.tsx
index 210b65c6d6a70..74b3e631b7117 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/anonymized_stat/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/anonymized_stat/index.tsx
@@ -16,11 +16,19 @@ import * as i18n from './translations';
 
 interface Props {
   anonymized: number;
+  titleSize?: 'xs' | 's' | 'xxxs' | 'xxs' | 'm' | 'l' | undefined;
+  gap?: string;
   isDataAnonymizable: boolean;
   inline?: boolean;
 }
 
-const AnonymizedStatComponent: React.FC<Props> = ({ anonymized, isDataAnonymizable, inline }) => {
+const AnonymizedStatComponent: React.FC<Props> = ({
+  anonymized,
+  isDataAnonymizable,
+  inline,
+  titleSize = TITLE_SIZE,
+  gap = euiThemeVars.euiSizeXS,
+}) => {
   const color = useMemo(() => getColor(isDataAnonymizable), [isDataAnonymizable]);
 
   const tooltipContent = useMemo(
@@ -45,7 +53,7 @@ const AnonymizedStatComponent: React.FC<Props> = ({ anonymized, isDataAnonymizab
             ? css`
                 display: flex;
                 align-items: center;
-                gap: ${euiThemeVars.euiSizeXS};
+                gap: ${gap};
               `
             : null
         }
@@ -54,7 +62,7 @@ const AnonymizedStatComponent: React.FC<Props> = ({ anonymized, isDataAnonymizab
         reverse
         titleColor={color}
         title={anonymized}
-        titleSize={TITLE_SIZE}
+        titleSize={titleSize}
       />
     </EuiToolTip>
   );
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/available_stat/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/available_stat/index.tsx
index 6e5853c871a6f..d29bfab02b897 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/available_stat/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/available_stat/index.tsx
@@ -15,10 +15,17 @@ import * as i18n from './translations';
 
 interface Props {
   total: number;
+  titleSize?: 'xs' | 's' | 'xxxs' | 'xxs' | 'm' | 'l' | undefined;
+  gap?: string;
   inline?: boolean;
 }
 
-const AvailableStatComponent: React.FC<Props> = ({ total, inline }) => {
+const AvailableStatComponent: React.FC<Props> = ({
+  total,
+  inline,
+  titleSize = TITLE_SIZE,
+  gap = euiThemeVars.euiSizeXS,
+}) => {
   const tooltipContent = useMemo(() => i18n.AVAILABLE_TOOLTIP(total), [total]);
 
   return (
@@ -29,7 +36,7 @@ const AvailableStatComponent: React.FC<Props> = ({ total, inline }) => {
             ? css`
                 display: flex;
                 align-items: center;
-                gap: ${euiThemeVars.euiSizeXS};
+                gap: ${gap};
               `
             : null
         }
@@ -37,7 +44,7 @@ const AvailableStatComponent: React.FC<Props> = ({ total, inline }) => {
         description={i18n.AVAILABLE}
         reverse
         title={total}
-        titleSize={TITLE_SIZE}
+        titleSize={titleSize}
       />
     </EuiToolTip>
   );
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/constants.ts b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/constants.ts
index ba1e02e569bc2..ed5c08a0c64f9 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/constants.ts
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/constants.ts
@@ -6,3 +6,4 @@
  */
 
 export const TITLE_SIZE = 'xs';
+export const STAT_TITLE_SIZE = 'm';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/index.tsx
index 2068bc517025d..b628119032d1a 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/data_anonymization_editor/stats/index.tsx
@@ -27,6 +27,8 @@ interface Props {
   rawData?: string | Record<string, string[]>;
   inline?: boolean;
   replacements?: Replacements;
+  titleSize?: 's' | 'l' | 'xs' | 'm' | 'xxxs' | 'xxs' | undefined;
+  gap?: string;
 }
 
 const StatsComponent: React.FC<Props> = ({
@@ -35,6 +37,8 @@ const StatsComponent: React.FC<Props> = ({
   rawData,
   inline,
   replacements,
+  titleSize,
+  gap,
 }) => {
   const { allowed, anonymized, total } = useMemo(
     () =>
@@ -50,7 +54,13 @@ const StatsComponent: React.FC<Props> = ({
     <EuiFlexGroup alignItems="center" data-test-subj="stats" gutterSize="none">
       {isDataAnonymizable && (
         <StatFlexItem grow={false}>
-          <AllowedStat allowed={allowed} total={total} inline={inline} />
+          <AllowedStat
+            allowed={allowed}
+            gap={gap}
+            total={total}
+            inline={inline}
+            titleSize={titleSize}
+          />
         </StatFlexItem>
       )}
 
@@ -59,12 +69,14 @@ const StatsComponent: React.FC<Props> = ({
           anonymized={anonymized}
           isDataAnonymizable={isDataAnonymizable || anonymized > 0}
           inline={inline}
+          titleSize={titleSize}
+          gap={gap}
         />
       </StatFlexItem>
 
       {isDataAnonymizable && (
         <StatFlexItem grow={false}>
-          <AvailableStat total={total} inline={inline} />
+          <AvailableStat total={total} inline={inline} titleSize={titleSize} gap={gap} />
         </StatFlexItem>
       )}
     </EuiFlexGroup>
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx b/x-pack/packages/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx
index 1b3a5183bd208..17e977fdbf80f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx
@@ -49,6 +49,7 @@ export const TestProvidersComponent: React.FC<Props> = ({
   });
   const mockGetComments = jest.fn(() => []);
   const mockHttp = httpServiceMock.createStartContract({ basePath: '/test' });
+  const mockNavigateToApp = jest.fn();
   const queryClient = new QueryClient({
     defaultOptions: {
       queries: {
@@ -78,6 +79,7 @@ export const TestProvidersComponent: React.FC<Props> = ({
             getComments={mockGetComments}
             http={mockHttp}
             baseConversations={{}}
+            navigateToApp={mockNavigateToApp}
             {...providerContext}
           >
             {children}
diff --git a/x-pack/packages/kbn-langchain/server/language_models/constants.ts b/x-pack/packages/kbn-langchain/server/language_models/constants.ts
index be9866023120e..ab7c6c7b648bf 100644
--- a/x-pack/packages/kbn-langchain/server/language_models/constants.ts
+++ b/x-pack/packages/kbn-langchain/server/language_models/constants.ts
@@ -5,11 +5,17 @@
  * 2.0.
  */
 
-export const getDefaultArguments = (llmType?: string, temperature?: number, stop?: string[]) =>
+export const getDefaultArguments = (
+  llmType?: string,
+  temperature?: number,
+  stop?: string[],
+  maxTokens?: number
+) =>
   llmType === 'bedrock'
     ? {
         temperature: temperature ?? DEFAULT_BEDROCK_TEMPERATURE,
         stopSequences: stop ?? DEFAULT_BEDROCK_STOP_SEQUENCES,
+        maxTokens,
       }
     : llmType === 'gemini'
     ? {
diff --git a/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.test.ts b/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.test.ts
index a9d2142fc3963..7ec9f1e773340 100644
--- a/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.test.ts
+++ b/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.test.ts
@@ -226,6 +226,7 @@ describe('ActionsClientSimpleChatModel', () => {
         actions: mockStreamActions,
         llmType: 'bedrock',
         streaming: true,
+        maxTokens: 333,
       });
 
       const result = await actionsClientSimpleChatModel._call(
@@ -236,6 +237,14 @@ describe('ActionsClientSimpleChatModel', () => {
       const subAction = mockStreamExecute.mock.calls[0][0].params.subAction;
       expect(subAction).toEqual('invokeStream');
 
+      const { messages, ...rest } = mockStreamExecute.mock.calls[0][0].params.subActionParams;
+
+      expect(rest).toEqual({
+        temperature: 0,
+        stopSequences: ['\n'],
+        maxTokens: 333,
+      });
+
       expect(result).toEqual(mockActionResponse.message);
     });
     it('returns the expected content when _call is invoked with streaming and llmType is Gemini', async () => {
@@ -244,6 +253,7 @@ describe('ActionsClientSimpleChatModel', () => {
         actions: mockStreamActions,
         llmType: 'gemini',
         streaming: true,
+        maxTokens: 333,
       });
 
       const result = await actionsClientSimpleChatModel._call(
@@ -253,6 +263,11 @@ describe('ActionsClientSimpleChatModel', () => {
       );
       const subAction = mockStreamExecute.mock.calls[0][0].params.subAction;
       expect(subAction).toEqual('invokeStream');
+      const { messages, ...rest } = mockStreamExecute.mock.calls[0][0].params.subActionParams;
+
+      expect(rest).toEqual({
+        temperature: 0,
+      });
 
       expect(result).toEqual(mockActionResponse.message);
     });
diff --git a/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.ts b/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.ts
index 161e3601ee3ae..97f7c20cc110a 100644
--- a/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.ts
+++ b/x-pack/packages/kbn-langchain/server/language_models/simple_chat_model.ts
@@ -98,20 +98,13 @@ export class ActionsClientSimpleChatModel extends SimpleChatModel {
     if (!messages.length) {
       throw new Error('No messages provided.');
     }
-    const formattedMessages = [];
-    if (messages.length >= 2) {
-      messages.forEach((message, i) => {
-        if (typeof message.content !== 'string') {
-          throw new Error('Multimodal messages are not supported.');
-        }
-        formattedMessages.push(getMessageContentAndRole(message.content, message._getType()));
-      });
-    } else {
-      if (typeof messages[0].content !== 'string') {
+    const formattedMessages: Array<{ content: string; role: string }> = [];
+    messages.forEach((message, i) => {
+      if (typeof message.content !== 'string') {
         throw new Error('Multimodal messages are not supported.');
       }
-      formattedMessages.push(getMessageContentAndRole(messages[0].content));
-    }
+      formattedMessages.push(getMessageContentAndRole(message.content, message._getType()));
+    });
     this.#logger.debug(
       `ActionsClientSimpleChatModel#_call\ntraceId: ${
         this.#traceId
@@ -125,12 +118,10 @@ export class ActionsClientSimpleChatModel extends SimpleChatModel {
         subActionParams: {
           model: this.model,
           messages: formattedMessages,
-          maxTokens: this.#maxTokens,
-          ...getDefaultArguments(this.llmType, this.temperature, options.stop),
+          ...getDefaultArguments(this.llmType, this.temperature, options.stop, this.#maxTokens),
         },
       },
     };
-
     // create an actions client from the authenticated request context:
     const actionsClient = await this.#actions.getActionsClientWithRequest(this.#request);
 
diff --git a/x-pack/packages/kbn-langchain/server/utils/bedrock.ts b/x-pack/packages/kbn-langchain/server/utils/bedrock.ts
index 08e884ef01da2..f9a3837750cda 100644
--- a/x-pack/packages/kbn-langchain/server/utils/bedrock.ts
+++ b/x-pack/packages/kbn-langchain/server/utils/bedrock.ts
@@ -180,7 +180,7 @@ const prepareBedrockOutput = (responseBody: CompletionChunk, logger?: Logger): s
       return responseBody.delta.text;
     }
   }
-  logger?.warn(`Failed to parse bedrock chunk ${JSON.stringify(responseBody)}`);
+  // ignore any chunks that do not include text output
   return '';
 };
 
diff --git a/x-pack/packages/ml/json_schemas/README.md b/x-pack/packages/ml/json_schemas/README.md
new file mode 100644
index 0000000000000..1d8de910d38f7
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/README.md
@@ -0,0 +1,3 @@
+# @kbn/json-schemas
+
+JSON schema for code editors in Kibana
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index_route.ts b/x-pack/packages/ml/json_schemas/index.ts
similarity index 79%
rename from x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index_route.ts
rename to x-pack/packages/ml/json_schemas/index.ts
index 7ed58c18f4e96..a03ea607669e5 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index_route.ts
+++ b/x-pack/packages/ml/json_schemas/index.ts
@@ -5,6 +5,4 @@
  * 2.0.
  */
 
-export interface CreateIndexResponse {
-  acknowledged: boolean;
-}
+export { JsonSchemaService } from './src/json_schema_service';
diff --git a/x-pack/packages/ml/json_schemas/jest.config.js b/x-pack/packages/ml/json_schemas/jest.config.js
new file mode 100644
index 0000000000000..ee3bee9c626bf
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/jest.config.js
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test/jest_node',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/packages/ml/json_schemas'],
+};
diff --git a/x-pack/packages/ml/json_schemas/kibana.jsonc b/x-pack/packages/ml/json_schemas/kibana.jsonc
new file mode 100644
index 0000000000000..4233a2938ecae
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/json-schemas",
+  "owner": "@elastic/ml-ui"
+}
diff --git a/x-pack/packages/ml/json_schemas/package.json b/x-pack/packages/ml/json_schemas/package.json
new file mode 100644
index 0000000000000..62e2574b153a5
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/package.json
@@ -0,0 +1,9 @@
+{
+  "name": "@kbn/json-schemas",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0",
+  "scripts": {
+    "jsonSchema": "../../../../node_modules/ts-node/dist/bin.js scripts/index.ts"
+  }
+}
diff --git a/x-pack/packages/ml/json_schemas/scripts/index.ts b/x-pack/packages/ml/json_schemas/scripts/index.ts
new file mode 100644
index 0000000000000..6203a95f9df5b
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/scripts/index.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { run } from '@kbn/dev-cli-runner';
+import { JsonSchemaService } from '../src/json_schema_service';
+
+const pathToOpenAPI = process.argv[2];
+
+run(async ({ log }) => {
+  try {
+    await new JsonSchemaService(pathToOpenAPI).createSchemaFiles();
+    log.success('Schema files created successfully.');
+  } catch (e) {
+    log.error(`Error creating schema files: ${e}`);
+    process.exit(1);
+  }
+});
diff --git a/x-pack/packages/ml/json_schemas/src/json_schema_service.ts b/x-pack/packages/ml/json_schemas/src/json_schema_service.ts
new file mode 100644
index 0000000000000..e6974a5486f72
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/src/json_schema_service.ts
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Fs from 'fs';
+import Path from 'path';
+import { jsonSchemaOverrides } from './schema_overrides';
+import { type PropertyDefinition } from './types';
+
+export type EditorEndpoints = typeof supportedEndpoints[number]['path'];
+
+const supportedEndpoints = [
+  {
+    path: '/_ml/anomaly_detectors/{job_id}' as const,
+    method: 'put',
+  },
+  {
+    path: '/_ml/datafeeds/{datafeed_id}' as const,
+    method: 'put',
+  },
+  {
+    path: '/_transform/{transform_id}' as const,
+    method: 'put',
+    props: ['pivot'],
+  },
+  {
+    path: '/_ml/data_frame/analytics/{id}' as const,
+    method: 'put',
+  },
+];
+
+/**
+ *
+ */
+export class JsonSchemaService {
+  constructor(
+    // By default assume that openapi file is in the next to Kibana folder
+    private readonly pathToOpenAPI: string = Path.resolve(
+      __dirname,
+      '..',
+      '..',
+      '..',
+      '..',
+      '..',
+      '..',
+      'elasticsearch-specification',
+      'output',
+      'openapi',
+      'elasticsearch-serverless-openapi.json'
+    )
+  ) {}
+
+  private applyOverrides(path: EditorEndpoints, schema: PropertyDefinition): PropertyDefinition {
+    const overrides = jsonSchemaOverrides[path];
+
+    if (!overrides) return schema;
+
+    return {
+      ...schema,
+      ...overrides,
+      properties: {
+        ...schema.properties,
+        ...overrides.properties,
+      },
+    };
+  }
+
+  private allComponents: Record<string, object> = {};
+  private componentsDict = new Set<string>();
+
+  /**
+   * Extracts only used components
+   */
+  private extractComponents(bodySchema: object) {
+    for (const prop of Object.values(bodySchema)) {
+      if (typeof prop !== 'object' || !prop) {
+        continue;
+      }
+
+      // Check if prop contains a $ref
+      if (prop.$ref) {
+        if (!this.componentsDict.has(prop.$ref)) {
+          this.componentsDict.add(prop.$ref);
+          // Check all references of this ref
+          const schemaKey: string = prop.$ref.split('/').pop()!;
+          // @ts-ignore
+          this.extractComponents(this.allComponents.schemas[schemaKey]);
+        }
+      }
+
+      this.extractComponents(prop);
+    }
+  }
+
+  public async resolveSchema(
+    path: EditorEndpoints,
+    method: string,
+    props?: string[],
+    schema?: object
+  ) {
+    const fileContent =
+      schema ?? JSON.parse(Fs.readFileSync(Path.resolve(__dirname, 'openapi.json'), 'utf8'));
+
+    const definition = fileContent.paths[path][method];
+
+    if (!definition) {
+      throw new Error('Schema definition is not defined');
+    }
+
+    let bodySchema = definition.requestBody.content['application/json'].schema;
+
+    // Store components for a later use, to extract only used components
+    this.allComponents = fileContent.components;
+
+    if (props) {
+      // Only extract requested properties from the schema
+      const propDef = bodySchema.properties[props[0]];
+      if (propDef.$ref) {
+        bodySchema = fileContent.components.schemas[propDef.$ref.split('/').pop()!];
+      }
+    }
+
+    bodySchema = this.applyOverrides(path, bodySchema);
+
+    // Extract only used components
+    this.extractComponents(bodySchema);
+
+    const components = Array.from(this.componentsDict).reduce(
+      (acc, ref) => {
+        // Split component path
+        const componentName = ref.split('/').pop()!;
+        // @ts-ignore
+        acc.schemas[componentName] = fileContent.components.schemas[componentName];
+        return acc;
+      },
+      { schemas: {} }
+    );
+
+    return {
+      ...bodySchema,
+      components,
+    };
+  }
+
+  /**
+   * Generates schema files for each supported endpoint from the openapi file.
+   */
+  public async createSchemaFiles() {
+    const schema = JSON.parse(Fs.readFileSync(this.pathToOpenAPI, 'utf8'));
+
+    await Promise.all(
+      supportedEndpoints.map(async (e) => {
+        // need to extract schema in order to keep required components
+        this.componentsDict.clear();
+        const result = await this.resolveSchema(e.path, e.method, e.props, schema);
+        Fs.writeFileSync(
+          Path.resolve(
+            __dirname,
+            `${e.method}_${e.path.replace(/[\{\}\/]/g, '_')}${
+              e.props ? '__' + e.props.join('_') : ''
+            }_schema.json`
+          ),
+          JSON.stringify(result, null, 2)
+        );
+      })
+    );
+  }
+}
diff --git a/x-pack/packages/ml/json_schemas/src/put___ml_anomaly_detectors__job_id__schema.json b/x-pack/packages/ml/json_schemas/src/put___ml_anomaly_detectors__job_id__schema.json
new file mode 100644
index 0000000000000..79a871f1ef3fa
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/src/put___ml_anomaly_detectors__job_id__schema.json
@@ -0,0 +1,10887 @@
+{
+  "type": "object",
+  "properties": {
+    "allow_lazy_open": {
+      "description": "Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. By default, if a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide `xpack.ml.max_lazy_ml_nodes` setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.",
+      "type": "boolean"
+    },
+    "analysis_config": {
+      "$ref": "#/components/schemas/ml._types:AnalysisConfig"
+    },
+    "analysis_limits": {
+      "$ref": "#/components/schemas/ml._types:AnalysisLimits"
+    },
+    "background_persist_interval": {
+      "$ref": "#/components/schemas/_types:Duration"
+    },
+    "custom_settings": {
+      "$ref": "#/components/schemas/ml._types:CustomSettings"
+    },
+    "daily_model_snapshot_retention_after_days": {
+      "description": "Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to `model_snapshot_retention_days`.",
+      "type": "number"
+    },
+    "data_description": {
+      "$ref": "#/components/schemas/ml._types:DataDescription"
+    },
+    "datafeed_config": {
+      "$ref": "#/components/schemas/ml._types:DatafeedConfig"
+    },
+    "description": {
+      "description": "A description of the job.",
+      "type": "string"
+    },
+    "groups": {
+      "description": "A list of job groups. A job can belong to no groups or many.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "model_plot_config": {
+      "$ref": "#/components/schemas/ml._types:ModelPlotConfig"
+    },
+    "model_snapshot_retention_days": {
+      "description": "Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. By default, snapshots ten days older than the newest snapshot are deleted.",
+      "type": "number"
+    },
+    "renormalization_window_days": {
+      "description": "Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket spans.",
+      "type": "number"
+    },
+    "results_index_name": {
+      "$ref": "#/components/schemas/_types:IndexName"
+    },
+    "results_retention_days": {
+      "description": "Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.",
+      "type": "number"
+    },
+    "job_id": {
+      "type": "string",
+      "description": "Identifier for the anomaly detection job."
+    }
+  },
+  "required": [
+    "analysis_config",
+    "data_description"
+  ],
+  "components": {
+    "schemas": {
+      "ml._types:AnalysisConfig": {
+        "type": "object",
+        "properties": {
+          "bucket_span": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "categorization_analyzer": {
+            "$ref": "#/components/schemas/ml._types:CategorizationAnalyzer"
+          },
+          "categorization_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "categorization_filters": {
+            "description": "If `categorization_field_name` is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as `categorization_analyzer`. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the `categorization_analyzer` property instead and include the filters as pattern_replace character filters. The effect is exactly the same.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "detectors": {
+            "description": "Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/ml._types:Detector"
+            }
+          },
+          "influencers": {
+            "description": "A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          },
+          "latency": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "model_prune_window": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "multivariate_by_fields": {
+            "description": "This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to `true`, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the `multivariate_by_fields` property, you must also specify `by_field_name` in your detector.",
+            "type": "boolean"
+          },
+          "per_partition_categorization": {
+            "$ref": "#/components/schemas/ml._types:PerPartitionCategorization"
+          },
+          "summary_count_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "detectors"
+        ]
+      },
+      "_types:Duration": {
+        "externalDocs": {
+          "url": "https://github.com/elastic/elasticsearch/blob/current/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java"
+        },
+        "description": "A duration. Units can be `nanos`, `micros`, `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours) and\n`d` (days). Also accepts \"0\" without a unit and \"-1\" to indicate an unspecified value.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "string",
+            "enum": [
+              "-1"
+            ]
+          },
+          {
+            "type": "string",
+            "enum": [
+              "0"
+            ]
+          }
+        ]
+      },
+      "ml._types:CategorizationAnalyzer": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/ml._types:CategorizationAnalyzerDefinition"
+          }
+        ]
+      },
+      "ml._types:CategorizationAnalyzerDefinition": {
+        "type": "object",
+        "properties": {
+          "char_filter": {
+            "description": "One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of `categorization_filters` (which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.analysis:CharFilter"
+            }
+          },
+          "filter": {
+            "description": "One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.analysis:TokenFilter"
+            }
+          },
+          "tokenizer": {
+            "$ref": "#/components/schemas/_types.analysis:Tokenizer"
+          }
+        }
+      },
+      "_types.analysis:CharFilter": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterDefinition"
+          }
+        ]
+      },
+      "_types.analysis:CharFilterDefinition": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:HtmlStripCharFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:MappingCharFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternReplaceCharFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationCharFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiIterationMarkCharFilter"
+          }
+        ]
+      },
+      "_types.analysis:HtmlStripCharFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "html_strip"
+                ]
+              },
+              "escaped_tags": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:CharFilterBase": {
+        "type": "object",
+        "properties": {
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        }
+      },
+      "_types:VersionString": {
+        "type": "string"
+      },
+      "_types.analysis:MappingCharFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "mapping"
+                ]
+              },
+              "mappings": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "mappings_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PatternReplaceCharFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "pattern_replace"
+                ]
+              },
+              "flags": {
+                "type": "string"
+              },
+              "pattern": {
+                "type": "string"
+              },
+              "replacement": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type",
+              "pattern"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuNormalizationCharFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_normalizer"
+                ]
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.analysis:IcuNormalizationMode"
+              },
+              "name": {
+                "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuNormalizationMode": {
+        "type": "string",
+        "enum": [
+          "decompose",
+          "compose"
+        ]
+      },
+      "_types.analysis:IcuNormalizationType": {
+        "type": "string",
+        "enum": [
+          "nfc",
+          "nfkc",
+          "nfkc_cf"
+        ]
+      },
+      "_types.analysis:KuromojiIterationMarkCharFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kuromoji_iteration_mark"
+                ]
+              },
+              "normalize_kana": {
+                "type": "boolean"
+              },
+              "normalize_kanji": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type",
+              "normalize_kana",
+              "normalize_kanji"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TokenFilter": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterDefinition"
+          }
+        ]
+      },
+      "_types.analysis:TokenFilterDefinition": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:AsciiFoldingTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:CommonGramsTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:ConditionTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DelimitedPayloadTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:EdgeNGramTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:ElisionTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:FingerprintTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:HunspellTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:HyphenationDecompounderTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeepTypesTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeepWordsTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordMarkerTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KStemTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LengthTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LimitTokenCountTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LowercaseTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:MultiplexerTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NGramTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriPartOfSpeechTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternCaptureTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternReplaceTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PorterStemTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PredicateTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:RemoveDuplicatesTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:ReverseTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:ShingleTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SnowballTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StemmerOverrideTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StemmerTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StopTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SynonymGraphTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SynonymTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:TrimTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:TruncateTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:UniqueTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:UppercaseTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WordDelimiterGraphTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WordDelimiterTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiStemmerTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiReadingFormTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiPartOfSpeechTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuCollationTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuFoldingTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuTransformTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PhoneticTokenFilter"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DictionaryDecompounderTokenFilter"
+          }
+        ]
+      },
+      "_types.analysis:AsciiFoldingTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "asciifolding"
+                ]
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TokenFilterBase": {
+        "type": "object",
+        "properties": {
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        }
+      },
+      "_spec_utils:Stringifiedboolean": {
+        "description": "Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior\nis used to capture this behavior while keeping the semantics of the field type.\n\nDepending on the target language, code generators can keep the union or remove it and leniently parse\nstrings to the target type.",
+        "oneOf": [
+          {
+            "type": "boolean"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.analysis:CommonGramsTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "common_grams"
+                ]
+              },
+              "common_words": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "common_words_path": {
+                "type": "string"
+              },
+              "ignore_case": {
+                "type": "boolean"
+              },
+              "query_mode": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:ConditionTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "condition"
+                ]
+              },
+              "filter": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "type",
+              "filter",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types:Script": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:InlineScript"
+          },
+          {
+            "$ref": "#/components/schemas/_types:StoredScriptId"
+          }
+        ]
+      },
+      "_types:InlineScript": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lang": {
+                "$ref": "#/components/schemas/_types:ScriptLanguage"
+              },
+              "options": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "string"
+                }
+              },
+              "source": {
+                "description": "The script source.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "source"
+            ]
+          }
+        ]
+      },
+      "_types:ScriptBase": {
+        "type": "object",
+        "properties": {
+          "params": {
+            "description": "Specifies any named parameters that are passed into the script as variables.\nUse parameters instead of hard-coded values to decrease compile time.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          }
+        }
+      },
+      "_types:ScriptLanguage": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "painless",
+              "expression",
+              "mustache",
+              "java"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:StoredScriptId": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              }
+            },
+            "required": [
+              "id"
+            ]
+          }
+        ]
+      },
+      "_types:Id": {
+        "type": "string"
+      },
+      "_types.analysis:DelimitedPayloadTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "delimited_payload"
+                ]
+              },
+              "delimiter": {
+                "type": "string"
+              },
+              "encoding": {
+                "$ref": "#/components/schemas/_types.analysis:DelimitedPayloadEncoding"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:DelimitedPayloadEncoding": {
+        "type": "string",
+        "enum": [
+          "int",
+          "float",
+          "identity"
+        ]
+      },
+      "_types.analysis:EdgeNGramTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "edge_ngram"
+                ]
+              },
+              "max_gram": {
+                "type": "number"
+              },
+              "min_gram": {
+                "type": "number"
+              },
+              "side": {
+                "$ref": "#/components/schemas/_types.analysis:EdgeNGramSide"
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:EdgeNGramSide": {
+        "type": "string",
+        "enum": [
+          "front",
+          "back"
+        ]
+      },
+      "_types.analysis:ElisionTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "elision"
+                ]
+              },
+              "articles": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "articles_path": {
+                "type": "string"
+              },
+              "articles_case": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:FingerprintTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "fingerprint"
+                ]
+              },
+              "max_output_size": {
+                "type": "number"
+              },
+              "separator": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:HunspellTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "hunspell"
+                ]
+              },
+              "dedup": {
+                "type": "boolean"
+              },
+              "dictionary": {
+                "type": "string"
+              },
+              "locale": {
+                "type": "string"
+              },
+              "longest_only": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type",
+              "locale"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:HyphenationDecompounderTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CompoundWordTokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "hyphenation_decompounder"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:CompoundWordTokenFilterBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "hyphenation_patterns_path": {
+                "type": "string"
+              },
+              "max_subword_size": {
+                "type": "number"
+              },
+              "min_subword_size": {
+                "type": "number"
+              },
+              "min_word_size": {
+                "type": "number"
+              },
+              "only_longest_match": {
+                "type": "boolean"
+              },
+              "word_list": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "word_list_path": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.analysis:KeepTypesTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "keep_types"
+                ]
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.analysis:KeepTypesMode"
+              },
+              "types": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KeepTypesMode": {
+        "type": "string",
+        "enum": [
+          "include",
+          "exclude"
+        ]
+      },
+      "_types.analysis:KeepWordsTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "keep"
+                ]
+              },
+              "keep_words": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "keep_words_case": {
+                "type": "boolean"
+              },
+              "keep_words_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KeywordMarkerTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "keyword_marker"
+                ]
+              },
+              "ignore_case": {
+                "type": "boolean"
+              },
+              "keywords": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "keywords_path": {
+                "type": "string"
+              },
+              "keywords_pattern": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KStemTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kstem"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:LengthTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "length"
+                ]
+              },
+              "max": {
+                "type": "number"
+              },
+              "min": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:LimitTokenCountTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "limit"
+                ]
+              },
+              "consume_all_tokens": {
+                "type": "boolean"
+              },
+              "max_token_count": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedinteger"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_spec_utils:Stringifiedinteger": {
+        "description": "Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior\nis used to capture this behavior while keeping the semantics of the field type.\n\nDepending on the target language, code generators can keep the union or remove it and leniently parse\nstrings to the target type.",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.analysis:LowercaseTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "lowercase"
+                ]
+              },
+              "language": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:MultiplexerTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "multiplexer"
+                ]
+              },
+              "filters": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type",
+              "filters"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:NGramTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "ngram"
+                ]
+              },
+              "max_gram": {
+                "type": "number"
+              },
+              "min_gram": {
+                "type": "number"
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:NoriPartOfSpeechTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "nori_part_of_speech"
+                ]
+              },
+              "stoptags": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PatternCaptureTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "pattern_capture"
+                ]
+              },
+              "patterns": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              }
+            },
+            "required": [
+              "type",
+              "patterns"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PatternReplaceTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "pattern_replace"
+                ]
+              },
+              "all": {
+                "type": "boolean"
+              },
+              "flags": {
+                "type": "string"
+              },
+              "pattern": {
+                "type": "string"
+              },
+              "replacement": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type",
+              "pattern"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PorterStemTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "porter_stem"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PredicateTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "predicate_token_filter"
+                ]
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "type",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:RemoveDuplicatesTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "remove_duplicates"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:ReverseTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "reverse"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:ShingleTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "shingle"
+                ]
+              },
+              "filler_token": {
+                "type": "string"
+              },
+              "max_shingle_size": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "string"
+                  }
+                ]
+              },
+              "min_shingle_size": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "string"
+                  }
+                ]
+              },
+              "output_unigrams": {
+                "type": "boolean"
+              },
+              "output_unigrams_if_no_shingles": {
+                "type": "boolean"
+              },
+              "token_separator": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:SnowballTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "snowball"
+                ]
+              },
+              "language": {
+                "$ref": "#/components/schemas/_types.analysis:SnowballLanguage"
+              }
+            },
+            "required": [
+              "type",
+              "language"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:SnowballLanguage": {
+        "type": "string",
+        "enum": [
+          "Armenian",
+          "Basque",
+          "Catalan",
+          "Danish",
+          "Dutch",
+          "English",
+          "Finnish",
+          "French",
+          "German",
+          "German2",
+          "Hungarian",
+          "Italian",
+          "Kp",
+          "Lovins",
+          "Norwegian",
+          "Porter",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Spanish",
+          "Swedish",
+          "Turkish"
+        ]
+      },
+      "_types.analysis:StemmerOverrideTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "stemmer_override"
+                ]
+              },
+              "rules": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "rules_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:StemmerTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "stemmer"
+                ]
+              },
+              "language": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:StopTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "stop"
+                ]
+              },
+              "ignore_case": {
+                "type": "boolean"
+              },
+              "remove_trailing": {
+                "type": "boolean"
+              },
+              "stopwords": {
+                "$ref": "#/components/schemas/_types.analysis:StopWords"
+              },
+              "stopwords_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:StopWords": {
+        "description": "Language value, such as _arabic_ or _thai_. Defaults to _english_.\nEach language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words.\nAlso accepts an array of stop words.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.analysis:SynonymGraphTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "synonym_graph"
+                ]
+              },
+              "expand": {
+                "type": "boolean"
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types.analysis:SynonymFormat"
+              },
+              "lenient": {
+                "type": "boolean"
+              },
+              "synonyms": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "synonyms_path": {
+                "type": "string"
+              },
+              "synonyms_set": {
+                "type": "string"
+              },
+              "tokenizer": {
+                "type": "string"
+              },
+              "updateable": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:SynonymFormat": {
+        "type": "string",
+        "enum": [
+          "solr",
+          "wordnet"
+        ]
+      },
+      "_types.analysis:SynonymTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "synonym"
+                ]
+              },
+              "expand": {
+                "type": "boolean"
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types.analysis:SynonymFormat"
+              },
+              "lenient": {
+                "type": "boolean"
+              },
+              "synonyms": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "synonyms_path": {
+                "type": "string"
+              },
+              "synonyms_set": {
+                "type": "string"
+              },
+              "tokenizer": {
+                "type": "string"
+              },
+              "updateable": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TrimTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "trim"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TruncateTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "truncate"
+                ]
+              },
+              "length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:UniqueTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "unique"
+                ]
+              },
+              "only_on_same_position": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:UppercaseTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "uppercase"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:WordDelimiterGraphTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "word_delimiter_graph"
+                ]
+              },
+              "adjust_offsets": {
+                "type": "boolean"
+              },
+              "catenate_all": {
+                "type": "boolean"
+              },
+              "catenate_numbers": {
+                "type": "boolean"
+              },
+              "catenate_words": {
+                "type": "boolean"
+              },
+              "generate_number_parts": {
+                "type": "boolean"
+              },
+              "generate_word_parts": {
+                "type": "boolean"
+              },
+              "ignore_keywords": {
+                "type": "boolean"
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              },
+              "protected_words": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "protected_words_path": {
+                "type": "string"
+              },
+              "split_on_case_change": {
+                "type": "boolean"
+              },
+              "split_on_numerics": {
+                "type": "boolean"
+              },
+              "stem_english_possessive": {
+                "type": "boolean"
+              },
+              "type_table": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "type_table_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:WordDelimiterTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "word_delimiter"
+                ]
+              },
+              "catenate_all": {
+                "type": "boolean"
+              },
+              "catenate_numbers": {
+                "type": "boolean"
+              },
+              "catenate_words": {
+                "type": "boolean"
+              },
+              "generate_number_parts": {
+                "type": "boolean"
+              },
+              "generate_word_parts": {
+                "type": "boolean"
+              },
+              "preserve_original": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              },
+              "protected_words": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "protected_words_path": {
+                "type": "string"
+              },
+              "split_on_case_change": {
+                "type": "boolean"
+              },
+              "split_on_numerics": {
+                "type": "boolean"
+              },
+              "stem_english_possessive": {
+                "type": "boolean"
+              },
+              "type_table": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "type_table_path": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KuromojiStemmerTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kuromoji_stemmer"
+                ]
+              },
+              "minimum_length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type",
+              "minimum_length"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KuromojiReadingFormTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kuromoji_readingform"
+                ]
+              },
+              "use_romaji": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type",
+              "use_romaji"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KuromojiPartOfSpeechTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kuromoji_part_of_speech"
+                ]
+              },
+              "stoptags": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "type",
+              "stoptags"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuCollationTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_collation"
+                ]
+              },
+              "alternate": {
+                "$ref": "#/components/schemas/_types.analysis:IcuCollationAlternate"
+              },
+              "caseFirst": {
+                "$ref": "#/components/schemas/_types.analysis:IcuCollationCaseFirst"
+              },
+              "caseLevel": {
+                "type": "boolean"
+              },
+              "country": {
+                "type": "string"
+              },
+              "decomposition": {
+                "$ref": "#/components/schemas/_types.analysis:IcuCollationDecomposition"
+              },
+              "hiraganaQuaternaryMode": {
+                "type": "boolean"
+              },
+              "language": {
+                "type": "string"
+              },
+              "numeric": {
+                "type": "boolean"
+              },
+              "rules": {
+                "type": "string"
+              },
+              "strength": {
+                "$ref": "#/components/schemas/_types.analysis:IcuCollationStrength"
+              },
+              "variableTop": {
+                "type": "string"
+              },
+              "variant": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuCollationAlternate": {
+        "type": "string",
+        "enum": [
+          "shifted",
+          "non-ignorable"
+        ]
+      },
+      "_types.analysis:IcuCollationCaseFirst": {
+        "type": "string",
+        "enum": [
+          "lower",
+          "upper"
+        ]
+      },
+      "_types.analysis:IcuCollationDecomposition": {
+        "type": "string",
+        "enum": [
+          "no",
+          "identical"
+        ]
+      },
+      "_types.analysis:IcuCollationStrength": {
+        "type": "string",
+        "enum": [
+          "primary",
+          "secondary",
+          "tertiary",
+          "quaternary",
+          "identical"
+        ]
+      },
+      "_types.analysis:IcuFoldingTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_folding"
+                ]
+              },
+              "unicode_set_filter": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type",
+              "unicode_set_filter"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuNormalizationTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_normalizer"
+                ]
+              },
+              "name": {
+                "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+              }
+            },
+            "required": [
+              "type",
+              "name"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuTransformTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_transform"
+                ]
+              },
+              "dir": {
+                "$ref": "#/components/schemas/_types.analysis:IcuTransformDirection"
+              },
+              "id": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type",
+              "id"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuTransformDirection": {
+        "type": "string",
+        "enum": [
+          "forward",
+          "reverse"
+        ]
+      },
+      "_types.analysis:PhoneticTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "phonetic"
+                ]
+              },
+              "encoder": {
+                "$ref": "#/components/schemas/_types.analysis:PhoneticEncoder"
+              },
+              "languageset": {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.analysis:PhoneticLanguage"
+                }
+              },
+              "max_code_len": {
+                "type": "number"
+              },
+              "name_type": {
+                "$ref": "#/components/schemas/_types.analysis:PhoneticNameType"
+              },
+              "replace": {
+                "type": "boolean"
+              },
+              "rule_type": {
+                "$ref": "#/components/schemas/_types.analysis:PhoneticRuleType"
+              }
+            },
+            "required": [
+              "type",
+              "encoder",
+              "languageset",
+              "name_type",
+              "rule_type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:PhoneticEncoder": {
+        "type": "string",
+        "enum": [
+          "metaphone",
+          "double_metaphone",
+          "soundex",
+          "refined_soundex",
+          "caverphone1",
+          "caverphone2",
+          "cologne",
+          "nysiis",
+          "koelnerphonetik",
+          "haasephonetik",
+          "beider_morse",
+          "daitch_mokotoff"
+        ]
+      },
+      "_types.analysis:PhoneticLanguage": {
+        "type": "string",
+        "enum": [
+          "any",
+          "common",
+          "cyrillic",
+          "english",
+          "french",
+          "german",
+          "hebrew",
+          "hungarian",
+          "polish",
+          "romanian",
+          "russian",
+          "spanish"
+        ]
+      },
+      "_types.analysis:PhoneticNameType": {
+        "type": "string",
+        "enum": [
+          "generic",
+          "ashkenazi",
+          "sephardic"
+        ]
+      },
+      "_types.analysis:PhoneticRuleType": {
+        "type": "string",
+        "enum": [
+          "approx",
+          "exact"
+        ]
+      },
+      "_types.analysis:DictionaryDecompounderTokenFilter": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CompoundWordTokenFilterBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "dictionary_decompounder"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:Tokenizer": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerDefinition"
+          }
+        ]
+      },
+      "_types.analysis:TokenizerDefinition": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CharGroupTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:EdgeNGramTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LetterTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LowercaseTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NGramTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PathHierarchyTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StandardTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:UaxEmailUrlTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WhitespaceTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternTokenizer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuTokenizer"
+          }
+        ]
+      },
+      "_types.analysis:CharGroupTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "char_group"
+                ]
+              },
+              "tokenize_on_chars": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "max_token_length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type",
+              "tokenize_on_chars"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TokenizerBase": {
+        "type": "object",
+        "properties": {
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        }
+      },
+      "_types.analysis:EdgeNGramTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "edge_ngram"
+                ]
+              },
+              "custom_token_chars": {
+                "type": "string"
+              },
+              "max_gram": {
+                "type": "number"
+              },
+              "min_gram": {
+                "type": "number"
+              },
+              "token_chars": {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.analysis:TokenChar"
+                }
+              }
+            },
+            "required": [
+              "type",
+              "max_gram",
+              "min_gram",
+              "token_chars"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:TokenChar": {
+        "type": "string",
+        "enum": [
+          "letter",
+          "digit",
+          "whitespace",
+          "punctuation",
+          "symbol",
+          "custom"
+        ]
+      },
+      "_types.analysis:KeywordTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "keyword"
+                ]
+              },
+              "buffer_size": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type",
+              "buffer_size"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:LetterTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "letter"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:LowercaseTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "lowercase"
+                ]
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:NGramTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "ngram"
+                ]
+              },
+              "custom_token_chars": {
+                "type": "string"
+              },
+              "max_gram": {
+                "type": "number"
+              },
+              "min_gram": {
+                "type": "number"
+              },
+              "token_chars": {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.analysis:TokenChar"
+                }
+              }
+            },
+            "required": [
+              "type",
+              "max_gram",
+              "min_gram",
+              "token_chars"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:NoriTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "nori_tokenizer"
+                ]
+              },
+              "decompound_mode": {
+                "$ref": "#/components/schemas/_types.analysis:NoriDecompoundMode"
+              },
+              "discard_punctuation": {
+                "type": "boolean"
+              },
+              "user_dictionary": {
+                "type": "string"
+              },
+              "user_dictionary_rules": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:NoriDecompoundMode": {
+        "type": "string",
+        "enum": [
+          "discard",
+          "none",
+          "mixed"
+        ]
+      },
+      "_types.analysis:PathHierarchyTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "path_hierarchy"
+                ]
+              },
+              "buffer_size": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedinteger"
+              },
+              "delimiter": {
+                "type": "string"
+              },
+              "replacement": {
+                "type": "string"
+              },
+              "reverse": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedboolean"
+              },
+              "skip": {
+                "$ref": "#/components/schemas/_spec_utils:Stringifiedinteger"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:StandardTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "standard"
+                ]
+              },
+              "max_token_length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:UaxEmailUrlTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "uax_url_email"
+                ]
+              },
+              "max_token_length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:WhitespaceTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "whitespace"
+                ]
+              },
+              "max_token_length": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KuromojiTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "kuromoji_tokenizer"
+                ]
+              },
+              "discard_punctuation": {
+                "type": "boolean"
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizationMode"
+              },
+              "nbest_cost": {
+                "type": "number"
+              },
+              "nbest_examples": {
+                "type": "string"
+              },
+              "user_dictionary": {
+                "type": "string"
+              },
+              "user_dictionary_rules": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "discard_compound_token": {
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "type",
+              "mode"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:KuromojiTokenizationMode": {
+        "type": "string",
+        "enum": [
+          "normal",
+          "search",
+          "extended"
+        ]
+      },
+      "_types.analysis:PatternTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "pattern"
+                ]
+              },
+              "flags": {
+                "type": "string"
+              },
+              "group": {
+                "type": "number"
+              },
+              "pattern": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ]
+          }
+        ]
+      },
+      "_types.analysis:IcuTokenizer": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:TokenizerBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "type": "string",
+                "enum": [
+                  "icu_tokenizer"
+                ]
+              },
+              "rule_files": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "type",
+              "rule_files"
+            ]
+          }
+        ]
+      },
+      "_types:Field": {
+        "description": "Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.",
+        "type": "string"
+      },
+      "ml._types:Detector": {
+        "type": "object",
+        "properties": {
+          "by_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "custom_rules": {
+            "description": "Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/ml._types:DetectionRule"
+            }
+          },
+          "detector_description": {
+            "description": "A description of the detector.",
+            "type": "string"
+          },
+          "detector_index": {
+            "description": "A unique identifier for the detector. This identifier is based on the order of the detectors in the `analysis_config`, starting at zero. If you specify a value for this property, it is ignored.",
+            "type": "number"
+          },
+          "exclude_frequent": {
+            "$ref": "#/components/schemas/ml._types:ExcludeFrequent"
+          },
+          "field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "function": {
+            "description": "The analysis function that is used. For example, `count`, `rare`, `mean`, `min`, `max`, or `sum`.",
+            "type": "string"
+          },
+          "over_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "partition_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "use_null": {
+            "description": "Defines whether a new series is used as the null series when there is no value for the by or partition fields.",
+            "type": "boolean"
+          }
+        }
+      },
+      "ml._types:DetectionRule": {
+        "type": "object",
+        "properties": {
+          "actions": {
+            "description": "The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/ml._types:RuleAction"
+            }
+          },
+          "conditions": {
+            "description": "An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/ml._types:RuleCondition"
+            }
+          },
+          "scope": {
+            "description": "A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in `by_field_name`, `over_field_name`, or `partition_field_name`.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/ml._types:FilterRef"
+            }
+          }
+        }
+      },
+      "ml._types:RuleAction": {
+        "type": "string",
+        "enum": [
+          "skip_result",
+          "skip_model_update"
+        ]
+      },
+      "ml._types:RuleCondition": {
+        "type": "object",
+        "properties": {
+          "applies_to": {
+            "$ref": "#/components/schemas/ml._types:AppliesTo"
+          },
+          "operator": {
+            "$ref": "#/components/schemas/ml._types:ConditionOperator"
+          },
+          "value": {
+            "description": "The value that is compared against the `applies_to` field using the operator.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "applies_to",
+          "operator",
+          "value"
+        ]
+      },
+      "ml._types:AppliesTo": {
+        "type": "string",
+        "enum": [
+          "actual",
+          "typical",
+          "diff_from_typical",
+          "time"
+        ]
+      },
+      "ml._types:ConditionOperator": {
+        "type": "string",
+        "enum": [
+          "gt",
+          "gte",
+          "lt",
+          "lte"
+        ]
+      },
+      "ml._types:FilterRef": {
+        "type": "object",
+        "properties": {
+          "filter_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "filter_type": {
+            "$ref": "#/components/schemas/ml._types:FilterType"
+          }
+        },
+        "required": [
+          "filter_id"
+        ]
+      },
+      "ml._types:FilterType": {
+        "type": "string",
+        "enum": [
+          "include",
+          "exclude"
+        ]
+      },
+      "ml._types:ExcludeFrequent": {
+        "type": "string",
+        "enum": [
+          "all",
+          "none",
+          "by",
+          "over"
+        ]
+      },
+      "ml._types:PerPartitionCategorization": {
+        "type": "object",
+        "properties": {
+          "enabled": {
+            "description": "To enable this setting, you must also set the `partition_field_name` property to the same value in every detector that uses the keyword `mlcategory`. Otherwise, job creation fails.",
+            "type": "boolean"
+          },
+          "stop_on_warn": {
+            "description": "This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.",
+            "type": "boolean"
+          }
+        }
+      },
+      "ml._types:AnalysisLimits": {
+        "type": "object",
+        "properties": {
+          "categorization_examples_limit": {
+            "description": "The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The `categorization_examples_limit` applies only to analysis that uses categorization.",
+            "type": "number"
+          },
+          "model_memory_limit": {
+            "description": "The approximate maximum amount of memory resources that are required for analytical processing. Once this limit is approached, data pruning becomes more aggressive. Upon exceeding this limit, new entities are not modeled. If the `xpack.ml.max_model_memory_limit` setting has a value greater than 0 and less than 1024mb, that value is used instead of the default. The default value is relatively small to ensure that high resource usage is a conscious decision. If you have jobs that are expected to analyze high cardinality fields, you will likely need to use a higher value. If you specify a number instead of a string, the units are assumed to be MiB. Specifying a string is recommended for clarity. If you specify a byte size unit of `b` or `kb` and the number does not equate to a discrete number of megabytes, it is rounded down to the closest MiB. The minimum valid value is 1 MiB. If you specify a value less than 1 MiB, an error occurs. If you specify a value for the `xpack.ml.max_model_memory_limit` setting, an error occurs when you try to create jobs that have `model_memory_limit` values greater than that setting value.",
+            "type": "string"
+          }
+        }
+      },
+      "ml._types:CustomSettings": {
+        "description": "Custom metadata about the job",
+        "type": "object"
+      },
+      "ml._types:DataDescription": {
+        "type": "object",
+        "properties": {
+          "format": {
+            "description": "Only JSON format is supported at this time.",
+            "type": "string"
+          },
+          "time_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "time_format": {
+            "description": "The time format, which can be `epoch`, `epoch_ms`, or a custom pattern. The value `epoch` refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value `epoch_ms` indicates that time is measured in milliseconds since the epoch. The `epoch` and `epoch_ms` time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: `yyyy-MM-dd'T'HH:mm:ssX`. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.",
+            "type": "string"
+          },
+          "field_delimiter": {
+            "type": "string"
+          }
+        }
+      },
+      "ml._types:DatafeedConfig": {
+        "type": "object",
+        "properties": {
+          "aggregations": {
+            "description": "If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+            }
+          },
+          "chunking_config": {
+            "$ref": "#/components/schemas/ml._types:ChunkingConfig"
+          },
+          "datafeed_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "delayed_data_check_config": {
+            "$ref": "#/components/schemas/ml._types:DelayedDataCheckConfig"
+          },
+          "frequency": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "indices": {
+            "description": "An array of index names. Wildcards are supported. If any indices are in remote clusters, the machine learning nodes must have the `remote_cluster_client` role.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "indices_options": {
+            "$ref": "#/components/schemas/_types:IndicesOptions"
+          },
+          "job_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "max_empty_searches": {
+            "description": "If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after `frequency` times `max_empty_searches` of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.",
+            "type": "number"
+          },
+          "query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "query_delay": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "runtime_mappings": {
+            "$ref": "#/components/schemas/_types.mapping:RuntimeFields"
+          },
+          "script_fields": {
+            "description": "Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:ScriptField"
+            }
+          },
+          "scroll_size": {
+            "description": "The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of `index.max_result_window`, which is 10,000 by default.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:AggregationContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "aggregations": {
+                "description": "Sub-aggregations for this aggregation.\nOnly applies to bucket aggregations.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+                }
+              },
+              "meta": {
+                "$ref": "#/components/schemas/_types:Metadata"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "adjacency_matrix": {
+                "$ref": "#/components/schemas/_types.aggregations:AdjacencyMatrixAggregation"
+              },
+              "auto_date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:AutoDateHistogramAggregation"
+              },
+              "avg": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageAggregation"
+              },
+              "avg_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageBucketAggregation"
+              },
+              "boxplot": {
+                "$ref": "#/components/schemas/_types.aggregations:BoxplotAggregation"
+              },
+              "bucket_script": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketScriptAggregation"
+              },
+              "bucket_selector": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSelectorAggregation"
+              },
+              "bucket_sort": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSortAggregation"
+              },
+              "bucket_count_ks_test": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketKsAggregation"
+              },
+              "bucket_correlation": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationAggregation"
+              },
+              "cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityAggregation"
+              },
+              "categorize_text": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAggregation"
+              },
+              "children": {
+                "$ref": "#/components/schemas/_types.aggregations:ChildrenAggregation"
+              },
+              "composite": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregation"
+              },
+              "cumulative_cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeCardinalityAggregation"
+              },
+              "cumulative_sum": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeSumAggregation"
+              },
+              "date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:DateHistogramAggregation"
+              },
+              "date_range": {
+                "$ref": "#/components/schemas/_types.aggregations:DateRangeAggregation"
+              },
+              "derivative": {
+                "$ref": "#/components/schemas/_types.aggregations:DerivativeAggregation"
+              },
+              "diversified_sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:DiversifiedSamplerAggregation"
+              },
+              "extended_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsAggregation"
+              },
+              "extended_stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsBucketAggregation"
+              },
+              "frequent_item_sets": {
+                "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsAggregation"
+              },
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:FiltersAggregation"
+              },
+              "geo_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoBoundsAggregation"
+              },
+              "geo_centroid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoCentroidAggregation"
+              },
+              "geo_distance": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoDistanceAggregation"
+              },
+              "geohash_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoHashGridAggregation"
+              },
+              "geo_line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "geotile_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoTileGridAggregation"
+              },
+              "geohex_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeohexGridAggregation"
+              },
+              "global": {
+                "$ref": "#/components/schemas/_types.aggregations:GlobalAggregation"
+              },
+              "histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:HistogramAggregation"
+              },
+              "ip_range": {
+                "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregation"
+              },
+              "ip_prefix": {
+                "$ref": "#/components/schemas/_types.aggregations:IpPrefixAggregation"
+              },
+              "inference": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceAggregation"
+              },
+              "line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "matrix_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:MatrixStatsAggregation"
+              },
+              "max": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxAggregation"
+              },
+              "max_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxBucketAggregation"
+              },
+              "median_absolute_deviation": {
+                "$ref": "#/components/schemas/_types.aggregations:MedianAbsoluteDeviationAggregation"
+              },
+              "min": {
+                "$ref": "#/components/schemas/_types.aggregations:MinAggregation"
+              },
+              "min_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MinBucketAggregation"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingAggregation"
+              },
+              "moving_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregation"
+              },
+              "moving_percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingPercentilesAggregation"
+              },
+              "moving_fn": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingFunctionAggregation"
+              },
+              "multi_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:MultiTermsAggregation"
+              },
+              "nested": {
+                "$ref": "#/components/schemas/_types.aggregations:NestedAggregation"
+              },
+              "normalize": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeAggregation"
+              },
+              "parent": {
+                "$ref": "#/components/schemas/_types.aggregations:ParentAggregation"
+              },
+              "percentile_ranks": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentileRanksAggregation"
+              },
+              "percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesAggregation"
+              },
+              "percentiles_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesBucketAggregation"
+              },
+              "range": {
+                "$ref": "#/components/schemas/_types.aggregations:RangeAggregation"
+              },
+              "rare_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:RareTermsAggregation"
+              },
+              "rate": {
+                "$ref": "#/components/schemas/_types.aggregations:RateAggregation"
+              },
+              "reverse_nested": {
+                "$ref": "#/components/schemas/_types.aggregations:ReverseNestedAggregation"
+              },
+              "sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregation"
+              },
+              "scripted_metric": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedMetricAggregation"
+              },
+              "serial_diff": {
+                "$ref": "#/components/schemas/_types.aggregations:SerialDifferencingAggregation"
+              },
+              "significant_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTermsAggregation"
+              },
+              "significant_text": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTextAggregation"
+              },
+              "stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsAggregation"
+              },
+              "stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsBucketAggregation"
+              },
+              "string_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StringStatsAggregation"
+              },
+              "sum": {
+                "$ref": "#/components/schemas/_types.aggregations:SumAggregation"
+              },
+              "sum_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:SumBucketAggregation"
+              },
+              "terms": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregation"
+              },
+              "top_hits": {
+                "$ref": "#/components/schemas/_types.aggregations:TopHitsAggregation"
+              },
+              "t_test": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestAggregation"
+              },
+              "top_metrics": {
+                "$ref": "#/components/schemas/_types.aggregations:TopMetricsAggregation"
+              },
+              "value_count": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueCountAggregation"
+              },
+              "weighted_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageAggregation"
+              },
+              "variable_width_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:VariableWidthHistogramAggregation"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types:Metadata": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "object"
+        }
+      },
+      "_types.aggregations:AdjacencyMatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "description": "Filters used to create buckets.\nAt least one filter is required.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "separator": {
+                "description": "Separator used to concatenate filter names. Defaults to &.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:Aggregation": {
+        "type": "object"
+      },
+      "_types.query_dsl:QueryContainer": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html"
+        },
+        "type": "object",
+        "properties": {
+          "bool": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoolQuery"
+          },
+          "boosting": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoostingQuery"
+          },
+          "common": {
+            "deprecated": true,
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:CommonTermsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "combined_fields": {
+            "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsQuery"
+          },
+          "constant_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ConstantScoreQuery"
+          },
+          "dis_max": {
+            "$ref": "#/components/schemas/_types.query_dsl:DisMaxQuery"
+          },
+          "distance_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQuery"
+          },
+          "exists": {
+            "$ref": "#/components/schemas/_types.query_dsl:ExistsQuery"
+          },
+          "function_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreQuery"
+          },
+          "fuzzy": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-fuzzy-query.html"
+            },
+            "description": "Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:FuzzyQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "geo_bounding_box": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoBoundingBoxQuery"
+          },
+          "geo_distance": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceQuery"
+          },
+          "geo_polygon": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoPolygonQuery"
+          },
+          "geo_shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoShapeQuery"
+          },
+          "has_child": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasChildQuery"
+          },
+          "has_parent": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasParentQuery"
+          },
+          "ids": {
+            "$ref": "#/components/schemas/_types.query_dsl:IdsQuery"
+          },
+          "intervals": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-intervals-query.html"
+            },
+            "description": "Returns documents based on the order and proximity of matching terms.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "knn": {
+            "$ref": "#/components/schemas/_types:KnnQuery"
+          },
+          "match": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html"
+            },
+            "description": "Returns documents that match a provided text, number, date or boolean value.\nThe provided text is analyzed before matching.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_all": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchAllQuery"
+          },
+          "match_bool_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-bool-prefix-query.html"
+            },
+            "description": "Analyzes its input and constructs a `bool` query from the terms.\nEach term except the last is used in a `term` query.\nThe last term is used in a prefix query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchBoolPrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_none": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchNoneQuery"
+          },
+          "match_phrase": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase.html"
+            },
+            "description": "Analyzes the text and creates a phrase query out of the analyzed text.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhraseQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_phrase_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase-prefix.html"
+            },
+            "description": "Returns documents that contain the words of a provided text, in the same order as provided.\nThe last term of the provided text is treated as a prefix, matching any words that begin with that term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhrasePrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "more_like_this": {
+            "$ref": "#/components/schemas/_types.query_dsl:MoreLikeThisQuery"
+          },
+          "multi_match": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiMatchQuery"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types.query_dsl:NestedQuery"
+          },
+          "parent_id": {
+            "$ref": "#/components/schemas/_types.query_dsl:ParentIdQuery"
+          },
+          "percolate": {
+            "$ref": "#/components/schemas/_types.query_dsl:PercolateQuery"
+          },
+          "pinned": {
+            "$ref": "#/components/schemas/_types.query_dsl:PinnedQuery"
+          },
+          "prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-prefix-query.html"
+            },
+            "description": "Returns documents that contain a specific prefix in a provided field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:PrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryStringQuery"
+          },
+          "range": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html"
+            },
+            "description": "Returns documents that contain terms within a provided range.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RangeQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rank_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureQuery"
+          },
+          "regexp": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html"
+            },
+            "description": "Returns documents that contain terms matching a regular expression.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RegexpQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rule_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:RuleQuery"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptQuery"
+          },
+          "script_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreQuery"
+          },
+          "shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:ShapeQuery"
+          },
+          "simple_query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringQuery"
+          },
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-span-term-query.html"
+            },
+            "description": "Matches spans containing a term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          },
+          "term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html"
+            },
+            "description": "Returns documents that contain an exact term in a provided field.\nTo return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsQuery"
+          },
+          "terms_set": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-set-query.html"
+            },
+            "description": "Returns documents that contain a minimum number of exact terms in a provided field.\nTo return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermsSetQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "text_expansion": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-text-expansion-query.html"
+            },
+            "description": "Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TextExpansionQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "weighted_tokens": {
+            "description": "Supports returning text_expansion query results by sending in precomputed tokens with the query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WeightedTokensQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wildcard": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html"
+            },
+            "description": "Returns documents that contain terms matching a wildcard pattern.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WildcardQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wrapper": {
+            "$ref": "#/components/schemas/_types.query_dsl:WrapperQuery"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.query_dsl:TypeQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:BoolQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "description": "The clause (query) must appear in matching documents.\nHowever, unlike `must`, the score of the query will be ignored.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "must": {
+                "description": "The clause (query) must appear in matching documents and will contribute to the score.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "must_not": {
+                "description": "The clause (query) must not appear in the matching documents.\nBecause scoring is ignored, a score of `0` is returned for all documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "should": {
+                "description": "The clause (query) should appear in the matching document.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:QueryBase": {
+        "type": "object",
+        "properties": {
+          "boost": {
+            "description": "Floating point number used to decrease or increase the relevance scores of the query.\nBoost values are relative to the default value of 1.0.\nA boost value between 0 and 1.0 decreases the relevance score.\nA value greater than 1.0 increases the relevance score.",
+            "type": "number"
+          },
+          "_name": {
+            "type": "string"
+          }
+        }
+      },
+      "_types:MinimumShouldMatch": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-minimum-should-match.html"
+        },
+        "description": "The minimum number of terms that should match as integer, percentage or range",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:BoostingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "negative_boost": {
+                "description": "Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the `negative` query.",
+                "type": "number"
+              },
+              "negative": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "positive": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "negative_boost",
+              "negative",
+              "positive"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CommonTermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "type": "string"
+              },
+              "cutoff_frequency": {
+                "type": "number"
+              },
+              "high_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "low_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Operator": {
+        "type": "string",
+        "enum": [
+          "and",
+          "AND",
+          "or",
+          "OR"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "description": "List of fields to search. Field wildcard patterns are allowed. Only `text` fields are supported, and they must all have the same search `analyzer`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "query": {
+                "description": "Text to search for in the provided `fields`.\nThe `combined_fields` query analyzes the provided text before performing a search.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If true, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsOperator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsZeroTerms"
+              }
+            },
+            "required": [
+              "fields",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsOperator": {
+        "type": "string",
+        "enum": [
+          "or",
+          "and"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsZeroTerms": {
+        "type": "string",
+        "enum": [
+          "none",
+          "all"
+        ]
+      },
+      "_types.query_dsl:ConstantScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "filter"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DisMaxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "queries": {
+                "description": "One or more query clauses.\nReturned documents must match one or more of these queries.\nIf a document matches multiple queries, Elasticsearch uses the highest relevance score.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "tie_breaker": {
+                "description": "Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "queries"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceFeatureQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDistanceFeatureQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:GeoLocation": {
+        "description": "A latitude/longitude as a 2 dimensional point. It can be represented in various ways:\n- as a `{lat, long}` object\n- as a geo hash value\n- as a `[lon, lat]` array\n- as a string in `\"<lat>, <lon>\"` or WKT point formats",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:LatLonGeoLocation"
+          },
+          {
+            "$ref": "#/components/schemas/_types:GeoHashLocation"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:LatLonGeoLocation": {
+        "type": "object",
+        "properties": {
+          "lat": {
+            "description": "Latitude",
+            "type": "number"
+          },
+          "lon": {
+            "description": "Longitude",
+            "type": "number"
+          }
+        },
+        "required": [
+          "lat",
+          "lon"
+        ]
+      },
+      "_types:GeoHashLocation": {
+        "type": "object",
+        "properties": {
+          "geohash": {
+            "$ref": "#/components/schemas/_types:GeoHash"
+          }
+        },
+        "required": [
+          "geohash"
+        ]
+      },
+      "_types:GeoHash": {
+        "type": "string"
+      },
+      "_types:Distance": {
+        "type": "string"
+      },
+      "_types.query_dsl:DateDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:DateMath": {
+        "type": "string"
+      },
+      "_types.query_dsl:ExistsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "boost_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionBoostMode"
+              },
+              "functions": {
+                "description": "One or more functions that compute a new score for each document returned by the query.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreContainer"
+                }
+              },
+              "max_boost": {
+                "description": "Restricts the new score to not exceed the provided limit.",
+                "type": "number"
+              },
+              "min_score": {
+                "description": "Excludes documents that do not meet the provided score threshold.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionBoostMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "replace",
+          "sum",
+          "avg",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FunctionScoreContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "weight": {
+                "type": "number"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exp": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "gauss": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "field_value_factor": {
+                "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorScoreFunction"
+              },
+              "random_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:RandomScoreFunction"
+              },
+              "script_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreFunction"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunction": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumericDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDecayFunction"
+          }
+        ]
+      },
+      "_types.query_dsl:DateDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunctionBase": {
+        "type": "object",
+        "properties": {
+          "multi_value_mode": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiValueMode"
+          }
+        }
+      },
+      "_types.query_dsl:MultiValueMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "avg",
+          "sum"
+        ]
+      },
+      "_types.query_dsl:NumericDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "factor": {
+            "description": "Optional factor to multiply the field value with.",
+            "type": "number"
+          },
+          "missing": {
+            "description": "Value used if the document doesn’t have that field.\nThe modifier and factor are still applied to it as though it were read from the document.",
+            "type": "number"
+          },
+          "modifier": {
+            "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorModifier"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorModifier": {
+        "type": "string",
+        "enum": [
+          "none",
+          "log",
+          "log1p",
+          "log2p",
+          "ln",
+          "ln1p",
+          "ln2p",
+          "square",
+          "sqrt",
+          "reciprocal"
+        ]
+      },
+      "_types.query_dsl:RandomScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "seed": {
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.query_dsl:ScriptScoreFunction": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types.query_dsl:FunctionScoreMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "sum",
+          "avg",
+          "first",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FuzzyQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "max_expansions": {
+                "description": "Maximum number of variations created.",
+                "type": "number"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged when creating expansions.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "transpositions": {
+                "description": "Indicates whether edits include transpositions of two adjacent characters (for example `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "value": {
+                "description": "Term you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:MultiTermQueryRewrite": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-multi-term-rewrite.html"
+        },
+        "type": "string"
+      },
+      "_types:Fuzziness": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#fuzziness"
+        },
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoBoundingBoxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoExecution"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoExecution": {
+        "type": "string",
+        "enum": [
+          "memory",
+          "indexed"
+        ]
+      },
+      "_types.query_dsl:GeoValidationMethod": {
+        "type": "string",
+        "enum": [
+          "coerce",
+          "ignore_malformed",
+          "strict"
+        ]
+      },
+      "_types.query_dsl:GeoDistanceQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "distance"
+            ]
+          }
+        ]
+      },
+      "_types:GeoDistanceType": {
+        "type": "string",
+        "enum": [
+          "arc",
+          "plane"
+        ]
+      },
+      "_types.query_dsl:GeoPolygonQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:HasChildQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "max_children": {
+                "description": "Maximum number of child documents that match the query allowed for a returned parent document.\nIf the parent document exceeds this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "min_children": {
+                "description": "Minimum number of child documents that match the query required to match the query for a returned parent document.\nIf the parent document does not meet this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            },
+            "required": [
+              "query",
+              "type"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:InnerHits": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "size": {
+            "description": "The maximum number of hits to return per `inner_hits`.",
+            "type": "number"
+          },
+          "from": {
+            "description": "Inner hit starting document offset.",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          },
+          "docvalue_fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+            }
+          },
+          "explain": {
+            "type": "boolean"
+          },
+          "highlight": {
+            "$ref": "#/components/schemas/_global.search._types:Highlight"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "script_fields": {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:ScriptField"
+            }
+          },
+          "seq_no_primary_term": {
+            "type": "boolean"
+          },
+          "fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types:Sort"
+          },
+          "_source": {
+            "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+          },
+          "stored_fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "track_scores": {
+            "type": "boolean"
+          },
+          "version": {
+            "type": "boolean"
+          }
+        }
+      },
+      "_types:Name": {
+        "type": "string"
+      },
+      "_global.search._types:FieldCollapse": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "inner_hits": {
+            "description": "The number of inner hits and their sort order",
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_global.search._types:InnerHits"
+                }
+              }
+            ]
+          },
+          "max_concurrent_group_searches": {
+            "description": "The number of concurrent requests allowed to retrieve the inner_hits per group",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldAndFormat": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "description": "Format in which the values are returned.",
+            "type": "string"
+          },
+          "include_unmapped": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_global.search._types:Highlight": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "encoder": {
+                "$ref": "#/components/schemas/_global.search._types:HighlighterEncoder"
+              },
+              "fields": {
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_global.search._types:HighlightField"
+                }
+              }
+            },
+            "required": [
+              "fields"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:HighlightBase": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterType"
+          },
+          "boundary_chars": {
+            "description": "A string that contains each boundary character.",
+            "type": "string"
+          },
+          "boundary_max_scan": {
+            "description": "How far to scan for boundary characters.",
+            "type": "number"
+          },
+          "boundary_scanner": {
+            "$ref": "#/components/schemas/_global.search._types:BoundaryScanner"
+          },
+          "boundary_scanner_locale": {
+            "description": "Controls which locale is used to search for sentence and word boundaries.\nThis parameter takes a form of a language tag, for example: `\"en-US\"`, `\"fr-FR\"`, `\"ja-JP\"`.",
+            "type": "string"
+          },
+          "force_source": {
+            "deprecated": true,
+            "type": "boolean"
+          },
+          "fragmenter": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterFragmenter"
+          },
+          "fragment_size": {
+            "description": "The size of the highlighted fragment in characters.",
+            "type": "number"
+          },
+          "highlight_filter": {
+            "type": "boolean"
+          },
+          "highlight_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_fragment_length": {
+            "type": "number"
+          },
+          "max_analyzed_offset": {
+            "description": "If set to a non-negative value, highlighting stops at this defined maximum limit.\nThe rest of the text is not processed, thus not highlighted and no error is returned\nThe `max_analyzed_offset` query setting does not override the `index.highlight.max_analyzed_offset` setting, which prevails when it’s set to lower value than the query setting.",
+            "type": "number"
+          },
+          "no_match_size": {
+            "description": "The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.",
+            "type": "number"
+          },
+          "number_of_fragments": {
+            "description": "The maximum number of fragments to return.\nIf the number of fragments is set to `0`, no fragments are returned.\nInstead, the entire field contents are highlighted and returned.\nThis can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required.\nIf `number_of_fragments` is `0`, `fragment_size` is ignored.",
+            "type": "number"
+          },
+          "options": {
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          },
+          "order": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterOrder"
+          },
+          "phrase_limit": {
+            "description": "Controls the number of matching phrases in a document that are considered.\nPrevents the `fvh` highlighter from analyzing too many phrases and consuming too much memory.\nWhen using `matched_fields`, `phrase_limit` phrases per matched field are considered. Raising the limit increases query time and consumes more memory.\nOnly supported by the `fvh` highlighter.",
+            "type": "number"
+          },
+          "post_tags": {
+            "description": "Use in conjunction with `pre_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "pre_tags": {
+            "description": "Use in conjunction with `post_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "require_field_match": {
+            "description": "By default, only fields that contains a query match are highlighted.\nSet to `false` to highlight all fields.",
+            "type": "boolean"
+          },
+          "tags_schema": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterTagsSchema"
+          }
+        }
+      },
+      "_global.search._types:HighlighterType": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "plain",
+              "fvh",
+              "unified"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_global.search._types:BoundaryScanner": {
+        "type": "string",
+        "enum": [
+          "chars",
+          "sentence",
+          "word"
+        ]
+      },
+      "_global.search._types:HighlighterFragmenter": {
+        "type": "string",
+        "enum": [
+          "simple",
+          "span"
+        ]
+      },
+      "_global.search._types:HighlighterOrder": {
+        "type": "string",
+        "enum": [
+          "score"
+        ]
+      },
+      "_global.search._types:HighlighterTagsSchema": {
+        "type": "string",
+        "enum": [
+          "styled"
+        ]
+      },
+      "_global.search._types:HighlighterEncoder": {
+        "type": "string",
+        "enum": [
+          "default",
+          "html"
+        ]
+      },
+      "_global.search._types:HighlightField": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fragment_offset": {
+                "type": "number"
+              },
+              "matched_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "analyzer": {
+                "$ref": "#/components/schemas/_types.analysis:Analyzer"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Fields": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          }
+        ]
+      },
+      "_types.analysis:Analyzer": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CustomAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:FingerprintAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LanguageAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SimpleAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StandardAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StopAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WhitespaceAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SnowballAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DutchAnalyzer"
+          }
+        ]
+      },
+      "_types.analysis:CustomAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "custom"
+            ]
+          },
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "position_increment_gap": {
+            "type": "number"
+          },
+          "position_offset_gap": {
+            "type": "number"
+          },
+          "tokenizer": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "tokenizer"
+        ]
+      },
+      "_types.analysis:FingerprintAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "fingerprint"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "max_output_size": {
+            "type": "number"
+          },
+          "preserve_original": {
+            "type": "boolean"
+          },
+          "separator": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "max_output_size",
+          "preserve_original",
+          "separator"
+        ]
+      },
+      "_types.analysis:KeywordAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "keyword"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:LanguageAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "language"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:Language"
+          },
+          "stem_exclusion": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "language",
+          "stem_exclusion"
+        ]
+      },
+      "_types.analysis:Language": {
+        "type": "string",
+        "enum": [
+          "Arabic",
+          "Armenian",
+          "Basque",
+          "Brazilian",
+          "Bulgarian",
+          "Catalan",
+          "Chinese",
+          "Cjk",
+          "Czech",
+          "Danish",
+          "Dutch",
+          "English",
+          "Estonian",
+          "Finnish",
+          "French",
+          "Galician",
+          "German",
+          "Greek",
+          "Hindi",
+          "Hungarian",
+          "Indonesian",
+          "Irish",
+          "Italian",
+          "Latvian",
+          "Norwegian",
+          "Persian",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Sorani",
+          "Spanish",
+          "Swedish",
+          "Turkish",
+          "Thai"
+        ]
+      },
+      "_types.analysis:NoriAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "nori"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "decompound_mode": {
+            "$ref": "#/components/schemas/_types.analysis:NoriDecompoundMode"
+          },
+          "stoptags": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:PatternAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "pattern"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "flags": {
+            "type": "string"
+          },
+          "lowercase": {
+            "type": "boolean"
+          },
+          "pattern": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "pattern"
+        ]
+      },
+      "_types.analysis:SimpleAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "simple"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StandardAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "standard"
+            ]
+          },
+          "max_token_length": {
+            "type": "number"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StopAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "stop"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:WhitespaceAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "whitespace"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:IcuAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "icu_analyzer"
+            ]
+          },
+          "method": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationMode"
+          }
+        },
+        "required": [
+          "type",
+          "method",
+          "mode"
+        ]
+      },
+      "_types.analysis:KuromojiAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "kuromoji"
+            ]
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizationMode"
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "mode"
+        ]
+      },
+      "_types.analysis:SnowballAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "snowball"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:SnowballLanguage"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "language"
+        ]
+      },
+      "_types.analysis:DutchAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "dutch"
+            ]
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types:ScriptField": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "ignore_failure": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Sort": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:SortCombinations"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:SortCombinations"
+            }
+          }
+        ]
+      },
+      "_types:SortCombinations": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "$ref": "#/components/schemas/_types:SortOptions"
+          }
+        ]
+      },
+      "_types:SortOptions": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html"
+        },
+        "type": "object",
+        "properties": {
+          "_score": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_doc": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_geo_distance": {
+            "$ref": "#/components/schemas/_types:GeoDistanceSort"
+          },
+          "_script": {
+            "$ref": "#/components/schemas/_types:ScriptSort"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:ScoreSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types:SortOrder": {
+        "type": "string",
+        "enum": [
+          "asc",
+          "desc"
+        ]
+      },
+      "_types:GeoDistanceSort": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "distance_type": {
+            "$ref": "#/components/schemas/_types:GeoDistanceType"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "unit": {
+            "$ref": "#/components/schemas/_types:DistanceUnit"
+          }
+        }
+      },
+      "_types:SortMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "sum",
+          "avg",
+          "median"
+        ]
+      },
+      "_types:DistanceUnit": {
+        "type": "string",
+        "enum": [
+          "in",
+          "ft",
+          "yd",
+          "mi",
+          "nmi",
+          "km",
+          "m",
+          "cm",
+          "mm"
+        ]
+      },
+      "_types:ScriptSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types:ScriptSortType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:ScriptSortType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "number",
+          "version"
+        ]
+      },
+      "_types:NestedSortValue": {
+        "type": "object",
+        "properties": {
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_children": {
+            "type": "number"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          },
+          "path": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "path"
+        ]
+      },
+      "_global.search._types:SourceConfig": {
+        "description": "Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.",
+        "oneOf": [
+          {
+            "type": "boolean"
+          },
+          {
+            "$ref": "#/components/schemas/_global.search._types:SourceFilter"
+          }
+        ]
+      },
+      "_global.search._types:SourceFilter": {
+        "type": "object",
+        "properties": {
+          "excludes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "includes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          }
+        }
+      },
+      "_types.query_dsl:ChildScoreMode": {
+        "type": "string",
+        "enum": [
+          "none",
+          "avg",
+          "sum",
+          "max",
+          "min"
+        ]
+      },
+      "_types:RelationName": {
+        "type": "string"
+      },
+      "_types.query_dsl:HasParentQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `parent_type` and not return any documents instead of an error.\nYou can use this parameter to query multiple indices that may not contain the `parent_type`.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "parent_type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score": {
+                "description": "Indicates whether the relevance score of a matching parent document is aggregated into its child documents.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "parent_type",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:IdsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "values": {
+                "$ref": "#/components/schemas/_types:Ids"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Ids": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Id"
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "all_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+              },
+              "any_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+              },
+              "fuzzy": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+              },
+              "prefix": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+              },
+              "wildcard": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsAllOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to combine. All rules must produce a match in a document for the overall source to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nIntervals produced by the rules further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, intervals produced by the rules should appear in the order in which they are specified.",
+            "type": "boolean"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsContainer": {
+        "type": "object",
+        "properties": {
+          "all_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+          },
+          "any_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+          },
+          "fuzzy": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+          },
+          "match": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+          },
+          "prefix": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+          },
+          "wildcard": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsAnyOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsFilter": {
+        "type": "object",
+        "properties": {
+          "after": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "before": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsFuzzy": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to normalize the term.",
+            "type": "string"
+          },
+          "fuzziness": {
+            "$ref": "#/components/schemas/_types:Fuzziness"
+          },
+          "prefix_length": {
+            "description": "Number of beginning characters left unchanged when creating expansions.",
+            "type": "number"
+          },
+          "term": {
+            "description": "The term to match.",
+            "type": "string"
+          },
+          "transpositions": {
+            "description": "Indicates whether edits include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+            "type": "boolean"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "term"
+        ]
+      },
+      "_types.query_dsl:IntervalsMatch": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze terms in the query.",
+            "type": "string"
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nTerms further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, matching terms must appear in their specified order.",
+            "type": "boolean"
+          },
+          "query": {
+            "description": "Text you wish to find in the provided field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "query"
+        ]
+      },
+      "_types.query_dsl:IntervalsPrefix": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze the `prefix`.",
+            "type": "string"
+          },
+          "prefix": {
+            "description": "Beginning characters of terms you wish to find in the top-level field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "prefix"
+        ]
+      },
+      "_types.query_dsl:IntervalsWildcard": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "description": "Analyzer used to analyze the `pattern`.\nDefaults to the top-level field's analyzer.",
+            "type": "string"
+          },
+          "pattern": {
+            "description": "Wildcard pattern used to find matching terms.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "pattern"
+        ]
+      },
+      "_types:KnnQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query_vector": {
+                "$ref": "#/components/schemas/_types:QueryVector"
+              },
+              "query_vector_builder": {
+                "$ref": "#/components/schemas/_types:QueryVectorBuilder"
+              },
+              "num_candidates": {
+                "description": "The number of nearest neighbor candidates to consider per shard",
+                "type": "number"
+              },
+              "filter": {
+                "description": "Filters for the kNN search query",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "similarity": {
+                "description": "The minimum similarity for a vector to be considered a match",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:QueryVector": {
+        "type": "array",
+        "items": {
+          "type": "number"
+        }
+      },
+      "_types:QueryVectorBuilder": {
+        "type": "object",
+        "properties": {
+          "text_embedding": {
+            "$ref": "#/components/schemas/_types:TextEmbedding"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:TextEmbedding": {
+        "type": "object",
+        "properties": {
+          "model_id": {
+            "type": "string"
+          },
+          "model_text": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "model_id",
+          "model_text"
+        ]
+      },
+      "_types.query_dsl:MatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ZeroTermsQuery": {
+        "type": "string",
+        "enum": [
+          "all",
+          "none"
+        ]
+      },
+      "_types.query_dsl:MatchAllQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchBoolPrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Terms you wish to find in the provided field.\nThe last term is used in a prefix query.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchNoneQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhraseQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "query": {
+                "description": "Query terms that are analyzed and turned into a phrase query.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhrasePrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query value into tokens.",
+                "type": "string"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the last provided term of the query value will expand.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MoreLikeThisQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "The analyzer that is used to analyze the free form text.\nDefaults to the analyzer associated with the first field in fields.",
+                "type": "string"
+              },
+              "boost_terms": {
+                "description": "Each term in the formed query could be further boosted by their tf-idf score.\nThis sets the boost factor to use when using this feature.\nDefaults to deactivated (0).",
+                "type": "number"
+              },
+              "fail_on_unsupported_field": {
+                "description": "Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (`text` or `keyword`).",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "A list of fields to fetch and analyze the text from.\nDefaults to the `index.query.default_field` index setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "include": {
+                "description": "Specifies whether the input documents should also be included in the search results returned.",
+                "type": "boolean"
+              },
+              "like": {
+                "description": "Specifies free form text and/or a single or multiple documents for which you want to find similar documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "max_doc_freq": {
+                "description": "The maximum document frequency above which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "max_query_terms": {
+                "description": "The maximum number of query terms that can be selected.",
+                "type": "number"
+              },
+              "max_word_length": {
+                "description": "The maximum word length above which the terms are ignored.\nDefaults to unbounded (`0`).",
+                "type": "number"
+              },
+              "min_doc_freq": {
+                "description": "The minimum document frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "min_term_freq": {
+                "description": "The minimum term frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "min_word_length": {
+                "description": "The minimum word length below which the terms are ignored.",
+                "type": "number"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "stop_words": {
+                "$ref": "#/components/schemas/_types.analysis:StopWords"
+              },
+              "unlike": {
+                "description": "Used in combination with `like` to exclude documents that match a set of terms.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              },
+              "version_type": {
+                "$ref": "#/components/schemas/_types:VersionType"
+              }
+            },
+            "required": [
+              "like"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Like": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-mlt-query.html#_document_input_parameters"
+        },
+        "description": "Text that we want similar documents for or a lookup to a document's field for the text.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:LikeDocument"
+          }
+        ]
+      },
+      "_types.query_dsl:LikeDocument": {
+        "type": "object",
+        "properties": {
+          "doc": {
+            "description": "A document not present in the index.",
+            "type": "object"
+          },
+          "fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          },
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "per_field_analyzer": {
+            "description": "Overrides the default analyzer.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          },
+          "routing": {
+            "$ref": "#/components/schemas/_types:Routing"
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionNumber"
+          },
+          "version_type": {
+            "$ref": "#/components/schemas/_types:VersionType"
+          }
+        }
+      },
+      "_types:IndexName": {
+        "type": "string"
+      },
+      "_types:Routing": {
+        "type": "string"
+      },
+      "_types:VersionNumber": {
+        "type": "number"
+      },
+      "_types:VersionType": {
+        "type": "string",
+        "enum": [
+          "internal",
+          "external",
+          "external_gte",
+          "force"
+        ]
+      },
+      "_types.query_dsl:MultiMatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "tie_breaker": {
+                "description": "Determines how scores for each per-term blended query and scores across groups are combined.",
+                "type": "number"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextQueryType": {
+        "type": "string",
+        "enum": [
+          "best_fields",
+          "most_fields",
+          "cross_fields",
+          "phrase",
+          "phrase_prefix",
+          "bool_prefix"
+        ]
+      },
+      "_types.query_dsl:NestedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped path and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              }
+            },
+            "required": [
+              "path",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ParentIdQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:PercolateQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "document": {
+                "description": "The source of the document being percolated.",
+                "type": "object"
+              },
+              "documents": {
+                "description": "An array of sources of the documents being percolated.",
+                "type": "array",
+                "items": {
+                  "type": "object"
+                }
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "index": {
+                "$ref": "#/components/schemas/_types:IndexName"
+              },
+              "name": {
+                "description": "The suffix used for the `_percolator_document_slot` field when multiple `percolate` queries are specified.",
+                "type": "string"
+              },
+              "preference": {
+                "description": "Preference used to fetch document to percolate.",
+                "type": "string"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "allOf": [
+              {
+                "type": "object",
+                "properties": {
+                  "organic": {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  }
+                },
+                "required": [
+                  "organic"
+                ]
+              },
+              {
+                "type": "object",
+                "properties": {
+                  "ids": {
+                    "description": "Document IDs listed in the order they are to appear in results.\nRequired if `docs` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types:Id"
+                    }
+                  },
+                  "docs": {
+                    "description": "Documents listed in the order they are to appear in results.\nRequired if `ids` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:PinnedDoc"
+                    }
+                  }
+                },
+                "minProperties": 1,
+                "maxProperties": 1
+              }
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedDoc": {
+        "type": "object",
+        "properties": {
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          }
+        },
+        "required": [
+          "_id",
+          "_index"
+        ]
+      },
+      "_types.query_dsl:PrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Beginning characters of terms you wish to find in the provided field.",
+                "type": "string"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nDefault is `false` which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:QueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "allow_leading_wildcard": {
+                "description": "If `true`, the wildcard characters `*` and `?` are allowed as the first character of the query string.",
+                "type": "boolean"
+              },
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "default_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "enable_position_increments": {
+                "description": "If `true`, enable position increments in queries constructed from a `query_string` search.",
+                "type": "boolean"
+              },
+              "escape": {
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of fields to search. Supports wildcards (`*`).",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "phrase_slop": {
+                "description": "Maximum number of positions allowed between matching tokens for phrases.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Query string you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_analyzer": {
+                "description": "Analyzer used to convert quoted text in the query string into tokens.\nFor quoted text, this parameter overrides the analyzer specified in the `analyzer` parameter.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.\nYou can use this suffix to use a different analysis method for exact matches.",
+                "type": "string"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "tie_breaker": {
+                "description": "How to combine the queries generated from the individual search terms in the resulting `dis_max` query.",
+                "type": "number"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:TimeZone": {
+        "type": "string"
+      },
+      "_types.query_dsl:RangeQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumberRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsRangeQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:DateRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "gte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types:DateFormat"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeQueryBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "relation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RangeRelation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeRelation": {
+        "type": "string",
+        "enum": [
+          "within",
+          "contains",
+          "intersects"
+        ]
+      },
+      "_types:DateFormat": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+        },
+        "type": "string"
+      },
+      "_types.query_dsl:NumberRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "number"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "number"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "number"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "number"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:TermsRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "string"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "string"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "string"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "string"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "saturation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSaturation"
+              },
+              "log": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLogarithm"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLinear"
+              },
+              "sigmoid": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSigmoid"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSaturation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunction": {
+        "type": "object"
+      },
+      "_types.query_dsl:RankFeatureFunctionLogarithm": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "scaling_factor": {
+                "description": "Configurable scaling factor.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "scaling_factor"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionLinear": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSigmoid": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              },
+              "exponent": {
+                "description": "Configurable Exponent.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "pivot",
+              "exponent"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RegexpQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the regular expression value with the indexed field values when set to `true`.\nWhen `false`, case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "flags": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Enables optional operators for the regular expression.",
+                "type": "string"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Regular expression for terms you wish to find in the provided field.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RuleQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "organic": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "ruleset_id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "match_criteria": {
+                "type": "object"
+              }
+            },
+            "required": [
+              "organic",
+              "ruleset_id",
+              "match_criteria"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "min_score": {
+                "description": "Documents with a score lower than this floating point number are excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "query",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "When set to `true` the query ignores an unmapped field and will not match any documents.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, the parser creates a match_phrase query for each multi-position token.",
+                "type": "boolean"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "fields": {
+                "description": "Array of fields you wish to search.\nAccepts wildcard expressions.\nYou also can boost relevance scores for matches to particular fields using a caret (`^`) notation.\nDefaults to the `index.query.default_field index` setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "flags": {
+                "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlags"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "description": "Query string in the simple query string syntax you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlags": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html#supported-flags"
+        },
+        "description": "Query flags can be either a single flag or a combination of flags, e.g. `OR|AND|PREFIX`",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag"
+          }
+        ]
+      },
+      "_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag": {
+        "description": "A set of flags that can be represented as a single enum value or a set of values that are encoded\nas a pipe-separated string\n\nDepending on the target language, code generators can use this hint to generate language specific\nflags enum constructs and the corresponding (de-)serialization code.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlag"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlag": {
+        "type": "string",
+        "enum": [
+          "NONE",
+          "AND",
+          "NOT",
+          "OR",
+          "PREFIX",
+          "PHRASE",
+          "PRECEDENCE",
+          "ESCAPE",
+          "WHITESPACE",
+          "FUZZY",
+          "NEAR",
+          "SLOP",
+          "ALL"
+        ]
+      },
+      "_types.query_dsl:SpanContainingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanQuery": {
+        "type": "object",
+        "properties": {
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_gap": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanGapQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "description": "The equivalent of the `term` query but for use with other span queries.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanFieldMaskingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "field",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanFirstQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "end": {
+                "description": "Controls the maximum end position permitted in a match.",
+                "type": "number"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "end",
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanGapQuery": {
+        "description": "Can only be used as a clause in a span_near query.",
+        "type": "object",
+        "additionalProperties": {
+          "type": "number"
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanMultiTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNearQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              },
+              "in_order": {
+                "description": "Controls whether matches are required to be in-order.",
+                "type": "boolean"
+              },
+              "slop": {
+                "description": "Controls the maximum number of intervening unmatched positions permitted.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNotQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "dist": {
+                "description": "The number of tokens from within the include span that can’t have overlap with the exclude span.\nEquivalent to setting both `pre` and `post`.",
+                "type": "number"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "post": {
+                "description": "The number of tokens after the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              },
+              "pre": {
+                "description": "The number of tokens before the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "exclude",
+              "include"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanOrQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanWithinQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "$ref": "#/components/schemas/_types:FieldValue"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nWhen `false`, the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:FieldValue": {
+        "description": "A field value.",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          },
+          {
+            "type": "boolean"
+          },
+          {
+            "nullable": true,
+            "type": "string"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsSetQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimum_should_match_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "minimum_should_match_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "terms": {
+                "description": "Array of terms you wish to find in the provided field.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextExpansionQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "description": "The text expansion NLP model to use",
+                "type": "string"
+              },
+              "model_text": {
+                "description": "The query text",
+                "type": "string"
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "model_id",
+              "model_text"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TokenPruningConfig": {
+        "type": "object",
+        "properties": {
+          "tokens_freq_ratio_threshold": {
+            "description": "Tokens whose frequency is more than this threshold times the average frequency of all tokens in the specified field are considered outliers and pruned.",
+            "type": "number"
+          },
+          "tokens_weight_threshold": {
+            "description": "Tokens whose weight is less than this threshold are considered nonsignificant and pruned.",
+            "type": "number"
+          },
+          "only_score_pruned_tokens": {
+            "description": "Whether to only score pruned tokens, vs only scoring kept tokens.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.query_dsl:WeightedTokensQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "tokens": {
+                "description": "The tokens representing this query",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "tokens"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:WildcardQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when wildcard is not set.",
+                "type": "string"
+              },
+              "wildcard": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when value is not set.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:WrapperQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "query": {
+                "description": "A base64 encoded query.\nThe binary data format can be any of JSON, YAML, CBOR or SMILE encodings",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TypeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:AutoDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets": {
+                "description": "The target number of buckets.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "minimum_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:MinimumInterval"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "description": "Time zone specified as a ISO 8601 UTC offset.",
+                "type": "string"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinimumInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "minute",
+          "hour",
+          "day",
+          "month",
+          "year"
+        ]
+      },
+      "_types:DateTime": {
+        "description": "A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a\nnumber of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string\nrepresentation.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types:EpochTimeUnitMillis"
+          }
+        ]
+      },
+      "_types:EpochTimeUnitMillis": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:UnitMillis"
+          }
+        ]
+      },
+      "_types:UnitMillis": {
+        "description": "Time unit for milliseconds",
+        "type": "number"
+      },
+      "_types.aggregations:AverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormatMetricAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MetricAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:Missing": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "boolean"
+          }
+        ]
+      },
+      "_types.aggregations:AverageBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:PipelineAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "`DecimalFormat` pattern for the output value.\nIf specified, the formatted value is returned in the aggregation’s `value_as_string` property.",
+                "type": "string"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketPathAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets_path": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsPath"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsPath": {
+        "description": "Buckets path can be expressed in different ways, and an aggregation may accept some or all of these\nforms depending on its type. Please refer to each aggregation's documentation to know what buckets\npath forms they accept.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GapPolicy": {
+        "type": "string",
+        "enum": [
+          "skip",
+          "insert_zeros",
+          "keep_values"
+        ]
+      },
+      "_types.aggregations:BoxplotAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketScriptAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSelectorAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSortAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "from": {
+                "description": "Buckets in positions prior to `from` will be truncated.",
+                "type": "number"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              },
+              "size": {
+                "description": "The number of buckets to return.\nDefaults to all buckets of the parent aggregation.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketKsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "alternative": {
+                "description": "A list of string values indicating which K-S test alternative to calculate. The valid values\nare: \"greater\", \"less\", \"two_sided\". This parameter is key for determining the K-S statistic used\nwhen calculating the K-S test. Default value is all possible alternative hypotheses.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "fractions": {
+                "description": "A list of doubles indicating the distribution of the samples with which to compare to the `buckets_path` results.\nIn typical usage this is the overall proportion of documents in each bucket, which is compared with the actual\ndocument proportions in each bucket from the sibling aggregation counts. The default is to assume that overall\ndocuments are uniformly distributed on these buckets, which they would be if one used equal percentiles of a\nmetric to define the bucket end points.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "sampling_method": {
+                "description": "Indicates the sampling methodology when calculating the K-S test. Note, this is sampling of the returned values.\nThis determines the cumulative distribution function (CDF) points used comparing the two samples. Default is\n`upper_tail`, which emphasizes the upper end of the CDF points. Valid options are: `upper_tail`, `uniform`,\nand `lower_tail`.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "function": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunction"
+              }
+            },
+            "required": [
+              "function"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunction": {
+        "type": "object",
+        "properties": {
+          "count_correlation": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelation"
+          }
+        },
+        "required": [
+          "count_correlation"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelation": {
+        "type": "object",
+        "properties": {
+          "indicator": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator"
+          }
+        },
+        "required": [
+          "indicator"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator": {
+        "type": "object",
+        "properties": {
+          "doc_count": {
+            "description": "The total number of documents that initially created the expectations. It’s required to be greater\nthan or equal to the sum of all values in the buckets_path as this is the originating superset of data\nto which the term values are correlated.",
+            "type": "number"
+          },
+          "expectations": {
+            "description": "An array of numbers with which to correlate the configured `bucket_path` values.\nThe length of this value must always equal the number of buckets returned by the `bucket_path`.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          "fractions": {
+            "description": "An array of fractions to use when averaging and calculating variance. This should be used if\nthe pre-calculated data and the buckets_path have known gaps. The length of fractions, if provided,\nmust equal expectations.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          }
+        },
+        "required": [
+          "doc_count",
+          "expectations"
+        ]
+      },
+      "_types.aggregations:CardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision_threshold": {
+                "description": "A unique count below which counts are expected to be close to accurate.\nThis allows to trade memory for accuracy.",
+                "type": "number"
+              },
+              "rehash": {
+                "type": "boolean"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityExecutionMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CardinalityExecutionMode": {
+        "type": "string",
+        "enum": [
+          "global_ordinals",
+          "segment_ordinals",
+          "direct",
+          "save_memory_heuristic",
+          "save_time_heuristic"
+        ]
+      },
+      "_types.aggregations:CategorizeTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "max_unique_tokens": {
+                "description": "The maximum number of unique tokens at any position up to max_matched_tokens. Must be larger than 1.\nSmaller values use less memory and create fewer categories. Larger values will use more memory and\ncreate narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "max_matched_tokens": {
+                "description": "The maximum number of token positions to match on before attempting to merge categories. Larger\nvalues will use more memory and create narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "similarity_threshold": {
+                "description": "The minimum percentage of tokens that must match for text to be added to the category bucket. Must\nbe between 1 and 100. The larger the value the narrower the categories. Larger values will increase memory\nusage and create narrower categories.",
+                "type": "number"
+              },
+              "categorization_filters": {
+                "description": "This property expects an array of regular expressions. The expressions are used to filter out matching\nsequences from the categorization field values. You can use this functionality to fine tune the categorization\nby excluding sequences from consideration when categories are defined. For example, you can exclude SQL\nstatements that appear in your log files. This property cannot be used at the same time as categorization_analyzer.\nIf you only want to define simple regular expression filters that are applied prior to tokenization, setting\nthis property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering,\nuse the categorization_analyzer property instead and include the filters as pattern_replace character filters.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "categorization_analyzer": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAnalyzer"
+              },
+              "shard_size": {
+                "description": "The number of categorization buckets to return from each shard before merging all the results.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets to return.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned to the results.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned from the shard before merging.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CategorizeTextAnalyzer": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CustomCategorizeTextAnalyzer"
+          }
+        ]
+      },
+      "_types.aggregations:CustomCategorizeTextAnalyzer": {
+        "type": "object",
+        "properties": {
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "tokenizer": {
+            "type": "string"
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      },
+      "_types.aggregations:ChildrenAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "after": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregateKey"
+              },
+              "size": {
+                "description": "The number of composite buckets that should be returned.",
+                "type": "number"
+              },
+              "sources": {
+                "description": "The value sources used to build composite buckets.\nKeys are returned in the order of the `sources` definition.",
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationSource"
+                  }
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregateKey": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types:FieldValue"
+        }
+      },
+      "_types.aggregations:CompositeAggregationSource": {
+        "type": "object",
+        "properties": {
+          "terms": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeTermsAggregation"
+          },
+          "histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeHistogramAggregation"
+          },
+          "date_histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeDateHistogramAggregation"
+          },
+          "geotile_grid": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeGeoTileGridAggregation"
+          }
+        }
+      },
+      "_types.aggregations:CompositeTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing_bucket": {
+            "type": "boolean"
+          },
+          "missing_order": {
+            "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "value_type": {
+            "$ref": "#/components/schemas/_types.aggregations:ValueType"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types.aggregations:MissingOrder": {
+        "type": "string",
+        "enum": [
+          "first",
+          "last",
+          "default"
+        ]
+      },
+      "_types.aggregations:ValueType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "long",
+          "double",
+          "number",
+          "date",
+          "date_nanos",
+          "ip",
+          "numeric",
+          "geo_point",
+          "boolean"
+        ]
+      },
+      "_types.aggregations:CompositeHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "interval": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "interval"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CompositeDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              },
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types:DurationLarge": {
+        "description": "A date histogram interval. Similar to `Duration` with additional units: `w` (week), `M` (month), `q` (quarter) and\n`y` (year)",
+        "type": "string"
+      },
+      "_types.aggregations:CompositeGeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision": {
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoBounds": {
+        "description": "A geo bounding box. It can be represented in various ways:\n- as 4 top/bottom/left/right coordinates\n- as 2 top_left / bottom_right points\n- as 2 top_right / bottom_left points\n- as a WKT bounding box",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:CoordsGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopLeftBottomRightGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopRightBottomLeftGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:WktGeoBounds"
+          }
+        ]
+      },
+      "_types:CoordsGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top": {
+            "type": "number"
+          },
+          "bottom": {
+            "type": "number"
+          },
+          "left": {
+            "type": "number"
+          },
+          "right": {
+            "type": "number"
+          }
+        },
+        "required": [
+          "top",
+          "bottom",
+          "left",
+          "right"
+        ]
+      },
+      "_types:TopLeftBottomRightGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_left",
+          "bottom_right"
+        ]
+      },
+      "_types:TopRightBottomLeftGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_right",
+          "bottom_left"
+        ]
+      },
+      "_types:WktGeoBounds": {
+        "type": "object",
+        "properties": {
+          "wkt": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "wkt"
+        ]
+      },
+      "_types.aggregations:CumulativeCardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CumulativeSumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, all buckets between the first bucket that matches documents and the last one are returned.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CalendarInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "1s",
+          "minute",
+          "1m",
+          "hour",
+          "1h",
+          "day",
+          "1d",
+          "week",
+          "1w",
+          "month",
+          "1M",
+          "quarter",
+          "1q",
+          "year",
+          "1Y"
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsFieldDateMath": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "min": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:FieldDateMath": {
+        "description": "A date range limit, represented either as a DateMath expression or a number expressed\naccording to the target field's precision.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:DateMath"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.aggregations:AggregateOrder": {
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:SortOrder"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "additionalProperties": {
+                "$ref": "#/components/schemas/_types:SortOrder"
+              },
+              "minProperties": 1,
+              "maxProperties": 1
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `from` and `to` in the response.",
+                "type": "string"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "ranges": {
+                "description": "Array of date ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:DateRangeExpression"
+                }
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and returns the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeExpression": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:DerivativeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DiversifiedSamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregationExecutionHint"
+              },
+              "max_docs_per_value": {
+                "description": "Limits how many documents are permitted per choice of de-duplicating value.",
+                "type": "number"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "bytes_hash"
+        ]
+      },
+      "_types.aggregations:ExtendedStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedStatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsAggregation": {
+        "type": "object",
+        "properties": {
+          "fields": {
+            "description": "Fields to analyze.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsField"
+            }
+          },
+          "minimum_set_size": {
+            "description": "The minimum size of one item set.",
+            "type": "number"
+          },
+          "minimum_support": {
+            "description": "The minimum support of one item set.",
+            "type": "number"
+          },
+          "size": {
+            "description": "The number of top item sets to return.",
+            "type": "number"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "fields"
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsField": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "exclude": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+          },
+          "include": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TermsExclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TermsInclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:TermsPartition"
+          }
+        ]
+      },
+      "_types.aggregations:TermsPartition": {
+        "type": "object",
+        "properties": {
+          "num_partitions": {
+            "description": "The number of partitions.",
+            "type": "number"
+          },
+          "partition": {
+            "description": "The partition number for this request.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "num_partitions",
+          "partition"
+        ]
+      },
+      "_types.aggregations:FiltersAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsQueryContainer"
+              },
+              "other_bucket": {
+                "description": "Set to `true` to add a bucket to the response which will contain all documents that do not match any of the given filters.",
+                "type": "boolean"
+              },
+              "other_bucket_key": {
+                "description": "The key with which the other bucket is returned.",
+                "type": "string"
+              },
+              "keyed": {
+                "description": "By default, the named filters aggregation returns the buckets as an object.\nSet to `false` to return the buckets as an array of objects.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsQueryContainer": {
+        "description": "Aggregation buckets. By default they are returned as an array, but if the aggregation has keys configured for\nthe different buckets, the result is a dictionary.",
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoBoundsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "wrap_longitude": {
+                "description": "Specifies whether the bounding box should be allowed to overlap the international date line.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoCentroidAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "count": {
+                "type": "number"
+              },
+              "location": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoDistanceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "unit": {
+                "$ref": "#/components/schemas/_types:DistanceUnit"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:AggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range (inclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range (exclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:GeoHashGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoHashPrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of geohash buckets to return.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoHashPrecision": {
+        "description": "A precision that can be expressed as a geohash length between 1 and 12, or a distance measure like \"1km\", \"10m\".",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.aggregations:GeoLineAggregation": {
+        "type": "object",
+        "properties": {
+          "point": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLinePoint"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLineSort"
+          },
+          "include_sort": {
+            "description": "When `true`, returns an additional array of the sort values in the feature properties.",
+            "type": "boolean"
+          },
+          "sort_order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "size": {
+            "description": "The maximum length of the line represented in the aggregation.\nValid sizes are between 1 and 10000.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "point",
+          "sort"
+        ]
+      },
+      "_types.aggregations:GeoLinePoint": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoLineSort": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoTilePrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of buckets to return.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoTilePrecision": {
+        "type": "number"
+      },
+      "_types.aggregations:GeohexGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "description": "Integer zoom of the key used to defined cells or buckets\nin the results. Value should be between 0-15.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "size": {
+                "description": "Maximum number of buckets to return.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Number of buckets returned from each shard.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:GlobalAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:HistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "interval": {
+                "description": "The interval for the buckets.\nMust be a positive decimal.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, the response will fill gaps in the histogram with empty buckets.",
+                "type": "number"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "offset": {
+                "description": "By default, the bucket keys start with 0 and then continue in even spaced steps of `interval`.\nThe bucket boundaries can be shifted by using the `offset` option.",
+                "type": "number"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "format": {
+                "type": "string"
+              },
+              "keyed": {
+                "description": "If `true`, returns buckets as a hash instead of an array, keyed by the bucket keys.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsdouble": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "description": "Maximum value for the bound.",
+            "type": "number"
+          },
+          "min": {
+            "description": "Minimum value for the bound.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:IpRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "ranges": {
+                "description": "Array of IP ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregationRange"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:IpRangeAggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "mask": {
+            "description": "IP range defined as a CIDR mask.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:IpPrefixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "prefix_length": {
+                "description": "Length of the network prefix. For IPv4 addresses the accepted range is [0, 32].\nFor IPv6 addresses the accepted range is [0, 128].",
+                "type": "number"
+              },
+              "is_ipv6": {
+                "description": "Defines whether the prefix applies to IPv6 addresses.",
+                "type": "boolean"
+              },
+              "append_prefix_length": {
+                "description": "Defines whether the prefix length is appended to IP address keys in the response.",
+                "type": "boolean"
+              },
+              "keyed": {
+                "description": "Defines whether buckets are returned as a hash rather than an array in the response.",
+                "type": "boolean"
+              },
+              "min_doc_count": {
+                "description": "Minimum number of documents in a bucket for it to be included in the response.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field",
+              "prefix_length"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "$ref": "#/components/schemas/_types:Name"
+              },
+              "inference_config": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceConfigContainer"
+              }
+            },
+            "required": [
+              "model_id"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceConfigContainer": {
+        "type": "object",
+        "properties": {
+          "regression": {
+            "$ref": "#/components/schemas/ml._types:RegressionInferenceOptions"
+          },
+          "classification": {
+            "$ref": "#/components/schemas/ml._types:ClassificationInferenceOptions"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "ml._types:RegressionInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "results_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          }
+        }
+      },
+      "ml._types:ClassificationInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "num_top_classes": {
+            "description": "Specifies the number of top class predictions to return. Defaults to 0.",
+            "type": "number"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          },
+          "prediction_field_type": {
+            "description": "Specifies the type of the predicted field to write. Acceptable values are: string, number, boolean. When boolean is provided 1.0 is transformed to true and 0.0 to false.",
+            "type": "string"
+          },
+          "results_field": {
+            "description": "The field that is added to incoming documents to contain the inference prediction. Defaults to predicted_value.",
+            "type": "string"
+          },
+          "top_classes_results_field": {
+            "description": "Specifies the field to which the top classes are written. Defaults to top_classes.",
+            "type": "string"
+          }
+        }
+      },
+      "_types.aggregations:MatrixStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MatrixAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "mode": {
+                "$ref": "#/components/schemas/_types:SortMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MaxAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MaxBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MedianAbsoluteDeviationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MinBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MissingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregation": {
+        "discriminator": {
+          "propertyName": "model"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:LinearMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:SimpleMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:EwmaMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersMovingAverageAggregation"
+          }
+        ]
+      },
+      "_types.aggregations:LinearMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "linear"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimize": {
+                "type": "boolean"
+              },
+              "predict": {
+                "type": "number"
+              },
+              "window": {
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:EmptyObject": {
+        "type": "object"
+      },
+      "_types.aggregations:SimpleMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "simple"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "ewma"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:EwmaModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltLinearModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltLinearModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt_winters"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltWintersModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltWintersModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          },
+          "gamma": {
+            "type": "number"
+          },
+          "pad": {
+            "type": "boolean"
+          },
+          "period": {
+            "type": "number"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersType"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersType": {
+        "type": "string",
+        "enum": [
+          "add",
+          "mult"
+        ]
+      },
+      "_types.aggregations:MovingPercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "keyed": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingFunctionAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "description": "The script that should be executed on each window of data.",
+                "type": "string"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MultiTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket for it to be returned.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket on each shard for it to be returned.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Calculates the doc count error on per term basis.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of term buckets should be returned out of the overall terms list.",
+                "type": "number"
+              },
+              "terms": {
+                "description": "The field from which to generate sets of terms.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:MultiTermLookup"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregationCollectMode": {
+        "type": "string",
+        "enum": [
+          "depth_first",
+          "breadth_first"
+        ]
+      },
+      "_types.aggregations:MultiTermLookup": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:NestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "method": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeMethod"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeMethod": {
+        "type": "string",
+        "enum": [
+          "rescale_0_1",
+          "rescale_0_100",
+          "percent_of_sum",
+          "mean",
+          "z-score",
+          "softmax"
+        ]
+      },
+      "_types.aggregations:ParentAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentileRanksAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "values": {
+                "description": "An array of values for which to calculate the percentile ranks.",
+                "oneOf": [
+                  {
+                    "type": "array",
+                    "items": {
+                      "type": "number"
+                    }
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:HdrMethod": {
+        "type": "object",
+        "properties": {
+          "number_of_significant_value_digits": {
+            "description": "Specifies the resolution of values for the histogram in number of significant digits.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:TDigest": {
+        "type": "object",
+        "properties": {
+          "compression": {
+            "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:PercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "percents": {
+                "description": "The percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentilesBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "percents": {
+                "description": "The list of percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RareTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "max_doc_count": {
+                "description": "The maximum number of documents a term should appear in.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "precision": {
+                "description": "The precision of the internal CuckooFilters.\nSmaller precision leads to better approximation, but higher memory usage.",
+                "type": "number"
+              },
+              "value_type": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "unit": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.aggregations:RateMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateMode": {
+        "type": "string",
+        "enum": [
+          "sum",
+          "value_count"
+        ]
+      },
+      "_types.aggregations:ReverseNestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ScriptedMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "combine_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "init_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "map_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "params": {
+                "description": "A global object with script parameters for `init`, `map` and `combine` scripts.\nIt is shared between the scripts.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "reduce_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SerialDifferencingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lag": {
+                "description": "The historical bucket to subtract from the current value.\nMust be a positive, non-zero integer.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SignificantTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return terms that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the term should actually be added to the candidate list or not with respect to the `min_doc_count`.\nTerms will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Can be used to control the volumes of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ChiSquareHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "background_is_superset",
+          "include_negatives"
+        ]
+      },
+      "_types.aggregations:TermsAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "global_ordinals_hash",
+          "global_ordinals_low_cardinality"
+        ]
+      },
+      "_types.aggregations:GoogleNormalizedDistanceHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:MutualInformationHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:PercentageScoreHeuristic": {
+        "type": "object"
+      },
+      "_types.aggregations:ScriptedHeuristic": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types.aggregations:SignificantTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "filter_duplicate_text": {
+                "description": "Whether to out duplicate text to deal with noisy data.",
+                "type": "boolean"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the values should actually be added to the candidate list or not with respect to the min_doc_count.\nValues will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "source_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:StatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StringStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "show_distribution": {
+                "description": "Shows the probability distribution for all characters.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:SumBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "missing_order": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+              },
+              "missing_bucket": {
+                "type": "boolean"
+              },
+              "value_type": {
+                "description": "Coerced unmapped fields into the specified type.",
+                "type": "string"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Set to `true` to return the `doc_count_error_upper_bound`, which is an upper bound to the error on the `doc_count` returned by each shard.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopHitsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "docvalue_fields": {
+                "description": "Fields for which to return doc values.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "explain": {
+                "description": "If `true`, returns detailed information about score computation as part of a hit.",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of wildcard (*) patterns. The request returns values for field names\nmatching these patterns in the hits.fields property of the response.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "from": {
+                "description": "Starting document offset.",
+                "type": "number"
+              },
+              "highlight": {
+                "$ref": "#/components/schemas/_global.search._types:Highlight"
+              },
+              "script_fields": {
+                "description": "Returns the result of one or more script evaluations for each hit.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types:ScriptField"
+                }
+              },
+              "size": {
+                "description": "The maximum number of top matching hits to return per bucket.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              },
+              "_source": {
+                "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+              },
+              "stored_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "track_scores": {
+                "description": "If `true`, calculates and returns document scores, even if the scores are not used for sorting.",
+                "type": "boolean"
+              },
+              "version": {
+                "description": "If `true`, returns document version as part of a hit.",
+                "type": "boolean"
+              },
+              "seq_no_primary_term": {
+                "description": "If `true`, returns sequence number and primary term of the last modification of each hit.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TTestAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "a": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "b": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestType"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TestPopulation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TTestType": {
+        "type": "string",
+        "enum": [
+          "paired",
+          "homoscedastic",
+          "heteroscedastic"
+        ]
+      },
+      "_types.aggregations:TopMetricsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "metrics": {
+                "description": "The fields of the top document to return.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                    }
+                  }
+                ]
+              },
+              "size": {
+                "description": "The number of top documents from which to return metrics.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopMetricsValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:ValueCountAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormattableMetricAggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormattableMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "A numeric response formatter.",
+                "type": "string"
+              },
+              "value": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              },
+              "value_type": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueType"
+              },
+              "weight": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "description": "A value or weight to use if the field is missing.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:VariableWidthHistogramAggregation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "buckets": {
+            "description": "The target number of buckets.",
+            "type": "number"
+          },
+          "shard_size": {
+            "description": "The number of buckets that the coordinating node will request from each shard.\nDefaults to `buckets * 50`.",
+            "type": "number"
+          },
+          "initial_buffer": {
+            "description": "Specifies the number of individual documents that will be stored in memory on a shard before the initial bucketing algorithm is run.\nDefaults to `min(10 * shard_size, 50000)`.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "ml._types:ChunkingConfig": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/ml._types:ChunkingMode"
+          },
+          "time_span": {
+            "$ref": "#/components/schemas/_types:Duration"
+          }
+        },
+        "required": [
+          "mode"
+        ]
+      },
+      "ml._types:ChunkingMode": {
+        "type": "string",
+        "enum": [
+          "auto",
+          "manual",
+          "off"
+        ]
+      },
+      "ml._types:DelayedDataCheckConfig": {
+        "type": "object",
+        "properties": {
+          "check_window": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "enabled": {
+            "description": "Specifies whether the datafeed periodically checks for delayed data.",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "enabled"
+        ]
+      },
+      "_types:IndicesOptions": {
+        "type": "object",
+        "properties": {
+          "allow_no_indices": {
+            "description": "If false, the request returns an error if any wildcard expression, index alias, or `_all` value targets only\nmissing or closed indices. This behavior applies even if the request targets other open indices. For example,\na request targeting `foo*,bar*` returns an error if an index starts with `foo` but no index starts with `bar`.",
+            "type": "boolean"
+          },
+          "expand_wildcards": {
+            "$ref": "#/components/schemas/_types:ExpandWildcards"
+          },
+          "ignore_unavailable": {
+            "description": "If true, missing or closed indices are not included in the response.",
+            "type": "boolean"
+          },
+          "ignore_throttled": {
+            "description": "If true, concrete, expanded or aliased indices are ignored when frozen.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types:ExpandWildcards": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:ExpandWildcard"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:ExpandWildcard"
+            }
+          }
+        ]
+      },
+      "_types:ExpandWildcard": {
+        "type": "string",
+        "enum": [
+          "all",
+          "open",
+          "closed",
+          "hidden",
+          "none"
+        ]
+      },
+      "_types.mapping:RuntimeFields": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types.mapping:RuntimeField"
+        }
+      },
+      "_types.mapping:RuntimeField": {
+        "type": "object",
+        "properties": {
+          "fetch_fields": {
+            "description": "For type `lookup`",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.mapping:RuntimeFieldFetchFields"
+            }
+          },
+          "format": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+            },
+            "description": "A custom format for `date` type runtime fields.",
+            "type": "string"
+          },
+          "input_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.mapping:RuntimeFieldType"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.mapping:RuntimeFieldFetchFields": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.mapping:RuntimeFieldType": {
+        "type": "string",
+        "enum": [
+          "boolean",
+          "composite",
+          "date",
+          "double",
+          "geo_point",
+          "ip",
+          "keyword",
+          "long",
+          "lookup"
+        ]
+      },
+      "ml._types:ModelPlotConfig": {
+        "type": "object",
+        "properties": {
+          "annotations_enabled": {
+            "description": "If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.",
+            "type": "boolean"
+          },
+          "enabled": {
+            "description": "If true, enables calculation and storage of the model bounds for each entity that is being analyzed.",
+            "type": "boolean"
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/packages/ml/json_schemas/src/put___ml_data_frame_analytics__id__schema.json b/x-pack/packages/ml/json_schemas/src/put___ml_data_frame_analytics__id__schema.json
new file mode 100644
index 0000000000000..7c87a07ce0bae
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/src/put___ml_data_frame_analytics__id__schema.json
@@ -0,0 +1,5016 @@
+{
+  "type": "object",
+  "properties": {
+    "allow_lazy_start": {
+      "externalDocs": {
+        "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-settings.html"
+      },
+      "description": "Specifies whether this job can start when there is insufficient machine\nlearning node capacity for it to be immediately assigned to a node. If\nset to `false` and a machine learning node with capacity to run the job\ncannot be immediately found, the API returns an error. If set to `true`,\nthe API does not return an error; the job waits in the `starting` state\nuntil sufficient machine learning node capacity is available. This\nbehavior is also affected by the cluster-wide\n`xpack.ml.max_lazy_ml_nodes` setting.",
+      "type": "boolean"
+    },
+    "analysis": {
+      "$ref": "#/components/schemas/ml._types:DataframeAnalysisContainer"
+    },
+    "analyzed_fields": {
+      "$ref": "#/components/schemas/ml._types:DataframeAnalysisAnalyzedFields"
+    },
+    "description": {
+      "description": "A description of the job.",
+      "type": "string"
+    },
+    "dest": {
+      "$ref": "#/components/schemas/ml._types:DataframeAnalyticsDestination"
+    },
+    "max_num_threads": {
+      "description": "The maximum number of threads to be used by the analysis. Using more\nthreads may decrease the time necessary to complete the analysis at the\ncost of using more CPU. Note that the process may use additional threads\nfor operational functionality other than the analysis itself.",
+      "type": "number"
+    },
+    "model_memory_limit": {
+      "description": "The approximate maximum amount of memory resources that are permitted for\nanalytical processing. If your `elasticsearch.yml` file contains an\n`xpack.ml.max_model_memory_limit` setting, an error occurs when you try\nto create data frame analytics jobs that have `model_memory_limit` values\ngreater than that setting.",
+      "type": "string"
+    },
+    "source": {
+      "$ref": "#/components/schemas/ml._types:DataframeAnalyticsSource"
+    },
+    "headers": {
+      "$ref": "#/components/schemas/_types:HttpHeaders"
+    },
+    "version": {
+      "$ref": "#/components/schemas/_types:VersionString"
+    }
+  },
+  "required": [
+    "analysis",
+    "dest",
+    "source"
+  ],
+  "components": {
+    "schemas": {
+      "ml._types:DataframeAnalysisContainer": {
+        "type": "object",
+        "properties": {
+          "classification": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisClassification"
+          },
+          "outlier_detection": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisOutlierDetection"
+          },
+          "regression": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisRegression"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "ml._types:DataframeAnalysisClassification": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysis"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "class_assignment_objective": {
+                "type": "string"
+              },
+              "num_top_classes": {
+                "description": "Defines the number of categories for which the predicted probabilities are reported. It must be non-negative or -1. If it is -1 or greater than the total number of categories, probabilities are reported for all categories; if you have a large number of categories, there could be a significant effect on the size of your destination index. NOTE: To use the AUC ROC evaluation method, `num_top_classes` must be set to -1 or a value greater than or equal to the total number of categories.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "ml._types:DataframeAnalysis": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "description": "Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This parameter affects loss calculations by acting as a multiplier of the tree depth. Higher alpha values result in shallower trees and faster training times. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to zero.",
+            "type": "number"
+          },
+          "dependent_variable": {
+            "description": "Defines which field of the document is to be predicted. It must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable.\nFor classification analysis, the data type of the field must be numeric (`integer`, `short`, `long`, `byte`), categorical (`ip` or `keyword`), or `boolean`. There must be no more than 30 different values in this field.\nFor regression analysis, the data type of the field must be numeric.",
+            "type": "string"
+          },
+          "downsample_factor": {
+            "description": "Advanced configuration option. Controls the fraction of data that is used to compute the derivatives of the loss function for tree training. A small value results in the use of a small fraction of the data. If this value is set to be less than 1, accuracy typically improves. However, too small a value may result in poor convergence for the ensemble and so require more trees. By default, this value is calculated during hyperparameter optimization. It must be greater than zero and less than or equal to 1.",
+            "type": "number"
+          },
+          "early_stopping_enabled": {
+            "description": "Advanced configuration option. Specifies whether the training process should finish if it is not finding any better performing models. If disabled, the training process can take significantly longer and the chance of finding a better performing model is unremarkable.",
+            "type": "boolean"
+          },
+          "eta": {
+            "description": "Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, larger forests cause slower training. By default, this value is calculated during hyperparameter optimization. It must be a value between 0.001 and 1.",
+            "type": "number"
+          },
+          "eta_growth_rate_per_tree": {
+            "description": "Advanced configuration option. Specifies the rate at which `eta` increases for each new tree that is added to the forest. For example, a rate of 1.05 increases `eta` by 5% for each extra tree. By default, this value is calculated during hyperparameter optimization. It must be between 0.5 and 2.",
+            "type": "number"
+          },
+          "feature_bag_fraction": {
+            "description": "Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.",
+            "type": "number"
+          },
+          "feature_processors": {
+            "description": "Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. However, these features are ephemeral; they are not stored in the destination index. Multiple `feature_processors` entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Use this property only if you want to override the automatic feature encoding of the specified fields.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessor"
+            }
+          },
+          "gamma": {
+            "description": "Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. A high gamma value causes training to prefer small trees. A small gamma value results in larger individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.",
+            "type": "number"
+          },
+          "lambda": {
+            "description": "Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularization term which applies to leaf weights of the individual trees in the forest. A high lambda value causes training to favor small leaf weights. This behavior makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. A small lambda value results in large individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.",
+            "type": "number"
+          },
+          "max_optimization_rounds_per_hyperparameter": {
+            "description": "Advanced configuration option. A multiplier responsible for determining the maximum number of hyperparameter optimization steps in the Bayesian optimization procedure. The maximum number of steps is determined based on the number of undefined hyperparameters times the maximum optimization rounds per hyperparameter. By default, this value is calculated during hyperparameter optimization.",
+            "type": "number"
+          },
+          "max_trees": {
+            "description": "Advanced configuration option. Defines the maximum number of decision trees in the forest. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.",
+            "type": "number"
+          },
+          "num_top_feature_importance_values": {
+            "description": "Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, no feature importance calculation occurs.",
+            "type": "number"
+          },
+          "prediction_field_name": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "randomize_seed": {
+            "description": "Defines the seed for the random generator that is used to pick training data. By default, it is randomly generated. Set it to a specific value to use the same training data each time you start a job (assuming other related parameters such as `source` and `analyzed_fields` are the same).",
+            "type": "number"
+          },
+          "soft_tree_depth_limit": {
+            "description": "Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This soft limit combines with the `soft_tree_depth_tolerance` to penalize trees that exceed the specified depth; the regularized loss increases quickly beyond this depth. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.",
+            "type": "number"
+          },
+          "soft_tree_depth_tolerance": {
+            "description": "Advanced configuration option. This option controls how quickly the regularized loss increases when the tree depth exceeds `soft_tree_depth_limit`. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.01.",
+            "type": "number"
+          },
+          "training_percent": {
+            "$ref": "#/components/schemas/_types:Percentage"
+          }
+        },
+        "required": [
+          "dependent_variable"
+        ]
+      },
+      "ml._types:DataframeAnalysisFeatureProcessor": {
+        "type": "object",
+        "properties": {
+          "frequency_encoding": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessorFrequencyEncoding"
+          },
+          "multi_encoding": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessorMultiEncoding"
+          },
+          "n_gram_encoding": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessorNGramEncoding"
+          },
+          "one_hot_encoding": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessorOneHotEncoding"
+          },
+          "target_mean_encoding": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisFeatureProcessorTargetMeanEncoding"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "ml._types:DataframeAnalysisFeatureProcessorFrequencyEncoding": {
+        "type": "object",
+        "properties": {
+          "feature_name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "frequency_map": {
+            "description": "The resulting frequency map for the field value. If the field value is missing from the frequency_map, the resulting value is 0.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "number"
+            }
+          }
+        },
+        "required": [
+          "feature_name",
+          "field",
+          "frequency_map"
+        ]
+      },
+      "_types:Name": {
+        "type": "string"
+      },
+      "_types:Field": {
+        "description": "Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.",
+        "type": "string"
+      },
+      "ml._types:DataframeAnalysisFeatureProcessorMultiEncoding": {
+        "type": "object",
+        "properties": {
+          "processors": {
+            "description": "The ordered array of custom processors to execute. Must be more than 1.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          }
+        },
+        "required": [
+          "processors"
+        ]
+      },
+      "ml._types:DataframeAnalysisFeatureProcessorNGramEncoding": {
+        "type": "object",
+        "properties": {
+          "feature_prefix": {
+            "description": "The feature name prefix. Defaults to ngram_<start>_<length>.",
+            "type": "string"
+          },
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "length": {
+            "description": "Specifies the length of the n-gram substring. Defaults to 50. Must be greater than 0.",
+            "type": "number"
+          },
+          "n_grams": {
+            "description": "Specifies which n-grams to gather. It’s an array of integer values where the minimum value is 1, and a maximum value is 5.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          "start": {
+            "description": "Specifies the zero-indexed start of the n-gram substring. Negative values are allowed for encoding n-grams of string suffixes. Defaults to 0.",
+            "type": "number"
+          },
+          "custom": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "field",
+          "n_grams"
+        ]
+      },
+      "ml._types:DataframeAnalysisFeatureProcessorOneHotEncoding": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "hot_map": {
+            "description": "The one hot map mapping the field value with the column name.",
+            "type": "string"
+          }
+        },
+        "required": [
+          "field",
+          "hot_map"
+        ]
+      },
+      "ml._types:DataframeAnalysisFeatureProcessorTargetMeanEncoding": {
+        "type": "object",
+        "properties": {
+          "default_value": {
+            "description": "The default value if field value is not found in the target_map.",
+            "type": "number"
+          },
+          "feature_name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_map": {
+            "description": "The field value to target mean transition map.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          }
+        },
+        "required": [
+          "default_value",
+          "feature_name",
+          "field",
+          "target_map"
+        ]
+      },
+      "_types:Percentage": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "ml._types:DataframeAnalysisOutlierDetection": {
+        "type": "object",
+        "properties": {
+          "compute_feature_influence": {
+            "description": "Specifies whether the feature influence calculation is enabled.",
+            "type": "boolean"
+          },
+          "feature_influence_threshold": {
+            "description": "The minimum outlier score that a document needs to have in order to calculate its feature influence score. Value range: 0-1.",
+            "type": "number"
+          },
+          "method": {
+            "description": "The method that outlier detection uses. Available methods are `lof`, `ldof`, `distance_kth_nn`, `distance_knn`, and `ensemble`. The default value is ensemble, which means that outlier detection uses an ensemble of different methods and normalises and combines their individual outlier scores to obtain the overall outlier score.",
+            "type": "string"
+          },
+          "n_neighbors": {
+            "description": "Defines the value for how many nearest neighbors each method of outlier detection uses to calculate its outlier score. When the value is not set, different values are used for different ensemble members. This default behavior helps improve the diversity in the ensemble; only override it if you are confident that the value you choose is appropriate for the data set.",
+            "type": "number"
+          },
+          "outlier_fraction": {
+            "description": "The proportion of the data set that is assumed to be outlying prior to outlier detection. For example, 0.05 means it is assumed that 5% of values are real outliers and 95% are inliers.",
+            "type": "number"
+          },
+          "standardization_enabled": {
+            "description": "If true, the following operation is performed on the columns before computing outlier scores: `(x_i - mean(x_i)) / sd(x_i)`.",
+            "type": "boolean"
+          }
+        }
+      },
+      "ml._types:DataframeAnalysisRegression": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysis"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "loss_function": {
+                "description": "The loss function used during regression. Available options are `mse` (mean squared error), `msle` (mean squared logarithmic error), `huber` (Pseudo-Huber loss).",
+                "type": "string"
+              },
+              "loss_function_parameter": {
+                "description": "A positive number that is used as a parameter to the `loss_function`.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "ml._types:DataframeAnalysisAnalyzedFields": {
+        "type": "object",
+        "properties": {
+          "includes": {
+            "description": "An array of strings that defines the fields that will be excluded from the analysis. You do not need to add fields with unsupported data types to excludes, these fields are excluded from the analysis automatically.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "excludes": {
+            "description": "An array of strings that defines the fields that will be included in the analysis.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "required": [
+          "includes",
+          "excludes"
+        ]
+      },
+      "ml._types:DataframeAnalyticsDestination": {
+        "type": "object",
+        "properties": {
+          "index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "results_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "index"
+        ]
+      },
+      "_types:IndexName": {
+        "type": "string"
+      },
+      "ml._types:DataframeAnalyticsSource": {
+        "type": "object",
+        "properties": {
+          "index": {
+            "$ref": "#/components/schemas/_types:Indices"
+          },
+          "query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "runtime_mappings": {
+            "$ref": "#/components/schemas/_types.mapping:RuntimeFields"
+          },
+          "_source": {
+            "$ref": "#/components/schemas/ml._types:DataframeAnalysisAnalyzedFields"
+          }
+        },
+        "required": [
+          "index"
+        ]
+      },
+      "_types:Indices": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:IndexName"
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:QueryContainer": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html"
+        },
+        "type": "object",
+        "properties": {
+          "bool": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoolQuery"
+          },
+          "boosting": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoostingQuery"
+          },
+          "common": {
+            "deprecated": true,
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:CommonTermsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "combined_fields": {
+            "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsQuery"
+          },
+          "constant_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ConstantScoreQuery"
+          },
+          "dis_max": {
+            "$ref": "#/components/schemas/_types.query_dsl:DisMaxQuery"
+          },
+          "distance_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQuery"
+          },
+          "exists": {
+            "$ref": "#/components/schemas/_types.query_dsl:ExistsQuery"
+          },
+          "function_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreQuery"
+          },
+          "fuzzy": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-fuzzy-query.html"
+            },
+            "description": "Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:FuzzyQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "geo_bounding_box": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoBoundingBoxQuery"
+          },
+          "geo_distance": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceQuery"
+          },
+          "geo_polygon": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoPolygonQuery"
+          },
+          "geo_shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoShapeQuery"
+          },
+          "has_child": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasChildQuery"
+          },
+          "has_parent": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasParentQuery"
+          },
+          "ids": {
+            "$ref": "#/components/schemas/_types.query_dsl:IdsQuery"
+          },
+          "intervals": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-intervals-query.html"
+            },
+            "description": "Returns documents based on the order and proximity of matching terms.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "knn": {
+            "$ref": "#/components/schemas/_types:KnnQuery"
+          },
+          "match": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html"
+            },
+            "description": "Returns documents that match a provided text, number, date or boolean value.\nThe provided text is analyzed before matching.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_all": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchAllQuery"
+          },
+          "match_bool_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-bool-prefix-query.html"
+            },
+            "description": "Analyzes its input and constructs a `bool` query from the terms.\nEach term except the last is used in a `term` query.\nThe last term is used in a prefix query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchBoolPrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_none": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchNoneQuery"
+          },
+          "match_phrase": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase.html"
+            },
+            "description": "Analyzes the text and creates a phrase query out of the analyzed text.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhraseQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_phrase_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase-prefix.html"
+            },
+            "description": "Returns documents that contain the words of a provided text, in the same order as provided.\nThe last term of the provided text is treated as a prefix, matching any words that begin with that term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhrasePrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "more_like_this": {
+            "$ref": "#/components/schemas/_types.query_dsl:MoreLikeThisQuery"
+          },
+          "multi_match": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiMatchQuery"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types.query_dsl:NestedQuery"
+          },
+          "parent_id": {
+            "$ref": "#/components/schemas/_types.query_dsl:ParentIdQuery"
+          },
+          "percolate": {
+            "$ref": "#/components/schemas/_types.query_dsl:PercolateQuery"
+          },
+          "pinned": {
+            "$ref": "#/components/schemas/_types.query_dsl:PinnedQuery"
+          },
+          "prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-prefix-query.html"
+            },
+            "description": "Returns documents that contain a specific prefix in a provided field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:PrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryStringQuery"
+          },
+          "range": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html"
+            },
+            "description": "Returns documents that contain terms within a provided range.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RangeQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rank_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureQuery"
+          },
+          "regexp": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html"
+            },
+            "description": "Returns documents that contain terms matching a regular expression.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RegexpQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rule_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:RuleQuery"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptQuery"
+          },
+          "script_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreQuery"
+          },
+          "shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:ShapeQuery"
+          },
+          "simple_query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringQuery"
+          },
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-span-term-query.html"
+            },
+            "description": "Matches spans containing a term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          },
+          "term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html"
+            },
+            "description": "Returns documents that contain an exact term in a provided field.\nTo return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsQuery"
+          },
+          "terms_set": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-set-query.html"
+            },
+            "description": "Returns documents that contain a minimum number of exact terms in a provided field.\nTo return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermsSetQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "text_expansion": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-text-expansion-query.html"
+            },
+            "description": "Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TextExpansionQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "weighted_tokens": {
+            "description": "Supports returning text_expansion query results by sending in precomputed tokens with the query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WeightedTokensQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wildcard": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html"
+            },
+            "description": "Returns documents that contain terms matching a wildcard pattern.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WildcardQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wrapper": {
+            "$ref": "#/components/schemas/_types.query_dsl:WrapperQuery"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.query_dsl:TypeQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:BoolQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "description": "The clause (query) must appear in matching documents.\nHowever, unlike `must`, the score of the query will be ignored.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "must": {
+                "description": "The clause (query) must appear in matching documents and will contribute to the score.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "must_not": {
+                "description": "The clause (query) must not appear in the matching documents.\nBecause scoring is ignored, a score of `0` is returned for all documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "should": {
+                "description": "The clause (query) should appear in the matching document.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:QueryBase": {
+        "type": "object",
+        "properties": {
+          "boost": {
+            "description": "Floating point number used to decrease or increase the relevance scores of the query.\nBoost values are relative to the default value of 1.0.\nA boost value between 0 and 1.0 decreases the relevance score.\nA value greater than 1.0 increases the relevance score.",
+            "type": "number"
+          },
+          "_name": {
+            "type": "string"
+          }
+        }
+      },
+      "_types:MinimumShouldMatch": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-minimum-should-match.html"
+        },
+        "description": "The minimum number of terms that should match as integer, percentage or range",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:BoostingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "negative_boost": {
+                "description": "Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the `negative` query.",
+                "type": "number"
+              },
+              "negative": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "positive": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "negative_boost",
+              "negative",
+              "positive"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CommonTermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "type": "string"
+              },
+              "cutoff_frequency": {
+                "type": "number"
+              },
+              "high_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "low_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Operator": {
+        "type": "string",
+        "enum": [
+          "and",
+          "AND",
+          "or",
+          "OR"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "description": "List of fields to search. Field wildcard patterns are allowed. Only `text` fields are supported, and they must all have the same search `analyzer`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "query": {
+                "description": "Text to search for in the provided `fields`.\nThe `combined_fields` query analyzes the provided text before performing a search.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If true, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsOperator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsZeroTerms"
+              }
+            },
+            "required": [
+              "fields",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsOperator": {
+        "type": "string",
+        "enum": [
+          "or",
+          "and"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsZeroTerms": {
+        "type": "string",
+        "enum": [
+          "none",
+          "all"
+        ]
+      },
+      "_types.query_dsl:ConstantScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "filter"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DisMaxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "queries": {
+                "description": "One or more query clauses.\nReturned documents must match one or more of these queries.\nIf a document matches multiple queries, Elasticsearch uses the highest relevance score.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "tie_breaker": {
+                "description": "Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "queries"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceFeatureQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDistanceFeatureQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:GeoLocation": {
+        "description": "A latitude/longitude as a 2 dimensional point. It can be represented in various ways:\n- as a `{lat, long}` object\n- as a geo hash value\n- as a `[lon, lat]` array\n- as a string in `\"<lat>, <lon>\"` or WKT point formats",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:LatLonGeoLocation"
+          },
+          {
+            "$ref": "#/components/schemas/_types:GeoHashLocation"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:LatLonGeoLocation": {
+        "type": "object",
+        "properties": {
+          "lat": {
+            "description": "Latitude",
+            "type": "number"
+          },
+          "lon": {
+            "description": "Longitude",
+            "type": "number"
+          }
+        },
+        "required": [
+          "lat",
+          "lon"
+        ]
+      },
+      "_types:GeoHashLocation": {
+        "type": "object",
+        "properties": {
+          "geohash": {
+            "$ref": "#/components/schemas/_types:GeoHash"
+          }
+        },
+        "required": [
+          "geohash"
+        ]
+      },
+      "_types:GeoHash": {
+        "type": "string"
+      },
+      "_types:Distance": {
+        "type": "string"
+      },
+      "_types.query_dsl:DateDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:DateMath": {
+        "type": "string"
+      },
+      "_types:Duration": {
+        "externalDocs": {
+          "url": "https://github.com/elastic/elasticsearch/blob/current/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java"
+        },
+        "description": "A duration. Units can be `nanos`, `micros`, `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours) and\n`d` (days). Also accepts \"0\" without a unit and \"-1\" to indicate an unspecified value.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "string",
+            "enum": [
+              "-1"
+            ]
+          },
+          {
+            "type": "string",
+            "enum": [
+              "0"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ExistsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "boost_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionBoostMode"
+              },
+              "functions": {
+                "description": "One or more functions that compute a new score for each document returned by the query.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreContainer"
+                }
+              },
+              "max_boost": {
+                "description": "Restricts the new score to not exceed the provided limit.",
+                "type": "number"
+              },
+              "min_score": {
+                "description": "Excludes documents that do not meet the provided score threshold.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionBoostMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "replace",
+          "sum",
+          "avg",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FunctionScoreContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "weight": {
+                "type": "number"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exp": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "gauss": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "field_value_factor": {
+                "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorScoreFunction"
+              },
+              "random_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:RandomScoreFunction"
+              },
+              "script_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreFunction"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunction": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumericDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDecayFunction"
+          }
+        ]
+      },
+      "_types.query_dsl:DateDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunctionBase": {
+        "type": "object",
+        "properties": {
+          "multi_value_mode": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiValueMode"
+          }
+        }
+      },
+      "_types.query_dsl:MultiValueMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "avg",
+          "sum"
+        ]
+      },
+      "_types.query_dsl:NumericDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "factor": {
+            "description": "Optional factor to multiply the field value with.",
+            "type": "number"
+          },
+          "missing": {
+            "description": "Value used if the document doesn’t have that field.\nThe modifier and factor are still applied to it as though it were read from the document.",
+            "type": "number"
+          },
+          "modifier": {
+            "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorModifier"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorModifier": {
+        "type": "string",
+        "enum": [
+          "none",
+          "log",
+          "log1p",
+          "log2p",
+          "ln",
+          "ln1p",
+          "ln2p",
+          "square",
+          "sqrt",
+          "reciprocal"
+        ]
+      },
+      "_types.query_dsl:RandomScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "seed": {
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.query_dsl:ScriptScoreFunction": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Script": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:InlineScript"
+          },
+          {
+            "$ref": "#/components/schemas/_types:StoredScriptId"
+          }
+        ]
+      },
+      "_types:InlineScript": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lang": {
+                "$ref": "#/components/schemas/_types:ScriptLanguage"
+              },
+              "options": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "string"
+                }
+              },
+              "source": {
+                "description": "The script source.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "source"
+            ]
+          }
+        ]
+      },
+      "_types:ScriptBase": {
+        "type": "object",
+        "properties": {
+          "params": {
+            "description": "Specifies any named parameters that are passed into the script as variables.\nUse parameters instead of hard-coded values to decrease compile time.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          }
+        }
+      },
+      "_types:ScriptLanguage": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "painless",
+              "expression",
+              "mustache",
+              "java"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:StoredScriptId": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              }
+            },
+            "required": [
+              "id"
+            ]
+          }
+        ]
+      },
+      "_types:Id": {
+        "type": "string"
+      },
+      "_types.query_dsl:FunctionScoreMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "sum",
+          "avg",
+          "first",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FuzzyQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "max_expansions": {
+                "description": "Maximum number of variations created.",
+                "type": "number"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged when creating expansions.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "transpositions": {
+                "description": "Indicates whether edits include transpositions of two adjacent characters (for example `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "value": {
+                "description": "Term you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:MultiTermQueryRewrite": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-multi-term-rewrite.html"
+        },
+        "type": "string"
+      },
+      "_types:Fuzziness": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#fuzziness"
+        },
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoBoundingBoxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoExecution"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoExecution": {
+        "type": "string",
+        "enum": [
+          "memory",
+          "indexed"
+        ]
+      },
+      "_types.query_dsl:GeoValidationMethod": {
+        "type": "string",
+        "enum": [
+          "coerce",
+          "ignore_malformed",
+          "strict"
+        ]
+      },
+      "_types.query_dsl:GeoDistanceQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "distance"
+            ]
+          }
+        ]
+      },
+      "_types:GeoDistanceType": {
+        "type": "string",
+        "enum": [
+          "arc",
+          "plane"
+        ]
+      },
+      "_types.query_dsl:GeoPolygonQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:HasChildQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "max_children": {
+                "description": "Maximum number of child documents that match the query allowed for a returned parent document.\nIf the parent document exceeds this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "min_children": {
+                "description": "Minimum number of child documents that match the query required to match the query for a returned parent document.\nIf the parent document does not meet this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            },
+            "required": [
+              "query",
+              "type"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:InnerHits": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "size": {
+            "description": "The maximum number of hits to return per `inner_hits`.",
+            "type": "number"
+          },
+          "from": {
+            "description": "Inner hit starting document offset.",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          },
+          "docvalue_fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+            }
+          },
+          "explain": {
+            "type": "boolean"
+          },
+          "highlight": {
+            "$ref": "#/components/schemas/_global.search._types:Highlight"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "script_fields": {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:ScriptField"
+            }
+          },
+          "seq_no_primary_term": {
+            "type": "boolean"
+          },
+          "fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types:Sort"
+          },
+          "_source": {
+            "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+          },
+          "stored_fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "track_scores": {
+            "type": "boolean"
+          },
+          "version": {
+            "type": "boolean"
+          }
+        }
+      },
+      "_global.search._types:FieldCollapse": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "inner_hits": {
+            "description": "The number of inner hits and their sort order",
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_global.search._types:InnerHits"
+                }
+              }
+            ]
+          },
+          "max_concurrent_group_searches": {
+            "description": "The number of concurrent requests allowed to retrieve the inner_hits per group",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldAndFormat": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "description": "Format in which the values are returned.",
+            "type": "string"
+          },
+          "include_unmapped": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_global.search._types:Highlight": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "encoder": {
+                "$ref": "#/components/schemas/_global.search._types:HighlighterEncoder"
+              },
+              "fields": {
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_global.search._types:HighlightField"
+                }
+              }
+            },
+            "required": [
+              "fields"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:HighlightBase": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterType"
+          },
+          "boundary_chars": {
+            "description": "A string that contains each boundary character.",
+            "type": "string"
+          },
+          "boundary_max_scan": {
+            "description": "How far to scan for boundary characters.",
+            "type": "number"
+          },
+          "boundary_scanner": {
+            "$ref": "#/components/schemas/_global.search._types:BoundaryScanner"
+          },
+          "boundary_scanner_locale": {
+            "description": "Controls which locale is used to search for sentence and word boundaries.\nThis parameter takes a form of a language tag, for example: `\"en-US\"`, `\"fr-FR\"`, `\"ja-JP\"`.",
+            "type": "string"
+          },
+          "force_source": {
+            "deprecated": true,
+            "type": "boolean"
+          },
+          "fragmenter": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterFragmenter"
+          },
+          "fragment_size": {
+            "description": "The size of the highlighted fragment in characters.",
+            "type": "number"
+          },
+          "highlight_filter": {
+            "type": "boolean"
+          },
+          "highlight_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_fragment_length": {
+            "type": "number"
+          },
+          "max_analyzed_offset": {
+            "description": "If set to a non-negative value, highlighting stops at this defined maximum limit.\nThe rest of the text is not processed, thus not highlighted and no error is returned\nThe `max_analyzed_offset` query setting does not override the `index.highlight.max_analyzed_offset` setting, which prevails when it’s set to lower value than the query setting.",
+            "type": "number"
+          },
+          "no_match_size": {
+            "description": "The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.",
+            "type": "number"
+          },
+          "number_of_fragments": {
+            "description": "The maximum number of fragments to return.\nIf the number of fragments is set to `0`, no fragments are returned.\nInstead, the entire field contents are highlighted and returned.\nThis can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required.\nIf `number_of_fragments` is `0`, `fragment_size` is ignored.",
+            "type": "number"
+          },
+          "options": {
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          },
+          "order": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterOrder"
+          },
+          "phrase_limit": {
+            "description": "Controls the number of matching phrases in a document that are considered.\nPrevents the `fvh` highlighter from analyzing too many phrases and consuming too much memory.\nWhen using `matched_fields`, `phrase_limit` phrases per matched field are considered. Raising the limit increases query time and consumes more memory.\nOnly supported by the `fvh` highlighter.",
+            "type": "number"
+          },
+          "post_tags": {
+            "description": "Use in conjunction with `pre_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "pre_tags": {
+            "description": "Use in conjunction with `post_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "require_field_match": {
+            "description": "By default, only fields that contains a query match are highlighted.\nSet to `false` to highlight all fields.",
+            "type": "boolean"
+          },
+          "tags_schema": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterTagsSchema"
+          }
+        }
+      },
+      "_global.search._types:HighlighterType": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "plain",
+              "fvh",
+              "unified"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_global.search._types:BoundaryScanner": {
+        "type": "string",
+        "enum": [
+          "chars",
+          "sentence",
+          "word"
+        ]
+      },
+      "_global.search._types:HighlighterFragmenter": {
+        "type": "string",
+        "enum": [
+          "simple",
+          "span"
+        ]
+      },
+      "_global.search._types:HighlighterOrder": {
+        "type": "string",
+        "enum": [
+          "score"
+        ]
+      },
+      "_global.search._types:HighlighterTagsSchema": {
+        "type": "string",
+        "enum": [
+          "styled"
+        ]
+      },
+      "_global.search._types:HighlighterEncoder": {
+        "type": "string",
+        "enum": [
+          "default",
+          "html"
+        ]
+      },
+      "_global.search._types:HighlightField": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fragment_offset": {
+                "type": "number"
+              },
+              "matched_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "analyzer": {
+                "$ref": "#/components/schemas/_types.analysis:Analyzer"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Fields": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          }
+        ]
+      },
+      "_types.analysis:Analyzer": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CustomAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:FingerprintAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LanguageAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SimpleAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StandardAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StopAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WhitespaceAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SnowballAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DutchAnalyzer"
+          }
+        ]
+      },
+      "_types.analysis:CustomAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "custom"
+            ]
+          },
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "position_increment_gap": {
+            "type": "number"
+          },
+          "position_offset_gap": {
+            "type": "number"
+          },
+          "tokenizer": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "tokenizer"
+        ]
+      },
+      "_types.analysis:FingerprintAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "fingerprint"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "max_output_size": {
+            "type": "number"
+          },
+          "preserve_original": {
+            "type": "boolean"
+          },
+          "separator": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "max_output_size",
+          "preserve_original",
+          "separator"
+        ]
+      },
+      "_types:VersionString": {
+        "type": "string"
+      },
+      "_types.analysis:StopWords": {
+        "description": "Language value, such as _arabic_ or _thai_. Defaults to _english_.\nEach language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words.\nAlso accepts an array of stop words.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.analysis:KeywordAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "keyword"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:LanguageAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "language"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:Language"
+          },
+          "stem_exclusion": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "language",
+          "stem_exclusion"
+        ]
+      },
+      "_types.analysis:Language": {
+        "type": "string",
+        "enum": [
+          "Arabic",
+          "Armenian",
+          "Basque",
+          "Brazilian",
+          "Bulgarian",
+          "Catalan",
+          "Chinese",
+          "Cjk",
+          "Czech",
+          "Danish",
+          "Dutch",
+          "English",
+          "Estonian",
+          "Finnish",
+          "French",
+          "Galician",
+          "German",
+          "Greek",
+          "Hindi",
+          "Hungarian",
+          "Indonesian",
+          "Irish",
+          "Italian",
+          "Latvian",
+          "Norwegian",
+          "Persian",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Sorani",
+          "Spanish",
+          "Swedish",
+          "Turkish",
+          "Thai"
+        ]
+      },
+      "_types.analysis:NoriAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "nori"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "decompound_mode": {
+            "$ref": "#/components/schemas/_types.analysis:NoriDecompoundMode"
+          },
+          "stoptags": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:NoriDecompoundMode": {
+        "type": "string",
+        "enum": [
+          "discard",
+          "none",
+          "mixed"
+        ]
+      },
+      "_types.analysis:PatternAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "pattern"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "flags": {
+            "type": "string"
+          },
+          "lowercase": {
+            "type": "boolean"
+          },
+          "pattern": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "pattern"
+        ]
+      },
+      "_types.analysis:SimpleAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "simple"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StandardAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "standard"
+            ]
+          },
+          "max_token_length": {
+            "type": "number"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StopAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "stop"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:WhitespaceAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "whitespace"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:IcuAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "icu_analyzer"
+            ]
+          },
+          "method": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationMode"
+          }
+        },
+        "required": [
+          "type",
+          "method",
+          "mode"
+        ]
+      },
+      "_types.analysis:IcuNormalizationType": {
+        "type": "string",
+        "enum": [
+          "nfc",
+          "nfkc",
+          "nfkc_cf"
+        ]
+      },
+      "_types.analysis:IcuNormalizationMode": {
+        "type": "string",
+        "enum": [
+          "decompose",
+          "compose"
+        ]
+      },
+      "_types.analysis:KuromojiAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "kuromoji"
+            ]
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizationMode"
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "mode"
+        ]
+      },
+      "_types.analysis:KuromojiTokenizationMode": {
+        "type": "string",
+        "enum": [
+          "normal",
+          "search",
+          "extended"
+        ]
+      },
+      "_types.analysis:SnowballAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "snowball"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:SnowballLanguage"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "language"
+        ]
+      },
+      "_types.analysis:SnowballLanguage": {
+        "type": "string",
+        "enum": [
+          "Armenian",
+          "Basque",
+          "Catalan",
+          "Danish",
+          "Dutch",
+          "English",
+          "Finnish",
+          "French",
+          "German",
+          "German2",
+          "Hungarian",
+          "Italian",
+          "Kp",
+          "Lovins",
+          "Norwegian",
+          "Porter",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Spanish",
+          "Swedish",
+          "Turkish"
+        ]
+      },
+      "_types.analysis:DutchAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "dutch"
+            ]
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types:ScriptField": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "ignore_failure": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Sort": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:SortCombinations"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:SortCombinations"
+            }
+          }
+        ]
+      },
+      "_types:SortCombinations": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "$ref": "#/components/schemas/_types:SortOptions"
+          }
+        ]
+      },
+      "_types:SortOptions": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html"
+        },
+        "type": "object",
+        "properties": {
+          "_score": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_doc": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_geo_distance": {
+            "$ref": "#/components/schemas/_types:GeoDistanceSort"
+          },
+          "_script": {
+            "$ref": "#/components/schemas/_types:ScriptSort"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:ScoreSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types:SortOrder": {
+        "type": "string",
+        "enum": [
+          "asc",
+          "desc"
+        ]
+      },
+      "_types:GeoDistanceSort": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "distance_type": {
+            "$ref": "#/components/schemas/_types:GeoDistanceType"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "unit": {
+            "$ref": "#/components/schemas/_types:DistanceUnit"
+          }
+        }
+      },
+      "_types:SortMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "sum",
+          "avg",
+          "median"
+        ]
+      },
+      "_types:DistanceUnit": {
+        "type": "string",
+        "enum": [
+          "in",
+          "ft",
+          "yd",
+          "mi",
+          "nmi",
+          "km",
+          "m",
+          "cm",
+          "mm"
+        ]
+      },
+      "_types:ScriptSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types:ScriptSortType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:ScriptSortType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "number",
+          "version"
+        ]
+      },
+      "_types:NestedSortValue": {
+        "type": "object",
+        "properties": {
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_children": {
+            "type": "number"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          },
+          "path": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "path"
+        ]
+      },
+      "_global.search._types:SourceConfig": {
+        "description": "Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.",
+        "oneOf": [
+          {
+            "type": "boolean"
+          },
+          {
+            "$ref": "#/components/schemas/_global.search._types:SourceFilter"
+          }
+        ]
+      },
+      "_global.search._types:SourceFilter": {
+        "type": "object",
+        "properties": {
+          "excludes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "includes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          }
+        }
+      },
+      "_types.query_dsl:ChildScoreMode": {
+        "type": "string",
+        "enum": [
+          "none",
+          "avg",
+          "sum",
+          "max",
+          "min"
+        ]
+      },
+      "_types:RelationName": {
+        "type": "string"
+      },
+      "_types.query_dsl:HasParentQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `parent_type` and not return any documents instead of an error.\nYou can use this parameter to query multiple indices that may not contain the `parent_type`.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "parent_type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score": {
+                "description": "Indicates whether the relevance score of a matching parent document is aggregated into its child documents.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "parent_type",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:IdsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "values": {
+                "$ref": "#/components/schemas/_types:Ids"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Ids": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Id"
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "all_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+              },
+              "any_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+              },
+              "fuzzy": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+              },
+              "prefix": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+              },
+              "wildcard": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsAllOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to combine. All rules must produce a match in a document for the overall source to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nIntervals produced by the rules further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, intervals produced by the rules should appear in the order in which they are specified.",
+            "type": "boolean"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsContainer": {
+        "type": "object",
+        "properties": {
+          "all_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+          },
+          "any_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+          },
+          "fuzzy": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+          },
+          "match": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+          },
+          "prefix": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+          },
+          "wildcard": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsAnyOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsFilter": {
+        "type": "object",
+        "properties": {
+          "after": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "before": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsFuzzy": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to normalize the term.",
+            "type": "string"
+          },
+          "fuzziness": {
+            "$ref": "#/components/schemas/_types:Fuzziness"
+          },
+          "prefix_length": {
+            "description": "Number of beginning characters left unchanged when creating expansions.",
+            "type": "number"
+          },
+          "term": {
+            "description": "The term to match.",
+            "type": "string"
+          },
+          "transpositions": {
+            "description": "Indicates whether edits include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+            "type": "boolean"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "term"
+        ]
+      },
+      "_types.query_dsl:IntervalsMatch": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze terms in the query.",
+            "type": "string"
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nTerms further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, matching terms must appear in their specified order.",
+            "type": "boolean"
+          },
+          "query": {
+            "description": "Text you wish to find in the provided field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "query"
+        ]
+      },
+      "_types.query_dsl:IntervalsPrefix": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze the `prefix`.",
+            "type": "string"
+          },
+          "prefix": {
+            "description": "Beginning characters of terms you wish to find in the top-level field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "prefix"
+        ]
+      },
+      "_types.query_dsl:IntervalsWildcard": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "description": "Analyzer used to analyze the `pattern`.\nDefaults to the top-level field's analyzer.",
+            "type": "string"
+          },
+          "pattern": {
+            "description": "Wildcard pattern used to find matching terms.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "pattern"
+        ]
+      },
+      "_types:KnnQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query_vector": {
+                "$ref": "#/components/schemas/_types:QueryVector"
+              },
+              "query_vector_builder": {
+                "$ref": "#/components/schemas/_types:QueryVectorBuilder"
+              },
+              "num_candidates": {
+                "description": "The number of nearest neighbor candidates to consider per shard",
+                "type": "number"
+              },
+              "filter": {
+                "description": "Filters for the kNN search query",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "similarity": {
+                "description": "The minimum similarity for a vector to be considered a match",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:QueryVector": {
+        "type": "array",
+        "items": {
+          "type": "number"
+        }
+      },
+      "_types:QueryVectorBuilder": {
+        "type": "object",
+        "properties": {
+          "text_embedding": {
+            "$ref": "#/components/schemas/_types:TextEmbedding"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:TextEmbedding": {
+        "type": "object",
+        "properties": {
+          "model_id": {
+            "type": "string"
+          },
+          "model_text": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "model_id",
+          "model_text"
+        ]
+      },
+      "_types.query_dsl:MatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ZeroTermsQuery": {
+        "type": "string",
+        "enum": [
+          "all",
+          "none"
+        ]
+      },
+      "_types.query_dsl:MatchAllQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchBoolPrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Terms you wish to find in the provided field.\nThe last term is used in a prefix query.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchNoneQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhraseQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "query": {
+                "description": "Query terms that are analyzed and turned into a phrase query.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhrasePrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query value into tokens.",
+                "type": "string"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the last provided term of the query value will expand.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MoreLikeThisQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "The analyzer that is used to analyze the free form text.\nDefaults to the analyzer associated with the first field in fields.",
+                "type": "string"
+              },
+              "boost_terms": {
+                "description": "Each term in the formed query could be further boosted by their tf-idf score.\nThis sets the boost factor to use when using this feature.\nDefaults to deactivated (0).",
+                "type": "number"
+              },
+              "fail_on_unsupported_field": {
+                "description": "Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (`text` or `keyword`).",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "A list of fields to fetch and analyze the text from.\nDefaults to the `index.query.default_field` index setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "include": {
+                "description": "Specifies whether the input documents should also be included in the search results returned.",
+                "type": "boolean"
+              },
+              "like": {
+                "description": "Specifies free form text and/or a single or multiple documents for which you want to find similar documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "max_doc_freq": {
+                "description": "The maximum document frequency above which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "max_query_terms": {
+                "description": "The maximum number of query terms that can be selected.",
+                "type": "number"
+              },
+              "max_word_length": {
+                "description": "The maximum word length above which the terms are ignored.\nDefaults to unbounded (`0`).",
+                "type": "number"
+              },
+              "min_doc_freq": {
+                "description": "The minimum document frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "min_term_freq": {
+                "description": "The minimum term frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "min_word_length": {
+                "description": "The minimum word length below which the terms are ignored.",
+                "type": "number"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "stop_words": {
+                "$ref": "#/components/schemas/_types.analysis:StopWords"
+              },
+              "unlike": {
+                "description": "Used in combination with `like` to exclude documents that match a set of terms.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              },
+              "version_type": {
+                "$ref": "#/components/schemas/_types:VersionType"
+              }
+            },
+            "required": [
+              "like"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Like": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-mlt-query.html#_document_input_parameters"
+        },
+        "description": "Text that we want similar documents for or a lookup to a document's field for the text.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:LikeDocument"
+          }
+        ]
+      },
+      "_types.query_dsl:LikeDocument": {
+        "type": "object",
+        "properties": {
+          "doc": {
+            "description": "A document not present in the index.",
+            "type": "object"
+          },
+          "fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          },
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "per_field_analyzer": {
+            "description": "Overrides the default analyzer.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          },
+          "routing": {
+            "$ref": "#/components/schemas/_types:Routing"
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionNumber"
+          },
+          "version_type": {
+            "$ref": "#/components/schemas/_types:VersionType"
+          }
+        }
+      },
+      "_types:Routing": {
+        "type": "string"
+      },
+      "_types:VersionNumber": {
+        "type": "number"
+      },
+      "_types:VersionType": {
+        "type": "string",
+        "enum": [
+          "internal",
+          "external",
+          "external_gte",
+          "force"
+        ]
+      },
+      "_types.query_dsl:MultiMatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "tie_breaker": {
+                "description": "Determines how scores for each per-term blended query and scores across groups are combined.",
+                "type": "number"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextQueryType": {
+        "type": "string",
+        "enum": [
+          "best_fields",
+          "most_fields",
+          "cross_fields",
+          "phrase",
+          "phrase_prefix",
+          "bool_prefix"
+        ]
+      },
+      "_types.query_dsl:NestedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped path and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              }
+            },
+            "required": [
+              "path",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ParentIdQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:PercolateQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "document": {
+                "description": "The source of the document being percolated.",
+                "type": "object"
+              },
+              "documents": {
+                "description": "An array of sources of the documents being percolated.",
+                "type": "array",
+                "items": {
+                  "type": "object"
+                }
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "index": {
+                "$ref": "#/components/schemas/_types:IndexName"
+              },
+              "name": {
+                "description": "The suffix used for the `_percolator_document_slot` field when multiple `percolate` queries are specified.",
+                "type": "string"
+              },
+              "preference": {
+                "description": "Preference used to fetch document to percolate.",
+                "type": "string"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "allOf": [
+              {
+                "type": "object",
+                "properties": {
+                  "organic": {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  }
+                },
+                "required": [
+                  "organic"
+                ]
+              },
+              {
+                "type": "object",
+                "properties": {
+                  "ids": {
+                    "description": "Document IDs listed in the order they are to appear in results.\nRequired if `docs` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types:Id"
+                    }
+                  },
+                  "docs": {
+                    "description": "Documents listed in the order they are to appear in results.\nRequired if `ids` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:PinnedDoc"
+                    }
+                  }
+                },
+                "minProperties": 1,
+                "maxProperties": 1
+              }
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedDoc": {
+        "type": "object",
+        "properties": {
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          }
+        },
+        "required": [
+          "_id",
+          "_index"
+        ]
+      },
+      "_types.query_dsl:PrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Beginning characters of terms you wish to find in the provided field.",
+                "type": "string"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nDefault is `false` which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:QueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "allow_leading_wildcard": {
+                "description": "If `true`, the wildcard characters `*` and `?` are allowed as the first character of the query string.",
+                "type": "boolean"
+              },
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "default_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "enable_position_increments": {
+                "description": "If `true`, enable position increments in queries constructed from a `query_string` search.",
+                "type": "boolean"
+              },
+              "escape": {
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of fields to search. Supports wildcards (`*`).",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "phrase_slop": {
+                "description": "Maximum number of positions allowed between matching tokens for phrases.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Query string you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_analyzer": {
+                "description": "Analyzer used to convert quoted text in the query string into tokens.\nFor quoted text, this parameter overrides the analyzer specified in the `analyzer` parameter.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.\nYou can use this suffix to use a different analysis method for exact matches.",
+                "type": "string"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "tie_breaker": {
+                "description": "How to combine the queries generated from the individual search terms in the resulting `dis_max` query.",
+                "type": "number"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:TimeZone": {
+        "type": "string"
+      },
+      "_types.query_dsl:RangeQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumberRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsRangeQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:DateRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "gte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types:DateFormat"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeQueryBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "relation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RangeRelation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeRelation": {
+        "type": "string",
+        "enum": [
+          "within",
+          "contains",
+          "intersects"
+        ]
+      },
+      "_types:DateFormat": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+        },
+        "type": "string"
+      },
+      "_types.query_dsl:NumberRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "number"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "number"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "number"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "number"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:TermsRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "string"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "string"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "string"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "string"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "saturation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSaturation"
+              },
+              "log": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLogarithm"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLinear"
+              },
+              "sigmoid": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSigmoid"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSaturation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunction": {
+        "type": "object"
+      },
+      "_types.query_dsl:RankFeatureFunctionLogarithm": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "scaling_factor": {
+                "description": "Configurable scaling factor.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "scaling_factor"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionLinear": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSigmoid": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              },
+              "exponent": {
+                "description": "Configurable Exponent.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "pivot",
+              "exponent"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RegexpQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the regular expression value with the indexed field values when set to `true`.\nWhen `false`, case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "flags": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Enables optional operators for the regular expression.",
+                "type": "string"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Regular expression for terms you wish to find in the provided field.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RuleQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "organic": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "ruleset_id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "match_criteria": {
+                "type": "object"
+              }
+            },
+            "required": [
+              "organic",
+              "ruleset_id",
+              "match_criteria"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "min_score": {
+                "description": "Documents with a score lower than this floating point number are excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "query",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "When set to `true` the query ignores an unmapped field and will not match any documents.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, the parser creates a match_phrase query for each multi-position token.",
+                "type": "boolean"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "fields": {
+                "description": "Array of fields you wish to search.\nAccepts wildcard expressions.\nYou also can boost relevance scores for matches to particular fields using a caret (`^`) notation.\nDefaults to the `index.query.default_field index` setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "flags": {
+                "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlags"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "description": "Query string in the simple query string syntax you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlags": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html#supported-flags"
+        },
+        "description": "Query flags can be either a single flag or a combination of flags, e.g. `OR|AND|PREFIX`",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag"
+          }
+        ]
+      },
+      "_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag": {
+        "description": "A set of flags that can be represented as a single enum value or a set of values that are encoded\nas a pipe-separated string\n\nDepending on the target language, code generators can use this hint to generate language specific\nflags enum constructs and the corresponding (de-)serialization code.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlag"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlag": {
+        "type": "string",
+        "enum": [
+          "NONE",
+          "AND",
+          "NOT",
+          "OR",
+          "PREFIX",
+          "PHRASE",
+          "PRECEDENCE",
+          "ESCAPE",
+          "WHITESPACE",
+          "FUZZY",
+          "NEAR",
+          "SLOP",
+          "ALL"
+        ]
+      },
+      "_types.query_dsl:SpanContainingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanQuery": {
+        "type": "object",
+        "properties": {
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_gap": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanGapQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "description": "The equivalent of the `term` query but for use with other span queries.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanFieldMaskingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "field",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanFirstQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "end": {
+                "description": "Controls the maximum end position permitted in a match.",
+                "type": "number"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "end",
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanGapQuery": {
+        "description": "Can only be used as a clause in a span_near query.",
+        "type": "object",
+        "additionalProperties": {
+          "type": "number"
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanMultiTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNearQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              },
+              "in_order": {
+                "description": "Controls whether matches are required to be in-order.",
+                "type": "boolean"
+              },
+              "slop": {
+                "description": "Controls the maximum number of intervening unmatched positions permitted.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNotQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "dist": {
+                "description": "The number of tokens from within the include span that can’t have overlap with the exclude span.\nEquivalent to setting both `pre` and `post`.",
+                "type": "number"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "post": {
+                "description": "The number of tokens after the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              },
+              "pre": {
+                "description": "The number of tokens before the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "exclude",
+              "include"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanOrQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanWithinQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "$ref": "#/components/schemas/_types:FieldValue"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nWhen `false`, the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:FieldValue": {
+        "description": "A field value.",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          },
+          {
+            "type": "boolean"
+          },
+          {
+            "nullable": true,
+            "type": "string"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsSetQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimum_should_match_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "minimum_should_match_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "terms": {
+                "description": "Array of terms you wish to find in the provided field.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextExpansionQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "description": "The text expansion NLP model to use",
+                "type": "string"
+              },
+              "model_text": {
+                "description": "The query text",
+                "type": "string"
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "model_id",
+              "model_text"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TokenPruningConfig": {
+        "type": "object",
+        "properties": {
+          "tokens_freq_ratio_threshold": {
+            "description": "Tokens whose frequency is more than this threshold times the average frequency of all tokens in the specified field are considered outliers and pruned.",
+            "type": "number"
+          },
+          "tokens_weight_threshold": {
+            "description": "Tokens whose weight is less than this threshold are considered nonsignificant and pruned.",
+            "type": "number"
+          },
+          "only_score_pruned_tokens": {
+            "description": "Whether to only score pruned tokens, vs only scoring kept tokens.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.query_dsl:WeightedTokensQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "tokens": {
+                "description": "The tokens representing this query",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "tokens"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:WildcardQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when wildcard is not set.",
+                "type": "string"
+              },
+              "wildcard": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when value is not set.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:WrapperQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "query": {
+                "description": "A base64 encoded query.\nThe binary data format can be any of JSON, YAML, CBOR or SMILE encodings",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TypeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.mapping:RuntimeFields": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types.mapping:RuntimeField"
+        }
+      },
+      "_types.mapping:RuntimeField": {
+        "type": "object",
+        "properties": {
+          "fetch_fields": {
+            "description": "For type `lookup`",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.mapping:RuntimeFieldFetchFields"
+            }
+          },
+          "format": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+            },
+            "description": "A custom format for `date` type runtime fields.",
+            "type": "string"
+          },
+          "input_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.mapping:RuntimeFieldType"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.mapping:RuntimeFieldFetchFields": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.mapping:RuntimeFieldType": {
+        "type": "string",
+        "enum": [
+          "boolean",
+          "composite",
+          "date",
+          "double",
+          "geo_point",
+          "ip",
+          "keyword",
+          "long",
+          "lookup"
+        ]
+      },
+      "_types:HttpHeaders": {
+        "type": "object",
+        "additionalProperties": {
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          ]
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/packages/ml/json_schemas/src/put___ml_datafeeds__datafeed_id__schema.json b/x-pack/packages/ml/json_schemas/src/put___ml_datafeeds__datafeed_id__schema.json
new file mode 100644
index 0000000000000..575411eb3a8c2
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/src/put___ml_datafeeds__datafeed_id__schema.json
@@ -0,0 +1,8054 @@
+{
+  "type": "object",
+  "properties": {
+    "aggregations": {
+      "description": "If set, the datafeed performs aggregation searches.\nSupport for aggregations is limited and should be used only with low cardinality data.",
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+      }
+    },
+    "chunking_config": {
+      "$ref": "#/components/schemas/ml._types:ChunkingConfig"
+    },
+    "delayed_data_check_config": {
+      "$ref": "#/components/schemas/ml._types:DelayedDataCheckConfig"
+    },
+    "frequency": {
+      "$ref": "#/components/schemas/_types:Duration"
+    },
+    "indices": {
+      "$ref": "#/components/schemas/_types:Indices"
+    },
+    "indices_options": {
+      "$ref": "#/components/schemas/_types:IndicesOptions"
+    },
+    "job_id": {
+      "$ref": "#/components/schemas/_types:Id"
+    },
+    "max_empty_searches": {
+      "description": "If a real-time datafeed has never seen any data (including during any initial training period), it automatically\nstops and closes the associated job after this many real-time searches return no documents. In other words,\nit stops after `frequency` times `max_empty_searches` of real-time operation. If not set, a datafeed with no\nend time that sees no data remains started until it is explicitly stopped. By default, it is not set.",
+      "type": "number"
+    },
+    "query": {
+      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+    },
+    "query_delay": {
+      "$ref": "#/components/schemas/_types:Duration"
+    },
+    "runtime_mappings": {
+      "$ref": "#/components/schemas/_types.mapping:RuntimeFields"
+    },
+    "script_fields": {
+      "description": "Specifies scripts that evaluate custom expressions and returns script fields to the datafeed.\nThe detector configuration objects in a job can contain functions that use these script fields.",
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/components/schemas/_types:ScriptField"
+      }
+    },
+    "scroll_size": {
+      "description": "The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations.\nThe maximum value is the value of `index.max_result_window`, which is 10,000 by default.",
+      "type": "number"
+    },
+    "headers": {
+      "$ref": "#/components/schemas/_types:HttpHeaders"
+    },
+    "datafeed_id": {
+      "type": "string"
+    }
+  },
+  "components": {
+    "schemas": {
+      "_types.aggregations:AggregationContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "aggregations": {
+                "description": "Sub-aggregations for this aggregation.\nOnly applies to bucket aggregations.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+                }
+              },
+              "meta": {
+                "$ref": "#/components/schemas/_types:Metadata"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "adjacency_matrix": {
+                "$ref": "#/components/schemas/_types.aggregations:AdjacencyMatrixAggregation"
+              },
+              "auto_date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:AutoDateHistogramAggregation"
+              },
+              "avg": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageAggregation"
+              },
+              "avg_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageBucketAggregation"
+              },
+              "boxplot": {
+                "$ref": "#/components/schemas/_types.aggregations:BoxplotAggregation"
+              },
+              "bucket_script": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketScriptAggregation"
+              },
+              "bucket_selector": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSelectorAggregation"
+              },
+              "bucket_sort": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSortAggregation"
+              },
+              "bucket_count_ks_test": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketKsAggregation"
+              },
+              "bucket_correlation": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationAggregation"
+              },
+              "cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityAggregation"
+              },
+              "categorize_text": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAggregation"
+              },
+              "children": {
+                "$ref": "#/components/schemas/_types.aggregations:ChildrenAggregation"
+              },
+              "composite": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregation"
+              },
+              "cumulative_cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeCardinalityAggregation"
+              },
+              "cumulative_sum": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeSumAggregation"
+              },
+              "date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:DateHistogramAggregation"
+              },
+              "date_range": {
+                "$ref": "#/components/schemas/_types.aggregations:DateRangeAggregation"
+              },
+              "derivative": {
+                "$ref": "#/components/schemas/_types.aggregations:DerivativeAggregation"
+              },
+              "diversified_sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:DiversifiedSamplerAggregation"
+              },
+              "extended_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsAggregation"
+              },
+              "extended_stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsBucketAggregation"
+              },
+              "frequent_item_sets": {
+                "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsAggregation"
+              },
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:FiltersAggregation"
+              },
+              "geo_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoBoundsAggregation"
+              },
+              "geo_centroid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoCentroidAggregation"
+              },
+              "geo_distance": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoDistanceAggregation"
+              },
+              "geohash_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoHashGridAggregation"
+              },
+              "geo_line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "geotile_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoTileGridAggregation"
+              },
+              "geohex_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeohexGridAggregation"
+              },
+              "global": {
+                "$ref": "#/components/schemas/_types.aggregations:GlobalAggregation"
+              },
+              "histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:HistogramAggregation"
+              },
+              "ip_range": {
+                "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregation"
+              },
+              "ip_prefix": {
+                "$ref": "#/components/schemas/_types.aggregations:IpPrefixAggregation"
+              },
+              "inference": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceAggregation"
+              },
+              "line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "matrix_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:MatrixStatsAggregation"
+              },
+              "max": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxAggregation"
+              },
+              "max_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxBucketAggregation"
+              },
+              "median_absolute_deviation": {
+                "$ref": "#/components/schemas/_types.aggregations:MedianAbsoluteDeviationAggregation"
+              },
+              "min": {
+                "$ref": "#/components/schemas/_types.aggregations:MinAggregation"
+              },
+              "min_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MinBucketAggregation"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingAggregation"
+              },
+              "moving_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregation"
+              },
+              "moving_percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingPercentilesAggregation"
+              },
+              "moving_fn": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingFunctionAggregation"
+              },
+              "multi_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:MultiTermsAggregation"
+              },
+              "nested": {
+                "$ref": "#/components/schemas/_types.aggregations:NestedAggregation"
+              },
+              "normalize": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeAggregation"
+              },
+              "parent": {
+                "$ref": "#/components/schemas/_types.aggregations:ParentAggregation"
+              },
+              "percentile_ranks": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentileRanksAggregation"
+              },
+              "percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesAggregation"
+              },
+              "percentiles_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesBucketAggregation"
+              },
+              "range": {
+                "$ref": "#/components/schemas/_types.aggregations:RangeAggregation"
+              },
+              "rare_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:RareTermsAggregation"
+              },
+              "rate": {
+                "$ref": "#/components/schemas/_types.aggregations:RateAggregation"
+              },
+              "reverse_nested": {
+                "$ref": "#/components/schemas/_types.aggregations:ReverseNestedAggregation"
+              },
+              "sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregation"
+              },
+              "scripted_metric": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedMetricAggregation"
+              },
+              "serial_diff": {
+                "$ref": "#/components/schemas/_types.aggregations:SerialDifferencingAggregation"
+              },
+              "significant_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTermsAggregation"
+              },
+              "significant_text": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTextAggregation"
+              },
+              "stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsAggregation"
+              },
+              "stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsBucketAggregation"
+              },
+              "string_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StringStatsAggregation"
+              },
+              "sum": {
+                "$ref": "#/components/schemas/_types.aggregations:SumAggregation"
+              },
+              "sum_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:SumBucketAggregation"
+              },
+              "terms": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregation"
+              },
+              "top_hits": {
+                "$ref": "#/components/schemas/_types.aggregations:TopHitsAggregation"
+              },
+              "t_test": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestAggregation"
+              },
+              "top_metrics": {
+                "$ref": "#/components/schemas/_types.aggregations:TopMetricsAggregation"
+              },
+              "value_count": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueCountAggregation"
+              },
+              "weighted_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageAggregation"
+              },
+              "variable_width_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:VariableWidthHistogramAggregation"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types:Metadata": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "object"
+        }
+      },
+      "_types.aggregations:AdjacencyMatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "description": "Filters used to create buckets.\nAt least one filter is required.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "separator": {
+                "description": "Separator used to concatenate filter names. Defaults to &.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:Aggregation": {
+        "type": "object"
+      },
+      "_types.query_dsl:QueryContainer": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html"
+        },
+        "type": "object",
+        "properties": {
+          "bool": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoolQuery"
+          },
+          "boosting": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoostingQuery"
+          },
+          "common": {
+            "deprecated": true,
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:CommonTermsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "combined_fields": {
+            "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsQuery"
+          },
+          "constant_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ConstantScoreQuery"
+          },
+          "dis_max": {
+            "$ref": "#/components/schemas/_types.query_dsl:DisMaxQuery"
+          },
+          "distance_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQuery"
+          },
+          "exists": {
+            "$ref": "#/components/schemas/_types.query_dsl:ExistsQuery"
+          },
+          "function_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreQuery"
+          },
+          "fuzzy": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-fuzzy-query.html"
+            },
+            "description": "Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:FuzzyQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "geo_bounding_box": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoBoundingBoxQuery"
+          },
+          "geo_distance": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceQuery"
+          },
+          "geo_polygon": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoPolygonQuery"
+          },
+          "geo_shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoShapeQuery"
+          },
+          "has_child": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasChildQuery"
+          },
+          "has_parent": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasParentQuery"
+          },
+          "ids": {
+            "$ref": "#/components/schemas/_types.query_dsl:IdsQuery"
+          },
+          "intervals": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-intervals-query.html"
+            },
+            "description": "Returns documents based on the order and proximity of matching terms.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "knn": {
+            "$ref": "#/components/schemas/_types:KnnQuery"
+          },
+          "match": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html"
+            },
+            "description": "Returns documents that match a provided text, number, date or boolean value.\nThe provided text is analyzed before matching.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_all": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchAllQuery"
+          },
+          "match_bool_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-bool-prefix-query.html"
+            },
+            "description": "Analyzes its input and constructs a `bool` query from the terms.\nEach term except the last is used in a `term` query.\nThe last term is used in a prefix query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchBoolPrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_none": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchNoneQuery"
+          },
+          "match_phrase": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase.html"
+            },
+            "description": "Analyzes the text and creates a phrase query out of the analyzed text.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhraseQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_phrase_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase-prefix.html"
+            },
+            "description": "Returns documents that contain the words of a provided text, in the same order as provided.\nThe last term of the provided text is treated as a prefix, matching any words that begin with that term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhrasePrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "more_like_this": {
+            "$ref": "#/components/schemas/_types.query_dsl:MoreLikeThisQuery"
+          },
+          "multi_match": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiMatchQuery"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types.query_dsl:NestedQuery"
+          },
+          "parent_id": {
+            "$ref": "#/components/schemas/_types.query_dsl:ParentIdQuery"
+          },
+          "percolate": {
+            "$ref": "#/components/schemas/_types.query_dsl:PercolateQuery"
+          },
+          "pinned": {
+            "$ref": "#/components/schemas/_types.query_dsl:PinnedQuery"
+          },
+          "prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-prefix-query.html"
+            },
+            "description": "Returns documents that contain a specific prefix in a provided field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:PrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryStringQuery"
+          },
+          "range": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html"
+            },
+            "description": "Returns documents that contain terms within a provided range.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RangeQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rank_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureQuery"
+          },
+          "regexp": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html"
+            },
+            "description": "Returns documents that contain terms matching a regular expression.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RegexpQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rule_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:RuleQuery"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptQuery"
+          },
+          "script_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreQuery"
+          },
+          "shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:ShapeQuery"
+          },
+          "simple_query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringQuery"
+          },
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-span-term-query.html"
+            },
+            "description": "Matches spans containing a term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          },
+          "term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html"
+            },
+            "description": "Returns documents that contain an exact term in a provided field.\nTo return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsQuery"
+          },
+          "terms_set": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-set-query.html"
+            },
+            "description": "Returns documents that contain a minimum number of exact terms in a provided field.\nTo return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermsSetQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "text_expansion": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-text-expansion-query.html"
+            },
+            "description": "Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TextExpansionQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "weighted_tokens": {
+            "description": "Supports returning text_expansion query results by sending in precomputed tokens with the query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WeightedTokensQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wildcard": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html"
+            },
+            "description": "Returns documents that contain terms matching a wildcard pattern.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WildcardQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wrapper": {
+            "$ref": "#/components/schemas/_types.query_dsl:WrapperQuery"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.query_dsl:TypeQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:BoolQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "description": "The clause (query) must appear in matching documents.\nHowever, unlike `must`, the score of the query will be ignored.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "must": {
+                "description": "The clause (query) must appear in matching documents and will contribute to the score.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "must_not": {
+                "description": "The clause (query) must not appear in the matching documents.\nBecause scoring is ignored, a score of `0` is returned for all documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "should": {
+                "description": "The clause (query) should appear in the matching document.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:QueryBase": {
+        "type": "object",
+        "properties": {
+          "boost": {
+            "description": "Floating point number used to decrease or increase the relevance scores of the query.\nBoost values are relative to the default value of 1.0.\nA boost value between 0 and 1.0 decreases the relevance score.\nA value greater than 1.0 increases the relevance score.",
+            "type": "number"
+          },
+          "_name": {
+            "type": "string"
+          }
+        }
+      },
+      "_types:MinimumShouldMatch": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-minimum-should-match.html"
+        },
+        "description": "The minimum number of terms that should match as integer, percentage or range",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:BoostingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "negative_boost": {
+                "description": "Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the `negative` query.",
+                "type": "number"
+              },
+              "negative": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "positive": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "negative_boost",
+              "negative",
+              "positive"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CommonTermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "type": "string"
+              },
+              "cutoff_frequency": {
+                "type": "number"
+              },
+              "high_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "low_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Operator": {
+        "type": "string",
+        "enum": [
+          "and",
+          "AND",
+          "or",
+          "OR"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "description": "List of fields to search. Field wildcard patterns are allowed. Only `text` fields are supported, and they must all have the same search `analyzer`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "query": {
+                "description": "Text to search for in the provided `fields`.\nThe `combined_fields` query analyzes the provided text before performing a search.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If true, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsOperator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsZeroTerms"
+              }
+            },
+            "required": [
+              "fields",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:Field": {
+        "description": "Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.",
+        "type": "string"
+      },
+      "_types.query_dsl:CombinedFieldsOperator": {
+        "type": "string",
+        "enum": [
+          "or",
+          "and"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsZeroTerms": {
+        "type": "string",
+        "enum": [
+          "none",
+          "all"
+        ]
+      },
+      "_types.query_dsl:ConstantScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "filter"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DisMaxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "queries": {
+                "description": "One or more query clauses.\nReturned documents must match one or more of these queries.\nIf a document matches multiple queries, Elasticsearch uses the highest relevance score.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "tie_breaker": {
+                "description": "Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "queries"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceFeatureQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDistanceFeatureQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:GeoLocation": {
+        "description": "A latitude/longitude as a 2 dimensional point. It can be represented in various ways:\n- as a `{lat, long}` object\n- as a geo hash value\n- as a `[lon, lat]` array\n- as a string in `\"<lat>, <lon>\"` or WKT point formats",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:LatLonGeoLocation"
+          },
+          {
+            "$ref": "#/components/schemas/_types:GeoHashLocation"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:LatLonGeoLocation": {
+        "type": "object",
+        "properties": {
+          "lat": {
+            "description": "Latitude",
+            "type": "number"
+          },
+          "lon": {
+            "description": "Longitude",
+            "type": "number"
+          }
+        },
+        "required": [
+          "lat",
+          "lon"
+        ]
+      },
+      "_types:GeoHashLocation": {
+        "type": "object",
+        "properties": {
+          "geohash": {
+            "$ref": "#/components/schemas/_types:GeoHash"
+          }
+        },
+        "required": [
+          "geohash"
+        ]
+      },
+      "_types:GeoHash": {
+        "type": "string"
+      },
+      "_types:Distance": {
+        "type": "string"
+      },
+      "_types.query_dsl:DateDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:DateMath": {
+        "type": "string"
+      },
+      "_types:Duration": {
+        "externalDocs": {
+          "url": "https://github.com/elastic/elasticsearch/blob/current/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java"
+        },
+        "description": "A duration. Units can be `nanos`, `micros`, `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours) and\n`d` (days). Also accepts \"0\" without a unit and \"-1\" to indicate an unspecified value.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "string",
+            "enum": [
+              "-1"
+            ]
+          },
+          {
+            "type": "string",
+            "enum": [
+              "0"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ExistsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "boost_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionBoostMode"
+              },
+              "functions": {
+                "description": "One or more functions that compute a new score for each document returned by the query.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreContainer"
+                }
+              },
+              "max_boost": {
+                "description": "Restricts the new score to not exceed the provided limit.",
+                "type": "number"
+              },
+              "min_score": {
+                "description": "Excludes documents that do not meet the provided score threshold.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionBoostMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "replace",
+          "sum",
+          "avg",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FunctionScoreContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "weight": {
+                "type": "number"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exp": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "gauss": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "field_value_factor": {
+                "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorScoreFunction"
+              },
+              "random_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:RandomScoreFunction"
+              },
+              "script_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreFunction"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunction": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumericDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDecayFunction"
+          }
+        ]
+      },
+      "_types.query_dsl:DateDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunctionBase": {
+        "type": "object",
+        "properties": {
+          "multi_value_mode": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiValueMode"
+          }
+        }
+      },
+      "_types.query_dsl:MultiValueMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "avg",
+          "sum"
+        ]
+      },
+      "_types.query_dsl:NumericDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "factor": {
+            "description": "Optional factor to multiply the field value with.",
+            "type": "number"
+          },
+          "missing": {
+            "description": "Value used if the document doesn’t have that field.\nThe modifier and factor are still applied to it as though it were read from the document.",
+            "type": "number"
+          },
+          "modifier": {
+            "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorModifier"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorModifier": {
+        "type": "string",
+        "enum": [
+          "none",
+          "log",
+          "log1p",
+          "log2p",
+          "ln",
+          "ln1p",
+          "ln2p",
+          "square",
+          "sqrt",
+          "reciprocal"
+        ]
+      },
+      "_types.query_dsl:RandomScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "seed": {
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.query_dsl:ScriptScoreFunction": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Script": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:InlineScript"
+          },
+          {
+            "$ref": "#/components/schemas/_types:StoredScriptId"
+          }
+        ]
+      },
+      "_types:InlineScript": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lang": {
+                "$ref": "#/components/schemas/_types:ScriptLanguage"
+              },
+              "options": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "string"
+                }
+              },
+              "source": {
+                "description": "The script source.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "source"
+            ]
+          }
+        ]
+      },
+      "_types:ScriptBase": {
+        "type": "object",
+        "properties": {
+          "params": {
+            "description": "Specifies any named parameters that are passed into the script as variables.\nUse parameters instead of hard-coded values to decrease compile time.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          }
+        }
+      },
+      "_types:ScriptLanguage": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "painless",
+              "expression",
+              "mustache",
+              "java"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:StoredScriptId": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              }
+            },
+            "required": [
+              "id"
+            ]
+          }
+        ]
+      },
+      "_types:Id": {
+        "type": "string"
+      },
+      "_types.query_dsl:FunctionScoreMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "sum",
+          "avg",
+          "first",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FuzzyQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "max_expansions": {
+                "description": "Maximum number of variations created.",
+                "type": "number"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged when creating expansions.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "transpositions": {
+                "description": "Indicates whether edits include transpositions of two adjacent characters (for example `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "value": {
+                "description": "Term you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:MultiTermQueryRewrite": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-multi-term-rewrite.html"
+        },
+        "type": "string"
+      },
+      "_types:Fuzziness": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#fuzziness"
+        },
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoBoundingBoxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoExecution"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoExecution": {
+        "type": "string",
+        "enum": [
+          "memory",
+          "indexed"
+        ]
+      },
+      "_types.query_dsl:GeoValidationMethod": {
+        "type": "string",
+        "enum": [
+          "coerce",
+          "ignore_malformed",
+          "strict"
+        ]
+      },
+      "_types.query_dsl:GeoDistanceQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "distance"
+            ]
+          }
+        ]
+      },
+      "_types:GeoDistanceType": {
+        "type": "string",
+        "enum": [
+          "arc",
+          "plane"
+        ]
+      },
+      "_types.query_dsl:GeoPolygonQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:HasChildQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "max_children": {
+                "description": "Maximum number of child documents that match the query allowed for a returned parent document.\nIf the parent document exceeds this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "min_children": {
+                "description": "Minimum number of child documents that match the query required to match the query for a returned parent document.\nIf the parent document does not meet this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            },
+            "required": [
+              "query",
+              "type"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:InnerHits": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "size": {
+            "description": "The maximum number of hits to return per `inner_hits`.",
+            "type": "number"
+          },
+          "from": {
+            "description": "Inner hit starting document offset.",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          },
+          "docvalue_fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+            }
+          },
+          "explain": {
+            "type": "boolean"
+          },
+          "highlight": {
+            "$ref": "#/components/schemas/_global.search._types:Highlight"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "script_fields": {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:ScriptField"
+            }
+          },
+          "seq_no_primary_term": {
+            "type": "boolean"
+          },
+          "fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types:Sort"
+          },
+          "_source": {
+            "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+          },
+          "stored_fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "track_scores": {
+            "type": "boolean"
+          },
+          "version": {
+            "type": "boolean"
+          }
+        }
+      },
+      "_types:Name": {
+        "type": "string"
+      },
+      "_global.search._types:FieldCollapse": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "inner_hits": {
+            "description": "The number of inner hits and their sort order",
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_global.search._types:InnerHits"
+                }
+              }
+            ]
+          },
+          "max_concurrent_group_searches": {
+            "description": "The number of concurrent requests allowed to retrieve the inner_hits per group",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldAndFormat": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "description": "Format in which the values are returned.",
+            "type": "string"
+          },
+          "include_unmapped": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_global.search._types:Highlight": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "encoder": {
+                "$ref": "#/components/schemas/_global.search._types:HighlighterEncoder"
+              },
+              "fields": {
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_global.search._types:HighlightField"
+                }
+              }
+            },
+            "required": [
+              "fields"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:HighlightBase": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterType"
+          },
+          "boundary_chars": {
+            "description": "A string that contains each boundary character.",
+            "type": "string"
+          },
+          "boundary_max_scan": {
+            "description": "How far to scan for boundary characters.",
+            "type": "number"
+          },
+          "boundary_scanner": {
+            "$ref": "#/components/schemas/_global.search._types:BoundaryScanner"
+          },
+          "boundary_scanner_locale": {
+            "description": "Controls which locale is used to search for sentence and word boundaries.\nThis parameter takes a form of a language tag, for example: `\"en-US\"`, `\"fr-FR\"`, `\"ja-JP\"`.",
+            "type": "string"
+          },
+          "force_source": {
+            "deprecated": true,
+            "type": "boolean"
+          },
+          "fragmenter": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterFragmenter"
+          },
+          "fragment_size": {
+            "description": "The size of the highlighted fragment in characters.",
+            "type": "number"
+          },
+          "highlight_filter": {
+            "type": "boolean"
+          },
+          "highlight_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_fragment_length": {
+            "type": "number"
+          },
+          "max_analyzed_offset": {
+            "description": "If set to a non-negative value, highlighting stops at this defined maximum limit.\nThe rest of the text is not processed, thus not highlighted and no error is returned\nThe `max_analyzed_offset` query setting does not override the `index.highlight.max_analyzed_offset` setting, which prevails when it’s set to lower value than the query setting.",
+            "type": "number"
+          },
+          "no_match_size": {
+            "description": "The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.",
+            "type": "number"
+          },
+          "number_of_fragments": {
+            "description": "The maximum number of fragments to return.\nIf the number of fragments is set to `0`, no fragments are returned.\nInstead, the entire field contents are highlighted and returned.\nThis can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required.\nIf `number_of_fragments` is `0`, `fragment_size` is ignored.",
+            "type": "number"
+          },
+          "options": {
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          },
+          "order": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterOrder"
+          },
+          "phrase_limit": {
+            "description": "Controls the number of matching phrases in a document that are considered.\nPrevents the `fvh` highlighter from analyzing too many phrases and consuming too much memory.\nWhen using `matched_fields`, `phrase_limit` phrases per matched field are considered. Raising the limit increases query time and consumes more memory.\nOnly supported by the `fvh` highlighter.",
+            "type": "number"
+          },
+          "post_tags": {
+            "description": "Use in conjunction with `pre_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "pre_tags": {
+            "description": "Use in conjunction with `post_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "require_field_match": {
+            "description": "By default, only fields that contains a query match are highlighted.\nSet to `false` to highlight all fields.",
+            "type": "boolean"
+          },
+          "tags_schema": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterTagsSchema"
+          }
+        }
+      },
+      "_global.search._types:HighlighterType": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "plain",
+              "fvh",
+              "unified"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_global.search._types:BoundaryScanner": {
+        "type": "string",
+        "enum": [
+          "chars",
+          "sentence",
+          "word"
+        ]
+      },
+      "_global.search._types:HighlighterFragmenter": {
+        "type": "string",
+        "enum": [
+          "simple",
+          "span"
+        ]
+      },
+      "_global.search._types:HighlighterOrder": {
+        "type": "string",
+        "enum": [
+          "score"
+        ]
+      },
+      "_global.search._types:HighlighterTagsSchema": {
+        "type": "string",
+        "enum": [
+          "styled"
+        ]
+      },
+      "_global.search._types:HighlighterEncoder": {
+        "type": "string",
+        "enum": [
+          "default",
+          "html"
+        ]
+      },
+      "_global.search._types:HighlightField": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fragment_offset": {
+                "type": "number"
+              },
+              "matched_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "analyzer": {
+                "$ref": "#/components/schemas/_types.analysis:Analyzer"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Fields": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          }
+        ]
+      },
+      "_types.analysis:Analyzer": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CustomAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:FingerprintAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LanguageAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SimpleAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StandardAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StopAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WhitespaceAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SnowballAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DutchAnalyzer"
+          }
+        ]
+      },
+      "_types.analysis:CustomAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "custom"
+            ]
+          },
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "position_increment_gap": {
+            "type": "number"
+          },
+          "position_offset_gap": {
+            "type": "number"
+          },
+          "tokenizer": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "tokenizer"
+        ]
+      },
+      "_types.analysis:FingerprintAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "fingerprint"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "max_output_size": {
+            "type": "number"
+          },
+          "preserve_original": {
+            "type": "boolean"
+          },
+          "separator": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "max_output_size",
+          "preserve_original",
+          "separator"
+        ]
+      },
+      "_types:VersionString": {
+        "type": "string"
+      },
+      "_types.analysis:StopWords": {
+        "description": "Language value, such as _arabic_ or _thai_. Defaults to _english_.\nEach language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words.\nAlso accepts an array of stop words.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.analysis:KeywordAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "keyword"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:LanguageAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "language"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:Language"
+          },
+          "stem_exclusion": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "language",
+          "stem_exclusion"
+        ]
+      },
+      "_types.analysis:Language": {
+        "type": "string",
+        "enum": [
+          "Arabic",
+          "Armenian",
+          "Basque",
+          "Brazilian",
+          "Bulgarian",
+          "Catalan",
+          "Chinese",
+          "Cjk",
+          "Czech",
+          "Danish",
+          "Dutch",
+          "English",
+          "Estonian",
+          "Finnish",
+          "French",
+          "Galician",
+          "German",
+          "Greek",
+          "Hindi",
+          "Hungarian",
+          "Indonesian",
+          "Irish",
+          "Italian",
+          "Latvian",
+          "Norwegian",
+          "Persian",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Sorani",
+          "Spanish",
+          "Swedish",
+          "Turkish",
+          "Thai"
+        ]
+      },
+      "_types.analysis:NoriAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "nori"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "decompound_mode": {
+            "$ref": "#/components/schemas/_types.analysis:NoriDecompoundMode"
+          },
+          "stoptags": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:NoriDecompoundMode": {
+        "type": "string",
+        "enum": [
+          "discard",
+          "none",
+          "mixed"
+        ]
+      },
+      "_types.analysis:PatternAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "pattern"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "flags": {
+            "type": "string"
+          },
+          "lowercase": {
+            "type": "boolean"
+          },
+          "pattern": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "pattern"
+        ]
+      },
+      "_types.analysis:SimpleAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "simple"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StandardAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "standard"
+            ]
+          },
+          "max_token_length": {
+            "type": "number"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StopAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "stop"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:WhitespaceAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "whitespace"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:IcuAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "icu_analyzer"
+            ]
+          },
+          "method": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationMode"
+          }
+        },
+        "required": [
+          "type",
+          "method",
+          "mode"
+        ]
+      },
+      "_types.analysis:IcuNormalizationType": {
+        "type": "string",
+        "enum": [
+          "nfc",
+          "nfkc",
+          "nfkc_cf"
+        ]
+      },
+      "_types.analysis:IcuNormalizationMode": {
+        "type": "string",
+        "enum": [
+          "decompose",
+          "compose"
+        ]
+      },
+      "_types.analysis:KuromojiAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "kuromoji"
+            ]
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizationMode"
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "mode"
+        ]
+      },
+      "_types.analysis:KuromojiTokenizationMode": {
+        "type": "string",
+        "enum": [
+          "normal",
+          "search",
+          "extended"
+        ]
+      },
+      "_types.analysis:SnowballAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "snowball"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:SnowballLanguage"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "language"
+        ]
+      },
+      "_types.analysis:SnowballLanguage": {
+        "type": "string",
+        "enum": [
+          "Armenian",
+          "Basque",
+          "Catalan",
+          "Danish",
+          "Dutch",
+          "English",
+          "Finnish",
+          "French",
+          "German",
+          "German2",
+          "Hungarian",
+          "Italian",
+          "Kp",
+          "Lovins",
+          "Norwegian",
+          "Porter",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Spanish",
+          "Swedish",
+          "Turkish"
+        ]
+      },
+      "_types.analysis:DutchAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "dutch"
+            ]
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types:ScriptField": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "ignore_failure": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Sort": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:SortCombinations"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:SortCombinations"
+            }
+          }
+        ]
+      },
+      "_types:SortCombinations": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "$ref": "#/components/schemas/_types:SortOptions"
+          }
+        ]
+      },
+      "_types:SortOptions": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html"
+        },
+        "type": "object",
+        "properties": {
+          "_score": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_doc": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_geo_distance": {
+            "$ref": "#/components/schemas/_types:GeoDistanceSort"
+          },
+          "_script": {
+            "$ref": "#/components/schemas/_types:ScriptSort"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:ScoreSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types:SortOrder": {
+        "type": "string",
+        "enum": [
+          "asc",
+          "desc"
+        ]
+      },
+      "_types:GeoDistanceSort": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "distance_type": {
+            "$ref": "#/components/schemas/_types:GeoDistanceType"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "unit": {
+            "$ref": "#/components/schemas/_types:DistanceUnit"
+          }
+        }
+      },
+      "_types:SortMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "sum",
+          "avg",
+          "median"
+        ]
+      },
+      "_types:DistanceUnit": {
+        "type": "string",
+        "enum": [
+          "in",
+          "ft",
+          "yd",
+          "mi",
+          "nmi",
+          "km",
+          "m",
+          "cm",
+          "mm"
+        ]
+      },
+      "_types:ScriptSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types:ScriptSortType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:ScriptSortType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "number",
+          "version"
+        ]
+      },
+      "_types:NestedSortValue": {
+        "type": "object",
+        "properties": {
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_children": {
+            "type": "number"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          },
+          "path": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "path"
+        ]
+      },
+      "_global.search._types:SourceConfig": {
+        "description": "Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.",
+        "oneOf": [
+          {
+            "type": "boolean"
+          },
+          {
+            "$ref": "#/components/schemas/_global.search._types:SourceFilter"
+          }
+        ]
+      },
+      "_global.search._types:SourceFilter": {
+        "type": "object",
+        "properties": {
+          "excludes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "includes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          }
+        }
+      },
+      "_types.query_dsl:ChildScoreMode": {
+        "type": "string",
+        "enum": [
+          "none",
+          "avg",
+          "sum",
+          "max",
+          "min"
+        ]
+      },
+      "_types:RelationName": {
+        "type": "string"
+      },
+      "_types.query_dsl:HasParentQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `parent_type` and not return any documents instead of an error.\nYou can use this parameter to query multiple indices that may not contain the `parent_type`.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "parent_type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score": {
+                "description": "Indicates whether the relevance score of a matching parent document is aggregated into its child documents.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "parent_type",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:IdsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "values": {
+                "$ref": "#/components/schemas/_types:Ids"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Ids": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Id"
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "all_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+              },
+              "any_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+              },
+              "fuzzy": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+              },
+              "prefix": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+              },
+              "wildcard": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsAllOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to combine. All rules must produce a match in a document for the overall source to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nIntervals produced by the rules further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, intervals produced by the rules should appear in the order in which they are specified.",
+            "type": "boolean"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsContainer": {
+        "type": "object",
+        "properties": {
+          "all_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+          },
+          "any_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+          },
+          "fuzzy": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+          },
+          "match": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+          },
+          "prefix": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+          },
+          "wildcard": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsAnyOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsFilter": {
+        "type": "object",
+        "properties": {
+          "after": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "before": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsFuzzy": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to normalize the term.",
+            "type": "string"
+          },
+          "fuzziness": {
+            "$ref": "#/components/schemas/_types:Fuzziness"
+          },
+          "prefix_length": {
+            "description": "Number of beginning characters left unchanged when creating expansions.",
+            "type": "number"
+          },
+          "term": {
+            "description": "The term to match.",
+            "type": "string"
+          },
+          "transpositions": {
+            "description": "Indicates whether edits include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+            "type": "boolean"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "term"
+        ]
+      },
+      "_types.query_dsl:IntervalsMatch": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze terms in the query.",
+            "type": "string"
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nTerms further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, matching terms must appear in their specified order.",
+            "type": "boolean"
+          },
+          "query": {
+            "description": "Text you wish to find in the provided field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "query"
+        ]
+      },
+      "_types.query_dsl:IntervalsPrefix": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze the `prefix`.",
+            "type": "string"
+          },
+          "prefix": {
+            "description": "Beginning characters of terms you wish to find in the top-level field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "prefix"
+        ]
+      },
+      "_types.query_dsl:IntervalsWildcard": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "description": "Analyzer used to analyze the `pattern`.\nDefaults to the top-level field's analyzer.",
+            "type": "string"
+          },
+          "pattern": {
+            "description": "Wildcard pattern used to find matching terms.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "pattern"
+        ]
+      },
+      "_types:KnnQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query_vector": {
+                "$ref": "#/components/schemas/_types:QueryVector"
+              },
+              "query_vector_builder": {
+                "$ref": "#/components/schemas/_types:QueryVectorBuilder"
+              },
+              "num_candidates": {
+                "description": "The number of nearest neighbor candidates to consider per shard",
+                "type": "number"
+              },
+              "filter": {
+                "description": "Filters for the kNN search query",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "similarity": {
+                "description": "The minimum similarity for a vector to be considered a match",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:QueryVector": {
+        "type": "array",
+        "items": {
+          "type": "number"
+        }
+      },
+      "_types:QueryVectorBuilder": {
+        "type": "object",
+        "properties": {
+          "text_embedding": {
+            "$ref": "#/components/schemas/_types:TextEmbedding"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:TextEmbedding": {
+        "type": "object",
+        "properties": {
+          "model_id": {
+            "type": "string"
+          },
+          "model_text": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "model_id",
+          "model_text"
+        ]
+      },
+      "_types.query_dsl:MatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ZeroTermsQuery": {
+        "type": "string",
+        "enum": [
+          "all",
+          "none"
+        ]
+      },
+      "_types.query_dsl:MatchAllQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchBoolPrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Terms you wish to find in the provided field.\nThe last term is used in a prefix query.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchNoneQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhraseQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "query": {
+                "description": "Query terms that are analyzed and turned into a phrase query.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhrasePrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query value into tokens.",
+                "type": "string"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the last provided term of the query value will expand.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MoreLikeThisQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "The analyzer that is used to analyze the free form text.\nDefaults to the analyzer associated with the first field in fields.",
+                "type": "string"
+              },
+              "boost_terms": {
+                "description": "Each term in the formed query could be further boosted by their tf-idf score.\nThis sets the boost factor to use when using this feature.\nDefaults to deactivated (0).",
+                "type": "number"
+              },
+              "fail_on_unsupported_field": {
+                "description": "Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (`text` or `keyword`).",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "A list of fields to fetch and analyze the text from.\nDefaults to the `index.query.default_field` index setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "include": {
+                "description": "Specifies whether the input documents should also be included in the search results returned.",
+                "type": "boolean"
+              },
+              "like": {
+                "description": "Specifies free form text and/or a single or multiple documents for which you want to find similar documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "max_doc_freq": {
+                "description": "The maximum document frequency above which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "max_query_terms": {
+                "description": "The maximum number of query terms that can be selected.",
+                "type": "number"
+              },
+              "max_word_length": {
+                "description": "The maximum word length above which the terms are ignored.\nDefaults to unbounded (`0`).",
+                "type": "number"
+              },
+              "min_doc_freq": {
+                "description": "The minimum document frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "min_term_freq": {
+                "description": "The minimum term frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "min_word_length": {
+                "description": "The minimum word length below which the terms are ignored.",
+                "type": "number"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "stop_words": {
+                "$ref": "#/components/schemas/_types.analysis:StopWords"
+              },
+              "unlike": {
+                "description": "Used in combination with `like` to exclude documents that match a set of terms.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              },
+              "version_type": {
+                "$ref": "#/components/schemas/_types:VersionType"
+              }
+            },
+            "required": [
+              "like"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Like": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-mlt-query.html#_document_input_parameters"
+        },
+        "description": "Text that we want similar documents for or a lookup to a document's field for the text.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:LikeDocument"
+          }
+        ]
+      },
+      "_types.query_dsl:LikeDocument": {
+        "type": "object",
+        "properties": {
+          "doc": {
+            "description": "A document not present in the index.",
+            "type": "object"
+          },
+          "fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          },
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "per_field_analyzer": {
+            "description": "Overrides the default analyzer.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          },
+          "routing": {
+            "$ref": "#/components/schemas/_types:Routing"
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionNumber"
+          },
+          "version_type": {
+            "$ref": "#/components/schemas/_types:VersionType"
+          }
+        }
+      },
+      "_types:IndexName": {
+        "type": "string"
+      },
+      "_types:Routing": {
+        "type": "string"
+      },
+      "_types:VersionNumber": {
+        "type": "number"
+      },
+      "_types:VersionType": {
+        "type": "string",
+        "enum": [
+          "internal",
+          "external",
+          "external_gte",
+          "force"
+        ]
+      },
+      "_types.query_dsl:MultiMatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "tie_breaker": {
+                "description": "Determines how scores for each per-term blended query and scores across groups are combined.",
+                "type": "number"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextQueryType": {
+        "type": "string",
+        "enum": [
+          "best_fields",
+          "most_fields",
+          "cross_fields",
+          "phrase",
+          "phrase_prefix",
+          "bool_prefix"
+        ]
+      },
+      "_types.query_dsl:NestedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped path and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              }
+            },
+            "required": [
+              "path",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ParentIdQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:PercolateQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "document": {
+                "description": "The source of the document being percolated.",
+                "type": "object"
+              },
+              "documents": {
+                "description": "An array of sources of the documents being percolated.",
+                "type": "array",
+                "items": {
+                  "type": "object"
+                }
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "index": {
+                "$ref": "#/components/schemas/_types:IndexName"
+              },
+              "name": {
+                "description": "The suffix used for the `_percolator_document_slot` field when multiple `percolate` queries are specified.",
+                "type": "string"
+              },
+              "preference": {
+                "description": "Preference used to fetch document to percolate.",
+                "type": "string"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "allOf": [
+              {
+                "type": "object",
+                "properties": {
+                  "organic": {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  }
+                },
+                "required": [
+                  "organic"
+                ]
+              },
+              {
+                "type": "object",
+                "properties": {
+                  "ids": {
+                    "description": "Document IDs listed in the order they are to appear in results.\nRequired if `docs` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types:Id"
+                    }
+                  },
+                  "docs": {
+                    "description": "Documents listed in the order they are to appear in results.\nRequired if `ids` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:PinnedDoc"
+                    }
+                  }
+                },
+                "minProperties": 1,
+                "maxProperties": 1
+              }
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedDoc": {
+        "type": "object",
+        "properties": {
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          }
+        },
+        "required": [
+          "_id",
+          "_index"
+        ]
+      },
+      "_types.query_dsl:PrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Beginning characters of terms you wish to find in the provided field.",
+                "type": "string"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nDefault is `false` which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:QueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "allow_leading_wildcard": {
+                "description": "If `true`, the wildcard characters `*` and `?` are allowed as the first character of the query string.",
+                "type": "boolean"
+              },
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "default_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "enable_position_increments": {
+                "description": "If `true`, enable position increments in queries constructed from a `query_string` search.",
+                "type": "boolean"
+              },
+              "escape": {
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of fields to search. Supports wildcards (`*`).",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "phrase_slop": {
+                "description": "Maximum number of positions allowed between matching tokens for phrases.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Query string you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_analyzer": {
+                "description": "Analyzer used to convert quoted text in the query string into tokens.\nFor quoted text, this parameter overrides the analyzer specified in the `analyzer` parameter.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.\nYou can use this suffix to use a different analysis method for exact matches.",
+                "type": "string"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "tie_breaker": {
+                "description": "How to combine the queries generated from the individual search terms in the resulting `dis_max` query.",
+                "type": "number"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:TimeZone": {
+        "type": "string"
+      },
+      "_types.query_dsl:RangeQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumberRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsRangeQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:DateRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "gte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types:DateFormat"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeQueryBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "relation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RangeRelation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeRelation": {
+        "type": "string",
+        "enum": [
+          "within",
+          "contains",
+          "intersects"
+        ]
+      },
+      "_types:DateFormat": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+        },
+        "type": "string"
+      },
+      "_types.query_dsl:NumberRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "number"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "number"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "number"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "number"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:TermsRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "string"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "string"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "string"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "string"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "saturation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSaturation"
+              },
+              "log": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLogarithm"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLinear"
+              },
+              "sigmoid": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSigmoid"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSaturation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunction": {
+        "type": "object"
+      },
+      "_types.query_dsl:RankFeatureFunctionLogarithm": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "scaling_factor": {
+                "description": "Configurable scaling factor.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "scaling_factor"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionLinear": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSigmoid": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              },
+              "exponent": {
+                "description": "Configurable Exponent.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "pivot",
+              "exponent"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RegexpQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the regular expression value with the indexed field values when set to `true`.\nWhen `false`, case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "flags": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Enables optional operators for the regular expression.",
+                "type": "string"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Regular expression for terms you wish to find in the provided field.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RuleQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "organic": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "ruleset_id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "match_criteria": {
+                "type": "object"
+              }
+            },
+            "required": [
+              "organic",
+              "ruleset_id",
+              "match_criteria"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "min_score": {
+                "description": "Documents with a score lower than this floating point number are excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "query",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "When set to `true` the query ignores an unmapped field and will not match any documents.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, the parser creates a match_phrase query for each multi-position token.",
+                "type": "boolean"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "fields": {
+                "description": "Array of fields you wish to search.\nAccepts wildcard expressions.\nYou also can boost relevance scores for matches to particular fields using a caret (`^`) notation.\nDefaults to the `index.query.default_field index` setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "flags": {
+                "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlags"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "description": "Query string in the simple query string syntax you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlags": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html#supported-flags"
+        },
+        "description": "Query flags can be either a single flag or a combination of flags, e.g. `OR|AND|PREFIX`",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag"
+          }
+        ]
+      },
+      "_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag": {
+        "description": "A set of flags that can be represented as a single enum value or a set of values that are encoded\nas a pipe-separated string\n\nDepending on the target language, code generators can use this hint to generate language specific\nflags enum constructs and the corresponding (de-)serialization code.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlag"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlag": {
+        "type": "string",
+        "enum": [
+          "NONE",
+          "AND",
+          "NOT",
+          "OR",
+          "PREFIX",
+          "PHRASE",
+          "PRECEDENCE",
+          "ESCAPE",
+          "WHITESPACE",
+          "FUZZY",
+          "NEAR",
+          "SLOP",
+          "ALL"
+        ]
+      },
+      "_types.query_dsl:SpanContainingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanQuery": {
+        "type": "object",
+        "properties": {
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_gap": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanGapQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "description": "The equivalent of the `term` query but for use with other span queries.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanFieldMaskingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "field",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanFirstQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "end": {
+                "description": "Controls the maximum end position permitted in a match.",
+                "type": "number"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "end",
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanGapQuery": {
+        "description": "Can only be used as a clause in a span_near query.",
+        "type": "object",
+        "additionalProperties": {
+          "type": "number"
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanMultiTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNearQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              },
+              "in_order": {
+                "description": "Controls whether matches are required to be in-order.",
+                "type": "boolean"
+              },
+              "slop": {
+                "description": "Controls the maximum number of intervening unmatched positions permitted.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNotQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "dist": {
+                "description": "The number of tokens from within the include span that can’t have overlap with the exclude span.\nEquivalent to setting both `pre` and `post`.",
+                "type": "number"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "post": {
+                "description": "The number of tokens after the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              },
+              "pre": {
+                "description": "The number of tokens before the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "exclude",
+              "include"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanOrQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanWithinQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "$ref": "#/components/schemas/_types:FieldValue"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nWhen `false`, the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:FieldValue": {
+        "description": "A field value.",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          },
+          {
+            "type": "boolean"
+          },
+          {
+            "nullable": true,
+            "type": "string"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsSetQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimum_should_match_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "minimum_should_match_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "terms": {
+                "description": "Array of terms you wish to find in the provided field.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextExpansionQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "description": "The text expansion NLP model to use",
+                "type": "string"
+              },
+              "model_text": {
+                "description": "The query text",
+                "type": "string"
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "model_id",
+              "model_text"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TokenPruningConfig": {
+        "type": "object",
+        "properties": {
+          "tokens_freq_ratio_threshold": {
+            "description": "Tokens whose frequency is more than this threshold times the average frequency of all tokens in the specified field are considered outliers and pruned.",
+            "type": "number"
+          },
+          "tokens_weight_threshold": {
+            "description": "Tokens whose weight is less than this threshold are considered nonsignificant and pruned.",
+            "type": "number"
+          },
+          "only_score_pruned_tokens": {
+            "description": "Whether to only score pruned tokens, vs only scoring kept tokens.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.query_dsl:WeightedTokensQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "tokens": {
+                "description": "The tokens representing this query",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "tokens"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:WildcardQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when wildcard is not set.",
+                "type": "string"
+              },
+              "wildcard": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when value is not set.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:WrapperQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "query": {
+                "description": "A base64 encoded query.\nThe binary data format can be any of JSON, YAML, CBOR or SMILE encodings",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TypeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:AutoDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets": {
+                "description": "The target number of buckets.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "minimum_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:MinimumInterval"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "description": "Time zone specified as a ISO 8601 UTC offset.",
+                "type": "string"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinimumInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "minute",
+          "hour",
+          "day",
+          "month",
+          "year"
+        ]
+      },
+      "_types:DateTime": {
+        "description": "A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a\nnumber of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string\nrepresentation.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types:EpochTimeUnitMillis"
+          }
+        ]
+      },
+      "_types:EpochTimeUnitMillis": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:UnitMillis"
+          }
+        ]
+      },
+      "_types:UnitMillis": {
+        "description": "Time unit for milliseconds",
+        "type": "number"
+      },
+      "_types.aggregations:AverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormatMetricAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MetricAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:Missing": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "boolean"
+          }
+        ]
+      },
+      "_types.aggregations:AverageBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:PipelineAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "`DecimalFormat` pattern for the output value.\nIf specified, the formatted value is returned in the aggregation’s `value_as_string` property.",
+                "type": "string"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketPathAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets_path": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsPath"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsPath": {
+        "description": "Buckets path can be expressed in different ways, and an aggregation may accept some or all of these\nforms depending on its type. Please refer to each aggregation's documentation to know what buckets\npath forms they accept.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GapPolicy": {
+        "type": "string",
+        "enum": [
+          "skip",
+          "insert_zeros",
+          "keep_values"
+        ]
+      },
+      "_types.aggregations:BoxplotAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketScriptAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSelectorAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSortAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "from": {
+                "description": "Buckets in positions prior to `from` will be truncated.",
+                "type": "number"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              },
+              "size": {
+                "description": "The number of buckets to return.\nDefaults to all buckets of the parent aggregation.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketKsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "alternative": {
+                "description": "A list of string values indicating which K-S test alternative to calculate. The valid values\nare: \"greater\", \"less\", \"two_sided\". This parameter is key for determining the K-S statistic used\nwhen calculating the K-S test. Default value is all possible alternative hypotheses.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "fractions": {
+                "description": "A list of doubles indicating the distribution of the samples with which to compare to the `buckets_path` results.\nIn typical usage this is the overall proportion of documents in each bucket, which is compared with the actual\ndocument proportions in each bucket from the sibling aggregation counts. The default is to assume that overall\ndocuments are uniformly distributed on these buckets, which they would be if one used equal percentiles of a\nmetric to define the bucket end points.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "sampling_method": {
+                "description": "Indicates the sampling methodology when calculating the K-S test. Note, this is sampling of the returned values.\nThis determines the cumulative distribution function (CDF) points used comparing the two samples. Default is\n`upper_tail`, which emphasizes the upper end of the CDF points. Valid options are: `upper_tail`, `uniform`,\nand `lower_tail`.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "function": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunction"
+              }
+            },
+            "required": [
+              "function"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunction": {
+        "type": "object",
+        "properties": {
+          "count_correlation": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelation"
+          }
+        },
+        "required": [
+          "count_correlation"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelation": {
+        "type": "object",
+        "properties": {
+          "indicator": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator"
+          }
+        },
+        "required": [
+          "indicator"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator": {
+        "type": "object",
+        "properties": {
+          "doc_count": {
+            "description": "The total number of documents that initially created the expectations. It’s required to be greater\nthan or equal to the sum of all values in the buckets_path as this is the originating superset of data\nto which the term values are correlated.",
+            "type": "number"
+          },
+          "expectations": {
+            "description": "An array of numbers with which to correlate the configured `bucket_path` values.\nThe length of this value must always equal the number of buckets returned by the `bucket_path`.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          "fractions": {
+            "description": "An array of fractions to use when averaging and calculating variance. This should be used if\nthe pre-calculated data and the buckets_path have known gaps. The length of fractions, if provided,\nmust equal expectations.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          }
+        },
+        "required": [
+          "doc_count",
+          "expectations"
+        ]
+      },
+      "_types.aggregations:CardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision_threshold": {
+                "description": "A unique count below which counts are expected to be close to accurate.\nThis allows to trade memory for accuracy.",
+                "type": "number"
+              },
+              "rehash": {
+                "type": "boolean"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityExecutionMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CardinalityExecutionMode": {
+        "type": "string",
+        "enum": [
+          "global_ordinals",
+          "segment_ordinals",
+          "direct",
+          "save_memory_heuristic",
+          "save_time_heuristic"
+        ]
+      },
+      "_types.aggregations:CategorizeTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "max_unique_tokens": {
+                "description": "The maximum number of unique tokens at any position up to max_matched_tokens. Must be larger than 1.\nSmaller values use less memory and create fewer categories. Larger values will use more memory and\ncreate narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "max_matched_tokens": {
+                "description": "The maximum number of token positions to match on before attempting to merge categories. Larger\nvalues will use more memory and create narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "similarity_threshold": {
+                "description": "The minimum percentage of tokens that must match for text to be added to the category bucket. Must\nbe between 1 and 100. The larger the value the narrower the categories. Larger values will increase memory\nusage and create narrower categories.",
+                "type": "number"
+              },
+              "categorization_filters": {
+                "description": "This property expects an array of regular expressions. The expressions are used to filter out matching\nsequences from the categorization field values. You can use this functionality to fine tune the categorization\nby excluding sequences from consideration when categories are defined. For example, you can exclude SQL\nstatements that appear in your log files. This property cannot be used at the same time as categorization_analyzer.\nIf you only want to define simple regular expression filters that are applied prior to tokenization, setting\nthis property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering,\nuse the categorization_analyzer property instead and include the filters as pattern_replace character filters.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "categorization_analyzer": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAnalyzer"
+              },
+              "shard_size": {
+                "description": "The number of categorization buckets to return from each shard before merging all the results.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets to return.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned to the results.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned from the shard before merging.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CategorizeTextAnalyzer": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CustomCategorizeTextAnalyzer"
+          }
+        ]
+      },
+      "_types.aggregations:CustomCategorizeTextAnalyzer": {
+        "type": "object",
+        "properties": {
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "tokenizer": {
+            "type": "string"
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      },
+      "_types.aggregations:ChildrenAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "after": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregateKey"
+              },
+              "size": {
+                "description": "The number of composite buckets that should be returned.",
+                "type": "number"
+              },
+              "sources": {
+                "description": "The value sources used to build composite buckets.\nKeys are returned in the order of the `sources` definition.",
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationSource"
+                  }
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregateKey": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types:FieldValue"
+        }
+      },
+      "_types.aggregations:CompositeAggregationSource": {
+        "type": "object",
+        "properties": {
+          "terms": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeTermsAggregation"
+          },
+          "histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeHistogramAggregation"
+          },
+          "date_histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeDateHistogramAggregation"
+          },
+          "geotile_grid": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeGeoTileGridAggregation"
+          }
+        }
+      },
+      "_types.aggregations:CompositeTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing_bucket": {
+            "type": "boolean"
+          },
+          "missing_order": {
+            "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "value_type": {
+            "$ref": "#/components/schemas/_types.aggregations:ValueType"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types.aggregations:MissingOrder": {
+        "type": "string",
+        "enum": [
+          "first",
+          "last",
+          "default"
+        ]
+      },
+      "_types.aggregations:ValueType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "long",
+          "double",
+          "number",
+          "date",
+          "date_nanos",
+          "ip",
+          "numeric",
+          "geo_point",
+          "boolean"
+        ]
+      },
+      "_types.aggregations:CompositeHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "interval": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "interval"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CompositeDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              },
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types:DurationLarge": {
+        "description": "A date histogram interval. Similar to `Duration` with additional units: `w` (week), `M` (month), `q` (quarter) and\n`y` (year)",
+        "type": "string"
+      },
+      "_types.aggregations:CompositeGeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision": {
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoBounds": {
+        "description": "A geo bounding box. It can be represented in various ways:\n- as 4 top/bottom/left/right coordinates\n- as 2 top_left / bottom_right points\n- as 2 top_right / bottom_left points\n- as a WKT bounding box",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:CoordsGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopLeftBottomRightGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopRightBottomLeftGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:WktGeoBounds"
+          }
+        ]
+      },
+      "_types:CoordsGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top": {
+            "type": "number"
+          },
+          "bottom": {
+            "type": "number"
+          },
+          "left": {
+            "type": "number"
+          },
+          "right": {
+            "type": "number"
+          }
+        },
+        "required": [
+          "top",
+          "bottom",
+          "left",
+          "right"
+        ]
+      },
+      "_types:TopLeftBottomRightGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_left",
+          "bottom_right"
+        ]
+      },
+      "_types:TopRightBottomLeftGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_right",
+          "bottom_left"
+        ]
+      },
+      "_types:WktGeoBounds": {
+        "type": "object",
+        "properties": {
+          "wkt": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "wkt"
+        ]
+      },
+      "_types.aggregations:CumulativeCardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CumulativeSumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, all buckets between the first bucket that matches documents and the last one are returned.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CalendarInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "1s",
+          "minute",
+          "1m",
+          "hour",
+          "1h",
+          "day",
+          "1d",
+          "week",
+          "1w",
+          "month",
+          "1M",
+          "quarter",
+          "1q",
+          "year",
+          "1Y"
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsFieldDateMath": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "min": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:FieldDateMath": {
+        "description": "A date range limit, represented either as a DateMath expression or a number expressed\naccording to the target field's precision.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:DateMath"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.aggregations:AggregateOrder": {
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:SortOrder"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "additionalProperties": {
+                "$ref": "#/components/schemas/_types:SortOrder"
+              },
+              "minProperties": 1,
+              "maxProperties": 1
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `from` and `to` in the response.",
+                "type": "string"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "ranges": {
+                "description": "Array of date ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:DateRangeExpression"
+                }
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and returns the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeExpression": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:DerivativeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DiversifiedSamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregationExecutionHint"
+              },
+              "max_docs_per_value": {
+                "description": "Limits how many documents are permitted per choice of de-duplicating value.",
+                "type": "number"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "bytes_hash"
+        ]
+      },
+      "_types.aggregations:ExtendedStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedStatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsAggregation": {
+        "type": "object",
+        "properties": {
+          "fields": {
+            "description": "Fields to analyze.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsField"
+            }
+          },
+          "minimum_set_size": {
+            "description": "The minimum size of one item set.",
+            "type": "number"
+          },
+          "minimum_support": {
+            "description": "The minimum support of one item set.",
+            "type": "number"
+          },
+          "size": {
+            "description": "The number of top item sets to return.",
+            "type": "number"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "fields"
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsField": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "exclude": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+          },
+          "include": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TermsExclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TermsInclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:TermsPartition"
+          }
+        ]
+      },
+      "_types.aggregations:TermsPartition": {
+        "type": "object",
+        "properties": {
+          "num_partitions": {
+            "description": "The number of partitions.",
+            "type": "number"
+          },
+          "partition": {
+            "description": "The partition number for this request.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "num_partitions",
+          "partition"
+        ]
+      },
+      "_types.aggregations:FiltersAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsQueryContainer"
+              },
+              "other_bucket": {
+                "description": "Set to `true` to add a bucket to the response which will contain all documents that do not match any of the given filters.",
+                "type": "boolean"
+              },
+              "other_bucket_key": {
+                "description": "The key with which the other bucket is returned.",
+                "type": "string"
+              },
+              "keyed": {
+                "description": "By default, the named filters aggregation returns the buckets as an object.\nSet to `false` to return the buckets as an array of objects.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsQueryContainer": {
+        "description": "Aggregation buckets. By default they are returned as an array, but if the aggregation has keys configured for\nthe different buckets, the result is a dictionary.",
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoBoundsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "wrap_longitude": {
+                "description": "Specifies whether the bounding box should be allowed to overlap the international date line.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoCentroidAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "count": {
+                "type": "number"
+              },
+              "location": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoDistanceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "unit": {
+                "$ref": "#/components/schemas/_types:DistanceUnit"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:AggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range (inclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range (exclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:GeoHashGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoHashPrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of geohash buckets to return.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoHashPrecision": {
+        "description": "A precision that can be expressed as a geohash length between 1 and 12, or a distance measure like \"1km\", \"10m\".",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.aggregations:GeoLineAggregation": {
+        "type": "object",
+        "properties": {
+          "point": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLinePoint"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLineSort"
+          },
+          "include_sort": {
+            "description": "When `true`, returns an additional array of the sort values in the feature properties.",
+            "type": "boolean"
+          },
+          "sort_order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "size": {
+            "description": "The maximum length of the line represented in the aggregation.\nValid sizes are between 1 and 10000.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "point",
+          "sort"
+        ]
+      },
+      "_types.aggregations:GeoLinePoint": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoLineSort": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoTilePrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of buckets to return.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoTilePrecision": {
+        "type": "number"
+      },
+      "_types.aggregations:GeohexGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "description": "Integer zoom of the key used to defined cells or buckets\nin the results. Value should be between 0-15.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "size": {
+                "description": "Maximum number of buckets to return.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Number of buckets returned from each shard.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:GlobalAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:HistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "interval": {
+                "description": "The interval for the buckets.\nMust be a positive decimal.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, the response will fill gaps in the histogram with empty buckets.",
+                "type": "number"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "offset": {
+                "description": "By default, the bucket keys start with 0 and then continue in even spaced steps of `interval`.\nThe bucket boundaries can be shifted by using the `offset` option.",
+                "type": "number"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "format": {
+                "type": "string"
+              },
+              "keyed": {
+                "description": "If `true`, returns buckets as a hash instead of an array, keyed by the bucket keys.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsdouble": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "description": "Maximum value for the bound.",
+            "type": "number"
+          },
+          "min": {
+            "description": "Minimum value for the bound.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:IpRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "ranges": {
+                "description": "Array of IP ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregationRange"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:IpRangeAggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "mask": {
+            "description": "IP range defined as a CIDR mask.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:IpPrefixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "prefix_length": {
+                "description": "Length of the network prefix. For IPv4 addresses the accepted range is [0, 32].\nFor IPv6 addresses the accepted range is [0, 128].",
+                "type": "number"
+              },
+              "is_ipv6": {
+                "description": "Defines whether the prefix applies to IPv6 addresses.",
+                "type": "boolean"
+              },
+              "append_prefix_length": {
+                "description": "Defines whether the prefix length is appended to IP address keys in the response.",
+                "type": "boolean"
+              },
+              "keyed": {
+                "description": "Defines whether buckets are returned as a hash rather than an array in the response.",
+                "type": "boolean"
+              },
+              "min_doc_count": {
+                "description": "Minimum number of documents in a bucket for it to be included in the response.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field",
+              "prefix_length"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "$ref": "#/components/schemas/_types:Name"
+              },
+              "inference_config": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceConfigContainer"
+              }
+            },
+            "required": [
+              "model_id"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceConfigContainer": {
+        "type": "object",
+        "properties": {
+          "regression": {
+            "$ref": "#/components/schemas/ml._types:RegressionInferenceOptions"
+          },
+          "classification": {
+            "$ref": "#/components/schemas/ml._types:ClassificationInferenceOptions"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "ml._types:RegressionInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "results_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          }
+        }
+      },
+      "ml._types:ClassificationInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "num_top_classes": {
+            "description": "Specifies the number of top class predictions to return. Defaults to 0.",
+            "type": "number"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          },
+          "prediction_field_type": {
+            "description": "Specifies the type of the predicted field to write. Acceptable values are: string, number, boolean. When boolean is provided 1.0 is transformed to true and 0.0 to false.",
+            "type": "string"
+          },
+          "results_field": {
+            "description": "The field that is added to incoming documents to contain the inference prediction. Defaults to predicted_value.",
+            "type": "string"
+          },
+          "top_classes_results_field": {
+            "description": "Specifies the field to which the top classes are written. Defaults to top_classes.",
+            "type": "string"
+          }
+        }
+      },
+      "_types.aggregations:MatrixStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MatrixAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "mode": {
+                "$ref": "#/components/schemas/_types:SortMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MaxAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MaxBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MedianAbsoluteDeviationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MinBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MissingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregation": {
+        "discriminator": {
+          "propertyName": "model"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:LinearMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:SimpleMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:EwmaMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersMovingAverageAggregation"
+          }
+        ]
+      },
+      "_types.aggregations:LinearMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "linear"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimize": {
+                "type": "boolean"
+              },
+              "predict": {
+                "type": "number"
+              },
+              "window": {
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:EmptyObject": {
+        "type": "object"
+      },
+      "_types.aggregations:SimpleMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "simple"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "ewma"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:EwmaModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltLinearModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltLinearModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt_winters"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltWintersModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltWintersModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          },
+          "gamma": {
+            "type": "number"
+          },
+          "pad": {
+            "type": "boolean"
+          },
+          "period": {
+            "type": "number"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersType"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersType": {
+        "type": "string",
+        "enum": [
+          "add",
+          "mult"
+        ]
+      },
+      "_types.aggregations:MovingPercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "keyed": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingFunctionAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "description": "The script that should be executed on each window of data.",
+                "type": "string"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MultiTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket for it to be returned.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket on each shard for it to be returned.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Calculates the doc count error on per term basis.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of term buckets should be returned out of the overall terms list.",
+                "type": "number"
+              },
+              "terms": {
+                "description": "The field from which to generate sets of terms.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:MultiTermLookup"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregationCollectMode": {
+        "type": "string",
+        "enum": [
+          "depth_first",
+          "breadth_first"
+        ]
+      },
+      "_types.aggregations:MultiTermLookup": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:NestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "method": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeMethod"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeMethod": {
+        "type": "string",
+        "enum": [
+          "rescale_0_1",
+          "rescale_0_100",
+          "percent_of_sum",
+          "mean",
+          "z-score",
+          "softmax"
+        ]
+      },
+      "_types.aggregations:ParentAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentileRanksAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "values": {
+                "description": "An array of values for which to calculate the percentile ranks.",
+                "oneOf": [
+                  {
+                    "type": "array",
+                    "items": {
+                      "type": "number"
+                    }
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:HdrMethod": {
+        "type": "object",
+        "properties": {
+          "number_of_significant_value_digits": {
+            "description": "Specifies the resolution of values for the histogram in number of significant digits.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:TDigest": {
+        "type": "object",
+        "properties": {
+          "compression": {
+            "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:PercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "percents": {
+                "description": "The percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentilesBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "percents": {
+                "description": "The list of percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RareTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "max_doc_count": {
+                "description": "The maximum number of documents a term should appear in.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "precision": {
+                "description": "The precision of the internal CuckooFilters.\nSmaller precision leads to better approximation, but higher memory usage.",
+                "type": "number"
+              },
+              "value_type": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "unit": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.aggregations:RateMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateMode": {
+        "type": "string",
+        "enum": [
+          "sum",
+          "value_count"
+        ]
+      },
+      "_types.aggregations:ReverseNestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ScriptedMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "combine_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "init_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "map_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "params": {
+                "description": "A global object with script parameters for `init`, `map` and `combine` scripts.\nIt is shared between the scripts.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "reduce_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SerialDifferencingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lag": {
+                "description": "The historical bucket to subtract from the current value.\nMust be a positive, non-zero integer.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SignificantTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return terms that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the term should actually be added to the candidate list or not with respect to the `min_doc_count`.\nTerms will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Can be used to control the volumes of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ChiSquareHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "background_is_superset",
+          "include_negatives"
+        ]
+      },
+      "_types.aggregations:TermsAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "global_ordinals_hash",
+          "global_ordinals_low_cardinality"
+        ]
+      },
+      "_types.aggregations:GoogleNormalizedDistanceHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:MutualInformationHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:PercentageScoreHeuristic": {
+        "type": "object"
+      },
+      "_types.aggregations:ScriptedHeuristic": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types.aggregations:SignificantTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "filter_duplicate_text": {
+                "description": "Whether to out duplicate text to deal with noisy data.",
+                "type": "boolean"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the values should actually be added to the candidate list or not with respect to the min_doc_count.\nValues will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "source_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:StatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StringStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "show_distribution": {
+                "description": "Shows the probability distribution for all characters.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:SumBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "missing_order": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+              },
+              "missing_bucket": {
+                "type": "boolean"
+              },
+              "value_type": {
+                "description": "Coerced unmapped fields into the specified type.",
+                "type": "string"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Set to `true` to return the `doc_count_error_upper_bound`, which is an upper bound to the error on the `doc_count` returned by each shard.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopHitsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "docvalue_fields": {
+                "description": "Fields for which to return doc values.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "explain": {
+                "description": "If `true`, returns detailed information about score computation as part of a hit.",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of wildcard (*) patterns. The request returns values for field names\nmatching these patterns in the hits.fields property of the response.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "from": {
+                "description": "Starting document offset.",
+                "type": "number"
+              },
+              "highlight": {
+                "$ref": "#/components/schemas/_global.search._types:Highlight"
+              },
+              "script_fields": {
+                "description": "Returns the result of one or more script evaluations for each hit.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types:ScriptField"
+                }
+              },
+              "size": {
+                "description": "The maximum number of top matching hits to return per bucket.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              },
+              "_source": {
+                "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+              },
+              "stored_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "track_scores": {
+                "description": "If `true`, calculates and returns document scores, even if the scores are not used for sorting.",
+                "type": "boolean"
+              },
+              "version": {
+                "description": "If `true`, returns document version as part of a hit.",
+                "type": "boolean"
+              },
+              "seq_no_primary_term": {
+                "description": "If `true`, returns sequence number and primary term of the last modification of each hit.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TTestAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "a": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "b": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestType"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TestPopulation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TTestType": {
+        "type": "string",
+        "enum": [
+          "paired",
+          "homoscedastic",
+          "heteroscedastic"
+        ]
+      },
+      "_types.aggregations:TopMetricsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "metrics": {
+                "description": "The fields of the top document to return.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                    }
+                  }
+                ]
+              },
+              "size": {
+                "description": "The number of top documents from which to return metrics.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopMetricsValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:ValueCountAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormattableMetricAggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormattableMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "A numeric response formatter.",
+                "type": "string"
+              },
+              "value": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              },
+              "value_type": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueType"
+              },
+              "weight": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "description": "A value or weight to use if the field is missing.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:VariableWidthHistogramAggregation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "buckets": {
+            "description": "The target number of buckets.",
+            "type": "number"
+          },
+          "shard_size": {
+            "description": "The number of buckets that the coordinating node will request from each shard.\nDefaults to `buckets * 50`.",
+            "type": "number"
+          },
+          "initial_buffer": {
+            "description": "Specifies the number of individual documents that will be stored in memory on a shard before the initial bucketing algorithm is run.\nDefaults to `min(10 * shard_size, 50000)`.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "ml._types:ChunkingConfig": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/ml._types:ChunkingMode"
+          },
+          "time_span": {
+            "$ref": "#/components/schemas/_types:Duration"
+          }
+        },
+        "required": [
+          "mode"
+        ]
+      },
+      "ml._types:ChunkingMode": {
+        "type": "string",
+        "enum": [
+          "auto",
+          "manual",
+          "off"
+        ]
+      },
+      "ml._types:DelayedDataCheckConfig": {
+        "type": "object",
+        "properties": {
+          "check_window": {
+            "$ref": "#/components/schemas/_types:Duration"
+          },
+          "enabled": {
+            "description": "Specifies whether the datafeed periodically checks for delayed data.",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "enabled"
+        ]
+      },
+      "_types:Indices": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:IndexName"
+            }
+          }
+        ]
+      },
+      "_types:IndicesOptions": {
+        "type": "object",
+        "properties": {
+          "allow_no_indices": {
+            "description": "If false, the request returns an error if any wildcard expression, index alias, or `_all` value targets only\nmissing or closed indices. This behavior applies even if the request targets other open indices. For example,\na request targeting `foo*,bar*` returns an error if an index starts with `foo` but no index starts with `bar`.",
+            "type": "boolean"
+          },
+          "expand_wildcards": {
+            "$ref": "#/components/schemas/_types:ExpandWildcards"
+          },
+          "ignore_unavailable": {
+            "description": "If true, missing or closed indices are not included in the response.",
+            "type": "boolean"
+          },
+          "ignore_throttled": {
+            "description": "If true, concrete, expanded or aliased indices are ignored when frozen.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types:ExpandWildcards": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:ExpandWildcard"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:ExpandWildcard"
+            }
+          }
+        ]
+      },
+      "_types:ExpandWildcard": {
+        "type": "string",
+        "enum": [
+          "all",
+          "open",
+          "closed",
+          "hidden",
+          "none"
+        ]
+      },
+      "_types.mapping:RuntimeFields": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types.mapping:RuntimeField"
+        }
+      },
+      "_types.mapping:RuntimeField": {
+        "type": "object",
+        "properties": {
+          "fetch_fields": {
+            "description": "For type `lookup`",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.mapping:RuntimeFieldFetchFields"
+            }
+          },
+          "format": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+            },
+            "description": "A custom format for `date` type runtime fields.",
+            "type": "string"
+          },
+          "input_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "target_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.mapping:RuntimeFieldType"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.mapping:RuntimeFieldFetchFields": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.mapping:RuntimeFieldType": {
+        "type": "string",
+        "enum": [
+          "boolean",
+          "composite",
+          "date",
+          "double",
+          "geo_point",
+          "ip",
+          "keyword",
+          "long",
+          "lookup"
+        ]
+      },
+      "_types:HttpHeaders": {
+        "type": "object",
+        "additionalProperties": {
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          ]
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/packages/ml/json_schemas/src/put___transform__transform_id___pivot_schema.json b/x-pack/packages/ml/json_schemas/src/put___transform__transform_id___pivot_schema.json
new file mode 100644
index 0000000000000..4aedd396c40c1
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/src/put___transform__transform_id___pivot_schema.json
@@ -0,0 +1,7852 @@
+{
+  "type": "object",
+  "properties": {
+    "aggregations": {
+      "description": "Defines how to aggregate the grouped data. The following aggregations are currently supported: average, bucket\nscript, bucket selector, cardinality, filter, geo bounds, geo centroid, geo line, max, median absolute deviation,\nmin, missing, percentiles, rare terms, scripted metric, stats, sum, terms, top metrics, value count, weighted\naverage.",
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+      }
+    },
+    "group_by": {
+      "description": "Defines how to group the data. More than one grouping can be defined per pivot. The following groupings are\ncurrently supported: date histogram, geotile grid, histogram, terms.",
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/components/schemas/transform._types:PivotGroupByContainer"
+      }
+    }
+  },
+  "components": {
+    "schemas": {
+      "_types.aggregations:AggregationContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "aggregations": {
+                "description": "Sub-aggregations for this aggregation.\nOnly applies to bucket aggregations.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationContainer"
+                }
+              },
+              "meta": {
+                "$ref": "#/components/schemas/_types:Metadata"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "adjacency_matrix": {
+                "$ref": "#/components/schemas/_types.aggregations:AdjacencyMatrixAggregation"
+              },
+              "auto_date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:AutoDateHistogramAggregation"
+              },
+              "avg": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageAggregation"
+              },
+              "avg_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:AverageBucketAggregation"
+              },
+              "boxplot": {
+                "$ref": "#/components/schemas/_types.aggregations:BoxplotAggregation"
+              },
+              "bucket_script": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketScriptAggregation"
+              },
+              "bucket_selector": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSelectorAggregation"
+              },
+              "bucket_sort": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketSortAggregation"
+              },
+              "bucket_count_ks_test": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketKsAggregation"
+              },
+              "bucket_correlation": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationAggregation"
+              },
+              "cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityAggregation"
+              },
+              "categorize_text": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAggregation"
+              },
+              "children": {
+                "$ref": "#/components/schemas/_types.aggregations:ChildrenAggregation"
+              },
+              "composite": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregation"
+              },
+              "cumulative_cardinality": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeCardinalityAggregation"
+              },
+              "cumulative_sum": {
+                "$ref": "#/components/schemas/_types.aggregations:CumulativeSumAggregation"
+              },
+              "date_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:DateHistogramAggregation"
+              },
+              "date_range": {
+                "$ref": "#/components/schemas/_types.aggregations:DateRangeAggregation"
+              },
+              "derivative": {
+                "$ref": "#/components/schemas/_types.aggregations:DerivativeAggregation"
+              },
+              "diversified_sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:DiversifiedSamplerAggregation"
+              },
+              "extended_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsAggregation"
+              },
+              "extended_stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedStatsBucketAggregation"
+              },
+              "frequent_item_sets": {
+                "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsAggregation"
+              },
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:FiltersAggregation"
+              },
+              "geo_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoBoundsAggregation"
+              },
+              "geo_centroid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoCentroidAggregation"
+              },
+              "geo_distance": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoDistanceAggregation"
+              },
+              "geohash_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoHashGridAggregation"
+              },
+              "geo_line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "geotile_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoTileGridAggregation"
+              },
+              "geohex_grid": {
+                "$ref": "#/components/schemas/_types.aggregations:GeohexGridAggregation"
+              },
+              "global": {
+                "$ref": "#/components/schemas/_types.aggregations:GlobalAggregation"
+              },
+              "histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:HistogramAggregation"
+              },
+              "ip_range": {
+                "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregation"
+              },
+              "ip_prefix": {
+                "$ref": "#/components/schemas/_types.aggregations:IpPrefixAggregation"
+              },
+              "inference": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceAggregation"
+              },
+              "line": {
+                "$ref": "#/components/schemas/_types.aggregations:GeoLineAggregation"
+              },
+              "matrix_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:MatrixStatsAggregation"
+              },
+              "max": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxAggregation"
+              },
+              "max_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MaxBucketAggregation"
+              },
+              "median_absolute_deviation": {
+                "$ref": "#/components/schemas/_types.aggregations:MedianAbsoluteDeviationAggregation"
+              },
+              "min": {
+                "$ref": "#/components/schemas/_types.aggregations:MinAggregation"
+              },
+              "min_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:MinBucketAggregation"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingAggregation"
+              },
+              "moving_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregation"
+              },
+              "moving_percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingPercentilesAggregation"
+              },
+              "moving_fn": {
+                "$ref": "#/components/schemas/_types.aggregations:MovingFunctionAggregation"
+              },
+              "multi_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:MultiTermsAggregation"
+              },
+              "nested": {
+                "$ref": "#/components/schemas/_types.aggregations:NestedAggregation"
+              },
+              "normalize": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeAggregation"
+              },
+              "parent": {
+                "$ref": "#/components/schemas/_types.aggregations:ParentAggregation"
+              },
+              "percentile_ranks": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentileRanksAggregation"
+              },
+              "percentiles": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesAggregation"
+              },
+              "percentiles_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentilesBucketAggregation"
+              },
+              "range": {
+                "$ref": "#/components/schemas/_types.aggregations:RangeAggregation"
+              },
+              "rare_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:RareTermsAggregation"
+              },
+              "rate": {
+                "$ref": "#/components/schemas/_types.aggregations:RateAggregation"
+              },
+              "reverse_nested": {
+                "$ref": "#/components/schemas/_types.aggregations:ReverseNestedAggregation"
+              },
+              "sampler": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregation"
+              },
+              "scripted_metric": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedMetricAggregation"
+              },
+              "serial_diff": {
+                "$ref": "#/components/schemas/_types.aggregations:SerialDifferencingAggregation"
+              },
+              "significant_terms": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTermsAggregation"
+              },
+              "significant_text": {
+                "$ref": "#/components/schemas/_types.aggregations:SignificantTextAggregation"
+              },
+              "stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsAggregation"
+              },
+              "stats_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:StatsBucketAggregation"
+              },
+              "string_stats": {
+                "$ref": "#/components/schemas/_types.aggregations:StringStatsAggregation"
+              },
+              "sum": {
+                "$ref": "#/components/schemas/_types.aggregations:SumAggregation"
+              },
+              "sum_bucket": {
+                "$ref": "#/components/schemas/_types.aggregations:SumBucketAggregation"
+              },
+              "terms": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregation"
+              },
+              "top_hits": {
+                "$ref": "#/components/schemas/_types.aggregations:TopHitsAggregation"
+              },
+              "t_test": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestAggregation"
+              },
+              "top_metrics": {
+                "$ref": "#/components/schemas/_types.aggregations:TopMetricsAggregation"
+              },
+              "value_count": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueCountAggregation"
+              },
+              "weighted_avg": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageAggregation"
+              },
+              "variable_width_histogram": {
+                "$ref": "#/components/schemas/_types.aggregations:VariableWidthHistogramAggregation"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types:Metadata": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "object"
+        }
+      },
+      "_types.aggregations:AdjacencyMatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "description": "Filters used to create buckets.\nAt least one filter is required.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "separator": {
+                "description": "Separator used to concatenate filter names. Defaults to &.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:Aggregation": {
+        "type": "object"
+      },
+      "_types.query_dsl:QueryContainer": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html"
+        },
+        "type": "object",
+        "properties": {
+          "bool": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoolQuery"
+          },
+          "boosting": {
+            "$ref": "#/components/schemas/_types.query_dsl:BoostingQuery"
+          },
+          "common": {
+            "deprecated": true,
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:CommonTermsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "combined_fields": {
+            "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsQuery"
+          },
+          "constant_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ConstantScoreQuery"
+          },
+          "dis_max": {
+            "$ref": "#/components/schemas/_types.query_dsl:DisMaxQuery"
+          },
+          "distance_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQuery"
+          },
+          "exists": {
+            "$ref": "#/components/schemas/_types.query_dsl:ExistsQuery"
+          },
+          "function_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreQuery"
+          },
+          "fuzzy": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-fuzzy-query.html"
+            },
+            "description": "Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:FuzzyQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "geo_bounding_box": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoBoundingBoxQuery"
+          },
+          "geo_distance": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceQuery"
+          },
+          "geo_polygon": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoPolygonQuery"
+          },
+          "geo_shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoShapeQuery"
+          },
+          "has_child": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasChildQuery"
+          },
+          "has_parent": {
+            "$ref": "#/components/schemas/_types.query_dsl:HasParentQuery"
+          },
+          "ids": {
+            "$ref": "#/components/schemas/_types.query_dsl:IdsQuery"
+          },
+          "intervals": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-intervals-query.html"
+            },
+            "description": "Returns documents based on the order and proximity of matching terms.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "knn": {
+            "$ref": "#/components/schemas/_types:KnnQuery"
+          },
+          "match": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html"
+            },
+            "description": "Returns documents that match a provided text, number, date or boolean value.\nThe provided text is analyzed before matching.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_all": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchAllQuery"
+          },
+          "match_bool_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-bool-prefix-query.html"
+            },
+            "description": "Analyzes its input and constructs a `bool` query from the terms.\nEach term except the last is used in a `term` query.\nThe last term is used in a prefix query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchBoolPrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_none": {
+            "$ref": "#/components/schemas/_types.query_dsl:MatchNoneQuery"
+          },
+          "match_phrase": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase.html"
+            },
+            "description": "Analyzes the text and creates a phrase query out of the analyzed text.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhraseQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "match_phrase_prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase-prefix.html"
+            },
+            "description": "Returns documents that contain the words of a provided text, in the same order as provided.\nThe last term of the provided text is treated as a prefix, matching any words that begin with that term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:MatchPhrasePrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "more_like_this": {
+            "$ref": "#/components/schemas/_types.query_dsl:MoreLikeThisQuery"
+          },
+          "multi_match": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiMatchQuery"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types.query_dsl:NestedQuery"
+          },
+          "parent_id": {
+            "$ref": "#/components/schemas/_types.query_dsl:ParentIdQuery"
+          },
+          "percolate": {
+            "$ref": "#/components/schemas/_types.query_dsl:PercolateQuery"
+          },
+          "pinned": {
+            "$ref": "#/components/schemas/_types.query_dsl:PinnedQuery"
+          },
+          "prefix": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-prefix-query.html"
+            },
+            "description": "Returns documents that contain a specific prefix in a provided field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:PrefixQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryStringQuery"
+          },
+          "range": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html"
+            },
+            "description": "Returns documents that contain terms within a provided range.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RangeQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rank_feature": {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureQuery"
+          },
+          "regexp": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html"
+            },
+            "description": "Returns documents that contain terms matching a regular expression.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:RegexpQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "rule_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:RuleQuery"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptQuery"
+          },
+          "script_score": {
+            "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreQuery"
+          },
+          "shape": {
+            "$ref": "#/components/schemas/_types.query_dsl:ShapeQuery"
+          },
+          "simple_query_string": {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringQuery"
+          },
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-span-term-query.html"
+            },
+            "description": "Matches spans containing a term.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          },
+          "term": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html"
+            },
+            "description": "Returns documents that contain an exact term in a provided field.\nTo return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsQuery"
+          },
+          "terms_set": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-set-query.html"
+            },
+            "description": "Returns documents that contain a minimum number of exact terms in a provided field.\nTo return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TermsSetQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "text_expansion": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-text-expansion-query.html"
+            },
+            "description": "Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:TextExpansionQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "weighted_tokens": {
+            "description": "Supports returning text_expansion query results by sending in precomputed tokens with the query.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WeightedTokensQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wildcard": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html"
+            },
+            "description": "Returns documents that contain terms matching a wildcard pattern.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:WildcardQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "wrapper": {
+            "$ref": "#/components/schemas/_types.query_dsl:WrapperQuery"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.query_dsl:TypeQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:BoolQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "description": "The clause (query) must appear in matching documents.\nHowever, unlike `must`, the score of the query will be ignored.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "must": {
+                "description": "The clause (query) must appear in matching documents and will contribute to the score.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "must_not": {
+                "description": "The clause (query) must not appear in the matching documents.\nBecause scoring is ignored, a score of `0` is returned for all documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "should": {
+                "description": "The clause (query) should appear in the matching document.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:QueryBase": {
+        "type": "object",
+        "properties": {
+          "boost": {
+            "description": "Floating point number used to decrease or increase the relevance scores of the query.\nBoost values are relative to the default value of 1.0.\nA boost value between 0 and 1.0 decreases the relevance score.\nA value greater than 1.0 increases the relevance score.",
+            "type": "number"
+          },
+          "_name": {
+            "type": "string"
+          }
+        }
+      },
+      "_types:MinimumShouldMatch": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-minimum-should-match.html"
+        },
+        "description": "The minimum number of terms that should match as integer, percentage or range",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:BoostingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "negative_boost": {
+                "description": "Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the `negative` query.",
+                "type": "number"
+              },
+              "negative": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "positive": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "negative_boost",
+              "negative",
+              "positive"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:CommonTermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "type": "string"
+              },
+              "cutoff_frequency": {
+                "type": "number"
+              },
+              "high_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "low_freq_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Operator": {
+        "type": "string",
+        "enum": [
+          "and",
+          "AND",
+          "or",
+          "OR"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "description": "List of fields to search. Field wildcard patterns are allowed. Only `text` fields are supported, and they must all have the same search `analyzer`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "query": {
+                "description": "Text to search for in the provided `fields`.\nThe `combined_fields` query analyzes the provided text before performing a search.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If true, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsOperator"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:CombinedFieldsZeroTerms"
+              }
+            },
+            "required": [
+              "fields",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:Field": {
+        "description": "Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.",
+        "type": "string"
+      },
+      "_types.query_dsl:CombinedFieldsOperator": {
+        "type": "string",
+        "enum": [
+          "or",
+          "and"
+        ]
+      },
+      "_types.query_dsl:CombinedFieldsZeroTerms": {
+        "type": "string",
+        "enum": [
+          "none",
+          "all"
+        ]
+      },
+      "_types.query_dsl:ConstantScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "filter"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DisMaxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "queries": {
+                "description": "One or more query clauses.\nReturned documents must match one or more of these queries.\nIf a document matches multiple queries, Elasticsearch uses the highest relevance score.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                }
+              },
+              "tie_breaker": {
+                "description": "Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "queries"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDistanceFeatureQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDistanceFeatureQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseGeoLocationDistance": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:GeoLocation": {
+        "description": "A latitude/longitude as a 2 dimensional point. It can be represented in various ways:\n- as a `{lat, long}` object\n- as a geo hash value\n- as a `[lon, lat]` array\n- as a string in `\"<lat>, <lon>\"` or WKT point formats",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:LatLonGeoLocation"
+          },
+          {
+            "$ref": "#/components/schemas/_types:GeoHashLocation"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:LatLonGeoLocation": {
+        "type": "object",
+        "properties": {
+          "lat": {
+            "description": "Latitude",
+            "type": "number"
+          },
+          "lon": {
+            "description": "Longitude",
+            "type": "number"
+          }
+        },
+        "required": [
+          "lat",
+          "lon"
+        ]
+      },
+      "_types:GeoHashLocation": {
+        "type": "object",
+        "properties": {
+          "geohash": {
+            "$ref": "#/components/schemas/_types:GeoHash"
+          }
+        },
+        "required": [
+          "geohash"
+        ]
+      },
+      "_types:GeoHash": {
+        "type": "string"
+      },
+      "_types:Distance": {
+        "type": "string"
+      },
+      "_types.query_dsl:DateDistanceFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DistanceFeatureQueryBaseDateMathDuration": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "origin": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "pivot": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "origin",
+              "pivot",
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:DateMath": {
+        "type": "string"
+      },
+      "_types:Duration": {
+        "externalDocs": {
+          "url": "https://github.com/elastic/elasticsearch/blob/current/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java"
+        },
+        "description": "A duration. Units can be `nanos`, `micros`, `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours) and\n`d` (days). Also accepts \"0\" without a unit and \"-1\" to indicate an unspecified value.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "string",
+            "enum": [
+              "-1"
+            ]
+          },
+          {
+            "type": "string",
+            "enum": [
+              "0"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ExistsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "boost_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionBoostMode"
+              },
+              "functions": {
+                "description": "One or more functions that compute a new score for each document returned by the query.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreContainer"
+                }
+              },
+              "max_boost": {
+                "description": "Restricts the new score to not exceed the provided limit.",
+                "type": "number"
+              },
+              "min_score": {
+                "description": "Excludes documents that do not meet the provided score threshold.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:FunctionScoreMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:FunctionBoostMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "replace",
+          "sum",
+          "avg",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FunctionScoreContainer": {
+        "allOf": [
+          {
+            "type": "object",
+            "properties": {
+              "filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "weight": {
+                "type": "number"
+              }
+            }
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exp": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "gauss": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:DecayFunction"
+              },
+              "field_value_factor": {
+                "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorScoreFunction"
+              },
+              "random_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:RandomScoreFunction"
+              },
+              "script_score": {
+                "$ref": "#/components/schemas/_types.query_dsl:ScriptScoreFunction"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunction": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumericDecayFunction"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:GeoDecayFunction"
+          }
+        ]
+      },
+      "_types.query_dsl:DateDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:DecayFunctionBase": {
+        "type": "object",
+        "properties": {
+          "multi_value_mode": {
+            "$ref": "#/components/schemas/_types.query_dsl:MultiValueMode"
+          }
+        }
+      },
+      "_types.query_dsl:MultiValueMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "avg",
+          "sum"
+        ]
+      },
+      "_types.query_dsl:NumericDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoDecayFunction": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DecayFunctionBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "factor": {
+            "description": "Optional factor to multiply the field value with.",
+            "type": "number"
+          },
+          "missing": {
+            "description": "Value used if the document doesn’t have that field.\nThe modifier and factor are still applied to it as though it were read from the document.",
+            "type": "number"
+          },
+          "modifier": {
+            "$ref": "#/components/schemas/_types.query_dsl:FieldValueFactorModifier"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldValueFactorModifier": {
+        "type": "string",
+        "enum": [
+          "none",
+          "log",
+          "log1p",
+          "log2p",
+          "ln",
+          "ln1p",
+          "ln2p",
+          "square",
+          "sqrt",
+          "reciprocal"
+        ]
+      },
+      "_types.query_dsl:RandomScoreFunction": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "seed": {
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.query_dsl:ScriptScoreFunction": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Script": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:InlineScript"
+          },
+          {
+            "$ref": "#/components/schemas/_types:StoredScriptId"
+          }
+        ]
+      },
+      "_types:InlineScript": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lang": {
+                "$ref": "#/components/schemas/_types:ScriptLanguage"
+              },
+              "options": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "string"
+                }
+              },
+              "source": {
+                "description": "The script source.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "source"
+            ]
+          }
+        ]
+      },
+      "_types:ScriptBase": {
+        "type": "object",
+        "properties": {
+          "params": {
+            "description": "Specifies any named parameters that are passed into the script as variables.\nUse parameters instead of hard-coded values to decrease compile time.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          }
+        }
+      },
+      "_types:ScriptLanguage": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "painless",
+              "expression",
+              "mustache",
+              "java"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types:StoredScriptId": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:ScriptBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              }
+            },
+            "required": [
+              "id"
+            ]
+          }
+        ]
+      },
+      "_types:Id": {
+        "type": "string"
+      },
+      "_types.query_dsl:FunctionScoreMode": {
+        "type": "string",
+        "enum": [
+          "multiply",
+          "sum",
+          "avg",
+          "first",
+          "max",
+          "min"
+        ]
+      },
+      "_types.query_dsl:FuzzyQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "max_expansions": {
+                "description": "Maximum number of variations created.",
+                "type": "number"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged when creating expansions.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "transpositions": {
+                "description": "Indicates whether edits include transpositions of two adjacent characters (for example `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "value": {
+                "description": "Term you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:MultiTermQueryRewrite": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-multi-term-rewrite.html"
+        },
+        "type": "string"
+      },
+      "_types:Fuzziness": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#fuzziness"
+        },
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.query_dsl:GeoBoundingBoxQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoExecution"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoExecution": {
+        "type": "string",
+        "enum": [
+          "memory",
+          "indexed"
+        ]
+      },
+      "_types.query_dsl:GeoValidationMethod": {
+        "type": "string",
+        "enum": [
+          "coerce",
+          "ignore_malformed",
+          "strict"
+        ]
+      },
+      "_types.query_dsl:GeoDistanceQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance": {
+                "$ref": "#/components/schemas/_types:Distance"
+              },
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "distance"
+            ]
+          }
+        ]
+      },
+      "_types:GeoDistanceType": {
+        "type": "string",
+        "enum": [
+          "arc",
+          "plane"
+        ]
+      },
+      "_types.query_dsl:GeoPolygonQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "validation_method": {
+                "$ref": "#/components/schemas/_types.query_dsl:GeoValidationMethod"
+              },
+              "ignore_unmapped": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:GeoShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Set to `true` to ignore an unmapped field and not match any documents for this query.\nSet to `false` to throw an exception if the field is not mapped.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:HasChildQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "max_children": {
+                "description": "Maximum number of child documents that match the query allowed for a returned parent document.\nIf the parent document exceeds this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "min_children": {
+                "description": "Minimum number of child documents that match the query required to match the query for a returned parent document.\nIf the parent document does not meet this limit, it is excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            },
+            "required": [
+              "query",
+              "type"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:InnerHits": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "$ref": "#/components/schemas/_types:Name"
+          },
+          "size": {
+            "description": "The maximum number of hits to return per `inner_hits`.",
+            "type": "number"
+          },
+          "from": {
+            "description": "Inner hit starting document offset.",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          },
+          "docvalue_fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+            }
+          },
+          "explain": {
+            "type": "boolean"
+          },
+          "highlight": {
+            "$ref": "#/components/schemas/_global.search._types:Highlight"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "script_fields": {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:ScriptField"
+            }
+          },
+          "seq_no_primary_term": {
+            "type": "boolean"
+          },
+          "fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types:Sort"
+          },
+          "_source": {
+            "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+          },
+          "stored_fields": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "track_scores": {
+            "type": "boolean"
+          },
+          "version": {
+            "type": "boolean"
+          }
+        }
+      },
+      "_types:Name": {
+        "type": "string"
+      },
+      "_global.search._types:FieldCollapse": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "inner_hits": {
+            "description": "The number of inner hits and their sort order",
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_global.search._types:InnerHits"
+                }
+              }
+            ]
+          },
+          "max_concurrent_group_searches": {
+            "description": "The number of concurrent requests allowed to retrieve the inner_hits per group",
+            "type": "number"
+          },
+          "collapse": {
+            "$ref": "#/components/schemas/_global.search._types:FieldCollapse"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.query_dsl:FieldAndFormat": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "format": {
+            "description": "Format in which the values are returned.",
+            "type": "string"
+          },
+          "include_unmapped": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_global.search._types:Highlight": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "encoder": {
+                "$ref": "#/components/schemas/_global.search._types:HighlighterEncoder"
+              },
+              "fields": {
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_global.search._types:HighlightField"
+                }
+              }
+            },
+            "required": [
+              "fields"
+            ]
+          }
+        ]
+      },
+      "_global.search._types:HighlightBase": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterType"
+          },
+          "boundary_chars": {
+            "description": "A string that contains each boundary character.",
+            "type": "string"
+          },
+          "boundary_max_scan": {
+            "description": "How far to scan for boundary characters.",
+            "type": "number"
+          },
+          "boundary_scanner": {
+            "$ref": "#/components/schemas/_global.search._types:BoundaryScanner"
+          },
+          "boundary_scanner_locale": {
+            "description": "Controls which locale is used to search for sentence and word boundaries.\nThis parameter takes a form of a language tag, for example: `\"en-US\"`, `\"fr-FR\"`, `\"ja-JP\"`.",
+            "type": "string"
+          },
+          "force_source": {
+            "deprecated": true,
+            "type": "boolean"
+          },
+          "fragmenter": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterFragmenter"
+          },
+          "fragment_size": {
+            "description": "The size of the highlighted fragment in characters.",
+            "type": "number"
+          },
+          "highlight_filter": {
+            "type": "boolean"
+          },
+          "highlight_query": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_fragment_length": {
+            "type": "number"
+          },
+          "max_analyzed_offset": {
+            "description": "If set to a non-negative value, highlighting stops at this defined maximum limit.\nThe rest of the text is not processed, thus not highlighted and no error is returned\nThe `max_analyzed_offset` query setting does not override the `index.highlight.max_analyzed_offset` setting, which prevails when it’s set to lower value than the query setting.",
+            "type": "number"
+          },
+          "no_match_size": {
+            "description": "The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.",
+            "type": "number"
+          },
+          "number_of_fragments": {
+            "description": "The maximum number of fragments to return.\nIf the number of fragments is set to `0`, no fragments are returned.\nInstead, the entire field contents are highlighted and returned.\nThis can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required.\nIf `number_of_fragments` is `0`, `fragment_size` is ignored.",
+            "type": "number"
+          },
+          "options": {
+            "type": "object",
+            "additionalProperties": {
+              "type": "object"
+            }
+          },
+          "order": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterOrder"
+          },
+          "phrase_limit": {
+            "description": "Controls the number of matching phrases in a document that are considered.\nPrevents the `fvh` highlighter from analyzing too many phrases and consuming too much memory.\nWhen using `matched_fields`, `phrase_limit` phrases per matched field are considered. Raising the limit increases query time and consumes more memory.\nOnly supported by the `fvh` highlighter.",
+            "type": "number"
+          },
+          "post_tags": {
+            "description": "Use in conjunction with `pre_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "pre_tags": {
+            "description": "Use in conjunction with `post_tags` to define the HTML tags to use for the highlighted text.\nBy default, highlighted text is wrapped in `<em>` and `</em>` tags.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "require_field_match": {
+            "description": "By default, only fields that contains a query match are highlighted.\nSet to `false` to highlight all fields.",
+            "type": "boolean"
+          },
+          "tags_schema": {
+            "$ref": "#/components/schemas/_global.search._types:HighlighterTagsSchema"
+          }
+        }
+      },
+      "_global.search._types:HighlighterType": {
+        "anyOf": [
+          {
+            "type": "string",
+            "enum": [
+              "plain",
+              "fvh",
+              "unified"
+            ]
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_global.search._types:BoundaryScanner": {
+        "type": "string",
+        "enum": [
+          "chars",
+          "sentence",
+          "word"
+        ]
+      },
+      "_global.search._types:HighlighterFragmenter": {
+        "type": "string",
+        "enum": [
+          "simple",
+          "span"
+        ]
+      },
+      "_global.search._types:HighlighterOrder": {
+        "type": "string",
+        "enum": [
+          "score"
+        ]
+      },
+      "_global.search._types:HighlighterTagsSchema": {
+        "type": "string",
+        "enum": [
+          "styled"
+        ]
+      },
+      "_global.search._types:HighlighterEncoder": {
+        "type": "string",
+        "enum": [
+          "default",
+          "html"
+        ]
+      },
+      "_global.search._types:HighlightField": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_global.search._types:HighlightBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fragment_offset": {
+                "type": "number"
+              },
+              "matched_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "analyzer": {
+                "$ref": "#/components/schemas/_types.analysis:Analyzer"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Fields": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          }
+        ]
+      },
+      "_types.analysis:Analyzer": {
+        "discriminator": {
+          "propertyName": "type"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.analysis:CustomAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:FingerprintAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KeywordAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:LanguageAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:NoriAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:PatternAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SimpleAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StandardAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:StopAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:WhitespaceAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:IcuAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:SnowballAnalyzer"
+          },
+          {
+            "$ref": "#/components/schemas/_types.analysis:DutchAnalyzer"
+          }
+        ]
+      },
+      "_types.analysis:CustomAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "custom"
+            ]
+          },
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "position_increment_gap": {
+            "type": "number"
+          },
+          "position_offset_gap": {
+            "type": "number"
+          },
+          "tokenizer": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "tokenizer"
+        ]
+      },
+      "_types.analysis:FingerprintAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "fingerprint"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "max_output_size": {
+            "type": "number"
+          },
+          "preserve_original": {
+            "type": "boolean"
+          },
+          "separator": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "max_output_size",
+          "preserve_original",
+          "separator"
+        ]
+      },
+      "_types:VersionString": {
+        "type": "string"
+      },
+      "_types.analysis:StopWords": {
+        "description": "Language value, such as _arabic_ or _thai_. Defaults to _english_.\nEach language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words.\nAlso accepts an array of stop words.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.analysis:KeywordAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "keyword"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:LanguageAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "language"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:Language"
+          },
+          "stem_exclusion": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "language",
+          "stem_exclusion"
+        ]
+      },
+      "_types.analysis:Language": {
+        "type": "string",
+        "enum": [
+          "Arabic",
+          "Armenian",
+          "Basque",
+          "Brazilian",
+          "Bulgarian",
+          "Catalan",
+          "Chinese",
+          "Cjk",
+          "Czech",
+          "Danish",
+          "Dutch",
+          "English",
+          "Estonian",
+          "Finnish",
+          "French",
+          "Galician",
+          "German",
+          "Greek",
+          "Hindi",
+          "Hungarian",
+          "Indonesian",
+          "Irish",
+          "Italian",
+          "Latvian",
+          "Norwegian",
+          "Persian",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Sorani",
+          "Spanish",
+          "Swedish",
+          "Turkish",
+          "Thai"
+        ]
+      },
+      "_types.analysis:NoriAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "nori"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "decompound_mode": {
+            "$ref": "#/components/schemas/_types.analysis:NoriDecompoundMode"
+          },
+          "stoptags": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:NoriDecompoundMode": {
+        "type": "string",
+        "enum": [
+          "discard",
+          "none",
+          "mixed"
+        ]
+      },
+      "_types.analysis:PatternAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "pattern"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "flags": {
+            "type": "string"
+          },
+          "lowercase": {
+            "type": "boolean"
+          },
+          "pattern": {
+            "type": "string"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "pattern"
+        ]
+      },
+      "_types.analysis:SimpleAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "simple"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StandardAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "standard"
+            ]
+          },
+          "max_token_length": {
+            "type": "number"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:StopAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "stop"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          },
+          "stopwords_path": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:WhitespaceAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "whitespace"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types.analysis:IcuAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "icu_analyzer"
+            ]
+          },
+          "method": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:IcuNormalizationMode"
+          }
+        },
+        "required": [
+          "type",
+          "method",
+          "mode"
+        ]
+      },
+      "_types.analysis:IcuNormalizationType": {
+        "type": "string",
+        "enum": [
+          "nfc",
+          "nfkc",
+          "nfkc_cf"
+        ]
+      },
+      "_types.analysis:IcuNormalizationMode": {
+        "type": "string",
+        "enum": [
+          "decompose",
+          "compose"
+        ]
+      },
+      "_types.analysis:KuromojiAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "kuromoji"
+            ]
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types.analysis:KuromojiTokenizationMode"
+          },
+          "user_dictionary": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "type",
+          "mode"
+        ]
+      },
+      "_types.analysis:KuromojiTokenizationMode": {
+        "type": "string",
+        "enum": [
+          "normal",
+          "search",
+          "extended"
+        ]
+      },
+      "_types.analysis:SnowballAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "snowball"
+            ]
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionString"
+          },
+          "language": {
+            "$ref": "#/components/schemas/_types.analysis:SnowballLanguage"
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type",
+          "language"
+        ]
+      },
+      "_types.analysis:SnowballLanguage": {
+        "type": "string",
+        "enum": [
+          "Armenian",
+          "Basque",
+          "Catalan",
+          "Danish",
+          "Dutch",
+          "English",
+          "Finnish",
+          "French",
+          "German",
+          "German2",
+          "Hungarian",
+          "Italian",
+          "Kp",
+          "Lovins",
+          "Norwegian",
+          "Porter",
+          "Portuguese",
+          "Romanian",
+          "Russian",
+          "Spanish",
+          "Swedish",
+          "Turkish"
+        ]
+      },
+      "_types.analysis:DutchAnalyzer": {
+        "type": "object",
+        "properties": {
+          "type": {
+            "type": "string",
+            "enum": [
+              "dutch"
+            ]
+          },
+          "stopwords": {
+            "$ref": "#/components/schemas/_types.analysis:StopWords"
+          }
+        },
+        "required": [
+          "type"
+        ]
+      },
+      "_types:ScriptField": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "ignore_failure": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:Sort": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:SortCombinations"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:SortCombinations"
+            }
+          }
+        ]
+      },
+      "_types:SortCombinations": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          {
+            "$ref": "#/components/schemas/_types:SortOptions"
+          }
+        ]
+      },
+      "_types:SortOptions": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html"
+        },
+        "type": "object",
+        "properties": {
+          "_score": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_doc": {
+            "$ref": "#/components/schemas/_types:ScoreSort"
+          },
+          "_geo_distance": {
+            "$ref": "#/components/schemas/_types:GeoDistanceSort"
+          },
+          "_script": {
+            "$ref": "#/components/schemas/_types:ScriptSort"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:ScoreSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types:SortOrder": {
+        "type": "string",
+        "enum": [
+          "asc",
+          "desc"
+        ]
+      },
+      "_types:GeoDistanceSort": {
+        "type": "object",
+        "properties": {
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "distance_type": {
+            "$ref": "#/components/schemas/_types:GeoDistanceType"
+          },
+          "ignore_unmapped": {
+            "type": "boolean"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "unit": {
+            "$ref": "#/components/schemas/_types:DistanceUnit"
+          }
+        }
+      },
+      "_types:SortMode": {
+        "type": "string",
+        "enum": [
+          "min",
+          "max",
+          "sum",
+          "avg",
+          "median"
+        ]
+      },
+      "_types:DistanceUnit": {
+        "type": "string",
+        "enum": [
+          "in",
+          "ft",
+          "yd",
+          "mi",
+          "nmi",
+          "km",
+          "m",
+          "cm",
+          "mm"
+        ]
+      },
+      "_types:ScriptSort": {
+        "type": "object",
+        "properties": {
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types:ScriptSortType"
+          },
+          "mode": {
+            "$ref": "#/components/schemas/_types:SortMode"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types:ScriptSortType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "number",
+          "version"
+        ]
+      },
+      "_types:NestedSortValue": {
+        "type": "object",
+        "properties": {
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          },
+          "max_children": {
+            "type": "number"
+          },
+          "nested": {
+            "$ref": "#/components/schemas/_types:NestedSortValue"
+          },
+          "path": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "path"
+        ]
+      },
+      "_global.search._types:SourceConfig": {
+        "description": "Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.",
+        "oneOf": [
+          {
+            "type": "boolean"
+          },
+          {
+            "$ref": "#/components/schemas/_global.search._types:SourceFilter"
+          }
+        ]
+      },
+      "_global.search._types:SourceFilter": {
+        "type": "object",
+        "properties": {
+          "excludes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          },
+          "includes": {
+            "$ref": "#/components/schemas/_types:Fields"
+          }
+        }
+      },
+      "_types.query_dsl:ChildScoreMode": {
+        "type": "string",
+        "enum": [
+          "none",
+          "avg",
+          "sum",
+          "max",
+          "min"
+        ]
+      },
+      "_types:RelationName": {
+        "type": "string"
+      },
+      "_types.query_dsl:HasParentQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `parent_type` and not return any documents instead of an error.\nYou can use this parameter to query multiple indices that may not contain the `parent_type`.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "parent_type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score": {
+                "description": "Indicates whether the relevance score of a matching parent document is aggregated into its child documents.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "parent_type",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:IdsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "values": {
+                "$ref": "#/components/schemas/_types:Ids"
+              }
+            }
+          }
+        ]
+      },
+      "_types:Ids": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Id"
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "all_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+              },
+              "any_of": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+              },
+              "fuzzy": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+              },
+              "prefix": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+              },
+              "wildcard": {
+                "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+              }
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          }
+        ]
+      },
+      "_types.query_dsl:IntervalsAllOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to combine. All rules must produce a match in a document for the overall source to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nIntervals produced by the rules further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, intervals produced by the rules should appear in the order in which they are specified.",
+            "type": "boolean"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsContainer": {
+        "type": "object",
+        "properties": {
+          "all_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAllOf"
+          },
+          "any_of": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsAnyOf"
+          },
+          "fuzzy": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFuzzy"
+          },
+          "match": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsMatch"
+          },
+          "prefix": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsPrefix"
+          },
+          "wildcard": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsWildcard"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsAnyOf": {
+        "type": "object",
+        "properties": {
+          "intervals": {
+            "description": "An array of rules to match.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+            }
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "intervals"
+        ]
+      },
+      "_types.query_dsl:IntervalsFilter": {
+        "type": "object",
+        "properties": {
+          "after": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "before": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_contained_by": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "not_overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "overlapping": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsContainer"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:IntervalsFuzzy": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to normalize the term.",
+            "type": "string"
+          },
+          "fuzziness": {
+            "$ref": "#/components/schemas/_types:Fuzziness"
+          },
+          "prefix_length": {
+            "description": "Number of beginning characters left unchanged when creating expansions.",
+            "type": "number"
+          },
+          "term": {
+            "description": "The term to match.",
+            "type": "string"
+          },
+          "transpositions": {
+            "description": "Indicates whether edits include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+            "type": "boolean"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "term"
+        ]
+      },
+      "_types.query_dsl:IntervalsMatch": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze terms in the query.",
+            "type": "string"
+          },
+          "max_gaps": {
+            "description": "Maximum number of positions between the matching terms.\nTerms further apart than this are not considered matches.",
+            "type": "number"
+          },
+          "ordered": {
+            "description": "If `true`, matching terms must appear in their specified order.",
+            "type": "boolean"
+          },
+          "query": {
+            "description": "Text you wish to find in the provided field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:IntervalsFilter"
+          }
+        },
+        "required": [
+          "query"
+        ]
+      },
+      "_types.query_dsl:IntervalsPrefix": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+            },
+            "description": "Analyzer used to analyze the `prefix`.",
+            "type": "string"
+          },
+          "prefix": {
+            "description": "Beginning characters of terms you wish to find in the top-level field.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "prefix"
+        ]
+      },
+      "_types.query_dsl:IntervalsWildcard": {
+        "type": "object",
+        "properties": {
+          "analyzer": {
+            "description": "Analyzer used to analyze the `pattern`.\nDefaults to the top-level field's analyzer.",
+            "type": "string"
+          },
+          "pattern": {
+            "description": "Wildcard pattern used to find matching terms.",
+            "type": "string"
+          },
+          "use_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "pattern"
+        ]
+      },
+      "_types:KnnQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query_vector": {
+                "$ref": "#/components/schemas/_types:QueryVector"
+              },
+              "query_vector_builder": {
+                "$ref": "#/components/schemas/_types:QueryVectorBuilder"
+              },
+              "num_candidates": {
+                "description": "The number of nearest neighbor candidates to consider per shard",
+                "type": "number"
+              },
+              "filter": {
+                "description": "Filters for the kNN search query",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                    }
+                  }
+                ]
+              },
+              "similarity": {
+                "description": "The minimum similarity for a vector to be considered a match",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types:QueryVector": {
+        "type": "array",
+        "items": {
+          "type": "number"
+        }
+      },
+      "_types:QueryVectorBuilder": {
+        "type": "object",
+        "properties": {
+          "text_embedding": {
+            "$ref": "#/components/schemas/_types:TextEmbedding"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types:TextEmbedding": {
+        "type": "object",
+        "properties": {
+          "model_id": {
+            "type": "string"
+          },
+          "model_text": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "model_id",
+          "model_text"
+        ]
+      },
+      "_types.query_dsl:MatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "type": "boolean"
+                  }
+                ]
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ZeroTermsQuery": {
+        "type": "string",
+        "enum": [
+          "all",
+          "none"
+        ]
+      },
+      "_types.query_dsl:MatchAllQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchBoolPrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Terms you wish to find in the provided field.\nThe last term is used in a prefix query.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchNoneQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhraseQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "query": {
+                "description": "Query terms that are analyzed and turned into a phrase query.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MatchPhrasePrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query value into tokens.",
+                "type": "string"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the last provided term of the query value will expand.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:MoreLikeThisQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "The analyzer that is used to analyze the free form text.\nDefaults to the analyzer associated with the first field in fields.",
+                "type": "string"
+              },
+              "boost_terms": {
+                "description": "Each term in the formed query could be further boosted by their tf-idf score.\nThis sets the boost factor to use when using this feature.\nDefaults to deactivated (0).",
+                "type": "number"
+              },
+              "fail_on_unsupported_field": {
+                "description": "Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (`text` or `keyword`).",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "A list of fields to fetch and analyze the text from.\nDefaults to the `index.query.default_field` index setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "include": {
+                "description": "Specifies whether the input documents should also be included in the search results returned.",
+                "type": "boolean"
+              },
+              "like": {
+                "description": "Specifies free form text and/or a single or multiple documents for which you want to find similar documents.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "max_doc_freq": {
+                "description": "The maximum document frequency above which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "max_query_terms": {
+                "description": "The maximum number of query terms that can be selected.",
+                "type": "number"
+              },
+              "max_word_length": {
+                "description": "The maximum word length above which the terms are ignored.\nDefaults to unbounded (`0`).",
+                "type": "number"
+              },
+              "min_doc_freq": {
+                "description": "The minimum document frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "min_term_freq": {
+                "description": "The minimum term frequency below which the terms are ignored from the input document.",
+                "type": "number"
+              },
+              "min_word_length": {
+                "description": "The minimum word length below which the terms are ignored.",
+                "type": "number"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "stop_words": {
+                "$ref": "#/components/schemas/_types.analysis:StopWords"
+              },
+              "unlike": {
+                "description": "Used in combination with `like` to exclude documents that match a set of terms.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.query_dsl:Like"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:Like"
+                    }
+                  }
+                ]
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              },
+              "version_type": {
+                "$ref": "#/components/schemas/_types:VersionType"
+              }
+            },
+            "required": [
+              "like"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:Like": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-mlt-query.html#_document_input_parameters"
+        },
+        "description": "Text that we want similar documents for or a lookup to a document's field for the text.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:LikeDocument"
+          }
+        ]
+      },
+      "_types.query_dsl:LikeDocument": {
+        "type": "object",
+        "properties": {
+          "doc": {
+            "description": "A document not present in the index.",
+            "type": "object"
+          },
+          "fields": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types:Field"
+            }
+          },
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          },
+          "per_field_analyzer": {
+            "description": "Overrides the default analyzer.",
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          },
+          "routing": {
+            "$ref": "#/components/schemas/_types:Routing"
+          },
+          "version": {
+            "$ref": "#/components/schemas/_types:VersionNumber"
+          },
+          "version_type": {
+            "$ref": "#/components/schemas/_types:VersionType"
+          }
+        }
+      },
+      "_types:IndexName": {
+        "type": "string"
+      },
+      "_types:Routing": {
+        "type": "string"
+      },
+      "_types:VersionNumber": {
+        "type": "number"
+      },
+      "_types:VersionType": {
+        "type": "string",
+        "enum": [
+          "internal",
+          "external",
+          "external_gte",
+          "force"
+        ]
+      },
+      "_types.query_dsl:MultiMatchQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert the text in the query value into tokens.",
+                "type": "string"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "cutoff_frequency": {
+                "deprecated": true,
+                "type": "number"
+              },
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).\nCan be applied to the term subqueries constructed for all terms but the final term.",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text query value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_expansions": {
+                "description": "Maximum number of terms to which the query will expand.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Text, number, boolean value or date you wish to find in the provided field.",
+                "type": "string"
+              },
+              "slop": {
+                "description": "Maximum number of positions allowed between matching tokens.",
+                "type": "number"
+              },
+              "tie_breaker": {
+                "description": "Determines how scores for each per-term blended query and scores across groups are combined.",
+                "type": "number"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              },
+              "zero_terms_query": {
+                "$ref": "#/components/schemas/_types.query_dsl:ZeroTermsQuery"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextQueryType": {
+        "type": "string",
+        "enum": [
+          "best_fields",
+          "most_fields",
+          "cross_fields",
+          "phrase",
+          "phrase_prefix",
+          "bool_prefix"
+        ]
+      },
+      "_types.query_dsl:NestedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped path and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "inner_hits": {
+                "$ref": "#/components/schemas/_global.search._types:InnerHits"
+              },
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "score_mode": {
+                "$ref": "#/components/schemas/_types.query_dsl:ChildScoreMode"
+              }
+            },
+            "required": [
+              "path",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ParentIdQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "ignore_unmapped": {
+                "description": "Indicates whether to ignore an unmapped `type` and not return any documents instead of an error.",
+                "type": "boolean"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:PercolateQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "document": {
+                "description": "The source of the document being percolated.",
+                "type": "object"
+              },
+              "documents": {
+                "description": "An array of sources of the documents being percolated.",
+                "type": "array",
+                "items": {
+                  "type": "object"
+                }
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "index": {
+                "$ref": "#/components/schemas/_types:IndexName"
+              },
+              "name": {
+                "description": "The suffix used for the `_percolator_document_slot` field when multiple `percolate` queries are specified.",
+                "type": "string"
+              },
+              "preference": {
+                "description": "Preference used to fetch document to percolate.",
+                "type": "string"
+              },
+              "routing": {
+                "$ref": "#/components/schemas/_types:Routing"
+              },
+              "version": {
+                "$ref": "#/components/schemas/_types:VersionNumber"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "allOf": [
+              {
+                "type": "object",
+                "properties": {
+                  "organic": {
+                    "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+                  }
+                },
+                "required": [
+                  "organic"
+                ]
+              },
+              {
+                "type": "object",
+                "properties": {
+                  "ids": {
+                    "description": "Document IDs listed in the order they are to appear in results.\nRequired if `docs` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types:Id"
+                    }
+                  },
+                  "docs": {
+                    "description": "Documents listed in the order they are to appear in results.\nRequired if `ids` is not specified.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.query_dsl:PinnedDoc"
+                    }
+                  }
+                },
+                "minProperties": 1,
+                "maxProperties": 1
+              }
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:PinnedDoc": {
+        "type": "object",
+        "properties": {
+          "_id": {
+            "$ref": "#/components/schemas/_types:Id"
+          },
+          "_index": {
+            "$ref": "#/components/schemas/_types:IndexName"
+          }
+        },
+        "required": [
+          "_id",
+          "_index"
+        ]
+      },
+      "_types.query_dsl:PrefixQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Beginning characters of terms you wish to find in the provided field.",
+                "type": "string"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nDefault is `false` which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:QueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "allow_leading_wildcard": {
+                "description": "If `true`, the wildcard characters `*` and `?` are allowed as the first character of the query string.",
+                "type": "boolean"
+              },
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, match phrase queries are automatically created for multi-term synonyms.",
+                "type": "boolean"
+              },
+              "default_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "enable_position_increments": {
+                "description": "If `true`, enable position increments in queries constructed from a `query_string` search.",
+                "type": "boolean"
+              },
+              "escape": {
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of fields to search. Supports wildcards (`*`).",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "fuzziness": {
+                "$ref": "#/components/schemas/_types:Fuzziness"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "phrase_slop": {
+                "description": "Maximum number of positions allowed between matching tokens for phrases.",
+                "type": "number"
+              },
+              "query": {
+                "description": "Query string you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_analyzer": {
+                "description": "Analyzer used to convert quoted text in the query string into tokens.\nFor quoted text, this parameter overrides the analyzer specified in the `analyzer` parameter.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.\nYou can use this suffix to use a different analysis method for exact matches.",
+                "type": "string"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "tie_breaker": {
+                "description": "How to combine the queries generated from the individual search terms in the resulting `dis_max` query.",
+                "type": "number"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.query_dsl:TextQueryType"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types:TimeZone": {
+        "type": "string"
+      },
+      "_types.query_dsl:RangeQuery": {
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:DateRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:NumberRangeQuery"
+          },
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:TermsRangeQuery"
+          }
+        ]
+      },
+      "_types.query_dsl:DateRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "gte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lt": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "lte": {
+                "$ref": "#/components/schemas/_types:DateMath"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types:DateMath"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "format": {
+                "$ref": "#/components/schemas/_types:DateFormat"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeQueryBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "relation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RangeRelation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RangeRelation": {
+        "type": "string",
+        "enum": [
+          "within",
+          "contains",
+          "intersects"
+        ]
+      },
+      "_types:DateFormat": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html"
+        },
+        "type": "string"
+      },
+      "_types.query_dsl:NumberRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "number"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "number"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "number"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "number"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "number"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:TermsRangeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RangeQueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "gt": {
+                "description": "Greater than.",
+                "type": "string"
+              },
+              "gte": {
+                "description": "Greater than or equal to.",
+                "type": "string"
+              },
+              "lt": {
+                "description": "Less than.",
+                "type": "string"
+              },
+              "lte": {
+                "description": "Less than or equal to.",
+                "type": "string"
+              },
+              "from": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "to": {
+                "oneOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "saturation": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSaturation"
+              },
+              "log": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLogarithm"
+              },
+              "linear": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionLinear"
+              },
+              "sigmoid": {
+                "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunctionSigmoid"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSaturation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunction": {
+        "type": "object"
+      },
+      "_types.query_dsl:RankFeatureFunctionLogarithm": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "scaling_factor": {
+                "description": "Configurable scaling factor.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "scaling_factor"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionLinear": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:RankFeatureFunctionSigmoid": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:RankFeatureFunction"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "pivot": {
+                "description": "Configurable pivot value so that the result will be less than 0.5.",
+                "type": "number"
+              },
+              "exponent": {
+                "description": "Configurable Exponent.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "pivot",
+              "exponent"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RegexpQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the regular expression value with the indexed field values when set to `true`.\nWhen `false`, case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "flags": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Enables optional operators for the regular expression.",
+                "type": "string"
+              },
+              "max_determinized_states": {
+                "description": "Maximum number of automaton states required for the query.",
+                "type": "number"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html"
+                },
+                "description": "Regular expression for terms you wish to find in the provided field.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:RuleQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "organic": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "ruleset_id": {
+                "$ref": "#/components/schemas/_types:Id"
+              },
+              "match_criteria": {
+                "type": "object"
+              }
+            },
+            "required": [
+              "organic",
+              "ruleset_id",
+              "match_criteria"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ScriptScoreQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "min_score": {
+                "description": "Documents with a score lower than this floating point number are excluded from the search results.",
+                "type": "number"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            },
+            "required": [
+              "query",
+              "script"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:ShapeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "ignore_unmapped": {
+                "description": "When set to `true` the query ignores an unmapped field and will not match any documents.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "analyzer": {
+                "externalDocs": {
+                  "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis.html"
+                },
+                "description": "Analyzer used to convert text in the query string into tokens.",
+                "type": "string"
+              },
+              "analyze_wildcard": {
+                "description": "If `true`, the query attempts to analyze wildcard terms in the query string.",
+                "type": "boolean"
+              },
+              "auto_generate_synonyms_phrase_query": {
+                "description": "If `true`, the parser creates a match_phrase query for each multi-position token.",
+                "type": "boolean"
+              },
+              "default_operator": {
+                "$ref": "#/components/schemas/_types.query_dsl:Operator"
+              },
+              "fields": {
+                "description": "Array of fields you wish to search.\nAccepts wildcard expressions.\nYou also can boost relevance scores for matches to particular fields using a caret (`^`) notation.\nDefaults to the `index.query.default_field index` setting, which has a default value of `*`.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types:Field"
+                }
+              },
+              "flags": {
+                "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlags"
+              },
+              "fuzzy_max_expansions": {
+                "description": "Maximum number of terms to which the query expands for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_prefix_length": {
+                "description": "Number of beginning characters left unchanged for fuzzy matching.",
+                "type": "number"
+              },
+              "fuzzy_transpositions": {
+                "description": "If `true`, edits for fuzzy matching include transpositions of two adjacent characters (for example, `ab` to `ba`).",
+                "type": "boolean"
+              },
+              "lenient": {
+                "description": "If `true`, format-based errors, such as providing a text value for a numeric field, are ignored.",
+                "type": "boolean"
+              },
+              "minimum_should_match": {
+                "$ref": "#/components/schemas/_types:MinimumShouldMatch"
+              },
+              "query": {
+                "description": "Query string in the simple query string syntax you wish to parse and use for search.",
+                "type": "string"
+              },
+              "quote_field_suffix": {
+                "description": "Suffix appended to quoted text in the query string.",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlags": {
+        "externalDocs": {
+          "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html#supported-flags"
+        },
+        "description": "Query flags can be either a single flag or a combination of flags, e.g. `OR|AND|PREFIX`",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag"
+          }
+        ]
+      },
+      "_spec_utils:PipeSeparatedFlagsSimpleQueryStringFlag": {
+        "description": "A set of flags that can be represented as a single enum value or a set of values that are encoded\nas a pipe-separated string\n\nDepending on the target language, code generators can use this hint to generate language specific\nflags enum constructs and the corresponding (de-)serialization code.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:SimpleQueryStringFlag"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.query_dsl:SimpleQueryStringFlag": {
+        "type": "string",
+        "enum": [
+          "NONE",
+          "AND",
+          "NOT",
+          "OR",
+          "PREFIX",
+          "PHRASE",
+          "PRECEDENCE",
+          "ESCAPE",
+          "WHITESPACE",
+          "FUZZY",
+          "NEAR",
+          "SLOP",
+          "ALL"
+        ]
+      },
+      "_types.query_dsl:SpanContainingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanQuery": {
+        "type": "object",
+        "properties": {
+          "span_containing": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanContainingQuery"
+          },
+          "field_masking_span": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFieldMaskingQuery"
+          },
+          "span_first": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanFirstQuery"
+          },
+          "span_gap": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanGapQuery"
+          },
+          "span_multi": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanMultiTermQuery"
+          },
+          "span_near": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNearQuery"
+          },
+          "span_not": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanNotQuery"
+          },
+          "span_or": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanOrQuery"
+          },
+          "span_term": {
+            "description": "The equivalent of the `term` query but for use with other span queries.",
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:SpanTermQuery"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          "span_within": {
+            "$ref": "#/components/schemas/_types.query_dsl:SpanWithinQuery"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanFieldMaskingQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "query": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "field",
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanFirstQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "end": {
+                "description": "Controls the maximum end position permitted in a match.",
+                "type": "number"
+              },
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "end",
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanGapQuery": {
+        "description": "Can only be used as a clause in a span_near query.",
+        "type": "object",
+        "additionalProperties": {
+          "type": "number"
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "_types.query_dsl:SpanMultiTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "match": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              }
+            },
+            "required": [
+              "match"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNearQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              },
+              "in_order": {
+                "description": "Controls whether matches are required to be in-order.",
+                "type": "boolean"
+              },
+              "slop": {
+                "description": "Controls the maximum number of intervening unmatched positions permitted.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanNotQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "dist": {
+                "description": "The number of tokens from within the include span that can’t have overlap with the exclude span.\nEquivalent to setting both `pre` and `post`.",
+                "type": "number"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "post": {
+                "description": "The number of tokens after the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              },
+              "pre": {
+                "description": "The number of tokens before the include span that can’t have overlap with the exclude span.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "exclude",
+              "include"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanOrQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "clauses": {
+                "description": "Array of one or more other span type queries.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+                }
+              }
+            },
+            "required": [
+              "clauses"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanTermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:SpanWithinQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "big": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              },
+              "little": {
+                "$ref": "#/components/schemas/_types.query_dsl:SpanQuery"
+              }
+            },
+            "required": [
+              "big",
+              "little"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TermQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "$ref": "#/components/schemas/_types:FieldValue"
+              },
+              "case_insensitive": {
+                "description": "Allows ASCII case insensitive matching of the value with the indexed field values when set to `true`.\nWhen `false`, the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types:FieldValue": {
+        "description": "A field value.",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          },
+          {
+            "type": "boolean"
+          },
+          {
+            "nullable": true,
+            "type": "string"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.query_dsl:TermsSetQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimum_should_match_field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "minimum_should_match_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "terms": {
+                "description": "Array of terms you wish to find in the provided field.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TextExpansionQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "description": "The text expansion NLP model to use",
+                "type": "string"
+              },
+              "model_text": {
+                "description": "The query text",
+                "type": "string"
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "model_id",
+              "model_text"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TokenPruningConfig": {
+        "type": "object",
+        "properties": {
+          "tokens_freq_ratio_threshold": {
+            "description": "Tokens whose frequency is more than this threshold times the average frequency of all tokens in the specified field are considered outliers and pruned.",
+            "type": "number"
+          },
+          "tokens_weight_threshold": {
+            "description": "Tokens whose weight is less than this threshold are considered nonsignificant and pruned.",
+            "type": "number"
+          },
+          "only_score_pruned_tokens": {
+            "description": "Whether to only score pruned tokens, vs only scoring kept tokens.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.query_dsl:WeightedTokensQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "tokens": {
+                "description": "The tokens representing this query",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              },
+              "pruning_config": {
+                "$ref": "#/components/schemas/_types.query_dsl:TokenPruningConfig"
+              }
+            },
+            "required": [
+              "tokens"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:WildcardQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "case_insensitive": {
+                "description": "Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping.",
+                "type": "boolean"
+              },
+              "rewrite": {
+                "$ref": "#/components/schemas/_types:MultiTermQueryRewrite"
+              },
+              "value": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when wildcard is not set.",
+                "type": "string"
+              },
+              "wildcard": {
+                "description": "Wildcard pattern for terms you wish to find in the provided field. Required, when value is not set.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.query_dsl:WrapperQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "query": {
+                "description": "A base64 encoded query.\nThe binary data format can be any of JSON, YAML, CBOR or SMILE encodings",
+                "type": "string"
+              }
+            },
+            "required": [
+              "query"
+            ]
+          }
+        ]
+      },
+      "_types.query_dsl:TypeQuery": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "value": {
+                "type": "string"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:AutoDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets": {
+                "description": "The target number of buckets.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "minimum_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:MinimumInterval"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "description": "Time zone specified as a ISO 8601 UTC offset.",
+                "type": "string"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinimumInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "minute",
+          "hour",
+          "day",
+          "month",
+          "year"
+        ]
+      },
+      "_types:DateTime": {
+        "description": "A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a\nnumber of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string\nrepresentation.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types:EpochTimeUnitMillis"
+          }
+        ]
+      },
+      "_types:EpochTimeUnitMillis": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types:UnitMillis"
+          }
+        ]
+      },
+      "_types:UnitMillis": {
+        "description": "Time unit for milliseconds",
+        "type": "number"
+      },
+      "_types.aggregations:AverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormatMetricAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MetricAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:Missing": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "number"
+          },
+          {
+            "type": "boolean"
+          }
+        ]
+      },
+      "_types.aggregations:AverageBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:PipelineAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "`DecimalFormat` pattern for the output value.\nIf specified, the formatted value is returned in the aggregation’s `value_as_string` property.",
+                "type": "string"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketPathAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "buckets_path": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsPath"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsPath": {
+        "description": "Buckets path can be expressed in different ways, and an aggregation may accept some or all of these\nforms depending on its type. Please refer to each aggregation's documentation to know what buckets\npath forms they accept.",
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "type": "object",
+            "additionalProperties": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GapPolicy": {
+        "type": "string",
+        "enum": [
+          "skip",
+          "insert_zeros",
+          "keep_values"
+        ]
+      },
+      "_types.aggregations:BoxplotAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketScriptAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSelectorAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketSortAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "from": {
+                "description": "Buckets in positions prior to `from` will be truncated.",
+                "type": "number"
+              },
+              "gap_policy": {
+                "$ref": "#/components/schemas/_types.aggregations:GapPolicy"
+              },
+              "size": {
+                "description": "The number of buckets to return.\nDefaults to all buckets of the parent aggregation.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketKsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "alternative": {
+                "description": "A list of string values indicating which K-S test alternative to calculate. The valid values\nare: \"greater\", \"less\", \"two_sided\". This parameter is key for determining the K-S statistic used\nwhen calculating the K-S test. Default value is all possible alternative hypotheses.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "fractions": {
+                "description": "A list of doubles indicating the distribution of the samples with which to compare to the `buckets_path` results.\nIn typical usage this is the overall proportion of documents in each bucket, which is compared with the actual\ndocument proportions in each bucket from the sibling aggregation counts. The default is to assume that overall\ndocuments are uniformly distributed on these buckets, which they would be if one used equal percentiles of a\nmetric to define the bucket end points.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "sampling_method": {
+                "description": "Indicates the sampling methodology when calculating the K-S test. Note, this is sampling of the returned values.\nThis determines the cumulative distribution function (CDF) points used comparing the two samples. Default is\n`upper_tail`, which emphasizes the upper end of the CDF points. Valid options are: `upper_tail`, `uniform`,\nand `lower_tail`.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketPathAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "function": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunction"
+              }
+            },
+            "required": [
+              "function"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunction": {
+        "type": "object",
+        "properties": {
+          "count_correlation": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelation"
+          }
+        },
+        "required": [
+          "count_correlation"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelation": {
+        "type": "object",
+        "properties": {
+          "indicator": {
+            "$ref": "#/components/schemas/_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator"
+          }
+        },
+        "required": [
+          "indicator"
+        ]
+      },
+      "_types.aggregations:BucketCorrelationFunctionCountCorrelationIndicator": {
+        "type": "object",
+        "properties": {
+          "doc_count": {
+            "description": "The total number of documents that initially created the expectations. It’s required to be greater\nthan or equal to the sum of all values in the buckets_path as this is the originating superset of data\nto which the term values are correlated.",
+            "type": "number"
+          },
+          "expectations": {
+            "description": "An array of numbers with which to correlate the configured `bucket_path` values.\nThe length of this value must always equal the number of buckets returned by the `bucket_path`.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          },
+          "fractions": {
+            "description": "An array of fractions to use when averaging and calculating variance. This should be used if\nthe pre-calculated data and the buckets_path have known gaps. The length of fractions, if provided,\nmust equal expectations.",
+            "type": "array",
+            "items": {
+              "type": "number"
+            }
+          }
+        },
+        "required": [
+          "doc_count",
+          "expectations"
+        ]
+      },
+      "_types.aggregations:CardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision_threshold": {
+                "description": "A unique count below which counts are expected to be close to accurate.\nThis allows to trade memory for accuracy.",
+                "type": "number"
+              },
+              "rehash": {
+                "type": "boolean"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:CardinalityExecutionMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CardinalityExecutionMode": {
+        "type": "string",
+        "enum": [
+          "global_ordinals",
+          "segment_ordinals",
+          "direct",
+          "save_memory_heuristic",
+          "save_time_heuristic"
+        ]
+      },
+      "_types.aggregations:CategorizeTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "max_unique_tokens": {
+                "description": "The maximum number of unique tokens at any position up to max_matched_tokens. Must be larger than 1.\nSmaller values use less memory and create fewer categories. Larger values will use more memory and\ncreate narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "max_matched_tokens": {
+                "description": "The maximum number of token positions to match on before attempting to merge categories. Larger\nvalues will use more memory and create narrower categories. Max allowed value is 100.",
+                "type": "number"
+              },
+              "similarity_threshold": {
+                "description": "The minimum percentage of tokens that must match for text to be added to the category bucket. Must\nbe between 1 and 100. The larger the value the narrower the categories. Larger values will increase memory\nusage and create narrower categories.",
+                "type": "number"
+              },
+              "categorization_filters": {
+                "description": "This property expects an array of regular expressions. The expressions are used to filter out matching\nsequences from the categorization field values. You can use this functionality to fine tune the categorization\nby excluding sequences from consideration when categories are defined. For example, you can exclude SQL\nstatements that appear in your log files. This property cannot be used at the same time as categorization_analyzer.\nIf you only want to define simple regular expression filters that are applied prior to tokenization, setting\nthis property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering,\nuse the categorization_analyzer property instead and include the filters as pattern_replace character filters.",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "categorization_analyzer": {
+                "$ref": "#/components/schemas/_types.aggregations:CategorizeTextAnalyzer"
+              },
+              "shard_size": {
+                "description": "The number of categorization buckets to return from each shard before merging all the results.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets to return.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned to the results.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket to be returned from the shard before merging.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CategorizeTextAnalyzer": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CustomCategorizeTextAnalyzer"
+          }
+        ]
+      },
+      "_types.aggregations:CustomCategorizeTextAnalyzer": {
+        "type": "object",
+        "properties": {
+          "char_filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "tokenizer": {
+            "type": "string"
+          },
+          "filter": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      },
+      "_types.aggregations:ChildrenAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "after": {
+                "$ref": "#/components/schemas/_types.aggregations:CompositeAggregateKey"
+              },
+              "size": {
+                "description": "The number of composite buckets that should be returned.",
+                "type": "number"
+              },
+              "sources": {
+                "description": "The value sources used to build composite buckets.\nKeys are returned in the order of the `sources` definition.",
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationSource"
+                  }
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregateKey": {
+        "type": "object",
+        "additionalProperties": {
+          "$ref": "#/components/schemas/_types:FieldValue"
+        }
+      },
+      "_types.aggregations:CompositeAggregationSource": {
+        "type": "object",
+        "properties": {
+          "terms": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeTermsAggregation"
+          },
+          "histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeHistogramAggregation"
+          },
+          "date_histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeDateHistogramAggregation"
+          },
+          "geotile_grid": {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeGeoTileGridAggregation"
+          }
+        }
+      },
+      "_types.aggregations:CompositeTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CompositeAggregationBase": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing_bucket": {
+            "type": "boolean"
+          },
+          "missing_order": {
+            "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "value_type": {
+            "$ref": "#/components/schemas/_types.aggregations:ValueType"
+          },
+          "order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          }
+        }
+      },
+      "_types.aggregations:MissingOrder": {
+        "type": "string",
+        "enum": [
+          "first",
+          "last",
+          "default"
+        ]
+      },
+      "_types.aggregations:ValueType": {
+        "type": "string",
+        "enum": [
+          "string",
+          "long",
+          "double",
+          "number",
+          "date",
+          "date_nanos",
+          "ip",
+          "numeric",
+          "geo_point",
+          "boolean"
+        ]
+      },
+      "_types.aggregations:CompositeHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "interval": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "interval"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:CompositeDateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              },
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:DurationLarge"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              }
+            }
+          }
+        ]
+      },
+      "_types:DurationLarge": {
+        "description": "A date histogram interval. Similar to `Duration` with additional units: `w` (week), `M` (month), `q` (quarter) and\n`y` (year)",
+        "type": "string"
+      },
+      "_types.aggregations:CompositeGeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:CompositeAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "precision": {
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoBounds": {
+        "description": "A geo bounding box. It can be represented in various ways:\n- as 4 top/bottom/left/right coordinates\n- as 2 top_left / bottom_right points\n- as 2 top_right / bottom_left points\n- as a WKT bounding box",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:CoordsGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopLeftBottomRightGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:TopRightBottomLeftGeoBounds"
+          },
+          {
+            "$ref": "#/components/schemas/_types:WktGeoBounds"
+          }
+        ]
+      },
+      "_types:CoordsGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top": {
+            "type": "number"
+          },
+          "bottom": {
+            "type": "number"
+          },
+          "left": {
+            "type": "number"
+          },
+          "right": {
+            "type": "number"
+          }
+        },
+        "required": [
+          "top",
+          "bottom",
+          "left",
+          "right"
+        ]
+      },
+      "_types:TopLeftBottomRightGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_left",
+          "bottom_right"
+        ]
+      },
+      "_types:TopRightBottomLeftGeoBounds": {
+        "type": "object",
+        "properties": {
+          "top_right": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          },
+          "bottom_left": {
+            "$ref": "#/components/schemas/_types:GeoLocation"
+          }
+        },
+        "required": [
+          "top_right",
+          "bottom_left"
+        ]
+      },
+      "_types:WktGeoBounds": {
+        "type": "object",
+        "properties": {
+          "wkt": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "wkt"
+        ]
+      },
+      "_types.aggregations:CumulativeCardinalityAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:CumulativeSumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DateHistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "calendar_interval": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsFieldDateMath"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "fixed_interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "format": {
+                "description": "The date format used to format `key_as_string` in the response.\nIf no `format` is specified, the first date format specified in the field mapping is used.",
+                "type": "string"
+              },
+              "interval": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, all buckets between the first bucket that matches documents and the last one are returned.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types:DateTime"
+              },
+              "offset": {
+                "$ref": "#/components/schemas/_types:Duration"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "params": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:CalendarInterval": {
+        "type": "string",
+        "enum": [
+          "second",
+          "1s",
+          "minute",
+          "1m",
+          "hour",
+          "1h",
+          "day",
+          "1d",
+          "week",
+          "1w",
+          "month",
+          "1M",
+          "quarter",
+          "1q",
+          "year",
+          "1Y"
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsFieldDateMath": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "min": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:FieldDateMath": {
+        "description": "A date range limit, represented either as a DateMath expression or a number expressed\naccording to the target field's precision.",
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types:DateMath"
+          },
+          {
+            "type": "number"
+          }
+        ]
+      },
+      "_types.aggregations:AggregateOrder": {
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types:SortOrder"
+            },
+            "minProperties": 1,
+            "maxProperties": 1
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "additionalProperties": {
+                "$ref": "#/components/schemas/_types:SortOrder"
+              },
+              "minProperties": 1,
+              "maxProperties": 1
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "format": {
+                "description": "The date format used to format `from` and `to` in the response.",
+                "type": "string"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "ranges": {
+                "description": "Array of date ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:DateRangeExpression"
+                }
+              },
+              "time_zone": {
+                "$ref": "#/components/schemas/_types:TimeZone"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and returns the ranges as a hash rather than an array.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:DateRangeExpression": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "$ref": "#/components/schemas/_types.aggregations:FieldDateMath"
+          }
+        }
+      },
+      "_types.aggregations:DerivativeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:DiversifiedSamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:SamplerAggregationExecutionHint"
+              },
+              "max_docs_per_value": {
+                "description": "Limits how many documents are permitted per choice of de-duplicating value.",
+                "type": "number"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "bytes_hash"
+        ]
+      },
+      "_types.aggregations:ExtendedStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedStatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "sigma": {
+                "description": "The number of standard deviations above/below the mean to display.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsAggregation": {
+        "type": "object",
+        "properties": {
+          "fields": {
+            "description": "Fields to analyze.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.aggregations:FrequentItemSetsField"
+            }
+          },
+          "minimum_set_size": {
+            "description": "The minimum size of one item set.",
+            "type": "number"
+          },
+          "minimum_support": {
+            "description": "The minimum support of one item set.",
+            "type": "number"
+          },
+          "size": {
+            "description": "The number of top item sets to return.",
+            "type": "number"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "fields"
+        ]
+      },
+      "_types.aggregations:FrequentItemSetsField": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "exclude": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+          },
+          "include": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TermsExclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TermsInclude": {
+        "oneOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:TermsPartition"
+          }
+        ]
+      },
+      "_types.aggregations:TermsPartition": {
+        "type": "object",
+        "properties": {
+          "num_partitions": {
+            "description": "The number of partitions.",
+            "type": "number"
+          },
+          "partition": {
+            "description": "The partition number for this request.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "num_partitions",
+          "partition"
+        ]
+      },
+      "_types.aggregations:FiltersAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "filters": {
+                "$ref": "#/components/schemas/_types.aggregations:BucketsQueryContainer"
+              },
+              "other_bucket": {
+                "description": "Set to `true` to add a bucket to the response which will contain all documents that do not match any of the given filters.",
+                "type": "boolean"
+              },
+              "other_bucket_key": {
+                "description": "The key with which the other bucket is returned.",
+                "type": "string"
+              },
+              "keyed": {
+                "description": "By default, the named filters aggregation returns the buckets as an object.\nSet to `false` to return the buckets as an array of objects.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:BucketsQueryContainer": {
+        "description": "Aggregation buckets. By default they are returned as an array, but if the aggregation has keys configured for\nthe different buckets, the result is a dictionary.",
+        "oneOf": [
+          {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          },
+          {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoBoundsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "wrap_longitude": {
+                "description": "Specifies whether the bounding box should be allowed to overlap the international date line.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoCentroidAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "count": {
+                "type": "number"
+              },
+              "location": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:GeoDistanceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "distance_type": {
+                "$ref": "#/components/schemas/_types:GeoDistanceType"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "origin": {
+                "$ref": "#/components/schemas/_types:GeoLocation"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "unit": {
+                "$ref": "#/components/schemas/_types:DistanceUnit"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:AggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range (inclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "key": {
+            "description": "Custom key to return the range with.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range (exclusive).",
+            "oneOf": [
+              {
+                "type": "number"
+              },
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:GeoHashGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoHashPrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of geohash buckets to return.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoHashPrecision": {
+        "description": "A precision that can be expressed as a geohash length between 1 and 12, or a distance measure like \"1km\", \"10m\".",
+        "oneOf": [
+          {
+            "type": "number"
+          },
+          {
+            "type": "string"
+          }
+        ]
+      },
+      "_types.aggregations:GeoLineAggregation": {
+        "type": "object",
+        "properties": {
+          "point": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLinePoint"
+          },
+          "sort": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoLineSort"
+          },
+          "include_sort": {
+            "description": "When `true`, returns an additional array of the sort values in the feature properties.",
+            "type": "boolean"
+          },
+          "sort_order": {
+            "$ref": "#/components/schemas/_types:SortOrder"
+          },
+          "size": {
+            "description": "The maximum length of the line represented in the aggregation.\nValid sizes are between 1 and 10000.",
+            "type": "number"
+          }
+        },
+        "required": [
+          "point",
+          "sort"
+        ]
+      },
+      "_types.aggregations:GeoLinePoint": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoLineSort": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:GeoTileGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "$ref": "#/components/schemas/_types:GeoTilePrecision"
+              },
+              "shard_size": {
+                "description": "Allows for more accurate counting of the top cells returned in the final result the aggregation.\nDefaults to returning `max(10,(size x number-of-shards))` buckets from each shard.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The maximum number of buckets to return.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              }
+            }
+          }
+        ]
+      },
+      "_types:GeoTilePrecision": {
+        "type": "number"
+      },
+      "_types.aggregations:GeohexGridAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "precision": {
+                "description": "Integer zoom of the key used to defined cells or buckets\nin the results. Value should be between 0-15.",
+                "type": "number"
+              },
+              "bounds": {
+                "$ref": "#/components/schemas/_types:GeoBounds"
+              },
+              "size": {
+                "description": "Maximum number of buckets to return.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Number of buckets returned from each shard.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:GlobalAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:HistogramAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "extended_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "hard_bounds": {
+                "$ref": "#/components/schemas/_types.aggregations:ExtendedBoundsdouble"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "interval": {
+                "description": "The interval for the buckets.\nMust be a positive decimal.",
+                "type": "number"
+              },
+              "min_doc_count": {
+                "description": "Only returns buckets that have `min_doc_count` number of documents.\nBy default, the response will fill gaps in the histogram with empty buckets.",
+                "type": "number"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "offset": {
+                "description": "By default, the bucket keys start with 0 and then continue in even spaced steps of `interval`.\nThe bucket boundaries can be shifted by using the `offset` option.",
+                "type": "number"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "format": {
+                "type": "string"
+              },
+              "keyed": {
+                "description": "If `true`, returns buckets as a hash instead of an array, keyed by the bucket keys.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ExtendedBoundsdouble": {
+        "type": "object",
+        "properties": {
+          "max": {
+            "description": "Maximum value for the bound.",
+            "type": "number"
+          },
+          "min": {
+            "description": "Minimum value for the bound.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:IpRangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "ranges": {
+                "description": "Array of IP ranges.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:IpRangeAggregationRange"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:IpRangeAggregationRange": {
+        "type": "object",
+        "properties": {
+          "from": {
+            "description": "Start of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          },
+          "mask": {
+            "description": "IP range defined as a CIDR mask.",
+            "type": "string"
+          },
+          "to": {
+            "description": "End of the range.",
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "nullable": true,
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "_types.aggregations:IpPrefixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "prefix_length": {
+                "description": "Length of the network prefix. For IPv4 addresses the accepted range is [0, 32].\nFor IPv6 addresses the accepted range is [0, 128].",
+                "type": "number"
+              },
+              "is_ipv6": {
+                "description": "Defines whether the prefix applies to IPv6 addresses.",
+                "type": "boolean"
+              },
+              "append_prefix_length": {
+                "description": "Defines whether the prefix length is appended to IP address keys in the response.",
+                "type": "boolean"
+              },
+              "keyed": {
+                "description": "Defines whether buckets are returned as a hash rather than an array in the response.",
+                "type": "boolean"
+              },
+              "min_doc_count": {
+                "description": "Minimum number of documents in a bucket for it to be included in the response.",
+                "type": "number"
+              }
+            },
+            "required": [
+              "field",
+              "prefix_length"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model_id": {
+                "$ref": "#/components/schemas/_types:Name"
+              },
+              "inference_config": {
+                "$ref": "#/components/schemas/_types.aggregations:InferenceConfigContainer"
+              }
+            },
+            "required": [
+              "model_id"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:InferenceConfigContainer": {
+        "type": "object",
+        "properties": {
+          "regression": {
+            "$ref": "#/components/schemas/ml._types:RegressionInferenceOptions"
+          },
+          "classification": {
+            "$ref": "#/components/schemas/ml._types:ClassificationInferenceOptions"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      },
+      "ml._types:RegressionInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "results_field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          }
+        }
+      },
+      "ml._types:ClassificationInferenceOptions": {
+        "type": "object",
+        "properties": {
+          "num_top_classes": {
+            "description": "Specifies the number of top class predictions to return. Defaults to 0.",
+            "type": "number"
+          },
+          "num_top_feature_importance_values": {
+            "externalDocs": {
+              "url": "https://www.elastic.co/guide/en/machine-learning/current/ml-feature-importance.html"
+            },
+            "description": "Specifies the maximum number of feature importance values per document.",
+            "type": "number"
+          },
+          "prediction_field_type": {
+            "description": "Specifies the type of the predicted field to write. Acceptable values are: string, number, boolean. When boolean is provided 1.0 is transformed to true and 0.0 to false.",
+            "type": "string"
+          },
+          "results_field": {
+            "description": "The field that is added to incoming documents to contain the inference prediction. Defaults to predicted_value.",
+            "type": "string"
+          },
+          "top_classes_results_field": {
+            "description": "Specifies the field to which the top classes are written. Defaults to top_classes.",
+            "type": "string"
+          }
+        }
+      },
+      "_types.aggregations:MatrixStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MatrixAggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "mode": {
+                "$ref": "#/components/schemas/_types:SortMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MatrixAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MaxAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MaxBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MedianAbsoluteDeviationAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "compression": {
+                "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MinAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MinBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:MissingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregation": {
+        "discriminator": {
+          "propertyName": "model"
+        },
+        "oneOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:LinearMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:SimpleMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:EwmaMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltMovingAverageAggregation"
+          },
+          {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersMovingAverageAggregation"
+          }
+        ]
+      },
+      "_types.aggregations:LinearMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "linear"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:MovingAverageAggregationBase": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "minimize": {
+                "type": "boolean"
+              },
+              "predict": {
+                "type": "number"
+              },
+              "window": {
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types:EmptyObject": {
+        "type": "object"
+      },
+      "_types.aggregations:SimpleMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "simple"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "ewma"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:EwmaModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:EwmaModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltLinearModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltLinearModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersMovingAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MovingAverageAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "model": {
+                "type": "string",
+                "enum": [
+                  "holt_winters"
+                ]
+              },
+              "settings": {
+                "$ref": "#/components/schemas/_types.aggregations:HoltWintersModelSettings"
+              }
+            },
+            "required": [
+              "model",
+              "settings"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:HoltWintersModelSettings": {
+        "type": "object",
+        "properties": {
+          "alpha": {
+            "type": "number"
+          },
+          "beta": {
+            "type": "number"
+          },
+          "gamma": {
+            "type": "number"
+          },
+          "pad": {
+            "type": "boolean"
+          },
+          "period": {
+            "type": "number"
+          },
+          "type": {
+            "$ref": "#/components/schemas/_types.aggregations:HoltWintersType"
+          }
+        }
+      },
+      "_types.aggregations:HoltWintersType": {
+        "type": "string",
+        "enum": [
+          "add",
+          "mult"
+        ]
+      },
+      "_types.aggregations:MovingPercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "keyed": {
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MovingFunctionAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "script": {
+                "description": "The script that should be executed on each window of data.",
+                "type": "string"
+              },
+              "shift": {
+                "description": "By default, the window consists of the last n values excluding the current bucket.\nIncreasing `shift` by 1, moves the starting window position by 1 to the right.",
+                "type": "number"
+              },
+              "window": {
+                "description": "The size of window to \"slide\" across the histogram.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:MultiTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "min_doc_count": {
+                "description": "The minimum number of documents in a bucket for it to be returned.",
+                "type": "number"
+              },
+              "shard_min_doc_count": {
+                "description": "The minimum number of documents in a bucket on each shard for it to be returned.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Calculates the doc count error on per term basis.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of term buckets should be returned out of the overall terms list.",
+                "type": "number"
+              },
+              "terms": {
+                "description": "The field from which to generate sets of terms.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:MultiTermLookup"
+                }
+              }
+            },
+            "required": [
+              "terms"
+            ]
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregationCollectMode": {
+        "type": "string",
+        "enum": [
+          "depth_first",
+          "breadth_first"
+        ]
+      },
+      "_types.aggregations:MultiTermLookup": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "$ref": "#/components/schemas/_types.aggregations:Missing"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:NestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "method": {
+                "$ref": "#/components/schemas/_types.aggregations:NormalizeMethod"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:NormalizeMethod": {
+        "type": "string",
+        "enum": [
+          "rescale_0_1",
+          "rescale_0_100",
+          "percent_of_sum",
+          "mean",
+          "z-score",
+          "softmax"
+        ]
+      },
+      "_types.aggregations:ParentAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "type": {
+                "$ref": "#/components/schemas/_types:RelationName"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentileRanksAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "values": {
+                "description": "An array of values for which to calculate the percentile ranks.",
+                "oneOf": [
+                  {
+                    "type": "array",
+                    "items": {
+                      "type": "number"
+                    }
+                  },
+                  {
+                    "nullable": true,
+                    "type": "string"
+                  }
+                ]
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:HdrMethod": {
+        "type": "object",
+        "properties": {
+          "number_of_significant_value_digits": {
+            "description": "Specifies the resolution of values for the histogram in number of significant digits.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:TDigest": {
+        "type": "object",
+        "properties": {
+          "compression": {
+            "description": "Limits the maximum number of nodes used by the underlying TDigest algorithm to `20 * compression`, enabling control of memory usage and approximation error.",
+            "type": "number"
+          }
+        }
+      },
+      "_types.aggregations:PercentilesAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "keyed": {
+                "description": "By default, the aggregation associates a unique string key with each bucket and returns the ranges as a hash rather than an array.\nSet to `false` to disable this behavior.",
+                "type": "boolean"
+              },
+              "percents": {
+                "description": "The percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              },
+              "hdr": {
+                "$ref": "#/components/schemas/_types.aggregations:HdrMethod"
+              },
+              "tdigest": {
+                "$ref": "#/components/schemas/_types.aggregations:TDigest"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:PercentilesBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "percents": {
+                "description": "The list of percentiles to calculate.",
+                "type": "array",
+                "items": {
+                  "type": "number"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RangeAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "missing": {
+                "description": "The value to apply to documents that do not have a value.\nBy default, documents without a value are ignored.",
+                "type": "number"
+              },
+              "ranges": {
+                "description": "An array of ranges used to bucket documents.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.aggregations:AggregationRange"
+                }
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "keyed": {
+                "description": "Set to `true` to associate a unique string key with each bucket and return the ranges as a hash rather than an array.",
+                "type": "boolean"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RareTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "max_doc_count": {
+                "description": "The maximum number of documents a term should appear in.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "precision": {
+                "description": "The precision of the internal CuckooFilters.\nSmaller precision leads to better approximation, but higher memory usage.",
+                "type": "number"
+              },
+              "value_type": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "unit": {
+                "$ref": "#/components/schemas/_types.aggregations:CalendarInterval"
+              },
+              "mode": {
+                "$ref": "#/components/schemas/_types.aggregations:RateMode"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:RateMode": {
+        "type": "string",
+        "enum": [
+          "sum",
+          "value_count"
+        ]
+      },
+      "_types.aggregations:ReverseNestedAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "path": {
+                "$ref": "#/components/schemas/_types:Field"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SamplerAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "shard_size": {
+                "description": "Limits how many top-scoring documents are collected in the sample processed on each shard.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ScriptedMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "combine_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "init_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "map_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "params": {
+                "description": "A global object with script parameters for `init`, `map` and `combine` scripts.\nIt is shared between the scripts.",
+                "type": "object",
+                "additionalProperties": {
+                  "type": "object"
+                }
+              },
+              "reduce_script": {
+                "$ref": "#/components/schemas/_types:Script"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SerialDifferencingAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "lag": {
+                "description": "The historical bucket to subtract from the current value.\nMust be a positive, non-zero integer.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SignificantTermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return terms that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the term should actually be added to the candidate list or not with respect to the `min_doc_count`.\nTerms will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "Can be used to control the volumes of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:ChiSquareHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "background_is_superset",
+          "include_negatives"
+        ]
+      },
+      "_types.aggregations:TermsAggregationExecutionHint": {
+        "type": "string",
+        "enum": [
+          "map",
+          "global_ordinals",
+          "global_ordinals_hash",
+          "global_ordinals_low_cardinality"
+        ]
+      },
+      "_types.aggregations:GoogleNormalizedDistanceHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:MutualInformationHeuristic": {
+        "type": "object",
+        "properties": {
+          "background_is_superset": {
+            "description": "Set to `false` if you defined a custom background filter that represents a different set of documents that you want to compare to.",
+            "type": "boolean"
+          },
+          "include_negatives": {
+            "description": "Set to `false` to filter out the terms that appear less often in the subset than in documents outside the subset.",
+            "type": "boolean"
+          }
+        }
+      },
+      "_types.aggregations:PercentageScoreHeuristic": {
+        "type": "object"
+      },
+      "_types.aggregations:ScriptedHeuristic": {
+        "type": "object",
+        "properties": {
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        },
+        "required": [
+          "script"
+        ]
+      },
+      "_types.aggregations:SignificantTextAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "background_filter": {
+                "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+              },
+              "chi_square": {
+                "$ref": "#/components/schemas/_types.aggregations:ChiSquareHeuristic"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "filter_duplicate_text": {
+                "description": "Whether to out duplicate text to deal with noisy data.",
+                "type": "boolean"
+              },
+              "gnd": {
+                "$ref": "#/components/schemas/_types.aggregations:GoogleNormalizedDistanceHeuristic"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "jlh": {
+                "$ref": "#/components/schemas/_types:EmptyObject"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "mutual_information": {
+                "$ref": "#/components/schemas/_types.aggregations:MutualInformationHeuristic"
+              },
+              "percentage": {
+                "$ref": "#/components/schemas/_types.aggregations:PercentageScoreHeuristic"
+              },
+              "script_heuristic": {
+                "$ref": "#/components/schemas/_types.aggregations:ScriptedHeuristic"
+              },
+              "shard_min_doc_count": {
+                "description": "Regulates the certainty a shard has if the values should actually be added to the candidate list or not with respect to the min_doc_count.\nValues will only be considered if their local shard frequency within the set is higher than the `shard_min_doc_count`.",
+                "type": "number"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "source_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:StatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StatsBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:StringStatsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "show_distribution": {
+                "description": "Shows the probability distribution for all characters.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:SumAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormatMetricAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:SumBucketAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:PipelineAggregationBase"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:TermsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:BucketAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "collect_mode": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationCollectMode"
+              },
+              "exclude": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsExclude"
+              },
+              "execution_hint": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsAggregationExecutionHint"
+              },
+              "field": {
+                "$ref": "#/components/schemas/_types:Field"
+              },
+              "include": {
+                "$ref": "#/components/schemas/_types.aggregations:TermsInclude"
+              },
+              "min_doc_count": {
+                "description": "Only return values that are found in more than `min_doc_count` hits.",
+                "type": "number"
+              },
+              "missing": {
+                "$ref": "#/components/schemas/_types.aggregations:Missing"
+              },
+              "missing_order": {
+                "$ref": "#/components/schemas/_types.aggregations:MissingOrder"
+              },
+              "missing_bucket": {
+                "type": "boolean"
+              },
+              "value_type": {
+                "description": "Coerced unmapped fields into the specified type.",
+                "type": "string"
+              },
+              "order": {
+                "$ref": "#/components/schemas/_types.aggregations:AggregateOrder"
+              },
+              "script": {
+                "$ref": "#/components/schemas/_types:Script"
+              },
+              "shard_size": {
+                "description": "The number of candidate terms produced by each shard.\nBy default, `shard_size` will be automatically estimated based on the number of shards and the `size` parameter.",
+                "type": "number"
+              },
+              "show_term_doc_count_error": {
+                "description": "Set to `true` to return the `doc_count_error_upper_bound`, which is an upper bound to the error on the `doc_count` returned by each shard.",
+                "type": "boolean"
+              },
+              "size": {
+                "description": "The number of buckets returned out of the overall terms list.",
+                "type": "number"
+              },
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopHitsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "docvalue_fields": {
+                "description": "Fields for which to return doc values.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "explain": {
+                "description": "If `true`, returns detailed information about score computation as part of a hit.",
+                "type": "boolean"
+              },
+              "fields": {
+                "description": "Array of wildcard (*) patterns. The request returns values for field names\nmatching these patterns in the hits.fields property of the response.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/_types.query_dsl:FieldAndFormat"
+                }
+              },
+              "from": {
+                "description": "Starting document offset.",
+                "type": "number"
+              },
+              "highlight": {
+                "$ref": "#/components/schemas/_global.search._types:Highlight"
+              },
+              "script_fields": {
+                "description": "Returns the result of one or more script evaluations for each hit.",
+                "type": "object",
+                "additionalProperties": {
+                  "$ref": "#/components/schemas/_types:ScriptField"
+                }
+              },
+              "size": {
+                "description": "The maximum number of top matching hits to return per bucket.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              },
+              "_source": {
+                "$ref": "#/components/schemas/_global.search._types:SourceConfig"
+              },
+              "stored_fields": {
+                "$ref": "#/components/schemas/_types:Fields"
+              },
+              "track_scores": {
+                "description": "If `true`, calculates and returns document scores, even if the scores are not used for sorting.",
+                "type": "boolean"
+              },
+              "version": {
+                "description": "If `true`, returns document version as part of a hit.",
+                "type": "boolean"
+              },
+              "seq_no_primary_term": {
+                "description": "If `true`, returns sequence number and primary term of the last modification of each hit.",
+                "type": "boolean"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TTestAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "a": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "b": {
+                "$ref": "#/components/schemas/_types.aggregations:TestPopulation"
+              },
+              "type": {
+                "$ref": "#/components/schemas/_types.aggregations:TTestType"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TestPopulation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          },
+          "filter": {
+            "$ref": "#/components/schemas/_types.query_dsl:QueryContainer"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:TTestType": {
+        "type": "string",
+        "enum": [
+          "paired",
+          "homoscedastic",
+          "heteroscedastic"
+        ]
+      },
+      "_types.aggregations:TopMetricsAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "metrics": {
+                "description": "The fields of the top document to return.",
+                "oneOf": [
+                  {
+                    "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/_types.aggregations:TopMetricsValue"
+                    }
+                  }
+                ]
+              },
+              "size": {
+                "description": "The number of top documents from which to return metrics.",
+                "type": "number"
+              },
+              "sort": {
+                "$ref": "#/components/schemas/_types:Sort"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:TopMetricsValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          }
+        },
+        "required": [
+          "field"
+        ]
+      },
+      "_types.aggregations:ValueCountAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:FormattableMetricAggregation"
+          },
+          {
+            "type": "object"
+          }
+        ]
+      },
+      "_types.aggregations:FormattableMetricAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:MetricAggregationBase"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageAggregation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/_types.aggregations:Aggregation"
+          },
+          {
+            "type": "object",
+            "properties": {
+              "format": {
+                "description": "A numeric response formatter.",
+                "type": "string"
+              },
+              "value": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              },
+              "value_type": {
+                "$ref": "#/components/schemas/_types.aggregations:ValueType"
+              },
+              "weight": {
+                "$ref": "#/components/schemas/_types.aggregations:WeightedAverageValue"
+              }
+            }
+          }
+        ]
+      },
+      "_types.aggregations:WeightedAverageValue": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "missing": {
+            "description": "A value or weight to use if the field is missing.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "_types.aggregations:VariableWidthHistogramAggregation": {
+        "type": "object",
+        "properties": {
+          "field": {
+            "$ref": "#/components/schemas/_types:Field"
+          },
+          "buckets": {
+            "description": "The target number of buckets.",
+            "type": "number"
+          },
+          "shard_size": {
+            "description": "The number of buckets that the coordinating node will request from each shard.\nDefaults to `buckets * 50`.",
+            "type": "number"
+          },
+          "initial_buffer": {
+            "description": "Specifies the number of individual documents that will be stored in memory on a shard before the initial bucketing algorithm is run.\nDefaults to `min(10 * shard_size, 50000)`.",
+            "type": "number"
+          },
+          "script": {
+            "$ref": "#/components/schemas/_types:Script"
+          }
+        }
+      },
+      "transform._types:PivotGroupByContainer": {
+        "type": "object",
+        "properties": {
+          "date_histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:DateHistogramAggregation"
+          },
+          "geotile_grid": {
+            "$ref": "#/components/schemas/_types.aggregations:GeoTileGridAggregation"
+          },
+          "histogram": {
+            "$ref": "#/components/schemas/_types.aggregations:HistogramAggregation"
+          },
+          "terms": {
+            "$ref": "#/components/schemas/_types.aggregations:TermsAggregation"
+          }
+        },
+        "minProperties": 1,
+        "maxProperties": 1
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/schema_overrides.ts b/x-pack/packages/ml/json_schemas/src/schema_overrides.ts
similarity index 82%
rename from x-pack/plugins/ml/server/models/json_schema_service/schema_overrides.ts
rename to x-pack/packages/ml/json_schemas/src/schema_overrides.ts
index bacc90389592a..a3b8fabafec1e 100644
--- a/x-pack/plugins/ml/server/models/json_schema_service/schema_overrides.ts
+++ b/x-pack/packages/ml/json_schemas/src/schema_overrides.ts
@@ -5,13 +5,13 @@
  * 2.0.
  */
 
-import type { SupportedPath } from '../../../common/api_schemas/json_schema_schema';
+import type { EditorEndpoints } from './json_schema_service';
 import type { PropertyDefinition } from './types';
 
 /**
  * Extension of the schema definition extracted from the Elasticsearch specification.
  */
-export const jsonSchemaOverrides: Record<SupportedPath, Partial<PropertyDefinition>> = {
+export const jsonSchemaOverrides: Partial<Record<EditorEndpoints, Partial<PropertyDefinition>>> = {
   '/_ml/anomaly_detectors/{job_id}': {
     // background_persist_interval is required according to the ES spec
     required: ['analysis_config', 'data_description'],
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/types.ts b/x-pack/packages/ml/json_schemas/src/types.ts
similarity index 100%
rename from x-pack/plugins/ml/server/models/json_schema_service/types.ts
rename to x-pack/packages/ml/json_schemas/src/types.ts
diff --git a/x-pack/packages/ml/json_schemas/tsconfig.json b/x-pack/packages/ml/json_schemas/tsconfig.json
new file mode 100644
index 0000000000000..e036ed4845c6b
--- /dev/null
+++ b/x-pack/packages/ml/json_schemas/tsconfig.json
@@ -0,0 +1,20 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node"
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.json"
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/dev-cli-runner",
+  ]
+}
diff --git a/x-pack/packages/rollup/README.md b/x-pack/packages/rollup/README.md
new file mode 100644
index 0000000000000..14890c2e242e2
--- /dev/null
+++ b/x-pack/packages/rollup/README.md
@@ -0,0 +1,3 @@
+# @kbn/rollup
+
+Contains Rollups-related components and constants to be used by Rollups and other plugins. Primarily used to avoid cyclical dependencies.
diff --git a/x-pack/packages/rollup/index.ts b/x-pack/packages/rollup/index.ts
new file mode 100644
index 0000000000000..0cba345956875
--- /dev/null
+++ b/x-pack/packages/rollup/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { ROLLUP_DEPRECATION_BADGE_LABEL, RollupDeprecationTooltip } from './src';
diff --git a/x-pack/packages/rollup/jest.config.js b/x-pack/packages/rollup/jest.config.js
new file mode 100644
index 0000000000000..05a65766c9222
--- /dev/null
+++ b/x-pack/packages/rollup/jest.config.js
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../..',
+  roots: ['<rootDir>/x-pack/packages/rollup'],
+};
diff --git a/x-pack/packages/rollup/kibana.jsonc b/x-pack/packages/rollup/kibana.jsonc
new file mode 100644
index 0000000000000..3961e7c7468e2
--- /dev/null
+++ b/x-pack/packages/rollup/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/rollup",
+  "owner": "@elastic/kibana-management"
+}
diff --git a/x-pack/packages/rollup/package.json b/x-pack/packages/rollup/package.json
new file mode 100644
index 0000000000000..3911a1b1d5afd
--- /dev/null
+++ b/x-pack/packages/rollup/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/rollup",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/index.ts b/x-pack/packages/rollup/src/constants/index.ts
similarity index 56%
rename from x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/index.ts
rename to x-pack/packages/rollup/src/constants/index.ts
index c1a930828314f..505ea5e886405 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/index.ts
+++ b/x-pack/packages/rollup/src/constants/index.ts
@@ -5,5 +5,11 @@
  * 2.0.
  */
 
-export { EndpointAppliedPolicyStatus } from './endpoint_applied_policy_status';
-export type { EndpointAppliedPolicyStatusProps } from './endpoint_applied_policy_status';
+import { i18n } from '@kbn/i18n';
+
+export const ROLLUP_DEPRECATION_BADGE_LABEL = i18n.translate(
+  'xpack.rollupJobs.rollupDeprecationLabel',
+  {
+    defaultMessage: 'Rollup (deprecated)',
+  }
+);
diff --git a/x-pack/plugins/observability_solution/apm/common/es_fields/assets.ts b/x-pack/packages/rollup/src/index.ts
similarity index 65%
rename from x-pack/plugins/observability_solution/apm/common/es_fields/assets.ts
rename to x-pack/packages/rollup/src/index.ts
index ffe0c99286fc5..084da168fea9b 100644
--- a/x-pack/plugins/observability_solution/apm/common/es_fields/assets.ts
+++ b/x-pack/packages/rollup/src/index.ts
@@ -5,6 +5,5 @@
  * 2.0.
  */
 
-export const ASSET_TYPE = 'asset.type';
-export const LAST_SEEN = 'asset.last_seen';
-export const FIRST_SEEN = 'asset.first_seen';
+export { ROLLUP_DEPRECATION_BADGE_LABEL } from './constants';
+export { RollupDeprecationTooltip } from './rollup_deprecation_tooltip';
diff --git a/x-pack/packages/rollup/src/rollup_deprecation_tooltip/index.ts b/x-pack/packages/rollup/src/rollup_deprecation_tooltip/index.ts
new file mode 100644
index 0000000000000..ec609aded849f
--- /dev/null
+++ b/x-pack/packages/rollup/src/rollup_deprecation_tooltip/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { RollupDeprecationTooltip } from './rollup_deprecation_tooltip';
diff --git a/x-pack/packages/rollup/src/rollup_deprecation_tooltip/rollup_deprecation_tooltip.tsx b/x-pack/packages/rollup/src/rollup_deprecation_tooltip/rollup_deprecation_tooltip.tsx
new file mode 100644
index 0000000000000..ce7bfd4f2b16d
--- /dev/null
+++ b/x-pack/packages/rollup/src/rollup_deprecation_tooltip/rollup_deprecation_tooltip.tsx
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { ReactElement } from 'react';
+import { EuiToolTip } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+
+interface RollupDeprecationTooltipProps {
+  /** The item wrapped by the deprecation tooltip.  */
+  children: ReactElement;
+}
+
+export const RollupDeprecationTooltip = ({ children }: RollupDeprecationTooltipProps) => {
+  return (
+    <EuiToolTip
+      title={i18n.translate('xpack.rollupJobs.rollupDeprecationTooltipTitle', {
+        defaultMessage: 'Rollups are deprecated in 8.11.0',
+      })}
+      content={i18n.translate('xpack.rollupJobs.rollupDeprecationTooltipContent', {
+        defaultMessage:
+          'Rollups are deprecated and will be removed in a future version. Use downsampling instead.',
+      })}
+      children={children}
+    />
+  );
+};
diff --git a/x-pack/packages/rollup/tsconfig.json b/x-pack/packages/rollup/tsconfig.json
new file mode 100644
index 0000000000000..4ef55e499d329
--- /dev/null
+++ b/x-pack/packages/rollup/tsconfig.json
@@ -0,0 +1,19 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+      "react"
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": ["@kbn/i18n"]
+}
diff --git a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx
index dfb495201f6d1..c68dd56b4b00e 100644
--- a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx
+++ b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx
@@ -226,13 +226,9 @@ describe('helpers', () => {
         {
           actions,
           aggregatable: true,
-          category: 'base',
           columnHeaderType: 'not-filtered',
           defaultSortDirection,
-          description:
-            'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
           esTypes: ['date'],
-          example: '2016-05-23T08:05:34.853Z',
           format: '',
           id: '@timestamp',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -247,12 +243,9 @@ describe('helpers', () => {
         {
           actions,
           aggregatable: true,
-          category: 'source',
           columnHeaderType: 'not-filtered',
           defaultSortDirection,
-          description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
           esTypes: ['ip'],
-          example: '',
           format: '',
           id: 'source.ip',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -266,13 +259,9 @@ describe('helpers', () => {
         {
           actions,
           aggregatable: true,
-          category: 'destination',
           columnHeaderType: 'not-filtered',
           defaultSortDirection,
-          description:
-            'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
           esTypes: ['ip'],
-          example: '',
           format: '',
           id: 'destination.ip',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -296,13 +285,9 @@ describe('helpers', () => {
         {
           actions,
           aggregatable: true,
-          category: 'base',
           columnHeaderType: 'not-filtered',
           defaultSortDirection,
-          description:
-            'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
           esTypes: ['date'],
-          example: '2016-05-23T08:05:34.853Z',
           format: '',
           id: '@timestamp',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -355,10 +340,6 @@ describe('helpers', () => {
         const fieldName = 'test_field';
         const testField = {
           aggregatable: true,
-          category: 'base',
-          description:
-            'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-          example: '2016-05-23T08:05:34.853Z',
           format: 'date',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
           name: fieldName,
@@ -389,9 +370,6 @@ describe('helpers', () => {
         const fieldName = 'testFieldName';
         const testField = {
           aggregatable: true,
-          category: fieldName,
-          description: 'test field description',
-          example: '2016-05-23T08:05:34.853Z',
           format: 'date',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
           name: fieldName,
@@ -422,9 +400,6 @@ describe('helpers', () => {
         const fieldName = 'test.field.splittable';
         const testField = {
           aggregatable: true,
-          category: 'test',
-          description: 'test field description',
-          example: '2016-05-23T08:05:34.853Z',
           format: 'date',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
           name: fieldName,
@@ -455,10 +430,6 @@ describe('helpers', () => {
 
   describe('allowSorting', () => {
     const aggregatableField = {
-      category: 'cloud',
-      description:
-        'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.',
-      example: '666777888999',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'cloud.account.id',
       searchable: true,
diff --git a/x-pack/packages/security-solution/data_table/mock/mock_source.ts b/x-pack/packages/security-solution/data_table/mock/mock_source.ts
index 82c2a34448153..822922f52754d 100644
--- a/x-pack/packages/security-solution/data_table/mock/mock_source.ts
+++ b/x-pack/packages/security-solution/data_table/mock/mock_source.ts
@@ -25,10 +25,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'agent.ephemeral_id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.',
-        example: '8a4f500f',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.ephemeral_id',
@@ -38,9 +34,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.hostname': {
         aggregatable: true,
-        category: 'agent',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.hostname',
@@ -50,10 +43,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.',
-        example: '8a4f500d',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.id',
@@ -63,10 +52,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.name': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
-        example: 'foo',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.name',
@@ -80,9 +65,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'auditd.data.a0': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a0',
@@ -92,9 +74,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a1': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a1',
@@ -104,9 +83,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a2': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a2',
@@ -120,10 +96,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       '@timestamp': {
         aggregatable: true,
-        category: 'base',
-        description:
-          'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-        example: '2016-05-23T08:05:34.853Z',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: '@timestamp',
@@ -133,9 +105,6 @@ export const mockBrowserFields: BrowserFields = {
         readFromDocValues: true,
       },
       _id: {
-        category: 'base',
-        description: 'Each document has an _id that uniquely identifies it',
-        example: 'Y-6TfmcB0WOhS6qyMv3s',
         name: '_id',
         type: 'string',
         esTypes: [],
@@ -144,10 +113,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       },
       message: {
-        category: 'base',
-        description:
-          'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.',
-        example: 'Hello World',
         name: 'message',
         type: 'string',
         esTypes: ['text'],
@@ -162,10 +127,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'client.address': {
         aggregatable: true,
-        category: 'client',
-        description:
-          'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.address',
@@ -175,9 +136,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.bytes': {
         aggregatable: true,
-        category: 'client',
-        description: 'Bytes sent from the client to the server.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.bytes',
@@ -187,9 +145,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.domain': {
         aggregatable: true,
-        category: 'client',
-        description: 'Client domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.domain',
@@ -199,9 +154,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.geo.country_iso_code': {
         aggregatable: true,
-        category: 'client',
-        description: 'Country ISO code.',
-        example: 'CA',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.geo.country_iso_code',
@@ -215,10 +167,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'cloud.account.id': {
         aggregatable: true,
-        category: 'cloud',
-        description:
-          'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.',
-        example: '666777888999',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.account.id',
@@ -228,9 +176,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'cloud.availability_zone': {
         aggregatable: true,
-        category: 'cloud',
-        description: 'Availability zone in which this host is running.',
-        example: 'us-east-1c',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.availability_zone',
@@ -244,9 +189,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'container.id': {
         aggregatable: true,
-        category: 'container',
-        description: 'Unique container id.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.id',
@@ -256,9 +198,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.name': {
         aggregatable: true,
-        category: 'container',
-        description: 'Name of the image the container was built on.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.name',
@@ -268,9 +207,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.tag': {
         aggregatable: true,
-        category: 'container',
-        description: 'Container image tag.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.tag',
@@ -284,10 +220,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'destination.address': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.address',
@@ -297,9 +229,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.bytes': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Bytes sent from the destination to the source.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.bytes',
@@ -309,9 +238,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.domain': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Destination domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.domain',
@@ -321,10 +247,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.ip': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.ip',
@@ -334,9 +256,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.port': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Port of the destination.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.port',
@@ -349,10 +268,6 @@ export const mockBrowserFields: BrowserFields = {
   event: {
     fields: {
       'event.end': {
-        category: 'event',
-        description:
-          'event.end contains the date when the event ended or when the activity was last observed.',
-        example: null,
         format: '',
         indexes: DEFAULT_INDEX_PATTERN,
         name: 'event.end',
@@ -362,10 +277,6 @@ export const mockBrowserFields: BrowserFields = {
         aggregatable: true,
       },
       'event.action': {
-        category: 'event',
-        description:
-          'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.',
-        example: 'user-password-change',
         name: 'event.action',
         type: 'string',
         esTypes: ['keyword'],
@@ -375,10 +286,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.category': {
-        category: 'event',
-        description:
-          'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.',
-        example: 'authentication',
         name: 'event.category',
         type: 'string',
         esTypes: ['keyword'],
@@ -388,10 +295,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.severity': {
-        category: 'event',
-        description:
-          "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.",
-        example: 7,
         name: 'event.severity',
         type: 'number',
         esTypes: ['long'],
@@ -405,9 +308,6 @@ export const mockBrowserFields: BrowserFields = {
   host: {
     fields: {
       'host.name': {
-        category: 'host',
-        description:
-          'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.',
         name: 'host.name',
         type: 'string',
         esTypes: ['keyword'],
@@ -422,9 +322,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'source.ip': {
         aggregatable: true,
-        category: 'source',
-        description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.ip',
@@ -434,9 +331,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'source.port': {
         aggregatable: true,
-        category: 'source',
-        description: 'Port of the source.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.port',
@@ -449,9 +343,6 @@ export const mockBrowserFields: BrowserFields = {
   user: {
     fields: {
       'user.name': {
-        category: 'user',
-        description: 'Short name or login of the user.',
-        example: 'albert',
         name: 'user.name',
         type: 'string',
         esTypes: ['keyword'],
@@ -466,9 +357,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'nestedField.firstAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.firstAttributes',
@@ -482,9 +370,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.secondAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.secondAttributes',
@@ -498,9 +383,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.thirdAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.thirdAttributes',
diff --git a/x-pack/packages/security-solution/ecs_data_quality_dashboard/impl/data_quality/mock/test_providers/test_providers.tsx b/x-pack/packages/security-solution/ecs_data_quality_dashboard/impl/data_quality/mock/test_providers/test_providers.tsx
index ac3cfea820df7..a4e6d39e720ec 100644
--- a/x-pack/packages/security-solution/ecs_data_quality_dashboard/impl/data_quality/mock/test_providers/test_providers.tsx
+++ b/x-pack/packages/security-solution/ecs_data_quality_dashboard/impl/data_quality/mock/test_providers/test_providers.tsx
@@ -31,6 +31,7 @@ export const TestProvidersComponent: React.FC<Props> = ({ children, isILMAvailab
   const actionTypeRegistry = actionTypeRegistryMock.create();
   const mockGetComments = jest.fn(() => []);
   const mockHttp = httpServiceMock.createStartContract({ basePath: '/test' });
+  const mockNavigateToApp = jest.fn();
   const mockTelemetryEvents = {
     reportDataQualityIndexChecked: jest.fn(),
     reportDataQualityCheckAllCompleted: jest.fn(),
@@ -71,6 +72,7 @@ export const TestProvidersComponent: React.FC<Props> = ({ children, isILMAvailab
             getComments={mockGetComments}
             http={mockHttp}
             baseConversations={{}}
+            navigateToApp={mockNavigateToApp}
           >
             <DataQualityProvider
               httpFetch={http.fetch}
diff --git a/x-pack/packages/security/api_key_management/README.md b/x-pack/packages/security/api_key_management/README.md
new file mode 100644
index 0000000000000..42ba0a7124df8
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/README.md
@@ -0,0 +1,3 @@
+# @kbn/security-form-components
+
+Contains form components used within the security plugin.
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/constants.ts b/x-pack/packages/security/api_key_management/index.ts
similarity index 84%
rename from x-pack/plugins/observability_solution/asset_manager/server/constants.ts
rename to x-pack/packages/security/api_key_management/index.ts
index 4630365e47875..c50969cfd6402 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/constants.ts
+++ b/x-pack/packages/security/api_key_management/index.ts
@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export const ASSETS_INDEX_PREFIX = 'assets';
+export * from './src/components';
diff --git a/x-pack/packages/security/api_key_management/jest.config.js b/x-pack/packages/security/api_key_management/jest.config.js
new file mode 100644
index 0000000000000..1532c92e1c8e9
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/jest.config.js
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  coverageDirectory:
+    '<rootDir>/target/kibana-coverage/jest/x-pack/packages/security/api_key_management',
+  coverageReporters: ['text', 'html'],
+  collectCoverageFrom: ['<rootDir>/x-pack/packages/security/api_key_management/**/*.{ts,tsx}'],
+  preset: '@kbn/test',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/packages/security/api_key_management'],
+};
diff --git a/x-pack/packages/security/api_key_management/kibana.jsonc b/x-pack/packages/security/api_key_management/kibana.jsonc
new file mode 100644
index 0000000000000..16e9244e49275
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-browser",
+  "id": "@kbn/security-api-key-management",
+  "owner": "@elastic/kibana-security"
+}
diff --git a/x-pack/packages/security/api_key_management/package.json b/x-pack/packages/security/api_key_management/package.json
new file mode 100644
index 0000000000000..3f09ae63c9fa9
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/security-api-key-management",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
diff --git a/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx
new file mode 100644
index 0000000000000..d8fb2822a1e96
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiToolTip, EuiBadge } from '@elastic/eui';
+import React, { FunctionComponent } from 'react';
+import { FormattedMessage } from '@kbn/i18n-react';
+
+export interface ApiKeyBadgeProps {
+  type: 'rest' | 'cross_cluster' | 'managed';
+}
+
+export const ApiKeyBadge: FunctionComponent<ApiKeyBadgeProps> = ({ type }) => {
+  return type === 'cross_cluster' ? (
+    <EuiToolTip
+      content={
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.crossClusterDescription"
+          defaultMessage="Allows remote clusters to connect to your local cluster."
+        />
+      }
+    >
+      <EuiBadge color="hollow" iconType="cluster">
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.crossClusterLabel"
+          defaultMessage="Cross-Cluster"
+        />
+      </EuiBadge>
+    </EuiToolTip>
+  ) : type === 'managed' ? (
+    <EuiToolTip
+      content={
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.managedDescription"
+          defaultMessage="Created and managed by Kibana to correctly run background tasks."
+        />
+      }
+    >
+      <EuiBadge color="hollow" iconType="gear">
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.managedTitle"
+          defaultMessage="Managed"
+        />
+      </EuiBadge>
+    </EuiToolTip>
+  ) : (
+    <EuiToolTip
+      content={
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.restDescription"
+          defaultMessage="Allows external services to access the Elastic Stack on behalf of a user."
+        />
+      }
+    >
+      <EuiBadge color="hollow" iconType="user">
+        <FormattedMessage
+          id="xpack.security.accountManagement.apiKeyBadge.restTitle"
+          defaultMessage="Personal"
+        />
+      </EuiBadge>
+    </EuiToolTip>
+  );
+};
diff --git a/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx
new file mode 100644
index 0000000000000..1f2f0201d5a48
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiCallOut } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import React, { FunctionComponent } from 'react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { CreateAPIKeyResult } from './api_keys_api_client';
+import { SelectableTokenField } from './token_field';
+
+export interface ApiKeyCreatedCalloutProps {
+  createdApiKey: CreateAPIKeyResult;
+}
+
+export const ApiKeyCreatedCallout: FunctionComponent<ApiKeyCreatedCalloutProps> = ({
+  createdApiKey,
+}) => {
+  return (
+    <EuiCallOut
+      color="success"
+      iconType="check"
+      title={i18n.translate('xpack.security.management.apiKeys.createSuccessMessage', {
+        defaultMessage: "Created API key ''{name}''",
+        values: { name: createdApiKey.name },
+      })}
+    >
+      <p>
+        <FormattedMessage
+          id="xpack.security.management.apiKeys.successDescription"
+          defaultMessage="Copy this key now. You will not be able to view it again."
+        />
+      </p>
+      <ApiKeySelectableTokenField createdApiKey={createdApiKey} />
+    </EuiCallOut>
+  );
+};
+
+export const ApiKeySelectableTokenField: FunctionComponent<ApiKeyCreatedCalloutProps> = ({
+  createdApiKey,
+}) => {
+  const concatenated = `${createdApiKey.id}:${createdApiKey.api_key}`;
+  return (
+    <SelectableTokenField
+      options={[
+        {
+          key: 'encoded',
+          value: createdApiKey.encoded,
+          icon: 'empty',
+          label: i18n.translate('xpack.security.management.apiKeys.encodedLabel', {
+            defaultMessage: 'Encoded',
+          }),
+          description: i18n.translate('xpack.security.management.apiKeys.encodedDescription', {
+            defaultMessage: 'Format used to make requests to Elasticsearch REST API.',
+          }),
+        },
+        {
+          key: 'beats',
+          value: concatenated,
+          icon: 'logoBeats',
+          label: i18n.translate('xpack.security.management.apiKeys.beatsLabel', {
+            defaultMessage: 'Beats',
+          }),
+          description: i18n.translate('xpack.security.management.apiKeys.beatsDescription', {
+            defaultMessage: 'Format used to configure Beats.',
+          }),
+        },
+        {
+          key: 'logstash',
+          value: concatenated,
+          icon: 'logoLogstash',
+          label: i18n.translate('xpack.security.management.apiKeys.logstashLabel', {
+            defaultMessage: 'Logstash',
+          }),
+          description: i18n.translate('xpack.security.management.apiKeys.logstashDescription', {
+            defaultMessage: 'Format used to configure Logstash.',
+          }),
+        },
+      ]}
+    />
+  );
+};
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx
similarity index 92%
rename from x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx
rename to x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx
index 0522a977027dc..82c37b72dd41c 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx
+++ b/x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { ExclusiveUnion } from '@elastic/eui';
+import { ExclusiveUnion, htmlIdGenerator } from '@elastic/eui';
 import {
   EuiButton,
   EuiButtonEmpty,
@@ -31,33 +31,29 @@ import {
 } from '@elastic/eui';
 import { Form, FormikProvider, useFormik } from 'formik';
 import moment from 'moment-timezone';
-import type { FunctionComponent } from 'react';
+import { FunctionComponent, useRef } from 'react';
 import React, { useEffect, useState } from 'react';
 import useAsyncFn from 'react-use/lib/useAsyncFn';
 
 import { CodeEditorField } from '@kbn/code-editor';
+import type { AuthenticatedUser, CoreStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { FormattedDate, FormattedMessage } from '@kbn/i18n-react';
 import { useDarkMode, useKibana } from '@kbn/kibana-react-plugin/public';
 import type { KibanaServerError } from '@kbn/kibana-utils-plugin/public';
 
-import type { CategorizedApiKey } from './api_keys_table';
-import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from './api_keys_table';
-import type { ApiKeyRoleDescriptors } from '../../../../common/model';
-import { DocLink } from '../../../components/doc_link';
-import { FormField } from '../../../components/form_field';
-import { FormRow } from '../../../components/form_row';
-import { useCurrentUser } from '../../../components/use_current_user';
-import { useHtmlId } from '../../../components/use_html_id';
-import { useInitialFocus } from '../../../components/use_initial_focus';
-import { RolesAPIClient } from '../../roles/roles_api_client';
-import { APIKeysAPIClient } from '../api_keys_api_client';
+import { Role } from '@kbn/security-plugin-types-common';
+import { FormField, FormRow } from '@kbn/security-form-components';
+import type { ApiKeyRoleDescriptors, CategorizedApiKey } from '@kbn/security-plugin-types-common';
+import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from '.';
+import { APIKeysAPIClient } from './api_keys_api_client';
 import type {
   CreateAPIKeyParams,
   CreateAPIKeyResult,
   UpdateAPIKeyParams,
   UpdateAPIKeyResult,
-} from '../api_keys_api_client';
+} from './api_keys_api_client';
+import { DocLink } from './doc_link';
 
 const TypeLabel = () => (
   <FormattedMessage
@@ -97,6 +93,12 @@ interface CommonApiKeyFlyoutProps {
   onCancel(): void;
   canManageCrossClusterApiKeys?: boolean;
   readOnly?: boolean;
+  http?: CoreStart['http'];
+  currentUser?: AuthenticatedUser;
+  isLoadingCurrentUser?: boolean;
+  defaultMetadata?: string;
+  defaultRoleDescriptors?: string;
+  defaultExpiration?: string;
 }
 
 interface CreateApiKeyFlyoutProps extends CommonApiKeyFlyoutProps {
@@ -160,43 +162,60 @@ const WRITE_ONLY_BOILERPLATE = `{
   }
 }`;
 
+const httpErrorText = i18n.translate('xpack.security.httpError', {
+  defaultMessage: 'Could not initialize http client.',
+});
+
 export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
   onSuccess,
   onCancel,
+  defaultExpiration,
+  defaultMetadata,
+  defaultRoleDescriptors,
   apiKey,
   canManageCrossClusterApiKeys = false,
   readOnly = false,
+  currentUser,
+  isLoadingCurrentUser,
 }) => {
   const { euiTheme } = useEuiTheme();
-  const { services } = useKibana();
   const isDarkMode = useDarkMode();
-  const { value: currentUser, loading: isLoadingCurrentUser } = useCurrentUser();
-  const [{ value: roles, loading: isLoadingRoles }, getRoles] = useAsyncFn(
-    () => new RolesAPIClient(services.http!).getRoles(),
-    [services.http]
-  );
+  const {
+    services: { http },
+  } = useKibana();
   const [responseError, setResponseError] = useState<KibanaServerError | undefined>(undefined);
+  const [{ value: roles, loading: isLoadingRoles }, getRoles] = useAsyncFn(() => {
+    if (http) {
+      return http.get<Role[]>('/api/security/role');
+    }
+    return Promise.resolve([]);
+  }, [http]);
 
   const formik = useFormik<ApiKeyFormValues>({
     onSubmit: async (values) => {
-      try {
-        if (apiKey) {
-          const updateApiKeyResponse = await new APIKeysAPIClient(services.http!).updateApiKey(
-            mapUpdateApiKeyValues(apiKey.type, apiKey.id, values)
-          );
+      if (http) {
+        try {
+          if (apiKey) {
+            const updateApiKeyResponse = await new APIKeysAPIClient(http).updateApiKey(
+              mapUpdateApiKeyValues(apiKey.type, apiKey.id, values)
+            );
 
-          onSuccess?.(updateApiKeyResponse);
-        } else {
-          const createApiKeyResponse = await new APIKeysAPIClient(services.http!).createApiKey(
-            mapCreateApiKeyValues(values)
-          );
+            onSuccess?.(updateApiKeyResponse);
+          } else {
+            const createApiKeyResponse = await new APIKeysAPIClient(http).createApiKey(
+              mapCreateApiKeyValues(values)
+            );
 
-          onSuccess?.(createApiKeyResponse);
+            onSuccess?.(createApiKeyResponse);
+          }
+          setResponseError(undefined);
+        } catch (error) {
+          setResponseError(error.body);
+          throw error;
         }
-        setResponseError(undefined);
-      } catch (error) {
-        setResponseError(error.body);
-        throw error;
+      } else {
+        setResponseError({ message: httpErrorText, statusCode: 0 });
+        throw new Error(httpErrorText);
       }
     },
     initialValues: apiKey ? mapApiKeyFormValues(apiKey) : defaultInitialValues,
@@ -225,15 +244,40 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
     }
   }, [currentUser, roles]); // eslint-disable-line react-hooks/exhaustive-deps
 
+  useEffect(() => {
+    if (defaultRoleDescriptors && !apiKey) {
+      formik.setFieldValue('role_descriptors', defaultRoleDescriptors);
+    }
+  }, [defaultRoleDescriptors]); // eslint-disable-line react-hooks/exhaustive-deps
+
+  useEffect(() => {
+    if (defaultMetadata && !apiKey) {
+      formik.setFieldValue('metadata', defaultMetadata);
+    }
+  }, [defaultMetadata]); // eslint-disable-line react-hooks/exhaustive-deps
+
+  useEffect(() => {
+    if (defaultExpiration && !apiKey) {
+      formik.setFieldValue('expiration', defaultExpiration);
+      formik.setFieldValue('customExpiration', true);
+    }
+  }, [defaultExpiration]); // eslint-disable-line react-hooks/exhaustive-deps
+
   const isLoading = isLoadingCurrentUser || isLoadingRoles;
 
   const isOwner = currentUser && apiKey ? currentUser.username === apiKey.username : false;
   const hasExpired = apiKey ? apiKey.expiration && moment(apiKey.expiration).isBefore() : false;
   const canEdit = isOwner && !hasExpired;
 
-  const firstFieldRef = useInitialFocus<HTMLInputElement>([isLoading]);
+  // autofocus first field when loaded
+  const inputRef = useRef<HTMLInputElement | null>(null);
+  useEffect(() => {
+    if (inputRef?.current) {
+      inputRef?.current.focus();
+    }
+  }, [isLoading]);
 
-  const titleId = useHtmlId('formFlyout', 'title');
+  const titleId = htmlIdGenerator('formFlyout')('title');
   const isSubmitButtonHidden = readOnly || (apiKey && !canEdit);
 
   const isSubmitDisabled =
@@ -284,6 +328,7 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
               {responseError && (
                 <>
                   <EuiCallOut
+                    data-test-subj="apiKeyFlyoutResponseError"
                     color="danger"
                     title={
                       <FormattedMessage
@@ -448,7 +493,7 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                     <FormRow label={<NameLabel />} fullWidth>
                       <FormField
                         name="name"
-                        inputRef={firstFieldRef}
+                        inputRef={inputRef}
                         data-test-subj="apiKeyNameInput"
                         disabled={readOnly || !!apiKey}
                         validate={{
diff --git a/x-pack/packages/security/api_key_management/src/components/api_key_status.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_status.tsx
new file mode 100644
index 0000000000000..677544866e3cf
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/api_key_status.tsx
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiHealth } from '@elastic/eui';
+import moment from 'moment';
+import React, { FunctionComponent } from 'react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { CategorizedApiKey } from '@kbn/security-plugin-types-common';
+import { TimeToolTip } from './time_tool_tip';
+
+export type ApiKeyStatusProps = Pick<CategorizedApiKey, 'expiration'>;
+
+export const ApiKeyStatus: FunctionComponent<ApiKeyStatusProps> = ({ expiration }) => {
+  if (!expiration) {
+    return (
+      <EuiHealth color="primary" data-test-subj="apiKeyStatus">
+        <FormattedMessage
+          id="xpack.security.management.apiKeys.table.statusActive"
+          defaultMessage="Active"
+        />
+      </EuiHealth>
+    );
+  }
+
+  if (Date.now() > expiration) {
+    return (
+      <EuiHealth color="subdued" data-test-subj="apiKeyStatus">
+        <FormattedMessage
+          id="xpack.security.management.apiKeys.table.statusExpired"
+          defaultMessage="Expired"
+        />
+      </EuiHealth>
+    );
+  }
+
+  return (
+    <EuiHealth color="warning" data-test-subj="apiKeyStatus">
+      <TimeToolTip timestamp={expiration}>
+        <FormattedMessage
+          id="xpack.security.management.apiKeys.table.statusExpires"
+          defaultMessage="Expires {timeFromNow}"
+          values={{
+            timeFromNow: moment(expiration).fromNow(),
+          }}
+        />
+      </TimeToolTip>
+    </EuiHealth>
+  );
+};
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.test.ts b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.test.ts
similarity index 100%
rename from x-pack/plugins/security/public/management/api_keys/api_keys_api_client.test.ts
rename to x-pack/packages/security/api_key_management/src/components/api_keys_api_client.test.ts
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts
similarity index 72%
rename from x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts
rename to x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts
index e9cf206ed96d9..30cc9f214ebf5 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts
+++ b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts
@@ -8,36 +8,33 @@
 import type { QueryContainer } from '@elastic/eui/src/components/search_bar/query/ast_to_es_query_dsl';
 
 import type { HttpStart } from '@kbn/core/public';
-import type { CreateAPIKeyParams, CreateAPIKeyResult } from '@kbn/security-plugin-types-server';
+import type {
+  CreateAPIKeyParams,
+  CreateAPIKeyResult,
+  UpdateAPIKeyParams,
+  UpdateAPIKeyResult,
+} from '@kbn/security-plugin-types-server';
 
-import type { QueryFilters } from './api_keys_grid/api_keys_table';
-import type { ApiKeyToInvalidate, QueryApiKeyResult } from '../../../common/model';
-import type { UpdateAPIKeyParams, UpdateAPIKeyResult } from '../../../server/routes/api_keys';
+import type {
+  ApiKeyToInvalidate,
+  CategorizedApiKey,
+  QueryApiKeyResult,
+} from '@kbn/security-plugin-types-common';
+import type { Criteria } from '@elastic/eui';
 
 export type { CreateAPIKeyParams, CreateAPIKeyResult, UpdateAPIKeyParams, UpdateAPIKeyResult };
 
+export interface QueryFilters {
+  usernames?: string[];
+  type?: 'rest' | 'managed' | 'cross_cluster';
+  expired?: boolean;
+}
 export interface InvalidateApiKeysResponse {
   itemsInvalidated: ApiKeyToInvalidate[];
   errors: any[];
 }
 
-export interface QueryApiKeySortOptions {
-  field:
-    | 'id'
-    | 'type'
-    | 'name'
-    | 'username'
-    | 'realm'
-    | 'creation'
-    | 'metadata'
-    | 'role_descriptors'
-    | 'expiration'
-    | 'invalidated'
-    | 'limited_by'
-    | '_sort'
-    | 'expired';
-  direction: 'asc' | 'desc';
-}
+export type QueryApiKeySortOptions = Required<Criteria<CategorizedApiKey>>['sort'];
 
 export interface QueryApiKeyParams {
   query: QueryContainer;
diff --git a/x-pack/packages/security/api_key_management/src/components/doc_link.tsx b/x-pack/packages/security/api_key_management/src/components/doc_link.tsx
new file mode 100644
index 0000000000000..1aa399fb0cc70
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/doc_link.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink } from '@elastic/eui';
+import type { FC, PropsWithChildren } from 'react';
+import React, { useCallback } from 'react';
+
+import type { DocLinksStart } from '@kbn/core/public';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+
+export type DocLinks = DocLinksStart['links'];
+export type GetDocLinkFunction = (app: string, doc: string) => string;
+
+/**
+ * Creates links to the documentation.
+ *
+ * @see {@link DocLink} for a component that creates a link to the docs.
+ *
+ * @example
+ * ```typescript
+ * <DocLink app="elasticsearch" doc="built-in-roles.html">
+ *   Learn what privileges individual roles grant.
+ * </DocLink>
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const [docs] = useDocLinks();
+ *
+ * <EuiLink href={docs.dashboard.guide} target="_blank" external>
+ *   Learn how to get started with dashboards.
+ * </EuiLink>
+ * ```
+ */
+export function useDocLinks(): [DocLinks, GetDocLinkFunction] {
+  const { services } = useKibana();
+  const { links, ELASTIC_WEBSITE_URL, DOC_LINK_VERSION } = services.docLinks!;
+  const getDocLink = useCallback<GetDocLinkFunction>(
+    (app, doc) => {
+      return `${ELASTIC_WEBSITE_URL}guide/en/${app}/reference/${DOC_LINK_VERSION}/${doc}`;
+    },
+    [ELASTIC_WEBSITE_URL, DOC_LINK_VERSION]
+  );
+  return [links, getDocLink];
+}
+
+export interface DocLinkProps {
+  app: string;
+  doc: string;
+}
+
+export const DocLink: FC<PropsWithChildren<DocLinkProps>> = ({ app, doc, children }) => {
+  const [, getDocLink] = useDocLinks();
+  return (
+    <EuiLink href={getDocLink(app, doc)} target="_blank" external>
+      {children}
+    </EuiLink>
+  );
+};
diff --git a/x-pack/packages/security/api_key_management/src/components/index.ts b/x-pack/packages/security/api_key_management/src/components/index.ts
new file mode 100644
index 0000000000000..7c78ceddcd4f3
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './api_key_flyout';
+export * from './api_keys_api_client';
+export * from './api_key_badge';
+export * from './api_key_status';
+export * from './time_tool_tip';
+export * from './api_key_created_callout';
diff --git a/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx b/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx
new file mode 100644
index 0000000000000..43b243a1f35df
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiToolTip } from '@elastic/eui';
+import moment from 'moment';
+import React from 'react';
+import { FunctionComponent } from 'react';
+
+export interface TimeToolTipProps {
+  timestamp: number;
+}
+
+export const TimeToolTip: FunctionComponent<TimeToolTipProps> = ({ timestamp, children }) => {
+  return (
+    <EuiToolTip content={moment(timestamp).format('LLL')}>
+      <span>{children ?? moment(timestamp).fromNow()}</span>
+    </EuiToolTip>
+  );
+};
diff --git a/x-pack/plugins/security/public/components/token_field.tsx b/x-pack/packages/security/api_key_management/src/components/token_field.tsx
similarity index 96%
rename from x-pack/plugins/security/public/components/token_field.tsx
rename to x-pack/packages/security/api_key_management/src/components/token_field.tsx
index 1992d104021be..4943603dbecf8 100644
--- a/x-pack/plugins/security/public/components/token_field.tsx
+++ b/x-pack/packages/security/api_key_management/src/components/token_field.tsx
@@ -12,6 +12,7 @@ import {
   EuiContextMenuItem,
   EuiContextMenuPanel,
   EuiCopy,
+  EuiFieldText,
   EuiFormControlLayout,
   EuiHorizontalRule,
   EuiPopover,
@@ -50,12 +51,12 @@ export const TokenField: FunctionComponent<TokenFieldProps> = (props) => {
       style={{ backgroundColor: 'transparent' }}
       readOnly
     >
-      <input
-        type="text"
+      <EuiFieldText
+        data-test-subj="apiKeyTokenField"
+        controlOnly
         aria-label={i18n.translate('xpack.security.copyTokenField.tokenLabel', {
           defaultMessage: 'Token',
         })}
-        className="euiFieldText euiFieldText--inGroup"
         value={props.value}
         style={{
           fontFamily: euiThemeVars.euiCodeFontFamily,
@@ -102,6 +103,7 @@ export const SelectableTokenField: FunctionComponent<SelectableTokenFieldProps>
         <EuiPopover
           button={
             <EuiButtonEmpty
+              data-test-subj="selectableTokenFieldButton"
               size="xs"
               iconType="arrowDown"
               iconSide="right"
diff --git a/x-pack/packages/security/api_key_management/tsconfig.json b/x-pack/packages/security/api_key_management/tsconfig.json
new file mode 100644
index 0000000000000..f0a9a78442f04
--- /dev/null
+++ b/x-pack/packages/security/api_key_management/tsconfig.json
@@ -0,0 +1,30 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+      "react",
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/i18n-react",
+    "@kbn/i18n",
+    "@kbn/security-form-components",
+    "@kbn/code-editor",
+    "@kbn/core",
+    "@kbn/kibana-react-plugin",
+    "@kbn/kibana-utils-plugin",
+    "@kbn/security-plugin-types-common",
+    "@kbn/security-plugin-types-server",
+    "@kbn/ui-theme",
+  ],
+}
diff --git a/x-pack/packages/security/form_components/README.md b/x-pack/packages/security/form_components/README.md
new file mode 100644
index 0000000000000..f33d0cc9ec321
--- /dev/null
+++ b/x-pack/packages/security/form_components/README.md
@@ -0,0 +1,3 @@
+# @kbn/security-api-key-components
+
+Contains components to manage API keys, primarily the API key flyout to create and update API keys.
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/index.ts b/x-pack/packages/security/form_components/index.ts
similarity index 81%
rename from x-pack/plugins/ml/server/models/json_schema_service/index.ts
rename to x-pack/packages/security/form_components/index.ts
index 348fb5b0c46ea..3b2a320ae181f 100644
--- a/x-pack/plugins/ml/server/models/json_schema_service/index.ts
+++ b/x-pack/packages/security/form_components/index.ts
@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export { JsonSchemaService } from './json_schema_service';
+export * from './src';
diff --git a/x-pack/packages/security/form_components/jest.config.js b/x-pack/packages/security/form_components/jest.config.js
new file mode 100644
index 0000000000000..f27b499077bdf
--- /dev/null
+++ b/x-pack/packages/security/form_components/jest.config.js
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  coverageDirectory:
+    '<rootDir>/target/kibana-coverage/jest/x-pack/packages/security/form_components',
+  coverageReporters: ['text', 'html'],
+  collectCoverageFrom: ['<rootDir>/x-pack/packages/security/form_components/**/*.{ts,tsx}'],
+  preset: '@kbn/test',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/packages/security/form_components'],
+};
diff --git a/x-pack/packages/security/form_components/kibana.jsonc b/x-pack/packages/security/form_components/kibana.jsonc
new file mode 100644
index 0000000000000..44f54ee5fe4ca
--- /dev/null
+++ b/x-pack/packages/security/form_components/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/security-form-components",
+  "owner": "@elastic/kibana-security"
+}
diff --git a/x-pack/packages/security/form_components/package.json b/x-pack/packages/security/form_components/package.json
new file mode 100644
index 0000000000000..20a52b43aee44
--- /dev/null
+++ b/x-pack/packages/security/form_components/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/security-form-components",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
diff --git a/x-pack/plugins/security/public/components/form_changes.test.tsx b/x-pack/packages/security/form_components/src/form_changes.test.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_changes.test.tsx
rename to x-pack/packages/security/form_components/src/form_changes.test.tsx
diff --git a/x-pack/plugins/security/public/components/form_changes.tsx b/x-pack/packages/security/form_components/src/form_changes.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_changes.tsx
rename to x-pack/packages/security/form_components/src/form_changes.tsx
diff --git a/x-pack/plugins/security/public/components/form_field.test.tsx b/x-pack/packages/security/form_components/src/form_field.test.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_field.test.tsx
rename to x-pack/packages/security/form_components/src/form_field.test.tsx
diff --git a/x-pack/plugins/security/public/components/form_field.tsx b/x-pack/packages/security/form_components/src/form_field.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_field.tsx
rename to x-pack/packages/security/form_components/src/form_field.tsx
diff --git a/x-pack/plugins/security/public/components/form_label.test.tsx b/x-pack/packages/security/form_components/src/form_label.test.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_label.test.tsx
rename to x-pack/packages/security/form_components/src/form_label.test.tsx
diff --git a/x-pack/plugins/security/public/components/form_label.tsx b/x-pack/packages/security/form_components/src/form_label.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_label.tsx
rename to x-pack/packages/security/form_components/src/form_label.tsx
diff --git a/x-pack/plugins/security/public/components/form_row.test.tsx b/x-pack/packages/security/form_components/src/form_row.test.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_row.test.tsx
rename to x-pack/packages/security/form_components/src/form_row.test.tsx
diff --git a/x-pack/plugins/security/public/components/form_row.tsx b/x-pack/packages/security/form_components/src/form_row.tsx
similarity index 100%
rename from x-pack/plugins/security/public/components/form_row.tsx
rename to x-pack/packages/security/form_components/src/form_row.tsx
diff --git a/x-pack/packages/security/form_components/src/index.ts b/x-pack/packages/security/form_components/src/index.ts
new file mode 100644
index 0000000000000..ae2560ab60aa4
--- /dev/null
+++ b/x-pack/packages/security/form_components/src/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './form_changes';
+export * from './form_field';
+export * from './form_label';
+export * from './form_row';
diff --git a/x-pack/packages/security/form_components/tsconfig.json b/x-pack/packages/security/form_components/tsconfig.json
new file mode 100644
index 0000000000000..5056613904e7a
--- /dev/null
+++ b/x-pack/packages/security/form_components/tsconfig.json
@@ -0,0 +1,21 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+      "react",
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/i18n-react",
+  ],
+}
diff --git a/x-pack/packages/security/plugin_types_common/index.ts b/x-pack/packages/security/plugin_types_common/index.ts
index 9d4d690e524a0..8dd0ff726103a 100644
--- a/x-pack/packages/security/plugin_types_common/index.ts
+++ b/x-pack/packages/security/plugin_types_common/index.ts
@@ -28,3 +28,17 @@ export type {
   UserProfileWithSecurity,
   UserProfileUserInfoWithSecurity,
 } from './src/user_profile';
+
+export type {
+  ApiKey,
+  RestApiKey,
+  CrossClusterApiKey,
+  BaseApiKey,
+  CrossClusterApiKeyAccess,
+  ManagedApiKey,
+  ApiKeyRoleDescriptors,
+  ApiKeyToInvalidate,
+  QueryApiKeyResult,
+  CategorizedApiKey,
+  ApiKeyAggregations,
+} from './src/api_keys/api_key';
diff --git a/x-pack/plugins/security/common/model/api_key.ts b/x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts
similarity index 90%
rename from x-pack/plugins/security/common/model/api_key.ts
rename to x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts
index 639cf6568c709..d01766c2381ac 100644
--- a/x-pack/plugins/security/common/model/api_key.ts
+++ b/x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts
@@ -115,3 +115,18 @@ interface BaseQueryApiKeyResult {
   aggregationTotal: number;
   aggregations: Record<string, estypes.SecurityQueryApiKeysApiKeyAggregate> | undefined;
 }
+
+/**
+ * Interface representing a REST API key that is managed by Kibana.
+ */
+export interface ManagedApiKey extends BaseApiKey {
+  type: 'managed';
+}
+
+/**
+ * Interface representing an API key the way it is presented in the Kibana UI  (with Kibana system
+ * API keys given its own dedicated `managed` type).
+ */
+export type CategorizedApiKey = (ApiKey | ManagedApiKey) & {
+  expired: boolean;
+};
diff --git a/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts b/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts
index a8fa8a6a64d26..653198268a751 100644
--- a/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts
+++ b/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import type { AuthenticatedUser } from '@kbn/core-security-common';
 
 export interface AuthenticationServiceSetup {
   /**
diff --git a/x-pack/packages/security/plugin_types_public/tsconfig.json b/x-pack/packages/security/plugin_types_public/tsconfig.json
index 28f07062f6807..6779851e86367 100644
--- a/x-pack/packages/security/plugin_types_public/tsconfig.json
+++ b/x-pack/packages/security/plugin_types_public/tsconfig.json
@@ -10,8 +10,9 @@
     "target/**/*"
   ],
   "kbn_references": [
-    "@kbn/security-plugin-types-common",
     "@kbn/core-user-profile-browser",
-    "@kbn/core-user-profile-common"
+    "@kbn/core-user-profile-common",
+    "@kbn/security-plugin-types-common",
+    "@kbn/core-security-common",
   ]
 }
diff --git a/x-pack/packages/security/plugin_types_server/index.ts b/x-pack/packages/security/plugin_types_server/index.ts
index 2d697dd0187ab..1228b9d36f961 100644
--- a/x-pack/packages/security/plugin_types_server/index.ts
+++ b/x-pack/packages/security/plugin_types_server/index.ts
@@ -25,6 +25,11 @@ export type {
   InvalidateAPIKeyResult,
   APIKeys,
   AuthenticationServiceStart,
+  UpdateAPIKeyParams,
+  UpdateAPIKeyResult,
+  UpdateCrossClusterAPIKeyParams,
+  UpdateRestAPIKeyParams,
+  UpdateRestAPIKeyWithKibanaPrivilegesParams,
 } from './src/authentication';
 export type {
   PrivilegeDeprecationsService,
@@ -69,6 +74,9 @@ export type {
 export {
   restApiKeySchema,
   getRestApiKeyWithKibanaPrivilegesSchema,
+  getUpdateRestApiKeyWithKibanaPrivilegesSchema,
   crossClusterApiKeySchema,
+  updateRestApiKeySchema,
+  updateCrossClusterApiKeySchema,
 } from './src/authentication';
 export { GLOBAL_RESOURCE, elasticsearchRoleSchema, getKibanaRoleSchema } from './src/authorization';
diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts
index 184f21ce2ddac..2ced5478b46eb 100644
--- a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts
+++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts
@@ -202,3 +202,48 @@ export const crossClusterApiKeySchema = restApiKeySchema.extends({
     { unknowns: 'allow' }
   ),
 });
+
+/**
+ * Response of Kibana Update API key endpoint.
+ */
+export type UpdateAPIKeyResult = estypes.SecurityUpdateApiKeyResponse;
+
+/**
+ * Request body of Kibana Update API key endpoint.
+ */
+export type UpdateAPIKeyParams =
+  | UpdateRestAPIKeyParams
+  | UpdateCrossClusterAPIKeyParams
+  | UpdateRestAPIKeyWithKibanaPrivilegesParams;
+
+export const updateRestApiKeySchema = restApiKeySchema.extends({
+  name: null,
+  id: schema.string(),
+});
+
+export const updateCrossClusterApiKeySchema = crossClusterApiKeySchema.extends({
+  name: null,
+  id: schema.string(),
+});
+
+export type UpdateRestAPIKeyParams = TypeOf<typeof updateRestApiKeySchema>;
+export type UpdateCrossClusterAPIKeyParams = TypeOf<typeof updateCrossClusterApiKeySchema>;
+export type UpdateRestAPIKeyWithKibanaPrivilegesParams = TypeOf<
+  ReturnType<typeof getUpdateRestApiKeyWithKibanaPrivilegesSchema>
+>;
+
+export const getUpdateRestApiKeyWithKibanaPrivilegesSchema = (
+  getBasePrivilegeNames: Parameters<typeof getKibanaRoleSchema>[0]
+) =>
+  restApiKeySchema.extends({
+    role_descriptors: null,
+    name: null,
+    id: schema.string(),
+    kibana_role_descriptors: schema.recordOf(
+      schema.string(),
+      schema.object({
+        elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }),
+        kibana: getKibanaRoleSchema(getBasePrivilegeNames),
+      })
+    ),
+  });
diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts
index dbad1344d1d24..ec36a99b4da63 100644
--- a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts
+++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts
@@ -16,9 +16,17 @@ export type {
   CreateCrossClusterAPIKeyParams,
   GrantAPIKeyResult,
   APIKeys,
+  UpdateAPIKeyParams,
+  UpdateAPIKeyResult,
+  UpdateCrossClusterAPIKeyParams,
+  UpdateRestAPIKeyParams,
+  UpdateRestAPIKeyWithKibanaPrivilegesParams,
 } from './api_keys';
 export {
   crossClusterApiKeySchema,
   getRestApiKeyWithKibanaPrivilegesSchema,
+  getUpdateRestApiKeyWithKibanaPrivilegesSchema,
   restApiKeySchema,
+  updateRestApiKeySchema,
+  updateCrossClusterApiKeySchema,
 } from './api_keys';
diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts b/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts
index 5dc8827786a4b..6bc5a73113ae3 100644
--- a/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts
+++ b/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts
@@ -6,7 +6,7 @@
  */
 
 import type { KibanaRequest } from '@kbn/core/server';
-import type { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import type { AuthenticatedUser } from '@kbn/core-security-common';
 
 import type { APIKeys } from './api_keys';
 
diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts
index 04e4a820fb4d9..6e30f9ebcec24 100644
--- a/x-pack/packages/security/plugin_types_server/src/authentication/index.ts
+++ b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts
@@ -16,10 +16,18 @@ export type {
   ValidateAPIKeyParams,
   APIKeys,
   GrantAPIKeyResult,
+  UpdateAPIKeyParams,
+  UpdateAPIKeyResult,
+  UpdateCrossClusterAPIKeyParams,
+  UpdateRestAPIKeyParams,
+  UpdateRestAPIKeyWithKibanaPrivilegesParams,
 } from './api_keys';
 export type { AuthenticationServiceStart } from './authentication_service';
 export {
   restApiKeySchema,
   getRestApiKeyWithKibanaPrivilegesSchema,
+  getUpdateRestApiKeyWithKibanaPrivilegesSchema,
   crossClusterApiKeySchema,
+  updateRestApiKeySchema,
+  updateCrossClusterApiKeySchema,
 } from './api_keys';
diff --git a/x-pack/packages/security/plugin_types_server/tsconfig.json b/x-pack/packages/security/plugin_types_server/tsconfig.json
index 51a1cf53c62bf..04ed00229a3de 100644
--- a/x-pack/packages/security/plugin_types_server/tsconfig.json
+++ b/x-pack/packages/security/plugin_types_server/tsconfig.json
@@ -15,5 +15,6 @@
     "@kbn/security-plugin-types-common",
     "@kbn/core-user-profile-server",
     "@kbn/core-security-server",
+    "@kbn/core-security-common"
   ]
 }
diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json
index df93f77a5ab20..ee6cb7080627e 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled.json
+++ b/x-pack/plugins/actions/docs/openapi/bundled.json
@@ -2200,7 +2200,7 @@
           "defaultModel": {
             "type": "string",
             "description": "The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.\n",
-            "default": "anthropic.claude-3-sonnet-20240229-v1:0"
+            "default": "anthropic.claude-3-5-sonnet-20240620-v1:0"
           }
         }
       },
@@ -2240,7 +2240,7 @@
           "defaultModel": {
             "type": "string",
             "description": "The generative artificial intelligence model for Google Gemini to use.",
-            "default": "gemini-1.5-pro-preview-0409"
+            "default": "gemini-1.5-pro-001"
           },
           "gcpRegion": {
             "type": "string",
@@ -7150,4 +7150,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml
index 95a0449bec192..fada89d5c6ea4 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled.yaml
+++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml
@@ -1501,7 +1501,7 @@ components:
           type: string
           description: |
             The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
-          default: anthropic.claude-3-sonnet-20240229-v1:0
+          default: anthropic.claude-3-5-sonnet-20240620-v1:0
     secrets_properties_bedrock:
       title: Connector secrets properties for an Amazon Bedrock connector
       description: Defines secrets for connectors when type is `.bedrock`.
@@ -1531,7 +1531,7 @@ components:
         defaultModel:
           type: string
           description: The generative artificial intelligence model for Google Gemini to use.
-          default: gemini-1.5-pro-preview-0409
+          default: gemini-1.5-pro-001
         gcpRegion:
           type: string
           description: The GCP region where the Vertex AI endpoint enabled.
@@ -1696,14 +1696,14 @@ components:
           type: boolean
         host:
           description: |
-            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. 
+            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
           type: string
         oauthTokenUrl:
           type: string
           nullable: true
         port:
           description: |
-            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. 
+            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
           type: integer
         secure:
           description: |
@@ -3267,7 +3267,7 @@ components:
     is_preconfigured:
       type: boolean
       description: |
-        Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. 
+        Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response.
       example: false
     is_system_action:
       type: boolean
@@ -3775,7 +3775,7 @@ components:
           items:
             type: string
           description: |
-            A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format 
+            A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format
         message:
           type: string
           description: The email message text. Markdown format is supported.
diff --git a/x-pack/plugins/actions/docs/openapi/bundled_serverless.json b/x-pack/plugins/actions/docs/openapi/bundled_serverless.json
index 928dbbfd758d7..550eba1f9ae60 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled_serverless.json
+++ b/x-pack/plugins/actions/docs/openapi/bundled_serverless.json
@@ -1188,7 +1188,7 @@
           "defaultModel": {
             "type": "string",
             "description": "The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.\n",
-            "default": "anthropic.claude-3-sonnet-20240229-v1:0"
+            "default": "anthropic.claude-3-5-sonnet-20240620-v1:0"
           }
         }
       },
@@ -1228,7 +1228,7 @@
           "defaultModel": {
             "type": "string",
             "description": "The generative artificial intelligence model for Google Gemini to use.",
-            "default": "gemini-1.5-pro-preview-0409"
+            "default": "gemini-1.5-pro-001"
           },
           "gcpRegion": {
             "type": "string",
@@ -4537,4 +4537,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml b/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml
index 4fdc184e3fb90..0fe3a61372ce6 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml
+++ b/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml
@@ -858,7 +858,7 @@ components:
           type: string
           description: |
             The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
-          default: anthropic.claude-3-sonnet-20240229-v1:0
+          default: anthropic.claude-3-5-sonnet-20240620-v1:0
     secrets_properties_bedrock:
       title: Connector secrets properties for an Amazon Bedrock connector
       description: Defines secrets for connectors when type is `.bedrock`.
@@ -888,7 +888,7 @@ components:
         defaultModel:
           type: string
           description: The generative artificial intelligence model for Google Gemini to use.
-          default: gemini-1.5-pro-preview-0409
+          default: gemini-1.5-pro-001
         gcpRegion:
           type: string
           description: The GCP region where the Vertex AI endpoint enabled.
@@ -1053,14 +1053,14 @@ components:
           type: boolean
         host:
           description: |
-            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. 
+            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
           type: string
         oauthTokenUrl:
           type: string
           nullable: true
         port:
           description: |
-            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. 
+            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
           type: integer
         secure:
           description: |
@@ -2624,7 +2624,7 @@ components:
     is_preconfigured:
       type: boolean
       description: |
-        Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. 
+        Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response.
       example: false
     is_system_action:
       type: boolean
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml
index 440d378bab303..211a209d65392 100644
--- a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml
@@ -12,4 +12,4 @@ properties:
     description: >
       The generative artificial intelligence model for Amazon Bedrock to use.
       Current support is for the Anthropic Claude models.
-    default: anthropic.claude-3-sonnet-20240229-v1:0
+    default: anthropic.claude-3-5-sonnet-20240620-v1:0
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml
index f68c43390143d..ed5996dc1c423 100644
--- a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml
@@ -12,10 +12,10 @@ properties:
   defaultModel:
     type: string
     description: The generative artificial intelligence model for Google Gemini to use.
-    default: gemini-1.5-pro-preview-0409
+    default: gemini-1.5-pro-001
   gcpRegion:
     type: string
     description: The GCP region where the Vertex AI endpoint enabled.
   gcpProjectID:
     type: string
-    description: The Google ProjectID that has Vertex AI endpoint enabled.
\ No newline at end of file
+    description: The Google ProjectID that has Vertex AI endpoint enabled.
diff --git a/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap b/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap
index c9c525272a391..f1c55958c9284 100644
--- a/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap
+++ b/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap
@@ -628,7 +628,7 @@ Object {
     },
     "defaultModel": Object {
       "flags": Object {
-        "default": "anthropic.claude-3-sonnet-20240229-v1:0",
+        "default": "anthropic.claude-3-5-sonnet-20240620-v1:0",
         "error": [Function],
         "presence": "optional",
       },
@@ -2347,6 +2347,371 @@ Object {
 }
 `;
 
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 1`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "ids": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "items": Array [
+        Object {
+          "flags": Object {
+            "error": [Function],
+            "presence": "optional",
+          },
+          "rules": Array [
+            Object {
+              "args": Object {
+                "method": [Function],
+              },
+              "name": "custom",
+            },
+          ],
+          "type": "string",
+        },
+      ],
+      "type": "array",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 2`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "actionParameters": Object {
+      "flags": Object {
+        "default": [Function],
+        "error": [Function],
+        "presence": "optional",
+        "unknown": true,
+      },
+      "keys": Object {},
+      "metas": Array [
+        Object {
+          "x-oas-optional": true,
+        },
+      ],
+      "preferences": Object {
+        "stripUnknown": Object {
+          "objects": false,
+        },
+      },
+      "type": "object",
+    },
+    "alertIds": Object {
+      "flags": Object {
+        "default": [Function],
+        "error": [Function],
+        "presence": "optional",
+      },
+      "items": Array [
+        Object {
+          "flags": Object {
+            "error": [Function],
+            "presence": "optional",
+          },
+          "rules": Array [
+            Object {
+              "args": Object {
+                "method": [Function],
+              },
+              "name": "custom",
+            },
+          ],
+          "type": "string",
+        },
+      ],
+      "metas": Array [
+        Object {
+          "x-oas-optional": true,
+        },
+      ],
+      "type": "array",
+    },
+    "command": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "matches": Array [
+        Object {
+          "schema": Object {
+            "allow": Array [
+              "contain",
+            ],
+            "flags": Object {
+              "error": [Function],
+              "only": true,
+            },
+            "type": "any",
+          },
+        },
+        Object {
+          "schema": Object {
+            "allow": Array [
+              "lift_containment",
+            ],
+            "flags": Object {
+              "error": [Function],
+              "only": true,
+            },
+            "type": "any",
+          },
+        },
+      ],
+      "type": "alternatives",
+    },
+    "comment": Object {
+      "flags": Object {
+        "default": [Function],
+        "error": [Function],
+        "presence": "optional",
+      },
+      "metas": Array [
+        Object {
+          "x-oas-optional": true,
+        },
+      ],
+      "rules": Array [
+        Object {
+          "args": Object {
+            "method": [Function],
+          },
+          "name": "custom",
+        },
+      ],
+      "type": "string",
+    },
+    "ids": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "items": Array [
+        Object {
+          "flags": Object {
+            "error": [Function],
+            "presence": "optional",
+          },
+          "rules": Array [
+            Object {
+              "args": Object {
+                "method": [Function],
+              },
+              "name": "custom",
+            },
+          ],
+          "type": "string",
+        },
+      ],
+      "type": "array",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 3`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "ids": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "items": Array [
+        Object {
+          "flags": Object {
+            "error": [Function],
+            "presence": "optional",
+          },
+          "rules": Array [
+            Object {
+              "args": Object {
+                "method": [Function],
+              },
+              "name": "custom",
+            },
+          ],
+          "type": "string",
+        },
+      ],
+      "type": "array",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 4`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "url": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "rules": Array [
+        Object {
+          "args": Object {
+            "method": [Function],
+          },
+          "name": "custom",
+        },
+      ],
+      "type": "string",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 5`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "clientId": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "rules": Array [
+        Object {
+          "args": Object {
+            "method": [Function],
+          },
+          "name": "custom",
+        },
+      ],
+      "type": "string",
+    },
+    "clientSecret": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "rules": Array [
+        Object {
+          "args": Object {
+            "method": [Function],
+          },
+          "name": "custom",
+        },
+      ],
+      "type": "string",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
+exports[`Connector type config checks detect connector type changes for: .crowdstrike 6`] = `
+Object {
+  "flags": Object {
+    "default": Object {
+      "special": "deep",
+    },
+    "error": [Function],
+    "presence": "optional",
+  },
+  "keys": Object {
+    "subAction": Object {
+      "flags": Object {
+        "error": [Function],
+      },
+      "rules": Array [
+        Object {
+          "args": Object {
+            "method": [Function],
+          },
+          "name": "custom",
+        },
+      ],
+      "type": "string",
+    },
+    "subActionParams": Object {
+      "flags": Object {
+        "default": Object {
+          "special": "deep",
+        },
+        "error": [Function],
+        "presence": "optional",
+        "unknown": true,
+      },
+      "keys": Object {},
+      "preferences": Object {
+        "stripUnknown": Object {
+          "objects": false,
+        },
+      },
+      "type": "object",
+    },
+  },
+  "preferences": Object {
+    "stripUnknown": Object {
+      "objects": false,
+    },
+  },
+  "type": "object",
+}
+`;
+
 exports[`Connector type config checks detect connector type changes for: .d3security 1`] = `
 Object {
   "flags": Object {
@@ -3822,7 +4187,7 @@ Object {
     },
     "defaultModel": Object {
       "flags": Object {
-        "default": "gemini-1.5-pro-preview-0409",
+        "default": "gemini-1.5-pro-001",
         "error": [Function],
         "presence": "optional",
       },
diff --git a/x-pack/plugins/actions/server/integration_tests/mocks/connector_types.ts b/x-pack/plugins/actions/server/integration_tests/mocks/connector_types.ts
index c2ad283861b4f..79d6b4c8d7964 100644
--- a/x-pack/plugins/actions/server/integration_tests/mocks/connector_types.ts
+++ b/x-pack/plugins/actions/server/integration_tests/mocks/connector_types.ts
@@ -30,6 +30,7 @@ export const connectorTypes: string[] = [
   '.d3security',
   '.resilient',
   '.sentinelone',
+  '.crowdstrike',
   '.cases',
   '.observability-ai-assistant',
 ];
diff --git a/x-pack/plugins/actions/server/lib/action_executor.test.ts b/x-pack/plugins/actions/server/lib/action_executor.test.ts
index 015cc09fc383f..dfb0ccda5c45a 100644
--- a/x-pack/plugins/actions/server/lib/action_executor.test.ts
+++ b/x-pack/plugins/actions/server/lib/action_executor.test.ts
@@ -10,7 +10,7 @@ import { schema } from '@kbn/config-schema';
 import { ActionExecutor } from './action_executor';
 import { actionTypeRegistryMock } from '../action_type_registry.mock';
 import { encryptedSavedObjectsMock } from '@kbn/encrypted-saved-objects-plugin/server/mocks';
-import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import { httpServerMock, loggingSystemMock, analyticsServiceMock } from '@kbn/core/server/mocks';
 import { eventLoggerMock } from '@kbn/event-log-plugin/server/mocks';
 import { spacesServiceMock } from '@kbn/spaces-plugin/server/spaces_service/spaces_service.mock';
 import { ActionType as ConnectorType } from '../types';
@@ -26,6 +26,7 @@ import { PassThrough } from 'stream';
 import { SecurityConnectorFeatureId } from '../../common';
 import { TaskErrorSource } from '@kbn/task-manager-plugin/common';
 import { createTaskRunError, getErrorSource } from '@kbn/task-manager-plugin/server/task_running';
+import { GEN_AI_TOKEN_COUNT_EVENT } from './event_based_telemetry';
 
 const actionExecutor = new ActionExecutor({ isESOCanEncrypt: true });
 const services = actionsMock.createServices();
@@ -61,7 +62,6 @@ const securityMockStart = securityMock.createStart();
 
 const authorizationMock = actionsAuthorizationMock.create();
 const getActionsAuthorizationWithRequest = jest.fn();
-
 const actionExecutorInitializationParams = {
   logger: loggerMock,
   spaces: spacesMock,
@@ -69,6 +69,7 @@ const actionExecutorInitializationParams = {
   getServices: () => services,
   getUnsecuredServices: () => unsecuredServices,
   actionTypeRegistry: connectorTypeRegistry,
+  analyticsService: analyticsServiceMock.createAnalyticsServiceStart(),
   encryptedSavedObjectsClient,
   eventLogger,
   getActionsAuthorizationWithRequest,
@@ -1355,163 +1356,160 @@ describe('System actions', () => {
     });
   });
 });
-
-test('writes to event log for execute timeout', async () => {
-  setupActionExecutorMock();
-
-  await actionExecutor.logCancellation({
-    actionId: 'action1',
-    executionId: '123abc',
-    consumer: 'test-consumer',
-    relatedSavedObjects: [],
-    request: {} as KibanaRequest,
-    actionExecutionId: '2',
-  });
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(1);
-  expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
-    event: {
-      action: 'execute-timeout',
-      kind: 'action',
-    },
-    kibana: {
-      action: {
-        execution: {
-          uuid: '2',
-        },
-        name: undefined,
-        id: 'action1',
+describe('Event log', () => {
+  test('writes to event log for execute timeout', async () => {
+    setupActionExecutorMock();
+
+    await actionExecutor.logCancellation({
+      actionId: 'action1',
+      executionId: '123abc',
+      consumer: 'test-consumer',
+      relatedSavedObjects: [],
+      request: {} as KibanaRequest,
+      actionExecutionId: '2',
+    });
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(1);
+    expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
+      event: {
+        action: 'execute-timeout',
+        kind: 'action',
       },
-      alert: {
-        rule: {
-          consumer: 'test-consumer',
+      kibana: {
+        action: {
           execution: {
-            uuid: '123abc',
+            uuid: '2',
           },
-        },
-      },
-      saved_objects: [
-        {
+          name: undefined,
           id: 'action1',
-          namespace: 'some-namespace',
-          rel: 'primary',
-          type: 'action',
-          type_id: 'test',
         },
-      ],
-      space_ids: ['some-namespace'],
-    },
-    message:
-      'action: test:action1: \'action-1\' execution cancelled due to timeout - exceeded default timeout of "5m"',
+        alert: {
+          rule: {
+            consumer: 'test-consumer',
+            execution: {
+              uuid: '123abc',
+            },
+          },
+        },
+        saved_objects: [
+          {
+            id: 'action1',
+            namespace: 'some-namespace',
+            rel: 'primary',
+            type: 'action',
+            type_id: 'test',
+          },
+        ],
+        space_ids: ['some-namespace'],
+      },
+      message:
+        'action: test:action1: \'action-1\' execution cancelled due to timeout - exceeded default timeout of "5m"',
+    });
   });
-});
 
-test('writes to event log for execute and execute start', async () => {
-  const executorMock = setupActionExecutorMock();
-  executorMock.mockResolvedValue({
-    actionId: '1',
-    status: 'ok',
-  });
-  await actionExecutor.execute(executeParams);
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
-  expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
-    event: {
-      action: 'execute-start',
-      kind: 'action',
-    },
-    kibana: {
-      action: {
-        execution: {
-          uuid: '2',
-        },
-        name: 'action-1',
-        id: '1',
+  test('writes to event log for execute and execute start', async () => {
+    const executorMock = setupActionExecutorMock();
+    executorMock.mockResolvedValue({
+      actionId: '1',
+      status: 'ok',
+    });
+    await actionExecutor.execute(executeParams);
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
+    expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
+      event: {
+        action: 'execute-start',
+        kind: 'action',
       },
-      alert: {
-        rule: {
+      kibana: {
+        action: {
           execution: {
-            uuid: '123abc',
+            uuid: '2',
           },
-        },
-      },
-      saved_objects: [
-        {
+          name: 'action-1',
           id: '1',
-          namespace: 'some-namespace',
-          rel: 'primary',
-          type: 'action',
-          type_id: 'test',
         },
-      ],
-      space_ids: ['some-namespace'],
-    },
-    message: 'action started: test:1: action-1',
-  });
-});
-
-test('writes to event log for execute and execute start when consumer and related saved object are defined', async () => {
-  const executorMock = setupActionExecutorMock();
-  executorMock.mockResolvedValue({
-    actionId: '1',
-    status: 'ok',
-  });
-  await actionExecutor.execute({
-    ...executeParams,
-    consumer: 'test-consumer',
-    relatedSavedObjects: [
-      {
-        typeId: '.rule-type',
-        type: 'alert',
-        id: '12',
+        alert: {
+          rule: {
+            execution: {
+              uuid: '123abc',
+            },
+          },
+        },
+        saved_objects: [
+          {
+            id: '1',
+            namespace: 'some-namespace',
+            rel: 'primary',
+            type: 'action',
+            type_id: 'test',
+          },
+        ],
+        space_ids: ['some-namespace'],
       },
-    ],
+      message: 'action started: test:1: action-1',
+    });
   });
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
-  expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
-    event: {
-      action: 'execute-start',
-      kind: 'action',
-    },
-    kibana: {
-      action: {
-        execution: {
-          uuid: '2',
+
+  test('writes to event log for execute and execute start when consumer and related saved object are defined', async () => {
+    const executorMock = setupActionExecutorMock();
+    executorMock.mockResolvedValue({
+      actionId: '1',
+      status: 'ok',
+    });
+    await actionExecutor.execute({
+      ...executeParams,
+      consumer: 'test-consumer',
+      relatedSavedObjects: [
+        {
+          typeId: '.rule-type',
+          type: 'alert',
+          id: '12',
         },
-        name: 'action-1',
-        id: '1',
+      ],
+    });
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
+    expect(eventLogger.logEvent).toHaveBeenNthCalledWith(1, {
+      event: {
+        action: 'execute-start',
+        kind: 'action',
       },
-      alert: {
-        rule: {
-          consumer: 'test-consumer',
+      kibana: {
+        action: {
           execution: {
-            uuid: '123abc',
+            uuid: '2',
           },
-          rule_type_id: '.rule-type',
-        },
-      },
-      saved_objects: [
-        {
+          name: 'action-1',
           id: '1',
-          namespace: 'some-namespace',
-          rel: 'primary',
-          type: 'action',
-          type_id: 'test',
         },
-        {
-          id: '12',
-          namespace: undefined,
-          rel: 'primary',
-          type: 'alert',
-          type_id: '.rule-type',
+        alert: {
+          rule: {
+            consumer: 'test-consumer',
+            execution: {
+              uuid: '123abc',
+            },
+            rule_type_id: '.rule-type',
+          },
         },
-      ],
-      space_ids: ['some-namespace'],
-    },
-    message: 'action started: test:1: action-1',
+        saved_objects: [
+          {
+            id: '1',
+            namespace: 'some-namespace',
+            rel: 'primary',
+            type: 'action',
+            type_id: 'test',
+          },
+          {
+            id: '12',
+            namespace: undefined,
+            rel: 'primary',
+            type: 'alert',
+            type_id: '.rule-type',
+          },
+        ],
+        space_ids: ['some-namespace'],
+      },
+      message: 'action started: test:1: action-1',
+    });
   });
-});
-
-test('writes usage data to event log for OpenAI events', async () => {
-  const executorMock = setupActionExecutorMock('.gen-ai');
   const mockGenAi = {
     id: 'chatcmpl-7LztF5xsJl2z5jcNpJKvaPm4uWt8x',
     object: 'chat.completion',
@@ -1533,150 +1531,167 @@ test('writes usage data to event log for OpenAI events', async () => {
       },
     ],
   };
-  executorMock.mockResolvedValue({
-    actionId: '1',
-    status: 'ok',
-    // @ts-ignore
-    data: mockGenAi,
-  });
-  await actionExecutor.execute(executeParams);
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
-  expect(eventLogger.logEvent).toHaveBeenNthCalledWith(2, {
-    event: {
-      action: 'execute',
-      kind: 'action',
-      outcome: 'success',
-    },
-    kibana: {
-      action: {
-        execution: {
-          uuid: '2',
-          gen_ai: {
-            usage: mockGenAi.usage,
-          },
-        },
-        name: 'action-1',
-        id: '1',
+  test('writes usage data to event log for OpenAI events', async () => {
+    const executorMock = setupActionExecutorMock('.gen-ai');
+
+    executorMock.mockResolvedValue({
+      actionId: '1',
+      status: 'ok',
+      // @ts-ignore
+      data: mockGenAi,
+    });
+    await actionExecutor.execute(executeParams);
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
+    expect(eventLogger.logEvent).toHaveBeenNthCalledWith(2, {
+      event: {
+        action: 'execute',
+        kind: 'action',
+        outcome: 'success',
       },
-      alert: {
-        rule: {
+      kibana: {
+        action: {
           execution: {
-            uuid: '123abc',
+            uuid: '2',
+            gen_ai: {
+              usage: mockGenAi.usage,
+            },
           },
-        },
-      },
-      saved_objects: [
-        {
+          name: 'action-1',
           id: '1',
-          namespace: 'some-namespace',
-          rel: 'primary',
-          type: 'action',
-          type_id: '.gen-ai',
         },
-      ],
-      space_ids: ['some-namespace'],
-    },
-    message: 'action executed: .gen-ai:1: action-1',
-    user: { name: 'coolguy', id: '123' },
+        alert: {
+          rule: {
+            execution: {
+              uuid: '123abc',
+            },
+          },
+        },
+        saved_objects: [
+          {
+            id: '1',
+            namespace: 'some-namespace',
+            rel: 'primary',
+            type: 'action',
+            type_id: '.gen-ai',
+          },
+        ],
+        space_ids: ['some-namespace'],
+      },
+      message: 'action executed: .gen-ai:1: action-1',
+      user: { name: 'coolguy', id: '123' },
+    });
   });
-});
 
-test('writes usage data to event log for streaming OpenAI events', async () => {
-  const executorMock = setupActionExecutorMock('.gen-ai', {
-    params: { schema: schema.any() },
-    config: { schema: schema.any() },
-    secrets: { schema: schema.any() },
-  });
+  test('writes usage data to event log for streaming OpenAI events', async () => {
+    const executorMock = setupActionExecutorMock('.gen-ai', {
+      params: { schema: schema.any() },
+      config: { schema: schema.any() },
+      secrets: { schema: schema.any() },
+    });
 
-  const stream = new PassThrough();
+    const stream = new PassThrough();
 
-  executorMock.mockResolvedValue({
-    actionId: '1',
-    status: 'ok',
-    // @ts-ignore
-    data: stream,
-  });
+    executorMock.mockResolvedValue({
+      actionId: '1',
+      status: 'ok',
+      // @ts-ignore
+      data: stream,
+    });
 
-  await actionExecutor.execute({
-    ...executeParams,
-    params: {
-      subActionParams: {
-        body: JSON.stringify({
-          messages: [
-            {
-              role: 'system',
-              content: 'System message',
-            },
-            {
-              role: 'user',
-              content: 'User message',
-            },
-          ],
-        }),
+    await actionExecutor.execute({
+      ...executeParams,
+      params: {
+        subActionParams: {
+          body: JSON.stringify({
+            messages: [
+              {
+                role: 'system',
+                content: 'System message',
+              },
+              {
+                role: 'user',
+                content: 'User message',
+              },
+            ],
+          }),
+        },
       },
-    },
-  });
+    });
 
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(1);
-  stream.write(
-    `data: ${JSON.stringify({
-      object: 'chat.completion.chunk',
-      choices: [{ delta: { content: 'Single' } }],
-    })}\n`
-  );
-  stream.write(`data: [DONE]`);
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(1);
+    stream.write(
+      `data: ${JSON.stringify({
+        object: 'chat.completion.chunk',
+        choices: [{ delta: { content: 'Single' } }],
+      })}\n`
+    );
+    stream.write(`data: [DONE]`);
 
-  stream.end();
+    stream.end();
 
-  await finished(stream);
+    await finished(stream);
 
-  await new Promise(process.nextTick);
+    await new Promise(process.nextTick);
 
-  expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
-  expect(eventLogger.logEvent).toHaveBeenNthCalledWith(2, {
-    event: {
-      action: 'execute',
-      kind: 'action',
-      outcome: 'success',
-    },
-    kibana: {
-      action: {
-        execution: {
-          uuid: '2',
-          gen_ai: {
-            usage: {
-              completion_tokens: 5,
-              prompt_tokens: 30,
-              total_tokens: 35,
+    expect(eventLogger.logEvent).toHaveBeenCalledTimes(2);
+    expect(eventLogger.logEvent).toHaveBeenNthCalledWith(2, {
+      event: {
+        action: 'execute',
+        kind: 'action',
+        outcome: 'success',
+      },
+      kibana: {
+        action: {
+          execution: {
+            uuid: '2',
+            gen_ai: {
+              usage: {
+                completion_tokens: 5,
+                prompt_tokens: 30,
+                total_tokens: 35,
+              },
             },
           },
+          name: 'action-1',
+          id: '1',
         },
-        name: 'action-1',
-        id: '1',
-      },
-      alert: {
-        rule: {
-          execution: {
-            uuid: '123abc',
+        alert: {
+          rule: {
+            execution: {
+              uuid: '123abc',
+            },
           },
         },
+        saved_objects: [
+          {
+            id: '1',
+            namespace: 'some-namespace',
+            rel: 'primary',
+            type: 'action',
+            type_id: '.gen-ai',
+          },
+        ],
+        space_ids: ['some-namespace'],
       },
-      saved_objects: [
-        {
-          id: '1',
-          namespace: 'some-namespace',
-          rel: 'primary',
-          type: 'action',
-          type_id: '.gen-ai',
-        },
-      ],
-      space_ids: ['some-namespace'],
-    },
-    message: 'action executed: .gen-ai:1: action-1',
-    user: { name: 'coolguy', id: '123' },
+      message: 'action executed: .gen-ai:1: action-1',
+      user: { name: 'coolguy', id: '123' },
+    });
+  });
+  test('reports telemetry for token count events', async () => {
+    const executorMock = setupActionExecutorMock('.gen-ai');
+    executorMock.mockResolvedValue({
+      actionId: '1',
+      status: 'ok',
+      // @ts-ignore
+      data: mockGenAi,
+    });
+    await actionExecutor.execute(executeParams);
+    expect(actionExecutorInitializationParams.analyticsService.reportEvent).toHaveBeenCalledWith(
+      GEN_AI_TOKEN_COUNT_EVENT.eventType,
+      { actionTypeId: '.gen-ai', completion_tokens: 9, prompt_tokens: 10, total_tokens: 19 }
+    );
   });
 });
-
 function setupActionExecutorMock(
   actionTypeId = 'test',
   validationOverride?: ConnectorType['validate']
diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts
index c06e33bf3df6a..5ca37f6ee871c 100644
--- a/x-pack/plugins/actions/server/lib/action_executor.ts
+++ b/x-pack/plugins/actions/server/lib/action_executor.ts
@@ -6,7 +6,12 @@
  */
 
 import type { PublicMethodsOf } from '@kbn/utility-types';
-import { KibanaRequest, Logger, SavedObjectsErrorHelpers } from '@kbn/core/server';
+import {
+  AnalyticsServiceStart,
+  KibanaRequest,
+  Logger,
+  SavedObjectsErrorHelpers,
+} from '@kbn/core/server';
 import { cloneDeep } from 'lodash';
 import { set } from '@kbn/safer-lodash-set';
 import { withSpan } from '@kbn/apm-utils';
@@ -16,6 +21,7 @@ import { IEventLogger, SAVED_OBJECT_REL_PRIMARY } from '@kbn/event-log-plugin/se
 import { AuthenticatedUser, SecurityPluginStart } from '@kbn/security-plugin/server';
 import { createTaskRunError, TaskErrorSource } from '@kbn/task-manager-plugin/server';
 import { getErrorSource } from '@kbn/task-manager-plugin/server/task_running';
+import { GEN_AI_TOKEN_COUNT_EVENT } from './event_based_telemetry';
 import { getGenAiTokenTracking, shouldTrackGenAiToken } from './gen_ai_token_tracking';
 import {
   validateConfig,
@@ -58,6 +64,7 @@ export interface ActionExecutorContext {
   getUnsecuredServices: GetUnsecuredServicesFunction;
   encryptedSavedObjectsClient: EncryptedSavedObjectsClient;
   actionTypeRegistry: ActionTypeRegistryContract;
+  analyticsService: AnalyticsServiceStart;
   eventLogger: IEventLogger;
   inMemoryConnectors: InMemoryConnector[];
   getActionsAuthorizationWithRequest: (request: KibanaRequest) => ActionsAuthorization;
@@ -380,7 +387,7 @@ export class ActionExecutor {
         },
       },
       async (span) => {
-        const { actionTypeRegistry, eventLogger } = this.actionExecutorContext!;
+        const { actionTypeRegistry, analyticsService, eventLogger } = this.actionExecutorContext!;
 
         const actionInfo = await this.getActionInfoInternal(actionId, namespace.namespace);
 
@@ -587,6 +594,15 @@ export class ActionExecutor {
                   prompt_tokens: tokenTracking.prompt_tokens,
                   completion_tokens: tokenTracking.completion_tokens,
                 });
+                analyticsService.reportEvent(GEN_AI_TOKEN_COUNT_EVENT.eventType, {
+                  actionTypeId,
+                  total_tokens: tokenTracking.total_tokens,
+                  prompt_tokens: tokenTracking.prompt_tokens,
+                  completion_tokens: tokenTracking.completion_tokens,
+                  ...(actionTypeId === '.gen-ai' && config?.apiProvider != null
+                    ? { provider: config?.apiProvider }
+                    : {}),
+                });
               }
             })
             .catch((err) => {
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts b/x-pack/plugins/actions/server/lib/event_based_telemetry.ts
similarity index 50%
rename from x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts
rename to x-pack/plugins/actions/server/lib/event_based_telemetry.ts
index 4305556923c99..eb7ad8dbdfb65 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts
+++ b/x-pack/plugins/actions/server/lib/event_based_telemetry.ts
@@ -5,11 +5,16 @@
  * 2.0.
  */
 
-import type { TelemetryEvent } from '../../types';
-import { TelemetryEventTypes } from '../../constants';
+import type { EventTypeOpts } from '@kbn/core/server';
 
-export const insightsGeneratedEvent: TelemetryEvent = {
-  eventType: TelemetryEventTypes.AttackDiscoveriesGenerated,
+export const GEN_AI_TOKEN_COUNT_EVENT: EventTypeOpts<{
+  actionTypeId: string;
+  total_tokens: number;
+  prompt_tokens: number;
+  completion_tokens: number;
+  provider?: string;
+}> = {
+  eventType: 'gen_ai_token_count',
   schema: {
     actionTypeId: {
       type: 'keyword',
@@ -18,41 +23,27 @@ export const insightsGeneratedEvent: TelemetryEvent = {
         optional: false,
       },
     },
-    durationMs: {
+    total_tokens: {
       type: 'integer',
       _meta: {
-        description: 'Duration of request in ms',
+        description: 'Total token count',
         optional: false,
       },
     },
-    alertsContextCount: {
+    prompt_tokens: {
       type: 'integer',
       _meta: {
-        description: 'Number of alerts sent as context to the LLM',
+        description: 'Prompt token count',
         optional: false,
       },
     },
-    alertsCount: {
+    completion_tokens: {
       type: 'integer',
       _meta: {
-        description: 'Number of unique alerts referenced in the attack discoveries',
+        description: 'Completion token count',
         optional: false,
       },
     },
-    configuredAlertsCount: {
-      type: 'integer',
-      _meta: {
-        description: 'Number of alerts configured by the user',
-        optional: false,
-      },
-    },
-    model: {
-      type: 'keyword',
-      _meta: {
-        description: 'LLM model',
-        optional: true,
-      },
-    },
     provider: {
       type: 'keyword',
       _meta: {
@@ -62,3 +53,5 @@ export const insightsGeneratedEvent: TelemetryEvent = {
     },
   },
 };
+
+export const events: Array<EventTypeOpts<{ [key: string]: unknown }>> = [GEN_AI_TOKEN_COUNT_EVENT];
diff --git a/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts b/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
index 96a3059ef852a..c5f10f728065e 100644
--- a/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
+++ b/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
@@ -17,6 +17,7 @@ import {
   loggingSystemMock,
   httpServiceMock,
   savedObjectsRepositoryMock,
+  analyticsServiceMock,
 } from '@kbn/core/server/mocks';
 import { eventLoggerMock } from '@kbn/event-log-plugin/server/mocks';
 import { ActionTypeDisabledError } from './errors';
@@ -96,6 +97,7 @@ const actionExecutorInitializerParams = {
   encryptedSavedObjectsClient: mockedEncryptedSavedObjectsClient,
   eventLogger,
   inMemoryConnectors: [],
+  analyticsService: analyticsServiceMock.createAnalyticsServiceStart(),
 };
 
 const taskRunnerFactoryInitializerParams = {
diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts
index 651de2ea04137..111e0509f81ac 100644
--- a/x-pack/plugins/actions/server/plugin.ts
+++ b/x-pack/plugins/actions/server/plugin.ts
@@ -44,6 +44,7 @@ import { MonitoringCollectionSetup } from '@kbn/monitoring-collection-plugin/ser
 import { ServerlessPluginSetup, ServerlessPluginStart } from '@kbn/serverless/server';
 import { ActionsConfig, AllowedHosts, EnabledConnectorTypes, getValidatedConfig } from './config';
 import { resolveCustomHosts } from './lib/custom_host_settings';
+import { events } from './lib/event_based_telemetry';
 import { ActionsClient } from './actions_client/actions_client';
 import { ActionTypeRegistry } from './action_type_registry';
 import {
@@ -249,7 +250,7 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     this.eventLogger = plugins.eventLog.getLogger({
       event: { provider: EVENT_LOG_PROVIDER },
     });
-
+    events.forEach((eventConfig) => core.analytics.registerEventType(eventConfig));
     const actionExecutor = new ActionExecutor({
       isESOCanEncrypt: this.isESOCanEncrypt,
     });
@@ -571,6 +572,7 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
       getActionsAuthorizationWithRequest(request: KibanaRequest) {
         return instantiateAuthorization(request);
       },
+      analyticsService: core.analytics,
     });
 
     taskRunnerFactory!.initialize({
diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx
index 21f5db55fce6f..fc8f635394b50 100644
--- a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx
+++ b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx
@@ -186,7 +186,11 @@ export const LogRateAnalysisResults: FC<LogRateAnalysisResultsProps> = ({
   );
   const [shouldStart, setShouldStart] = useState(false);
   const [toggleIdSelected, setToggleIdSelected] = useState(resultsGroupedOffId);
-  const [skippedColumns, setSkippedColumns] = useState<ColumnNames[]>(['p-value']);
+  const [skippedColumns, setSkippedColumns] = useState<ColumnNames[]>([
+    'p-value',
+    'Baseline rate',
+    'Deviation rate',
+  ]);
 
   const onGroupResultsToggle = (optionId: string) => {
     setToggleIdSelected(optionId);
diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts
new file mode 100644
index 0000000000000..c5eb9e75ad7a5
--- /dev/null
+++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { LOG_RATE_ANALYSIS_TYPE } from '@kbn/aiops-log-rate-analysis';
+
+export function getLogRateChange(
+  analysisType: typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE],
+  baselineBucketRate: number,
+  deviationBucketRate: number
+) {
+  let message;
+  let factor;
+
+  if (analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE) {
+    if (baselineBucketRate > 0) {
+      factor = Math.round(((deviationBucketRate / baselineBucketRate) * 100) / 100);
+      message = i18n.translate(
+        'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateFactorIncreaseLabel',
+        {
+          defaultMessage: '{factor}x higher',
+          values: {
+            factor,
+          },
+        }
+      );
+    } else {
+      message = i18n.translate(
+        'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateDocIncreaseLabel',
+        {
+          defaultMessage:
+            '{deviationBucketRate} {deviationBucketRate, plural, one {doc} other {docs}} rate up from 0 in baseline',
+          values: { deviationBucketRate },
+        }
+      );
+    }
+  } else {
+    if (deviationBucketRate > 0) {
+      // For dip, "doc count" refers to the amount of documents in the baseline time range so we use baselineBucketRate
+      factor = Math.round(((baselineBucketRate / deviationBucketRate) * 100) / 100);
+      message = i18n.translate(
+        'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateFactorDecreaseLabel',
+        {
+          defaultMessage: '{factor}x lower',
+          values: {
+            factor,
+          },
+        }
+      );
+    } else {
+      message = i18n.translate(
+        'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateDocDecreaseLabel',
+        {
+          defaultMessage: 'docs rate down to 0 from {baselineBucketRate} in baseline',
+          values: { baselineBucketRate },
+        }
+      );
+    }
+  }
+
+  return { message, factor };
+}
+
+export function getBaselineAndDeviationRates(
+  analysisType: typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE],
+  baselineBuckets: number,
+  deviationBuckets: number,
+  docCount: number | undefined,
+  bgCount: number | undefined
+) {
+  let baselineBucketRate;
+  let deviationBucketRate;
+  if (analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE) {
+    if (bgCount !== undefined) {
+      baselineBucketRate = Math.round(bgCount / baselineBuckets);
+    }
+
+    if (docCount !== undefined) {
+      deviationBucketRate = Math.round(docCount / deviationBuckets);
+    }
+  } else {
+    // For dip, the "doc count" refers to the amount of documents in the baseline time range so we set baselineBucketRate
+    if (docCount !== undefined) {
+      baselineBucketRate = Math.round(docCount / baselineBuckets);
+    }
+
+    if (bgCount !== undefined) {
+      deviationBucketRate = Math.round(bgCount / deviationBuckets);
+    }
+  }
+
+  return { baselineBucketRate, deviationBucketRate };
+}
diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx
index 3124e18a29ebe..7f9df2468acf7 100644
--- a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx
+++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx
@@ -149,6 +149,7 @@ export const LogRateAnalysisResultsGroupsTable: FC<LogRateAnalysisResultsTablePr
     {
       'data-test-subj': 'aiopsLogRateAnalysisResultsGroupsTableColumnGroup',
       field: 'group',
+      width: skippedColumns.length < 3 ? '34%' : '50%',
       name: (
         <>
           <FormattedMessage
diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_columns.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_columns.tsx
index fa52207865f3c..40ea76fceddc4 100644
--- a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_columns.tsx
+++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_columns.tsx
@@ -6,7 +6,14 @@
  */
 
 import React, { useMemo } from 'react';
-import { type EuiBasicTableColumn, EuiBadge, EuiCode, EuiIconTip, EuiText } from '@elastic/eui';
+import {
+  type EuiBasicTableColumn,
+  EuiBadge,
+  EuiCode,
+  EuiIcon,
+  EuiIconTip,
+  EuiText,
+} from '@elastic/eui';
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -14,6 +21,7 @@ import { type SignificantItem, SIGNIFICANT_ITEM_TYPE } from '@kbn/ml-agg-utils';
 import { getCategoryQuery } from '@kbn/aiops-log-pattern-analysis/get_category_query';
 import type { FieldStatsServices } from '@kbn/unified-field-list/src/components/field_stats';
 import { useAppSelector } from '@kbn/aiops-log-rate-analysis/state';
+import { LOG_RATE_ANALYSIS_TYPE } from '@kbn/aiops-log-rate-analysis';
 import { getFailedTransactionsCorrelationImpactLabel } from './get_failed_transactions_correlation_impact_label';
 import { FieldStatsPopover } from '../field_stats_popover';
 import { useAiopsAppContext } from '../../hooks/use_aiops_app_context';
@@ -23,10 +31,9 @@ import { useViewInDiscoverAction } from './use_view_in_discover_action';
 import { useViewInLogPatternAnalysisAction } from './use_view_in_log_pattern_analysis_action';
 import { useCopyToClipboardAction } from './use_copy_to_clipboard_action';
 import { MiniHistogram } from '../mini_histogram';
+import { getBaselineAndDeviationRates, getLogRateChange } from './get_baseline_and_deviation_rates';
 
 const TRUNCATE_TEXT_LINES = 3;
-const ACTIONS_COLUMN_WIDTH = '60px';
-const NARROW_COLUMN_WIDTH = '120px';
 const UNIQUE_COLUMN_WIDTH = '40px';
 const NOT_AVAILABLE = '--';
 
@@ -43,6 +50,24 @@ export const commonColumns = {
   ['Impact']: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.impactColumnTitle', {
     defaultMessage: 'Impact',
   }),
+  ['Baseline rate']: i18n.translate(
+    'xpack.aiops.logRateAnalysis.resultsTable.baselineRateColumnTitle',
+    {
+      defaultMessage: 'Baseline rate',
+    }
+  ),
+  ['Deviation rate']: i18n.translate(
+    'xpack.aiops.logRateAnalysis.resultsTable.deviationRateColumnTitle',
+    {
+      defaultMessage: 'Deviation rate',
+    }
+  ),
+  ['Log rate change']: i18n.translate(
+    'xpack.aiops.logRateAnalysis.resultsTable.logRateChangeColumnTitle',
+    {
+      defaultMessage: 'Log rate change',
+    }
+  ),
   ['Actions']: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.actionsColumnTitle', {
     defaultMessage: 'Actions',
   }),
@@ -96,6 +121,25 @@ const impactMessage = i18n.translate(
     defaultMessage: 'The level of impact of the field on the message rate difference.',
   }
 );
+const logRateChangeMessage = i18n.translate(
+  'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateChangeLabelColumnTooltip',
+  {
+    defaultMessage:
+      'The factor by which the log rate changed. This value is normalized to account for differing lengths in baseline and deviation time ranges.',
+  }
+);
+const baselineRateMessage = i18n.translate(
+  'xpack.aiops.logRateAnalysis.resultsTableGroups.baselineRateLabelColumnTooltip',
+  {
+    defaultMessage: 'The average number of documents per baseline bucket.',
+  }
+);
+const deviationRateMessage = i18n.translate(
+  'xpack.aiops.logRateAnalysis.resultsTableGroups.deviationRateLabelColumnTooltip',
+  {
+    defaultMessage: 'The average number of documents per deviation bucket.',
+  }
+);
 
 export const useColumns = (
   tableType: LogRateAnalysisResultsTableType,
@@ -117,8 +161,14 @@ export const useColumns = (
 
   const loading = useAppSelector((s) => s.logRateAnalysisStream.isRunning);
   const zeroDocsFallback = useAppSelector((s) => s.logRateAnalysisResults.zeroDocsFallback);
+  const {
+    analysisType,
+    windowParameters,
+    documentStats: { documentCountStats },
+  } = useAppSelector((s) => s.logRateAnalysis);
 
   const isGroupsTable = tableType === LOG_RATE_ANALYSIS_RESULTS_TABLE_TYPE.GROUPS;
+  const interval = documentCountStats?.interval ?? 0;
 
   const fieldStatsServices: FieldStatsServices = useMemo(() => {
     return {
@@ -130,11 +180,22 @@ export const useColumns = (
     };
   }, [uiSettings, data, fieldFormats, charts]);
 
+  const buckets = useMemo(() => {
+    if (windowParameters === undefined) return;
+
+    const { baselineMin, baselineMax, deviationMin, deviationMax } = windowParameters;
+    const baselineBuckets = (baselineMax - baselineMin) / interval;
+    const deviationBuckets = (deviationMax - deviationMin) / interval;
+
+    return { baselineBuckets, deviationBuckets };
+  }, [windowParameters, interval]);
+
   const columnsMap: Record<ColumnNames, EuiBasicTableColumn<SignificantItem>> = useMemo(
     () => ({
       ['Field name']: {
         'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnFieldName',
         field: 'fieldName',
+        width: skippedColumns.length < 3 ? '17%' : '25%',
         name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.fieldNameLabel', {
           defaultMessage: 'Field name',
         }),
@@ -163,19 +224,26 @@ export const useColumns = (
                 />
               )}
               {type === SIGNIFICANT_ITEM_TYPE.LOG_PATTERN && (
-                <EuiIconTip
-                  type="aggregate"
-                  data-test-subj={'aiopsLogPatternIcon'}
-                  css={{ marginLeft: euiTheme.euiSizeS, marginRight: euiTheme.euiSizeXS }}
-                  size="m"
-                  content={i18n.translate(
-                    'xpack.aiops.fieldContextPopover.descriptionTooltipLogPattern',
-                    {
-                      defaultMessage:
-                        'The field value for this field shows an example of the identified significant text field pattern.',
-                    }
-                  )}
-                />
+                <span
+                  // match the margins of the FieldStatsPopover button
+                  css={{
+                    marginLeft: euiTheme.euiSizeS,
+                    marginRight: euiTheme.euiSizeXS,
+                  }}
+                >
+                  <EuiIconTip
+                    type="aggregate"
+                    data-test-subj={'aiopsLogPatternIcon'}
+                    size="m"
+                    content={i18n.translate(
+                      'xpack.aiops.fieldContextPopover.descriptionTooltipLogPattern',
+                      {
+                        defaultMessage:
+                          'The field value for this field shows an example of the identified significant text field pattern.',
+                      }
+                    )}
+                  />
+                </span>
               )}
 
               <span title={fieldName} className="eui-textTruncate">
@@ -190,6 +258,7 @@ export const useColumns = (
       ['Field value']: {
         'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnFieldValue',
         field: 'fieldValue',
+        width: skippedColumns.length < 3 ? '17%' : '25%',
         name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.fieldValueLabel', {
           defaultMessage: 'Field value',
         }),
@@ -213,7 +282,7 @@ export const useColumns = (
       },
       ['Log rate']: {
         'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnLogRate',
-        width: NARROW_COLUMN_WIDTH,
+        width: '8%',
         field: 'pValue',
         name: (
           <>
@@ -246,7 +315,7 @@ export const useColumns = (
       },
       ['Impact']: {
         'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnImpact',
-        width: NARROW_COLUMN_WIDTH,
+        width: '8%',
         field: 'pValue',
         name: (
           <>
@@ -273,9 +342,149 @@ export const useColumns = (
         sortable: true,
         valign: 'middle',
       },
+      ['Baseline rate']: {
+        'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnBaselineRateChange',
+        field: 'bg_count',
+        name: (
+          <>
+            <FormattedMessage
+              id="xpack.aiops.logRateAnalysis.resultsTable.baselineRateLabel"
+              defaultMessage="Baseline rate"
+            />
+            &nbsp;
+            <EuiIconTip
+              size="s"
+              position="top"
+              color="subdued"
+              type="questionInCircle"
+              className="eui-alignTop"
+              content={baselineRateMessage}
+            />
+          </>
+        ),
+        render: (_, { bg_count: bgCount, doc_count: docCount }) => {
+          if (
+            interval === 0 ||
+            windowParameters === undefined ||
+            buckets === undefined ||
+            isGroupsTable
+          )
+            return NOT_AVAILABLE;
+
+          const { baselineBucketRate } = getBaselineAndDeviationRates(
+            analysisType,
+            buckets.baselineBuckets,
+            buckets.deviationBuckets,
+            docCount,
+            bgCount
+          );
+
+          return <>{baselineBucketRate}</>;
+        },
+        sortable: true,
+        valign: 'middle',
+      },
+      ['Deviation rate']: {
+        'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnDeviationRateChange',
+        field: 'doc_count',
+        name: (
+          <>
+            <FormattedMessage
+              id="xpack.aiops.logRateAnalysis.resultsTable.deviationRateLabel"
+              defaultMessage="Deviation rate"
+            />
+            &nbsp;
+            <EuiIconTip
+              size="s"
+              position="top"
+              color="subdued"
+              type="questionInCircle"
+              className="eui-alignTop"
+              content={deviationRateMessage}
+            />
+          </>
+        ),
+        render: (_, { doc_count: docCount, bg_count: bgCount }) => {
+          if (
+            interval === 0 ||
+            windowParameters === undefined ||
+            buckets === undefined ||
+            isGroupsTable
+          )
+            return NOT_AVAILABLE;
+
+          const { deviationBucketRate } = getBaselineAndDeviationRates(
+            analysisType,
+            buckets.baselineBuckets,
+            buckets.deviationBuckets,
+            docCount,
+            bgCount
+          );
+
+          return <>{deviationBucketRate}</>;
+        },
+        sortable: true,
+        valign: 'middle',
+      },
+      ['Log rate change']: {
+        'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnLogRateChange',
+        name: (
+          <>
+            <FormattedMessage
+              id="xpack.aiops.logRateAnalysis.resultsTable.logRateChangeLabel"
+              defaultMessage="Log rate change"
+            />
+            &nbsp;
+            <EuiIconTip
+              size="s"
+              position="top"
+              color="subdued"
+              type="questionInCircle"
+              className="eui-alignTop"
+              content={logRateChangeMessage}
+            />
+          </>
+        ),
+        render: ({ doc_count: docCount, bg_count: bgCount }: SignificantItem) => {
+          if (
+            interval === 0 ||
+            windowParameters === undefined ||
+            buckets === undefined ||
+            isGroupsTable
+          )
+            return NOT_AVAILABLE;
+
+          const { baselineBucketRate, deviationBucketRate } = getBaselineAndDeviationRates(
+            analysisType,
+            buckets.baselineBuckets,
+            buckets.deviationBuckets,
+            docCount,
+            bgCount
+          );
+
+          const logRateChange = getLogRateChange(
+            analysisType,
+            baselineBucketRate!,
+            deviationBucketRate!
+          );
+
+          return (
+            <>
+              <EuiIcon
+                size="s"
+                color="subdued"
+                type={analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE ? 'sortUp' : 'sortDown'}
+                className="eui-alignTop"
+              />
+              &nbsp;
+              {logRateChange.message}
+            </>
+          );
+        },
+        valign: 'middle',
+      },
       ['p-value']: {
         'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnPValue',
-        width: NARROW_COLUMN_WIDTH,
         field: 'pValue',
         name: (
           <>
@@ -308,7 +517,7 @@ export const useColumns = (
         'data-test-subj': isGroupsTable
           ? 'aiopsLogRateAnalysisResultsGroupsTableColumnDocCount'
           : 'aiopsLogRateAnalysisResultsTableColumnDocCount',
-        width: NARROW_COLUMN_WIDTH,
+        width: '8%',
         field: isGroupsTable ? 'docCount' : 'doc_count',
         name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.docCountLabel', {
           defaultMessage: 'Doc count',
@@ -326,7 +535,7 @@ export const useColumns = (
           ...(viewInLogPatternAnalysisAction ? [viewInLogPatternAnalysisAction] : []),
           copyToClipBoardAction,
         ],
-        width: ACTIONS_COLUMN_WIDTH,
+        width: '4%',
         valign: 'middle',
       },
       unique: {
diff --git a/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx b/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx
index f3bd3c359a342..16ad06b103927 100644
--- a/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx
+++ b/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx
@@ -34,11 +34,13 @@ export function createAddChangePointChartAction(
         id: 'ml',
         getDisplayName: () =>
           i18n.translate('xpack.aiops.navMenu.mlAppNameText', {
-            defaultMessage: 'Machine Learning',
+            defaultMessage: 'Machine Learning and Analytics',
           }),
         getIconType: () => 'machineLearningApp',
       },
     ],
+    order: 10,
+    getIconType: () => 'machineLearningApp',
     getDisplayName: () =>
       i18n.translate('xpack.aiops.embeddableChangePointChartDisplayName', {
         defaultMessage: 'Change point detection',
diff --git a/x-pack/plugins/aiops/public/ui_actions/index.ts b/x-pack/plugins/aiops/public/ui_actions/index.ts
index daa1b8ffd5ff8..c8e4edb58792b 100644
--- a/x-pack/plugins/aiops/public/ui_actions/index.ts
+++ b/x-pack/plugins/aiops/public/ui_actions/index.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public';
+import { type UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public';
 import {
   categorizeFieldTrigger,
@@ -26,7 +26,7 @@ export function registerAiopsUiActions(
   const openChangePointInMlAppAction = createOpenChangePointInMlAppAction(coreStart, pluginStart);
   const addChangePointChartAction = createAddChangePointChartAction(coreStart, pluginStart);
 
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addChangePointChartAction);
+  uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addChangePointChartAction);
 
   uiActions.registerTrigger(categorizeFieldTrigger);
 
diff --git a/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts b/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts
index ad28d03235caf..aad7bb2823606 100644
--- a/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts
+++ b/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts
@@ -243,6 +243,9 @@ describe('mappingFromFieldMap', () => {
                 last_detected: {
                   type: 'date',
                 },
+                previous_action_group: {
+                  type: 'keyword',
+                },
                 reason: {
                   type: 'keyword',
                   fields: {
@@ -293,6 +296,9 @@ describe('mappingFromFieldMap', () => {
                     },
                   },
                 },
+                severity_improving: {
+                  type: 'boolean',
+                },
                 start: {
                   type: 'date',
                 },
diff --git a/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts b/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts
index 8db238b89ee81..268ef7f5e90d1 100644
--- a/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts
+++ b/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts
@@ -53,7 +53,11 @@ export const backfillResponseSchema = schema.object({
 
 export const errorResponseSchema = schema.object({
   error: schema.object({
-    error: schema.string(),
     message: schema.string(),
+    status: schema.maybe(schema.number()),
+    rule: schema.object({
+      id: schema.string(),
+      name: schema.maybe(schema.string()),
+    }),
   }),
 });
diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts
index ef6f93d5894a2..94def475cb387 100644
--- a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts
@@ -4,6 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+
 import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
 import type { UpdateByQueryRequest } from '@elastic/elasticsearch/lib/api/types';
 import { UntypedNormalizedRuleType } from '../rule_type_registry';
@@ -22,6 +23,7 @@ import {
   ALERT_FLAPPING_HISTORY,
   ALERT_INSTANCE_ID,
   ALERT_MAINTENANCE_WINDOW_IDS,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_EXECUTION_TIMESTAMP,
@@ -33,6 +35,7 @@ import {
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_START,
   ALERT_STATUS,
   ALERT_TIME_RANGE,
@@ -235,6 +238,7 @@ const getNewIndexedAlertDoc = (overrides = {}) => ({
   [ALERT_RULE_TYPE_ID]: 'test.rule-type',
   [ALERT_RULE_TAGS]: ['rule-', '-tags'],
   [ALERT_RULE_UUID]: '1',
+  [ALERT_SEVERITY_IMPROVING]: false,
   [ALERT_START]: date,
   [ALERT_STATUS]: 'active',
   [ALERT_TIME_RANGE]: { gte: date },
@@ -253,6 +257,8 @@ const getOngoingIndexedAlertDoc = (overrides = {}) => ({
   [ALERT_FLAPPING_HISTORY]: [true, false],
   [ALERT_START]: '2023-03-28T12:27:28.159Z',
   [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' },
+  [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
+  [ALERT_SEVERITY_IMPROVING]: undefined,
   ...overrides,
 });
 
@@ -267,6 +273,8 @@ const getRecoveredIndexedAlertDoc = (overrides = {}) => ({
   [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: date },
   [ALERT_STATUS]: 'recovered',
   [ALERT_CONSECUTIVE_MATCHES]: 0,
+  [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
+  [ALERT_SEVERITY_IMPROVING]: true,
   ...overrides,
 });
 
@@ -682,6 +690,7 @@ describe('Alerts Client', () => {
                 [ALERT_FLAPPING]: false,
                 [ALERT_FLAPPING_HISTORY]: [true, false],
                 [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+                [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
                 [ALERT_RULE_CATEGORY]: 'My test rule',
                 [ALERT_RULE_CONSUMER]: 'bar',
                 [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
@@ -964,6 +973,7 @@ describe('Alerts Client', () => {
                 [ALERT_FLAPPING]: false,
                 [ALERT_FLAPPING_HISTORY]: [true, false, false, false],
                 [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+                [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
                 [ALERT_RULE_CATEGORY]: 'My test rule',
                 [ALERT_RULE_CONSUMER]: 'bar',
                 [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
@@ -1013,6 +1023,7 @@ describe('Alerts Client', () => {
                 [ALERT_FLAPPING]: false,
                 [ALERT_FLAPPING_HISTORY]: [true, true],
                 [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+                [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
                 [ALERT_RULE_CATEGORY]: 'My test rule',
                 [ALERT_RULE_CONSUMER]: 'bar',
                 [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
@@ -1023,6 +1034,7 @@ describe('Alerts Client', () => {
                 [ALERT_RULE_TYPE_ID]: 'test.rule-type',
                 [ALERT_RULE_TAGS]: ['rule-', '-tags'],
                 [ALERT_RULE_UUID]: '1',
+                [ALERT_SEVERITY_IMPROVING]: true,
                 [ALERT_START]: '2023-03-28T12:27:28.159Z',
                 [ALERT_END]: date,
                 [ALERT_STATUS]: 'recovered',
diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts
index 6267d0785f381..66cc1a3077481 100644
--- a/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts
@@ -58,6 +58,7 @@ import {
   getLifecycleAlertsQueries,
   getMaintenanceWindowAlertsQuery,
   getContinualAlertsQuery,
+  isAlertImproving,
 } from './lib';
 import { isValidAlertIndexName } from '../alerts_service';
 import { resolveAlertConflicts } from './lib/alert_conflict_resolver';
@@ -431,6 +432,13 @@ export class AlertsClient<
           this.fetchedAlerts.data.hasOwnProperty(id) &&
           get(this.fetchedAlerts.data[id], ALERT_STATUS) === 'active'
         ) {
+          const isImproving = isAlertImproving<
+            AlertData,
+            LegacyState,
+            LegacyContext,
+            ActionGroupIds,
+            RecoveryActionGroupId
+          >(this.fetchedAlerts.data[id], activeAlerts[id], this.ruleType.actionGroups);
           activeAlertsToIndex.push(
             buildOngoingAlert<
               AlertData,
@@ -442,6 +450,7 @@ export class AlertsClient<
               alert: this.fetchedAlerts.data[id],
               legacyAlert: activeAlerts[id],
               rule: this.rule,
+              isImproving,
               runTimestamp: this.runTimestampString,
               timestamp: currentTime,
               payload: this.reportedAlerts[id],
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts
index 280c49df36ed0..8c814c528c384 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts
@@ -27,6 +27,7 @@ import {
   ALERT_TIME_RANGE,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import { alertRule } from './test_fixtures';
 
@@ -54,6 +55,7 @@ describe('buildNewAlert', () => {
       [ALERT_INSTANCE_ID]: 'alert-A',
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-28T12:27:28.159Z',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
       [ALERT_WORKFLOW_STATUS]: 'open',
@@ -86,6 +88,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
@@ -123,6 +126,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [true, false, false, false, true, true],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
@@ -165,6 +169,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
@@ -197,6 +202,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_RULE_EXECUTION_TIMESTAMP]: '2030-12-15T02:44:13.124Z',
       [ALERT_STATUS]: 'active',
@@ -245,6 +251,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
@@ -297,6 +304,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
@@ -351,6 +359,7 @@ describe('buildNewAlert', () => {
       [ALERT_FLAPPING]: false,
       [ALERT_FLAPPING_HISTORY]: [],
       [ALERT_INSTANCE_ID]: 'alert-A',
+      [ALERT_SEVERITY_IMPROVING]: false,
       [ALERT_MAINTENANCE_WINDOW_IDS]: [],
       [ALERT_STATUS]: 'active',
       [ALERT_UUID]: legacyAlert.getUuid(),
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts
index cc77099a11623..223c5a7912814 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts
@@ -28,6 +28,7 @@ import {
   TIMESTAMP,
   VERSION,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import { DeepPartial } from '@kbn/utility-types';
 import { Alert as LegacyAlert } from '../../alert/alert';
@@ -94,6 +95,7 @@ export const buildNewAlert = <
         [ALERT_CONSECUTIVE_MATCHES]: legacyAlert.getActiveCount(),
         [ALERT_STATUS]: 'active',
         [ALERT_UUID]: legacyAlert.getUuid(),
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_WORKFLOW_STATUS]: get(cleanedPayload, ALERT_WORKFLOW_STATUS, 'open'),
         ...(legacyAlert.getState().duration
           ? { [ALERT_DURATION]: nanosToMicros(legacyAlert.getState().duration) }
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts
index 136a2b62962be..9f3909369a41b 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts
@@ -28,6 +28,8 @@ import {
   ALERT_TIME_RANGE,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_SEVERITY_IMPROVING,
+  ALERT_PREVIOUS_ACTION_GROUP,
 } from '@kbn/rule-data-utils';
 import { alertRule, existingFlattenedNewAlert, existingExpandedNewAlert } from './test_fixtures';
 
@@ -49,6 +51,7 @@ for (const flattened of [true, false]) {
           alert: existingAlert,
           legacyAlert,
           rule: alertRule,
+          isImproving: true,
           timestamp: '2023-03-29T12:27:28.159Z',
           kibanaVersion: '8.9.0',
         })
@@ -61,7 +64,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_DURATION]: 36000,
         [ALERT_STATUS]: 'active',
         [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' },
@@ -110,6 +115,7 @@ for (const flattened of [true, false]) {
           alert: existingAlert,
           legacyAlert,
           rule: updatedRule,
+          isImproving: false,
           timestamp: '2023-03-29T12:27:28.159Z',
           kibanaVersion: '8.9.0',
         })
@@ -122,7 +128,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -188,6 +196,7 @@ for (const flattened of [true, false]) {
           alert,
           legacyAlert,
           rule: alertRule,
+          isImproving: null,
           timestamp: '2023-03-29T12:27:28.159Z',
           kibanaVersion: '8.9.0',
         })
@@ -201,6 +210,7 @@ for (const flattened of [true, false]) {
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [false, false, true, true],
         [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-xyz'],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -230,6 +240,83 @@ for (const flattened of [true, false]) {
       });
     });
 
+    test('should return alert document with updated isImproving', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, 'error' | 'warning'>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert
+        .scheduleActions('error')
+        .replaceState({ start: '2023-03-28T12:27:28.159Z', duration: '36000000' });
+
+      const alert = flattened
+        ? {
+            ...existingAlert,
+            [ALERT_SEVERITY_IMPROVING]: true,
+          }
+        : {
+            ...existingAlert,
+            kibana: {
+              // @ts-expect-error
+              ...existingAlert.kibana,
+              alert: {
+                // @ts-expect-error
+                ...existingAlert.kibana.alert,
+                severity_improving: true,
+              },
+            },
+          };
+
+      expect(
+        buildOngoingAlert<{}, {}, {}, 'error' | 'warning', 'recovered'>({
+          // @ts-expect-error
+          alert,
+          legacyAlert,
+          rule: alertRule,
+          isImproving: null,
+          timestamp: '2023-03-29T12:27:28.159Z',
+          kibanaVersion: '8.9.0',
+        })
+      ).toEqual({
+        ...alertRule,
+        [TIMESTAMP]: '2023-03-29T12:27:28.159Z',
+        [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
+        [EVENT_ACTION]: 'active',
+        [ALERT_ACTION_GROUP]: 'error',
+        [ALERT_CONSECUTIVE_MATCHES]: 0,
+        [ALERT_FLAPPING]: false,
+        [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
+        [ALERT_STATUS]: 'active',
+        [ALERT_WORKFLOW_STATUS]: 'open',
+        [ALERT_SEVERITY_IMPROVING]: undefined,
+        [ALERT_DURATION]: 36000,
+        [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' },
+        [SPACE_IDS]: ['default'],
+        [VERSION]: '8.9.0',
+        [TAGS]: ['rule-', '-tags'],
+        ...(flattened
+          ? {
+              [EVENT_KIND]: 'signal',
+              [ALERT_INSTANCE_ID]: 'alert-A',
+              [ALERT_START]: '2023-03-28T12:27:28.159Z',
+              [ALERT_UUID]: 'abcdefg',
+            }
+          : {
+              event: {
+                kind: 'signal',
+              },
+              kibana: {
+                alert: {
+                  instance: { id: 'alert-A' },
+                  start: '2023-03-28T12:27:28.159Z',
+                  uuid: 'abcdefg',
+                },
+              },
+            }),
+      });
+    });
+
     test('should return alert document with updated payload if specified', () => {
       const legacyAlert = new LegacyAlert<{}, {}, 'error' | 'warning'>('alert-A', {
         meta: { uuid: 'abcdefg' },
@@ -272,6 +359,7 @@ for (const flattened of [true, false]) {
           legacyAlert,
           rule: alertRule,
           timestamp: '2023-03-29T12:27:28.159Z',
+          isImproving: true,
           payload: {
             count: 2,
             url: `https://url2`,
@@ -291,7 +379,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -335,6 +425,7 @@ for (const flattened of [true, false]) {
           alert: existingAlert,
           legacyAlert,
           rule: alertRule,
+          isImproving: false,
           runTimestamp: '2030-12-15T02:44:13.124Z',
           timestamp: '2023-03-29T12:27:28.159Z',
           kibanaVersion: '8.9.0',
@@ -348,7 +439,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_DURATION]: 36000,
         [ALERT_STATUS]: 'active',
         [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' },
@@ -425,6 +518,7 @@ for (const flattened of [true, false]) {
           alert,
           legacyAlert,
           rule: alertRule,
+          isImproving: null,
           timestamp: '2023-03-29T12:27:28.159Z',
           payload: {
             count: 2,
@@ -447,6 +541,7 @@ for (const flattened of [true, false]) {
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -526,6 +621,7 @@ for (const flattened of [true, false]) {
           alert,
           legacyAlert,
           rule: alertRule,
+          isImproving: true,
           timestamp: '2023-03-29T12:27:28.159Z',
           payload: {
             count: 2,
@@ -548,7 +644,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -615,6 +713,7 @@ for (const flattened of [true, false]) {
             alert,
             legacyAlert,
             rule: alertRule,
+            isImproving: false,
             timestamp: '2023-03-29T12:27:28.159Z',
             kibanaVersion: '8.9.0',
           }
@@ -630,7 +729,9 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_DURATION]: 36000,
@@ -711,6 +812,7 @@ for (const flattened of [true, false]) {
           rule: alertRule,
           timestamp: '2023-03-29T12:27:28.159Z',
           kibanaVersion: '8.9.0',
+          isImproving: null,
           payload: {
             count: 2,
             url: `https://url2`,
@@ -731,6 +833,7 @@ for (const flattened of [true, false]) {
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'error',
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'custom_status',
         [ALERT_DURATION]: 36000,
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts
index 6c62005873221..74672cbe0a2cd 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts
@@ -13,7 +13,9 @@ import {
   ALERT_DURATION,
   ALERT_FLAPPING,
   ALERT_FLAPPING_HISTORY,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_MAINTENANCE_WINDOW_IDS,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_RULE_EXECUTION_TIMESTAMP,
   ALERT_RULE_TAGS,
   ALERT_TIME_RANGE,
@@ -24,6 +26,7 @@ import {
   VERSION,
 } from '@kbn/rule-data-utils';
 import { DeepPartial } from '@kbn/utility-types';
+import { get, omit } from 'lodash';
 import { Alert as LegacyAlert } from '../../alert/alert';
 import { AlertInstanceContext, AlertInstanceState, RuleAlertData } from '../../types';
 import type { AlertRule } from '../types';
@@ -41,6 +44,7 @@ interface BuildOngoingAlertOpts<
   alert: Alert & AlertData;
   legacyAlert: LegacyAlert<LegacyState, LegacyContext, ActionGroupIds | RecoveryActionGroupId>;
   rule: AlertRule;
+  isImproving: boolean | null;
   payload?: DeepPartial<AlertData>;
   runTimestamp?: string;
   timestamp: string;
@@ -62,6 +66,7 @@ export const buildOngoingAlert = <
   alert,
   legacyAlert,
   payload,
+  isImproving,
   rule,
   runTimestamp,
   timestamp,
@@ -78,6 +83,9 @@ export const buildOngoingAlert = <
   // Make sure that any alert fields that are updateable are flattened.
   const refreshableAlertFields = replaceRefreshableAlertFields(alert);
 
+  // Omit fields that are overwrite-able with undefined value
+  const cleanedAlert = omit(alert, ALERT_SEVERITY_IMPROVING);
+
   const alertUpdates = {
     // Set latest rule configuration
     ...rule,
@@ -110,6 +118,8 @@ export const buildOngoingAlert = <
     ...(legacyAlert.getState().duration
       ? { [ALERT_DURATION]: nanosToMicros(legacyAlert.getState().duration) }
       : {}),
+    ...(isImproving != null ? { [ALERT_SEVERITY_IMPROVING]: isImproving } : {}),
+    [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP),
     [SPACE_IDS]: rule[SPACE_IDS],
     [VERSION]: kibanaVersion,
     [TAGS]: Array.from(
@@ -136,12 +146,12 @@ export const buildOngoingAlert = <
   //   'kibana.alert.field1': 'value2'
   // }
   // the expanded field from the existing alert is removed
-  const cleanedAlert = removeUnflattenedFieldsFromAlert(alert, {
+  const expandedAlert = removeUnflattenedFieldsFromAlert(cleanedAlert, {
     ...cleanedPayload,
     ...alertUpdates,
     ...refreshableAlertFields,
   });
-  return deepmerge.all([cleanedAlert, refreshableAlertFields, cleanedPayload, alertUpdates], {
+  return deepmerge.all([expandedAlert, refreshableAlertFields, cleanedPayload, alertUpdates], {
     arrayMerge: (_, sourceArray) => sourceArray,
   }) as Alert & AlertData;
 };
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts
index ebaa829c0988b..c63543b99232d 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts
@@ -29,6 +29,8 @@ import {
   ALERT_END,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_PREVIOUS_ACTION_GROUP,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import {
   alertRule,
@@ -69,6 +71,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -135,6 +139,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -231,6 +237,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -291,6 +299,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -395,6 +405,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -497,6 +509,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'open',
@@ -598,6 +612,8 @@ for (const flattened of [true, false]) {
         [ALERT_CONSECUTIVE_MATCHES]: 0,
         [ALERT_FLAPPING]: false,
         [ALERT_FLAPPING_HISTORY]: [],
+        [ALERT_SEVERITY_IMPROVING]: true,
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'default',
         [ALERT_MAINTENANCE_WINDOW_IDS]: [],
         [ALERT_STATUS]: 'recovered',
         [ALERT_WORKFLOW_STATUS]: 'custom_status',
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts
index 0f874d857736e..bfcea9e29edf6 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts
@@ -24,8 +24,11 @@ import {
   ALERT_START,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_PREVIOUS_ACTION_GROUP,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import { DeepPartial } from '@kbn/utility-types';
+import { get } from 'lodash';
 import { Alert as LegacyAlert } from '../../alert/alert';
 import { AlertInstanceContext, AlertInstanceState, RuleAlertData } from '../../types';
 import type { AlertRule } from '../types';
@@ -95,6 +98,9 @@ export const buildRecoveredAlert = <
     [ALERT_FLAPPING]: legacyAlert.getFlapping(),
     // Set latest flapping_history
     [ALERT_FLAPPING_HISTORY]: legacyAlert.getFlappingHistory(),
+    // Alert is recovering from active state so by default it is improving
+    [ALERT_SEVERITY_IMPROVING]: true,
+    [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP),
     // Set latest maintenance window IDs
     [ALERT_MAINTENANCE_WINDOW_IDS]: legacyAlert.getMaintenanceWindowIds(),
     // Set latest match count, should be 0
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts
index b953814d4151e..69e196563a0e4 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts
@@ -27,6 +27,7 @@ import {
   ALERT_END,
   ALERT_RULE_EXECUTION_TIMESTAMP,
   ALERT_CONSECUTIVE_MATCHES,
+  ALERT_PREVIOUS_ACTION_GROUP,
 } from '@kbn/rule-data-utils';
 import {
   alertRule,
@@ -70,6 +71,7 @@ describe('buildUpdatedRecoveredAlert', () => {
       [ALERT_TIME_RANGE]: { gte: '2023-03-27T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
       [ALERT_FLAPPING]: true,
       [ALERT_FLAPPING_HISTORY]: [false, false, true, true],
+      [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered',
       [ALERT_INSTANCE_ID]: 'alert-A',
       [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'],
       [ALERT_STATUS]: 'recovered',
@@ -119,6 +121,7 @@ describe('buildUpdatedRecoveredAlert', () => {
       [ALERT_TIME_RANGE]: { gte: '2023-03-27T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
       [ALERT_FLAPPING]: true,
       [ALERT_FLAPPING_HISTORY]: [false, false, true, true],
+      [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered',
       [ALERT_INSTANCE_ID]: 'alert-A',
       [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'],
       [ALERT_STATUS]: 'recovered',
@@ -186,6 +189,7 @@ describe('buildUpdatedRecoveredAlert', () => {
       [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
       [ALERT_FLAPPING]: true,
       [ALERT_FLAPPING_HISTORY]: [false, false, true, true],
+      [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered',
       [ALERT_STATUS]: 'recovered',
       [ALERT_WORKFLOW_STATUS]: 'open',
       [SPACE_IDS]: ['default'],
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts
index d393f5f513f6e..06972c81e496d 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts
@@ -8,14 +8,17 @@
 import deepmerge from 'deepmerge';
 import type { Alert } from '@kbn/alerts-as-data-utils';
 import {
+  ALERT_ACTION_GROUP,
   ALERT_FLAPPING,
   ALERT_FLAPPING_HISTORY,
+  ALERT_SEVERITY_IMPROVING,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_RULE_EXECUTION_TIMESTAMP,
   ALERT_RULE_EXECUTION_UUID,
   TIMESTAMP,
 } from '@kbn/rule-data-utils';
 import { RawAlertInstance } from '@kbn/alerting-state-types';
-import { get } from 'lodash';
+import { get, omit } from 'lodash';
 import { RuleAlertData } from '../../types';
 import { AlertRule } from '../types';
 import { removeUnflattenedFieldsFromAlert, replaceRefreshableAlertFields } from './format_alert';
@@ -43,6 +46,9 @@ export const buildUpdatedRecoveredAlert = <AlertData extends RuleAlertData>({
   // Make sure that any alert fields that are updatable are flattened.
   const refreshableAlertFields = replaceRefreshableAlertFields(alert);
 
+  // Omit fields that are overwrite-able with undefined value
+  const cleanedAlert = omit(alert, ALERT_SEVERITY_IMPROVING);
+
   const alertUpdates = {
     // Set latest rule configuration
     ...rule,
@@ -57,6 +63,7 @@ export const buildUpdatedRecoveredAlert = <AlertData extends RuleAlertData>({
     // not get returned for summary alerts. In the future, we may want to restore this and add another field to the
     // alert doc indicating that this is an ongoing recovered alert that can be used for querying.
     [ALERT_RULE_EXECUTION_UUID]: get(alert, ALERT_RULE_EXECUTION_UUID),
+    [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP),
   };
 
   // Clean the existing alert document so any nested fields that will be updated
@@ -74,12 +81,12 @@ export const buildUpdatedRecoveredAlert = <AlertData extends RuleAlertData>({
   //   'kibana.alert.field1': 'value2'
   // }
   // the expanded field from the existing alert is removed
-  const cleanedAlert = removeUnflattenedFieldsFromAlert(alert, {
+  const expandedAlert = removeUnflattenedFieldsFromAlert(cleanedAlert, {
     ...alertUpdates,
     ...refreshableAlertFields,
   });
 
-  return deepmerge.all([cleanedAlert, refreshableAlertFields, alertUpdates], {
+  return deepmerge.all([expandedAlert, refreshableAlertFields, alertUpdates], {
     arrayMerge: (_, sourceArray) => sourceArray,
   }) as Alert & AlertData;
 };
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts b/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts
index 2ae2962718748..e9e706331f360 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts
@@ -417,7 +417,7 @@ const getHitsWithCount = <AlertData extends RuleAlertData>(
 
       const expandedSource = expandFlattenedAlert(formattedSource as object) as Alert & AlertData;
       return {
-        _id,
+        _id: _id!,
         _index,
         ...expandedSource,
       };
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/index.ts b/x-pack/plugins/alerting/server/alerts_client/lib/index.ts
index edd9660bba4c7..ba69d921b6570 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/index.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/index.ts
@@ -20,3 +20,4 @@ export {
 export { expandFlattenedAlert } from './format_alert';
 export { sanitizeBulkErrorResponse } from './sanitize_bulk_response';
 export { initializeAlertsClient } from './initialize_alerts_client';
+export { isAlertImproving } from './is_alert_improving';
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts
new file mode 100644
index 0000000000000..e2b4136dac163
--- /dev/null
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts
@@ -0,0 +1,146 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { cloneDeep } from 'lodash';
+import { set } from '@kbn/safer-lodash-set';
+import { ALERT_ACTION_GROUP } from '@kbn/rule-data-utils';
+import { Alert as LegacyAlert } from '../../alert';
+import { isAlertImproving } from './is_alert_improving';
+import { existingExpandedNewAlert, existingFlattenedNewAlert } from './test_fixtures';
+import { ActionGroup } from '../../types';
+
+const actionGroupsWithSeverity: Array<ActionGroup<string>> = [
+  { id: 'info', name: 'Info', severity: { level: 0 } },
+  { id: 'warning', name: 'Warning', severity: { level: 1 } },
+  { id: 'error', name: 'Error', severity: { level: 2 } },
+  { id: 'critical', name: 'Critical Error', severity: { level: 3 } },
+];
+
+const actionGroupsWithoutSeverity: Array<ActionGroup<string>> = [
+  { id: 'info', name: 'Info' },
+  { id: 'warning', name: 'Warning' },
+  { id: 'error', name: 'Error' },
+  { id: 'critical', name: 'Critical Error' },
+];
+
+type TestActionGroupIds = 'info' | 'error' | 'warning' | 'critical';
+
+for (const flattened of [true, false]) {
+  // existing alert action group = 'error'
+  const existingAlert = flattened ? existingFlattenedNewAlert : existingExpandedNewAlert;
+
+  describe(`isAlertImproving for ${flattened ? 'flattened' : 'expanded'} existing alert`, () => {
+    test('should return null if no scheduled action group', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(null);
+    });
+
+    test('should return false if no previous action group', () => {
+      // existing alert action group = 'error'
+      const copyAlert = cloneDeep(existingAlert);
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('warning');
+
+      set(copyAlert, ALERT_ACTION_GROUP, undefined);
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          copyAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(null);
+    });
+
+    test('should return false if no severity defined for action groups', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('warning');
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithoutSeverity
+        )
+      ).toEqual(null);
+    });
+
+    test('should return null if severity stays the same', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('error');
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(null);
+    });
+
+    test('should return false if severity degrades', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('critical');
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(false);
+    });
+
+    test('should return true if severity improves', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('warning');
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(true);
+    });
+
+    test('should return true if severity improves multiple levels', () => {
+      const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', {
+        meta: { uuid: 'abcdefg' },
+      });
+      legacyAlert.scheduleActions('info');
+      expect(
+        isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>(
+          // @ts-expect-error
+          existingAlert,
+          legacyAlert,
+          actionGroupsWithSeverity
+        )
+      ).toEqual(true);
+    });
+  });
+}
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts
new file mode 100644
index 0000000000000..cf8b3205606ee
--- /dev/null
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { get } from 'lodash';
+import type { Alert } from '@kbn/alerts-as-data-utils';
+import { ALERT_ACTION_GROUP } from '@kbn/rule-data-utils';
+import { Alert as LegacyAlert } from '../../alert';
+import { ActionGroup, AlertInstanceState, AlertInstanceContext, RuleAlertData } from '../../types';
+
+export const isAlertImproving = <
+  AlertData extends RuleAlertData,
+  LegacyState extends AlertInstanceState,
+  LegacyContext extends AlertInstanceContext,
+  ActionGroupIds extends string,
+  RecoveryActionGroupId extends string
+>(
+  alert: Alert & AlertData,
+  legacyAlert: LegacyAlert<LegacyState, LegacyContext, ActionGroupIds | RecoveryActionGroupId>,
+  actionGroups: Array<ActionGroup<string>>
+): boolean | null => {
+  const currentActionGroup = legacyAlert.getScheduledActionOptions()?.actionGroup;
+  const previousActionGroup = get(alert, ALERT_ACTION_GROUP);
+
+  if (!currentActionGroup || !previousActionGroup) {
+    return null;
+  }
+
+  // Get action group definitions
+  const currentActionGroupDef = actionGroups.find((ag) => ag.id === currentActionGroup);
+  const previousActionGroupDef = actionGroups.find((ag) => ag.id === previousActionGroup);
+  if (
+    currentActionGroupDef &&
+    previousActionGroupDef &&
+    currentActionGroupDef.severity &&
+    previousActionGroupDef.severity
+  ) {
+    const toRet =
+      currentActionGroupDef.severity.level === previousActionGroupDef.severity.level
+        ? null
+        : currentActionGroupDef.severity.level < previousActionGroupDef.severity.level;
+    return toRet;
+  }
+
+  return null;
+};
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts b/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts
index 096d8ab6a39a7..a0ce91d145911 100644
--- a/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts
+++ b/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts
@@ -35,6 +35,7 @@ import {
   ALERT_START,
   ALERT_TIME_RANGE,
   ALERT_END,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import { AlertRule } from '../types';
 import { expandFlattenedAlert } from './format_alert';
@@ -115,6 +116,7 @@ export const existingFlattenedRecoveredAlert = {
   [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'],
   [ALERT_CONSECUTIVE_MATCHES]: 0,
   [ALERT_STATUS]: 'recovered',
+  [ALERT_SEVERITY_IMPROVING]: false,
 };
 
 export const existingExpandedNewAlert = expandFlattenedAlert(existingFlattenedNewAlert);
diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts
index 8ffb73508e1d9..f8e2f8c089529 100644
--- a/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts
@@ -645,6 +645,7 @@ describe('createConcreteWriteIndex', () => {
       it(`should log and return when simulating updated mappings returns null`, async () => {
         clusterClient.indices.getAlias.mockImplementation(async () => GetAliasResponse);
         clusterClient.indices.getDataStream.mockImplementation(async () => GetDataStreamResponse);
+        // @ts-expect-error type mismatch: mappings cannot be null
         clusterClient.indices.simulateIndexTemplate.mockImplementationOnce(async () => ({
           ...SimulateTemplateResponse,
           template: { ...SimulateTemplateResponse.template, mappings: null },
diff --git a/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts b/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts
index 023ab90c0ee75..fde306e44bc42 100644
--- a/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts
+++ b/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts
@@ -10,8 +10,12 @@ import { backfillSchema } from '../../../result/schemas';
 
 export const scheduleBackfillErrorSchema = schema.object({
   error: schema.object({
-    error: schema.string(),
     message: schema.string(),
+    status: schema.maybe(schema.number()),
+    rule: schema.object({
+      id: schema.string(),
+      name: schema.maybe(schema.string()),
+    }),
   }),
 });
 
diff --git a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts
index 35c2568a8074a..995240cbbd023 100644
--- a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts
+++ b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts
@@ -136,7 +136,7 @@ describe('transformAdHocRunToBackfillResult', () => {
     });
   });
 
-  test('should return error for malformed responses', () => {
+  test('should return error for malformed responses when original create request is not provided', () => {
     expect(
       transformAdHocRunToBackfillResult(
         // missing id
@@ -155,8 +155,8 @@ describe('transformAdHocRunToBackfillResult', () => {
       )
     ).toEqual({
       error: {
-        error: 'Internal Server Error',
         message: 'Malformed saved object in bulkCreate response - Missing "id".',
+        rule: { id: '1', name: 'my rule name' },
       },
     });
     expect(
@@ -177,8 +177,8 @@ describe('transformAdHocRunToBackfillResult', () => {
       )
     ).toEqual({
       error: {
-        error: 'Internal Server Error',
         message: 'Malformed saved object in bulkCreate response - Missing "attributes".',
+        rule: { id: '1' },
       },
     });
     expect(
@@ -199,8 +199,8 @@ describe('transformAdHocRunToBackfillResult', () => {
       )
     ).toEqual({
       error: {
-        error: 'Internal Server Error',
         message: 'Malformed saved object in bulkCreate response - Missing "references".',
+        rule: { id: 'unknown', name: 'my rule name' },
       },
     });
     expect(
@@ -221,13 +221,125 @@ describe('transformAdHocRunToBackfillResult', () => {
       )
     ).toEqual({
       error: {
-        error: 'Internal Server Error',
         message: 'Malformed saved object in bulkCreate response - Missing "references".',
+        rule: { id: 'unknown', name: 'my rule name' },
       },
     });
   });
 
-  test('should pass through error if saved object error', () => {
+  test('should return error for malformed responses when original create request is provided', () => {
+    const attributes = getMockAdHocRunAttributes();
+    expect(
+      transformAdHocRunToBackfillResult(
+        // missing id
+        // @ts-expect-error
+        {
+          type: 'ad_hoc_rule_run_params',
+          namespaces: ['default'],
+          attributes,
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+          managed: false,
+          coreMigrationVersion: '8.8.0',
+          updated_at: '2024-02-07T16:05:39.296Z',
+          created_at: '2024-02-07T16:05:39.296Z',
+          version: 'WzcsMV0=',
+        },
+        {
+          type: 'ad_hoc_rule_run_params',
+          attributes,
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+        }
+      )
+    ).toEqual({
+      error: {
+        message: 'Malformed saved object in bulkCreate response - Missing "id".',
+        rule: { id: '1', name: 'my rule name' },
+      },
+    });
+    expect(
+      transformAdHocRunToBackfillResult(
+        // missing attributes
+        // @ts-expect-error
+        {
+          type: 'ad_hoc_rule_run_params',
+          id: 'abc',
+          namespaces: ['default'],
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+          managed: false,
+          coreMigrationVersion: '8.8.0',
+          updated_at: '2024-02-07T16:05:39.296Z',
+          created_at: '2024-02-07T16:05:39.296Z',
+          version: 'WzcsMV0=',
+        },
+        {
+          type: 'ad_hoc_rule_run_params',
+          attributes,
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+        }
+      )
+    ).toEqual({
+      error: {
+        message: 'Malformed saved object in bulkCreate response - Missing "attributes".',
+        rule: { id: '1', name: 'my rule name' },
+      },
+    });
+    expect(
+      transformAdHocRunToBackfillResult(
+        // missing references
+        // @ts-expect-error
+        {
+          type: 'ad_hoc_rule_run_params',
+          id: 'def',
+          namespaces: ['default'],
+          attributes,
+          managed: false,
+          coreMigrationVersion: '8.8.0',
+          updated_at: '2024-02-07T16:05:39.296Z',
+          created_at: '2024-02-07T16:05:39.296Z',
+          version: 'WzcsMV0=',
+        },
+        {
+          type: 'ad_hoc_rule_run_params',
+          attributes,
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+        }
+      )
+    ).toEqual({
+      error: {
+        message: 'Malformed saved object in bulkCreate response - Missing "references".',
+        rule: { id: '1', name: 'my rule name' },
+      },
+    });
+    expect(
+      transformAdHocRunToBackfillResult(
+        // empty references
+        {
+          type: 'ad_hoc_rule_run_params',
+          id: 'ghi',
+          namespaces: ['default'],
+          attributes,
+          references: [],
+          managed: false,
+          coreMigrationVersion: '8.8.0',
+          updated_at: '2024-02-07T16:05:39.296Z',
+          created_at: '2024-02-07T16:05:39.296Z',
+          version: 'WzcsMV0=',
+        },
+        {
+          type: 'ad_hoc_rule_run_params',
+          attributes,
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+        }
+      )
+    ).toEqual({
+      error: {
+        message: 'Malformed saved object in bulkCreate response - Missing "references".',
+        rule: { id: '1', name: 'my rule name' },
+      },
+    });
+  });
+
+  test('should pass through error if saved object error when original create request is not provided', () => {
     expect(
       transformAdHocRunToBackfillResult(
         // @ts-expect-error
@@ -243,8 +355,35 @@ describe('transformAdHocRunToBackfillResult', () => {
       )
     ).toEqual({
       error: {
-        error: 'my error',
         message: 'Unable to create',
+        rule: { id: 'unknown' },
+      },
+    });
+  });
+
+  test('should pass through error if saved object error when original create request is provided', () => {
+    expect(
+      transformAdHocRunToBackfillResult(
+        // @ts-expect-error
+        {
+          type: 'ad_hoc_rule_run_params',
+          id: '788a2784-c021-484f-a53e-0c1c63c7567c',
+          error: {
+            error: 'my error',
+            message: 'Unable to create',
+            statusCode: 404,
+          },
+        },
+        {
+          type: 'ad_hoc_rule_run_params',
+          attributes: getMockAdHocRunAttributes(),
+          references: [{ id: '1', name: 'rule', type: 'alert' }],
+        }
+      )
+    ).toEqual({
+      error: {
+        message: 'Unable to create',
+        rule: { id: '1', name: 'my rule name' },
       },
     });
   });
diff --git a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts
index 219587bd0f1dd..13257742b7005 100644
--- a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts
+++ b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts
@@ -5,39 +5,43 @@
  * 2.0.
  */
 
-import { SavedObject } from '@kbn/core/server';
+import { SavedObject, SavedObjectsBulkCreateObject } from '@kbn/core/server';
 import { AdHocRunSO } from '../../../data/ad_hoc_run/types';
 import { createBackfillError } from '../../../backfill_client/lib';
 import { ScheduleBackfillResult } from '../methods/schedule/types';
 
-export const transformAdHocRunToBackfillResult = ({
-  id,
-  attributes,
-  references,
-  error,
-}: SavedObject<AdHocRunSO>): ScheduleBackfillResult => {
+export const transformAdHocRunToBackfillResult = (
+  { id, attributes, references, error }: SavedObject<AdHocRunSO>,
+  originalSO?: SavedObjectsBulkCreateObject<AdHocRunSO>
+): ScheduleBackfillResult => {
+  const ruleId = references?.[0]?.id ?? originalSO?.references?.[0]?.id ?? 'unknown';
+  const ruleName = attributes?.rule?.name ?? originalSO?.attributes?.rule.name;
   if (error) {
-    return createBackfillError(error.error, error.message);
+    // get rule info from original SO if available since SO create errors don't return this
+    return createBackfillError(error.message, ruleId, ruleName);
   }
 
   if (!id) {
     return createBackfillError(
-      'Internal Server Error',
-      'Malformed saved object in bulkCreate response - Missing "id".'
+      'Malformed saved object in bulkCreate response - Missing "id".',
+      ruleId,
+      ruleName
     );
   }
 
   if (!attributes) {
     return createBackfillError(
-      'Internal Server Error',
-      'Malformed saved object in bulkCreate response - Missing "attributes".'
+      'Malformed saved object in bulkCreate response - Missing "attributes".',
+      ruleId,
+      ruleName
     );
   }
 
   if (!references || !references.length) {
     return createBackfillError(
-      'Internal Server Error',
-      'Malformed saved object in bulkCreate response - Missing "references".'
+      'Malformed saved object in bulkCreate response - Missing "references".',
+      ruleId,
+      ruleName
     );
   }
 
diff --git a/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts b/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts
index 02505a5af84bb..771f5a4db34b9 100644
--- a/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts
+++ b/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts
@@ -279,7 +279,7 @@ describe('BackfillClient', () => {
         unsecuredSavedObjectsClient,
       });
 
-      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([
+      const bulkCreateParams = [
         {
           type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
           attributes: mockAttributes1,
@@ -290,7 +290,9 @@ describe('BackfillClient', () => {
           attributes: mockAttributes2,
           references: [{ id: rule2.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }],
         },
-      ]);
+      ];
+
+      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams);
       expect(auditLogger.log).toHaveBeenCalledTimes(2);
       expect(auditLogger.log).toHaveBeenNthCalledWith(1, {
         event: {
@@ -328,7 +330,11 @@ describe('BackfillClient', () => {
           params: { adHocRunParamsId: 'def', spaceId: 'default' },
         },
       ]);
-      expect(result).toEqual(bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult));
+      expect(result).toEqual(
+        bulkCreateResult.saved_objects.map((so, index) =>
+          transformAdHocRunToBackfillResult(so, bulkCreateParams?.[index])
+        )
+      );
     });
 
     test('should successfully create multiple backfill saved objects for a single rule', async () => {
@@ -385,7 +391,7 @@ describe('BackfillClient', () => {
         unsecuredSavedObjectsClient,
       });
 
-      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([
+      const bulkCreateParams = [
         {
           type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
           attributes: mockAttributes1,
@@ -396,7 +402,9 @@ describe('BackfillClient', () => {
           attributes: mockAttributes2,
           references: [{ id: rule1.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }],
         },
-      ]);
+      ];
+
+      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams);
       expect(auditLogger.log).toHaveBeenCalledTimes(2);
       expect(auditLogger.log).toHaveBeenNthCalledWith(1, {
         event: {
@@ -432,7 +440,11 @@ describe('BackfillClient', () => {
           params: { adHocRunParamsId: 'def', spaceId: 'default' },
         },
       ]);
-      expect(result).toEqual(bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult));
+      expect(result).toEqual(
+        bulkCreateResult.saved_objects.map((so, index) =>
+          transformAdHocRunToBackfillResult(so, bulkCreateParams?.[index])
+        )
+      );
     });
 
     test('should log warning if no rule found for backfill job', async () => {
@@ -472,13 +484,14 @@ describe('BackfillClient', () => {
         unsecuredSavedObjectsClient,
       });
 
-      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([
+      const bulkCreateParams = [
         {
           type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
           attributes: mockAttributes1,
           references: [{ id: rule1.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }],
         },
-      ]);
+      ];
+      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams);
       expect(auditLogger.log).toHaveBeenCalledTimes(1);
       expect(auditLogger.log).toHaveBeenNthCalledWith(1, {
         event: {
@@ -502,11 +515,13 @@ describe('BackfillClient', () => {
         },
       ]);
       expect(result).toEqual([
-        ...bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult),
+        ...bulkCreateResult.saved_objects.map((so, index) =>
+          transformAdHocRunToBackfillResult(so, bulkCreateParams?.[0])
+        ),
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/2] not found',
+            rule: { id: '2' },
           },
         },
       ]);
@@ -546,7 +561,7 @@ describe('BackfillClient', () => {
         getMockData({ ruleId: '6' }), // this should return error due to disabled rule
         getMockData({ ruleId: '7' }), // this should return error due to null api key
       ];
-      const rule1 = getMockRule();
+      const rule1 = getMockRule({ id: '1' });
       const rule3 = getMockRule({ id: '3' });
       const rule4 = getMockRule({ id: '4' });
       const rule5 = getMockRule({ id: '5' });
@@ -666,8 +681,8 @@ describe('BackfillClient', () => {
       expect(result).toEqual([
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule type "myType" for rule 1 is not supported',
+            rule: { id: '1', name: 'my rule name' },
           },
         },
         {
@@ -676,8 +691,8 @@ describe('BackfillClient', () => {
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/2] not found',
+            rule: { id: '2' },
           },
         },
         {
@@ -690,8 +705,8 @@ describe('BackfillClient', () => {
         },
         {
           error: {
-            error: 'my error',
             message: 'Unable to create',
+            rule: { id: '4', name: 'my rule name' },
           },
         },
         {
@@ -700,14 +715,14 @@ describe('BackfillClient', () => {
         },
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule 6 is disabled',
+            rule: { id: '6', name: 'my rule name' },
           },
         },
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule 7 has no API key',
+            rule: { id: '7', name: 'my rule name' },
           },
         },
       ]);
@@ -738,38 +753,38 @@ describe('BackfillClient', () => {
       expect(result).toEqual([
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/1] not found',
+            rule: { id: '1' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/2] not found',
+            rule: { id: '2' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/3] not found',
+            rule: { id: '3' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/1] not found',
+            rule: { id: '1' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/4] not found',
+            rule: { id: '4' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/5] not found',
+            rule: { id: '5' },
           },
         },
       ]);
@@ -839,32 +854,32 @@ describe('BackfillClient', () => {
       expect(result).toEqual([
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule type "myType" for rule 1 is not supported',
+            rule: { id: '1', name: 'my rule name' },
           },
         },
         {
           error: {
-            error: 'Not Found',
             message: 'Saved object [alert/2] not found',
+            rule: { id: '2' },
           },
         },
         {
           error: {
-            error: 'my error',
             message: 'Unable to create',
+            rule: { id: '4', name: 'my rule name' },
           },
         },
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule 6 is disabled',
+            rule: { id: '6', name: 'my rule name' },
           },
         },
         {
           error: {
-            error: 'Bad Request',
             message: 'Rule 7 has no API key',
+            rule: { id: '7', name: 'my rule name' },
           },
         },
       ]);
diff --git a/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts b/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts
index 5e6de1941c324..48b5e49c428c0 100644
--- a/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts
+++ b/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts
@@ -159,7 +159,7 @@ export class BackfillClient {
     );
 
     const transformedResponse: ScheduleBackfillResults = bulkCreateResponse.saved_objects.map(
-      (so: SavedObject<AdHocRunSO>) => {
+      (so: SavedObject<AdHocRunSO>, index: number) => {
         if (so.error) {
           auditLogger?.log(
             adHocRunAuditEvent({
@@ -175,7 +175,7 @@ export class BackfillClient {
             })
           );
         }
-        return transformAdHocRunToBackfillResult(so);
+        return transformAdHocRunToBackfillResult(so, adHocSOsToCreate?.[index]);
       }
     );
 
@@ -315,16 +315,13 @@ function getRuleOrError(
       ruleId
     );
     return {
-      error: createBackfillError(
-        notFoundError.output.payload.error,
-        notFoundError.output.payload.message
-      ),
+      error: createBackfillError(notFoundError.output.payload.message, ruleId),
     };
   }
 
   // if rule exists, check that it is enabled
   if (!rule.enabled) {
-    return { error: createBackfillError('Bad Request', `Rule ${ruleId} is disabled`) };
+    return { error: createBackfillError(`Rule ${ruleId} is disabled`, ruleId, rule.name) };
   }
 
   // check that the rule type is supported
@@ -332,8 +329,9 @@ function getRuleOrError(
   if (isLifecycleRule) {
     return {
       error: createBackfillError(
-        'Bad Request',
-        `Rule type "${rule.alertTypeId}" for rule ${ruleId} is not supported`
+        `Rule type "${rule.alertTypeId}" for rule ${ruleId} is not supported`,
+        ruleId,
+        rule.name
       ),
     };
   }
@@ -341,7 +339,7 @@ function getRuleOrError(
   // check that the API key is not null
   if (!rule.apiKey) {
     return {
-      error: createBackfillError('Bad Request', `Rule ${ruleId} has no API key`),
+      error: createBackfillError(`Rule ${ruleId} has no API key`, ruleId, rule.name),
     };
   }
 
diff --git a/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts b/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts
index 050c19f29b1f4..917e9edd0e208 100644
--- a/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts
+++ b/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts
@@ -7,6 +7,10 @@
 
 import { ScheduleBackfillError } from '../../application/backfill/methods/schedule/types';
 
-export function createBackfillError(error: string, message: string): ScheduleBackfillError {
-  return { error: { error, message } };
+export function createBackfillError(
+  message: string,
+  ruleId: string,
+  ruleName?: string
+): ScheduleBackfillError {
+  return { error: { message, rule: { id: ruleId, ...(ruleName ? { name: ruleName } : {}) } } };
 }
diff --git a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap
index 6e741c8627070..6a274606f420b 100644
--- a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap
+++ b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap
@@ -979,6 +979,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -1225,6 +1230,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -2036,6 +2046,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -2282,6 +2297,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -3093,6 +3113,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -3339,6 +3364,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -4150,6 +4180,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -4396,6 +4431,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -5207,6 +5247,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -5453,6 +5498,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -6270,6 +6320,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -6516,6 +6571,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -7327,6 +7387,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -7573,6 +7638,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -8384,6 +8454,11 @@ Object {
       "required": true,
       "type": "date",
     },
+    "kibana.alert.previous_action_group": Object {
+      "array": false,
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.reason": Object {
       "array": false,
       "required": false,
@@ -8630,6 +8705,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "kibana.alert.severity_improving": Object {
+      "array": false,
+      "required": false,
+      "type": "boolean",
+    },
     "kibana.alert.start": Object {
       "array": false,
       "required": false,
@@ -9475,10 +9555,18 @@ Object {
       "required": false,
       "type": "date",
     },
+    "configId": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "error.message": Object {
       "required": false,
       "type": "text",
     },
+    "host.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.context": Object {
       "array": false,
       "required": false,
@@ -9515,6 +9603,14 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "location.id": Object {
+      "required": false,
+      "type": "keyword",
+    },
+    "location.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.id": Object {
       "required": false,
       "type": "keyword",
@@ -9523,6 +9619,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "monitor.tags": Object {
+      "array": true,
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.type": Object {
       "required": false,
       "type": "keyword",
@@ -9574,10 +9675,18 @@ Object {
       "required": false,
       "type": "date",
     },
+    "configId": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "error.message": Object {
       "required": false,
       "type": "text",
     },
+    "host.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.context": Object {
       "array": false,
       "required": false,
@@ -9614,6 +9723,14 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "location.id": Object {
+      "required": false,
+      "type": "keyword",
+    },
+    "location.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.id": Object {
       "required": false,
       "type": "keyword",
@@ -9622,6 +9739,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "monitor.tags": Object {
+      "array": true,
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.type": Object {
       "required": false,
       "type": "keyword",
@@ -9673,10 +9795,18 @@ Object {
       "required": false,
       "type": "date",
     },
+    "configId": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "error.message": Object {
       "required": false,
       "type": "text",
     },
+    "host.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.context": Object {
       "array": false,
       "required": false,
@@ -9713,6 +9843,14 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "location.id": Object {
+      "required": false,
+      "type": "keyword",
+    },
+    "location.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.id": Object {
       "required": false,
       "type": "keyword",
@@ -9721,6 +9859,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "monitor.tags": Object {
+      "array": true,
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.type": Object {
       "required": false,
       "type": "keyword",
@@ -9772,10 +9915,18 @@ Object {
       "required": false,
       "type": "date",
     },
+    "configId": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "error.message": Object {
       "required": false,
       "type": "text",
     },
+    "host.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.context": Object {
       "array": false,
       "required": false,
@@ -9812,6 +9963,14 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "location.id": Object {
+      "required": false,
+      "type": "keyword",
+    },
+    "location.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.id": Object {
       "required": false,
       "type": "keyword",
@@ -9820,6 +9979,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "monitor.tags": Object {
+      "array": true,
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.type": Object {
       "required": false,
       "type": "keyword",
@@ -9877,10 +10041,18 @@ Object {
       "required": false,
       "type": "date",
     },
+    "configId": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "error.message": Object {
       "required": false,
       "type": "text",
     },
+    "host.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "kibana.alert.context": Object {
       "array": false,
       "required": false,
@@ -9917,6 +10089,14 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "location.id": Object {
+      "required": false,
+      "type": "keyword",
+    },
+    "location.name": Object {
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.id": Object {
       "required": false,
       "type": "keyword",
@@ -9925,6 +10105,11 @@ Object {
       "required": false,
       "type": "keyword",
     },
+    "monitor.tags": Object {
+      "array": true,
+      "required": false,
+      "type": "keyword",
+    },
     "monitor.type": Object {
       "required": false,
       "type": "keyword",
diff --git a/x-pack/plugins/alerting/server/rule_type_registry.test.ts b/x-pack/plugins/alerting/server/rule_type_registry.test.ts
index 709533bb898f2..3ee3551a301d5 100644
--- a/x-pack/plugins/alerting/server/rule_type_registry.test.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry.test.ts
@@ -312,6 +312,59 @@ describe('Create Lifecycle', () => {
       );
     });
 
+    test('throws if RuleType action groups contain duplicate severity levels', () => {
+      const ruleType: RuleType<
+        never,
+        never,
+        never,
+        never,
+        never,
+        'high' | 'medium' | 'low' | 'nodata',
+        'recovered',
+        {}
+      > = {
+        id: 'test',
+        name: 'Test',
+        actionGroups: [
+          {
+            id: 'high',
+            name: 'Default',
+            severity: { level: 3 },
+          },
+          {
+            id: 'medium',
+            name: 'Default',
+            severity: { level: 0 },
+          },
+          {
+            id: 'low',
+            name: 'Default',
+            severity: { level: 0 },
+          },
+          {
+            id: 'nodata',
+            name: 'Default',
+          },
+        ],
+        defaultActionGroupId: 'medium',
+        minimumLicenseRequired: 'basic',
+        isExportable: true,
+        executor: jest.fn(),
+        category: 'test',
+        producer: 'alerts',
+        validate: {
+          params: { validate: (params) => params },
+        },
+      };
+      const registry = new RuleTypeRegistry(ruleTypeRegistryParams);
+
+      expect(() => registry.register(ruleType)).toThrowError(
+        new Error(
+          `Rule type [id="${ruleType.id}"] cannot be registered. Action group definitions cannot contain duplicate severity levels.`
+        )
+      );
+    });
+
     test('allows an RuleType to specify a custom recovery group', () => {
       const ruleType: RuleType<never, never, never, never, never, 'default', 'backToAwesome', {}> =
         {
@@ -380,6 +433,59 @@ describe('Create Lifecycle', () => {
       expect(registry.get('test').ruleTaskTimeout).toBe('13m');
     });
 
+    test('allows RuleType action groups to specify severity levels', () => {
+      const actionGroups: Array<ActionGroup<'high' | 'medium' | 'low' | 'nodata'>> = [
+        {
+          id: 'high',
+          name: 'Default',
+          severity: { level: 2 },
+        },
+        {
+          id: 'medium',
+          name: 'Default',
+          severity: { level: 1 },
+        },
+        {
+          id: 'low',
+          name: 'Default',
+          severity: { level: 0 },
+        },
+        {
+          id: 'nodata',
+          name: 'Default',
+        },
+      ];
+      const ruleType: RuleType<
+        never,
+        never,
+        never,
+        never,
+        never,
+        'high' | 'medium' | 'low' | 'nodata',
+        'recovered',
+        {}
+      > = {
+        id: 'test',
+        name: 'Test',
+        actionGroups,
+        defaultActionGroupId: 'medium',
+        minimumLicenseRequired: 'basic',
+        isExportable: true,
+        executor: jest.fn(),
+        category: 'test',
+        producer: 'alerts',
+        validate: {
+          params: { validate: (params) => params },
+        },
+      };
+      const registry = new RuleTypeRegistry(ruleTypeRegistryParams);
+      registry.register(ruleType);
+      expect(registry.get('test').actionGroups).toEqual([
+        ...actionGroups,
+        { id: 'recovered', name: 'Recovered' },
+      ]);
+    });
+
     test('throws if the custom recovery group is contained in the RuleType action groups', () => {
       const ruleType: RuleType<
         never,
diff --git a/x-pack/plugins/alerting/server/rule_type_registry.ts b/x-pack/plugins/alerting/server/rule_type_registry.ts
index 50ab1f113ab8b..d1ffe59df3b6f 100644
--- a/x-pack/plugins/alerting/server/rule_type_registry.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry.ts
@@ -508,6 +508,27 @@ function augmentActionGroupsWithReserved<
     );
   }
 
+  const activeActionGroupSeverities = new Set<number>();
+  actionGroups.forEach((actionGroup) => {
+    if (!!actionGroup.severity) {
+      if (activeActionGroupSeverities.has(actionGroup.severity.level)) {
+        throw new Error(
+          i18n.translate(
+            'xpack.alerting.ruleTypeRegistry.register.duplicateActionGroupSeverityError',
+            {
+              defaultMessage:
+                'Rule type [id="{id}"] cannot be registered. Action group definitions cannot contain duplicate severity levels.',
+              values: {
+                id,
+              },
+            }
+          )
+        );
+      }
+      activeActionGroupSeverities.add(actionGroup.severity.level);
+    }
+  });
+
   return {
     ...ruleType,
     ...(config?.rules?.overwriteProducer ? { producer: config.rules.overwriteProducer } : {}),
diff --git a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts
index e54e2570ada09..cb0e7dc6ac03a 100644
--- a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts
@@ -80,6 +80,7 @@ describe('rule_type_registry_deprecated_consumers', () => {
           "test.patternLongRunning.cancelAlertsOnRuleTimeout",
           "test.patternSuccessOrFailure",
           "test.restricted-noop",
+          "test.severity",
           "test.throw",
           "test.unrestricted-noop",
           "test.validation",
diff --git a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts
index e91e99203e8d4..e6979c9f44822 100644
--- a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts
@@ -73,6 +73,7 @@ export const ruleTypeIdWithValidLegacyConsumers: Record<string, string[]> = {
   'test.patternLongRunning.cancelAlertsOnRuleTimeout': [ALERTING_FEATURE_ID],
   'test.patternSuccessOrFailure': [ALERTING_FEATURE_ID],
   'test.restricted-noop': [ALERTING_FEATURE_ID],
+  'test.severity': [ALERTING_FEATURE_ID],
   'test.throw': [ALERTING_FEATURE_ID],
   'test.unrestricted-noop': [ALERTING_FEATURE_ID],
   'test.validation': [ALERTING_FEATURE_ID],
diff --git a/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts b/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts
index f532fdf04eed9..f768f85d17748 100644
--- a/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts
+++ b/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts
@@ -67,6 +67,7 @@ import {
   ALERT_FLAPPING,
   ALERT_FLAPPING_HISTORY,
   ALERT_INSTANCE_ID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_MAINTENANCE_WINDOW_IDS,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -483,6 +484,7 @@ describe('Ad Hoc Task Runner', () => {
           [ALERT_FLAPPING]: false,
           [ALERT_FLAPPING_HISTORY]: [true],
           [ALERT_INSTANCE_ID]: '1',
+          [ALERT_SEVERITY_IMPROVING]: false,
           [ALERT_MAINTENANCE_WINDOW_IDS]: [],
           [ALERT_CONSECUTIVE_MATCHES]: 1,
           [ALERT_RULE_CATEGORY]: 'My test rule',
diff --git a/x-pack/plugins/alerting/server/task_runner/execution_handler.ts b/x-pack/plugins/alerting/server/task_runner/execution_handler.ts
index 72dd7a06bb5fd..f5a61bb6ccabc 100644
--- a/x-pack/plugins/alerting/server/task_runner/execution_handler.ts
+++ b/x-pack/plugins/alerting/server/task_runner/execution_handler.ts
@@ -57,6 +57,7 @@ import {
 } from './rule_action_helper';
 import { RULE_SAVED_OBJECT_TYPE } from '../saved_objects';
 import { ConnectorAdapter } from '../connector_adapters/types';
+import { withAlertingSpan } from './lib';
 
 enum Reasons {
   MUTED = 'muted',
@@ -353,7 +354,9 @@ export class ExecutionHandler<
       for (const c of chunk(bulkActions, CHUNK_SIZE)) {
         let enqueueResponse;
         try {
-          enqueueResponse = await this.actionsClient!.bulkEnqueueExecution(c);
+          enqueueResponse = await withAlertingSpan('alerting:bulk-enqueue-actions', () =>
+            this.actionsClient!.bulkEnqueueExecution(c)
+          );
         } catch (e) {
           if (e.statusCode === 404) {
             throw createTaskRunError(e, TaskErrorSource.USER);
@@ -904,7 +907,9 @@ export class ExecutionHandler<
 
     let alerts;
     try {
-      alerts = await this.alertsClient.getSummarizedAlerts!(options);
+      alerts = await withAlertingSpan(`alerting:get-summarized-alerts-${action.uuid}`, () =>
+        this.alertsClient.getSummarizedAlerts!(options)
+      );
     } catch (e) {
       throw createTaskRunError(e, TaskErrorSource.FRAMEWORK);
     }
diff --git a/x-pack/plugins/alerting/server/task_runner/get_executor_services.ts b/x-pack/plugins/alerting/server/task_runner/get_executor_services.ts
index f2f5436597daa..543915df0d073 100644
--- a/x-pack/plugins/alerting/server/task_runner/get_executor_services.ts
+++ b/x-pack/plugins/alerting/server/task_runner/get_executor_services.ts
@@ -25,6 +25,7 @@ import {
 import { RuleMonitoringService } from '../monitoring/rule_monitoring_service';
 import { RuleResultService } from '../monitoring/rule_result_service';
 import { PublicRuleMonitoringService, PublicRuleResultService } from '../types';
+import { withAlertingSpan } from './lib';
 import { TaskRunnerContext } from './types';
 
 interface GetExecutorServicesOpts {
@@ -65,7 +66,9 @@ export const getExecutorServices = async (opts: GetExecutorServicesOpts) => {
     scopedClusterClient,
   });
 
-  const searchSourceClient = await context.data.search.searchSource.asScoped(fakeRequest);
+  const searchSourceClient = await withAlertingSpan('alerting:get-search-source-client', () =>
+    context.data.search.searchSource.asScoped(fakeRequest)
+  );
   const wrappedSearchSourceClient = wrapSearchSourceClient({
     ...wrappedClientOptions,
     searchSourceClient,
@@ -75,9 +78,11 @@ export const getExecutorServices = async (opts: GetExecutorServicesOpts) => {
     includedHiddenTypes: [RULE_SAVED_OBJECT_TYPE, 'action'],
   });
 
-  const dataViews = await context.dataViews.dataViewsServiceFactory(
-    savedObjectsClient,
-    scopedClusterClient.asInternalUser
+  const dataViews = await await withAlertingSpan('alerting:get-data-views-factory', () =>
+    context.dataViews.dataViewsServiceFactory(
+      savedObjectsClient,
+      scopedClusterClient.asInternalUser
+    )
   );
 
   const uiSettingsClient = context.uiSettings.asScopedToClient(savedObjectsClient);
diff --git a/x-pack/plugins/alerting/server/task_runner/lib/index.ts b/x-pack/plugins/alerting/server/task_runner/lib/index.ts
index ae8aa0aca54ec..eb52a18a0bde3 100644
--- a/x-pack/plugins/alerting/server/task_runner/lib/index.ts
+++ b/x-pack/plugins/alerting/server/task_runner/lib/index.ts
@@ -7,3 +7,4 @@
 
 export { partiallyUpdateAdHocRun } from './partially_update_ad_hoc_run';
 export { processRunResults } from './process_run_result';
+export { withAlertingSpan } from './with_alerting_span';
diff --git a/x-pack/plugins/alerting/server/task_runner/lib/with_alerting_span.ts b/x-pack/plugins/alerting/server/task_runner/lib/with_alerting_span.ts
new file mode 100644
index 0000000000000..d537d16d7c7b0
--- /dev/null
+++ b/x-pack/plugins/alerting/server/task_runner/lib/with_alerting_span.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { withSpan } from '@kbn/apm-utils';
+
+export async function withAlertingSpan<T>(name: string, cb: () => Promise<T>): Promise<T> {
+  return withSpan({ name, type: 'rule run', labels: { plugin: 'alerting' } }, cb);
+}
diff --git a/x-pack/plugins/alerting/server/task_runner/rule_type_runner.ts b/x-pack/plugins/alerting/server/task_runner/rule_type_runner.ts
index 3b9990cb938a1..960771be7af83 100644
--- a/x-pack/plugins/alerting/server/task_runner/rule_type_runner.ts
+++ b/x-pack/plugins/alerting/server/task_runner/rule_type_runner.ts
@@ -30,6 +30,7 @@ import {
 import { ExecutorServices } from './get_executor_services';
 import { TaskRunnerTimer, TaskRunnerTimerSpan } from './task_runner_timer';
 import { RuleRunnerErrorStackTraceLog, RuleTypeRunnerContext, TaskRunnerContext } from './types';
+import { withAlertingSpan } from './lib';
 
 interface ConstructorOpts<
   Params extends RuleTypeParams,
@@ -211,67 +212,69 @@ export class RuleTypeRunner<
               context.namespace ?? DEFAULT_NAMESPACE_STRING
             }] namespace`,
           };
-          executorResult = await this.options.context.executionContext.withContext(ctx, () =>
-            ruleType.executor({
-              executionId,
-              services: {
-                alertFactory: alertsClient.factory(),
-                alertsClient: alertsClient.client(),
-                dataViews: executorServices.dataViews,
-                ruleMonitoringService: executorServices.ruleMonitoringService,
-                ruleResultService: executorServices.ruleResultService,
-                savedObjectsClient: executorServices.savedObjectsClient,
-                scopedClusterClient: executorServices.wrappedScopedClusterClient.client(),
-                searchSourceClient: executorServices.wrappedSearchSourceClient.searchSourceClient,
-                share: this.options.context.share,
-                shouldStopExecution: () => this.cancelled,
-                shouldWriteAlerts: () =>
-                  this.shouldLogAndScheduleActionsForAlerts(ruleType.cancelAlertsOnRuleTimeout),
-                uiSettingsClient: executorServices.uiSettingsClient,
-              },
-              params: validatedParams,
-              state: ruleTypeState as RuleState,
-              startedAtOverridden,
-              startedAt,
-              previousStartedAt: previousStartedAt ? new Date(previousStartedAt) : null,
-              spaceId: context.spaceId,
-              namespace: context.namespace,
-              rule: {
-                id: context.ruleId,
-                name,
-                tags,
-                consumer,
-                producer: ruleType.producer,
-                revision,
-                ruleTypeId,
-                ruleTypeName: ruleType.name,
-                enabled,
-                schedule,
-                actions,
-                createdBy,
-                updatedBy,
-                createdAt,
-                updatedAt,
-                throttle,
-                notifyWhen,
-                muteAll,
-                snoozeSchedule,
-                alertDelay,
-              },
-              logger: this.options.logger,
-              flappingSettings: context.flappingSettings ?? DEFAULT_FLAPPING_SETTINGS,
-              // passed in so the rule registry knows about maintenance windows
-              ...(maintenanceWindowsWithoutScopedQueryIds.length
-                ? { maintenanceWindowIds: maintenanceWindowsWithoutScopedQueryIds }
-                : {}),
-              getTimeRange: (timeWindow) =>
-                getTimeRange({
-                  logger: this.options.logger,
-                  window: timeWindow,
-                  ...(context.queryDelaySec ? { queryDelay: context.queryDelaySec } : {}),
-                  ...(startedAtOverridden ? { forceNow: startedAt } : {}),
-                }),
-            })
+          executorResult = await withAlertingSpan('rule-type-executor', () =>
+            this.options.context.executionContext.withContext(ctx, () =>
+              ruleType.executor({
+                executionId,
+                services: {
+                  alertFactory: alertsClient.factory(),
+                  alertsClient: alertsClient.client(),
+                  dataViews: executorServices.dataViews,
+                  ruleMonitoringService: executorServices.ruleMonitoringService,
+                  ruleResultService: executorServices.ruleResultService,
+                  savedObjectsClient: executorServices.savedObjectsClient,
+                  scopedClusterClient: executorServices.wrappedScopedClusterClient.client(),
+                  searchSourceClient: executorServices.wrappedSearchSourceClient.searchSourceClient,
+                  share: this.options.context.share,
+                  shouldStopExecution: () => this.cancelled,
+                  shouldWriteAlerts: () =>
+                    this.shouldLogAndScheduleActionsForAlerts(ruleType.cancelAlertsOnRuleTimeout),
+                  uiSettingsClient: executorServices.uiSettingsClient,
+                },
+                params: validatedParams,
+                state: ruleTypeState as RuleState,
+                startedAtOverridden,
+                startedAt,
+                previousStartedAt: previousStartedAt ? new Date(previousStartedAt) : null,
+                spaceId: context.spaceId,
+                namespace: context.namespace,
+                rule: {
+                  id: context.ruleId,
+                  name,
+                  tags,
+                  consumer,
+                  producer: ruleType.producer,
+                  revision,
+                  ruleTypeId,
+                  ruleTypeName: ruleType.name,
+                  enabled,
+                  schedule,
+                  actions,
+                  createdBy,
+                  updatedBy,
+                  createdAt,
+                  updatedAt,
+                  throttle,
+                  notifyWhen,
+                  muteAll,
+                  snoozeSchedule,
+                  alertDelay,
+                },
+                logger: this.options.logger,
+                flappingSettings: context.flappingSettings ?? DEFAULT_FLAPPING_SETTINGS,
+                // passed in so the rule registry knows about maintenance windows
+                ...(maintenanceWindowsWithoutScopedQueryIds.length
+                  ? { maintenanceWindowIds: maintenanceWindowsWithoutScopedQueryIds }
+                  : {}),
+                getTimeRange: (timeWindow) =>
+                  getTimeRange({
+                    logger: this.options.logger,
+                    window: timeWindow,
+                    ...(context.queryDelaySec ? { queryDelay: context.queryDelaySec } : {}),
+                    ...(startedAtOverridden ? { forceNow: startedAt } : {}),
+                  }),
+              })
+            )
           );
           // Rule type execution has successfully completed
           // Check that the rule type either never requested the max alerts limit
@@ -318,31 +321,35 @@ export class RuleTypeRunner<
       return { state: undefined, error, stackTrace };
     }
 
-    await this.options.timer.runWithTimer(TaskRunnerTimerSpan.ProcessAlerts, async () => {
-      alertsClient.processAlerts({
-        flappingSettings: context.flappingSettings ?? DEFAULT_FLAPPING_SETTINGS,
-        maintenanceWindowIds: maintenanceWindowsWithoutScopedQueryIds,
-        alertDelay: alertDelay?.active ?? 0,
-        ruleRunMetricsStore: context.ruleRunMetricsStore,
-      });
-    });
-
-    await this.options.timer.runWithTimer(TaskRunnerTimerSpan.PersistAlerts, async () => {
-      const updateAlertsMaintenanceWindowResult = await alertsClient.persistAlerts(
-        maintenanceWindows
-      );
+    await withAlertingSpan('alerting:process-alerts', () =>
+      this.options.timer.runWithTimer(TaskRunnerTimerSpan.ProcessAlerts, async () => {
+        alertsClient.processAlerts({
+          flappingSettings: context.flappingSettings ?? DEFAULT_FLAPPING_SETTINGS,
+          maintenanceWindowIds: maintenanceWindowsWithoutScopedQueryIds,
+          alertDelay: alertDelay?.active ?? 0,
+          ruleRunMetricsStore: context.ruleRunMetricsStore,
+        });
+      })
+    );
 
-      // Set the event log MW ids again, this time including the ids that matched alerts with
-      // scoped query
-      if (
-        updateAlertsMaintenanceWindowResult?.maintenanceWindowIds &&
-        updateAlertsMaintenanceWindowResult?.maintenanceWindowIds.length > 0
-      ) {
-        context.alertingEventLogger.setMaintenanceWindowIds(
-          updateAlertsMaintenanceWindowResult.maintenanceWindowIds
+    await withAlertingSpan('alerting:index-alerts-as-data', () =>
+      this.options.timer.runWithTimer(TaskRunnerTimerSpan.PersistAlerts, async () => {
+        const updateAlertsMaintenanceWindowResult = await alertsClient.persistAlerts(
+          maintenanceWindows
         );
-      }
-    });
+
+        // Set the event log MW ids again, this time including the ids that matched alerts with
+        // scoped query
+        if (
+          updateAlertsMaintenanceWindowResult?.maintenanceWindowIds &&
+          updateAlertsMaintenanceWindowResult?.maintenanceWindowIds.length > 0
+        ) {
+          context.alertingEventLogger.setMaintenanceWindowIds(
+            updateAlertsMaintenanceWindowResult.maintenanceWindowIds
+          );
+        }
+      })
+    );
 
     alertsClient.logAlerts({
       eventLogger: context.alertingEventLogger,
diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts
index b163617c089eb..d5da0a3a8a226 100644
--- a/x-pack/plugins/alerting/server/task_runner/task_runner.ts
+++ b/x-pack/plugins/alerting/server/task_runner/task_runner.ts
@@ -68,7 +68,7 @@ import { MaintenanceWindow } from '../application/maintenance_window/types';
 import { filterMaintenanceWindowsIds, getMaintenanceWindows } from './get_maintenance_windows';
 import { RuleTypeRunner } from './rule_type_runner';
 import { initializeAlertsClient } from '../alerts_client';
-import { processRunResults } from './lib';
+import { withAlertingSpan, processRunResults } from './lib';
 
 const FALLBACK_RETRY_INTERVAL = '5m';
 const CONNECTIVITY_RETRY_INTERVAL = '5m';
@@ -294,11 +294,16 @@ export class TaskRunner<
     const rulesSettingsClient = this.context.getRulesSettingsClientWithRequest(fakeRequest);
     const ruleRunMetricsStore = new RuleRunMetricsStore();
     const ruleLabel = `${this.ruleType.id}:${ruleId}: '${rule.name}'`;
-    const queryDelay = await rulesSettingsClient.queryDelay().get();
+    const queryDelay = await withAlertingSpan('alerting:get-query-delay-settings', () =>
+      rulesSettingsClient.queryDelay().get()
+    );
+    const flappingSettings = await withAlertingSpan('alerting:get-flapping-settings', () =>
+      rulesSettingsClient.flapping().get()
+    );
 
     const ruleTypeRunnerContext = {
       alertingEventLogger: this.alertingEventLogger,
-      flappingSettings: await rulesSettingsClient.flapping().get(),
+      flappingSettings,
       namespace: this.context.spaceIdToNamespace(spaceId),
       queryDelaySec: queryDelay.delay,
       ruleId,
@@ -306,47 +311,51 @@ export class TaskRunner<
       ruleRunMetricsStore,
       spaceId,
     };
-    const alertsClient = await initializeAlertsClient<
-      Params,
-      AlertData,
-      AlertState,
-      Context,
-      ActionGroupIds,
-      RecoveryActionGroupId
-    >({
-      alertsService: this.context.alertsService,
-      context: ruleTypeRunnerContext,
-      executionId: this.executionId,
-      logger: this.logger,
-      maxAlerts: this.context.maxAlerts,
-      rule: {
-        id: rule.id,
-        name: rule.name,
-        tags: rule.tags,
-        consumer: rule.consumer,
-        revision: rule.revision,
-        alertDelay: rule.alertDelay,
-        params: rule.params,
-      },
-      ruleType: this.ruleType as UntypedNormalizedRuleType,
-      startedAt: this.taskInstance.startedAt,
-      taskInstance: this.taskInstance,
-    });
-    const executorServices = await getExecutorServices({
-      context: this.context,
-      fakeRequest,
-      abortController: this.searchAbortController,
-      logger: this.logger,
-      ruleMonitoringService: this.ruleMonitoring,
-      ruleResultService: this.ruleResult,
-      ruleData: {
-        name: rule.name,
-        alertTypeId: rule.alertTypeId,
-        id: rule.id,
-        spaceId,
-      },
-      ruleTaskTimeout: this.ruleType.ruleTaskTimeout,
-    });
+    const alertsClient = await withAlertingSpan('alerting:initialize-alerts-client', () =>
+      initializeAlertsClient<
+        Params,
+        AlertData,
+        AlertState,
+        Context,
+        ActionGroupIds,
+        RecoveryActionGroupId
+      >({
+        alertsService: this.context.alertsService,
+        context: ruleTypeRunnerContext,
+        executionId: this.executionId,
+        logger: this.logger,
+        maxAlerts: this.context.maxAlerts,
+        rule: {
+          id: rule.id,
+          name: rule.name,
+          tags: rule.tags,
+          consumer: rule.consumer,
+          revision: rule.revision,
+          alertDelay: rule.alertDelay,
+          params: rule.params,
+        },
+        ruleType: this.ruleType as UntypedNormalizedRuleType,
+        startedAt: this.taskInstance.startedAt,
+        taskInstance: this.taskInstance,
+      })
+    );
+    const executorServices = await withAlertingSpan('alerting:get-executor-services', () =>
+      getExecutorServices({
+        context: this.context,
+        fakeRequest,
+        abortController: this.searchAbortController,
+        logger: this.logger,
+        ruleMonitoringService: this.ruleMonitoring,
+        ruleResultService: this.ruleResult,
+        ruleData: {
+          name: rule.name,
+          alertTypeId: rule.alertTypeId,
+          id: rule.id,
+          spaceId,
+        },
+        ruleTaskTimeout: this.ruleType.ruleTaskTimeout,
+      })
+    );
 
     const {
       state: updatedRuleTypeState,
@@ -391,21 +400,23 @@ export class TaskRunner<
 
     let executionHandlerRunResult: RunResult = { throttledSummaryActions: {} };
 
-    await this.timer.runWithTimer(TaskRunnerTimerSpan.TriggerActions, async () => {
-      if (isRuleSnoozed(rule)) {
-        this.logger.debug(`no scheduling of actions for rule ${ruleLabel}: rule is snoozed.`);
-      } else if (!this.shouldLogAndScheduleActionsForAlerts()) {
-        this.logger.debug(
-          `no scheduling of actions for rule ${ruleLabel}: rule execution has been cancelled.`
-        );
-        this.countUsageOfActionExecutionAfterRuleCancellation();
-      } else {
-        executionHandlerRunResult = await executionHandler.run({
-          ...alertsClient.getProcessedAlerts('activeCurrent'),
-          ...alertsClient.getProcessedAlerts('recoveredCurrent'),
-        });
-      }
-    });
+    await withAlertingSpan('alerting:schedule-actions', () =>
+      this.timer.runWithTimer(TaskRunnerTimerSpan.TriggerActions, async () => {
+        if (isRuleSnoozed(rule)) {
+          this.logger.debug(`no scheduling of actions for rule ${ruleLabel}: rule is snoozed.`);
+        } else if (!this.shouldLogAndScheduleActionsForAlerts()) {
+          this.logger.debug(
+            `no scheduling of actions for rule ${ruleLabel}: rule execution has been cancelled.`
+          );
+          this.countUsageOfActionExecutionAfterRuleCancellation();
+        } else {
+          executionHandlerRunResult = await executionHandler.run({
+            ...alertsClient.getProcessedAlerts('activeCurrent'),
+            ...alertsClient.getProcessedAlerts('recoveredCurrent'),
+          });
+        }
+      })
+    );
 
     let alertsToReturn: Record<string, RawAlertInstance> = {};
     let recoveredAlertsToReturn: Record<string, RawAlertInstance> = {};
@@ -481,6 +492,7 @@ export class TaskRunner<
         apm.currentTransaction.addLabels({
           alerting_rule_space_id: spaceId,
           alerting_rule_id: ruleId,
+          plugins: 'alerting',
         });
       }
 
@@ -495,7 +507,9 @@ export class TaskRunner<
         this.timer.setDuration(TaskRunnerTimerSpan.StartTaskRun, startedAt);
       }
 
-      const ruleData = await getDecryptedRule(this.context, ruleId, spaceId);
+      const ruleData = await withAlertingSpan('alerting:get-decrypted-rule', () =>
+        getDecryptedRule(this.context, ruleId, spaceId)
+      );
 
       const runRuleParams = validateRuleAndCreateFakeRequest({
         ruleData,
@@ -520,14 +534,16 @@ export class TaskRunner<
       this.ruleMonitoring.setMonitoring(runRuleParams.rule.monitoring);
 
       // Load the maintenance windows
-      this.maintenanceWindows = await getMaintenanceWindows({
-        context: this.context,
-        fakeRequest: runRuleParams.fakeRequest,
-        logger: this.logger,
-        ruleTypeId: this.ruleType.id,
-        ruleId,
-        ruleTypeCategory: this.ruleType.category,
-      });
+      this.maintenanceWindows = await withAlertingSpan('alerting:load-maintenance-windows', () =>
+        getMaintenanceWindows({
+          context: this.context,
+          fakeRequest: runRuleParams.fakeRequest,
+          logger: this.logger,
+          ruleTypeId: this.ruleType.id,
+          ruleId,
+          ruleTypeCategory: this.ruleType.category,
+        })
+      );
 
       // Set the event log MW Id field the first time with MWs without scoped queries
       this.maintenanceWindowsWithoutScopedQueryIds = filterMaintenanceWindowsIds({
@@ -655,7 +671,10 @@ export class TaskRunner<
     let schedule: Result<IntervalSchedule, Error>;
     try {
       const validatedRuleData = await this.prepareToRun();
-      stateWithMetrics = asOk(await this.runRule(validatedRuleData));
+
+      stateWithMetrics = asOk(
+        await withAlertingSpan('alerting:run', () => this.runRule(validatedRuleData))
+      );
 
       // fetch the rule again to ensure we return the correct schedule as it may have
       // changed during the task execution
@@ -666,7 +685,9 @@ export class TaskRunner<
       schedule = asErr(err);
     }
 
-    await this.processRunResults({ schedule, stateWithMetrics });
+    await withAlertingSpan('alerting:process-run-results-and-update-rule', () =>
+      this.processRunResults({ schedule, stateWithMetrics })
+    );
 
     const transformRunStateToTaskState = (
       runStateWithMetrics: RuleTaskStateAndMetrics
diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts
index 2a13bd4cd7c54..69bc11bc48dc8 100644
--- a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts
+++ b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts
@@ -98,6 +98,7 @@ import {
   VERSION,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_SEVERITY_IMPROVING,
 } from '@kbn/rule-data-utils';
 import { backfillClientMock } from '../backfill_client/backfill_client.mock';
 import { ConnectorAdapterRegistry } from '../connector_adapters/connector_adapter_registry';
@@ -570,6 +571,7 @@ describe('Task Runner', () => {
               [ALERT_FLAPPING]: false,
               [ALERT_FLAPPING_HISTORY]: [true],
               [ALERT_INSTANCE_ID]: '1',
+              [ALERT_SEVERITY_IMPROVING]: false,
               [ALERT_MAINTENANCE_WINDOW_IDS]: [],
               [ALERT_RULE_CATEGORY]: 'My test rule',
               [ALERT_RULE_CONSUMER]: 'bar',
diff --git a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx
index 24dcde46cf902..5c424961d7f50 100644
--- a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx
+++ b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx
@@ -158,14 +158,14 @@ export const EditorMenu: FC<Props> = ({
       items: [
         ...visTypeAliases.map(getVisTypeAliasMenuItem),
         ...getAddPanelActionMenuItems(closePopover),
+        ...ungroupedFactories.map(getEmbeddableFactoryMenuItem),
+        ...promotedVisTypes.map(getVisTypeMenuItem),
         ...Object.values(factoryGroupMap).map(({ id, appName, icon, panelId }) => ({
           name: appName,
           icon,
           panel: panelId,
           'data-test-subj': `canvasEditorMenu-${id}Group`,
         })),
-        ...ungroupedFactories.map(getEmbeddableFactoryMenuItem),
-        ...promotedVisTypes.map(getVisTypeMenuItem),
       ],
     },
     ...Object.values(factoryGroupMap).map(
diff --git a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx
index 4e50d56f3cb77..fd644903ac25d 100644
--- a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx
+++ b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx
@@ -7,7 +7,12 @@
 
 import React, { FC, useCallback, useEffect, useMemo, useState } from 'react';
 import { useLocation } from 'react-router-dom';
-import { BaseVisType, VisGroups, VisTypeAlias } from '@kbn/visualizations-plugin/public';
+import {
+  VisGroups,
+  type BaseVisType,
+  type VisTypeAlias,
+  type VisParams,
+} from '@kbn/visualizations-plugin/public';
 import {
   EmbeddableFactory,
   EmbeddableFactoryDefinition,
@@ -201,13 +206,17 @@ export const EditorMenu: FC<Props> = ({ addElement }) => {
     .map(({ factory }) => factory);
 
   const promotedVisTypes = getVisTypesByGroup(VisGroups.PROMOTED);
+  const legacyVisTypes = getVisTypesByGroup(VisGroups.LEGACY);
 
   return (
     <Component
       createNewVisType={createNewVisType}
       createNewEmbeddableFromFactory={createNewEmbeddableFromFactory}
       createNewEmbeddableFromAction={createNewEmbeddableFromAction}
-      promotedVisTypes={promotedVisTypes}
+      promotedVisTypes={([] as Array<BaseVisType<VisParams>>).concat(
+        promotedVisTypes,
+        legacyVisTypes
+      )}
       factories={factories}
       addPanelActions={addPanelActions}
       visTypeAliases={visTypeAliases}
diff --git a/x-pack/plugins/canvas/shareable_runtime/components/footer/settings/__snapshots__/settings.test.tsx.snap b/x-pack/plugins/canvas/shareable_runtime/components/footer/settings/__snapshots__/settings.test.tsx.snap
index 6779553108963..0b470ded97634 100644
--- a/x-pack/plugins/canvas/shareable_runtime/components/footer/settings/__snapshots__/settings.test.tsx.snap
+++ b/x-pack/plugins/canvas/shareable_runtime/components/footer/settings/__snapshots__/settings.test.tsx.snap
@@ -279,7 +279,7 @@ exports[`<Settings /> can navigate Autoplay Settings 2`] = `
                             >
                               <input
                                 aria-describedby="generated-id-help-0"
-                                class="euiFieldText euiFieldText--compressed"
+                                class="euiFieldText emotion-euiFieldText-compressed"
                                 id="generated-id"
                                 type="text"
                                 value="5s"
diff --git a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx
index dcdebf3bf9cd1..82e011366e884 100644
--- a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx
@@ -132,7 +132,7 @@ export const AllCasesList = React.memo<AllCasesListProps>(
 
     const { selectedColumns, setSelectedColumns } = useCasesColumnsSelection();
 
-    const { columns, isLoadingColumns } = useCasesColumns({
+    const { columns, isLoadingColumns, rowHeader } = useCasesColumns({
       filterStatus: filterOptions.status ?? [],
       userProfiles: userProfiles ?? new Map(),
       isSelectorView,
@@ -228,6 +228,7 @@ export const AllCasesList = React.memo<AllCasesListProps>(
         />
         <CasesTable
           columns={columns}
+          rowHeader={rowHeader}
           data={data}
           goToCreateCase={onRowClick ? onCreateCasePressed : undefined}
           isCasesLoading={isLoadingCases}
diff --git a/x-pack/plugins/cases/public/components/all_cases/table.tsx b/x-pack/plugins/cases/public/components/all_cases/table.tsx
index 022753a2899c4..c2b429f4789eb 100644
--- a/x-pack/plugins/cases/public/components/all_cases/table.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/table.tsx
@@ -35,6 +35,7 @@ interface CasesTableProps {
   tableRef?: MutableRefObject<EuiBasicTable | null>;
   tableRowProps: EuiBasicTableProps<CaseUI>['rowProps'];
   isLoadingColumns: boolean;
+  rowHeader?: string;
 }
 
 export const CasesTable: FunctionComponent<CasesTableProps> = ({
@@ -52,6 +53,7 @@ export const CasesTable: FunctionComponent<CasesTableProps> = ({
   tableRef,
   tableRowProps,
   isLoadingColumns,
+  rowHeader,
 }) => {
   const { permissions } = useCasesContext();
   const { getCreateCaseUrl, navigateToCreateCase } = useCreateCaseNavigation();
@@ -81,6 +83,7 @@ export const CasesTable: FunctionComponent<CasesTableProps> = ({
       <EuiBasicTable
         className={classnames({ isSelectorView })}
         columns={columns}
+        rowHeader={rowHeader}
         data-test-subj="cases-table"
         itemId="id"
         items={data.cases}
diff --git a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.test.tsx b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.test.tsx
index 6cb7827a580c4..22783cf05cfc1 100644
--- a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.test.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.test.tsx
@@ -161,6 +161,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -256,6 +257,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -310,6 +312,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -358,6 +361,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -406,6 +410,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -486,6 +491,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
@@ -605,6 +611,7 @@ describe('useCasesColumns ', () => {
           },
         ],
         "isLoadingColumns": false,
+        "rowHeader": "title",
       }
     `);
   });
diff --git a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx
index c5f98fec4a3eb..efdc443366886 100644
--- a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx
@@ -74,6 +74,7 @@ export interface GetCasesColumn {
 export interface UseCasesColumnsReturnValue {
   columns: CasesColumns[];
   isLoadingColumns: boolean;
+  rowHeader: string;
 }
 
 export const useCasesColumns = ({
@@ -371,7 +372,7 @@ export const useCasesColumns = ({
     columns.push(actions);
   }
 
-  return { columns, isLoadingColumns };
+  return { columns, isLoadingColumns, rowHeader: casesColumnsConfig.title.field };
 };
 
 interface Props {
diff --git a/x-pack/plugins/cases/public/components/files/files_table.tsx b/x-pack/plugins/cases/public/components/files/files_table.tsx
index f42d49dc8e003..ace1f5cef24fe 100644
--- a/x-pack/plugins/cases/public/components/files/files_table.tsx
+++ b/x-pack/plugins/cases/public/components/files/files_table.tsx
@@ -74,6 +74,7 @@ export const FilesTable = ({ caseId, items, pagination, onChange, isLoading }: F
       <EuiBasicTable
         tableCaption={i18n.FILES_TABLE}
         items={items}
+        rowHeader="name"
         columns={columns}
         pagination={pagination}
         onChange={onChange}
diff --git a/x-pack/plugins/cases/public/components/files/use_files_table_columns.test.tsx b/x-pack/plugins/cases/public/components/files/use_files_table_columns.test.tsx
index 658af403eae78..0467bb7a2efee 100644
--- a/x-pack/plugins/cases/public/components/files/use_files_table_columns.test.tsx
+++ b/x-pack/plugins/cases/public/components/files/use_files_table_columns.test.tsx
@@ -34,6 +34,7 @@ describe('useFilesTableColumns', () => {
       Array [
         Object {
           "data-test-subj": "cases-files-table-filename",
+          "field": "name",
           "name": "Name",
           "render": [Function],
           "width": "60%",
diff --git a/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx b/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx
index 3a95686bf3a22..d114a77e32347 100644
--- a/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx
+++ b/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx
@@ -27,8 +27,9 @@ export const useFilesTableColumns = ({
   return [
     {
       name: i18n.NAME,
+      field: 'name',
       'data-test-subj': 'cases-files-table-filename',
-      render: (file: FileJSON) => (
+      render: (name: string, file: FileJSON) => (
         <FileNameLink file={file} showPreview={() => showPreview(file)} />
       ),
       width: '60%',
diff --git a/x-pack/plugins/cases/server/client/factory.test.ts b/x-pack/plugins/cases/server/client/factory.test.ts
index 69147e888aeec..f73e93afd680c 100644
--- a/x-pack/plugins/cases/server/client/factory.test.ts
+++ b/x-pack/plugins/cases/server/client/factory.test.ts
@@ -52,7 +52,7 @@ describe('CasesClientFactory', () => {
       });
 
       expect(args.securityPluginStart.userProfiles.getCurrent).toHaveBeenCalled();
-      expect(args.securityPluginStart.authc.getCurrentUser).not.toHaveBeenCalled();
+      expect(args.securityServiceStart.authc.getCurrentUser).not.toHaveBeenCalled();
       expect(createCasesClientMocked.mock.calls[0][0].user).toEqual({
         username: 'my_user',
         full_name: 'My user',
@@ -63,7 +63,7 @@ describe('CasesClientFactory', () => {
     it('constructs the user info from the authc service if the user profile is not available', async () => {
       const scopedClusterClient = coreStart.elasticsearch.client.asScoped(request).asCurrentUser;
       // @ts-expect-error: not all fields are needed
-      args.securityPluginStart.authc.getCurrentUser.mockReturnValueOnce({
+      args.securityServiceStart.authc.getCurrentUser.mockReturnValueOnce({
         username: 'my_user_2',
         full_name: 'My user 2',
         email: 'elastic2@elastic.co',
@@ -76,7 +76,7 @@ describe('CasesClientFactory', () => {
       });
 
       expect(args.securityPluginStart.userProfiles.getCurrent).toHaveBeenCalled();
-      expect(args.securityPluginStart.authc.getCurrentUser).toHaveBeenCalled();
+      expect(args.securityServiceStart.authc.getCurrentUser).toHaveBeenCalled();
       expect(createCasesClientMocked.mock.calls[0][0].user).toEqual({
         username: 'my_user_2',
         full_name: 'My user 2',
@@ -95,7 +95,7 @@ describe('CasesClientFactory', () => {
       });
 
       expect(args.securityPluginStart.userProfiles.getCurrent).toHaveBeenCalled();
-      expect(args.securityPluginStart.authc.getCurrentUser).toHaveBeenCalled();
+      expect(args.securityServiceStart.authc.getCurrentUser).toHaveBeenCalled();
       expect(createCasesClientMocked.mock.calls[0][0].user).toEqual({
         username: 'elastic/kibana',
         full_name: null,
@@ -113,7 +113,7 @@ describe('CasesClientFactory', () => {
       });
 
       expect(args.securityPluginStart.userProfiles.getCurrent).toHaveBeenCalled();
-      expect(args.securityPluginStart.authc.getCurrentUser).toHaveBeenCalled();
+      expect(args.securityServiceStart.authc.getCurrentUser).toHaveBeenCalled();
       expect(createCasesClientMocked.mock.calls[0][0].user).toEqual({
         username: null,
         full_name: null,
diff --git a/x-pack/plugins/cases/server/client/factory.ts b/x-pack/plugins/cases/server/client/factory.ts
index 5bb04c1da9e86..865ee2ff3b684 100644
--- a/x-pack/plugins/cases/server/client/factory.ts
+++ b/x-pack/plugins/cases/server/client/factory.ts
@@ -12,6 +12,7 @@ import type {
   ElasticsearchClient,
   SavedObjectsClientContract,
   IBasePath,
+  SecurityServiceStart,
 } from '@kbn/core/server';
 import type { ISavedObjectsSerializer } from '@kbn/core-saved-objects-server';
 import { SECURITY_EXTENSION_ID } from '@kbn/core-saved-objects-server';
@@ -57,6 +58,7 @@ import { EmailNotificationService } from '../services/notifications/email_notifi
 interface CasesClientFactoryArgs {
   securityPluginSetup: SecurityPluginSetup;
   securityPluginStart: SecurityPluginStart;
+  securityServiceStart: SecurityServiceStart;
   spacesPluginStart?: SpacesPluginStart;
   featuresPluginStart: FeaturesPluginStart;
   actionsPluginStart: ActionsPluginStart;
@@ -257,6 +259,7 @@ export class CasesClientFactory {
 
     try {
       const userProfile = await this.options.securityPluginStart.userProfiles.getCurrent({
+        // todo: Access userProfiles from core's UserProfileService contract
         request,
       });
 
@@ -273,7 +276,7 @@ export class CasesClientFactory {
     }
 
     try {
-      const user = this.options.securityPluginStart.authc.getCurrentUser(request);
+      const user = this.options.securityServiceStart.authc.getCurrentUser(request);
 
       if (user != null) {
         return {
diff --git a/x-pack/plugins/cases/server/client/mocks.ts b/x-pack/plugins/cases/server/client/mocks.ts
index 3de350f5a3981..74d3c3de46fa0 100644
--- a/x-pack/plugins/cases/server/client/mocks.ts
+++ b/x-pack/plugins/cases/server/client/mocks.ts
@@ -6,7 +6,11 @@
  */
 
 import type { PublicContract, PublicMethodsOf } from '@kbn/utility-types';
-import { loggingSystemMock, savedObjectsClientMock } from '@kbn/core/server/mocks';
+import {
+  loggingSystemMock,
+  savedObjectsClientMock,
+  securityServiceMock,
+} from '@kbn/core/server/mocks';
 import type { ISavedObjectsSerializer } from '@kbn/core-saved-objects-server';
 
 import {
@@ -226,6 +230,7 @@ export const createCasesClientFactoryMockArgs = () => {
   return {
     securityPluginSetup: securityMock.createSetup(),
     securityPluginStart: securityMock.createStart(),
+    securityServiceStart: securityServiceMock.createStart(),
     spacesPluginStart: spacesMock.createStart(),
     featuresPluginStart: featuresPluginMock.createSetup(),
     actionsPluginStart: actionsMock.createStart(),
diff --git a/x-pack/plugins/cases/server/plugin.ts b/x-pack/plugins/cases/server/plugin.ts
index 2c3f1f10ad254..48ed1722149ed 100644
--- a/x-pack/plugins/cases/server/plugin.ts
+++ b/x-pack/plugins/cases/server/plugin.ts
@@ -186,6 +186,7 @@ export class CasePlugin
       // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
       securityPluginSetup: this.securityPluginSetup!,
       securityPluginStart: plugins.security,
+      securityServiceStart: core.security,
       spacesPluginStart: plugins.spaces,
       featuresPluginStart: plugins.features,
       actionsPluginStart: plugins.actions,
diff --git a/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts b/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts
index e17eb2f22f7bc..22c93f8919a2a 100644
--- a/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts
+++ b/x-pack/plugins/cases/server/services/notifications/email_notification_service.ts
@@ -100,7 +100,7 @@ export class EmailNotificationService implements NotificationService {
       );
 
       const uids = new Set(assignees.map((assignee) => assignee.uid));
-      const userProfiles = await this.security.userProfiles.bulkGet({ uids });
+      const userProfiles = await this.security.userProfiles.bulkGet({ uids }); // todo: access userProfiles from core security service start contract
       const users = userProfiles.map((profile) => profile.user);
 
       const to = users
diff --git a/x-pack/plugins/cases/server/services/user_profiles/index.ts b/x-pack/plugins/cases/server/services/user_profiles/index.ts
index 6a7be7deac4eb..7bc57a96105f5 100644
--- a/x-pack/plugins/cases/server/services/user_profiles/index.ts
+++ b/x-pack/plugins/cases/server/services/user_profiles/index.ts
@@ -27,7 +27,7 @@ const MIN_PROFILES_SIZE = 0;
 
 interface UserProfileOptions {
   securityPluginSetup: SecurityPluginSetup;
-  securityPluginStart: SecurityPluginStart;
+  securityPluginStart: SecurityPluginStart; // TODO: Use core's UserProfileService
   spaces?: SpacesPluginStart;
   licensingPluginStart: LicensingPluginStart;
 }
@@ -58,6 +58,7 @@ export class UserProfileService {
     size?: number;
     owners: string[];
   }) {
+    // TODO: Use core's UserProfileService
     return securityPluginStart.userProfiles.suggest({
       name: searchTerm,
       size,
diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts
index 31f36b8d57a7c..57f1e465ea73b 100644
--- a/x-pack/plugins/cloud_security_posture/common/constants.ts
+++ b/x-pack/plugins/cloud_security_posture/common/constants.ts
@@ -193,4 +193,12 @@ export const AZURE_CREDENTIALS_TYPE_TO_FIELDS_MAP = {
   manual: [],
 };
 
+export const CLOUD_FORMATION_STACK_NAME = 'Elastic-Cloud-Security-Posture-Management';
+export const TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR = 'ACCOUNT_TYPE';
+
+export const ORGANIZATION_ACCOUNT = 'organization-account';
+export const SINGLE_ACCOUNT = 'single-account';
+
 export const CLOUD_SECURITY_PLUGIN_VERSION = '1.8.1';
+// Cloud Credentials Template url was implemented in 1.10.0-preview01. See PR - https://github.com/elastic/integrations/pull/9828
+export const CLOUD_CREDENTIALS_PACKAGE_VERSION = '1.10.0-preview01';
diff --git a/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts b/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts
index 5d10b5ee4c9a0..3033da7b043b9 100644
--- a/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts
+++ b/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts
@@ -11,7 +11,7 @@ import { CspBenchmarkRuleMetadata } from '../types/latest';
 
 export interface CspFinding {
   '@timestamp': string;
-  cluster_id: string;
+  cluster_id?: string;
   orchestrator?: CspFindingOrchestrator;
   cloud?: CspFindingCloud; // only available on CSPM findings
   result: CspFindingResult;
@@ -33,11 +33,12 @@ interface CspFindingOrchestrator {
 }
 
 interface CspFindingCloud {
-  provider: 'aws';
+  provider: 'aws' | 'azure' | 'gcp';
   account: {
     name: string;
     id: string;
   };
+  region?: string;
 }
 
 interface CspFindingResult {
diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_template_url_package_info.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_template_url_package_info.ts
new file mode 100644
index 0000000000000..eb86392a40863
--- /dev/null
+++ b/x-pack/plugins/cloud_security_posture/public/common/utils/get_template_url_package_info.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PackageInfo } from '@kbn/fleet-plugin/common';
+
+export const SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS = {
+  CLOUD_FORMATION: 'cloud_formation_template',
+  CLOUD_FORMATION_CREDENTIALS: 'cloud_formation_credentials_template',
+  ARM_TEMPLATE: 'arm_template_url',
+  CLOUD_SHELL_URL: 'cloud_shell_url',
+};
+
+export const getTemplateUrlFromPackageInfo = (
+  packageInfo: PackageInfo | undefined,
+  integrationType: string,
+  templateUrlFieldName: string
+): string | undefined => {
+  if (!packageInfo?.policy_templates) return undefined;
+
+  const policyTemplate = packageInfo.policy_templates.find((p) => p.name === integrationType);
+  if (!policyTemplate) return undefined;
+
+  if ('inputs' in policyTemplate) {
+    const cloudFormationTemplate = policyTemplate.inputs?.reduce((acc, input): string => {
+      if (!input.vars) return acc;
+      const template = input.vars.find((v) => v.name === templateUrlFieldName)?.default;
+      return template ? String(template) : acc;
+    }, '');
+    return cloudFormationTemplate !== '' ? cloudFormationTemplate : undefined;
+  }
+};
diff --git a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_data_table/cloud_security_data_table.tsx b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_data_table/cloud_security_data_table.tsx
index 623de8401810c..5c0cbd048f9d1 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_data_table/cloud_security_data_table.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_data_table/cloud_security_data_table.tsx
@@ -5,7 +5,12 @@
  * 2.0.
  */
 import React, { useState, useMemo } from 'react';
-import { UnifiedDataTableSettings, useColumns } from '@kbn/unified-data-table';
+import _ from 'lodash';
+import {
+  UnifiedDataTableSettings,
+  UnifiedDataTableSettingsColumn,
+  useColumns,
+} from '@kbn/unified-data-table';
 import { UnifiedDataTable, DataLoadingState } from '@kbn/unified-data-table';
 import { CellActionsProvider } from '@kbn/cell-actions';
 import { HttpSetup } from '@kbn/core-http-browser';
@@ -130,20 +135,34 @@ export const CloudSecurityDataTable = ({
     columnsLocalStorageKey,
     defaultColumns.map((c) => c.id)
   );
-  const [settings, setSettings] = useLocalStorage<UnifiedDataTableSettings>(
+  const [persistedSettings, setPersistedSettings] = useLocalStorage<UnifiedDataTableSettings>(
     `${columnsLocalStorageKey}:settings`,
     {
-      columns: defaultColumns.reduce((prev, curr) => {
-        const columnDefaultSettings = curr.width
-          ? { width: curr.width, display: columnHeaders?.[curr.id] }
-          : { display: columnHeaders?.[curr.id] };
-        const newColumn = { [curr.id]: columnDefaultSettings };
-        return { ...prev, ...newColumn };
+      columns: defaultColumns.reduce((columnSettings, column) => {
+        const columnDefaultSettings = column.width ? { width: column.width } : {};
+        const newColumn = { [column.id]: columnDefaultSettings };
+        return { ...columnSettings, ...newColumn };
       }, {} as UnifiedDataTableSettings['columns']),
     }
   );
 
-  const { dataView, dataViewIsRefetching, dataViewRefetch } = useDataViewContext();
+  const settings = useMemo(() => {
+    return {
+      columns: Object.keys(persistedSettings?.columns as UnifiedDataTableSettings).reduce(
+        (columnSettings, columnId) => {
+          const newColumn: UnifiedDataTableSettingsColumn = {
+            ..._.pick(persistedSettings?.columns?.[columnId], ['width']),
+            display: columnHeaders?.[columnId],
+          };
+
+          return { ...columnSettings, [columnId]: newColumn };
+        },
+        {} as UnifiedDataTableSettings['columns']
+      ),
+    };
+  }, [persistedSettings, columnHeaders]);
+
+  const { dataView, dataViewIsRefetching } = useDataViewContext();
 
   const [expandedDoc, setExpandedDoc] = useState<DataTableRecord | undefined>(undefined);
 
@@ -161,7 +180,6 @@ export const CloudSecurityDataTable = ({
     fieldFormats,
     toastNotifications,
     storage,
-    dataViewFieldEditor,
   } = useKibana().services;
 
   const styles = useStyles();
@@ -176,7 +194,6 @@ export const CloudSecurityDataTable = ({
     toastNotifications,
     storage,
     data,
-    dataViewFieldEditor,
   };
 
   const {
@@ -242,14 +259,13 @@ export const CloudSecurityDataTable = ({
   );
 
   const onResize = (colSettings: { columnId: string; width: number }) => {
-    const grid = settings || {};
+    const grid = persistedSettings || {};
     const newColumns = { ...(grid.columns || {}) };
     newColumns[colSettings.columnId] = {
       width: Math.round(colSettings.width),
-      display: columnHeaders?.[colSettings.columnId],
     };
     const newGrid = { ...grid, columns: newColumns };
-    setSettings(newGrid);
+    setPersistedSettings(newGrid);
   };
 
   const externalCustomRenderers = useMemo(() => {
@@ -346,7 +362,6 @@ export const CloudSecurityDataTable = ({
           gridStyleOverride={gridStyle}
           rowLineHeightOverride="24px"
           controlColumnIds={controlColumnIds}
-          onFieldEdited={dataViewRefetch}
         />
       </div>
     </CellActionsProvider>
diff --git a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts
index ea1aee0ffcef7..d9e7ac07b9dbd 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts
+++ b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts
@@ -128,6 +128,7 @@ export const useCloudSecurityGrouping = ({
     query,
     error,
     selectedGroup,
+    urlQuery,
     setUrlQuery,
     uniqueValue,
     isNoneSelected,
diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx
index 790bfdc606e82..1929d6c552596 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx
@@ -6,10 +6,22 @@
  */
 
 import React from 'react';
-import { EuiLink, EuiSpacer } from '@elastic/eui';
+import { EuiButton, EuiCallOut, EuiLink, EuiSpacer, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
+import semverCompare from 'semver/functions/compare';
+import semverValid from 'semver/functions/valid';
 import { i18n } from '@kbn/i18n';
+
+import {
+  getTemplateUrlFromPackageInfo,
+  SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS,
+} from '../../../common/utils/get_template_url_package_info';
 import { cspIntegrationDocsNavigation } from '../../../common/navigation/constants';
+import {
+  CLOUD_CREDENTIALS_PACKAGE_VERSION,
+  SINGLE_ACCOUNT,
+  TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR,
+} from '../../../../common/constants';
 import {
   DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE,
   getAwsCredentialsFormAgentlessOptions,
@@ -20,11 +32,110 @@ import { getAwsCredentialsType, getPosturePolicy } from '../utils';
 import { AwsInputVarFields } from './aws_input_var_fields';
 import {
   AwsFormProps,
-  ReadDocumentation,
   AWSSetupInfoContent,
   AwsCredentialTypeSelector,
 } from './aws_credentials_form';
 
+const CLOUD_FORMATION_EXTERNAL_DOC_URL =
+  'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-howdoesitwork.html';
+
+export const CloudFormationCloudCredentialsGuide = ({
+  isOrganization,
+}: {
+  isOrganization?: boolean;
+}) => {
+  return (
+    <EuiText>
+      <p>
+        <FormattedMessage
+          id="xpack.csp.agentlessForm.cloudFormation.guide.description"
+          defaultMessage="CloudFormation will create all the necessary resources to evaluate the security posture of your AWS environment. {learnMore}."
+          values={{
+            learnMore: (
+              <EuiLink
+                href={CLOUD_FORMATION_EXTERNAL_DOC_URL}
+                target="_blank"
+                rel="noopener nofollow noreferrer"
+                data-test-subj="externalLink"
+              >
+                <FormattedMessage
+                  id="xpack.csp.agentlessForm.cloudFormation.guide.learnMoreLinkText"
+                  defaultMessage="Learn more about CloudFormation"
+                />
+              </EuiLink>
+            ),
+          }}
+        />
+      </p>
+      <EuiText size="s" color="subdued">
+        <ol>
+          {isOrganization ? (
+            <li>
+              <FormattedMessage
+                id="xpack.csp.agentlessForm.cloudFormation.guide.steps.organizationLogin"
+                defaultMessage="Log in as an admin in the management account of the AWS Organization you want to onboard"
+              />
+            </li>
+          ) : (
+            <li>
+              <FormattedMessage
+                id="xpack.csp.agentlessForm.cloudFormation.guide.steps.login"
+                defaultMessage="Log in as an admin in the AWS account you want to onboard"
+              />
+            </li>
+          )}
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.guide.steps.launch"
+              defaultMessage="Click the Launch CloudFormation button below."
+            />
+          </li>
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.steps.region"
+              defaultMessage="(Optional) Change the Amazon region in the upper right corner to the region you want to deploy your stack to"
+            />
+          </li>
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.gsteps.accept"
+              defaultMessage="Tick the checkbox under capabilities in the opened CloudFormation stack review form: {acknowledge}"
+              values={{
+                acknowledge: (
+                  <strong>
+                    <FormattedMessage
+                      id="xpack.csp.agentlessForm.cloudFormation.steps.accept.acknowledge"
+                      defaultMessage="I acknowledge that AWS CloudFormation might create IAM resources."
+                    />
+                  </strong>
+                ),
+              }}
+            />
+          </li>
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.steps.create"
+              defaultMessage="Click Create stack."
+            />
+          </li>
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.steps.stackStatus"
+              defaultMessage="Once  stack status is CREATE_COMPLETE then click the Ouputs tab"
+            />
+          </li>
+          <li>
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.cloudFormation.steps.credentials"
+              defaultMessage="Copy Access Key Id and Secret Access Key then paste the credentials below"
+            />
+          </li>
+        </ol>
+      </EuiText>
+    </EuiText>
+  );
+};
+
 export const AwsCredentialsFormAgentless = ({
   input,
   newPolicy,
@@ -36,6 +147,18 @@ export const AwsCredentialsFormAgentless = ({
   const group = options[awsCredentialsType];
   const fields = getInputVarsFields(input, group.fields);
   const integrationLink = cspIntegrationDocsNavigation.cspm.getStartedPath;
+  const accountType = input?.streams?.[0].vars?.['aws.account_type']?.value ?? SINGLE_ACCOUNT;
+
+  const isValidSemantic = semverValid(packageInfo.version);
+  const showCloudCredentialsButton = isValidSemantic
+    ? semverCompare(packageInfo.version, CLOUD_CREDENTIALS_PACKAGE_VERSION) >= 0
+    : false;
+
+  const automationCredentialTemplate = getTemplateUrlFromPackageInfo(
+    packageInfo,
+    input.policy_template,
+    SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS.CLOUD_FORMATION_CREDENTIALS
+  )?.replace(TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR, accountType);
 
   return (
     <>
@@ -73,10 +196,35 @@ export const AwsCredentialsFormAgentless = ({
         }}
       />
       <EuiSpacer size="m" />
-      {group.info}
-      <EuiSpacer size="m" />
-      <ReadDocumentation url={integrationLink} />
-      <EuiSpacer size="l" />
+      {!showCloudCredentialsButton && (
+        <>
+          <EuiCallOut color="warning">
+            <FormattedMessage
+              id="xpack.csp.fleetIntegration.awsCloudCredentials.cloudFormationSupportedMessage"
+              defaultMessage="Launch Cloud Formation for Automated Credentials not supported in current integration version. Please upgrade to the latest version to enable Launch CloudFormation for automated credentials."
+            />
+          </EuiCallOut>
+          <EuiSpacer size="m" />
+        </>
+      )}
+      {awsCredentialsType === DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE && showCloudCredentialsButton && (
+        <>
+          <EuiSpacer size="m" />
+          <EuiButton
+            data-test-subj="launchCloudFormationAgentlessButton"
+            target="_blank"
+            iconSide="left"
+            iconType="launch"
+            href={automationCredentialTemplate}
+          >
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.agentlessAWSCredentialsForm.cloudFormation.launchButton"
+              defaultMessage="Launch CloudFormation"
+            />
+          </EuiButton>
+          <EuiSpacer size="m" />
+        </>
+      )}
       <AwsInputVarFields
         fields={fields}
         packageInfo={packageInfo}
diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credentials_form_agentless.tsx b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credentials_form_agentless.tsx
index 8a289ca755e29..ca25f3ea1469e 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credentials_form_agentless.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credentials_form_agentless.tsx
@@ -6,11 +6,21 @@
  */
 
 import React from 'react';
-import { EuiSpacer } from '@elastic/eui';
-
+import { EuiButton, EuiCallOut, EuiSpacer } from '@elastic/eui';
+import semverCompare from 'semver/functions/compare';
+import semverValid from 'semver/functions/valid';
+import { FormattedMessage } from '@kbn/i18n-react';
+import {
+  getTemplateUrlFromPackageInfo,
+  SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS,
+} from '../../../common/utils/get_template_url_package_info';
+import {
+  CLOUD_CREDENTIALS_PACKAGE_VERSION,
+  ORGANIZATION_ACCOUNT,
+  TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR,
+} from '../../../../common/constants';
 import {
   GcpFormProps,
-  GCPSetupInfoContent,
   GcpInputVarFields,
   gcpField,
   getInputVarsFields,
@@ -23,13 +33,19 @@ export const GcpCredentialsFormAgentless = ({
   input,
   newPolicy,
   updatePolicy,
+  packageInfo,
   disabled,
 }: GcpFormProps) => {
   const accountType = input.streams?.[0]?.vars?.['gcp.account_type']?.value;
-  const isOrganization = accountType === 'organization-account';
+  const isOrganization = accountType === ORGANIZATION_ACCOUNT;
   const organizationFields = ['gcp.organization_id', 'gcp.credentials.json'];
   const singleAccountFields = ['gcp.project_id', 'gcp.credentials.json'];
 
+  const isValidSemantic = semverValid(packageInfo.version);
+  const showCloudCredentialsButton = isValidSemantic
+    ? semverCompare(packageInfo.version, CLOUD_CREDENTIALS_PACKAGE_VERSION) >= 0
+    : false;
+
   /*
     For Agentless only JSON credentials type is supported.
     Also in case of organisation setup, project_id is not required in contrast to Agent-based.
@@ -42,10 +58,43 @@ export const GcpCredentialsFormAgentless = ({
     }
   });
 
+  const cloudShellUrl = getTemplateUrlFromPackageInfo(
+    packageInfo,
+    input.policy_template,
+    SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS.CLOUD_SHELL_URL
+  )?.replace(TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR, accountType);
+
   return (
     <>
-      <GCPSetupInfoContent />
-      <EuiSpacer size="l" />
+      <EuiSpacer size="m" />
+      {!showCloudCredentialsButton && (
+        <>
+          <EuiCallOut color="warning">
+            <FormattedMessage
+              id="xpack.csp.fleetIntegration.gcpCloudCredentials.cloudFormationSupportedMessage"
+              defaultMessage="Launch Cloud Shell for automated credentials not supported in current integration version. Please upgrade to the latest version to enable Launch Cloud Shell for automated credentials."
+            />
+          </EuiCallOut>
+          <EuiSpacer size="m" />
+        </>
+      )}
+      {showCloudCredentialsButton && (
+        <>
+          <EuiButton
+            data-test-subj="launchGoogleCloudShellAgentlessButton"
+            target="_blank"
+            iconSide="left"
+            iconType="launch"
+            href={cloudShellUrl}
+          >
+            <FormattedMessage
+              id="xpack.csp.agentlessForm.googleCloudShell.cloudCredentials.button"
+              defaultMessage="Launch Google Cloud Shell"
+            />
+          </EuiButton>
+          <EuiSpacer size="l" />
+        </>
+      )}
       <GcpInputVarFields
         disabled={disabled}
         fields={fields}
diff --git a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx
index ad3e482f614f5..1dcb9454a176a 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx
@@ -12,7 +12,6 @@ import { renderWrapper } from '../../test/mock_server/mock_server_test_provider'
 import { NoFindingsStates } from './no_findings_states';
 import * as statusHandlers from '../../../server/routes/status/status.handlers.mock';
 import * as benchmarksHandlers from '../../../server/routes/benchmarks/benchmarks.handlers.mock';
-import { fleetCspPackageHandler } from './no_findings_states.handlers.mock';
 
 const server = setupMockServer();
 
@@ -23,10 +22,6 @@ const renderNoFindingsStates = (postureType: 'cspm' | 'kspm' = 'cspm') => {
 describe('NoFindingsStates', () => {
   startMockServer(server);
 
-  beforeEach(() => {
-    server.use(fleetCspPackageHandler);
-  });
-
   it('shows integrations installation prompt with installation links when integration is not-installed', async () => {
     server.use(statusHandlers.notInstalledHandler);
     renderNoFindingsStates();
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts
new file mode 100644
index 0000000000000..38e4edf46f77a
--- /dev/null
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts
@@ -0,0 +1,236 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { estypes } from '@elastic/elasticsearch';
+import { CspFinding } from '../../../common/schemas/csp_finding';
+import { isArray } from 'lodash';
+import { http, HttpResponse } from 'msw';
+import { v4 as uuidV4 } from 'uuid';
+
+export const generateCspFinding = (
+  id: string,
+  evaluation: 'failed' | 'passed' = 'passed'
+): CspFinding => {
+  const timeFiveHoursAgo = Date.now() - 18000000;
+  const timeFiveHoursAgoToIsoString = new Date(timeFiveHoursAgo).toISOString();
+
+  return {
+    agent: {
+      name: 'cloudbeatVM',
+      id: `agent-${id}`,
+      type: 'cloudbeat',
+      version: '8.13.2',
+    },
+    resource: {
+      account_id: `/subscriptions/${id}`,
+      sub_type: 'azure-disk',
+      account_name: 'csp-team',
+      name: `disk_${id}`,
+      id: `/subscriptions/${id}/test/disks/disk_${id}`,
+      region: 'eastus',
+      type: 'cloud-compute',
+      raw: {
+        id: `/subscriptions/${id}/test/disks/disk_${id}`,
+        name: `disk_${id}`,
+        type: 'microsoft.compute/disks',
+        location: 'eastus',
+        properties: {
+          publicNetworkAccess: 'Enabled',
+          osType: 'Linux',
+        },
+      },
+    },
+    rule: {
+      rego_rule_id: 'AZU-1.0-1.0',
+      references: 'https://elastic.co',
+      impact: `impact ${id}`,
+      description: `description ${id}`,
+      section: `Section ${id}`,
+      default_value: '',
+      version: '1.0',
+      rationale: `rationale ${id}`,
+      benchmark: {
+        name: 'CIS Microsoft Azure Foundations',
+        rule_number: `1.1.${id}`,
+        id: 'cis_azure',
+        version: 'v2.0.0',
+        posture_type: 'cspm',
+      },
+      tags: ['CIS', 'AZURE', 'CIS 1.0', `Section ${id}`],
+      remediation: `remediation ${id}`,
+      audit: `audit ${id}`,
+      name: `Name ${id}`,
+      id: `rule-${id}`,
+      profile_applicability: 'profile',
+    },
+    result: {
+      evaluation,
+      evidence: {
+        Resource: {
+          name: `disk_${id}`,
+          location: 'eastus',
+          type: 'microsoft.compute/disks',
+          properties: {
+            publicNetworkAccess: 'Enabled',
+            osType: 'Linux',
+          },
+        },
+      },
+    },
+    cloud: {
+      provider: 'azure',
+      region: 'eastus',
+      account: {
+        name: 'test',
+        id: `/subscriptions/${id}`,
+      },
+    },
+    '@timestamp': timeFiveHoursAgoToIsoString,
+    ecs: {
+      version: '8.6.0',
+    },
+    host: {
+      name: `host ${id}`,
+      id: `host-${id}`,
+      containerized: false,
+      ip: ['0.0.0.0'],
+      mac: ['00:00:00:00:00:00'],
+      hostname: `host-${id}`,
+      architecture: 'x86_64',
+      os: {
+        kernel: '4.19.0-16-cloud-amd64',
+        codename: 'buster',
+        type: 'linux',
+        platform: 'debian',
+        version: '10.3',
+        family: 'debian',
+        name: 'Debian GNU/Linux',
+      },
+    },
+    event: {
+      agent_id_status: 'auth_metadata_missing',
+      sequence: 1715693351,
+      ingested: timeFiveHoursAgoToIsoString,
+      created: timeFiveHoursAgoToIsoString,
+      kind: 'state',
+      id: `event-${id}`,
+      type: ['info'],
+      category: ['configuration'],
+      dataset: 'cloud_security_posture.findings',
+      outcome: 'success',
+    },
+  };
+};
+
+export const generateFindingHit = (finding: CspFinding) => {
+  return {
+    _index: 'logs-cloud_security_posture.findings_latest-default',
+    _id: uuidV4(),
+    _score: null,
+    _source: finding,
+    sort: [1715693387715],
+  };
+};
+
+const getFindingsBsearchResponse = (findings: CspFinding[]) => {
+  const buckets = findings.reduce(
+    (acc, finding) => {
+      if (finding.result.evaluation === 'failed') {
+        acc[0].doc_count = (acc[0].doc_count || 0) + 1;
+      } else {
+        acc[1].doc_count = (acc[1].doc_count || 0) + 1;
+      }
+      return acc;
+    },
+    [
+      {
+        key: 'failed',
+        doc_count: 0,
+      },
+      {
+        key: 'passed',
+        doc_count: 0,
+      },
+    ]
+  );
+
+  return {
+    id: 0,
+    result: {
+      rawResponse: {
+        took: 1,
+        timed_out: false,
+        _shards: {
+          total: 1,
+          successful: 1,
+          skipped: 0,
+          failed: 0,
+        },
+        hits: {
+          total: findings.length,
+          max_score: null,
+          hits: findings.map(generateFindingHit),
+        },
+        aggregations: {
+          count: {
+            doc_count_error_upper_bound: 0,
+            sum_other_doc_count: 0,
+            buckets,
+          },
+        },
+      },
+      isPartial: false,
+      isRunning: false,
+      total: 1,
+      loaded: 1,
+      isRestored: false,
+    },
+  };
+};
+
+export const rulesGetStatesHandler = http.get(
+  'internal/cloud_security_posture/rules/_get_states',
+  () => {
+    return HttpResponse.json({});
+  }
+);
+
+export const bsearchFindingsHandler = (findings: CspFinding[]) =>
+  http.post('internal/bsearch', async ({ request }) => {
+    const jsonRequest = (await request.json()) as Partial<estypes.SearchRequest>;
+
+    const filter = jsonRequest?.query?.bool?.filter;
+
+    const hasRuleSectionQuerySearchTerm =
+      isArray(filter) &&
+      isArray(filter[0]?.bool?.should) &&
+      filter[0]?.bool?.should?.[0]?.term?.['rule.section']?.value !== undefined;
+
+    if (hasRuleSectionQuerySearchTerm) {
+      const filteredFindingJson = findings.filter((finding) => {
+        const termValue = (filter[0].bool?.should as estypes.QueryDslQueryContainer[])?.[0]?.term?.[
+          'rule.section'
+        ]?.value;
+        return finding.rule.section === termValue;
+      });
+
+      return HttpResponse.json(getFindingsBsearchResponse(filteredFindingJson));
+    }
+
+    const hasRuleSectionFilter =
+      isArray(filter) && filter?.[0]?.match_phrase?.['rule.section'] !== undefined;
+
+    if (hasRuleSectionFilter) {
+      const filteredFindingJson = findings.filter((finding) => {
+        return finding.rule.section === filter?.[0]?.match_phrase?.['rule.section'];
+      });
+
+      return HttpResponse.json(getFindingsBsearchResponse(filteredFindingJson));
+    }
+
+    return HttpResponse.json(getFindingsBsearchResponse(findings));
+  });
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx
index c955cc847a6c9..324eddd1fd8fc 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx
@@ -5,246 +5,246 @@
  * 2.0.
  */
 import React from 'react';
-import Chance from 'chance';
-import type { UseQueryResult } from '@tanstack/react-query';
-import { of } from 'rxjs';
-import { useDataView } from '../../common/api/use_data_view';
+import {
+  getMockServerDependencies,
+  setupMockServer,
+  startMockServer,
+} from '../../test/mock_server/mock_server';
+import { renderWrapper } from '../../test/mock_server/mock_server_test_provider';
 import { Configurations } from './configurations';
-import { TestProvider } from '../../test/test_provider';
-import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
-import { createStubDataView } from '@kbn/data-views-plugin/public/data_views/data_view.stub';
-import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../common/constants';
-import * as TEST_SUBJECTS from './test_subjects';
-import type { DataView } from '@kbn/data-plugin/common';
-import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api';
-import { useSubscriptionStatus } from '../../common/hooks/use_subscription_status';
-import { createReactQueryResponse } from '../../test/fixtures/react_query';
-import { useCISIntegrationPoliciesLink } from '../../common/navigation/use_navigate_to_cis_integration_policies';
-import { useCspIntegrationLink } from '../../common/navigation/use_csp_integration_link';
-import { NO_FINDINGS_STATUS_TEST_SUBJ } from '../../components/test_subjects';
-import { render } from '@testing-library/react';
-import { expectIdsInDoc } from '../../test/utils';
-import { PACKAGE_NOT_INSTALLED_TEST_SUBJECT } from '../../components/cloud_posture_page';
-import { useLicenseManagementLocatorApi } from '../../common/api/use_license_management_locator_api';
-
-jest.mock('../../common/api/use_data_view');
-jest.mock('../../common/api/use_setup_status_api');
-jest.mock('../../common/api/use_license_management_locator_api');
-jest.mock('../../common/hooks/use_subscription_status');
-jest.mock('../../common/navigation/use_navigate_to_cis_integration_policies');
-jest.mock('../../common/navigation/use_csp_integration_link');
-
-const chance = new Chance();
-
-beforeEach(() => {
-  jest.clearAllMocks();
-
-  (useSubscriptionStatus as jest.Mock).mockImplementation(() =>
-    createReactQueryResponse({
-      status: 'success',
-      data: true,
-    })
-  );
-
-  (useLicenseManagementLocatorApi as jest.Mock).mockImplementation(() =>
-    createReactQueryResponse({
-      status: 'success',
-      data: true,
-    })
-  );
-});
-
-const renderFindingsPage = () => {
-  render(
-    <TestProvider>
+import { fireEvent, screen, waitFor, within } from '@testing-library/react';
+import { MemoryRouter } from '@kbn/shared-ux-router';
+import { findingsNavigation } from '../../common/navigation/constants';
+import userEvent from '@testing-library/user-event';
+import { FilterManager } from '@kbn/data-plugin/public';
+import { CspClientPluginStartDeps } from '../../types';
+import * as statusHandlers from '../../../server/routes/status/status.handlers.mock';
+import {
+  bsearchFindingsHandler,
+  generateCspFinding,
+  rulesGetStatesHandler,
+} from './configurations.handlers.mock';
+
+const server = setupMockServer();
+
+const renderFindingsPage = (dependencies = getMockServerDependencies()) => {
+  return renderWrapper(
+    <MemoryRouter initialEntries={[findingsNavigation.findings_default.path]}>
       <Configurations />
-    </TestProvider>
+    </MemoryRouter>,
+    dependencies
   );
 };
 
 describe('<Findings />', () => {
-  it('no findings state: not-deployed - shows NotDeployed instead of findings', () => {
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() =>
-      createReactQueryResponse({
-        status: 'success',
-        data: {
-          kspm: { status: 'not-deployed' },
-          cspm: { status: 'not-deployed' },
-          indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
-            { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          ],
-        },
-      })
-    );
-    (useCISIntegrationPoliciesLink as jest.Mock).mockImplementation(() => chance.url());
-    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+  startMockServer(server);
 
+  beforeEach(() => {
+    server.use(rulesGetStatesHandler);
+  });
+
+  it('renders integrations installation prompt if integration is not installed', async () => {
+    server.use(statusHandlers.notInstalledHandler);
     renderFindingsPage();
 
-    expectIdsInDoc({
-      be: [NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED],
-      notToBe: [
-        TEST_SUBJECTS.FINDINGS_CONTAINER,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT,
-        NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED,
-      ],
-    });
+    expect(screen.getByText(/loading/i)).toBeInTheDocument();
+    await waitFor(() => expect(screen.getByText(/add cspm integration/i)).toBeInTheDocument());
+    expect(screen.getByText(/add kspm integration/i)).toBeInTheDocument();
   });
 
-  it('no findings state: indexing - shows Indexing instead of findings', () => {
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() =>
-      createReactQueryResponse({
-        status: 'success',
-        data: {
-          kspm: { status: 'indexing' },
-          cspm: { status: 'indexing' },
-          indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
-            { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          ],
-        },
-      })
-    );
-    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+  it("renders the 'latest findings' DataTable component when the CSPM/KSPM integration status is 'indexed' grouped by 'none'", async () => {
+    const finding1 = generateCspFinding('0001', 'failed');
+    const finding2 = generateCspFinding('0002', 'passed');
 
+    server.use(statusHandlers.indexedHandler);
+    server.use(bsearchFindingsHandler([finding1, finding2]));
     renderFindingsPage();
 
-    expectIdsInDoc({
-      be: [NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING],
-      notToBe: [
-        TEST_SUBJECTS.FINDINGS_CONTAINER,
-        NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT,
-        NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED,
-      ],
-    });
-  });
+    // Loading while checking the status API
+    expect(screen.getByText(/loading/i)).toBeInTheDocument();
 
-  it('no findings state: index-timeout - shows IndexTimeout instead of findings', () => {
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() =>
-      createReactQueryResponse({
-        status: 'success',
-        data: {
-          kspm: { status: 'index-timeout' },
-          cspm: { status: 'index-timeout' },
-          indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
-            { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          ],
-        },
-      })
-    );
-    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+    await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
 
-    renderFindingsPage();
+    expect(screen.getByText(finding1.resource.name)).toBeInTheDocument();
+    expect(screen.getByText(finding1.resource.id)).toBeInTheDocument();
+    expect(screen.getByText(finding1.rule.benchmark.rule_number as string)).toBeInTheDocument();
+    expect(screen.getByText(finding1.rule.name)).toBeInTheDocument();
+    expect(screen.getByText(finding1.rule.section)).toBeInTheDocument();
 
-    expectIdsInDoc({
-      be: [NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT],
-      notToBe: [
-        TEST_SUBJECTS.FINDINGS_CONTAINER,
-        NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING,
-        NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED,
-      ],
-    });
+    expect(screen.getByText(finding2.resource.name)).toBeInTheDocument();
+    expect(screen.getByText(finding2.resource.id)).toBeInTheDocument();
+    expect(screen.getByText(finding2.rule.benchmark.rule_number as string)).toBeInTheDocument();
+    expect(screen.getByText(finding2.rule.name)).toBeInTheDocument();
+    expect(screen.getByText(finding2.rule.section)).toBeInTheDocument();
+
+    expect(screen.getByText(/group findings by: none/i)).toBeInTheDocument();
   });
 
-  it('no findings state: unprivileged - shows Unprivileged instead of findings', () => {
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() =>
-      createReactQueryResponse({
-        status: 'success',
-        data: {
-          kspm: { status: 'unprivileged' },
-          cspm: { status: 'unprivileged' },
-          indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
-            { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          ],
-        },
-      })
-    );
-    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+  describe('SearchBar', () => {
+    it('set search query', async () => {
+      const finding1 = generateCspFinding('0001', 'failed');
+      const finding2 = generateCspFinding('0002', 'passed');
 
-    renderFindingsPage();
+      server.use(statusHandlers.indexedHandler);
+      server.use(bsearchFindingsHandler([finding1, finding2]));
+
+      renderFindingsPage();
+
+      // Loading while checking the status API
+      expect(screen.getByText(/loading/i)).toBeInTheDocument();
+
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
+
+      const queryInput = screen.getByTestId('queryInput');
+      userEvent.paste(queryInput, `rule.section : ${finding1.rule.section}`);
+
+      const submitButton = screen.getByTestId('querySubmitButton');
+      userEvent.click(submitButton);
+
+      await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument());
+
+      expect(screen.getByText(finding1.resource.name)).toBeInTheDocument();
+      expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument();
 
-    expectIdsInDoc({
-      be: [NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED],
-      notToBe: [
-        TEST_SUBJECTS.FINDINGS_CONTAINER,
-        NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT,
-      ],
+      userEvent.clear(queryInput);
+      userEvent.click(submitButton);
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
     });
-  });
+    it('renders no results message and reset button when search query does not match', async () => {
+      const finding1 = generateCspFinding('0001', 'failed');
+      const finding2 = generateCspFinding('0002', 'passed');
 
-  it("renders the success state component when 'latest findings' DataView exists and request status is 'success'", async () => {
-    const source = await dataPluginMock.createStartContract().search.searchSource.create();
-
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() => ({
-      status: 'success',
-      data: {
-        kspm: { status: 'indexed' },
-        cspm: { status: 'indexed' },
-        indicesDetails: [
-          { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
-          { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-        ],
-      },
-    }));
-    (source.fetch$ as jest.Mock).mockReturnValue(of({ rawResponse: { hits: { hits: [] } } }));
-
-    (useDataView as jest.Mock).mockReturnValue({
-      status: 'success',
-      data: createStubDataView({
-        spec: {
-          id: CSP_LATEST_FINDINGS_DATA_VIEW,
-        },
-      }),
-    } as UseQueryResult<DataView>);
+      server.use(statusHandlers.indexedHandler);
+      server.use(bsearchFindingsHandler([finding1, finding2]));
 
-    renderFindingsPage();
+      renderFindingsPage();
+
+      // Loading while checking the status API
+      expect(screen.getByText(/loading/i)).toBeInTheDocument();
+
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
+
+      const queryInput = screen.getByTestId('queryInput');
+      userEvent.paste(queryInput, `rule.section : Invalid`);
+
+      const submitButton = screen.getByTestId('querySubmitButton');
+      userEvent.click(submitButton);
 
-    expectIdsInDoc({
-      be: [TEST_SUBJECTS.LATEST_FINDINGS_CONTAINER],
-      notToBe: [
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT,
-        NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING,
-        NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED,
-      ],
+      await waitFor(() =>
+        expect(screen.getByText(/no results match your search criteria/i)).toBeInTheDocument()
+      );
+
+      const resetButton = screen.getByRole('button', {
+        name: /reset filters/i,
+      });
+
+      userEvent.click(resetButton);
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
     });
-  });
+    it('add filter', async () => {
+      const finding1 = generateCspFinding('0001', 'failed');
+      const finding2 = generateCspFinding('0002', 'passed');
 
-  it('renders integrations installation prompt if integration is not installed', async () => {
-    (useCspSetupStatusApi as jest.Mock).mockImplementation(() =>
-      createReactQueryResponse({
-        status: 'success',
-        data: {
-          kspm: { status: 'not-installed' },
-          cspm: { status: 'not-installed' },
-          indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
-            { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-          ],
-        },
-      })
-    );
-    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
-    renderFindingsPage();
+      server.use(statusHandlers.indexedHandler);
+      server.use(bsearchFindingsHandler([finding1, finding2]));
 
-    expectIdsInDoc({
-      be: [PACKAGE_NOT_INSTALLED_TEST_SUBJECT],
-      notToBe: [
-        TEST_SUBJECTS.LATEST_FINDINGS_CONTAINER,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT,
-        NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED,
-        NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING,
-        NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED,
-      ],
+      renderFindingsPage();
+
+      // Loading while checking the status API
+      expect(screen.getByText(/loading/i)).toBeInTheDocument();
+
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
+
+      userEvent.click(screen.getByTestId('addFilter'), undefined, { skipPointerEventsCheck: true });
+
+      await waitFor(() =>
+        expect(screen.getByTestId('filterFieldSuggestionList')).toBeInTheDocument()
+      );
+
+      const filterFieldSuggestionListInput = within(
+        screen.getByTestId('filterFieldSuggestionList')
+      ).getByTestId('comboBoxSearchInput');
+
+      userEvent.paste(filterFieldSuggestionListInput, 'rule.section');
+      userEvent.keyboard('{enter}');
+
+      const filterOperatorListInput = within(screen.getByTestId('filterOperatorList')).getByTestId(
+        'comboBoxSearchInput'
+      );
+      userEvent.click(filterOperatorListInput, undefined, { skipPointerEventsCheck: true });
+
+      const filterOption = within(
+        screen.getByTestId('comboBoxOptionsList filterOperatorList-optionsList')
+      ).getByRole('option', { name: 'is' });
+      fireEvent.click(filterOption);
+
+      const filterParamsInput = within(screen.getByTestId('filterParams')).getByRole('textbox');
+      userEvent.paste(filterParamsInput, finding1.rule.section);
+
+      userEvent.click(screen.getByTestId('saveFilter'), undefined, {
+        skipPointerEventsCheck: true,
+      });
+
+      await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument());
+      expect(screen.getByText(finding1.resource.name)).toBeInTheDocument();
+      expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument();
+    });
+    it('remove filter', async () => {
+      const finding1 = generateCspFinding('0001', 'failed');
+      const finding2 = generateCspFinding('0002', 'passed');
+
+      const mockedFilterManager = new FilterManager(getMockServerDependencies().core.uiSettings);
+      mockedFilterManager.setFilters([
+        {
+          meta: {
+            alias: `rule.section: ${finding1.rule.section}`,
+            negate: false,
+            disabled: false,
+            key: 'rule.section',
+            value: finding1.rule.section,
+          },
+          query: {
+            match_phrase: {
+              'rule.section': finding1.rule.section,
+            },
+          },
+        },
+      ]);
+      const mockDependenciesWithFilter = {
+        ...getMockServerDependencies(),
+        deps: {
+          ...getMockServerDependencies().deps,
+          data: {
+            ...getMockServerDependencies().deps.data,
+            query: {
+              ...getMockServerDependencies().deps.data!.query,
+              filterManager: mockedFilterManager,
+            },
+          },
+        } as unknown as Partial<CspClientPluginStartDeps>,
+      };
+
+      server.use(statusHandlers.indexedHandler);
+      server.use(bsearchFindingsHandler([finding1, finding2]));
+
+      renderFindingsPage(mockDependenciesWithFilter);
+
+      // Loading while checking the status API
+      expect(screen.getByText(/loading/i)).toBeInTheDocument();
+
+      await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument());
+      expect(screen.getByText(finding1.resource.name)).toBeInTheDocument();
+      expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument();
+
+      const deleteFilter = screen.getByRole('button', {
+        name: `Delete rule.section: ${finding1.rule.section}`,
+      });
+      userEvent.click(deleteFilter);
+
+      await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument());
+
+      expect(screen.getByText(finding1.resource.name)).toBeInTheDocument();
+      expect(screen.getByText(finding2.resource.name)).toBeInTheDocument();
     });
   });
 });
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx
index 1452bc60c3bf2..1c94500579e48 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx
@@ -11,7 +11,7 @@ import { TrackApplicationView } from '@kbn/usage-collection-plugin/public';
 import { LATEST_FINDINGS_INDEX_PATTERN } from '../../../common/constants';
 import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api';
 import { NoFindingsStates } from '../../components/no_findings_states';
-import { CloudPosturePage } from '../../components/cloud_posture_page';
+import { CloudPosturePage, defaultLoadingRenderer } from '../../components/cloud_posture_page';
 import { useDataView } from '../../common/api/use_data_view';
 import { cloudPosturePages, findingsNavigation } from '../../common/navigation/constants';
 import { LatestFindingsContainer } from './latest_findings/latest_findings_container';
@@ -20,7 +20,7 @@ import { DataViewContext } from '../../common/contexts/data_view_context';
 export const Configurations = () => {
   const location = useLocation();
   const dataViewQuery = useDataView(LATEST_FINDINGS_INDEX_PATTERN);
-  const { data: getSetupStatus } = useCspSetupStatusApi();
+  const { data: getSetupStatus, isLoading: getSetupStatusIsLoading } = useCspSetupStatusApi();
   const hasConfigurationFindings =
     getSetupStatus?.kspm.status === 'indexed' || getSetupStatus?.cspm.status === 'indexed';
 
@@ -29,6 +29,7 @@ export const Configurations = () => {
   const noFindingsForPostureType =
     getSetupStatus?.cspm.status !== 'not-installed' ? 'cspm' : 'kspm';
 
+  if (getSetupStatusIsLoading) return defaultLoadingRenderer();
   if (!hasConfigurationFindings) return <NoFindingsStates postureType={noFindingsForPostureType} />;
 
   const dataViewContextValue = {
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx
index e1580d9c87848..cfb572116e65c 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx
@@ -75,7 +75,7 @@ const SubGrouping = ({
 };
 
 export const LatestFindingsContainer = () => {
-  const { grouping, isFetching, setUrlQuery, onResetFilters, error, isEmptyResults } =
+  const { grouping, isFetching, urlQuery, setUrlQuery, onResetFilters, error, isEmptyResults } =
     useLatestFindingsGrouping({ groupPanelRenderer, groupStatsRenderer });
 
   const renderChildComponent = ({
@@ -145,7 +145,7 @@ export const LatestFindingsContainer = () => {
   if (error || isEmptyResults) {
     return (
       <>
-        <FindingsSearchBar setQuery={setUrlQuery} loading={isFetching} />
+        <FindingsSearchBar query={urlQuery} setQuery={setUrlQuery} loading={isFetching} />
         <EuiSpacer size="m" />
         {error && <ErrorCallout error={error} />}
         {isEmptyResults && <EmptyState onResetFilters={onResetFilters} />}
@@ -155,7 +155,7 @@ export const LatestFindingsContainer = () => {
 
   return (
     <>
-      <FindingsSearchBar setQuery={setUrlQuery} loading={isFetching} />
+      <FindingsSearchBar query={urlQuery} setQuery={setUrlQuery} loading={isFetching} />
       <div>
         {renderChildComponent({
           level: 0,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx
index 802ed52be9228..47f00a9a1927a 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx
@@ -150,6 +150,7 @@ export const useLatestFindingsGrouping = ({
     query,
     onChangeGroupsItemsPerPage,
     onChangeGroupsPage,
+    urlQuery,
     setUrlQuery,
     uniqueValue,
     isNoneSelected,
@@ -261,6 +262,7 @@ export const useLatestFindingsGrouping = ({
     selectedGroup,
     onChangeGroupsItemsPerPage,
     onChangeGroupsPage,
+    urlQuery,
     setUrlQuery,
     isGroupSelected: !isNoneSelected,
     isGroupLoading: !data,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx
index 43077778c4fdf..755ecb86c73ba 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx
@@ -22,10 +22,12 @@ interface FindingsSearchBarProps {
   setQuery(v: Partial<SearchBarQueryProps>): void;
   loading: boolean;
   placeholder?: string;
+  query: SearchBarQueryProps;
 }
 
 export const FindingsSearchBar = ({
   loading,
+  query,
   setQuery,
   placeholder = i18n.translate('xpack.csp.findings.searchBar.searchPlaceholder', {
     defaultMessage: 'Search findings (eg. rule.section : "API Server" )',
@@ -55,6 +57,11 @@ export const FindingsSearchBar = ({
         onQuerySubmit={setQuery}
         onFiltersUpdated={(value: Filter[]) => setQuery({ filters: value })}
         placeholder={placeholder}
+        query={{
+          query: query?.query?.query || '',
+          language: query?.query?.language || 'kuery',
+        }}
+        filters={query?.filters || []}
       />
     </div>
   );
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx
index fa90d4f6209bd..2e1c93f4218f4 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx
@@ -129,6 +129,7 @@ export const useLatestVulnerabilitiesGrouping = ({
     query,
     onChangeGroupsItemsPerPage,
     onChangeGroupsPage,
+    urlQuery,
     setUrlQuery,
     uniqueValue,
     isNoneSelected,
@@ -194,6 +195,7 @@ export const useLatestVulnerabilitiesGrouping = ({
     selectedGroup,
     onChangeGroupsItemsPerPage,
     onChangeGroupsPage,
+    urlQuery,
     setUrlQuery,
     isGroupSelected: !isNoneSelected,
     isGroupLoading: !data,
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx
index 4a33228e00bab..6b2ed7aea04db 100644
--- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx
+++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx
@@ -137,13 +137,13 @@ export const LatestVulnerabilitiesContainer = () => {
     );
   };
 
-  const { grouping, isFetching, setUrlQuery, onResetFilters, error, isEmptyResults } =
+  const { grouping, isFetching, urlQuery, setUrlQuery, onResetFilters, error, isEmptyResults } =
     useLatestVulnerabilitiesGrouping({ groupPanelRenderer, groupStatsRenderer });
 
   if (error || isEmptyResults) {
     return (
       <>
-        <FindingsSearchBar setQuery={setUrlQuery} loading={isFetching} />
+        <FindingsSearchBar query={urlQuery} setQuery={setUrlQuery} loading={isFetching} />
         <EuiSpacer size="m" />
         {error && <ErrorCallout error={error} />}
         {isEmptyResults && <EmptyState onResetFilters={onResetFilters} />}
@@ -152,7 +152,7 @@ export const LatestVulnerabilitiesContainer = () => {
   }
   return (
     <>
-      <FindingsSearchBar setQuery={setUrlQuery} loading={isFetching} />
+      <FindingsSearchBar query={urlQuery} setQuery={setUrlQuery} loading={isFetching} />
       <EuiSpacer size="m" />
       <div>
         {renderChildComponent({
diff --git a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts
new file mode 100644
index 0000000000000..266f7f652d299
--- /dev/null
+++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { http, HttpResponse } from 'msw';
+
+const generateDataViewField = (name: string, type: 'string' | 'date' = 'string') => ({
+  name,
+  type,
+  esTypes: [type === 'string' ? 'keyword' : 'date'],
+  searchable: true,
+  aggregatable: true,
+  readFromDocValues: true,
+  metadata_field: false,
+});
+
+export const defaultDataViewFindHandler = http.get(
+  'http://localhost/internal/data_views/fields',
+  ({ request }) => {
+    const url = new URL(request.url);
+    const pattern = url.searchParams.get('pattern');
+
+    if (pattern === 'logs-cloud_security_posture.findings_latest-*') {
+      return HttpResponse.json({
+        fields: [
+          generateDataViewField('@timestamp', 'date'),
+          generateDataViewField('resource.id'),
+          generateDataViewField('resource.name'),
+          generateDataViewField('resource.sub_type'),
+          generateDataViewField('result.evaluation'),
+          generateDataViewField('rule.benchmark.rule_number'),
+          generateDataViewField('rule.name'),
+          generateDataViewField('rule.section'),
+        ],
+        indices: ['logs-cloud_security_posture.findings_latest-default'],
+      });
+    }
+
+    return HttpResponse.json({
+      fields: [],
+      indices: [],
+    });
+  }
+);
diff --git a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts
similarity index 89%
rename from x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts
rename to x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts
index 904083ca86f5c..01065b3339455 100644
--- a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts
+++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts
@@ -7,7 +7,7 @@
 
 import { http, HttpResponse } from 'msw';
 
-export const fleetCspPackageHandler = http.get(
+export const defaultFleetCspPackageHandler = http.get(
   `/api/fleet/epm/packages/cloud_security_posture`,
   () => {
     return HttpResponse.json({
diff --git a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts
index 91eb25630b222..311e3ba1b7a27 100644
--- a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts
+++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+import { defaultDataViewFindHandler } from './dataview.handlers.mock';
+import { defaultFleetCspPackageHandler } from './fleet.handlers.mock';
 import { defaultApiLicensingInfo } from './licensing.handlers.mock';
 
 /**
@@ -12,4 +14,8 @@ import { defaultApiLicensingInfo } from './licensing.handlers.mock';
  * when the mock server is started, but can be overridden by specific tests when needed.
  * Recommended to use these handlers for common endpoints.
  */
-export const defaultHandlers = [defaultApiLicensingInfo];
+export const defaultHandlers = [
+  defaultApiLicensingInfo,
+  defaultDataViewFindHandler,
+  defaultFleetCspPackageHandler,
+];
diff --git a/x-pack/plugins/cloud_security_posture/public/test/mock_server/mock_server.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/mock_server.ts
index 9fe4b156bc096..bef10309fb210 100644
--- a/x-pack/plugins/cloud_security_posture/public/test/mock_server/mock_server.ts
+++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/mock_server.ts
@@ -33,6 +33,9 @@ jest.mock('rxjs', () => {
   };
 });
 
+// Set the default timeout for all mock server tests to 30 seconds
+jest.setTimeout(10 * 3000);
+
 /**
  * Setup a mock server with the default handlers
  * @param debug - If true, log all requests to the console
diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts
index 81366e8c07ffe..7a1f49e2ac01f 100644
--- a/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts
+++ b/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts
@@ -253,7 +253,6 @@ const updateIndexTemplate = async (
         },
         _meta,
         composed_of: composedOf.filter((ct) => ct !== STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS),
-        // @ts-expect-error es client do not contains this yet
         ignore_missing_component_templates: composedOf.filter((templateName) =>
           templateName.endsWith('@custom')
         ),
diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
index d01ecb03dbaed..aa23555033f5c 100644
--- a/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
+++ b/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
@@ -20,7 +20,7 @@ export const registerCreateRoute = ({
   lib: { handleEsError },
 }: RouteDependencies) => {
   const bodySchema = schema.object({
-    id: schema.string(),
+    id: schema.string({ maxLength: 1000 }),
     remoteCluster: schema.string(),
     leaderIndexPatterns: schema.arrayOf(schema.string()),
     followIndexPattern: schema.string(),
diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
index 84b6096cb3f5b..d7d3a1dce0ce7 100644
--- a/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
+++ b/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
@@ -21,7 +21,7 @@ export const registerCreateRoute = ({
   lib: { handleEsError },
 }: RouteDependencies) => {
   const bodySchema = schema.object({
-    name: schema.string(),
+    name: schema.string({ maxLength: 1000 }),
     remoteCluster: schema.string(),
     leaderIndex: schema.string(),
     maxReadRequestOperationCount: schema.maybe(schema.number()),
diff --git a/x-pack/plugins/data_quality/public/application.tsx b/x-pack/plugins/data_quality/public/application.tsx
index 32ddc64eb00e1..f022ab6d0efc0 100644
--- a/x-pack/plugins/data_quality/public/application.tsx
+++ b/x-pack/plugins/data_quality/public/application.tsx
@@ -11,6 +11,7 @@ import React from 'react';
 import ReactDOM from 'react-dom';
 import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render';
 import { Route, Router, Routes } from '@kbn/shared-ux-router';
+import { PerformanceContextProvider } from '@kbn/ebt-tools';
 import { KbnUrlStateStorageFromRouterProvider } from './utils/kbn_url_state_context';
 import { useKibanaContextForPluginProvider } from './utils/use_kibana';
 import { AppPluginStartDependencies, DataQualityPluginStart } from './types';
@@ -52,9 +53,11 @@ const App = ({ core, plugins, pluginStart, params }: AppProps) => {
       <KibanaContextProviderForPlugin>
         <KbnUrlStateStorageFromRouterProvider>
           <Router history={params.history}>
-            <Routes>
-              <Route path="/" exact={true} render={() => <DatasetQualityRoute />} />
-            </Routes>
+            <PerformanceContextProvider>
+              <Routes>
+                <Route path="/" exact={true} render={() => <DatasetQualityRoute />} />
+              </Routes>
+            </PerformanceContextProvider>
           </Router>
         </KbnUrlStateStorageFromRouterProvider>
       </KibanaContextProviderForPlugin>
diff --git a/x-pack/plugins/data_quality/public/plugin.ts b/x-pack/plugins/data_quality/public/plugin.ts
index d1ae2cd748f13..cb217abf86fec 100644
--- a/x-pack/plugins/data_quality/public/plugin.ts
+++ b/x-pack/plugins/data_quality/public/plugin.ts
@@ -54,7 +54,7 @@ export class DataQualityPlugin
 
         return renderApp(coreStart, pluginsStartDeps, pluginStart, params);
       },
-      hideFromSidebar: true,
+      hideFromSidebar: false,
     });
 
     const managementLocator =
diff --git a/x-pack/plugins/data_quality/tsconfig.json b/x-pack/plugins/data_quality/tsconfig.json
index 59f25745ae3e6..7a904e9f95cda 100644
--- a/x-pack/plugins/data_quality/tsconfig.json
+++ b/x-pack/plugins/data_quality/tsconfig.json
@@ -27,6 +27,7 @@
     "@kbn/share-plugin",
     "@kbn/utility-types",
     "@kbn/deeplinks-management",
+    "@kbn/ebt-tools",
   ],
   "exclude": ["target/**/*"]
 }
diff --git a/x-pack/plugins/data_visualizer/public/application/common/components/field_data_row/action_menu/actions.ts b/x-pack/plugins/data_visualizer/public/application/common/components/field_data_row/action_menu/actions.ts
index 1290b607dbc97..7424e49099105 100644
--- a/x-pack/plugins/data_visualizer/public/application/common/components/field_data_row/action_menu/actions.ts
+++ b/x-pack/plugins/data_visualizer/public/application/common/components/field_data_row/action_menu/actions.ts
@@ -123,8 +123,8 @@ export function getActions(
         ),
         type: 'icon',
         icon: 'indexEdit',
-        onClick: (item: FieldVisConfig) => {
-          dataViewEditorRef.current = services.dataViewFieldEditor?.openEditor({
+        onClick: async (item: FieldVisConfig) => {
+          dataViewEditorRef.current = await services.dataViewFieldEditor?.openEditor({
             ctx: { dataView },
             fieldName: item.fieldName,
             onSave: refreshPage,
diff --git a/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx b/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx
index a0053c6c64c1c..7682e771ac155 100644
--- a/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx
@@ -50,11 +50,9 @@ export const FilebeatConfigFlyout: FC<Props> = ({
   } = useDataVisualizerKibana();
 
   useEffect(() => {
-    if (security !== undefined) {
-      security.authc.getCurrentUser().then((user) => {
-        setUsername(user.username === undefined ? null : user.username);
-      });
-    }
+    security.authc.getCurrentUser().then((user) => {
+      setUsername(user.username === undefined ? null : user.username);
+    });
   }, [security]);
 
   useEffect(() => {
diff --git a/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts b/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts
index cb2c3d680e5b4..cb2e90f7d4bae 100644
--- a/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts
+++ b/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts
@@ -16,7 +16,6 @@ import type { SavedSearchPublicPluginStart } from '@kbn/saved-search-plugin/publ
 import type { FileUploadPluginStart } from '@kbn/file-upload-plugin/public';
 import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
 import type { MapsStartApi } from '@kbn/maps-plugin/public';
-import type { SecurityPluginSetup } from '@kbn/security-plugin/public';
 import type { LensPublicStart } from '@kbn/lens-plugin/public';
 import type { IndexPatternFieldEditorStart } from '@kbn/data-view-field-editor-plugin/public';
 import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
@@ -35,7 +34,6 @@ export interface DataVisualizerStartDependencies {
   fileUpload: FileUploadPluginStart;
   maps: MapsStartApi;
   embeddable: EmbeddableStart;
-  security?: SecurityPluginSetup;
   share: SharePluginStart;
   lens?: LensPublicStart;
   charts: ChartsPluginStart;
diff --git a/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx b/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx
index a7d4af94a62c8..24c995ec0652d 100644
--- a/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx
@@ -68,7 +68,6 @@ export const DataDriftDetectionAppState: FC<DataDriftDetectionAppStateProps> = (
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
@@ -82,7 +81,6 @@ export const DataDriftDetectionAppState: FC<DataDriftDetectionAppStateProps> = (
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
diff --git a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx
index 13b3511fc7fc1..01d9d2c37194f 100644
--- a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx
@@ -25,15 +25,13 @@ export type FileDataVisualizerSpec = typeof FileDataVisualizer;
 
 export const FileDataVisualizer: FC<Props> = ({ getAdditionalLinks, resultLinks }) => {
   const coreStart = getCoreStart();
-  const { data, maps, embeddable, share, security, fileUpload, cloud, fieldFormats } =
-    getPluginsStart();
+  const { data, maps, embeddable, share, fileUpload, cloud, fieldFormats } = getPluginsStart();
   const services = {
     ...coreStart,
     data,
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     fieldFormats,
   };
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/data_view_management/data_view_management.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/data_view_management/data_view_management.tsx
index c8d97faece701..8b3b677f31506 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/data_view_management/data_view_management.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/data_view_management/data_view_management.tsx
@@ -48,8 +48,8 @@ export function DataVisualizerDataViewManagement(props: DataVisualizerDataViewMa
     return null;
   }
 
-  const addField = () => {
-    closeFieldEditor.current = dataViewFieldEditor.openEditor({
+  const addField = async () => {
+    closeFieldEditor.current = await dataViewFieldEditor.openEditor({
       ctx: {
         dataView: currentDataView,
       },
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx
index 4d547635eb504..a7e57e1e550b6 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx
@@ -78,7 +78,6 @@ const FieldStatisticsWrapper = (props: FieldStatisticTableEmbeddableProps) => {
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
@@ -92,7 +91,6 @@ const FieldStatisticsWrapper = (props: FieldStatisticTableEmbeddableProps) => {
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx
index 2ad7500f7e693..9412f08172c48 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx
@@ -311,7 +311,6 @@ export const IndexDataVisualizer: FC<Props> = ({
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
@@ -325,7 +324,6 @@ export const IndexDataVisualizer: FC<Props> = ({
     maps,
     embeddable,
     share,
-    security,
     fileUpload,
     lens,
     dataViewFieldEditor,
diff --git a/x-pack/plugins/elastic_assistant/common/constants.ts b/x-pack/plugins/elastic_assistant/common/constants.ts
index d8c2630c1aef8..45b473e848750 100755
--- a/x-pack/plugins/elastic_assistant/common/constants.ts
+++ b/x-pack/plugins/elastic_assistant/common/constants.ts
@@ -14,6 +14,8 @@ export const POST_ACTIONS_CONNECTOR_EXECUTE = `${BASE_PATH}/actions/connector/{c
 
 // Attack discovery
 export const ATTACK_DISCOVERY = `${BASE_PATH}/attack_discovery`;
+export const ATTACK_DISCOVERY_BY_CONNECTOR_ID = `${ATTACK_DISCOVERY}/{connectorId}`;
+export const ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID = `${ATTACK_DISCOVERY}/cancel/{connectorId}`;
 
 // Model Evaluation
 export const EVALUATE = `${BASE_PATH}/evaluate`;
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts
new file mode 100644
index 0000000000000..9e8a0b5d2ac90
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts
@@ -0,0 +1,129 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { estypes } from '@elastic/elasticsearch';
+import { EsAttackDiscoverySchema } from '../ai_assistant_data_clients/attack_discovery/types';
+
+export const getAttackDiscoverySearchEsMock = () => {
+  const searchResponse: estypes.SearchResponse<EsAttackDiscoverySchema> = {
+    took: 3,
+    timed_out: false,
+    _shards: {
+      total: 2,
+      successful: 2,
+      skipped: 0,
+      failed: 0,
+    },
+    hits: {
+      total: {
+        value: 1,
+        relation: 'eq',
+      },
+      max_score: 0,
+      hits: [
+        {
+          _index: 'foo',
+          _id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd',
+          _source: {
+            id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd',
+            '@timestamp': '2024-06-07T18:56:17.357Z',
+            created_at: '2024-06-07T18:56:17.357Z',
+            users: [
+              {
+                id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+                name: 'elastic',
+              },
+            ],
+            status: 'succeeded',
+            api_config: {
+              action_type_id: '.gen-ai',
+              connector_id: 'my-gpt4o-ai',
+            },
+            attack_discoveries: [
+              {
+                summary_markdown:
+                  'Critical malware detected on {{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }} involving {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }}. The malware, identified as {{ file.name My Go Application.app }}, was executed with the command line {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}.',
+                id: 'a45bc1af-e652-4f3b-b8ce-408028f29824',
+                title: 'Critical Malware Detection',
+                mitre_attack_tactics: ['Execution', 'Persistence', 'Privilege Escalation'],
+                alert_ids: [
+                  '094e59adc680420aeb1e0f872b52e17bd2f61aaddde521d53600f0576062ac4d',
+                  'fdcb45018d3aac5e7a529a455aedc9276ef89b386ca4dbae1d721dd383577d21',
+                  '82baa43f7514ee7fb107ae032606d33afc6092a9c9a9caeffd1fe120a7640698',
+                  'aef4302768e19c5413c53203c14624bdf9d0656fa3d1d439c633c9880a2f3f6e',
+                  '04cbafe6d7f965908a9155ae0bc559ce537faaf06266df732d7bd6897c83e77e',
+                  '6f73d978ea02a471eba8d82772dc16f26622628b93fa0a651ce847fe7baf9e64',
+                  '7ff1cd151bfdd2678d9efd4e22bfaf15dbfd89a81f40ea2160769c143ecca082',
+                  'dee8604204be00bc61112fe81358089a5e4d494ac28c95937758383f391a8cec',
+                  '4c49b1fbcb6f9a4cfb355f56edfbc0d5320cd65f9f720546dd99e51d8d6eef84',
+                ],
+                details_markdown: `"""- **Host**: {{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }}\n- **User**: {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }}\n- **Malware**: {{ file.name My Go Application.app }}\n- **Path**: {{ file.path /private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/37D933EC-334D-410A-A741-0F730D6AE3FD/d/Setup.app/Contents/MacOS/My Go Application.app }}\n- **Command Line**: {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}\n- **SHA256**: {{ process.hash.sha256 2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097 }}\n- **Parent Process**: {{ process.parent.name launchd }}\n- **Parent Command Line**: {{ process.parent.command_line /sbin/launchd }}\n- **Code Signature**: {{ process.code_signature.status code failed to satisfy specified code requirement(s) }}"""`,
+                entity_summary_markdown:
+                  '{{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }} and {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }} involved in critical malware detection.',
+                timestamp: '2024-06-07T21:19:08.090Z',
+              },
+            ],
+            updated_at: '2024-06-07T21:19:08.090Z',
+            last_viewed_at: '2024-06-07T21:19:08.090Z',
+            replacements: [
+              {
+                uuid: 'f19e1a0a-de3b-496c-8ace-dd91229e1084',
+                value: 'root',
+              },
+              {
+                uuid: 'cd854ec0-1096-4ca6-a7b8-582655d6b970',
+                value: 'SRVMAC08',
+              },
+              {
+                uuid: '3517f073-7f5e-42b4-9c42-e8a25dc9e27e',
+                value: 'james',
+              },
+              {
+                uuid: 'f04af949-504e-4374-a31e-447e7d5b252e',
+                value: 'Administrator',
+              },
+              {
+                uuid: '7eecfdbb-373a-4cbb-9bf7-e91a0be73b29',
+                value: 'SRVWIN07-PRIV',
+              },
+              {
+                uuid: '8b73ea51-4c7a-4caa-a424-5b2495eabd2a',
+                value: 'SRVWIN07',
+              },
+              {
+                uuid: '908405b1-fc8b-4fef-9bdf-35895896a1e3',
+                value: 'SRVWIN06',
+              },
+              {
+                uuid: '7e8a2687-74d6-47d2-951c-522e21a44853',
+                value: 'SRVNIX05',
+              },
+            ],
+            namespace: 'default',
+            generation_intervals: [
+              {
+                date: '2024-06-07T21:19:08.089Z',
+                duration_ms: 110906,
+              },
+              {
+                date: '2024-06-07T20:04:35.715Z',
+                duration_ms: 104593,
+              },
+              {
+                date: '2024-06-07T18:58:27.880Z',
+                duration_ms: 130526,
+              },
+            ],
+            alerts_context_count: 20,
+            average_interval_ms: 115341,
+          },
+        },
+      ],
+    },
+  };
+  return searchResponse;
+};
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts
index be69365724341..7e20e292a9868 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts
@@ -8,9 +8,12 @@
 import type { PublicMethodsOf } from '@kbn/utility-types';
 import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations';
 import { AIAssistantDataClient } from '../ai_assistant_data_clients';
+import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery';
 
 type ConversationsDataClientContract = PublicMethodsOf<AIAssistantConversationsDataClient>;
 export type ConversationsDataClientMock = jest.Mocked<ConversationsDataClientContract>;
+type AttackDiscoveryDataClientContract = PublicMethodsOf<AttackDiscoveryDataClient>;
+export type AttackDiscoveryDataClientMock = jest.Mocked<AttackDiscoveryDataClientContract>;
 
 const createConversationsDataClientMock = () => {
   const mocked: ConversationsDataClientMock = {
@@ -32,6 +35,23 @@ export const conversationsDataClientMock: {
   create: createConversationsDataClientMock,
 };
 
+const createAttackDiscoveryDataClientMock = (): AttackDiscoveryDataClientMock => ({
+  getAttackDiscovery: jest.fn(),
+  createAttackDiscovery: jest.fn(),
+  findAllAttackDiscoveries: jest.fn(),
+  findAttackDiscoveryByConnectorId: jest.fn(),
+  updateAttackDiscovery: jest.fn(),
+  getReader: jest.fn(),
+  getWriter: jest.fn().mockResolvedValue({ bulk: jest.fn() }),
+  findDocuments: jest.fn(),
+});
+
+export const attackDiscoveryDataClientMock: {
+  create: () => AttackDiscoveryDataClientMock;
+} = {
+  create: createAttackDiscoveryDataClientMock,
+};
+
 type AIAssistantDataClientContract = PublicMethodsOf<AIAssistantDataClient>;
 export type AIAssistantDataClientMock = jest.Mocked<AIAssistantDataClientContract>;
 
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts
new file mode 100644
index 0000000000000..1c43f112da2bb
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * A mock response from invoking the `attack-discovery` tool.
+ * This is a JSON string that represents the response from the tool
+ */
+export const getRawAttackDiscoveriesMock = () =>
+  '{\n  "alertsContextCount": 20,\n  "attackDiscoveries": [\n    {\n      "alertIds": [\n        "9bb601522d0c0b83783488a27a3ede5bd6a788f4f1ceef07cc8f12ac55f27563",\n        "b9d6df8ab34e36c6868c097ff28dd01075df85a5ac1f084ef569ee8c6a4cf660",\n        "014b433c3436ef5325cadacc35b6cb2ba8932a9c2ea0ba26d899f95c6fb61395",\n        "28017987e64abb6ac486f1410f977d97ebd3a7172189cfdf943a48a59b968066"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name unix1 }} with command line {{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }}\\\\n- The process was spawned by another suspicious process {{ process.parent.name My Go Application.app }} with command line {{ process.parent.command_line /private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app }}\\\\n- The parent process was launched by the system process {{ process.parent.parent.name launchd }}\\\\n- Both the child and parent processes had untrusted code signatures\\\\n- The child process attempted to access the user\'s login keychain, potentially indicating credential theft",\n      "entitySummaryMarkdown": "Suspicious activity on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n      "mitreAttackTactics": [\n        "Credential Access",\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "Suspicious activity detected on a macOS host involving a potentially malicious process attempting to access user credentials. The process was spawned by another untrusted process launched by the system, indicating a multi-stage attack potentially involving credential theft and defense evasion techniques.",\n      "title": "Potential Credential Theft on macOS Host"\n    },\n    {\n      "alertIds": [\n        "64bcd8a322e6e6aebaee252982d0249cc96bdd75023ea05f58c228a7417c0dfc"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed the system utility {{ process.name osascript }} with command line {{ process.command_line osascript -e display dialog \\"MacOS wants to access System Preferences\\\\n\\\\t\\\\t\\\\nPlease enter your password.\\" with title \\"System Preferences\\" with icon file \\"System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:ToolbarAdvanced.icns\\" default answer \\"\\" giving up after 30 with hidden answer ¬ }}\\\\n- This appears to be an attempt to phish for user credentials by displaying a fake system dialog\\\\n- The osascript process was spawned by the suspicious process {{ process.parent.name My Go Application.app }} with untrusted code signature",\n      "entitySummaryMarkdown": "Potential credential phishing attempt on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} targeting {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n      "mitreAttackTactics": [\n        "Credential Access",\n        "Initial Access",\n        "Execution"\n      ],\n      "summaryMarkdown": "A credential phishing attempt was detected on a macOS host, likely initiated by a malicious process. The attack used osascript to display a fake system dialog prompting the user to enter their password.",\n      "title": "Credential Phishing Attempt on macOS"\n    },\n    {\n      "alertIds": [\n        "245b60b908ddd84cad06671e273aa7be50699abd27e59423be4415f38c4aeb99",\n        "616ac711e967e07a9b725e66aa93321eabf29e4b51f9598a4a11f21ab7ed0f12",\n        "035c0295b1c64fd2ebba1b751a3565fd6759942247e9df6e1496c5e332d51840"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name My Go Application.app }} with command line {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}\\\\n- This process had an untrusted code signature and was launched by the system process {{ process.parent.name launchd }}\\\\n- It appears to have spawned the process {{ process.name unix1 }} in an attempt to obfuscate its activities\\\\n- The unix1 process attempted to make itself executable by running {{ process.name chmod }} with arguments {{ process.command_line chmod 777 /Users/james/unix1 }}",\n      "entitySummaryMarkdown": "Suspicious activity involving process obfuscation on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n      "mitreAttackTactics": [\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "A suspicious process was detected on a macOS host that appeared to be attempting to obfuscate its activities by spawning other processes and making them executable. The initial process had an untrusted code signature, indicating potentially malicious intent.",\n      "title": "Process Obfuscation on macOS Host"\n    },\n    {\n      "alertIds": [\n        "54901fb5b0ed88f0c8d737613868a3d62ebc541d31b757349bbe7999d868ce48"\n      ],\n      "detailsMarkdown": "- {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) created a suspicious script file {{ file.path C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.vbs }}\\\\n- The file was created by a Microsoft Word process ({{ process.name WINWORD.EXE }}) with trusted code signature\\\\n- This may indicate an attempt to establish persistence or command-and-control through scripting",\n      "entitySummaryMarkdown": "Suspicious script file created on {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Command and Control",\n        "Execution"\n      ],\n      "summaryMarkdown": "A suspicious VBScript file was created on a Windows host, potentially by an compromised Microsoft Word process. This may be an attempt to establish persistence or command-and-control capabilities through scripting.",\n      "title": "Suspicious Script File Creation on Windows"\n    },\n    {\n      "alertIds": [\n        "7fe0025f2d2b0d32f04b0e533466666967a21a98adae7499cb05add3355b48fc",\n        "3875cbad10604636b892d15f7ff753a02a37d3e4bbe91a39a0fcf72f89101e31",\n        "bb2767ebef06a5dc2511e2b865f5ed012dfdf20081bc33cab5c9f20b99e01d8f",\n        "76d99c72442819a019dfbf3936cda9a6c5713d84a9ae685b2c4e0bb55e5b9862",\n        "0f985965cb3d3b14007873290b9fc8f26f1b6ca0945499dfb693787ea6569265"\n      ],\n      "detailsMarkdown": "- {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -exec bypass -file C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.ps1 }}\\\\n- The script was launched by the wscript process, which was spawned by a Microsoft Word process ({{ process.parent.name WINWORD.EXE }})\\\\n- The Word process also created a scheduled task to periodically execute the script\\\\n- The PowerShell script appears to be obfuscated, potentially to hide malicious activities\\\\n- This chain of events indicates a multi-stage attack potentially initiated by a malicious Office document",\n      "entitySummaryMarkdown": "Suspicious PowerShell activity on {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Initial Access",\n        "Execution",\n        "Defense Evasion"\n      ],\n      "summaryMarkdown": "A multi-stage attack was detected on a Windows host, potentially initiated by a malicious Microsoft Office document. The attack involved creating a scheduled task to execute an obfuscated PowerShell script, likely to hide malicious activities. This indicates techniques for initial access, execution, and defense evasion.",\n      "title": "Multi-Stage Attack on Windows Host"\n    },\n    {\n      "alertIds": [\n        "a0c49fb228eca1685bd41df0ab66ca1977140de7916663e7a0918087220dd402",\n        "a252ca3096831e3eeab07ab70e9269f98b5a66617b44d709425898813326ca63",\n        "0ff7d411ca25a5b851e43562c9c660062624498f908ff4b63590d4b5304682af",\n        "4d612c721e432598a5b7ea7bbeb2aaa2944c0a35e263d9984297b5416530c88f"\n      ],\n      "detailsMarkdown": "- {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -ep bypass -file \\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\2\\\\Package Installation Dir\\\\chch.ps1\\" }}\\\\n- The script was launched by the msiexec.exe process, which may indicate an attempt to use a trusted Windows utility for defense evasion\\\\n- Elastic Endpoint detected the Bb malware family in the PowerShell process memory\\\\n- The PowerShell process also made network connections, potentially for command-and-control or data exfiltration",\n      "entitySummaryMarkdown": "Malware detected on {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} targeting {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "The B malware was detected on a Windows host, executed through a PowerShell script launched by the msiexec.exe process. This appears to be an attempt to use a trusted Windows utility for defense evasion. The malware process also made network connections, potentially for command-and-control or data exfiltration.",\n      "title": "Bb Malware Execution on Windows"\n    },\n    {\n      "alertIds": [\n        "764c0944288db1704f7a0fff2db7fe19e8285fa4272dec828ae4186ba0dfd3b3",\n        "85672064aeb762a1121139a6d98fd3c5f6be8f18b49e4504c3f5e5a36679afe7"\n      ],\n      "detailsMarkdown": "- {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} (Linux {{ host.os.version 22.04.1 }}) executed a suspicious process {{ process.command_line sh -c /bin/rm -f /dev/shm/kdmtmpflush;/bin/cp ./74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 /dev/shm/kdmtmpflush && /bin/chmod 755 /dev/shm/kdmtmpflush && /dev/shm/kdmtmpflush --init && /bin/rm -f /dev/shm/kdmtmpflush }}\\\\n- This copied a file with SHA256 hash {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} to /dev/shm/kdmtmpflush, made it executable, and executed it\\\\n- Elastic Endpoint detected the Door malware family associated with this file",\n      "entitySummaryMarkdown": "Malware executed on {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n      "mitreAttackTactics": [\n        "Execution"\n      ],\n      "summaryMarkdown": "The Door malware was executed on a Linux host by copying an untrusted file to a temporary path, making it executable, and running it. This indicates malicious code execution on the compromised system.",\n      "title": "Door Malware Execution on Linux"\n    }\n  ]\n}';
+
+export const getRawAttackDiscoveriesReplacementsMock = () => ({
+  '3c8c81bd-0e52-4ce7-a836-48e718dfb6e4': 'james',
+  'cb186c4a-3d70-4878-8ffe-18d84b5df86f': 'SRVMAC08',
+  'fec12d87-2476-4b82-a50d-0829f3815a42': 'root',
+  '45bec1b8-eb98-4ddc-aafb-e3f7e02236dc': 'Administrator',
+  '23166d28-d6da-4801-b701-d21ce1a489e5': 'SRVWIN07-PRIV',
+  '9a0ea998-7ce5-4dbb-a690-9856eca617ac': 'SRVWIN07',
+  '634eb7d8-0ce0-4591-b5f5-fb65803b89d8': 'SRVWIN06',
+  'd813c7ba-6141-4292-8f40-c800c27645a4': 'SRVNIX05',
+});
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
index 0850938633322..2407e09df1e55 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
@@ -5,8 +5,15 @@
  * 2.0.
  */
 import { httpServerMock } from '@kbn/core/server/mocks';
-import { CAPABILITIES, EVALUATE } from '../../common/constants';
 import {
+  ATTACK_DISCOVERY,
+  ATTACK_DISCOVERY_BY_CONNECTOR_ID,
+  ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID,
+  CAPABILITIES,
+  EVALUATE,
+} from '../../common/constants';
+import {
+  AttackDiscoveryPostRequestBody,
   ConversationCreateProps,
   ConversationUpdateProps,
   ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION,
@@ -188,3 +195,24 @@ export const getAnonymizationFieldsBulkActionRequest = (
       },
     },
   });
+
+export const getCancelAttackDiscoveryRequest = (connectorId: string) =>
+  requestMock.create({
+    method: 'put',
+    path: ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID,
+    params: { connectorId },
+  });
+
+export const getAttackDiscoveryRequest = (connectorId: string) =>
+  requestMock.create({
+    method: 'get',
+    path: ATTACK_DISCOVERY_BY_CONNECTOR_ID,
+    params: { connectorId },
+  });
+
+export const postAttackDiscoveryRequest = (body: AttackDiscoveryPostRequestBody) =>
+  requestMock.create({
+    method: 'post',
+    path: ATTACK_DISCOVERY,
+    body,
+  });
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
index 6c5d9b2bc4d57..c6a9951e89e3e 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
@@ -14,11 +14,16 @@ import {
   ElasticAssistantRequestHandlerContext,
 } from '../types';
 import { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server';
-import { conversationsDataClientMock, dataClientMock } from './data_clients.mock';
+import {
+  attackDiscoveryDataClientMock,
+  conversationsDataClientMock,
+  dataClientMock,
+} from './data_clients.mock';
 import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations';
 import { AIAssistantDataClient } from '../ai_assistant_data_clients';
 import { AIAssistantKnowledgeBaseDataClient } from '../ai_assistant_data_clients/knowledge_base';
 import { defaultAssistantFeatures } from '@kbn/elastic-assistant-common';
+import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery';
 
 export const createMockClients = () => {
   const core = coreMock.createRequestHandlerContext();
@@ -36,6 +41,7 @@ export const createMockClients = () => {
       getAIAssistantConversationsDataClient: conversationsDataClientMock.create(),
       getAIAssistantKnowledgeBaseDataClient: dataClientMock.create(),
       getAIAssistantPromptsDataClient: dataClientMock.create(),
+      getAttackDiscoveryDataClient: attackDiscoveryDataClientMock.create(),
       getAIAssistantAnonymizationFieldsDataClient: dataClientMock.create(),
       getSpaceId: jest.fn(),
       getCurrentUser: jest.fn(),
@@ -109,6 +115,10 @@ const createElasticAssistantRequestContextMock = (
       () => clients.elasticAssistant.getAIAssistantPromptsDataClient
     ) as unknown as jest.MockInstance<Promise<AIAssistantDataClient | null>, [], unknown> &
       (() => Promise<AIAssistantDataClient | null>),
+    getAttackDiscoveryDataClient: jest.fn(
+      () => clients.elasticAssistant.getAttackDiscoveryDataClient
+    ) as unknown as jest.MockInstance<Promise<AttackDiscoveryDataClient | null>, [], unknown> &
+      (() => Promise<AttackDiscoveryDataClient | null>),
     getAIAssistantKnowledgeBaseDataClient: jest.fn(
       () => clients.elasticAssistant.getAIAssistantKnowledgeBaseDataClient
     ) as unknown as jest.MockInstance<
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts
index dc5a2ba0e884a..def0a81acea37 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts
@@ -15,6 +15,8 @@ import { EsPromptsSchema } from '../ai_assistant_data_clients/prompts/types';
 import { getPromptsSearchEsMock } from './prompts_schema.mock';
 import { EsAnonymizationFieldsSchema } from '../ai_assistant_data_clients/anonymization_fields/types';
 import { getAnonymizationFieldsSearchEsMock } from './anonymization_fields_schema.mock';
+import { getAttackDiscoverySearchEsMock } from './attack_discovery_schema.mock';
+import { EsAttackDiscoverySchema } from '../ai_assistant_data_clients/attack_discovery/types';
 
 export const responseMock = {
   create: httpServerMock.createResponseFactory,
@@ -34,6 +36,14 @@ export const getFindConversationsResultWithSingleHit = (): FindResponse<EsConver
   data: getConversationSearchEsMock(),
 });
 
+export const getFindAttackDiscoveryResultWithSingleHit =
+  (): FindResponse<EsAttackDiscoverySchema> => ({
+    page: 1,
+    perPage: 1,
+    total: 1,
+    data: getAttackDiscoverySearchEsMock(),
+  });
+
 export const getFindPromptsResultWithSingleHit = (): FindResponse<EsPromptsSchema> => ({
   page: 1,
   perPage: 1,
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts
index 7ebfbcf023442..9a4a3b6e1c0ce 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts
@@ -11,7 +11,7 @@ import {
   AnonymizationFieldResponse,
   AnonymizationFieldUpdateProps,
 } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import {
   CreateAnonymizationFieldSchema,
   EsAnonymizationFieldsSchema,
@@ -53,7 +53,8 @@ export const transformESSearchToAnonymizationFields = (
         anonymized: anonymizationFieldSchema.anonymized,
         updatedAt: anonymizationFieldSchema.updated_at,
         namespace: anonymizationFieldSchema.namespace,
-        id: hit._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
       };
 
       return anonymizationField;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts
new file mode 100644
index 0000000000000..6e9cc39597bd7
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+
+import { createAttackDiscovery } from './create_attack_discovery';
+import { AttackDiscoveryCreateProps, AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { getAttackDiscovery } from './get_attack_discovery';
+import { loggerMock } from '@kbn/logging-mocks';
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+jest.mock('./get_attack_discovery');
+const attackDiscoveryCreate: AttackDiscoveryCreateProps = {
+  attackDiscoveries: [],
+  apiConfig: {
+    actionTypeId: 'action-type-id',
+    connectorId: 'connector-id',
+    defaultSystemPromptId: 'default-prompt-id',
+    model: 'model-name',
+    provider: 'OpenAI',
+  },
+  alertsContextCount: 10,
+  replacements: { key1: 'value1', key2: 'value2' },
+  status: 'running',
+};
+
+const user = {
+  username: 'test_user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+
+const mockArgs = {
+  esClient: mockEsClient,
+  attackDiscoveryIndex: 'attack-discovery-index',
+  spaceId: 'space-1',
+  user,
+  attackDiscoveryCreate,
+  logger: mockLogger,
+};
+const mockGetAttackDiscovery = jest.mocked(getAttackDiscovery);
+
+describe('createAttackDiscovery', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should create attack discovery successfully', async () => {
+    // @ts-expect-error not full response interface
+    mockEsClient.create.mockResolvedValueOnce({ _id: 'created_id' });
+    mockGetAttackDiscovery.mockResolvedValueOnce({
+      id: 'created_id',
+      // ... other attack discovery properties
+    } as AttackDiscoveryResponse);
+
+    const response = await createAttackDiscovery(mockArgs);
+    expect(response).not.toBeNull();
+    expect(response!.id).toEqual('created_id');
+    expect(mockEsClient.create).toHaveBeenCalledTimes(1);
+    expect(mockGetAttackDiscovery).toHaveBeenCalledTimes(1);
+  });
+
+  it('should throw error on elasticsearch create failure', async () => {
+    mockEsClient.create.mockRejectedValueOnce(new Error('Elasticsearch error'));
+    await expect(createAttackDiscovery(mockArgs)).rejects.toThrowError('Elasticsearch error');
+    expect(mockEsClient.create).toHaveBeenCalledTimes(1);
+    expect(mockGetAttackDiscovery).not.toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts
new file mode 100644
index 0000000000000..7304ab3488529
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts
@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { v4 as uuidv4 } from 'uuid';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
+
+import { AttackDiscoveryCreateProps, AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { getAttackDiscovery } from './get_attack_discovery';
+import { CreateAttackDiscoverySchema } from './types';
+
+export interface CreateAttackDiscoveryParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  attackDiscoveryIndex: string;
+  spaceId: string;
+  user: AuthenticatedUser;
+  attackDiscoveryCreate: AttackDiscoveryCreateProps;
+}
+
+export const createAttackDiscovery = async ({
+  esClient,
+  attackDiscoveryIndex,
+  spaceId,
+  user,
+  attackDiscoveryCreate,
+  logger,
+}: CreateAttackDiscoveryParams): Promise<AttackDiscoveryResponse | null> => {
+  const createdAt = new Date().toISOString();
+  const body = transformToCreateScheme(createdAt, spaceId, user, attackDiscoveryCreate);
+  const id = attackDiscoveryCreate?.id || uuidv4();
+  try {
+    const response = await esClient.create({
+      body,
+      id,
+      index: attackDiscoveryIndex,
+      refresh: 'wait_for',
+    });
+
+    const createdAttackDiscovery = await getAttackDiscovery({
+      esClient,
+      attackDiscoveryIndex,
+      id: response._id,
+      logger,
+      user,
+    });
+    return createdAttackDiscovery;
+  } catch (err) {
+    logger.error(`Error creating attack discovery: ${err} with id: ${id}`);
+    throw err;
+  }
+};
+
+export const transformToCreateScheme = (
+  createdAt: string,
+  spaceId: string,
+  user: AuthenticatedUser,
+  {
+    attackDiscoveries,
+    apiConfig,
+    alertsContextCount,
+    replacements,
+    status,
+  }: AttackDiscoveryCreateProps
+): CreateAttackDiscoverySchema => {
+  return {
+    '@timestamp': createdAt,
+    created_at: createdAt,
+    users: [
+      {
+        id: user.profile_uid,
+        name: user.username,
+      },
+    ],
+    status,
+    api_config: {
+      action_type_id: apiConfig.actionTypeId,
+      connector_id: apiConfig.connectorId,
+      default_system_prompt_id: apiConfig.defaultSystemPromptId,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    },
+    alerts_context_count: alertsContextCount,
+    attack_discoveries: attackDiscoveries?.map((attackDiscovery) => ({
+      id: attackDiscovery.id,
+      alert_ids: attackDiscovery.alertIds,
+      title: attackDiscovery.title,
+      details_markdown: attackDiscovery.detailsMarkdown,
+      entity_summary_markdown: attackDiscovery.entitySummaryMarkdown,
+      mitre_attack_tactics: attackDiscovery.mitreAttackTactics,
+      summary_markdown: attackDiscovery.summaryMarkdown,
+      timestamp: attackDiscovery.timestamp ?? createdAt,
+    })),
+    updated_at: createdAt,
+    last_viewed_at: createdAt,
+    replacements: replacements
+      ? Object.keys(replacements).map((key) => ({
+          uuid: key,
+          value: replacements[key],
+        }))
+      : undefined,
+    namespace: spaceId,
+  };
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts
new file mode 100644
index 0000000000000..6b3383337e2d6
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts
@@ -0,0 +1,186 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FieldMap } from '@kbn/data-stream-adapter';
+
+export const attackDiscoveryFieldMap: FieldMap = {
+  '@timestamp': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  users: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'users.id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'users.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  id: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  last_viewed_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  updated_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  created_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  attack_discoveries: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'attack_discoveries.timestamp': {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  'attack_discoveries.details_markdown': {
+    type: 'text',
+    array: false,
+    required: true,
+  },
+
+  'attack_discoveries.title': {
+    type: 'text',
+    array: false,
+    required: true,
+  },
+
+  'attack_discoveries.entity_summary_markdown': {
+    type: 'text',
+    array: false,
+    required: true,
+  },
+
+  'attack_discoveries.summary_markdown': {
+    type: 'text',
+    array: false,
+    required: true,
+  },
+
+  'attack_discoveries.mitre_attack_tactics': {
+    type: 'keyword',
+    array: true,
+    required: false,
+  },
+
+  'attack_discoveries.id': {
+    type: 'keyword',
+    required: false,
+  },
+
+  'attack_discoveries.alert_ids': {
+    type: 'keyword',
+    array: true,
+    required: true,
+  },
+
+  replacements: {
+    type: 'object',
+    array: false,
+    required: false,
+  },
+  'replacements.value': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'replacements.uuid': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  api_config: {
+    type: 'object',
+    array: false,
+    required: true,
+  },
+  'api_config.connector_id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'api_config.action_type_id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.default_system_prompt_id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.provider': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.model': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  alerts_context_count: {
+    type: 'integer',
+    array: false,
+    required: false,
+  },
+  status: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  namespace: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  average_interval_ms: {
+    type: 'integer',
+    array: false,
+    required: false,
+  },
+  failure_reason: {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  generation_intervals: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'generation_intervals.date': {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  'generation_intervals.duration_ms': {
+    type: 'integer',
+    array: false,
+    required: true,
+  },
+} as const;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_all_attack_discoveries.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_all_attack_discoveries.ts
new file mode 100644
index 0000000000000..e80d1e4589838
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_all_attack_discoveries.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { AuthenticatedUser } from '@kbn/security-plugin/common';
+import { EsAttackDiscoverySchema } from './types';
+import { transformESSearchToAttackDiscovery } from './transforms';
+const MAX_ITEMS = 10000;
+export interface FindAllAttackDiscoveriesParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  attackDiscoveryIndex: string;
+  user: AuthenticatedUser;
+}
+
+export const findAllAttackDiscoveries = async ({
+  esClient,
+  logger,
+  attackDiscoveryIndex,
+  user,
+}: FindAllAttackDiscoveriesParams): Promise<AttackDiscoveryResponse[]> => {
+  const filterByUser = [
+    {
+      nested: {
+        path: 'users',
+        query: {
+          bool: {
+            must: [
+              {
+                match: user.profile_uid
+                  ? { 'users.id': user.profile_uid }
+                  : { 'users.name': user.username },
+              },
+            ],
+          },
+        },
+      },
+    },
+  ];
+  try {
+    const response = await esClient.search<EsAttackDiscoverySchema>({
+      query: {
+        bool: {
+          must: [...filterByUser],
+        },
+      },
+      size: MAX_ITEMS,
+      _source: true,
+      ignore_unavailable: true,
+      index: attackDiscoveryIndex,
+      seq_no_primary_term: true,
+    });
+    const attackDiscoveries = transformESSearchToAttackDiscovery(response);
+    return attackDiscoveries ?? [];
+  } catch (err) {
+    logger.error(`Error fetching attack discoveries: ${err}`);
+    throw err;
+  }
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts
new file mode 100644
index 0000000000000..10688ce25b25e
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { findAttackDiscoveryByConnectorId } from './find_attack_discovery_by_connector_id';
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+
+const mockResponse = getAttackDiscoverySearchEsMock();
+
+const user = {
+  username: 'test_user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const mockRequest = {
+  esClient: mockEsClient,
+  attackDiscoveryIndex: 'attack-discovery-index',
+  connectorId: 'connector-id',
+  user,
+  logger: mockLogger,
+};
+describe('findAttackDiscoveryByConnectorId', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should find attack discovery by connector id successfully', async () => {
+    mockEsClient.search.mockResolvedValueOnce(mockResponse);
+
+    const response = await findAttackDiscoveryByConnectorId(mockRequest);
+
+    expect(response).not.toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should return null if no attack discovery found', async () => {
+    mockEsClient.search.mockResolvedValueOnce({ ...mockResponse, hits: { hits: [] } });
+
+    const response = await findAttackDiscoveryByConnectorId(mockRequest);
+
+    expect(response).toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should throw error on elasticsearch search failure', async () => {
+    mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error'));
+
+    await expect(findAttackDiscoveryByConnectorId(mockRequest)).rejects.toThrowError(
+      'Elasticsearch error'
+    );
+
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts
new file mode 100644
index 0000000000000..532c35ac89c05
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { EsAttackDiscoverySchema } from './types';
+import { transformESSearchToAttackDiscovery } from './transforms';
+
+export interface FindAttackDiscoveryParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  attackDiscoveryIndex: string;
+  connectorId: string;
+  user: AuthenticatedUser;
+}
+
+export const findAttackDiscoveryByConnectorId = async ({
+  esClient,
+  logger,
+  attackDiscoveryIndex,
+  connectorId,
+  user,
+}: FindAttackDiscoveryParams): Promise<AttackDiscoveryResponse | null> => {
+  const filterByUser = [
+    {
+      nested: {
+        path: 'users',
+        query: {
+          bool: {
+            must: [
+              {
+                match: user.profile_uid
+                  ? { 'users.id': user.profile_uid }
+                  : { 'users.name': user.username },
+              },
+            ],
+          },
+        },
+      },
+    },
+  ];
+  try {
+    const response = await esClient.search<EsAttackDiscoverySchema>({
+      query: {
+        bool: {
+          must: [
+            {
+              bool: {
+                should: [
+                  {
+                    term: {
+                      'api_config.connector_id': connectorId,
+                    },
+                  },
+                ],
+              },
+            },
+            ...filterByUser,
+          ],
+        },
+      },
+      _source: true,
+      ignore_unavailable: true,
+      index: attackDiscoveryIndex,
+      seq_no_primary_term: true,
+    });
+    const attackDiscovery = transformESSearchToAttackDiscovery(response);
+    return attackDiscovery[0] ?? null;
+  } catch (err) {
+    logger.error(`Error fetching attack discovery: ${err} with connectorId: ${connectorId}`);
+    throw err;
+  }
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts
new file mode 100644
index 0000000000000..4ee89fb7a3bc0
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { getAttackDiscovery } from './get_attack_discovery';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+import { AuthenticatedUser } from '@kbn/core-security-common';
+
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+
+const mockResponse = getAttackDiscoverySearchEsMock();
+
+const user = {
+  username: 'test_user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const mockRequest = {
+  esClient: mockEsClient,
+  attackDiscoveryIndex: 'attack-discovery-index',
+  id: 'discovery-id',
+  user,
+  logger: mockLogger,
+};
+describe('getAttackDiscovery', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should get attack discovery by id successfully', async () => {
+    mockEsClient.search.mockResolvedValueOnce(mockResponse);
+
+    const response = await getAttackDiscovery(mockRequest);
+
+    expect(response).not.toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should return null if no attack discovery found', async () => {
+    mockEsClient.search.mockResolvedValueOnce({ ...mockResponse, hits: { hits: [] } });
+
+    const response = await getAttackDiscovery(mockRequest);
+
+    expect(response).toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should throw error on elasticsearch search failure', async () => {
+    mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error'));
+
+    await expect(getAttackDiscovery(mockRequest)).rejects.toThrowError('Elasticsearch error');
+
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts
new file mode 100644
index 0000000000000..d0cf6fd19ae05
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { EsAttackDiscoverySchema } from './types';
+import { transformESSearchToAttackDiscovery } from './transforms';
+
+export interface GetAttackDiscoveryParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  attackDiscoveryIndex: string;
+  id: string;
+  user: AuthenticatedUser;
+}
+
+export const getAttackDiscovery = async ({
+  esClient,
+  logger,
+  attackDiscoveryIndex,
+  id,
+  user,
+}: GetAttackDiscoveryParams): Promise<AttackDiscoveryResponse | null> => {
+  const filterByUser = [
+    {
+      nested: {
+        path: 'users',
+        query: {
+          bool: {
+            must: [
+              {
+                match: user.profile_uid
+                  ? { 'users.id': user.profile_uid }
+                  : { 'users.name': user.username },
+              },
+            ],
+          },
+        },
+      },
+    },
+  ];
+  try {
+    const response = await esClient.search<EsAttackDiscoverySchema>({
+      query: {
+        bool: {
+          must: [
+            {
+              bool: {
+                should: [
+                  {
+                    term: {
+                      _id: id,
+                    },
+                  },
+                ],
+              },
+            },
+            ...filterByUser,
+          ],
+        },
+      },
+      _source: true,
+      ignore_unavailable: true,
+      index: attackDiscoveryIndex,
+      seq_no_primary_term: true,
+    });
+    const attackDiscovery = transformESSearchToAttackDiscovery(response);
+    return attackDiscovery[0] ?? null;
+  } catch (err) {
+    logger.error(`Error fetching attack discovery: ${err} with id: ${id}`);
+    throw err;
+  }
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts
new file mode 100644
index 0000000000000..ca053743c8035
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts
@@ -0,0 +1,143 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  AttackDiscoveryCreateProps,
+  AttackDiscoveryUpdateProps,
+  AttackDiscoveryResponse,
+} from '@kbn/elastic-assistant-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { findAllAttackDiscoveries } from './find_all_attack_discoveries';
+import { findAttackDiscoveryByConnectorId } from './find_attack_discovery_by_connector_id';
+import { updateAttackDiscovery } from './update_attack_discovery';
+import { createAttackDiscovery } from './create_attack_discovery';
+import { getAttackDiscovery } from './get_attack_discovery';
+import { AIAssistantDataClient, AIAssistantDataClientParams } from '..';
+
+type AttackDiscoveryDataClientParams = AIAssistantDataClientParams;
+
+export class AttackDiscoveryDataClient extends AIAssistantDataClient {
+  constructor(public readonly options: AttackDiscoveryDataClientParams) {
+    super(options);
+  }
+
+  /**
+   * Fetches an attack discovery
+   * @param options
+   * @param options.id The existing attack discovery id.
+   * @param options.authenticatedUser Current authenticated user.
+   * @returns The attack discovery response
+   */
+  public getAttackDiscovery = async ({
+    id,
+    authenticatedUser,
+  }: {
+    id: string;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<AttackDiscoveryResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return getAttackDiscovery({
+      esClient,
+      logger: this.options.logger,
+      attackDiscoveryIndex: this.indexTemplateAndPattern.alias,
+      id,
+      user: authenticatedUser,
+    });
+  };
+
+  /**
+   * Creates an attack discovery, if given at least the "apiConfig"
+   * @param options
+   * @param options.attackDiscoveryCreate
+   * @param options.authenticatedUser
+   * @returns The Attack Discovery created
+   */
+  public createAttackDiscovery = async ({
+    attackDiscoveryCreate,
+    authenticatedUser,
+  }: {
+    attackDiscoveryCreate: AttackDiscoveryCreateProps;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<AttackDiscoveryResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return createAttackDiscovery({
+      esClient,
+      logger: this.options.logger,
+      attackDiscoveryIndex: this.indexTemplateAndPattern.alias,
+      spaceId: this.spaceId,
+      user: authenticatedUser,
+      attackDiscoveryCreate,
+    });
+  };
+
+  /**
+   * Find attack discovery by apiConfig connectorId
+   * @param options
+   * @param options.connectorId
+   * @param options.authenticatedUser
+   * @returns The Attack Discovery found
+   */
+  public findAttackDiscoveryByConnectorId = async ({
+    connectorId,
+    authenticatedUser,
+  }: {
+    connectorId: string;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<AttackDiscoveryResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return findAttackDiscoveryByConnectorId({
+      esClient,
+      logger: this.options.logger,
+      attackDiscoveryIndex: this.indexTemplateAndPattern.alias,
+      connectorId,
+      user: authenticatedUser,
+    });
+  };
+
+  /**
+   * Finds all attack discovery for authenticated user
+   * @param options
+   * @param options.authenticatedUser
+   * @returns The Attack Discovery
+   */
+  public findAllAttackDiscoveries = async ({
+    authenticatedUser,
+  }: {
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<AttackDiscoveryResponse[]> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return findAllAttackDiscoveries({
+      esClient,
+      logger: this.options.logger,
+      attackDiscoveryIndex: this.indexTemplateAndPattern.alias,
+      user: authenticatedUser,
+    });
+  };
+
+  /**
+   * Updates an attack discovery
+   * @param options
+   * @param options.attackDiscoveryUpdateProps
+   * @param options.authenticatedUser
+   */
+  public updateAttackDiscovery = async ({
+    attackDiscoveryUpdateProps,
+    authenticatedUser,
+  }: {
+    attackDiscoveryUpdateProps: AttackDiscoveryUpdateProps;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<AttackDiscoveryResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return updateAttackDiscovery({
+      esClient,
+      logger: this.options.logger,
+      attackDiscoveryIndex: attackDiscoveryUpdateProps.backingIndex,
+      attackDiscoveryUpdateProps,
+      user: authenticatedUser,
+    });
+  };
+}
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts
new file mode 100644
index 0000000000000..d9a37582f48b0
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { estypes } from '@elastic/elasticsearch';
+import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common';
+import { EsAttackDiscoverySchema } from './types';
+
+export const transformESSearchToAttackDiscovery = (
+  response: estypes.SearchResponse<EsAttackDiscoverySchema>
+): AttackDiscoveryResponse[] => {
+  return response.hits.hits
+    .filter((hit) => hit._source !== undefined)
+    .map((hit) => {
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      const adSchema = hit._source!;
+      const ad: AttackDiscoveryResponse = {
+        timestamp: adSchema['@timestamp'],
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
+        backingIndex: hit._index,
+        createdAt: adSchema.created_at,
+        updatedAt: adSchema.updated_at,
+        lastViewedAt: adSchema.last_viewed_at,
+        users:
+          adSchema.users?.map((user) => ({
+            id: user.id,
+            name: user.name,
+          })) ?? [],
+        namespace: adSchema.namespace,
+        status: adSchema.status,
+        alertsContextCount: adSchema.alerts_context_count,
+        apiConfig: {
+          connectorId: adSchema.api_config.connector_id,
+          actionTypeId: adSchema.api_config.action_type_id,
+          defaultSystemPromptId: adSchema.api_config.default_system_prompt_id,
+          model: adSchema.api_config.model,
+          provider: adSchema.api_config.provider,
+        },
+        attackDiscoveries: adSchema.attack_discoveries.map((attackDiscovery) => ({
+          alertIds: attackDiscovery.alert_ids,
+          title: attackDiscovery.title,
+          detailsMarkdown: attackDiscovery.details_markdown,
+          entitySummaryMarkdown: attackDiscovery.entity_summary_markdown,
+          mitreAttackTactics: attackDiscovery.mitre_attack_tactics,
+          summaryMarkdown: attackDiscovery.summary_markdown,
+          timestamp: attackDiscovery.timestamp,
+        })),
+        replacements: adSchema.replacements?.reduce((acc: Record<string, string>, r) => {
+          acc[r.uuid] = r.value;
+          return acc;
+        }, {}),
+        generationIntervals:
+          adSchema.generation_intervals?.map((interval) => ({
+            date: interval.date,
+            durationMs: interval.duration_ms,
+          })) ?? [],
+        averageIntervalMs: adSchema.average_interval_ms ?? 0,
+        failureReason: adSchema.failure_reason,
+      };
+
+      return ad;
+    });
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts
new file mode 100644
index 0000000000000..4a17c50e06af4
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AttackDiscoveryStatus, Provider } from '@kbn/elastic-assistant-common';
+import { EsReplacementSchema } from '../conversations/types';
+
+export interface EsAttackDiscoverySchema {
+  '@timestamp': string;
+  id: string;
+  created_at: string;
+  namespace: string;
+  attack_discoveries: Array<{
+    alert_ids: string[];
+    title: string;
+    timestamp: string;
+    details_markdown: string;
+    entity_summary_markdown: string;
+    mitre_attack_tactics?: string[];
+    summary_markdown: string;
+    id?: string;
+  }>;
+  failure_reason?: string;
+  api_config: {
+    connector_id: string;
+    action_type_id: string;
+    default_system_prompt_id?: string;
+    provider?: Provider;
+    model?: string;
+  };
+  alerts_context_count?: number;
+  replacements?: EsReplacementSchema[];
+  status: AttackDiscoveryStatus;
+  updated_at: string;
+  last_viewed_at: string;
+  users?: Array<{
+    id?: string;
+    name?: string;
+  }>;
+  average_interval_ms?: number;
+  generation_intervals?: Array<{ date: string; duration_ms: number }>;
+}
+
+export interface CreateAttackDiscoverySchema {
+  '@timestamp'?: string;
+  created_at: string;
+  id?: string | undefined;
+  attack_discoveries: Array<{
+    alert_ids: string[];
+    title: string;
+    timestamp: string;
+    details_markdown: string;
+    entity_summary_markdown: string;
+    mitre_attack_tactics?: string[];
+    summary_markdown: string;
+    id?: string;
+  }>;
+  api_config: {
+    action_type_id: string;
+    connector_id: string;
+    default_system_prompt_id?: string;
+    provider?: Provider;
+    model?: string;
+  };
+  alerts_context_count?: number;
+  replacements?: EsReplacementSchema[];
+  status: AttackDiscoveryStatus;
+  users: Array<{
+    id?: string;
+    name?: string;
+  }>;
+  updated_at: string;
+  last_viewed_at: string;
+  namespace: string;
+}
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts
new file mode 100644
index 0000000000000..24deda445f320
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts
@@ -0,0 +1,184 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { getAttackDiscovery } from './get_attack_discovery';
+import { updateAttackDiscovery } from './update_attack_discovery';
+import {
+  AttackDiscoveryResponse,
+  AttackDiscoveryStatus,
+  AttackDiscoveryUpdateProps,
+} from '@kbn/elastic-assistant-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
+jest.mock('./get_attack_discovery');
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+const user = {
+  username: 'test_user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const updateProps: AttackDiscoveryUpdateProps = {
+  id: 'existing-id',
+  backingIndex: 'attack-discovery-index',
+  status: 'succeeded' as AttackDiscoveryStatus,
+  attackDiscoveries: [
+    {
+      alertIds: ['alert-1'],
+      title: 'Updated Title',
+      detailsMarkdown: '# Updated Details',
+      entitySummaryMarkdown: '# Updated Summary',
+      timestamp: '2024-06-07T21:19:08.090Z',
+      id: 'existing-id',
+      mitreAttackTactics: ['T1234'],
+      summaryMarkdown: '# Updated Summary',
+    },
+  ],
+};
+const mockRequest = {
+  esClient: mockEsClient,
+  attackDiscoveryIndex: 'attack-discovery-index',
+  attackDiscoveryUpdateProps: updateProps,
+  user,
+  logger: mockLogger,
+};
+
+const existingAttackDiscovery: AttackDiscoveryResponse = {
+  id: 'existing-id',
+  backingIndex: 'attack-discovery-index',
+  timestamp: '2024-06-07T18:56:17.357Z',
+  createdAt: '2024-06-07T18:56:17.357Z',
+  users: [
+    {
+      id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+      name: 'elastic',
+    },
+  ],
+  status: 'running',
+  apiConfig: {
+    actionTypeId: '.gen-ai',
+    connectorId: 'my-gpt4o-ai',
+  },
+  attackDiscoveries: [],
+  lastViewedAt: '2024-06-07T21:19:08.090Z',
+  updatedAt: '2024-06-07T21:19:08.090Z',
+  replacements: {
+    'f19e1a0a-de3b-496c-8ace-dd91229e1084': 'root',
+  },
+  namespace: 'default',
+  generationIntervals: [
+    {
+      date: '2024-06-07T21:19:08.089Z',
+      durationMs: 110906,
+    },
+    {
+      date: '2024-06-07T20:04:35.715Z',
+      durationMs: 104593,
+    },
+    {
+      date: '2024-06-07T18:58:27.880Z',
+      durationMs: 130526,
+    },
+  ],
+  alertsContextCount: 20,
+  averageIntervalMs: 115341,
+};
+
+const mockGetDiscovery = getAttackDiscovery as jest.Mock;
+
+describe('updateAttackDiscovery', () => {
+  const date = '2024-03-28T22:27:28.000Z';
+  beforeAll(() => {
+    jest.useFakeTimers();
+  });
+
+  beforeEach(() => {
+    jest.setSystemTime(new Date(date));
+    jest.clearAllMocks();
+    mockGetDiscovery.mockResolvedValue(existingAttackDiscovery);
+  });
+
+  it('should update attack discovery successfully', async () => {
+    const response = await updateAttackDiscovery(mockRequest);
+    expect(response).not.toBeNull();
+    expect(response!.id).toEqual('existing-id');
+    expect(mockEsClient.update).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.update).toHaveBeenCalledWith({
+      refresh: 'wait_for',
+      index: 'attack-discovery-index',
+      id: 'existing-id',
+      doc: {
+        attack_discoveries: [
+          {
+            id: 'existing-id',
+            alert_ids: ['alert-1'],
+            title: 'Updated Title',
+            details_markdown: '# Updated Details',
+            entity_summary_markdown: '# Updated Summary',
+            mitre_attack_tactics: ['T1234'],
+            summary_markdown: '# Updated Summary',
+            timestamp: date,
+          },
+        ],
+        id: 'existing-id',
+        status: 'succeeded',
+        updated_at: date,
+      },
+    });
+    expect(mockGetDiscovery).toHaveBeenCalledTimes(1);
+    const { attackDiscoveryUpdateProps, ...rest } = mockRequest;
+    expect(mockGetDiscovery).toHaveBeenCalledWith({
+      ...rest,
+      id: attackDiscoveryUpdateProps.id,
+    });
+  });
+
+  it('should not update attack_discoveries if none are present', async () => {
+    const { attackDiscoveries, ...rest } = mockRequest.attackDiscoveryUpdateProps;
+    const response = await updateAttackDiscovery({
+      ...mockRequest,
+      attackDiscoveryUpdateProps: rest,
+    });
+
+    expect(response).not.toBeNull();
+    expect(response!.id).toEqual('existing-id');
+    expect(mockEsClient.update).toHaveBeenCalledTimes(1);
+    expect(mockEsClient.update).toHaveBeenCalledWith({
+      refresh: 'wait_for',
+      index: 'attack-discovery-index',
+      id: 'existing-id',
+      doc: {
+        id: 'existing-id',
+        status: 'succeeded',
+        updated_at: date,
+      },
+    });
+    expect(mockGetDiscovery).toHaveBeenCalledTimes(1);
+    const { attackDiscoveryUpdateProps, ...rest2 } = mockRequest;
+    expect(mockGetDiscovery).toHaveBeenCalledWith({
+      ...rest2,
+      id: attackDiscoveryUpdateProps.id,
+    });
+  });
+
+  it('should throw error on elasticsearch update failure', async () => {
+    const error = new Error('Elasticsearch update error');
+    mockEsClient.update.mockRejectedValueOnce(error);
+
+    await expect(updateAttackDiscovery(mockRequest)).rejects.toThrowError(error);
+
+    expect(mockEsClient.update).toHaveBeenCalledTimes(1);
+    expect(mockLogger.warn).toHaveBeenCalledTimes(1);
+    expect(mockLogger.warn).toHaveBeenCalledWith(
+      `Error updating attackDiscovery: ${error} by ID: existing-id`
+    );
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts
new file mode 100644
index 0000000000000..73a386bbb4362
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts
@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
+import {
+  AttackDiscoveryResponse,
+  AttackDiscoveryStatus,
+  AttackDiscoveryUpdateProps,
+  Provider,
+  UUID,
+} from '@kbn/elastic-assistant-common';
+import * as uuid from 'uuid';
+import { EsReplacementSchema } from '../conversations/types';
+import { getAttackDiscovery } from './get_attack_discovery';
+
+export interface UpdateAttackDiscoverySchema {
+  id: UUID;
+  '@timestamp'?: string;
+  attack_discoveries?: Array<{
+    alert_ids: string[];
+    title: string;
+    timestamp: string;
+    details_markdown: string;
+    entity_summary_markdown: string;
+    mitre_attack_tactics?: string[];
+    summary_markdown: string;
+    id?: string;
+  }>;
+  api_config?: {
+    action_type_id?: string;
+    connector_id?: string;
+    default_system_prompt_id?: string;
+    provider?: Provider;
+    model?: string;
+  };
+  alerts_context_count?: number;
+  average_interval_ms?: number;
+  generation_intervals?: Array<{ date: string; duration_ms: number }>;
+  replacements?: EsReplacementSchema[];
+  status?: AttackDiscoveryStatus;
+  updated_at?: string;
+  last_viewed_at?: string;
+  failure_reason?: string;
+}
+
+export interface UpdateAttackDiscoveryParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  user: AuthenticatedUser;
+  attackDiscoveryIndex: string;
+  attackDiscoveryUpdateProps: AttackDiscoveryUpdateProps;
+}
+
+export const updateAttackDiscovery = async ({
+  esClient,
+  logger,
+  attackDiscoveryIndex,
+  attackDiscoveryUpdateProps,
+  user,
+}: UpdateAttackDiscoveryParams): Promise<AttackDiscoveryResponse | null> => {
+  const updatedAt = new Date().toISOString();
+  const params = transformToUpdateScheme(updatedAt, attackDiscoveryUpdateProps);
+  try {
+    await esClient.update({
+      refresh: 'wait_for',
+      index: attackDiscoveryIndex,
+      id: params.id,
+      doc: params,
+    });
+
+    const updatedAttackDiscovery = await getAttackDiscovery({
+      esClient,
+      attackDiscoveryIndex,
+      id: params.id,
+      logger,
+      user,
+    });
+
+    return updatedAttackDiscovery;
+  } catch (err) {
+    logger.warn(`Error updating attackDiscovery: ${err} by ID: ${params.id}`);
+    throw err;
+  }
+};
+
+export const transformToUpdateScheme = (
+  updatedAt: string,
+  {
+    alertsContextCount,
+    apiConfig,
+    attackDiscoveries,
+    failureReason,
+    generationIntervals,
+    id,
+    replacements,
+    lastViewedAt,
+    status,
+  }: AttackDiscoveryUpdateProps
+): UpdateAttackDiscoverySchema => {
+  const averageIntervalMsObj =
+    generationIntervals && generationIntervals.length > 0
+      ? {
+          average_interval_ms: Math.trunc(
+            generationIntervals.reduce((acc, interval) => acc + interval.durationMs, 0) /
+              generationIntervals.length
+          ),
+          generation_intervals: generationIntervals.map((interval) => ({
+            date: interval.date,
+            duration_ms: interval.durationMs,
+          })),
+        }
+      : {};
+  return {
+    alerts_context_count: alertsContextCount,
+    ...(apiConfig
+      ? {
+          api_config: {
+            action_type_id: apiConfig.actionTypeId,
+            connector_id: apiConfig.connectorId,
+            default_system_prompt_id: apiConfig.defaultSystemPromptId,
+            model: apiConfig.model,
+            provider: apiConfig.provider,
+          },
+        }
+      : {}),
+    ...(attackDiscoveries
+      ? {
+          attack_discoveries: attackDiscoveries.map((attackDiscovery) => ({
+            id: attackDiscovery.id ?? uuid.v4(),
+            alert_ids: attackDiscovery.alertIds,
+            title: attackDiscovery.title,
+            details_markdown: attackDiscovery.detailsMarkdown,
+            entity_summary_markdown: attackDiscovery.entitySummaryMarkdown,
+            mitre_attack_tactics: attackDiscovery.mitreAttackTactics,
+            summary_markdown: attackDiscovery.summaryMarkdown,
+            timestamp: updatedAt,
+          })),
+        }
+      : {}),
+    failure_reason: failureReason,
+    id,
+    replacements: replacements
+      ? Object.keys(replacements).map((key) => ({
+          uuid: key,
+          value: replacements[key],
+        }))
+      : undefined,
+    ...(status ? { status } : {}),
+    // only update updated_at time if this is not an update to last_viewed_at
+    ...(lastViewedAt ? { last_viewed_at: lastViewedAt } : { updated_at: updatedAt }),
+    ...averageIntervalMsObj,
+  };
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.test.ts
index 624eab7d30bbd..6fba2f9c8b606 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.test.ts
@@ -12,7 +12,7 @@ import { estypes } from '@elastic/elasticsearch';
 import { EsConversationSchema } from './types';
 import { getConversation } from './get_conversation';
 import { ConversationCreateProps, ConversationResponse } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 jest.mock('./get_conversation', () => ({
   getConversation: jest.fn(),
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.ts
index 0a5472e79b12c..b98b8a1f4cc27 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/create_conversation.ts
@@ -6,14 +6,13 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 
 import {
   ConversationCategoryEnum,
   ConversationCreateProps,
   ConversationResponse,
 } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
 import { getConversation } from './get_conversation';
 import { CreateMessageSchema } from './types';
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.test.ts
index 1c1dd0c2fdb24..a5a292c096cdc 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.test.ts
@@ -5,14 +5,13 @@
  * 2.0.
  */
 
-import type { Logger } from '@kbn/core/server';
+import type { AuthenticatedUser, Logger } from '@kbn/core/server';
 import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
 import { getConversation } from './get_conversation';
 import { estypes } from '@elastic/elasticsearch';
 import { EsConversationSchema } from './types';
 import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
 import { ConversationResponse } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
 
 export const getConversationResponseMock = (): ConversationResponse => ({
   createdAt: '2020-04-20T15:25:31.830Z',
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.ts
index 7d011c9f21433..c4e40caa6654b 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/get_conversation.ts
@@ -5,9 +5,8 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 import { ConversationResponse } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { EsConversationSchema } from './types';
 import { transformESSearchToConversations } from './transforms';
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.test.ts
index 38426dd06a36f..c177ea261ad90 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.test.ts
@@ -7,7 +7,7 @@
 import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
 import type { UpdateByQueryRequest } from '@elastic/elasticsearch/lib/api/types';
 import { AIAssistantConversationsDataClient } from '.';
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import { getUpdateConversationSchemaMock } from '../../__mocks__/conversations_schema.mock';
 import { AIAssistantDataClientParams } from '..';
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.ts
index c937e86a982f6..72c51d8f917aa 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/index.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import {
   ConversationCreateProps,
   ConversationResponse,
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts
index eb8df26625864..39798aeb2fd5e 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts
@@ -81,7 +81,8 @@ export const transformESSearchToConversations = (
           return acc;
         }, {}),
         namespace: conversationSchema.namespace,
-        id: hit._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
       };
 
       return conversation;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.test.ts
index f106a1f3bf7f5..d3e4fff018abb 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.test.ts
@@ -14,7 +14,7 @@ import {
 } from './update_conversation';
 import { getConversation } from './get_conversation';
 import { ConversationResponse, ConversationUpdateProps } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 export const getUpdateConversationOptionsMock = (): ConversationUpdateProps => ({
   id: 'test',
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.ts
index 30888ea219401..47a9594f42cab 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/update_conversation.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 import {
   ConversationResponse,
   Reader,
@@ -15,7 +15,6 @@ import {
   ConversationSummary,
   UUID,
 } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { getConversation } from './get_conversation';
 import { getUpdateScript } from './helpers';
 import { EsReplacementSchema } from './types';
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.test.ts
index 4838c70882f19..d6910f67f1167 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.test.ts
@@ -6,7 +6,7 @@
  */
 import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
 import { AIAssistantDataClient, AIAssistantDataClientParams } from '.';
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 const date = '2023-03-28T22:27:28.159Z';
 let logger: ReturnType<typeof loggingSystemMock['createLogger']>;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts
index 5bc84e05c8087..9c88765863724 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts
@@ -5,11 +5,10 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 
 import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server';
 import { ESSearchRequest, ESSearchResponse } from '@kbn/es-types';
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
 import { estypes } from '@elastic/elasticsearch';
 import { IIndexPatternString } from '../types';
 import { getIndexTemplateAndPattern } from '../lib/data_stream/helpers';
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
index 90c0850c503fe..97060a0f48aa6 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
@@ -6,13 +6,12 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 
 import {
   KnowledgeBaseEntryCreateProps,
   KnowledgeBaseEntryResponse,
 } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
 import { getKnowledgeBaseEntry } from './get_knowledge_base_entry';
 import { CreateKnowledgeBaseEntrySchema } from './types';
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/get_knowledge_base_entry.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/get_knowledge_base_entry.ts
index c021e022765d0..7820abfbcfe25 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/get_knowledge_base_entry.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/get_knowledge_base_entry.ts
@@ -5,9 +5,8 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 import { KnowledgeBaseEntryResponse } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { EsKnowledgeBaseEntrySchema } from './types';
 import { transformESSearchToKnowledgeBaseEntry } from './transforms';
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts
index f185c5ba8fdc2..475f9f880ee13 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts
@@ -19,7 +19,8 @@ export const transformESSearchToKnowledgeBaseEntry = (
       const kbEntrySchema = hit._source!;
       const kbEntry: KnowledgeBaseEntryResponse = {
         timestamp: kbEntrySchema['@timestamp'],
-        id: hit._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
         createdAt: kbEntrySchema.created_at,
         createdBy: kbEntrySchema.created_by,
         updatedAt: kbEntrySchema.updated_at,
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts
index 84e683121ae75..83d7713c23f1f 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts
@@ -11,7 +11,7 @@ import {
   PromptResponse,
   PromptUpdateProps,
 } from '@kbn/elastic-assistant-common/impl/schemas/prompts/bulk_crud_prompts_route.gen';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import { CreatePromptSchema, EsPromptsSchema, UpdatePromptSchema } from './types';
 
 export const transformESToPrompts = (response: EsPromptsSchema[]): PromptResponse[] => {
@@ -62,7 +62,8 @@ export const transformESSearchToPrompts = (
         isNewConversationDefault: promptSchema.is_new_conversation_default,
         updatedAt: promptSchema.updated_at,
         namespace: promptSchema.namespace,
-        id: hit._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
         name: promptSchema.name,
         promptType: promptSchema.prompt_type,
         isShared: promptSchema.is_shared,
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
index dbdc01dcf9e57..b9079c59a0643 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
@@ -10,7 +10,7 @@ import { IndicesGetDataStreamResponse } from '@elastic/elasticsearch/lib/api/typ
 import { errors as EsErrors } from '@elastic/elasticsearch';
 import { ReplaySubject, Subject } from 'rxjs';
 import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server';
 import { conversationsDataClientMock } from '../__mocks__/data_clients.mock';
 import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations';
@@ -135,12 +135,18 @@ describe('AI Assistant Service', () => {
       );
 
       expect(assistantService.isInitialized()).toEqual(true);
-      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3);
 
-      const componentTemplate = clusterClient.cluster.putComponentTemplate.mock.calls[0][0];
-      expect(componentTemplate.name).toEqual(
-        '.kibana-elastic-ai-assistant-component-template-conversations'
-      );
+      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4);
+
+      const expectedTemplates = [
+        '.kibana-elastic-ai-assistant-component-template-conversations',
+        '.kibana-elastic-ai-assistant-component-template-prompts',
+        '.kibana-elastic-ai-assistant-component-template-anonymization-fields',
+        '.kibana-elastic-ai-assistant-component-template-attack-discovery',
+      ];
+      expectedTemplates.forEach((t, i) => {
+        expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t);
+      });
     });
 
     test('should log error and set initialized to false if creating/updating common component template throws error', async () => {
@@ -628,7 +634,19 @@ describe('AI Assistant Service', () => {
         'AI Assistant service initialized',
         async () => assistantService.isInitialized() === true
       );
-      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(5);
+      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(6);
+
+      const expectedTemplates = [
+        '.kibana-elastic-ai-assistant-component-template-conversations',
+        '.kibana-elastic-ai-assistant-component-template-conversations',
+        '.kibana-elastic-ai-assistant-component-template-conversations',
+        '.kibana-elastic-ai-assistant-component-template-prompts',
+        '.kibana-elastic-ai-assistant-component-template-anonymization-fields',
+        '.kibana-elastic-ai-assistant-component-template-attack-discovery',
+      ];
+      expectedTemplates.forEach((t, i) => {
+        expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t);
+      });
     });
 
     test('should retry updating index template for transient ES errors', async () => {
@@ -649,7 +667,18 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(5);
+      expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(6);
+      const expectedTemplates = [
+        '.kibana-elastic-ai-assistant-index-template-conversations',
+        '.kibana-elastic-ai-assistant-index-template-conversations',
+        '.kibana-elastic-ai-assistant-index-template-conversations',
+        '.kibana-elastic-ai-assistant-index-template-prompts',
+        '.kibana-elastic-ai-assistant-index-template-anonymization-fields',
+        '.kibana-elastic-ai-assistant-index-template-attack-discovery',
+      ];
+      expectedTemplates.forEach((t, i) => {
+        expect(clusterClient.indices.putIndexTemplate.mock.calls[i][0].name).toEqual(t);
+      });
     });
 
     test('should retry updating index settings for existing indices for transient ES errors', async () => {
@@ -669,7 +698,7 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(5);
+      expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(6);
     });
 
     test('should retry updating index mappings for existing indices for transient ES errors', async () => {
@@ -689,7 +718,7 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(5);
+      expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(6);
     });
 
     test('should retry creating concrete index for transient ES errors', async () => {
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
index 619d9e9bca256..02d54ef31ab75 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
@@ -7,11 +7,11 @@
 
 import { DataStreamSpacesAdapter, FieldMap } from '@kbn/data-stream-adapter';
 import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server';
-import type { Logger, ElasticsearchClient } from '@kbn/core/server';
+import type { AuthenticatedUser, Logger, ElasticsearchClient } from '@kbn/core/server';
 import type { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server';
 import type { MlPluginSetup } from '@kbn/ml-plugin/server';
-import { AuthenticatedUser } from '@kbn/security-plugin/server';
 import { Subject } from 'rxjs';
+import { attackDiscoveryFieldMap } from '../ai_assistant_data_clients/attack_discovery/field_maps_configuration';
 import { getDefaultAnonymizationFields } from '../../common/anonymization';
 import { AssistantResourceNames, GetElser } from '../types';
 import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations';
@@ -28,6 +28,7 @@ import { assistantAnonymizationFieldsFieldMap } from '../ai_assistant_data_clien
 import { AIAssistantDataClient } from '../ai_assistant_data_clients';
 import { knowledgeBaseFieldMap } from '../ai_assistant_data_clients/knowledge_base/field_maps_configuration';
 import { AIAssistantKnowledgeBaseDataClient } from '../ai_assistant_data_clients/knowledge_base';
+import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery';
 import { createGetElserId, createPipeline, pipelineExists } from './helpers';
 
 const TOTAL_FIELDS_LIMIT = 2500;
@@ -52,7 +53,12 @@ export interface CreateAIAssistantClientParams {
 }
 
 export type CreateDataStream = (params: {
-  resource: 'anonymizationFields' | 'conversations' | 'knowledgeBase' | 'prompts';
+  resource:
+    | 'anonymizationFields'
+    | 'conversations'
+    | 'knowledgeBase'
+    | 'prompts'
+    | 'attackDiscovery';
   fieldMap: FieldMap;
   kibanaVersion: string;
   spaceId?: string;
@@ -68,6 +74,7 @@ export class AIAssistantService {
   private knowledgeBaseDataStream: DataStreamSpacesAdapter;
   private promptsDataStream: DataStreamSpacesAdapter;
   private anonymizationFieldsDataStream: DataStreamSpacesAdapter;
+  private attackDiscoveryDataStream: DataStreamSpacesAdapter;
   private resourceInitializationHelper: ResourceInstallationHelper;
   private initPromise: Promise<InitializationPromise>;
   private isKBSetupInProgress: boolean = false;
@@ -95,6 +102,11 @@ export class AIAssistantService {
       kibanaVersion: options.kibanaVersion,
       fieldMap: assistantAnonymizationFieldsFieldMap,
     });
+    this.attackDiscoveryDataStream = this.createDataStream({
+      resource: 'attackDiscovery',
+      kibanaVersion: options.kibanaVersion,
+      fieldMap: attackDiscoveryFieldMap,
+    });
 
     this.initPromise = this.initializeResources();
 
@@ -201,6 +213,12 @@ export class AIAssistantService {
         logger: this.options.logger,
         pluginStop$: this.options.pluginStop$,
       });
+
+      await this.attackDiscoveryDataStream.install({
+        esClient,
+        logger: this.options.logger,
+        pluginStop$: this.options.pluginStop$,
+      });
     } catch (error) {
       this.options.logger.error(`Error initializing AI assistant resources: ${error.message}`);
       this.initialized = false;
@@ -218,24 +236,28 @@ export class AIAssistantService {
       knowledgeBase: getResourceName('component-template-knowledge-base'),
       prompts: getResourceName('component-template-prompts'),
       anonymizationFields: getResourceName('component-template-anonymization-fields'),
+      attackDiscovery: getResourceName('component-template-attack-discovery'),
     },
     aliases: {
       conversations: getResourceName('conversations'),
       knowledgeBase: getResourceName('knowledge-base'),
       prompts: getResourceName('prompts'),
       anonymizationFields: getResourceName('anonymization-fields'),
+      attackDiscovery: getResourceName('attack-discovery'),
     },
     indexPatterns: {
       conversations: getResourceName('conversations*'),
       knowledgeBase: getResourceName('knowledge-base*'),
       prompts: getResourceName('prompts*'),
       anonymizationFields: getResourceName('anonymization-fields*'),
+      attackDiscovery: getResourceName('attack-discovery*'),
     },
     indexTemplate: {
       conversations: getResourceName('index-template-conversations'),
       knowledgeBase: getResourceName('index-template-knowledge-base'),
       prompts: getResourceName('index-template-prompts'),
       anonymizationFields: getResourceName('index-template-anonymization-fields'),
+      attackDiscovery: getResourceName('index-template-attack-discovery'),
     },
     pipelines: {
       knowledgeBase: getResourceName('ingest-pipeline-knowledge-base'),
@@ -338,6 +360,25 @@ export class AIAssistantService {
     });
   }
 
+  public async createAttackDiscoveryDataClient(
+    opts: CreateAIAssistantClientParams
+  ): Promise<AttackDiscoveryDataClient | null> {
+    const res = await this.checkResourcesInstallation(opts);
+
+    if (res === null) {
+      return null;
+    }
+
+    return new AttackDiscoveryDataClient({
+      logger: this.options.logger.get('attackDiscovery'),
+      currentUser: opts.currentUser,
+      elasticsearchClientPromise: this.options.elasticsearchClientPromise,
+      indexPatternsResourceName: this.resourceNames.aliases.attackDiscovery,
+      kibanaVersion: this.options.kibanaVersion,
+      spaceId: opts.spaceId,
+    });
+  }
+
   public async createAIAssistantPromptsDataClient(
     opts: CreateAIAssistantClientParams
   ): Promise<AIAssistantDataClient | null> {
diff --git a/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.test.ts b/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.test.ts
index ed6edae590c99..35653878fa2d2 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.test.ts
@@ -5,13 +5,12 @@
  * 2.0.
  */
 
-import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import type { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
 import { loggingSystemMock, elasticsearchServiceMock } from '@kbn/core/server/mocks';
 import {
   getCreateConversationSchemaMock,
   getUpdateConversationSchemaMock,
 } from '../../__mocks__/conversations_schema.mock';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
 import { DocumentsDataWriter } from './documents_data_writer';
 
 describe('DocumentsDataWriter', () => {
diff --git a/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.ts b/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.ts
index 3cae3972c8bf6..2b8e7237435ba 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/data_stream/documents_data_writer.ts
@@ -11,9 +11,8 @@ import type {
   BulkResponseItem,
   Script,
 } from '@elastic/elasticsearch/lib/api/types';
-import type { Logger, ElasticsearchClient } from '@kbn/core/server';
+import type { AuthenticatedUser, Logger, ElasticsearchClient } from '@kbn/core/server';
 import { UUID } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
 
 export interface BulkOperationError {
   message: string;
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/execute_custom_llm_chain/index.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/execute_custom_llm_chain/index.ts
index 7ea1e5fb3c9b9..bcf39320f21cc 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/execute_custom_llm_chain/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/execute_custom_llm_chain/index.ts
@@ -17,6 +17,7 @@ import {
   ActionsClientChatOpenAI,
   ActionsClientSimpleChatModel,
 } from '@kbn/langchain/server';
+import { MessagesPlaceholder } from '@langchain/core/prompts';
 import { AgentExecutor } from '../executors/types';
 import { APMTracer } from '../tracers/apm_tracer';
 import { AssistantToolParams } from '../../../types';
@@ -126,7 +127,10 @@ export const callAgentExecutor: AgentExecutor<true | false> = async ({
         returnIntermediateSteps: false,
         agentArgs: {
           // this is important to help LangChain correctly format tool input
-          humanMessageTemplate: `Question: {input}\n\n{agent_scratchpad}`,
+          humanMessageTemplate: `Remember, when you have enough information, always prefix your final JSON output with "Final Answer:"\n\nQuestion: {input}\n\n{agent_scratchpad}.`,
+          memoryPrompts: [new MessagesPlaceholder('chat_history')],
+          suffix:
+            'Begin! Reminder to ALWAYS use the above format, and to use tools if appropriate.',
         },
       });
 
diff --git a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
index 85859b2c232b7..d938310e91d6d 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
@@ -163,9 +163,121 @@ export const INVOKE_ASSISTANT_ERROR_EVENT: EventTypeOpts<{
   },
 };
 
+export const ATTACK_DISCOVERY_SUCCESS_EVENT: EventTypeOpts<{
+  actionTypeId: string;
+  alertsContextCount: number;
+  alertsCount: number;
+  configuredAlertsCount: number;
+  discoveriesGenerated: number;
+  durationMs: number;
+  model?: string;
+  provider?: string;
+}> = {
+  eventType: 'attack_discovery_success',
+  schema: {
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'Kibana connector type',
+        optional: false,
+      },
+    },
+    alertsContextCount: {
+      type: 'integer',
+      _meta: {
+        description: 'Number of alerts sent as context to the LLM',
+        optional: false,
+      },
+    },
+    alertsCount: {
+      type: 'integer',
+      _meta: {
+        description: 'Number of unique alerts referenced in the attack discoveries',
+        optional: false,
+      },
+    },
+    configuredAlertsCount: {
+      type: 'integer',
+      _meta: {
+        description: 'Number of alerts configured by the user',
+        optional: false,
+      },
+    },
+    discoveriesGenerated: {
+      type: 'integer',
+      _meta: {
+        description: 'Quantity of attack discoveries generated',
+        optional: false,
+      },
+    },
+    durationMs: {
+      type: 'integer',
+      _meta: {
+        description: 'Duration of request in ms',
+        optional: false,
+      },
+    },
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'LLM model',
+        optional: true,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'OpenAI provider',
+        optional: true,
+      },
+    },
+  },
+};
+
+export const ATTACK_DISCOVERY_ERROR_EVENT: EventTypeOpts<{
+  actionTypeId: string;
+  errorMessage: string;
+  model?: string;
+  provider?: string;
+}> = {
+  eventType: 'attack_discovery_error',
+  schema: {
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'Kibana connector type',
+        optional: false,
+      },
+    },
+    errorMessage: {
+      type: 'keyword',
+      _meta: {
+        description: 'Error message from Elasticsearch',
+      },
+    },
+
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'LLM model',
+        optional: true,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'OpenAI provider',
+        optional: true,
+      },
+    },
+  },
+};
+
 export const events: Array<EventTypeOpts<{ [key: string]: unknown }>> = [
   KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT,
   KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT,
   INVOKE_ASSISTANT_SUCCESS_EVENT,
   INVOKE_ASSISTANT_ERROR_EVENT,
+  ATTACK_DISCOVERY_SUCCESS_EVENT,
+  ATTACK_DISCOVERY_ERROR_EVENT,
 ];
diff --git a/x-pack/plugins/elastic_assistant/server/routes/anonymization_fields/bulk_actions_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/anonymization_fields/bulk_actions_route.test.ts
index 769bd069cb040..e8055de3b12b9 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/anonymization_fields/bulk_actions_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/anonymization_fields/bulk_actions_route.test.ts
@@ -14,7 +14,7 @@ import {
   getEmptyFindResult,
   getFindAnonymizationFieldsResultWithSingleHit,
 } from '../../__mocks__/response';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import { bulkActionAnonymizationFieldsRoute } from './bulk_actions_route';
 import {
   getAnonymizationFieldMock,
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts
new file mode 100644
index 0000000000000..66aca77f1eb8b
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts
@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { cancelAttackDiscoveryRoute } from './cancel_attack_discovery';
+
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { serverMock } from '../../__mocks__/server';
+import { requestContextMock } from '../../__mocks__/request_context';
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery';
+import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+import { getCancelAttackDiscoveryRequest } from '../../__mocks__/request';
+import { updateAttackDiscoveryStatusToCanceled } from './helpers';
+jest.mock('./helpers');
+
+const { clients, context } = requestContextMock.createTools();
+const server: ReturnType<typeof serverMock.create> = serverMock.create();
+clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+const mockUser = {
+  username: 'my_username',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const mockDataClient = {
+  findAttackDiscoveryByConnectorId: jest.fn(),
+  updateAttackDiscovery: jest.fn(),
+  createAttackDiscovery: jest.fn(),
+  getAttackDiscovery: jest.fn(),
+} as unknown as AttackDiscoveryDataClient;
+const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0];
+describe('cancelAttackDiscoveryRoute', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    (updateAttackDiscoveryStatusToCanceled as jest.Mock).mockResolvedValue({
+      ...mockCurrentAd,
+      status: 'canceled',
+    });
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient);
+
+    cancelAttackDiscoveryRoute(server.router);
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      getCancelAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      ...mockCurrentAd,
+      status: 'canceled',
+    });
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValue(null);
+    const response = await server.inject(
+      getCancelAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null);
+    const response = await server.inject(
+      getCancelAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Attack discovery data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle updateAttackDiscoveryStatusToCanceled error', async () => {
+    (updateAttackDiscoveryStatusToCanceled as jest.Mock).mockRejectedValue(new Error('Oh no!'));
+    const response = await server.inject(
+      getCancelAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts
new file mode 100644
index 0000000000000..47b748c9c432a
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts
@@ -0,0 +1,92 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
+import { type IKibanaResponse, IRouter, Logger } from '@kbn/core/server';
+import {
+  AttackDiscoveryCancelResponse,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+  AttackDiscoveryCancelRequestParams,
+} from '@kbn/elastic-assistant-common';
+import { transformError } from '@kbn/securitysolution-es-utils';
+
+import { updateAttackDiscoveryStatusToCanceled } from './helpers';
+import { ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID } from '../../../common/constants';
+import { buildResponse } from '../../lib/build_response';
+import { ElasticAssistantRequestHandlerContext } from '../../types';
+
+export const cancelAttackDiscoveryRoute = (
+  router: IRouter<ElasticAssistantRequestHandlerContext>
+) => {
+  router.versioned
+    .put({
+      access: 'internal',
+      path: ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID,
+      options: {
+        tags: ['access:elasticAssistant'],
+      },
+    })
+    .addVersion(
+      {
+        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        validate: {
+          request: {
+            params: buildRouteValidationWithZod(AttackDiscoveryCancelRequestParams),
+          },
+          response: {
+            200: {
+              body: { custom: buildRouteValidationWithZod(AttackDiscoveryCancelResponse) },
+            },
+          },
+        },
+      },
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<AttackDiscoveryCancelResponse>> => {
+        const resp = buildResponse(response);
+        const assistantContext = await context.elasticAssistant;
+        const logger: Logger = assistantContext.logger;
+        try {
+          const dataClient = await assistantContext.getAttackDiscoveryDataClient();
+
+          const authenticatedUser = assistantContext.getCurrentUser();
+          const connectorId = decodeURIComponent(request.params.connectorId);
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Attack discovery data client not initialized`,
+              statusCode: 500,
+            });
+          }
+          const attackDiscovery = await updateAttackDiscoveryStatusToCanceled(
+            dataClient,
+            authenticatedUser,
+            connectorId
+          );
+
+          return response.ok({
+            body: attackDiscovery,
+          });
+        } catch (err) {
+          logger.error(err);
+          const error = transformError(err);
+
+          return resp.error({
+            body: { success: false, error: error.message },
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts
new file mode 100644
index 0000000000000..74cf160c43ffe
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts
@@ -0,0 +1,153 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getAttackDiscoveryRoute } from './get_attack_discovery';
+
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { serverMock } from '../../__mocks__/server';
+import { requestContextMock } from '../../__mocks__/request_context';
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery';
+import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+import { getAttackDiscoveryRequest } from '../../__mocks__/request';
+import { getAttackDiscoveryStats, updateAttackDiscoveryLastViewedAt } from './helpers';
+jest.mock('./helpers');
+
+const mockStats = {
+  newConnectorResultsCount: 2,
+  newDiscoveriesCount: 4,
+  statsPerConnector: [
+    {
+      hasViewed: false,
+      status: 'failed',
+      count: 0,
+      connectorId: 'my-bedrock-old',
+    },
+    {
+      hasViewed: false,
+      status: 'running',
+      count: 1,
+      connectorId: 'my-gen-ai',
+    },
+    {
+      hasViewed: true,
+      status: 'succeeded',
+      count: 1,
+      connectorId: 'my-gpt4o-ai',
+    },
+    {
+      hasViewed: true,
+      status: 'canceled',
+      count: 1,
+      connectorId: 'my-bedrock',
+    },
+    {
+      hasViewed: false,
+      status: 'succeeded',
+      count: 4,
+      connectorId: 'my-gen-a2i',
+    },
+  ],
+};
+const { clients, context } = requestContextMock.createTools();
+const server: ReturnType<typeof serverMock.create> = serverMock.create();
+clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+const mockUser = {
+  username: 'my_username',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const mockDataClient = {
+  findAttackDiscoveryByConnectorId: jest.fn(),
+  updateAttackDiscovery: jest.fn(),
+  createAttackDiscovery: jest.fn(),
+  getAttackDiscovery: jest.fn(),
+} as unknown as AttackDiscoveryDataClient;
+const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0];
+describe('getAttackDiscoveryRoute', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient);
+
+    getAttackDiscoveryRoute(server.router);
+    (updateAttackDiscoveryLastViewedAt as jest.Mock).mockResolvedValue(mockCurrentAd);
+    (getAttackDiscoveryStats as jest.Mock).mockResolvedValue(mockStats);
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      getAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      data: mockCurrentAd,
+      stats: mockStats,
+    });
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValue(null);
+    const response = await server.inject(
+      getAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null);
+    const response = await server.inject(
+      getAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Attack discovery data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle findAttackDiscoveryByConnectorId null response', async () => {
+    (updateAttackDiscoveryLastViewedAt as jest.Mock).mockResolvedValue(null);
+    const response = await server.inject(
+      getAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      stats: mockStats,
+    });
+  });
+
+  it('should handle findAttackDiscoveryByConnectorId error', async () => {
+    (updateAttackDiscoveryLastViewedAt as jest.Mock).mockRejectedValue(new Error('Oh no!'));
+    const response = await server.inject(
+      getAttackDiscoveryRequest('connector-id'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts
new file mode 100644
index 0000000000000..09b2df98fe090
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
+import { type IKibanaResponse, IRouter, Logger } from '@kbn/core/server';
+import {
+  AttackDiscoveryGetResponse,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+  AttackDiscoveryGetRequestParams,
+} from '@kbn/elastic-assistant-common';
+import { transformError } from '@kbn/securitysolution-es-utils';
+
+import { updateAttackDiscoveryLastViewedAt, getAttackDiscoveryStats } from './helpers';
+import { ATTACK_DISCOVERY_BY_CONNECTOR_ID } from '../../../common/constants';
+import { buildResponse } from '../../lib/build_response';
+import { ElasticAssistantRequestHandlerContext } from '../../types';
+
+export const getAttackDiscoveryRoute = (router: IRouter<ElasticAssistantRequestHandlerContext>) => {
+  router.versioned
+    .get({
+      access: 'internal',
+      path: ATTACK_DISCOVERY_BY_CONNECTOR_ID,
+      options: {
+        tags: ['access:elasticAssistant'],
+      },
+    })
+    .addVersion(
+      {
+        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        validate: {
+          request: {
+            params: buildRouteValidationWithZod(AttackDiscoveryGetRequestParams),
+          },
+          response: {
+            200: {
+              body: { custom: buildRouteValidationWithZod(AttackDiscoveryGetResponse) },
+            },
+          },
+        },
+      },
+      async (context, request, response): Promise<IKibanaResponse<AttackDiscoveryGetResponse>> => {
+        const resp = buildResponse(response);
+        const assistantContext = await context.elasticAssistant;
+        const logger: Logger = assistantContext.logger;
+        try {
+          const dataClient = await assistantContext.getAttackDiscoveryDataClient();
+
+          const authenticatedUser = assistantContext.getCurrentUser();
+          const connectorId = decodeURIComponent(request.params.connectorId);
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Attack discovery data client not initialized`,
+              statusCode: 500,
+            });
+          }
+          const attackDiscovery = await updateAttackDiscoveryLastViewedAt({
+            dataClient,
+            connectorId,
+            authenticatedUser,
+          });
+          const stats = await getAttackDiscoveryStats({
+            dataClient,
+            authenticatedUser,
+          });
+          return response.ok({
+            body:
+              attackDiscovery != null
+                ? {
+                    data: attackDiscovery,
+                    stats,
+                  }
+                : {
+                    stats,
+                  },
+          });
+        } catch (err) {
+          logger.error(err);
+          const error = transformError(err);
+
+          return resp.error({
+            body: { success: false, error: error.message },
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts
new file mode 100644
index 0000000000000..bd8f7983921cb
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts
@@ -0,0 +1,807 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import moment from 'moment';
+import {
+  REQUIRED_FOR_ATTACK_DISCOVERY,
+  addGenerationInterval,
+  attackDiscoveryStatus,
+  getAssistantToolParams,
+  handleToolError,
+  updateAttackDiscoveryStatusToCanceled,
+  updateAttackDiscoveryStatusToRunning,
+  updateAttackDiscoveries,
+  getAttackDiscoveryStats,
+} from './helpers';
+import { ActionsClientLlm } from '@kbn/langchain/server';
+import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+import type { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server';
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { KibanaRequest } from '@kbn/core-http-server';
+import {
+  AttackDiscoveryPostRequestBody,
+  ExecuteConnectorRequestBody,
+} from '@kbn/elastic-assistant-common';
+import { coreMock } from '@kbn/core/server/mocks';
+import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+
+import {
+  getAnonymizationFieldMock,
+  getUpdateAnonymizationFieldSchemaMock,
+} from '../../__mocks__/anonymization_fields_schema.mock';
+
+jest.mock('lodash/fp', () => ({
+  uniq: jest.fn((arr) => Array.from(new Set(arr))),
+}));
+
+jest.mock('@kbn/securitysolution-es-utils', () => ({
+  transformError: jest.fn((err) => err),
+}));
+jest.mock('@kbn/langchain/server', () => ({
+  ActionsClientLlm: jest.fn(),
+}));
+jest.mock('../evaluate/utils', () => ({
+  getLangSmithTracer: jest.fn().mockReturnValue([]),
+}));
+jest.mock('../utils', () => ({
+  getLlmType: jest.fn().mockReturnValue('llm-type'),
+}));
+const findAttackDiscoveryByConnectorId = jest.fn();
+const updateAttackDiscovery = jest.fn();
+const createAttackDiscovery = jest.fn();
+const getAttackDiscovery = jest.fn();
+const findAllAttackDiscoveries = jest.fn();
+const mockDataClient = {
+  findAttackDiscoveryByConnectorId,
+  updateAttackDiscovery,
+  createAttackDiscovery,
+  getAttackDiscovery,
+  findAllAttackDiscoveries,
+} as unknown as AttackDiscoveryDataClient;
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+const mockTelemetry = coreMock.createSetup().analytics;
+const mockError = new Error('Test error');
+
+const mockAuthenticatedUser = {
+  username: 'user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+
+const mockApiConfig = {
+  connectorId: 'connector-id',
+  actionTypeId: '.bedrock',
+  model: 'model',
+  provider: OpenAiProviderType.OpenAi,
+};
+
+const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0];
+
+const mockActions: ActionsPluginStart = {} as ActionsPluginStart;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const mockRequest: KibanaRequest<unknown, unknown, any, any> = {} as unknown as KibanaRequest<
+  unknown,
+  unknown,
+  any, // eslint-disable-line @typescript-eslint/no-explicit-any
+  any // eslint-disable-line @typescript-eslint/no-explicit-any
+>;
+
+describe('helpers', () => {
+  const date = '2024-03-28T22:27:28.000Z';
+  beforeAll(() => {
+    jest.useFakeTimers();
+  });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+  beforeEach(() => {
+    jest.clearAllMocks();
+    jest.setSystemTime(new Date(date));
+    getAttackDiscovery.mockResolvedValue(mockCurrentAd);
+    updateAttackDiscovery.mockResolvedValue({});
+  });
+  describe('getAssistantToolParams', () => {
+    const alertsIndexPattern = '.alerts-security.alerts-default';
+    const esClient = elasticsearchClientMock.createElasticsearchClient();
+    const langChainTimeout = 1000;
+    const latestReplacements = {};
+    const llm = new ActionsClientLlm({
+      actions: mockActions,
+      connectorId: 'test-connecter-id',
+      llmType: 'bedrock',
+      logger: mockLogger,
+      request: mockRequest,
+      temperature: 0,
+      timeout: 580000,
+    });
+    const onNewReplacements = jest.fn();
+    const size = 20;
+
+    const mockParams = {
+      actions: {} as unknown as ActionsPluginStart,
+      alertsIndexPattern: 'alerts-*',
+      anonymizationFields: [{ id: '1', field: 'field1', allowed: true, anonymized: true }],
+      apiConfig: mockApiConfig,
+      esClient: mockEsClient,
+      connectorTimeout: 1000,
+      langChainTimeout: 2000,
+      langSmithProject: 'project',
+      langSmithApiKey: 'api-key',
+      logger: mockLogger,
+      latestReplacements: {},
+      onNewReplacements: jest.fn(),
+      request: {} as KibanaRequest<
+        unknown,
+        unknown,
+        ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody
+      >,
+      size: 10,
+    };
+
+    it('should return formatted assistant tool params', () => {
+      const result = getAssistantToolParams(mockParams);
+
+      expect(ActionsClientLlm).toHaveBeenCalledWith(
+        expect.objectContaining({
+          connectorId: 'connector-id',
+          llmType: 'llm-type',
+        })
+      );
+      expect(result.anonymizationFields).toEqual([
+        ...mockParams.anonymizationFields,
+        ...REQUIRED_FOR_ATTACK_DISCOVERY,
+      ]);
+    });
+
+    it('returns the expected AssistantToolParams when anonymizationFields are provided', () => {
+      const anonymizationFields = [
+        getAnonymizationFieldMock(getUpdateAnonymizationFieldSchemaMock()),
+      ];
+
+      const result = getAssistantToolParams({
+        actions: mockParams.actions,
+        alertsIndexPattern,
+        apiConfig: mockApiConfig,
+        anonymizationFields,
+        connectorTimeout: 1000,
+        latestReplacements,
+        esClient,
+        langChainTimeout,
+        logger: mockLogger,
+        onNewReplacements,
+        request: mockRequest,
+        size,
+      });
+
+      expect(result).toEqual({
+        alertsIndexPattern,
+        anonymizationFields: [...anonymizationFields, ...REQUIRED_FOR_ATTACK_DISCOVERY],
+        isEnabledKnowledgeBase: false,
+        chain: undefined,
+        esClient,
+        langChainTimeout,
+        llm,
+        logger: mockLogger,
+        modelExists: false,
+        onNewReplacements,
+        replacements: latestReplacements,
+        request: mockRequest,
+        size,
+      });
+    });
+
+    it('returns the expected AssistantToolParams when anonymizationFields is undefined', () => {
+      const anonymizationFields = undefined;
+
+      const result = getAssistantToolParams({
+        actions: mockParams.actions,
+        alertsIndexPattern,
+        apiConfig: mockApiConfig,
+        anonymizationFields,
+        connectorTimeout: 1000,
+        latestReplacements,
+        esClient,
+        langChainTimeout,
+        logger: mockLogger,
+        onNewReplacements,
+        request: mockRequest,
+        size,
+      });
+
+      expect(result).toEqual({
+        alertsIndexPattern,
+        anonymizationFields: [...REQUIRED_FOR_ATTACK_DISCOVERY],
+        isEnabledKnowledgeBase: false,
+        chain: undefined,
+        esClient,
+        langChainTimeout,
+        llm,
+        logger: mockLogger,
+        modelExists: false,
+        onNewReplacements,
+        replacements: latestReplacements,
+        request: mockRequest,
+        size,
+      });
+    });
+
+    describe('addGenerationInterval', () => {
+      const generationInterval = { date: '2024-01-01T00:00:00Z', durationMs: 1000 };
+      const existingIntervals = [
+        { date: '2024-01-02T00:00:00Z', durationMs: 2000 },
+        { date: '2024-01-03T00:00:00Z', durationMs: 3000 },
+      ];
+
+      it('should add new interval and maintain length within MAX_GENERATION_INTERVALS', () => {
+        const result = addGenerationInterval(existingIntervals, generationInterval);
+        expect(result.length).toBeLessThanOrEqual(5);
+        expect(result).toContain(generationInterval);
+      });
+
+      it('should remove the oldest interval if exceeding MAX_GENERATION_INTERVALS', () => {
+        const longExistingIntervals = [...Array(5)].map((_, i) => ({
+          date: `2024-01-0${i + 2}T00:00:00Z`,
+          durationMs: (i + 2) * 1000,
+        }));
+        const result = addGenerationInterval(longExistingIntervals, generationInterval);
+        expect(result.length).toBe(5);
+        expect(result).not.toContain(longExistingIntervals[4]);
+      });
+    });
+
+    describe('updateAttackDiscoveryStatusToRunning', () => {
+      it('should update existing attack discovery to running', async () => {
+        const existingAd = { id: 'existing-id', backingIndex: 'index' };
+        findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd);
+        updateAttackDiscovery.mockResolvedValue(existingAd);
+
+        const result = await updateAttackDiscoveryStatusToRunning(
+          mockDataClient,
+          mockAuthenticatedUser,
+          mockApiConfig
+        );
+
+        expect(findAttackDiscoveryByConnectorId).toHaveBeenCalledWith({
+          connectorId: mockApiConfig.connectorId,
+          authenticatedUser: mockAuthenticatedUser,
+        });
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: expect.objectContaining({
+            status: attackDiscoveryStatus.running,
+          }),
+          authenticatedUser: mockAuthenticatedUser,
+        });
+        expect(result).toEqual({ attackDiscoveryId: existingAd.id, currentAd: existingAd });
+      });
+
+      it('should create a new attack discovery if none exists', async () => {
+        const newAd = { id: 'new-id', backingIndex: 'index' };
+        findAttackDiscoveryByConnectorId.mockResolvedValue(null);
+        createAttackDiscovery.mockResolvedValue(newAd);
+
+        const result = await updateAttackDiscoveryStatusToRunning(
+          mockDataClient,
+          mockAuthenticatedUser,
+          mockApiConfig
+        );
+
+        expect(createAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryCreate: expect.objectContaining({
+            status: attackDiscoveryStatus.running,
+          }),
+          authenticatedUser: mockAuthenticatedUser,
+        });
+        expect(result).toEqual({ attackDiscoveryId: newAd.id, currentAd: newAd });
+      });
+
+      it('should throw an error if updating or creating attack discovery fails', async () => {
+        findAttackDiscoveryByConnectorId.mockResolvedValue(null);
+        createAttackDiscovery.mockResolvedValue(null);
+
+        await expect(
+          updateAttackDiscoveryStatusToRunning(mockDataClient, mockAuthenticatedUser, mockApiConfig)
+        ).rejects.toThrow('Could not create attack discovery for connectorId: connector-id');
+      });
+    });
+
+    describe('updateAttackDiscoveryStatusToCanceled', () => {
+      const existingAd = {
+        id: 'existing-id',
+        backingIndex: 'index',
+        status: attackDiscoveryStatus.running,
+      };
+      it('should update existing attack discovery to canceled', async () => {
+        findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd);
+        updateAttackDiscovery.mockResolvedValue(existingAd);
+
+        const result = await updateAttackDiscoveryStatusToCanceled(
+          mockDataClient,
+          mockAuthenticatedUser,
+          mockApiConfig.connectorId
+        );
+
+        expect(findAttackDiscoveryByConnectorId).toHaveBeenCalledWith({
+          connectorId: mockApiConfig.connectorId,
+          authenticatedUser: mockAuthenticatedUser,
+        });
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: expect.objectContaining({
+            status: attackDiscoveryStatus.canceled,
+          }),
+          authenticatedUser: mockAuthenticatedUser,
+        });
+        expect(result).toEqual(existingAd);
+      });
+
+      it('should throw an error if attack discovery is not running', async () => {
+        findAttackDiscoveryByConnectorId.mockResolvedValue({
+          ...existingAd,
+          status: attackDiscoveryStatus.succeeded,
+        });
+        await expect(
+          updateAttackDiscoveryStatusToCanceled(
+            mockDataClient,
+            mockAuthenticatedUser,
+            mockApiConfig.connectorId
+          )
+        ).rejects.toThrow(
+          'Connector id connector-id does not have a running attack discovery, and therefore cannot be canceled.'
+        );
+      });
+
+      it('should throw an error if attack discovery does not exist', async () => {
+        findAttackDiscoveryByConnectorId.mockResolvedValue(null);
+        await expect(
+          updateAttackDiscoveryStatusToCanceled(
+            mockDataClient,
+            mockAuthenticatedUser,
+            mockApiConfig.connectorId
+          )
+        ).rejects.toThrow('Could not find attack discovery for connector id: connector-id');
+      });
+      it('should throw error if updateAttackDiscovery returns null', async () => {
+        findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd);
+        updateAttackDiscovery.mockResolvedValue(null);
+
+        await expect(
+          updateAttackDiscoveryStatusToCanceled(
+            mockDataClient,
+            mockAuthenticatedUser,
+            mockApiConfig.connectorId
+          )
+        ).rejects.toThrow('Could not update attack discovery for connector id: connector-id');
+      });
+    });
+
+    describe('updateAttackDiscoveries', () => {
+      const mockAttackDiscoveryId = 'attack-discovery-id';
+      const mockLatestReplacements = {};
+      const mockRawAttackDiscoveries = JSON.stringify({
+        alertsContextCount: 5,
+        attackDiscoveries: [{ alertIds: ['alert-1', 'alert-2'] }, { alertIds: ['alert-3'] }],
+      });
+      const mockSize = 10;
+      const mockStartTime = moment('2024-03-28T22:25:28.000Z');
+
+      const mockArgs = {
+        apiConfig: mockApiConfig,
+        attackDiscoveryId: mockAttackDiscoveryId,
+        authenticatedUser: mockAuthenticatedUser,
+        dataClient: mockDataClient,
+        latestReplacements: mockLatestReplacements,
+        logger: mockLogger,
+        rawAttackDiscoveries: mockRawAttackDiscoveries,
+        size: mockSize,
+        startTime: mockStartTime,
+        telemetry: mockTelemetry,
+      };
+
+      it('should update attack discoveries and report success telemetry', async () => {
+        await updateAttackDiscoveries(mockArgs);
+
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: {
+            alertsContextCount: 5,
+            attackDiscoveries: [{ alertIds: ['alert-1', 'alert-2'] }, { alertIds: ['alert-3'] }],
+            status: attackDiscoveryStatus.succeeded,
+            id: mockAttackDiscoveryId,
+            replacements: mockLatestReplacements,
+            backingIndex: mockCurrentAd.backingIndex,
+            generationIntervals: [
+              { date, durationMs: 120000 },
+              ...mockCurrentAd.generationIntervals,
+            ],
+          },
+          authenticatedUser: mockAuthenticatedUser,
+        });
+
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_success', {
+          actionTypeId: mockApiConfig.actionTypeId,
+          alertsContextCount: 5,
+          alertsCount: 3,
+          configuredAlertsCount: mockSize,
+          discoveriesGenerated: 2,
+          durationMs: 120000,
+          model: mockApiConfig.model,
+          provider: mockApiConfig.provider,
+        });
+      });
+
+      it('should update attack discoveries without generation interval if no discoveries are found', async () => {
+        const noDiscoveriesRaw = JSON.stringify({
+          alertsContextCount: 0,
+          attackDiscoveries: [],
+        });
+
+        await updateAttackDiscoveries({
+          ...mockArgs,
+          rawAttackDiscoveries: noDiscoveriesRaw,
+        });
+
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: {
+            alertsContextCount: 0,
+            attackDiscoveries: [],
+            status: attackDiscoveryStatus.succeeded,
+            id: mockAttackDiscoveryId,
+            replacements: mockLatestReplacements,
+            backingIndex: mockCurrentAd.backingIndex,
+          },
+          authenticatedUser: mockAuthenticatedUser,
+        });
+
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_success', {
+          actionTypeId: mockApiConfig.actionTypeId,
+          alertsContextCount: 0,
+          alertsCount: 0,
+          configuredAlertsCount: mockSize,
+          discoveriesGenerated: 0,
+          durationMs: 120000,
+          model: mockApiConfig.model,
+          provider: mockApiConfig.provider,
+        });
+      });
+
+      it('should catch and log an error if raw attack discoveries is null', async () => {
+        await updateAttackDiscoveries({
+          ...mockArgs,
+          rawAttackDiscoveries: null,
+        });
+        expect(mockLogger.error).toHaveBeenCalledTimes(1);
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', {
+          actionTypeId: mockArgs.apiConfig.actionTypeId,
+          errorMessage: 'tool returned no attack discoveries',
+          model: mockArgs.apiConfig.model,
+          provider: mockArgs.apiConfig.provider,
+        });
+      });
+
+      it('should return and not call updateAttackDiscovery when getAttackDiscovery returns a canceled response', async () => {
+        getAttackDiscovery.mockResolvedValue({
+          ...mockCurrentAd,
+          status: attackDiscoveryStatus.canceled,
+        });
+        await updateAttackDiscoveries(mockArgs);
+
+        expect(mockLogger.error).not.toHaveBeenCalled();
+        expect(updateAttackDiscovery).not.toHaveBeenCalled();
+      });
+
+      it('should log the error and report telemetry when getAttackDiscovery rejects', async () => {
+        getAttackDiscovery.mockRejectedValue(mockError);
+        await updateAttackDiscoveries(mockArgs);
+
+        expect(mockLogger.error).toHaveBeenCalledWith(mockError);
+        expect(updateAttackDiscovery).not.toHaveBeenCalled();
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', {
+          actionTypeId: mockArgs.apiConfig.actionTypeId,
+          errorMessage: mockError.message,
+          model: mockArgs.apiConfig.model,
+          provider: mockArgs.apiConfig.provider,
+        });
+      });
+    });
+
+    describe('handleToolError', () => {
+      const mockArgs = {
+        apiConfig: mockApiConfig,
+        attackDiscoveryId: 'discovery-id',
+        authenticatedUser: mockAuthenticatedUser,
+        backingIndex: 'backing-index',
+        dataClient: mockDataClient,
+        err: mockError,
+        latestReplacements: {},
+        logger: mockLogger,
+        telemetry: mockTelemetry,
+      };
+
+      it('should log the error and update attack discovery status to failed', async () => {
+        await handleToolError(mockArgs);
+
+        expect(mockLogger.error).toHaveBeenCalledWith(mockError);
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: {
+            status: attackDiscoveryStatus.failed,
+            attackDiscoveries: [],
+            backingIndex: 'foo',
+            failureReason: 'Test error',
+            id: 'discovery-id',
+            replacements: {},
+          },
+          authenticatedUser: mockArgs.authenticatedUser,
+        });
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', {
+          actionTypeId: mockArgs.apiConfig.actionTypeId,
+          errorMessage: mockError.message,
+          model: mockArgs.apiConfig.model,
+          provider: mockArgs.apiConfig.provider,
+        });
+      });
+
+      it('should log the error and report telemetry when updateAttackDiscovery rejects', async () => {
+        updateAttackDiscovery.mockRejectedValue(mockError);
+        await handleToolError(mockArgs);
+
+        expect(mockLogger.error).toHaveBeenCalledWith(mockError);
+        expect(updateAttackDiscovery).toHaveBeenCalledWith({
+          attackDiscoveryUpdateProps: {
+            status: attackDiscoveryStatus.failed,
+            attackDiscoveries: [],
+            backingIndex: 'foo',
+            failureReason: 'Test error',
+            id: 'discovery-id',
+            replacements: {},
+          },
+          authenticatedUser: mockArgs.authenticatedUser,
+        });
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', {
+          actionTypeId: mockArgs.apiConfig.actionTypeId,
+          errorMessage: mockError.message,
+          model: mockArgs.apiConfig.model,
+          provider: mockArgs.apiConfig.provider,
+        });
+      });
+
+      it('should return and not call updateAttackDiscovery when getAttackDiscovery returns a canceled response', async () => {
+        getAttackDiscovery.mockResolvedValue({
+          ...mockCurrentAd,
+          status: attackDiscoveryStatus.canceled,
+        });
+        await handleToolError(mockArgs);
+
+        expect(mockTelemetry.reportEvent).not.toHaveBeenCalled();
+        expect(updateAttackDiscovery).not.toHaveBeenCalled();
+      });
+
+      it('should log the error and report telemetry when getAttackDiscovery rejects', async () => {
+        getAttackDiscovery.mockRejectedValue(mockError);
+        await handleToolError(mockArgs);
+
+        expect(mockLogger.error).toHaveBeenCalledWith(mockError);
+        expect(updateAttackDiscovery).not.toHaveBeenCalled();
+        expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', {
+          actionTypeId: mockArgs.apiConfig.actionTypeId,
+          errorMessage: mockError.message,
+          model: mockArgs.apiConfig.model,
+          provider: mockArgs.apiConfig.provider,
+        });
+      });
+    });
+  });
+  describe('getAttackDiscoveryStats', () => {
+    const mockDiscoveries = [
+      {
+        timestamp: '2024-06-13T17:55:11.360Z',
+        id: '8abb49bd-2f5d-43d2-bc2f-dd3c3cab25ad',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-13T17:55:11.360Z',
+        updatedAt: '2024-06-17T20:47:57.556Z',
+        lastViewedAt: '2024-06-17T20:47:57.556Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'failed',
+        alertsContextCount: undefined,
+        apiConfig: {
+          connectorId: 'my-bedrock-old',
+          actionTypeId: '.bedrock',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: [],
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason:
+          'ActionsClientLlm: action result status is error: an error occurred while running the action - Response validation failed (Error: [usage.input_tokens]: expected value of type [number] but got [undefined])',
+      },
+      {
+        timestamp: '2024-06-13T17:55:11.360Z',
+        id: '9abb49bd-2f5d-43d2-bc2f-dd3c3cab25ad',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-13T17:55:11.360Z',
+        updatedAt: '2024-06-17T20:47:57.556Z',
+        lastViewedAt: '2024-06-17T20:46:57.556Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'failed',
+        alertsContextCount: undefined,
+        apiConfig: {
+          connectorId: 'my-bedrock-old',
+          actionTypeId: '.bedrock',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: [],
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason:
+          'ActionsClientLlm: action result status is error: an error occurred while running the action - Response validation failed (Error: [usage.input_tokens]: expected value of type [number] but got [undefined])',
+      },
+      {
+        timestamp: '2024-06-12T19:54:50.428Z',
+        id: '745e005b-7248-4c08-b8b6-4cad263b4be0',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-12T19:54:50.428Z',
+        updatedAt: '2024-06-17T20:47:27.182Z',
+        lastViewedAt: '2024-06-17T20:27:27.182Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'running',
+        alertsContextCount: 20,
+        apiConfig: {
+          connectorId: 'my-gen-ai',
+          actionTypeId: '.gen-ai',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: mockCurrentAd.attackDiscoveries,
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason: undefined,
+      },
+      {
+        timestamp: '2024-06-13T17:50:59.409Z',
+        id: 'f48da2ca-b63e-4387-82d7-1423a68500aa',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-13T17:50:59.409Z',
+        updatedAt: '2024-06-17T20:47:59.969Z',
+        lastViewedAt: '2024-06-17T20:47:35.227Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'succeeded',
+        alertsContextCount: 20,
+        apiConfig: {
+          connectorId: 'my-gpt4o-ai',
+          actionTypeId: '.gen-ai',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: mockCurrentAd.attackDiscoveries,
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason: undefined,
+      },
+      {
+        timestamp: '2024-06-12T21:18:56.377Z',
+        id: '82fced1d-de48-42db-9f56-e45122dee017',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-12T21:18:56.377Z',
+        updatedAt: '2024-06-17T20:47:39.372Z',
+        lastViewedAt: '2024-06-17T20:47:39.372Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'canceled',
+        alertsContextCount: 20,
+        apiConfig: {
+          connectorId: 'my-bedrock',
+          actionTypeId: '.bedrock',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: mockCurrentAd.attackDiscoveries,
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason: undefined,
+      },
+      {
+        timestamp: '2024-06-12T16:44:23.107Z',
+        id: 'a4709094-6116-484b-b096-1e8d151cb4b7',
+        backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+        createdAt: '2024-06-12T16:44:23.107Z',
+        updatedAt: '2024-06-17T20:48:16.961Z',
+        lastViewedAt: '2024-06-17T20:47:16.961Z',
+        users: [mockAuthenticatedUser],
+        namespace: 'default',
+        status: 'succeeded',
+        alertsContextCount: 0,
+        apiConfig: {
+          connectorId: 'my-gen-a2i',
+          actionTypeId: '.gen-ai',
+          defaultSystemPromptId: undefined,
+          model: undefined,
+          provider: undefined,
+        },
+        attackDiscoveries: [
+          ...mockCurrentAd.attackDiscoveries,
+          ...mockCurrentAd.attackDiscoveries,
+          ...mockCurrentAd.attackDiscoveries,
+          ...mockCurrentAd.attackDiscoveries,
+        ],
+        replacements: {},
+        generationIntervals: mockCurrentAd.generationIntervals,
+        averageIntervalMs: mockCurrentAd.averageIntervalMs,
+        failureReason: 'steph threw an error',
+      },
+    ];
+    beforeEach(() => {
+      findAllAttackDiscoveries.mockResolvedValue(mockDiscoveries);
+    });
+    it('returns the formatted stats object', async () => {
+      const stats = await getAttackDiscoveryStats({
+        authenticatedUser: mockAuthenticatedUser,
+        dataClient: mockDataClient,
+      });
+      expect(stats).toEqual([
+        {
+          hasViewed: true,
+          status: 'failed',
+          count: 0,
+          connectorId: 'my-bedrock-old',
+        },
+        {
+          hasViewed: false,
+          status: 'failed',
+          count: 0,
+          connectorId: 'my-bedrock-old',
+        },
+        {
+          hasViewed: false,
+          status: 'running',
+          count: 1,
+          connectorId: 'my-gen-ai',
+        },
+        {
+          hasViewed: false,
+          status: 'succeeded',
+          count: 1,
+          connectorId: 'my-gpt4o-ai',
+        },
+        {
+          hasViewed: true,
+          status: 'canceled',
+          count: 1,
+          connectorId: 'my-bedrock',
+        },
+        {
+          hasViewed: false,
+          status: 'succeeded',
+          count: 4,
+          connectorId: 'my-gen-a2i',
+        },
+      ]);
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts
index 4f916be8105d4..c3665d1583a3f 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts
@@ -5,19 +5,37 @@
  * 2.0.
  */
 
-import { KibanaRequest } from '@kbn/core/server';
-import { Logger } from '@kbn/logging';
+import { AnalyticsServiceSetup, AuthenticatedUser, KibanaRequest, Logger } from '@kbn/core/server';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import {
+  ApiConfig,
+  AttackDiscovery,
   AttackDiscoveryPostRequestBody,
+  AttackDiscoveryResponse,
+  AttackDiscoveryStat,
+  AttackDiscoveryStatus,
   ExecuteConnectorRequestBody,
+  GenerationInterval,
   Replacements,
 } from '@kbn/elastic-assistant-common';
 import { AnonymizationFieldResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
 import { v4 as uuidv4 } from 'uuid';
 import { ActionsClientLlm } from '@kbn/langchain/server';
 
+import { Moment } from 'moment';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import type { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server';
+import moment from 'moment/moment';
+import { uniq } from 'lodash/fp';
+import { getLangSmithTracer } from '../evaluate/utils';
+import { getLlmType } from '../utils';
+import type { GetRegisteredTools } from '../../services/app_context';
+import {
+  ATTACK_DISCOVERY_ERROR_EVENT,
+  ATTACK_DISCOVERY_SUCCESS_EVENT,
+} from '../../lib/telemetry/event_based_telemetry';
 import { AssistantToolParams } from '../../types';
+import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery';
 
 export const REQUIRED_FOR_ATTACK_DISCOVERY: AnonymizationFieldResponse[] = [
   {
@@ -35,6 +53,77 @@ export const REQUIRED_FOR_ATTACK_DISCOVERY: AnonymizationFieldResponse[] = [
 ];
 
 export const getAssistantToolParams = ({
+  actions,
+  alertsIndexPattern,
+  anonymizationFields,
+  apiConfig,
+  esClient,
+  connectorTimeout,
+  langChainTimeout,
+  langSmithProject,
+  langSmithApiKey,
+  logger,
+  latestReplacements,
+  onNewReplacements,
+  request,
+  size,
+}: {
+  actions: ActionsPluginStart;
+  alertsIndexPattern: string;
+  anonymizationFields?: AnonymizationFieldResponse[];
+  apiConfig: ApiConfig;
+  esClient: ElasticsearchClient;
+  connectorTimeout: number;
+  langChainTimeout: number;
+  langSmithProject?: string;
+  langSmithApiKey?: string;
+  logger: Logger;
+  latestReplacements: Replacements;
+  onNewReplacements: (newReplacements: Replacements) => void;
+  request: KibanaRequest<
+    unknown,
+    unknown,
+    ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody
+  >;
+  size: number;
+}) => {
+  const traceOptions = {
+    projectName: langSmithProject,
+    tracers: [
+      ...getLangSmithTracer({
+        apiKey: langSmithApiKey,
+        projectName: langSmithProject,
+        logger,
+      }),
+    ],
+  };
+
+  const llm = new ActionsClientLlm({
+    actions,
+    connectorId: apiConfig.connectorId,
+    llmType: getLlmType(apiConfig.actionTypeId),
+    logger,
+    request,
+    temperature: 0, // zero temperature for attack discovery, because we want structured JSON output
+    timeout: connectorTimeout,
+    traceOptions,
+  });
+
+  return formatAssistantToolParams({
+    alertsIndexPattern,
+    anonymizationFields,
+    esClient,
+    latestReplacements,
+    langChainTimeout,
+    llm,
+    logger,
+    onNewReplacements,
+    request,
+    size,
+  });
+};
+
+const formatAssistantToolParams = ({
   alertsIndexPattern,
   anonymizationFields,
   esClient,
@@ -75,3 +164,309 @@ export const getAssistantToolParams = ({
   request,
   size,
 });
+
+export const attackDiscoveryStatus: { [k: string]: AttackDiscoveryStatus } = {
+  canceled: 'canceled',
+  failed: 'failed',
+  running: 'running',
+  succeeded: 'succeeded',
+};
+const MAX_GENERATION_INTERVALS = 5;
+
+export const addGenerationInterval = (
+  generationIntervals: GenerationInterval[],
+  generationInterval: GenerationInterval
+): GenerationInterval[] => {
+  const newGenerationIntervals = [generationInterval, ...generationIntervals];
+
+  if (newGenerationIntervals.length > MAX_GENERATION_INTERVALS) {
+    return newGenerationIntervals.slice(0, MAX_GENERATION_INTERVALS); // Return the first MAX_GENERATION_INTERVALS items
+  }
+
+  return newGenerationIntervals;
+};
+
+export const updateAttackDiscoveryStatusToRunning = async (
+  dataClient: AttackDiscoveryDataClient,
+  authenticatedUser: AuthenticatedUser,
+  apiConfig: ApiConfig
+): Promise<{
+  currentAd: AttackDiscoveryResponse;
+  attackDiscoveryId: string;
+}> => {
+  const foundAttackDiscovery = await dataClient?.findAttackDiscoveryByConnectorId({
+    connectorId: apiConfig.connectorId,
+    authenticatedUser,
+  });
+  const currentAd = foundAttackDiscovery
+    ? await dataClient?.updateAttackDiscovery({
+        attackDiscoveryUpdateProps: {
+          backingIndex: foundAttackDiscovery.backingIndex,
+          id: foundAttackDiscovery.id,
+          status: attackDiscoveryStatus.running,
+        },
+        authenticatedUser,
+      })
+    : await dataClient?.createAttackDiscovery({
+        attackDiscoveryCreate: {
+          apiConfig,
+          attackDiscoveries: [],
+          status: attackDiscoveryStatus.running,
+        },
+        authenticatedUser,
+      });
+
+  if (!currentAd) {
+    throw new Error(
+      `Could not ${foundAttackDiscovery ? 'update' : 'create'} attack discovery for connectorId: ${
+        apiConfig.connectorId
+      }`
+    );
+  }
+
+  return {
+    attackDiscoveryId: currentAd.id,
+    currentAd,
+  };
+};
+
+export const updateAttackDiscoveryStatusToCanceled = async (
+  dataClient: AttackDiscoveryDataClient,
+  authenticatedUser: AuthenticatedUser,
+  connectorId: string
+): Promise<AttackDiscoveryResponse> => {
+  const foundAttackDiscovery = await dataClient?.findAttackDiscoveryByConnectorId({
+    connectorId,
+    authenticatedUser,
+  });
+  if (foundAttackDiscovery == null) {
+    throw new Error(`Could not find attack discovery for connector id: ${connectorId}`);
+  }
+  if (foundAttackDiscovery.status !== 'running') {
+    throw new Error(
+      `Connector id ${connectorId} does not have a running attack discovery, and therefore cannot be canceled.`
+    );
+  }
+  const updatedAttackDiscovery = await dataClient?.updateAttackDiscovery({
+    attackDiscoveryUpdateProps: {
+      backingIndex: foundAttackDiscovery.backingIndex,
+      id: foundAttackDiscovery.id,
+      status: attackDiscoveryStatus.canceled,
+    },
+    authenticatedUser,
+  });
+
+  if (!updatedAttackDiscovery) {
+    throw new Error(`Could not update attack discovery for connector id: ${connectorId}`);
+  }
+
+  return updatedAttackDiscovery;
+};
+
+const getDataFromJSON = (adStringified: string) => {
+  const { alertsContextCount, attackDiscoveries } = JSON.parse(adStringified);
+  return { alertsContextCount, attackDiscoveries };
+};
+
+export const updateAttackDiscoveries = async ({
+  apiConfig,
+  attackDiscoveryId,
+  authenticatedUser,
+  dataClient,
+  latestReplacements,
+  logger,
+  rawAttackDiscoveries,
+  size,
+  startTime,
+  telemetry,
+}: {
+  apiConfig: ApiConfig;
+  attackDiscoveryId: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: AttackDiscoveryDataClient;
+  latestReplacements: Replacements;
+  logger: Logger;
+  rawAttackDiscoveries: string | null;
+  size: number;
+  startTime: Moment;
+  telemetry: AnalyticsServiceSetup;
+}) => {
+  try {
+    if (rawAttackDiscoveries == null) {
+      throw new Error('tool returned no attack discoveries');
+    }
+    const currentAd = await dataClient.getAttackDiscovery({
+      id: attackDiscoveryId,
+      authenticatedUser,
+    });
+    if (currentAd === null || currentAd?.status === 'canceled') {
+      return;
+    }
+    const endTime = moment();
+    const durationMs = endTime.diff(startTime);
+    const { alertsContextCount, attackDiscoveries } = getDataFromJSON(rawAttackDiscoveries);
+    const updateProps = {
+      alertsContextCount,
+      attackDiscoveries,
+      status: attackDiscoveryStatus.succeeded,
+      ...(alertsContextCount === 0 || attackDiscoveries === 0
+        ? {}
+        : {
+            generationIntervals: addGenerationInterval(currentAd.generationIntervals, {
+              durationMs,
+              date: new Date().toISOString(),
+            }),
+          }),
+      id: attackDiscoveryId,
+      replacements: latestReplacements,
+      backingIndex: currentAd.backingIndex,
+    };
+
+    await dataClient.updateAttackDiscovery({
+      attackDiscoveryUpdateProps: updateProps,
+      authenticatedUser,
+    });
+    telemetry.reportEvent(ATTACK_DISCOVERY_SUCCESS_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      alertsContextCount: updateProps.alertsContextCount,
+      alertsCount: uniq(
+        updateProps.attackDiscoveries.flatMap(
+          (attackDiscovery: AttackDiscovery) => attackDiscovery.alertIds
+        )
+      ).length,
+      configuredAlertsCount: size,
+      discoveriesGenerated: updateProps.attackDiscoveries.length,
+      durationMs,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  } catch (updateErr) {
+    logger.error(updateErr);
+    const updateError = transformError(updateErr);
+    telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: updateError.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  }
+};
+
+export const handleToolError = async ({
+  apiConfig,
+  attackDiscoveryId,
+  authenticatedUser,
+  dataClient,
+  err,
+  latestReplacements,
+  logger,
+  telemetry,
+}: {
+  apiConfig: ApiConfig;
+  attackDiscoveryId: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: AttackDiscoveryDataClient;
+  err: Error;
+  latestReplacements: Replacements;
+  logger: Logger;
+  telemetry: AnalyticsServiceSetup;
+}) => {
+  try {
+    logger.error(err);
+    const error = transformError(err);
+    const currentAd = await dataClient.getAttackDiscovery({
+      id: attackDiscoveryId,
+      authenticatedUser,
+    });
+
+    if (currentAd === null || currentAd?.status === 'canceled') {
+      return;
+    }
+    await dataClient.updateAttackDiscovery({
+      attackDiscoveryUpdateProps: {
+        attackDiscoveries: [],
+        status: attackDiscoveryStatus.failed,
+        id: attackDiscoveryId,
+        replacements: latestReplacements,
+        backingIndex: currentAd.backingIndex,
+        failureReason: error.message,
+      },
+      authenticatedUser,
+    });
+    telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: error.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  } catch (updateErr) {
+    const updateError = transformError(updateErr);
+    telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: updateError.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  }
+};
+
+export const getAssistantTool = (getRegisteredTools: GetRegisteredTools, pluginName: string) => {
+  // get the attack discovery tool:
+  const assistantTools = getRegisteredTools(pluginName);
+  return assistantTools.find((tool) => tool.id === 'attack-discovery');
+};
+
+export const updateAttackDiscoveryLastViewedAt = async ({
+  connectorId,
+  authenticatedUser,
+  dataClient,
+}: {
+  connectorId: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: AttackDiscoveryDataClient;
+}): Promise<AttackDiscoveryResponse | null> => {
+  const attackDiscovery = await dataClient.findAttackDiscoveryByConnectorId({
+    connectorId,
+    authenticatedUser,
+  });
+
+  if (attackDiscovery == null) {
+    return null;
+  }
+
+  // update lastViewedAt time as this is the function used for polling by connectorId
+  return dataClient.updateAttackDiscovery({
+    attackDiscoveryUpdateProps: {
+      id: attackDiscovery.id,
+      lastViewedAt: new Date().toISOString(),
+      backingIndex: attackDiscovery.backingIndex,
+    },
+    authenticatedUser,
+  });
+};
+
+export const getAttackDiscoveryStats = async ({
+  authenticatedUser,
+  dataClient,
+}: {
+  authenticatedUser: AuthenticatedUser;
+  dataClient: AttackDiscoveryDataClient;
+}): Promise<AttackDiscoveryStat[]> => {
+  const attackDiscoveries = await dataClient.findAllAttackDiscoveries({
+    authenticatedUser,
+  });
+
+  return attackDiscoveries.map((ad) => {
+    const updatedAt = moment(ad.updatedAt);
+    const lastViewedAt = moment(ad.lastViewedAt);
+    const timeSinceLastViewed = updatedAt.diff(lastViewedAt);
+    const hasViewed = timeSinceLastViewed <= 0;
+    const discoveryCount = ad.attackDiscoveries.length;
+    return {
+      hasViewed,
+      status: ad.status,
+      count: discoveryCount,
+      connectorId: ad.apiConfig.connectorId,
+    };
+  });
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts
new file mode 100644
index 0000000000000..9ecfb5c2af333
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts
@@ -0,0 +1,142 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser } from '@kbn/core-security-common';
+import { postAttackDiscoveryRoute } from './post_attack_discovery';
+import { serverMock } from '../../__mocks__/server';
+import { requestContextMock } from '../../__mocks__/request_context';
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery';
+import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms';
+import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock';
+import { postAttackDiscoveryRequest } from '../../__mocks__/request';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+import { AttackDiscoveryPostRequestBody } from '@kbn/elastic-assistant-common';
+import {
+  getAssistantTool,
+  getAssistantToolParams,
+  updateAttackDiscoveryStatusToRunning,
+} from './helpers';
+jest.mock('./helpers');
+
+const { clients, context } = requestContextMock.createTools();
+const server: ReturnType<typeof serverMock.create> = serverMock.create();
+clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+const mockUser = {
+  username: 'my_username',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const findAttackDiscoveryByConnectorId = jest.fn();
+const mockDataClient = {
+  findAttackDiscoveryByConnectorId,
+  updateAttackDiscovery: jest.fn(),
+  createAttackDiscovery: jest.fn(),
+  getAttackDiscovery: jest.fn(),
+} as unknown as AttackDiscoveryDataClient;
+const mockApiConfig = {
+  connectorId: 'connector-id',
+  actionTypeId: '.bedrock',
+  model: 'model',
+  provider: OpenAiProviderType.OpenAi,
+};
+const mockRequestBody: AttackDiscoveryPostRequestBody = {
+  subAction: 'invokeAI',
+  apiConfig: mockApiConfig,
+  alertsIndexPattern: 'alerts-*',
+  anonymizationFields: [],
+  replacements: {},
+  model: 'gpt-4',
+  size: 20,
+  langSmithProject: 'langSmithProject',
+  langSmithApiKey: 'langSmithApiKey',
+};
+const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0];
+const runningAd = {
+  ...mockCurrentAd,
+  status: 'running',
+};
+describe('postAttackDiscoveryRoute', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient);
+    postAttackDiscoveryRoute(server.router);
+    findAttackDiscoveryByConnectorId.mockResolvedValue(mockCurrentAd);
+    (getAssistantTool as jest.Mock).mockReturnValue({ getTool: jest.fn() });
+    (getAssistantToolParams as jest.Mock).mockReturnValue({ tool: 'tool' });
+    (updateAttackDiscoveryStatusToRunning as jest.Mock).mockResolvedValue({
+      currentAd: runningAd,
+      attackDiscoveryId: mockCurrentAd.id,
+    });
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      postAttackDiscoveryRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual(runningAd);
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValue(null);
+    const response = await server.inject(
+      postAttackDiscoveryRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null);
+    const response = await server.inject(
+      postAttackDiscoveryRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Attack discovery data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle assistantTool null response', async () => {
+    (getAssistantTool as jest.Mock).mockReturnValue(null);
+    const response = await server.inject(
+      postAttackDiscoveryRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(404);
+  });
+
+  it('should handle updateAttackDiscoveryStatusToRunning error', async () => {
+    (updateAttackDiscoveryStatusToRunning as jest.Mock).mockRejectedValue(new Error('Oh no!'));
+    const response = await server.inject(
+      postAttackDiscoveryRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts
index 7859d635ccb30..8ff2cd72ee36c 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts
@@ -14,15 +14,19 @@ import {
   Replacements,
 } from '@kbn/elastic-assistant-common';
 import { transformError } from '@kbn/securitysolution-es-utils';
-import { ActionsClientLlm } from '@kbn/langchain/server';
 
+import moment from 'moment/moment';
 import { ATTACK_DISCOVERY } from '../../../common/constants';
-import { getAssistantToolParams } from './helpers';
+import {
+  getAssistantTool,
+  getAssistantToolParams,
+  handleToolError,
+  updateAttackDiscoveries,
+  updateAttackDiscoveryStatusToRunning,
+} from './helpers';
 import { DEFAULT_PLUGIN_NAME, getPluginNameFromRequest } from '../helpers';
-import { getLangSmithTracer } from '../evaluate/utils';
 import { buildResponse } from '../../lib/build_response';
 import { ElasticAssistantRequestHandlerContext } from '../../types';
-import { getLlmType } from '../utils';
 
 const ROUTE_HANDLER_TIMEOUT = 10 * 60 * 1000; // 10 * 60 seconds = 10 minutes
 const LANG_CHAIN_TIMEOUT = ROUTE_HANDLER_TIMEOUT - 10_000; // 9 minutes 50 seconds
@@ -57,13 +61,29 @@ export const postAttackDiscoveryRoute = (
         },
       },
       async (context, request, response): Promise<IKibanaResponse<AttackDiscoveryPostResponse>> => {
+        const startTime = moment(); // start timing the generation
         const resp = buildResponse(response);
         const assistantContext = await context.elasticAssistant;
         const logger: Logger = assistantContext.logger;
+        const telemetry = assistantContext.telemetry;
 
         try {
           // get the actions plugin start contract from the request context:
           const actions = (await context.elasticAssistant).actions;
+          const dataClient = await assistantContext.getAttackDiscoveryDataClient();
+          const authenticatedUser = assistantContext.getCurrentUser();
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Attack discovery data client not initialized`,
+              statusCode: 500,
+            });
+          }
           const pluginName = getPluginNameFromRequest({
             request,
             defaultPluginName: DEFAULT_PLUGIN_NAME,
@@ -72,9 +92,8 @@ export const postAttackDiscoveryRoute = (
 
           // get parameters from the request body
           const alertsIndexPattern = decodeURIComponent(request.body.alertsIndexPattern);
-          const connectorId = decodeURIComponent(request.body.connectorId);
           const {
-            actionTypeId,
+            apiConfig,
             anonymizationFields,
             langSmithApiKey,
             langSmithProject,
@@ -91,42 +110,26 @@ export const postAttackDiscoveryRoute = (
             latestReplacements = { ...latestReplacements, ...newReplacements };
           };
 
-          // get the attack discovery tool:
-          const assistantTools = (await context.elasticAssistant).getRegisteredTools(pluginName);
-          const assistantTool = assistantTools.find((tool) => tool.id === 'attack-discovery');
+          const assistantTool = getAssistantTool(
+            (await context.elasticAssistant).getRegisteredTools,
+            pluginName
+          );
+
           if (!assistantTool) {
             return response.notFound(); // attack discovery tool not found
           }
 
-          const traceOptions = {
-            projectName: langSmithProject,
-            tracers: [
-              ...getLangSmithTracer({
-                apiKey: langSmithApiKey,
-                projectName: langSmithProject,
-                logger,
-              }),
-            ],
-          };
-
-          const llm = new ActionsClientLlm({
-            actions,
-            connectorId,
-            llmType: getLlmType(actionTypeId),
-            logger,
-            request,
-            temperature: 0, // zero temperature for attack discovery, because we want structured JSON output
-            timeout: CONNECTOR_TIMEOUT,
-            traceOptions,
-          });
-
           const assistantToolParams = getAssistantToolParams({
+            actions,
             alertsIndexPattern,
             anonymizationFields,
+            apiConfig,
             esClient,
             latestReplacements,
+            connectorTimeout: CONNECTOR_TIMEOUT,
             langChainTimeout: LANG_CHAIN_TIMEOUT,
-            llm,
+            langSmithProject,
+            langSmithApiKey,
             logger,
             onNewReplacements,
             request,
@@ -135,23 +138,44 @@ export const postAttackDiscoveryRoute = (
 
           // invoke the attack discovery tool:
           const toolInstance = assistantTool.getTool(assistantToolParams);
-          const rawAttackDiscoveries = await toolInstance?.invoke('');
-          if (rawAttackDiscoveries == null) {
-            return response.customError({
-              body: { message: 'tool returned no attack discoveries' },
-              statusCode: 500,
-            });
-          }
 
-          const { alertsContextCount, attackDiscoveries } = JSON.parse(rawAttackDiscoveries);
+          const { currentAd, attackDiscoveryId } = await updateAttackDiscoveryStatusToRunning(
+            dataClient,
+            authenticatedUser,
+            apiConfig
+          );
+
+          toolInstance
+            ?.invoke('')
+            .then((rawAttackDiscoveries: string) =>
+              updateAttackDiscoveries({
+                apiConfig,
+                attackDiscoveryId,
+                authenticatedUser,
+                dataClient,
+                latestReplacements,
+                logger,
+                rawAttackDiscoveries,
+                size,
+                startTime,
+                telemetry,
+              })
+            )
+            .catch((err) =>
+              handleToolError({
+                apiConfig,
+                attackDiscoveryId,
+                authenticatedUser,
+                dataClient,
+                err,
+                latestReplacements,
+                logger,
+                telemetry,
+              })
+            );
 
           return response.ok({
-            body: {
-              alertsContextCount,
-              attackDiscoveries,
-              connector_id: connectorId,
-              replacements: latestReplacements,
-            },
+            body: currentAd,
           });
         } catch (err) {
           logger.error(err);
diff --git a/x-pack/plugins/elastic_assistant/server/routes/index.ts b/x-pack/plugins/elastic_assistant/server/routes/index.ts
index 352b91624f7fb..43e1229250f46 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/index.ts
@@ -10,6 +10,7 @@ export { postActionsConnectorExecuteRoute } from './post_actions_connector_execu
 
 // Attack Discovery
 export { postAttackDiscoveryRoute } from './attack_discovery/post_attack_discovery';
+export { getAttackDiscoveryRoute } from './attack_discovery/get_attack_discovery';
 
 // Knowledge Base
 export { deleteKnowledgeBaseRoute } from './knowledge_base/delete_knowledge_base';
diff --git a/x-pack/plugins/elastic_assistant/server/routes/prompts/bulk_actions_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/prompts/bulk_actions_route.test.ts
index 9d5ba91abdaf4..3ae236f12902f 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/prompts/bulk_actions_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/prompts/bulk_actions_route.test.ts
@@ -11,7 +11,7 @@ import { requestContextMock } from '../../__mocks__/request_context';
 import { getPromptsBulkActionRequest, requestMock } from '../../__mocks__/request';
 import { ELASTIC_AI_ASSISTANT_PROMPTS_URL_BULK_ACTION } from '@kbn/elastic-assistant-common';
 import { getEmptyFindResult, getFindPromptsResultWithSingleHit } from '../../__mocks__/response';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 import { bulkPromptsRoute } from './bulk_actions_route';
 import {
   getCreatePromptSchemaMock,
diff --git a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
index 374b32d6cceb5..f4da7f9f1803a 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
@@ -7,6 +7,8 @@
 
 import type { Logger } from '@kbn/core/server';
 
+import { cancelAttackDiscoveryRoute } from './attack_discovery/cancel_attack_discovery';
+import { getAttackDiscoveryRoute } from './attack_discovery/get_attack_discovery';
 import { postAttackDiscoveryRoute } from './attack_discovery/post_attack_discovery';
 import { ElasticAssistantPluginRouter, GetElser } from '../types';
 import { createConversationRoute } from './user_conversations/create_route';
@@ -78,5 +80,7 @@ export const registerRoutes = (
   findAnonymizationFieldsRoute(router, logger);
 
   // Attack Discovery
+  getAttackDiscoveryRoute(router);
   postAttackDiscoveryRoute(router);
+  cancelAttackDiscoveryRoute(router);
 };
diff --git a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
index 0a0864882df16..75b05dced83ec 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
@@ -56,7 +56,7 @@ export class RequestContextFactory implements IRequestContextFactory {
     const getSpaceId = (): string =>
       startPlugins.spaces?.spacesService?.getSpaceId(request) || DEFAULT_NAMESPACE_STRING;
 
-    const getCurrentUser = () => startPlugins.security?.authc.getCurrentUser(request);
+    const getCurrentUser = () => coreContext.security.authc.getCurrentUser();
 
     return {
       core: coreContext,
@@ -93,6 +93,15 @@ export class RequestContextFactory implements IRequestContextFactory {
         });
       }),
 
+      getAttackDiscoveryDataClient: memoize(() => {
+        const currentUser = getCurrentUser();
+        return this.assistantService.createAttackDiscoveryDataClient({
+          spaceId: getSpaceId(),
+          logger: this.logger,
+          currentUser,
+        });
+      }),
+
       getAIAssistantPromptsDataClient: memoize(() => {
         const currentUser = getCurrentUser();
         return this.assistantService.createAIAssistantPromptsDataClient({
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/append_conversation_messages_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/append_conversation_messages_route.test.ts
index 3fbb83534b1dd..39c25ac6749e9 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/append_conversation_messages_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/append_conversation_messages_route.test.ts
@@ -15,7 +15,7 @@ import {
   getUpdateConversationSchemaMock,
 } from '../../__mocks__/conversations_schema.mock';
 import { appendConversationMessageRoute } from './append_conversation_messages_route';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Append conversation messages route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/bulk_actions_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/bulk_actions_route.test.ts
index 09247b1c47cb4..582651b4cdc9b 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/bulk_actions_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/bulk_actions_route.test.ts
@@ -21,7 +21,7 @@ import {
   getPerformBulkActionSchemaMock,
   getUpdateConversationSchemaMock,
 } from '../../__mocks__/conversations_schema.mock';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Perform bulk action route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts
index 5b2737436fa8c..0659b8d43a38f 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts
@@ -17,7 +17,7 @@ import {
   getQueryConversationParams,
 } from '../../__mocks__/conversations_schema.mock';
 import { ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Create conversation route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/delete_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/delete_route.test.ts
index 4204a7e51ef9d..128a380c9221a 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/delete_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/delete_route.test.ts
@@ -15,7 +15,7 @@ import {
   getConversationMock,
   getQueryConversationParams,
 } from '../../__mocks__/conversations_schema.mock';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Delete conversation route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.test.ts
index 36dd3045b9d23..d2ea1bb5936d3 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.test.ts
@@ -14,7 +14,7 @@ import {
   getQueryConversationParams,
 } from '../../__mocks__/conversations_schema.mock';
 import { ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BY_ID } from '@kbn/elastic-assistant-common';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Read conversation route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.test.ts
index 6b1f41c46c1bf..dd3b7bf1e577d 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.test.ts
@@ -14,7 +14,7 @@ import {
   getUpdateConversationSchemaMock,
 } from '../../__mocks__/conversations_schema.mock';
 import { updateConversationRoute } from './update_route';
-import { AuthenticatedUser } from '@kbn/security-plugin-types-common';
+import { AuthenticatedUser } from '@kbn/core-security-common';
 
 describe('Update conversation route', () => {
   let server: ReturnType<typeof serverMock.create>;
diff --git a/x-pack/plugins/elastic_assistant/server/types.ts b/x-pack/plugins/elastic_assistant/server/types.ts
index f12bacde983df..10bd2a3fe62c6 100755
--- a/x-pack/plugins/elastic_assistant/server/types.ts
+++ b/x-pack/plugins/elastic_assistant/server/types.ts
@@ -10,6 +10,7 @@ import type {
   PluginStartContract as ActionsPluginStart,
 } from '@kbn/actions-plugin/server';
 import type {
+  AuthenticatedUser,
   CoreRequestHandlerContext,
   CoreSetup,
   AnalyticsServiceSetup,
@@ -17,12 +18,12 @@ import type {
   IRouter,
   KibanaRequest,
   Logger,
+  SecurityServiceStart,
 } from '@kbn/core/server';
 import { type MlPluginSetup } from '@kbn/ml-plugin/server';
 import { DynamicStructuredTool, Tool } from '@langchain/core/tools';
 import { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/server';
 import { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server';
-import { AuthenticatedUser, SecurityPluginStart } from '@kbn/security-plugin/server';
 import { RetrievalQAChain } from 'langchain/chains';
 import { ElasticsearchClient } from '@kbn/core/server';
 import {
@@ -39,6 +40,7 @@ import {
   ActionsClientSimpleChatModel,
 } from '@kbn/langchain/server';
 
+import { AttackDiscoveryDataClient } from './ai_assistant_data_clients/attack_discovery';
 import { AIAssistantConversationsDataClient } from './ai_assistant_data_clients/conversations';
 import type { GetRegisteredFeatures, GetRegisteredTools } from './services/app_context';
 import { AIAssistantDataClient } from './ai_assistant_data_clients';
@@ -98,7 +100,7 @@ export interface ElasticAssistantPluginSetupDependencies {
 export interface ElasticAssistantPluginStartDependencies {
   actions: ActionsPluginStart;
   spaces?: SpacesPluginStart;
-  security: SecurityPluginStart;
+  security: SecurityServiceStart;
 }
 
 export interface ElasticAssistantApiRequestHandlerContext {
@@ -114,6 +116,7 @@ export interface ElasticAssistantApiRequestHandlerContext {
   getAIAssistantKnowledgeBaseDataClient: (
     initializeKnowledgeBase: boolean
   ) => Promise<AIAssistantKnowledgeBaseDataClient | null>;
+  getAttackDiscoveryDataClient: () => Promise<AttackDiscoveryDataClient | null>;
   getAIAssistantPromptsDataClient: () => Promise<AIAssistantDataClient | null>;
   getAIAssistantAnonymizationFieldsDataClient: () => Promise<AIAssistantDataClient | null>;
   telemetry: AnalyticsServiceSetup;
@@ -148,24 +151,28 @@ export interface AssistantResourceNames {
     knowledgeBase: string;
     prompts: string;
     anonymizationFields: string;
+    attackDiscovery: string;
   };
   indexTemplate: {
     conversations: string;
     knowledgeBase: string;
     prompts: string;
     anonymizationFields: string;
+    attackDiscovery: string;
   };
   aliases: {
     conversations: string;
     knowledgeBase: string;
     prompts: string;
     anonymizationFields: string;
+    attackDiscovery: string;
   };
   indexPatterns: {
     conversations: string;
     knowledgeBase: string;
     prompts: string;
     anonymizationFields: string;
+    attackDiscovery: string;
   };
   pipelines: {
     knowledgeBase: string;
diff --git a/x-pack/plugins/elastic_assistant/tsconfig.json b/x-pack/plugins/elastic_assistant/tsconfig.json
index dde693653c04c..8f546d6e5fe01 100644
--- a/x-pack/plugins/elastic_assistant/tsconfig.json
+++ b/x-pack/plugins/elastic_assistant/tsconfig.json
@@ -34,18 +34,18 @@
     "@kbn/core-saved-objects-utils-server",
     "@kbn/core-elasticsearch-client-server-mocks",
     "@kbn/task-manager-plugin",
-    "@kbn/security-plugin",
     "@kbn/es-query",
     "@kbn/es-types",
     "@kbn/config-schema",
     "@kbn/spaces-plugin",
-    "@kbn/security-plugin-types-common",
     "@kbn/ml-response-stream",
     "@kbn/data-plugin",
     "@kbn/i18n",
     "@kbn/core-security-common",
     "@kbn/core-saved-objects-api-server",
     "@kbn/langchain",
+    "@kbn/stack-connectors-plugin",
+    "@kbn/security-plugin",
   ],
   "exclude": [
     "target/**/*",
diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx
index c20bd34876338..e3f604f23dbb9 100644
--- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ApiKey } from '@kbn/security-plugin/common';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 
 import { createApiLogic } from '../../shared/api_logic/create_api_logic';
 import { HttpLogic } from '../../shared/http';
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx
index da934fb654a3f..675cd34d23e03 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx
@@ -26,7 +26,7 @@ import {
   CloudDetailsPanel,
 } from '@kbn/search-api-panels';
 
-import { ApiKey } from '@kbn/security-plugin/common';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 
 import { PLUGIN_ID } from '../../../../common/constants';
 import { KibanaDeps } from '../../../../common/types';
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx
index 987e6fa4232d0..ff271a3a3d79e 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx
@@ -20,7 +20,7 @@ import {
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import { ApiKey } from '@kbn/security-plugin/common';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 
 import { KibanaLogic } from '../../kibana';
 
@@ -61,6 +61,7 @@ export const ApiKeyPanelContent: React.FC<ApiKeyPanelContent> = ({ apiKeys, open
               <EuiFlexGroup direction="row" gutterSize="s">
                 <EuiFlexItem grow={false}>
                   <EuiButton
+                    data-test-subj="enterpriseSearchApiKeyPanelContentButton"
                     key="viewApiKeys"
                     iconType="plusInCircle"
                     onClick={openApiKeyModal}
@@ -78,6 +79,7 @@ export const ApiKeyPanelContent: React.FC<ApiKeyPanelContent> = ({ apiKeys, open
                 </EuiFlexItem>
                 <EuiFlexItem grow={false}>
                   <EuiButton
+                    data-test-subj="enterpriseSearchApiKeyPanelContentButton"
                     key="viewApiKeys"
                     iconType="popout"
                     iconSide="right"
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/credential_item/credential_item.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/credential_item/credential_item.test.tsx
index 19e700b4cb421..146c0484ba720 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/credential_item/credential_item.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/credential_item/credential_item.test.tsx
@@ -61,8 +61,7 @@ describe('CredentialItem', () => {
       preventDefault: jest.fn(),
     };
 
-    const input = wrapper.find(EuiFieldText).dive().find('input');
-    input.simulate('click', simulatedEvent);
+    wrapper.find(EuiFieldText).simulate('click', simulatedEvent);
 
     expect(simulatedEvent.currentTarget.select).toHaveBeenCalled();
   });
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/source_config_fields/source_config_fields.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/source_config_fields/source_config_fields.test.tsx
index a9e747a10a1b3..3e221af61c385 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/source_config_fields/source_config_fields.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/shared/source_config_fields/source_config_fields.test.tsx
@@ -60,11 +60,9 @@ describe('SourceConfigFields', () => {
       preventDefault: jest.fn(),
     };
 
-    const input = wrapper
+    wrapper
       .find('[data-test-subj="external-connector-url-input"]')
-      .dive()
-      .find('input');
-    input.simulate('click', simulatedEvent);
+      .simulate('click', simulatedEvent);
 
     expect(simulatedEvent.currentTarget.select).toHaveBeenCalled();
   });
diff --git a/x-pack/plugins/enterprise_search/server/lib/crawler/fetch_crawlers.ts b/x-pack/plugins/enterprise_search/server/lib/crawler/fetch_crawlers.ts
index b4766cf0d9d4b..519ddb60539ad 100644
--- a/x-pack/plugins/enterprise_search/server/lib/crawler/fetch_crawlers.ts
+++ b/x-pack/plugins/enterprise_search/server/lib/crawler/fetch_crawlers.ts
@@ -111,6 +111,6 @@ export const fetchCrawlerDocumentIdByIndexName = async (
     query: { term: { index_name: indexName } },
     _source: '_id',
   });
-  const crawlerId = crawlerResult.hits.hits[0]?._id;
+  const crawlerId = crawlerResult.hits.hits[0]?._id!;
   return crawlerId;
 };
diff --git a/x-pack/plugins/enterprise_search/server/lib/stats/get_sync_jobs.ts b/x-pack/plugins/enterprise_search/server/lib/stats/get_sync_jobs.ts
index ffa8d7ab1892f..f0d0016158207 100644
--- a/x-pack/plugins/enterprise_search/server/lib/stats/get_sync_jobs.ts
+++ b/x-pack/plugins/enterprise_search/server/lib/stats/get_sync_jobs.ts
@@ -31,7 +31,7 @@ export const fetchSyncJobsStats = async (
       scroll: '10s',
       stored_fields: [],
     });
-    const ids = connectorIdsResult.hits.hits.map((hit) => hit._id);
+    const ids = connectorIdsResult.hits.hits.map((hit) => hit._id!);
     const orphanedJobsCountResponse = await client.asCurrentUser.count({
       index: CONNECTORS_JOBS_INDEX,
       query: getOrphanedJobsCountQuery(ids, isCrawler),
diff --git a/x-pack/plugins/enterprise_search/tsconfig.json b/x-pack/plugins/enterprise_search/tsconfig.json
index a6bb797de5eb1..86cf6c3968005 100644
--- a/x-pack/plugins/enterprise_search/tsconfig.json
+++ b/x-pack/plugins/enterprise_search/tsconfig.json
@@ -80,6 +80,7 @@
     "@kbn/try-in-console",
     "@kbn/core-chrome-browser",
     "@kbn/navigation-plugin",
-    "@kbn/search-homepage"
+    "@kbn/search-homepage",
+    "@kbn/security-plugin-types-common"
   ]
 }
diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts
index ee775ff1dbdd8..2f32d66f4ec74 100644
--- a/x-pack/plugins/fleet/common/constants/routes.ts
+++ b/x-pack/plugins/fleet/common/constants/routes.ts
@@ -36,6 +36,8 @@ export const EPM_API_ROUTES = {
   INSTALL_BY_UPLOAD_PATTERN: EPM_PACKAGES_MANY,
   CUSTOM_INTEGRATIONS_PATTERN: `${EPM_API_ROOT}/custom_integrations`,
   DELETE_PATTERN: EPM_PACKAGES_ONE,
+  INSTALL_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`,
+  DELETE_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`,
   FILEPATH_PATTERN: `${EPM_PACKAGES_ONE}/{filePath*}`,
   CATEGORIES_PATTERN: `${EPM_API_ROOT}/categories`,
   VERIFICATION_KEY_ID: `${EPM_API_ROOT}/verification_key_id`,
@@ -210,6 +212,14 @@ export const DOWNLOAD_SOURCE_API_ROUTES = {
   DELETE_PATTERN: `${API_ROOT}/agent_download_sources/{sourceId}`,
 };
 
+// Fleet debug routes
+
+export const FLEET_DEBUG_ROUTES = {
+  INDEX_PATTERN: `${INTERNAL_ROOT}/debug/index`,
+  SAVED_OBJECTS_PATTERN: `${INTERNAL_ROOT}/debug/saved_objects`,
+  SAVED_OBJECT_NAMES_PATTERN: `${INTERNAL_ROOT}/debug/saved_object_names`,
+};
+
 // API versioning constants
 export const API_VERSIONS = {
   public: {
diff --git a/x-pack/plugins/fleet/common/experimental_features.ts b/x-pack/plugins/fleet/common/experimental_features.ts
index 6233ef5f820cf..5e8679e555908 100644
--- a/x-pack/plugins/fleet/common/experimental_features.ts
+++ b/x-pack/plugins/fleet/common/experimental_features.ts
@@ -7,11 +7,7 @@
 
 export type ExperimentalFeatures = typeof allowedExperimentalValues;
 
-/**
- * A list of allowed values that can be used in `xpack.fleet.enableExperimental`.
- * This object is then used to validate and parse the value entered.
- */
-export const allowedExperimentalValues = Object.freeze<Record<string, boolean>>({
+const _allowedExperimentalValues = {
   createPackagePolicyMultiPageLayout: true,
   packageVerification: true,
   showDevtoolsRequest: true,
@@ -32,9 +28,18 @@ export const allowedExperimentalValues = Object.freeze<Record<string, boolean>>(
   advancedPolicySettings: true,
   useSpaceAwareness: false,
   enableReusableIntegrationPolicies: false,
-});
+};
+
+/**
+ * A list of allowed values that can be used in `xpack.fleet.enableExperimental`.
+ * This object is then used to validate and parse the value entered.
+ */
+export const allowedExperimentalValues = Object.freeze<
+  Record<keyof typeof _allowedExperimentalValues, boolean>
+>({ ..._allowedExperimentalValues });
 
-type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
+type ExperimentalConfigKey = keyof ExperimentalFeatures;
+type ExperimentalConfigKeys = ExperimentalConfigKey[];
 type Mutable<T> = { -readonly [P in keyof T]: T[P] };
 
 const allowedKeys = Object.keys(allowedExperimentalValues) as Readonly<ExperimentalConfigKeys>;
@@ -46,7 +51,7 @@ const allowedKeys = Object.keys(allowedExperimentalValues) as Readonly<Experimen
  * @param configValue
  */
 export const parseExperimentalConfigValue = (configValue: string[]): ExperimentalFeatures => {
-  const enabledFeatures: Mutable<ExperimentalFeatures> = {};
+  const enabledFeatures: Mutable<ExperimentalFeatures> = { ...allowedExperimentalValues };
 
   for (const value of configValue) {
     if (isValidExperimentalValue(value)) {
@@ -60,8 +65,8 @@ export const parseExperimentalConfigValue = (configValue: string[]): Experimenta
   };
 };
 
-export const isValidExperimentalValue = (value: string) => {
-  return allowedKeys.includes(value);
+export const isValidExperimentalValue = (value: string): value is ExperimentalConfigKey => {
+  return (allowedKeys as string[]).includes(value);
 };
 
 export const getExperimentalAllowedValues = (): string[] => [...allowedKeys];
diff --git a/x-pack/plugins/fleet/common/services/agent_policies_helper.test.ts b/x-pack/plugins/fleet/common/services/agent_policies_helper.test.ts
new file mode 100644
index 0000000000000..ded9ae843ad64
--- /dev/null
+++ b/x-pack/plugins/fleet/common/services/agent_policies_helper.test.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AgentPolicy } from '../types';
+
+import { getInheritedNamespace } from './agent_policies_helpers';
+
+describe('getInheritedNamespace', () => {
+  const agentPolicy: AgentPolicy[] = [
+    {
+      id: 'agent-policy-1',
+      namespace: 'testnamespace',
+      name: 'Agent policy 1',
+      is_managed: false,
+      status: 'active',
+      updated_at: '',
+      updated_by: '',
+      revision: 1,
+      package_policies: [],
+      is_protected: false,
+    },
+  ];
+  const agentPolicies: AgentPolicy[] = [
+    {
+      id: 'agent-policy-1',
+      namespace: 'testnamespace',
+      name: 'Agent policy 1',
+      is_managed: false,
+      status: 'active',
+      updated_at: '',
+      updated_by: '',
+      revision: 1,
+      package_policies: [],
+      is_protected: false,
+    },
+    {
+      id: 'agent-policy-2',
+      namespace: 'default',
+      name: 'Agent policy 2',
+      is_managed: false,
+      status: 'active',
+      updated_at: '',
+      updated_by: '',
+      revision: 1,
+      package_policies: [],
+      is_protected: false,
+    },
+  ];
+  it('should return the policy namespace when there is only one agent policy', () => {
+    expect(getInheritedNamespace(agentPolicy)).toEqual('testnamespace');
+  });
+
+  it('should return default namespace when there is are multiple agent policies', () => {
+    expect(getInheritedNamespace(agentPolicies)).toEqual('default');
+  });
+
+  it('should return default namespace when there are no agent policies', () => {
+    expect(getInheritedNamespace([])).toEqual('default');
+  });
+});
diff --git a/x-pack/plugins/fleet/common/services/agent_policies_helpers.ts b/x-pack/plugins/fleet/common/services/agent_policies_helpers.ts
index 7f04a5040f0b4..7260e389e14fb 100644
--- a/x-pack/plugins/fleet/common/services/agent_policies_helpers.ts
+++ b/x-pack/plugins/fleet/common/services/agent_policies_helpers.ts
@@ -44,3 +44,10 @@ function policyHasIntegration(agentPolicy: AgentPolicy, packageName: string) {
 
   return agentPolicy.package_policies?.some((p) => p.package?.name === packageName);
 }
+
+export function getInheritedNamespace(agentPolicies: AgentPolicy[]): string {
+  if (agentPolicies.length === 1) {
+    return agentPolicies[0].namespace;
+  }
+  return 'default';
+}
diff --git a/x-pack/plugins/fleet/common/services/index.ts b/x-pack/plugins/fleet/common/services/index.ts
index db7cb41d5fea0..099e2487438e1 100644
--- a/x-pack/plugins/fleet/common/services/index.ts
+++ b/x-pack/plugins/fleet/common/services/index.ts
@@ -73,6 +73,7 @@ export {
   policyHasAPMIntegration,
   policyHasEndpointSecurity,
   policyHasSyntheticsIntegration,
+  getInheritedNamespace,
 } from './agent_policies_helpers';
 
 export {
diff --git a/x-pack/plugins/fleet/common/services/routes.ts b/x-pack/plugins/fleet/common/services/routes.ts
index 76b963949699a..decef8fe628d5 100644
--- a/x-pack/plugins/fleet/common/services/routes.ts
+++ b/x-pack/plugins/fleet/common/services/routes.ts
@@ -24,6 +24,7 @@ import {
   FLEET_SERVER_HOST_API_ROUTES,
   FLEET_PROXY_API_ROUTES,
   UNINSTALL_TOKEN_ROUTES,
+  FLEET_DEBUG_ROUTES,
 } from '../constants';
 
 export const epmRouteService = {
@@ -78,6 +79,12 @@ export const epmRouteService = {
       .replace(/\/$/, ''); // trim trailing slash
   },
 
+  getInstallKibanaAssetsPath: (pkgName: string, pkgVersion: string) => {
+    return EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN.replace('{pkgName}', pkgName)
+      .replace('{pkgVersion}', pkgVersion)
+      .replace(/\/$/, ''); // trim trailing slash
+  },
+
   getUpdatePath: (pkgName: string, pkgVersion: string) => {
     return EPM_API_ROUTES.INFO_PATTERN.replace('{pkgName}', pkgName).replace(
       '{pkgVersion}',
@@ -316,3 +323,9 @@ export const downloadSourceRoutesService = {
     DOWNLOAD_SOURCE_API_ROUTES.DELETE_PATTERN.replace('{sourceId}', downloadSourceId),
   getCreatePath: () => DOWNLOAD_SOURCE_API_ROUTES.CREATE_PATTERN,
 };
+
+export const debugRoutesService = {
+  getIndexPath: () => FLEET_DEBUG_ROUTES.INDEX_PATTERN,
+  getSavedObjectsPath: () => FLEET_DEBUG_ROUTES.SAVED_OBJECTS_PATTERN,
+  getSavedObjectNamesPath: () => FLEET_DEBUG_ROUTES.SAVED_OBJECT_NAMES_PATTERN,
+};
diff --git a/x-pack/plugins/fleet/common/types/index.ts b/x-pack/plugins/fleet/common/types/index.ts
index 61e2882849236..e0b6fe6c03e7e 100644
--- a/x-pack/plugins/fleet/common/types/index.ts
+++ b/x-pack/plugins/fleet/common/types/index.ts
@@ -30,6 +30,11 @@ export interface FleetConfigType {
       hosts?: string[];
     };
   };
+  agentless?: {
+    api: {
+      url: string;
+    };
+  };
   agentPolicies?: PreconfiguredAgentPolicy[];
   packages?: PreconfiguredPackage[];
   outputs?: PreconfiguredOutput[];
diff --git a/x-pack/plugins/fleet/common/types/models/epm.ts b/x-pack/plugins/fleet/common/types/models/epm.ts
index 5c5a48642cba8..06a8b979c8eb5 100644
--- a/x-pack/plugins/fleet/common/types/models/epm.ts
+++ b/x-pack/plugins/fleet/common/types/models/epm.ts
@@ -589,6 +589,7 @@ export interface StateContext<T> {
 
 export interface Installation {
   installed_kibana: KibanaAssetReference[];
+  additional_spaces_installed_kibana?: Record<string, KibanaAssetReference[]>;
   installed_es: EsAssetReference[];
   package_assets?: PackageAssetReference[];
   es_index_patterns: Record<string, string>;
@@ -649,6 +650,7 @@ export type AssetReference = KibanaAssetReference | EsAssetReference;
 
 export interface KibanaAssetReference {
   id: string;
+  originId?: string;
   type: KibanaSavedObjectType;
 }
 export interface EsAssetReference {
diff --git a/x-pack/plugins/fleet/cypress/e2e/integrations_mock.cy.ts b/x-pack/plugins/fleet/cypress/e2e/integrations_mock.cy.ts
index 1ff5702accae6..d8a9eea229ad8 100644
--- a/x-pack/plugins/fleet/cypress/e2e/integrations_mock.cy.ts
+++ b/x-pack/plugins/fleet/cypress/e2e/integrations_mock.cy.ts
@@ -102,6 +102,7 @@ describe('Add Integration - Mock API', () => {
         ],
       };
       cy.intercept('/api/fleet/agent_policies?*', { items: [agentPolicy] });
+      cy.intercept('/api/fleet/agent_policies/_bulk_get', { items: [agentPolicy] });
       cy.intercept('/api/fleet/agent_policies/policy-1', {
         item: agentPolicy,
       });
diff --git a/x-pack/plugins/fleet/cypress/e2e/package_policy.cy.ts b/x-pack/plugins/fleet/cypress/e2e/package_policy.cy.ts
index e53e8db78b51e..271d2ba7b871d 100644
--- a/x-pack/plugins/fleet/cypress/e2e/package_policy.cy.ts
+++ b/x-pack/plugins/fleet/cypress/e2e/package_policy.cy.ts
@@ -57,17 +57,19 @@ describe('Edit package policy', () => {
         hasErrors: false,
       },
     ]);
+    const agentPolicy = {
+      id: 'fleet-server-policy',
+      name: 'Fleet server policy 1',
+      description: '',
+      namespace: 'default',
+      monitoring_enabled: ['logs', 'metrics'],
+      status: 'active',
+      package_policies: [{ id: 'policy-1', name: 'fleet_server-1' }],
+    };
     cy.intercept('/api/fleet/agent_policies/fleet-server-policy', {
-      item: {
-        id: 'fleet-server-policy',
-        name: 'Fleet server policy 1',
-        description: '',
-        namespace: 'default',
-        monitoring_enabled: ['logs', 'metrics'],
-        status: 'active',
-        package_policies: [{ id: 'policy-1', name: 'fleet_server-1' }],
-      },
+      item: agentPolicy,
     });
+    cy.intercept('/api/fleet/agent_policies/_bulk_get', { items: [agentPolicy] });
     cy.intercept('/api/fleet/epm/packages/fleet_server*', {
       item: {
         name: 'fleet_server',
diff --git a/x-pack/plugins/fleet/kibana.jsonc b/x-pack/plugins/fleet/kibana.jsonc
index 3211a6a96ebbb..54b4a4928594c 100644
--- a/x-pack/plugins/fleet/kibana.jsonc
+++ b/x-pack/plugins/fleet/kibana.jsonc
@@ -37,6 +37,7 @@
       "ingestPipelines",
       "spaces",
       "guidedOnboarding",
+      "integrationAssistant",
     ],
     "requiredBundles": [
       "kibanaReact",
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx
index 99004b53ec349..48f391a4e545d 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx
@@ -20,6 +20,8 @@ import { FLEET_SERVER_PACKAGE } from '../../../constants';
 
 import { policyHasFleetServer, ExperimentalFeaturesService } from '../../../services';
 
+import { AgentUpgradeAgentModal } from '../../agents/components';
+
 import { AgentPolicyYamlFlyout } from './agent_policy_yaml_flyout';
 import { AgentPolicyCopyProvider } from './agent_policy_copy_provider';
 import { AgentPolicyDeleteProvider } from './agent_policy_delete_provider';
@@ -46,6 +48,7 @@ export const AgentPolicyActionMenu = memo<{
     );
     const [isUninstallCommandFlyoutOpen, setIsUninstallCommandFlyoutOpen] =
       useState<boolean>(false);
+    const [isUpgradeAgentsModalOpen, setIsUpgradeAgentsModalOpen] = useState<boolean>(false);
 
     const { agentTamperProtectionEnabled } = ExperimentalFeaturesService.get();
 
@@ -143,6 +146,7 @@ export const AgentPolicyActionMenu = memo<{
                 <AgentPolicyDeleteProvider
                   hasFleetServer={policyHasFleetServer(agentPolicy as AgentPolicy)}
                   key="deletePolicy"
+                  packagePolicies={agentPolicy.package_policies}
                 >
                   {(deleteAgentPolicyPrompt) => (
                     <EuiContextMenuItem
@@ -171,6 +175,24 @@ export const AgentPolicyActionMenu = memo<{
                 </AgentPolicyDeleteProvider>,
               ];
 
+          if (authz.fleet.allAgents && !agentPolicy?.is_managed) {
+            menuItems.push(
+              <EuiContextMenuItem
+                icon="refresh"
+                onClick={() => {
+                  setIsUpgradeAgentsModalOpen(true);
+                }}
+                key="upgradeAgents"
+                data-test-subj="agentPolicyActionMenuUpgradeAgentsButton"
+              >
+                <FormattedMessage
+                  id="xpack.fleet.agentPolicyActionMenu.upgradeAgentsActionText"
+                  defaultMessage="Upgrade agents on this policy"
+                />
+              </EuiContextMenuItem>
+            );
+          }
+
           if (authz.fleet.allAgents && agentTamperProtectionEnabled && !agentPolicy?.is_managed) {
             menuItems.push(
               <EuiContextMenuItem
@@ -205,6 +227,17 @@ export const AgentPolicyActionMenu = memo<{
                   <AgentEnrollmentFlyout agentPolicy={agentPolicy} onClose={onClose} />
                 </EuiPortal>
               )}
+              {isUpgradeAgentsModalOpen && (
+                <EuiPortal>
+                  <AgentUpgradeAgentModal
+                    agents={`policy_id: ${agentPolicy.id}`}
+                    agentCount={agentPolicy.agents || 0}
+                    onClose={() => {
+                      setIsUpgradeAgentsModalOpen(false);
+                    }}
+                  />
+                </EuiPortal>
+              )}
               {isUninstallCommandFlyoutOpen && (
                 <UninstallCommandFlyout
                   target="agent"
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_delete_provider.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_delete_provider.tsx
index 2a6fcf215075d..1177d29970b9d 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_delete_provider.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_delete_provider.tsx
@@ -5,14 +5,15 @@
  * 2.0.
  */
 
-import React, { Fragment, useRef, useState } from 'react';
-import { EuiConfirmModal, EuiCallOut } from '@elastic/eui';
+import React, { Fragment, useCallback, useMemo, useRef, useState } from 'react';
+import { EuiConfirmModal, EuiCallOut, EuiSpacer } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
 import { useHistory } from 'react-router-dom';
 
 import { SO_SEARCH_LIMIT } from '../../../../../constants';
+import { ExperimentalFeaturesService } from '../../../services';
 
 import {
   useStartServices,
@@ -22,9 +23,12 @@ import {
   sendGetAgents,
 } from '../../../hooks';
 
+import type { PackagePolicy } from '../../../types';
+
 interface Props {
   children: (deleteAgentPolicy: DeleteAgentPolicy) => React.ReactElement;
   hasFleetServer: boolean;
+  packagePolicies?: PackagePolicy[];
 }
 
 export type DeleteAgentPolicy = (agentPolicy: string, onSuccess?: OnSuccessCallback) => void;
@@ -34,6 +38,7 @@ type OnSuccessCallback = (agentPolicyDeleted: string) => void;
 export const AgentPolicyDeleteProvider: React.FunctionComponent<Props> = ({
   children,
   hasFleetServer,
+  packagePolicies,
 }) => {
   const { notifications } = useStartServices();
   const {
@@ -48,6 +53,7 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent<Props> = ({
   const { getPath } = useLink();
   const history = useHistory();
   const deleteAgentPolicyMutation = useDeleteAgentPolicyMutation();
+  const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get();
 
   const deleteAgentPolicyPrompt: DeleteAgentPolicy = (
     agentPolicyToDelete,
@@ -106,20 +112,31 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent<Props> = ({
     history.push(getPath('policies_list'));
   };
 
-  const fetchAgentsCount = async (agentPolicyToCheck: string) => {
-    if (!isFleetEnabled || isLoadingAgentsCount) {
-      return;
+  const fetchAgentsCount = useCallback(
+    async (agentPolicyToCheck: string) => {
+      if (!isFleetEnabled || isLoadingAgentsCount) {
+        return;
+      }
+      setIsLoadingAgentsCount(true);
+      // filtering out the unenrolled agents assigned to this policy
+      const agents = await sendGetAgents({
+        showInactive: true,
+        kuery: `policy_id:"${agentPolicyToCheck}" and not status: unenrolled`,
+        perPage: SO_SEARCH_LIMIT,
+      });
+      setAgentsCount(agents.data?.total ?? 0);
+      setIsLoadingAgentsCount(false);
+    },
+    [isFleetEnabled, isLoadingAgentsCount]
+  );
+
+  const packagePoliciesWithMultiplePolicies = useMemo(() => {
+    // Find if there are package policies that have multiple agent policies
+    if (packagePolicies && enableReusableIntegrationPolicies) {
+      return packagePolicies.some((policy) => policy?.policy_ids.length > 1);
     }
-    setIsLoadingAgentsCount(true);
-    // filtering out the unenrolled agents assigned to this policy
-    const agents = await sendGetAgents({
-      showInactive: true,
-      kuery: `policy_id:"${agentPolicyToCheck}" and not status: unenrolled`,
-      perPage: SO_SEARCH_LIMIT,
-    });
-    setAgentsCount(agents.data?.total ?? 0);
-    setIsLoadingAgentsCount(false);
-  };
+    return false;
+  }, [enableReusableIntegrationPolicies, packagePolicies]);
 
   const renderModal = () => {
     if (!isModalOpen) {
@@ -158,6 +175,21 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent<Props> = ({
         buttonColor="danger"
         confirmButtonDisabled={isLoading || isLoadingAgentsCount || !!agentsCount}
       >
+        {packagePoliciesWithMultiplePolicies && (
+          <>
+            <EuiCallOut
+              color="primary"
+              iconType="iInCircle"
+              title={
+                <FormattedMessage
+                  id="xpack.fleet.deleteAgentPolicy.confirmModal.warningSharedIntegrationPolicies"
+                  defaultMessage="Fleet has detected that this policy contains integration policies shared by multiple agent policies. These integration policies won't be deleted."
+                />
+              }
+            />
+            <EuiSpacer size="m" />
+          </>
+        )}
         {isLoadingAgentsCount ? (
           <FormattedMessage
             id="xpack.fleet.deleteAgentPolicy.confirmModal.loadingAgentsCountMessage"
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.test.tsx
new file mode 100644
index 0000000000000..acd3eca559937
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.test.tsx
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import type { TestRenderer } from '../../../../../mock';
+import { createFleetTestRendererMock } from '../../../../../mock';
+
+import { ConfirmDeployAgentPolicyModal } from './confirm_deploy_modal';
+
+describe('ConfirmDeployAgentPolicyModal', () => {
+  let testRenderer: TestRenderer;
+  let renderResult: ReturnType<typeof testRenderer.render>;
+  const render = (props: any) =>
+    (renderResult = testRenderer.render(
+      <ConfirmDeployAgentPolicyModal
+        onConfirm={jest.fn()}
+        onCancel={jest.fn()}
+        agentCount={0}
+        agentPolicies={[{ name: 'Agent policy 1' }, { name: 'Agent policy 2' }]}
+        agentPoliciesToAdd={[]}
+        agentPoliciesToRemove={[]}
+        {...props}
+      />
+    ));
+
+  it('should render agent count with agent policies', () => {
+    testRenderer = createFleetTestRendererMock();
+    render({
+      agentCount: 1,
+    });
+    expect(renderResult.getByText('This action will update 1 agent')).toBeInTheDocument();
+    expect(renderResult.getByText('Agent policy 1, Agent policy 2')).toBeInTheDocument();
+  });
+
+  it('should render agent policies to add and remove if no agent count', () => {
+    testRenderer = createFleetTestRendererMock();
+    render({
+      agentCount: 0,
+      agentPoliciesToAdd: ['Agent policy 1', 'Agent policy 2'],
+      agentPoliciesToRemove: ['Agent policy 3'],
+    });
+    expect(
+      renderResult.getByText('This action will update the selected agent policies')
+    ).toBeInTheDocument();
+    const calloutText = renderResult.getByTestId('confirmAddRemovePoliciesCallout').textContent;
+    expect(calloutText).toContain(
+      'Agent policies that will be updated to use this integration policy:Agent policy 1Agent policy 2'
+    );
+    expect(calloutText).toContain(
+      'Agent policies that will be updated to remove this integration policy:Agent policy 3'
+    );
+  });
+});
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.tsx
index e19ec358abd64..d83cad3a58c8b 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/confirm_deploy_modal.tsx
@@ -17,17 +17,15 @@ export const ConfirmDeployAgentPolicyModal: React.FunctionComponent<{
   onCancel: () => void;
   agentCount: number;
   agentPolicies: AgentPolicy[];
-  showUnprivilegedAgentsCallout?: boolean;
-  unprivilegedAgentsCount?: number;
-  dataStreams?: Array<{ name: string; title: string }>;
+  agentPoliciesToAdd?: string[];
+  agentPoliciesToRemove?: string[];
 }> = ({
   onConfirm,
   onCancel,
   agentCount,
   agentPolicies,
-  showUnprivilegedAgentsCallout = false,
-  unprivilegedAgentsCount = 0,
-  dataStreams,
+  agentPoliciesToAdd = [],
+  agentPoliciesToRemove = [],
 }) => {
   return (
     <EuiConfirmModal
@@ -53,28 +51,68 @@ export const ConfirmDeployAgentPolicyModal: React.FunctionComponent<{
       }
       buttonColor="primary"
     >
-      <EuiCallOut
-        iconType="iInCircle"
-        title={i18n.translate('xpack.fleet.agentPolicy.confirmModalCalloutTitle', {
-          defaultMessage:
-            'This action will update {agentCount, plural, one {# agent} other {# agents}}',
-          values: {
-            agentCount,
-          },
-        })}
-      >
-        <div className="eui-textBreakWord">
-          <FormattedMessage
-            id="xpack.fleet.agentPolicy.confirmModalCalloutDescription"
-            defaultMessage="Fleet has detected that the selected agent policies, {policyNames}, are already in use by
+      {agentCount > 0 ? (
+        <EuiCallOut
+          iconType="iInCircle"
+          title={i18n.translate('xpack.fleet.agentPolicy.confirmModalCalloutTitle', {
+            defaultMessage:
+              'This action will update {agentCount, plural, one {# agent} other {# agents}}',
+            values: {
+              agentCount,
+            },
+          })}
+        >
+          <div className="eui-textBreakWord">
+            <FormattedMessage
+              id="xpack.fleet.agentPolicy.confirmModalCalloutDescription"
+              defaultMessage="Fleet has detected that the selected agent policies, {policyNames}, are already in use by
             some of your agents. As a result of this action, Fleet will deploy updates to all agents
             that use these policies."
-            values={{
-              policyNames: <b>{agentPolicies.map((policy) => policy.name).join(', ')}</b>,
-            }}
-          />
-        </div>
-      </EuiCallOut>
+              values={{
+                policyNames: <b>{agentPolicies.map((policy) => policy.name).join(', ')}</b>,
+              }}
+            />
+          </div>
+        </EuiCallOut>
+      ) : (
+        <EuiCallOut
+          data-test-subj="confirmAddRemovePoliciesCallout"
+          iconType="iInCircle"
+          title={i18n.translate('xpack.fleet.agentPolicy.confirmModalPoliciesCalloutTitle', {
+            defaultMessage: 'This action will update the selected agent policies',
+            values: {
+              agentCount,
+            },
+          })}
+        >
+          {agentPoliciesToAdd.length > 0 && (
+            <div className="eui-textBreakWord">
+              <FormattedMessage
+                id="xpack.fleet.agentPolicy.confirmModalPoliciesAddCalloutDescription"
+                defaultMessage="Agent policies that will be updated to use this integration policy:"
+              />
+              <ul>
+                {agentPoliciesToAdd.map((policy) => (
+                  <li key={policy}>{policy}</li>
+                ))}
+              </ul>
+            </div>
+          )}
+          {agentPoliciesToRemove.length > 0 && (
+            <div className="eui-textBreakWord">
+              <FormattedMessage
+                id="xpack.fleet.agentPolicy.confirmModalPoliciesRemoveCalloutDescription"
+                defaultMessage="Agent policies that will be updated to remove this integration policy:"
+              />
+              <ul>
+                {agentPoliciesToRemove.map((policy) => (
+                  <li key={policy}>{policy}</li>
+                ))}
+              </ul>
+            </div>
+          )}
+        </EuiCallOut>
+      )}
       <EuiSpacer size="l" />
       <FormattedMessage
         id="xpack.fleet.agentPolicy.confirmModalDescription"
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.test.tsx
index 593d25ebaa97c..1ebfe5a897b07 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.test.tsx
@@ -8,6 +8,8 @@
 import React from 'react';
 import { act, fireEvent, waitFor } from '@testing-library/react';
 
+import { getInheritedNamespace } from '../../../../../../../../common/services';
+
 import type { TestRenderer } from '../../../../../../../mock';
 import { createFleetTestRendererMock } from '../../../../../../../mock';
 import type { AgentPolicy, NewPackagePolicy, PackageInfo } from '../../../../../types';
@@ -92,7 +94,7 @@ describe('StepDefinePackagePolicy', () => {
   const render = () =>
     (renderResult = testRenderer.render(
       <StepDefinePackagePolicy
-        agentPolicies={agentPolicies}
+        namespacePlaceholder={getInheritedNamespace(agentPolicies)}
         packageInfo={packageInfo}
         packagePolicy={packagePolicy}
         updatePackagePolicy={mockUpdatePackagePolicy}
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.tsx
index b963141210daa..c312b48a2d290 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_define_package_policy.tsx
@@ -24,12 +24,7 @@ import {
 
 import styled from 'styled-components';
 
-import type {
-  AgentPolicy,
-  PackageInfo,
-  NewPackagePolicy,
-  RegistryVarsEntry,
-} from '../../../../../types';
+import type { PackageInfo, NewPackagePolicy, RegistryVarsEntry } from '../../../../../types';
 import { Loading } from '../../../../../components';
 import { useStartServices } from '../../../../../hooks';
 
@@ -48,7 +43,7 @@ const FormGroupResponsiveFields = styled(EuiDescribedFormGroup)`
 `;
 
 export const StepDefinePackagePolicy: React.FunctionComponent<{
-  agentPolicies?: AgentPolicy[];
+  namespacePlaceholder?: string;
   packageInfo: PackageInfo;
   packagePolicy: NewPackagePolicy;
   updatePackagePolicy: (fields: Partial<NewPackagePolicy>) => void;
@@ -58,7 +53,7 @@ export const StepDefinePackagePolicy: React.FunctionComponent<{
   noAdvancedToggle?: boolean;
 }> = memo(
   ({
-    agentPolicies,
+    namespacePlaceholder,
     packageInfo,
     packagePolicy,
     updatePackagePolicy,
@@ -290,7 +285,7 @@ export const StepDefinePackagePolicy: React.FunctionComponent<{
                       <EuiComboBox
                         data-test-subj="packagePolicyNamespaceInput"
                         noSuggestions
-                        placeholder={agentPolicies?.[0]?.namespace}
+                        placeholder={namespacePlaceholder}
                         isDisabled={isEditPage && packageInfo.type === 'input'}
                         singleSelection={true}
                         selectedOptions={
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.test.tsx
index 29fee831731b7..33ff461f7efd5 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.test.tsx
@@ -10,12 +10,10 @@ import { act } from '@testing-library/react';
 
 import type { PackageInfo } from '../../../../../../../../common';
 
-import { ExperimentalFeaturesService } from '../../../../../../../services';
-
 import type { TestRenderer } from '../../../../../../../mock';
 import { createFleetTestRendererMock } from '../../../../../../../mock';
 
-import { useGetAgentPolicies } from '../../../../../hooks';
+import { useGetAgentPolicies, useMultipleAgentPolicies } from '../../../../../hooks';
 
 import { StepSelectAgentPolicy } from './step_select_agent_policy';
 
@@ -23,6 +21,7 @@ jest.mock('../../../../../hooks', () => {
   return {
     ...jest.requireActual('../../../../../hooks'),
     useGetAgentPolicies: jest.fn(),
+    useMultipleAgentPolicies: jest.fn(),
     useGetOutputs: jest.fn().mockReturnValue({
       data: {
         items: [
@@ -61,25 +60,29 @@ jest.mock('../../../../../hooks', () => {
 const useGetAgentPoliciesMock = useGetAgentPolicies as jest.MockedFunction<
   typeof useGetAgentPolicies
 >;
+const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction<
+  typeof useMultipleAgentPolicies
+>;
 
 describe('step select agent policy', () => {
   let testRenderer: TestRenderer;
   let renderResult: ReturnType<typeof testRenderer.render>;
   const mockSetHasAgentPolicyError = jest.fn();
   const updateAgentPoliciesMock = jest.fn();
-  const render = (packageInfo?: PackageInfo, selectedAgentPolicyId?: string) =>
+  const render = (packageInfo?: PackageInfo, selectedAgentPolicyIds: string[] = []) =>
     (renderResult = testRenderer.render(
       <StepSelectAgentPolicy
         packageInfo={packageInfo || ({ name: 'apache' } as any)}
         agentPolicies={[]}
         updateAgentPolicies={updateAgentPoliciesMock}
         setHasAgentPolicyError={mockSetHasAgentPolicyError}
-        selectedAgentPolicyId={selectedAgentPolicyId}
+        selectedAgentPolicyIds={selectedAgentPolicyIds}
       />
     ));
 
   beforeEach(() => {
     testRenderer = createFleetTestRendererMock();
+    useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false });
     updateAgentPoliciesMock.mockReset();
   });
 
@@ -124,9 +127,7 @@ describe('step select agent policy', () => {
 
   describe('multiple agent policies', () => {
     beforeEach(() => {
-      jest
-        .spyOn(ExperimentalFeaturesService, 'get')
-        .mockReturnValue({ enableReusableIntegrationPolicies: true });
+      useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: true });
 
       useGetAgentPoliciesMock.mockReturnValue({
         data: {
@@ -182,7 +183,7 @@ describe('step select agent policy', () => {
     });
 
     test('should select agent policy if pre selected', async () => {
-      render(undefined, 'policy-1');
+      render(undefined, ['policy-1']);
       await act(async () => {}); // Needed as updateAgentPolicies is called after multiple useEffect
       await act(async () => {
         expect(updateAgentPoliciesMock).toBeCalledWith([{ id: 'policy-1', package_policies: [] }]);
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx
index 6156e81a133d7..f28593d84ef9a 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx
@@ -24,11 +24,7 @@ import {
 
 import { Error } from '../../../../../components';
 import type { AgentPolicy, Output, PackageInfo } from '../../../../../types';
-import {
-  isPackageLimited,
-  doesAgentPolicyAlreadyIncludePackage,
-  ExperimentalFeaturesService,
-} from '../../../../../services';
+import { isPackageLimited, doesAgentPolicyAlreadyIncludePackage } from '../../../../../services';
 import {
   useGetAgentPolicies,
   useGetOutputs,
@@ -43,6 +39,8 @@ import {
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,
 } from '../../../../../../../../common/constants';
 
+import { useMultipleAgentPolicies } from '../../../../../hooks';
+
 import { AgentPolicyMultiSelect } from './components/agent_policy_multi_select';
 
 const AgentPolicyFormRow = styled(EuiFormRow)`
@@ -217,19 +215,19 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
   agentPolicies: AgentPolicy[];
   updateAgentPolicies: (agentPolicies: AgentPolicy[]) => void;
   setHasAgentPolicyError: (hasError: boolean) => void;
-  selectedAgentPolicyId?: string;
+  selectedAgentPolicyIds: string[];
 }> = ({
   packageInfo,
   agentPolicies,
   updateAgentPolicies: updateSelectedAgentPolicies,
   setHasAgentPolicyError,
-  selectedAgentPolicyId,
+  selectedAgentPolicyIds,
 }) => {
   const { isReady: isFleetReady } = useFleetStatus();
 
   const [selectedAgentPolicyError, setSelectedAgentPolicyError] = useState<Error>();
 
-  const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get();
+  const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies();
 
   const {
     isLoading,
@@ -240,8 +238,10 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
   } = useAgentPoliciesOptions(packageInfo);
 
   const [selectedPolicyIds, setSelectedPolicyIds] = useState<string[]>([]);
+  const [isFirstLoad, setIsFirstLoad] = useState<boolean>(true);
 
-  const [isLoadingSelectedAgentPolicy, setIsLoadingSelectedAgentPolicy] = useState<boolean>(false);
+  const [isLoadingSelectedAgentPolicies, setIsLoadingSelectedAgentPolicies] =
+    useState<boolean>(false);
   const [selectedAgentPolicies, setSelectedAgentPolicies] = useState<AgentPolicy[]>(agentPolicies);
 
   const updateAgentPolicies = useCallback(
@@ -255,7 +255,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
   useEffect(() => {
     const fetchAgentPolicyInfo = async () => {
       if (selectedPolicyIds.length > 0) {
-        setIsLoadingSelectedAgentPolicy(true);
+        setIsLoadingSelectedAgentPolicies(true);
         const { data, error } = await sendBulkGetAgentPolicies(selectedPolicyIds, { full: true });
         if (error) {
           setSelectedAgentPolicyError(error);
@@ -264,7 +264,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
           setSelectedAgentPolicyError(undefined);
           updateAgentPolicies(data.items);
         }
-        setIsLoadingSelectedAgentPolicy(false);
+        setIsLoadingSelectedAgentPolicies(false);
       } else {
         setSelectedAgentPolicyError(undefined);
         updateAgentPolicies([]);
@@ -284,35 +284,36 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
   // Try to select default agent policy
   useEffect(() => {
     if (
+      isFirstLoad &&
       selectedPolicyIds.length === 0 &&
       existingAgentPolicies.length &&
-      (enableReusableIntegrationPolicies
-        ? agentPolicyMultiOptions.length
-        : agentPolicyOptions.length)
+      (canUseMultipleAgentPolicies ? agentPolicyMultiOptions.length : agentPolicyOptions.length)
     ) {
-      if (enableReusableIntegrationPolicies) {
+      setIsFirstLoad(false);
+      if (canUseMultipleAgentPolicies) {
         const enabledOptions = agentPolicyMultiOptions.filter((option) => !option.disabled);
         if (enabledOptions.length === 1) {
           setSelectedPolicyIds([enabledOptions[0].key!]);
-        } else if (selectedAgentPolicyId) {
-          setSelectedPolicyIds([selectedAgentPolicyId]);
+        } else if (selectedAgentPolicyIds.length > 0) {
+          setSelectedPolicyIds(selectedAgentPolicyIds);
         }
       } else {
         const enabledOptions = agentPolicyOptions.filter((option) => !option.disabled);
         if (enabledOptions.length === 1) {
           setSelectedPolicyIds([enabledOptions[0].value]);
-        } else if (selectedAgentPolicyId) {
-          setSelectedPolicyIds([selectedAgentPolicyId]);
+        } else if (selectedAgentPolicyIds.length > 0) {
+          setSelectedPolicyIds(selectedAgentPolicyIds);
         }
       }
     }
   }, [
     agentPolicyOptions,
     agentPolicyMultiOptions,
-    enableReusableIntegrationPolicies,
-    selectedAgentPolicyId,
+    canUseMultipleAgentPolicies,
+    selectedAgentPolicyIds,
     selectedPolicyIds,
     existingAgentPolicies,
+    isFirstLoad,
   ]);
 
   // Bubble up any issues with agent policy selection
@@ -342,6 +343,14 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
     );
   }
 
+  const someNewAgentPoliciesHaveLimitedPackage =
+    !packageInfo ||
+    selectedAgentPolicies
+      .filter((policy) => !selectedAgentPolicyIds.find((id) => policy.id === id))
+      .some((selectedAgentPolicy) =>
+        doesAgentPolicyHaveLimitedPackage(selectedAgentPolicy, packageInfo)
+      );
+
   return (
     <>
       <EuiFlexGroup direction="column" gutterSize="m">
@@ -381,7 +390,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
                 </EuiFlexGroup>
               }
               helpText={
-                isFleetReady && selectedPolicyIds.length > 0 && !isLoadingSelectedAgentPolicy ? (
+                isFleetReady && selectedPolicyIds.length > 0 && !isLoadingSelectedAgentPolicies ? (
                   <FormattedMessage
                     id="xpack.fleet.createPackagePolicy.StepSelectPolicy.agentPolicyAgentsDescriptionText"
                     defaultMessage="{count, plural, one {# agent is} other {# agents are}} enrolled with the selected agent policies."
@@ -395,11 +404,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
                 ) : null
               }
               isInvalid={Boolean(
-                selectedPolicyIds.length === 0 ||
-                  !packageInfo ||
-                  selectedAgentPolicies.every((selectedAgentPolicy) =>
-                    doesAgentPolicyHaveLimitedPackage(selectedAgentPolicy, packageInfo)
-                  )
+                selectedPolicyIds.length === 0 || someNewAgentPoliciesHaveLimitedPackage
               )}
               error={
                 selectedPolicyIds.length === 0 ? (
@@ -407,17 +412,17 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
                     id="xpack.fleet.createPackagePolicy.StepSelectPolicy.noPolicySelectedError"
                     defaultMessage="An agent policy is required."
                   />
-                ) : (
+                ) : someNewAgentPoliciesHaveLimitedPackage ? (
                   <FormattedMessage
                     id="xpack.fleet.createPackagePolicy.StepSelectPolicy.cannotAddLimitedIntegrationError"
                     defaultMessage="This integration can only be added once per agent policy."
                   />
-                )
+                ) : null
               }
             >
-              {enableReusableIntegrationPolicies ? (
+              {canUseMultipleAgentPolicies ? (
                 <AgentPolicyMultiSelect
-                  isLoading={isLoading || !packageInfo || isLoadingSelectedAgentPolicy}
+                  isLoading={isLoading || !packageInfo || isLoadingSelectedAgentPolicies}
                   selectedPolicyIds={selectedPolicyIds}
                   setSelectedPolicyIds={setSelectedPolicyIds}
                   agentPolicyMultiOptions={agentPolicyMultiOptions}
@@ -431,7 +436,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{
                     }
                   )}
                   fullWidth
-                  isLoading={isLoading || !packageInfo || isLoadingSelectedAgentPolicy}
+                  isLoading={isLoading || !packageInfo || isLoadingSelectedAgentPolicies}
                   options={agentPolicyOptions}
                   valueOfSelected={selectedPolicyIds[0]}
                   onChange={onChange}
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.test.tsx
index 70fb22fcebdf1..1ba7f56273dc6 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.test.tsx
@@ -93,7 +93,7 @@ describe('StepSelectHosts', () => {
         packageInfo={packageInfo}
         setHasAgentPolicyError={jest.fn()}
         updateSelectedTab={jest.fn()}
-        selectedAgentPolicyId={undefined}
+        selectedAgentPolicyIds={[]}
       />
     ));
   beforeEach(() => {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.tsx
index a4b4f5a3e0970..73671e97e95db 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_hosts.tsx
@@ -42,7 +42,8 @@ interface Props {
   packageInfo?: PackageInfo;
   setHasAgentPolicyError: (hasError: boolean) => void;
   updateSelectedTab: (tab: SelectedPolicyTab) => void;
-  selectedAgentPolicyId?: string;
+  selectedAgentPolicyIds: string[];
+  initialSelectedTabIndex?: number;
 }
 
 export const StepSelectHosts: React.FunctionComponent<Props> = ({
@@ -56,7 +57,8 @@ export const StepSelectHosts: React.FunctionComponent<Props> = ({
   packageInfo,
   setHasAgentPolicyError,
   updateSelectedTab,
-  selectedAgentPolicyId,
+  selectedAgentPolicyIds,
+  initialSelectedTabIndex,
 }) => {
   let existingAgentPolicies: AgentPolicy[] = [];
   const { data: agentPoliciesData, error: err } = useGetAgentPolicies({
@@ -110,7 +112,7 @@ export const StepSelectHosts: React.FunctionComponent<Props> = ({
           agentPolicies={agentPolicies}
           updateAgentPolicies={updateAgentPolicies}
           setHasAgentPolicyError={setHasAgentPolicyError}
-          selectedAgentPolicyId={selectedAgentPolicyId}
+          selectedAgentPolicyIds={selectedAgentPolicyIds}
         />
       ),
     },
@@ -121,7 +123,13 @@ export const StepSelectHosts: React.FunctionComponent<Props> = ({
 
   return existingAgentPolicies.length > 0 ? (
     <StyledEuiTabbedContent
-      initialSelectedTab={selectedAgentPolicyId ? tabs[1] : tabs[0]}
+      initialSelectedTab={
+        initialSelectedTabIndex
+          ? tabs[initialSelectedTabIndex]
+          : selectedAgentPolicyIds.length > 0
+          ? tabs[1]
+          : tabs[0]
+      }
       tabs={tabs}
       onTabClick={handleOnTabClick}
     />
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/layout.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/layout.tsx
index 445a0bcf94287..c5170d33eee68 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/layout.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/layout.tsx
@@ -17,7 +17,6 @@ import {
   EuiDescriptionListDescription,
   EuiButtonEmpty,
   EuiSpacer,
-  useIsWithinMinBreakpoint,
 } from '@elastic/eui';
 
 import { useAgentless } from '../hooks/setup_technology';
@@ -252,8 +251,7 @@ export const CreatePackagePolicySinglePageLayout: React.FunctionComponent<{
       </EuiDescriptionList>
     ) : undefined;
 
-    const isBiggerScreen = useIsWithinMinBreakpoint('xxl');
-    const maxWidth = isBiggerScreen ? 1200 : 800;
+    const maxWidth = 800;
     return (
       <WithHeaderLayout
         restrictHeaderWidth={maxWidth}
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/devtools_request.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/devtools_request.tsx
index 90683ded5979c..91ca089f2ffe3 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/devtools_request.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/devtools_request.tsx
@@ -8,10 +8,14 @@
 import { useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 
+import { omit } from 'lodash';
+import { set } from '@kbn/safer-lodash-set';
+
 import { ExperimentalFeaturesService } from '../../../../../services';
 import {
   generateCreatePackagePolicyDevToolsRequest,
   generateCreateAgentPolicyDevToolsRequest,
+  generateUpdatePackagePolicyDevToolsRequest,
 } from '../../../services';
 import {
   FLEET_SYSTEM_PACKAGE,
@@ -26,12 +30,14 @@ export function useDevToolsRequest({
   packageInfo,
   selectedPolicyTab,
   withSysMonitoring,
+  packagePolicyId,
 }: {
   withSysMonitoring: boolean;
   selectedPolicyTab: SelectedPolicyTab;
   newAgentPolicy: NewAgentPolicy;
   packagePolicy: NewPackagePolicy;
   packageInfo?: PackageInfo;
+  packagePolicyId?: string;
 }) {
   const { showDevtoolsRequest: isShowDevtoolRequestExperimentEnabled } =
     ExperimentalFeaturesService.get();
@@ -47,28 +53,55 @@ export function useDevToolsRequest({
         `${generateCreateAgentPolicyDevToolsRequest(
           newAgentPolicy,
           withSysMonitoring && !packagePolicyIsSystem
-        )}\n\n${generateCreatePackagePolicyDevToolsRequest({
-          ...{ ...packagePolicy, policy_id: '' },
-        })}`,
-        i18n.translate(
-          'xpack.fleet.createPackagePolicy.devtoolsRequestWithAgentPolicyDescription',
-          {
-            defaultMessage:
-              'These Kibana requests create a new agent policy and a new package policy.',
-          }
-        ),
+        )}\n\n${
+          packagePolicyId
+            ? generateUpdatePackagePolicyDevToolsRequest(
+                packagePolicyId,
+                set(omit(packagePolicy, 'elasticsearch', 'policy_id'), 'policy_ids', [
+                  ...packagePolicy.policy_ids,
+                  '',
+                ])
+              )
+            : generateCreatePackagePolicyDevToolsRequest({
+                ...{ ...packagePolicy, policy_ids: [''] },
+              })
+        }`,
+        packagePolicyId
+          ? i18n.translate(
+              'xpack.fleet.editPackagePolicy.devtoolsRequestWithAgentPolicyDescription',
+              {
+                defaultMessage:
+                  'These Kibana requests create a new agent policy and update a package policy.',
+              }
+            )
+          : i18n.translate(
+              'xpack.fleet.createPackagePolicy.devtoolsRequestWithAgentPolicyDescription',
+              {
+                defaultMessage:
+                  'These Kibana requests create a new agent policy and a new package policy.',
+              }
+            ),
       ];
     }
 
     return [
-      generateCreatePackagePolicyDevToolsRequest({
-        ...packagePolicy,
-      }),
-      i18n.translate('xpack.fleet.createPackagePolicy.devtoolsRequestDescription', {
-        defaultMessage: 'This Kibana request creates a new package policy.',
-      }),
+      packagePolicyId
+        ? generateUpdatePackagePolicyDevToolsRequest(
+            packagePolicyId,
+            omit(packagePolicy, 'elasticsearch', 'policy_id')
+          )
+        : generateCreatePackagePolicyDevToolsRequest({
+            ...packagePolicy,
+          }),
+      packagePolicyId
+        ? i18n.translate('xpack.fleet.editPackagePolicy.devtoolsRequestDescription', {
+            defaultMessage: 'This Kibana request updates package policy.',
+          })
+        : i18n.translate('xpack.fleet.createPackagePolicy.devtoolsRequestDescription', {
+            defaultMessage: 'This Kibana request creates a new package policy.',
+          }),
     ];
-  }, [packagePolicy, newAgentPolicy, withSysMonitoring, selectedPolicyTab]);
+  }, [packagePolicy, newAgentPolicy, withSysMonitoring, selectedPolicyTab, packagePolicyId]);
 
   return { showDevtoolsRequest, devtoolRequest, devtoolRequestDescription };
 }
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/form.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/form.tsx
index be80a96697269..02e364f3e3d30 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/form.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/form.tsx
@@ -49,7 +49,7 @@ import {
 
 import { useAgentless } from './setup_technology';
 
-async function createAgentPolicy({
+export async function createAgentPolicy({
   packagePolicy,
   newAgentPolicy,
   withSysMonitoring,
@@ -72,6 +72,45 @@ async function createAgentPolicy({
   return resp.data.item;
 }
 
+export const createAgentPolicyIfNeeded = async ({
+  selectedPolicyTab,
+  withSysMonitoring,
+  newAgentPolicy,
+  packagePolicy,
+  packageInfo,
+}: {
+  selectedPolicyTab: SelectedPolicyTab;
+  withSysMonitoring: boolean;
+  newAgentPolicy: NewAgentPolicy;
+  packagePolicy: NewPackagePolicy;
+  packageInfo?: PackageInfo;
+}): Promise<AgentPolicy | undefined> => {
+  if (selectedPolicyTab === SelectedPolicyTab.NEW) {
+    if ((withSysMonitoring || newAgentPolicy.monitoring_enabled?.length) ?? 0 > 0) {
+      const packagesToPreinstall: Array<string | { name: string; version: string }> = [];
+      // skip preinstall of input package, to be able to rollback when package policy creation fails
+      if (packageInfo && packageInfo.type !== 'input') {
+        packagesToPreinstall.push({ name: packageInfo.name, version: packageInfo.version });
+      }
+      if (withSysMonitoring) {
+        packagesToPreinstall.push(FLEET_SYSTEM_PACKAGE);
+      }
+      if (newAgentPolicy.monitoring_enabled?.length ?? 0 > 0) {
+        packagesToPreinstall.push(FLEET_ELASTIC_AGENT_PACKAGE);
+      }
+
+      if (packagesToPreinstall.length > 0) {
+        await sendBulkInstallPackages([...new Set(packagesToPreinstall)]);
+      }
+    }
+    return await createAgentPolicy({
+      newAgentPolicy,
+      packagePolicy,
+      withSysMonitoring,
+    });
+  }
+};
+
 async function savePackagePolicy(pkgPolicy: CreatePackagePolicyRequest['body']) {
   const { policy, forceCreateNeeded } = await prepareInputPackagePolicyDataset(pkgPolicy);
   const result = await sendCreatePackagePolicy({
@@ -281,33 +320,21 @@ export function useOnSubmit({
         return;
       }
       let createdPolicy = overrideCreatedAgentPolicy;
-      if (selectedPolicyTab === SelectedPolicyTab.NEW && !overrideCreatedAgentPolicy) {
+      if (!overrideCreatedAgentPolicy) {
         try {
           setFormState('LOADING');
-          if ((withSysMonitoring || newAgentPolicy.monitoring_enabled?.length) ?? 0 > 0) {
-            const packagesToPreinstall: Array<string | { name: string; version: string }> = [];
-            // skip preinstall of input package, to be able to rollback when package policy creation fails
-            if (packageInfo && packageInfo.type !== 'input') {
-              packagesToPreinstall.push({ name: packageInfo.name, version: packageInfo.version });
-            }
-            if (withSysMonitoring) {
-              packagesToPreinstall.push(FLEET_SYSTEM_PACKAGE);
-            }
-            if (newAgentPolicy.monitoring_enabled?.length ?? 0 > 0) {
-              packagesToPreinstall.push(FLEET_ELASTIC_AGENT_PACKAGE);
-            }
-
-            if (packagesToPreinstall.length > 0) {
-              await sendBulkInstallPackages([...new Set(packagesToPreinstall)]);
-            }
-          }
-          createdPolicy = await createAgentPolicy({
+          const newPolicy = await createAgentPolicyIfNeeded({
             newAgentPolicy,
             packagePolicy,
             withSysMonitoring,
+            packageInfo,
+            selectedPolicyTab,
           });
-          setAgentPolicies([createdPolicy]);
-          updatePackagePolicy({ policy_ids: [createdPolicy.id] });
+          if (newPolicy) {
+            createdPolicy = newPolicy;
+            setAgentPolicies([createdPolicy]);
+            updatePackagePolicy({ policy_ids: [createdPolicy.id] });
+          }
         } catch (e) {
           setFormState('VALID');
           notifications.toasts.addError(e, {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.test.tsx
index f79a5ad00c67a..9b235df27b3c9 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.test.tsx
@@ -680,7 +680,7 @@ describe('When on the package policy create page', () => {
             isServerlessEnabled: true,
           },
         });
-        jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: true });
+        jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: true } as any);
         (useGetPackageInfoByKeyQuery as jest.Mock).mockReturnValue(
           getMockPackageInfo({ requiresRoot: false, dataStreamRequiresRoot: false })
         );
@@ -703,7 +703,7 @@ describe('When on the package policy create page', () => {
       });
 
       test('should not force create package policy when not in serverless', async () => {
-        jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: false });
+        jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: false } as any);
         (useStartServices as jest.MockedFunction<any>).mockReturnValue({
           ...useStartServices(),
           cloud: {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.tsx
index 761153401ed06..32ea92e932755 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/index.tsx
@@ -35,6 +35,7 @@ import {
 import { useCancelAddPackagePolicy } from '../hooks';
 
 import {
+  getInheritedNamespace,
   getRootPrivilegedDataStreams,
   isRootPrivilegesRequired,
   splitPkgKey,
@@ -81,7 +82,7 @@ import { PostInstallGoogleCloudShellModal } from './components/cloud_security_po
 import { PostInstallAzureArmTemplateModal } from './components/cloud_security_posture/post_install_azure_arm_template_modal';
 import { RootPrivilegesCallout } from './root_callout';
 
-const StepsWithLessPadding = styled(EuiSteps)`
+export const StepsWithLessPadding = styled(EuiSteps)`
   .euiStep__content {
     padding-bottom: ${(props) => props.theme.eui.euiSizeM};
   }
@@ -293,7 +294,7 @@ export const CreatePackagePolicySinglePage: CreatePackagePolicyParams = ({
         packageInfo={packageInfo}
         setHasAgentPolicyError={setHasAgentPolicyError}
         updateSelectedTab={updateSelectedPolicyTab}
-        selectedAgentPolicyId={queryParamsPolicyId}
+        selectedAgentPolicyIds={queryParamsPolicyId ? [queryParamsPolicyId] : []}
       />
     ),
     [
@@ -377,7 +378,7 @@ export const CreatePackagePolicySinglePage: CreatePackagePolicyParams = ({
       ) : packageInfo ? (
         <>
           <StepDefinePackagePolicy
-            agentPolicies={agentPolicies}
+            namespacePlaceholder={getInheritedNamespace(agentPolicies)}
             packageInfo={packageInfo}
             packagePolicy={packagePolicy}
             updatePackagePolicy={updatePackagePolicy}
@@ -462,10 +463,6 @@ export const CreatePackagePolicySinglePage: CreatePackagePolicyParams = ({
   }
 
   const rootPrivilegedDataStreams = packageInfo ? getRootPrivilegedDataStreams(packageInfo) : [];
-  const unprivilegedAgentsCount = agentPolicies.reduce(
-    (acc, curr) => acc + (curr.unprivileged_agents ?? 0),
-    0
-  );
 
   return (
     <CreatePackagePolicySinglePageLayout {...layoutProps} data-test-subj="createPackagePolicy">
@@ -478,13 +475,6 @@ export const CreatePackagePolicySinglePage: CreatePackagePolicyParams = ({
                 agentPolicies={agentPolicies}
                 onConfirm={onSubmit}
                 onCancel={() => setFormState('VALID')}
-                showUnprivilegedAgentsCallout={Boolean(
-                  packageInfo &&
-                    isRootPrivilegesRequired(packageInfo) &&
-                    unprivilegedAgentsCount > 0
-                )}
-                unprivilegedAgentsCount={unprivilegedAgentsCount}
-                dataStreams={rootPrivilegedDataStreams}
               />
             )}
             {formState === 'SUBMITTED_NO_AGENTS' &&
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/root_callout.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/root_callout.tsx
index 3a4c01528f4de..46f940e5c6551 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/root_callout.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/root_callout.tsx
@@ -5,15 +5,19 @@
  * 2.0.
  */
 
-import { EuiCallOut } from '@elastic/eui';
+import { EuiCallOut, EuiLink } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import React from 'react';
 
+import { useStartServices } from '../../../../hooks';
+
 interface Props {
   dataStreams: Array<{ name: string; title: string }>;
 }
 
 export const RootPrivilegesCallout: React.FC<Props> = ({ dataStreams }) => {
+  const { docLinks } = useStartServices();
+
   return (
     <EuiCallOut
       size="m"
@@ -35,7 +39,17 @@ export const RootPrivilegesCallout: React.FC<Props> = ({ dataStreams }) => {
         <>
           <FormattedMessage
             id="xpack.fleet.addIntegration.confirmModal.unprivilegedAgentsDataStreamsMessage"
-            defaultMessage="This integration has the following data streams that require Elastic Agents to have root privileges. To ensure that all data required by the integration can be collected, enroll agents using an account with root privileges."
+            defaultMessage="This integration has the following data streams that require Elastic Agents to have root privileges. To ensure that all data required by the integration can be collected, enroll agents using an account with root privileges.  For more information, see the {guideLink}"
+            values={{
+              guideLink: (
+                <EuiLink href={docLinks.links.fleet.unprivilegedMode} target="_blank" external>
+                  <FormattedMessage
+                    id="xpack.fleet.addIntegration.confirmModal.unprivilegedAgentsDataStreamsMessage.guideLink"
+                    defaultMessage="Fleet and Elastic Agent Guide"
+                  />
+                </EuiLink>
+              ),
+            }}
           />
           <ul>
             {dataStreams.map((item) => (
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/index.tsx
index 7b295c9f53d53..e5d59597ba48a 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/index.tsx
@@ -7,3 +7,4 @@
 
 export { useHistoryBlock } from './use_history_block';
 export { usePackagePolicyWithRelatedData } from './use_package_policy';
+export { usePackagePolicySteps } from './use_package_policy_steps';
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.test.tsx
index 731a6b9791d7a..67b8f35a22eb4 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.test.tsx
@@ -14,6 +14,7 @@
 
 import { omit } from 'lodash';
 
+import { sendGetPackageInfoByKey, sendUpgradePackagePolicyDryRun } from '../../../../../../hooks';
 import { createFleetTestRendererMock } from '../../../../../../mock';
 
 import { usePackagePolicyWithRelatedData } from './use_package_policy';
@@ -83,6 +84,41 @@ jest.mock('../../../../../../hooks/use_request', () => ({
         },
       };
     }
+    if (packagePolicyId === 'package-policy-2') {
+      return {
+        data: {
+          item: {
+            id: 'nginx-1',
+            name: 'nginx-1',
+            namespace: 'default',
+            description: 'Nginx description',
+            package: { name: 'nginx', title: 'Nginx', version: '1.3.0' },
+            enabled: true,
+            policy_id: 'agent-policy-1',
+            policy_ids: ['agent-policy-1'],
+            inputs: [
+              {
+                type: 'logfile',
+                policy_template: 'nginx',
+                enabled: true,
+                streams: [
+                  {
+                    enabled: true,
+                    data_stream: { type: 'logs', dataset: 'nginx.access' },
+                    vars: {
+                      paths: { value: ['/var/log/nginx/access.log*'], type: 'text' },
+                    },
+                  },
+                ],
+                vars: {
+                  existing_input_level_var: { value: 'existing-value', type: 'text' },
+                },
+              },
+            ],
+          },
+        },
+      };
+    }
   },
   sendGetPackageInfoByKey: jest.fn().mockImplementation((name, version) =>
     Promise.resolve({
@@ -308,4 +344,238 @@ describe('usePackagePolicy', () => {
       }
     `);
   });
+
+  it('should load the package policy if this is an upgrade with new input vars', async () => {
+    jest.mocked(sendUpgradePackagePolicyDryRun).mockResolvedValue({
+      data: [
+        {
+          diff: [
+            {
+              id: 'nginx-1',
+              name: 'nginx-1',
+              namespace: 'default',
+              description: 'Nginx description',
+              package: { name: 'nginx', title: 'Nginx', version: '1.3.0' },
+              enabled: true,
+              policy_id: 'agent-policy-1',
+              policy_ids: ['agent-policy-1'],
+              vars: {},
+              inputs: [
+                {
+                  type: 'logfile',
+                  policy_template: 'nginx',
+                  enabled: true,
+                  streams: [
+                    {
+                      enabled: true,
+                      data_stream: { type: 'logs', dataset: 'nginx.access' },
+                      vars: {
+                        paths: { value: ['/var/log/nginx/access.log*'], type: 'text' },
+                        existing_package_level_var: {
+                          value: '/var/log/nginx/access.log*',
+                          type: 'text',
+                        },
+                      },
+                    },
+                  ],
+                  vars: {
+                    existing_package_level_var: {
+                      value: '/var/log/nginx/access.log*',
+                      type: 'text',
+                    },
+                  },
+                },
+              ],
+            },
+            {
+              id: 'nginx-1',
+              name: 'nginx-1',
+              namespace: 'default',
+              description: 'Nginx description',
+              package: { name: 'nginx', title: 'Nginx', version: '1.4.0' },
+              enabled: true,
+              policy_id: 'agent-policy-1',
+              policy_ids: ['agent-policy-1'],
+              vars: {
+                new_package_level_var: { value: 'test', type: 'text' },
+              },
+              inputs: [
+                {
+                  type: 'logfile',
+                  policy_template: 'nginx',
+                  enabled: true,
+                  streams: [
+                    {
+                      enabled: true,
+                      data_stream: { type: 'logs', dataset: 'nginx.access' },
+                      vars: {
+                        paths: { value: ['/var/log/nginx/access.log*'], type: 'text' },
+                      },
+                    },
+                  ],
+                  vars: {
+                    new_input_level_var: { value: 'test', type: 'text' },
+                    existing_input_level_var: {
+                      value: 'default_value',
+                      type: 'text',
+                    },
+                  },
+                },
+              ],
+            },
+          ],
+        },
+      ],
+    } as any);
+    jest.mocked(sendGetPackageInfoByKey).mockResolvedValue({
+      data: {
+        item: {
+          name: 'nginx',
+          title: 'Nginx',
+          version: '1.4.0',
+          release: 'ga',
+          description: 'Collect logs and metrics from Nginx HTTP servers with Elastic Agent.',
+          policy_templates: [
+            {
+              name: 'nginx',
+              title: 'Nginx logs and metrics',
+              description: 'Collect logs and metrics from Nginx instances',
+              inputs: [
+                {
+                  type: 'logfile',
+                  title: 'Collect logs from Nginx instances',
+                  description: 'Collecting Nginx access and error logs',
+                  vars: [
+                    {
+                      name: 'new_input_level_var',
+                      type: 'text',
+                      title: 'Paths',
+                      required: false,
+                      show_user: true,
+                    },
+                    {
+                      name: 'existing_input_level_var',
+                      type: 'text',
+                      title: 'Paths',
+                      required: false,
+                      show_user: true,
+                    },
+                  ],
+                },
+              ],
+              multiple: true,
+            },
+          ],
+          data_streams: [
+            {
+              type: 'logs',
+              dataset: 'nginx.access',
+              title: 'Nginx access logs',
+              release: 'experimental',
+              ingest_pipeline: 'default',
+              streams: [
+                {
+                  input: 'logfile',
+                  vars: [
+                    {
+                      name: 'paths',
+                      type: 'text',
+                      title: 'Paths',
+                      multi: true,
+                      required: true,
+                      show_user: true,
+                      default: ['/var/log/nginx/access.log*'],
+                    },
+                  ],
+                  template_path: 'stream.yml.hbs',
+                  title: 'Nginx access logs',
+                  description: 'Collect Nginx access logs',
+                  enabled: true,
+                },
+              ],
+              package: 'nginx',
+              path: 'access',
+            },
+          ],
+          latestVersion: '1.4.0',
+          keepPoliciesUpToDate: false,
+          status: 'not_installed',
+          vars: [
+            {
+              name: 'new_package_level_var',
+              type: 'text',
+              title: 'Paths',
+              required: false,
+              show_user: true,
+            },
+          ],
+        },
+      },
+      isLoading: false,
+    } as any);
+    const renderer = createFleetTestRendererMock();
+    const { result, waitForNextUpdate } = renderer.renderHook(() =>
+      usePackagePolicyWithRelatedData('package-policy-2', {
+        forceUpgrade: true,
+      })
+    );
+    await waitForNextUpdate();
+    expect(result.current.packagePolicy).toMatchInlineSnapshot(`
+      Object {
+        "description": "Nginx description",
+        "enabled": true,
+        "inputs": Array [
+          Object {
+            "enabled": true,
+            "policy_template": "nginx",
+            "streams": Array [
+              Object {
+                "data_stream": Object {
+                  "dataset": "nginx.access",
+                  "type": "logs",
+                },
+                "enabled": true,
+                "vars": Object {
+                  "paths": Object {
+                    "type": "text",
+                    "value": Array [
+                      "/var/log/nginx/access.log*",
+                    ],
+                  },
+                },
+              },
+            ],
+            "type": "logfile",
+            "vars": Object {
+              "existing_input_level_var": Object {
+                "type": "text",
+                "value": "existing-value",
+              },
+              "new_input_level_var": Object {
+                "type": "text",
+                "value": "test",
+              },
+            },
+          },
+        ],
+        "name": "nginx-1",
+        "namespace": "default",
+        "package": Object {
+          "name": "nginx",
+          "title": "Nginx",
+          "version": "1.4.0",
+        },
+        "policy_id": "agent-policy-1",
+        "policy_ids": Array [
+          "agent-policy-1",
+        ],
+        "vars": Object {
+          "new_package_level_var": Object {
+            "type": "text",
+            "value": "test",
+          },
+        },
+      }
+    `);
+  });
 });
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.tsx
index fe7d70d6976a9..bb1e2f10ad85e 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy.tsx
@@ -15,7 +15,7 @@ import type {
   UpgradePackagePolicyDryRunResponse,
 } from '../../../../../../../common/types/rest_spec';
 import {
-  sendGetOneAgentPolicy,
+  sendBulkGetAgentPolicies,
   sendGetOnePackagePolicy,
   sendGetPackageInfoByKey,
   sendGetSettings,
@@ -94,11 +94,14 @@ export function usePackagePolicyWithRelatedData(
   const [validationResults, setValidationResults] = useState<PackagePolicyValidationResults>();
   const hasErrors = validationResults ? validationHasErrors(validationResults) : false;
 
-  const savePackagePolicy = async () => {
+  const savePackagePolicy = async (packagePolicyOverride?: Partial<PackagePolicy>) => {
     setFormState('LOADING');
     const {
       policy: { elasticsearch, ...restPackagePolicy },
-    } = await prepareInputPackagePolicyDataset(packagePolicy);
+    } = await prepareInputPackagePolicyDataset({
+      ...packagePolicy,
+      ...(packagePolicyOverride ?? {}),
+    });
     const result = await sendUpdatePackagePolicy(packagePolicyId, restPackagePolicy);
 
     setFormState('SUBMITTED');
@@ -171,21 +174,15 @@ export function usePackagePolicyWithRelatedData(
           throw packagePolicyError;
         }
 
-        const newAgentPolicies = [];
-        for (const policyId of packagePolicyData!.item.policy_ids) {
-          const { data: agentPolicyData, error: agentPolicyError } = await sendGetOneAgentPolicy(
-            policyId
-          );
-
-          if (agentPolicyError) {
-            throw agentPolicyError;
-          }
+        const { data, error: agentPolicyError } = await sendBulkGetAgentPolicies(
+          packagePolicyData!.item.policy_ids
+        );
 
-          if (agentPolicyData?.item) {
-            newAgentPolicies.push(agentPolicyData.item);
-          }
+        if (agentPolicyError) {
+          throw agentPolicyError;
         }
-        setAgentPolicies(newAgentPolicies);
+
+        setAgentPolicies(data?.items ?? []);
 
         const { data: upgradePackagePolicyDryRunData, error: upgradePackagePolicyDryRunError } =
           await sendUpgradePackagePolicyDryRun([packagePolicyId]);
@@ -264,7 +261,7 @@ export function usePackagePolicyWithRelatedData(
                 ...restOfInput
               } = input;
 
-              let basePolicyInputVars: any =
+              const basePolicyInputVars: any =
                 isUpgradeScenario &&
                 basePolicy.inputs.find(
                   (i) => i.type === input.type && i.policy_template === input.policy_template
@@ -272,14 +269,7 @@ export function usePackagePolicyWithRelatedData(
               let newInputVars = inputVars;
               if (basePolicyInputVars && inputVars) {
                 // merging vars from dry run with updated ones
-                basePolicyInputVars = Object.keys(inputVars).reduce(
-                  (acc, curr) => ({ ...acc, [curr]: basePolicyInputVars[curr] }),
-                  {}
-                );
-                newInputVars = {
-                  ...inputVars,
-                  ...basePolicyInputVars,
-                };
+                newInputVars = mergeVars(inputVars, basePolicyInputVars);
               }
               // Fix duration vars, if it's a migrated setting, and it's a plain old number with no suffix
               if (basePackage.name === 'apm') {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy_steps.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy_steps.tsx
new file mode 100644
index 0000000000000..aca10b24b12ae
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/hooks/use_package_policy_steps.tsx
@@ -0,0 +1,225 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo, useState, useEffect } from 'react';
+import { isEqual } from 'lodash';
+import { i18n } from '@kbn/i18n';
+import type { EuiStepProps } from '@elastic/eui';
+
+import type { AgentPolicy, NewAgentPolicy, NewPackagePolicy } from '../../../../../../../common';
+import { generateNewAgentPolicyWithDefaults } from '../../../../../../../common/services';
+import { SelectedPolicyTab, StepSelectHosts } from '../../create_package_policy_page/components';
+import type { PackageInfo } from '../../../../types';
+import { SetupTechnology } from '../../../../types';
+import {
+  useDevToolsRequest,
+  useSetupTechnology,
+} from '../../create_package_policy_page/single_page_layout/hooks';
+import { agentPolicyFormValidation } from '../../components';
+import { createAgentPolicyIfNeeded } from '../../create_package_policy_page/single_page_layout/hooks/form';
+
+interface Params {
+  configureStep: React.ReactNode;
+  packageInfo?: PackageInfo;
+  existingAgentPolicies: AgentPolicy[];
+  setHasAgentPolicyError: (hasError: boolean) => void;
+  updatePackagePolicy: (data: { policy_ids: string[] }) => void;
+  agentPolicies: AgentPolicy[];
+  setAgentPolicies: (agentPolicies: AgentPolicy[]) => void;
+  isLoadingData: boolean;
+  packagePolicy: NewPackagePolicy;
+  packagePolicyId: string;
+  setNewAgentPolicyName: (newAgentPolicyName: string | undefined) => void;
+}
+
+export function usePackagePolicySteps({
+  configureStep,
+  packageInfo,
+  existingAgentPolicies,
+  setHasAgentPolicyError,
+  updatePackagePolicy,
+  agentPolicies,
+  setAgentPolicies,
+  isLoadingData,
+  packagePolicy,
+  packagePolicyId,
+  setNewAgentPolicyName,
+}: Params) {
+  const [newAgentPolicy, setNewAgentPolicy] = useState<NewAgentPolicy>(
+    generateNewAgentPolicyWithDefaults({ name: 'Agent policy 1' })
+  );
+  const [withSysMonitoring, setWithSysMonitoring] = useState<boolean>(true);
+
+  const [selectedPolicyTab, setSelectedPolicyTab] = useState<SelectedPolicyTab>(
+    SelectedPolicyTab.EXISTING
+  );
+  const validation = agentPolicyFormValidation(newAgentPolicy);
+
+  const setPolicyValidation = useCallback(
+    (currentTab: SelectedPolicyTab, updatedAgentPolicy: NewAgentPolicy) => {
+      if (currentTab === SelectedPolicyTab.NEW) {
+        if (
+          !updatedAgentPolicy.name ||
+          updatedAgentPolicy.name.trim() === '' ||
+          !updatedAgentPolicy.namespace ||
+          updatedAgentPolicy.namespace.trim() === ''
+        ) {
+          setHasAgentPolicyError(true);
+        } else {
+          setHasAgentPolicyError(false);
+        }
+      }
+    },
+    [setHasAgentPolicyError]
+  );
+
+  const updateSelectedPolicyTab = useCallback(
+    (currentTab) => {
+      setSelectedPolicyTab(currentTab);
+      setPolicyValidation(currentTab, newAgentPolicy);
+    },
+    [setSelectedPolicyTab, setPolicyValidation, newAgentPolicy]
+  );
+
+  // Update agent policy method
+  const updateAgentPolicies = useCallback(
+    (updatedAgentPolicies: AgentPolicy[]) => {
+      if (!isLoadingData && isEqual(updatedAgentPolicies, agentPolicies)) {
+        return;
+      }
+      if (updatedAgentPolicies.length > 0) {
+        setAgentPolicies(updatedAgentPolicies);
+        updatePackagePolicy({
+          policy_ids: updatedAgentPolicies.map((policy) => policy.id),
+        });
+        if (packageInfo) {
+          setHasAgentPolicyError(false);
+        }
+      } else {
+        setHasAgentPolicyError(true);
+        setAgentPolicies([]);
+        updatePackagePolicy({
+          policy_ids: [],
+        });
+      }
+
+      // eslint-disable-next-line no-console
+      console.debug('Agent policy updated', updatedAgentPolicies);
+    },
+    [
+      packageInfo,
+      agentPolicies,
+      isLoadingData,
+      updatePackagePolicy,
+      setHasAgentPolicyError,
+      setAgentPolicies,
+    ]
+  );
+
+  const updateNewAgentPolicy = useCallback(
+    (updatedFields: Partial<NewAgentPolicy>) => {
+      const updatedAgentPolicy = {
+        ...newAgentPolicy,
+        ...updatedFields,
+      };
+      setNewAgentPolicy(updatedAgentPolicy);
+      setPolicyValidation(selectedPolicyTab, updatedAgentPolicy);
+    },
+    [setNewAgentPolicy, setPolicyValidation, newAgentPolicy, selectedPolicyTab]
+  );
+
+  const { selectedSetupTechnology } = useSetupTechnology({
+    newAgentPolicy,
+    updateNewAgentPolicy,
+    updateAgentPolicies,
+    setSelectedPolicyTab,
+    packageInfo,
+  });
+
+  const stepSelectAgentPolicy = useMemo(
+    () => (
+      <StepSelectHosts
+        agentPolicies={agentPolicies}
+        updateAgentPolicies={updateAgentPolicies}
+        newAgentPolicy={newAgentPolicy}
+        updateNewAgentPolicy={updateNewAgentPolicy}
+        withSysMonitoring={withSysMonitoring}
+        updateSysMonitoring={(newValue) => setWithSysMonitoring(newValue)}
+        validation={validation}
+        packageInfo={packageInfo}
+        setHasAgentPolicyError={setHasAgentPolicyError}
+        updateSelectedTab={updateSelectedPolicyTab}
+        selectedAgentPolicyIds={existingAgentPolicies.map((policy) => policy.id)}
+        initialSelectedTabIndex={1}
+      />
+    ),
+    [
+      packageInfo,
+      agentPolicies,
+      updateAgentPolicies,
+      newAgentPolicy,
+      updateNewAgentPolicy,
+      validation,
+      withSysMonitoring,
+      updateSelectedPolicyTab,
+      setHasAgentPolicyError,
+      existingAgentPolicies,
+      setWithSysMonitoring,
+    ]
+  );
+
+  const steps: EuiStepProps[] = [
+    {
+      title: i18n.translate('xpack.fleet.createPackagePolicy.stepConfigurePackagePolicyTitle', {
+        defaultMessage: 'Configure integration',
+      }),
+      'data-test-subj': 'dataCollectionSetupStep',
+      children: configureStep,
+      headingElement: 'h2',
+    },
+  ];
+
+  if (selectedSetupTechnology !== SetupTechnology.AGENTLESS) {
+    steps.push({
+      title: i18n.translate('xpack.fleet.createPackagePolicy.stepSelectAgentPolicyTitle', {
+        defaultMessage: 'Where to add this integration?',
+      }),
+      children: stepSelectAgentPolicy,
+      headingElement: 'h2',
+    });
+  }
+
+  const devToolsProps = useDevToolsRequest({
+    newAgentPolicy,
+    packagePolicy,
+    selectedPolicyTab,
+    withSysMonitoring,
+    packageInfo,
+    packagePolicyId,
+  });
+
+  useEffect(() => {
+    setNewAgentPolicyName(
+      selectedPolicyTab === SelectedPolicyTab.NEW ? newAgentPolicy.name : undefined
+    );
+  }, [newAgentPolicy, selectedPolicyTab, setNewAgentPolicyName]);
+
+  return {
+    steps,
+    devToolsProps,
+    createAgentPolicyIfNeeded: async () => {
+      const createdAgentPolicy = await createAgentPolicyIfNeeded({
+        newAgentPolicy,
+        packagePolicy,
+        withSysMonitoring,
+        packageInfo,
+        selectedPolicyTab,
+      });
+      return createdAgentPolicy?.id;
+    },
+  };
+}
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx
index ce648626af2ed..7d50d3e494dbb 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx
@@ -19,6 +19,10 @@ import {
   sendUpgradePackagePolicyDryRun,
   sendUpdatePackagePolicy,
   useStartServices,
+  sendCreateAgentPolicy,
+  sendBulkGetAgentPolicies,
+  useGetAgentPolicies,
+  useMultipleAgentPolicies,
 } from '../../../hooks';
 import { useGetOnePackagePolicy } from '../../../../integrations/hooks';
 
@@ -29,11 +33,12 @@ type MockFn = jest.MockedFunction<any>;
 jest.mock('../../../hooks', () => {
   return {
     ...jest.requireActual('../../../hooks'),
-    sendGetAgentStatus: jest.fn().mockResolvedValue({ data: { results: { total: 0 } } }),
+    sendGetAgentStatus: jest.fn(),
     sendUpdatePackagePolicy: jest.fn(),
     sendGetOnePackagePolicy: jest.fn(),
     sendGetOneAgentPolicy: jest.fn(),
     sendUpgradePackagePolicyDryRun: jest.fn(),
+    useMultipleAgentPolicies: jest.fn(),
     sendGetPackageInfoByKey: jest.fn().mockImplementation((name, version) =>
       Promise.resolve({
         data: {
@@ -125,6 +130,10 @@ jest.mock('../../../hooks', () => {
       },
     }),
     useLink: jest.fn().mockReturnValue({ getHref: jest.fn().mockReturnValue('/navigate/path') }),
+    useGetAgentPolicies: jest.fn(),
+    sendCreateAgentPolicy: jest.fn(),
+    sendBulkGetAgentPolicies: jest.fn(),
+    sendBulkInstallPackages: jest.fn(),
   };
 });
 
@@ -141,6 +150,7 @@ jest.mock('react-router-dom', () => ({
   useRouteMatch: jest.fn().mockReturnValue({
     params: {
       packagePolicyId: 'nginx-1',
+      policyId: 'agent-policy-1',
     },
   }),
 }));
@@ -191,6 +201,10 @@ const TestComponent = async () => {
   };
 };
 
+const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction<
+  typeof useMultipleAgentPolicies
+>;
+
 describe('edit package policy page', () => {
   let testRenderer: TestRenderer;
   let renderResult: ReturnType<typeof testRenderer.render>;
@@ -222,6 +236,25 @@ describe('edit package policy page', () => {
     (sendUpdatePackagePolicy as MockFn).mockResolvedValue({});
     (useStartServices().application.navigateToUrl as MockFn).mockReset();
     (useStartServices().notifications.toasts.addError as MockFn).mockReset();
+    (sendGetAgentStatus as MockFn).mockResolvedValue({ data: { results: { total: 0 } } });
+    (sendBulkGetAgentPolicies as MockFn).mockResolvedValue({
+      data: { items: [{ id: 'agent-policy-1', name: 'Agent policy 1' }] },
+    });
+    (sendCreateAgentPolicy as MockFn).mockResolvedValue({
+      data: { item: { id: 'agent-policy-2' } },
+    });
+    (useGetAgentPolicies as MockFn).mockReturnValue({
+      data: {
+        items: [
+          { id: 'agent-policy-1', name: 'Agent policy 1' },
+          { id: 'fleet-server-policy', name: 'Fleet Server Policy' },
+        ],
+      },
+      error: undefined,
+      isLoading: false,
+      resendRequest: jest.fn(),
+    });
+    useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false });
   });
 
   it('should disable submit button on invalid form with empty package var', async () => {
@@ -455,4 +488,56 @@ describe('edit package policy page', () => {
 
     expect(sendUpdatePackagePolicy).toHaveBeenCalled();
   });
+
+  describe('modify agent policies', () => {
+    beforeEach(() => {
+      useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: true });
+
+      (sendGetAgentStatus as jest.MockedFunction<any>).mockResolvedValue({
+        data: { results: { total: 0 } },
+      });
+    });
+
+    it('should create agent policy with sys monitoring when new hosts is selected', async () => {
+      await act(async () => {
+        render();
+      });
+
+      await waitFor(() => {
+        expect(renderResult.getByTestId('agentPolicyMultiItem')).toHaveAttribute(
+          'title',
+          'Agent policy 1'
+        );
+      });
+
+      await act(async () => {
+        fireEvent.click(renderResult.getByTestId('newHostsTab'));
+      });
+
+      await act(async () => {
+        fireEvent.click(renderResult.getByText(/Save integration/).closest('button')!);
+      });
+
+      await act(async () => {
+        fireEvent.click(renderResult.getAllByText(/Save and deploy changes/)[1].closest('button')!);
+      });
+      expect(sendCreateAgentPolicy as jest.MockedFunction<any>).toHaveBeenCalledWith(
+        {
+          description: '',
+          monitoring_enabled: ['logs', 'metrics'],
+          name: 'Agent policy 2',
+          namespace: 'default',
+          inactivity_timeout: 1209600,
+          is_protected: false,
+        },
+        { withSysMonitoring: true }
+      );
+      expect(sendUpdatePackagePolicy).toHaveBeenCalledWith(
+        'nginx-1',
+        expect.objectContaining({
+          policy_ids: ['agent-policy-1', 'agent-policy-2'],
+        })
+      );
+    });
+  });
 });
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx
index 0a0ed0b69ca79..53e7f2688ef79 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx
@@ -6,7 +6,7 @@
  */
 
 import React, { useState, useEffect, useCallback, useMemo, memo } from 'react';
-import { isEmpty, omit } from 'lodash';
+import { isEmpty } from 'lodash';
 import { useRouteMatch } from 'react-router-dom';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -48,28 +48,29 @@ import {
   StepDefinePackagePolicy,
 } from '../create_package_policy_page/components';
 
-import {
-  AGENTLESS_POLICY_ID,
-  HIDDEN_API_REFERENCE_PACKAGES,
-} from '../../../../../../common/constants';
-import type { PackagePolicyEditExtensionComponentProps } from '../../../types';
-import { ExperimentalFeaturesService, pkgKeyFromPackageInfo } from '../../../services';
-import { generateUpdatePackagePolicyDevToolsRequest } from '../services';
+import { AGENTLESS_POLICY_ID } from '../../../../../../common/constants';
+import type { AgentPolicy, PackagePolicyEditExtensionComponentProps } from '../../../types';
+import { pkgKeyFromPackageInfo } from '../../../services';
 
 import {
+  getInheritedNamespace,
   getRootPrivilegedDataStreams,
   isRootPrivilegesRequired,
 } from '../../../../../../common/services';
+import { useMultipleAgentPolicies } from '../../../hooks';
 
 import { RootPrivilegesCallout } from '../create_package_policy_page/single_page_layout/root_callout';
 
+import { StepsWithLessPadding } from '../create_package_policy_page/single_page_layout';
+
 import { UpgradeStatusCallout } from './components';
 import { usePackagePolicyWithRelatedData, useHistoryBlock } from './hooks';
 import { getNewSecrets } from './utils';
+import { usePackagePolicySteps } from './hooks';
 
 export const EditPackagePolicyPage = memo(() => {
   const {
-    params: { packagePolicyId },
+    params: { packagePolicyId, policyId },
   } = useRouteMatch<{ policyId: string; packagePolicyId: string }>();
 
   const packagePolicy = useGetOnePackagePolicy(packagePolicyId);
@@ -82,6 +83,7 @@ export const EditPackagePolicyPage = memo(() => {
   return (
     <EditPackagePolicyForm
       packagePolicyId={packagePolicyId}
+      policyId={policyId}
       // If an extension opts in to this `useLatestPackageVersion` flag, we want to display
       // the edit form in an "upgrade" state regardless of whether the user intended to
       // "edit" their policy or "upgrade" it. This ensures the new policy generated will be
@@ -95,16 +97,18 @@ export const EditPackagePolicyForm = memo<{
   packagePolicyId: string;
   forceUpgrade?: boolean;
   from?: EditPackagePolicyFrom;
-}>(({ packagePolicyId, forceUpgrade = false, from = 'edit' }) => {
+  policyId?: string;
+}>(({ packagePolicyId, policyId, forceUpgrade = false, from = 'edit' }) => {
   const { application, notifications } = useStartServices();
   const {
     agents: { enabled: isFleetEnabled },
   } = useConfig();
   const { getHref } = useLink();
+  const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies();
 
   const {
     // data
-    agentPolicies,
+    agentPolicies: existingAgentPolicies,
     isLoadingData,
     loadingError,
     packagePolicy,
@@ -126,7 +130,7 @@ export const EditPackagePolicyForm = memo<{
   });
 
   const canWriteIntegrationPolicies = useAuthz().integrations.writeIntegrationPolicies;
-  useSetIsReadOnly(canWriteIntegrationPolicies);
+  useSetIsReadOnly(!canWriteIntegrationPolicies);
   const newSecrets = useMemo(() => {
     if (!packageInfo) {
       return [];
@@ -135,15 +139,19 @@ export const EditPackagePolicyForm = memo<{
     return getNewSecrets({ packageInfo, packagePolicy });
   }, [packageInfo, packagePolicy]);
 
-  const policyIds = agentPolicies.map((policy) => policy.id);
+  const [agentPolicies, setAgentPolicies] = useState<AgentPolicy[]>([]);
+  const [isFirstLoad, setIsFirstLoad] = useState<boolean>(true);
+  const [newAgentPolicyName, setNewAgentPolicyName] = useState<string | undefined>();
+
+  const [hasAgentPolicyError, setHasAgentPolicyError] = useState<boolean>(false);
 
   // Retrieve agent count
   const [agentCount, setAgentCount] = useState<number>(0);
   useEffect(() => {
     const getAgentCount = async () => {
       let count = 0;
-      for (const policyId of policyIds) {
-        const { data } = await sendGetAgentStatus({ policyId });
+      for (const id of packagePolicy.policy_ids) {
+        const { data } = await sendGetAgentStatus({ policyId: id });
         if (data?.results.total) {
           count += data.results.total;
         }
@@ -151,10 +159,10 @@ export const EditPackagePolicyForm = memo<{
       setAgentCount(count);
     };
 
-    if (isFleetEnabled && policyIds.length > 0) {
+    if (isFleetEnabled && packagePolicy.policy_ids.length > 0) {
       getAgentCount();
     }
-  }, [policyIds, isFleetEnabled]);
+  }, [packagePolicy.policy_ids, isFleetEnabled]);
 
   const handleExtensionViewOnChange = useCallback<
     PackagePolicyEditExtensionComponentProps['onChange']
@@ -175,39 +183,90 @@ export const EditPackagePolicyForm = memo<{
   //  if `from === 'edit'` then it links back to Policy Details
   //  if `from === 'package-edit'`, or `upgrade-from-integrations-policy-list` then it links back to the Integration Policy List
   const cancelUrl = useMemo((): string => {
-    if (packageInfo && policyIds.length > 0) {
+    if (packageInfo && policyId) {
       return from === 'package-edit'
         ? getHref('integration_details_policies', {
             pkgkey: pkgKeyFromPackageInfo(packageInfo!),
           })
-        : getHref('policy_details', { policyId: policyIds[0] });
+        : getHref('policy_details', { policyId });
     }
     return '/';
-  }, [from, getHref, packageInfo, policyIds]);
+  }, [from, getHref, packageInfo, policyId]);
   const successRedirectPath = useMemo(() => {
-    if (packageInfo && policyIds.length > 0) {
+    if (packageInfo && policyId) {
       return from === 'package-edit' || from === 'upgrade-from-integrations-policy-list'
         ? getHref('integration_details_policies', {
             pkgkey: pkgKeyFromPackageInfo(packageInfo!),
           })
-        : getHref('policy_details', { policyId: policyIds[0] });
+        : getHref('policy_details', { policyId });
     }
     return '/';
-  }, [from, getHref, packageInfo, policyIds]);
+  }, [from, getHref, packageInfo, policyId]);
 
   useHistoryBlock(isEdited);
 
+  useEffect(() => {
+    if (existingAgentPolicies.length > 0 && isFirstLoad) {
+      setIsFirstLoad(false);
+      setAgentPolicies(existingAgentPolicies);
+    }
+  }, [existingAgentPolicies, isFirstLoad]);
+
+  const agentPoliciesToAdd = useMemo(
+    () => [
+      ...agentPolicies
+        .filter(
+          (policy) =>
+            !existingAgentPolicies.find((existingPolicy) => existingPolicy.id === policy.id)
+        )
+        .map((policy) => policy.name),
+      ...(newAgentPolicyName ? [newAgentPolicyName] : []),
+    ],
+    [agentPolicies, existingAgentPolicies, newAgentPolicyName]
+  );
+  const agentPoliciesToRemove = useMemo(
+    () =>
+      existingAgentPolicies
+        .filter(
+          (existingPolicy) => !agentPolicies.find((policy) => policy.id === existingPolicy.id)
+        )
+        .map((policy) => policy.name),
+    [agentPolicies, existingAgentPolicies]
+  );
+
   const onSubmit = async () => {
     if (formState === 'VALID' && hasErrors) {
       setFormState('INVALID');
       return;
     }
-    if (agentCount !== 0 && !policyIds.includes(AGENTLESS_POLICY_ID) && formState !== 'CONFIRM') {
+    if (
+      (agentCount !== 0 || agentPoliciesToAdd.length > 0 || agentPoliciesToRemove.length > 0) &&
+      !packagePolicy.policy_ids.includes(AGENTLESS_POLICY_ID) &&
+      formState !== 'CONFIRM'
+    ) {
       setFormState('CONFIRM');
       return;
     }
 
-    const { error } = await savePackagePolicy();
+    let newPolicyId;
+    try {
+      setFormState('LOADING');
+      newPolicyId = await createAgentPolicyIfNeeded();
+    } catch (e) {
+      setFormState('VALID');
+      notifications.toasts.addError(e, {
+        title: i18n.translate('xpack.fleet.createAgentPolicy.errorNotificationTitle', {
+          defaultMessage: 'Unable to create agent policy',
+        }),
+      });
+      return;
+    }
+
+    const { error } = await savePackagePolicy({
+      policy_ids: newPolicyId
+        ? [...packagePolicy.policy_ids, newPolicyId]
+        : packagePolicy.policy_ids,
+    });
     if (!error) {
       setIsEdited(false);
       application.navigateToUrl(successRedirectPath);
@@ -311,7 +370,7 @@ export const EditPackagePolicyForm = memo<{
         <>
           {selectedTab === 0 && (
             <StepDefinePackagePolicy
-              agentPolicies={agentPolicies}
+              namespacePlaceholder={getInheritedNamespace(agentPolicies)}
               packageInfo={packageInfo}
               packagePolicy={packagePolicy}
               updatePackagePolicy={updatePackagePolicy}
@@ -384,29 +443,38 @@ export const EditPackagePolicyForm = memo<{
     </ExtensionWrapper>
   );
 
-  const { showDevtoolsRequest: isShowDevtoolRequestExperimentEnabled } =
-    ExperimentalFeaturesService.get();
+  const rootPrivilegedDataStreams = packageInfo ? getRootPrivilegedDataStreams(packageInfo) : [];
 
-  const showDevtoolsRequest =
-    !HIDDEN_API_REFERENCE_PACKAGES.includes(packageInfo?.name ?? '') &&
-    isShowDevtoolRequestExperimentEnabled;
+  const agentPolicyBreadcrumb = useMemo(() => {
+    return existingAgentPolicies.length > 0
+      ? existingAgentPolicies.find((policy) => policy.id === policyId) ?? existingAgentPolicies[0]
+      : { name: '', id: '' };
+  }, [existingAgentPolicies, policyId]);
 
-  const devtoolRequest = useMemo(
-    () =>
-      generateUpdatePackagePolicyDevToolsRequest(
-        packagePolicyId,
-        omit(packagePolicy, 'elasticsearch')
-      ),
-    [packagePolicyId, packagePolicy]
-  );
-  const rootPrivilegedDataStreams = packageInfo ? getRootPrivilegedDataStreams(packageInfo) : [];
+  const {
+    steps,
+    devToolsProps: { devtoolRequest, devtoolRequestDescription, showDevtoolsRequest },
+    createAgentPolicyIfNeeded,
+  } = usePackagePolicySteps({
+    configureStep: replaceConfigurePackage || configurePackage,
+    packageInfo,
+    existingAgentPolicies,
+    setHasAgentPolicyError,
+    updatePackagePolicy,
+    agentPolicies,
+    setAgentPolicies,
+    isLoadingData,
+    packagePolicy,
+    packagePolicyId,
+    setNewAgentPolicyName,
+  });
 
   return (
     <CreatePackagePolicySinglePageLayout {...layoutProps} data-test-subj="editPackagePolicy">
       <EuiErrorBoundary>
         {isLoadingData ? (
           <Loading />
-        ) : loadingError || isEmpty(agentPolicies) || !packageInfo ? (
+        ) : loadingError || isEmpty(existingAgentPolicies) || !packageInfo ? (
           <ErrorComponent
             title={
               <FormattedMessage
@@ -424,12 +492,12 @@ export const EditPackagePolicyForm = memo<{
         ) : (
           <>
             <Breadcrumb
-              agentPolicyName={agentPolicies[0].name}
+              agentPolicyName={agentPolicyBreadcrumb.name}
               from={from}
               packagePolicyName={packagePolicy.name}
               pkgkey={pkgKeyFromPackageInfo(packageInfo)}
               pkgTitle={packageInfo.title}
-              policyId={policyIds[0]}
+              policyId={agentPolicyBreadcrumb.id}
             />
             {formState === 'CONFIRM' && (
               <ConfirmDeployAgentPolicyModal
@@ -437,6 +505,8 @@ export const EditPackagePolicyForm = memo<{
                 agentPolicies={agentPolicies}
                 onConfirm={onSubmit}
                 onCancel={() => setFormState('VALID')}
+                agentPoliciesToAdd={agentPoliciesToAdd}
+                agentPoliciesToRemove={agentPoliciesToRemove}
               />
             )}
             {packageInfo && isRootPrivilegesRequired(packageInfo) ? (
@@ -451,14 +521,20 @@ export const EditPackagePolicyForm = memo<{
                 <EuiSpacer size="xxl" />
               </>
             )}
-            {replaceConfigurePackage || configurePackage}
+            {canUseMultipleAgentPolicies ? (
+              <StepsWithLessPadding steps={steps} />
+            ) : (
+              replaceConfigurePackage || configurePackage
+            )}
             {/* Extra space to accomodate the EuiBottomBar height */}
             <EuiSpacer size="xxl" />
             <EuiSpacer size="xxl" />
             <EuiBottomBar>
               <EuiFlexGroup justifyContent="spaceBetween" alignItems="center">
                 <EuiFlexItem grow={false}>
-                  {agentPolicies && packageInfo && formState === 'INVALID' ? (
+                  {agentPolicies &&
+                  packageInfo &&
+                  (formState === 'INVALID' || hasAgentPolicyError) ? (
                     <FormattedMessage
                       id="xpack.fleet.createPackagePolicy.errorOnSaveText"
                       defaultMessage="Your integration policy has errors. Please fix them before saving."
@@ -482,13 +558,8 @@ export const EditPackagePolicyForm = memo<{
                           btnProps={{
                             color: 'text',
                           }}
-                          description={i18n.translate(
-                            'xpack.fleet.editPackagePolicy.devtoolsRequestDescription',
-                            {
-                              defaultMessage: 'This Kibana request updates a package policy.',
-                            }
-                          )}
                           request={devtoolRequest}
+                          description={devtoolRequestDescription}
                         />
                       </EuiFlexItem>
                     ) : null}
@@ -500,6 +571,8 @@ export const EditPackagePolicyForm = memo<{
                         isDisabled={
                           !canWriteIntegrationPolicies ||
                           formState !== 'VALID' ||
+                          hasAgentPolicyError ||
+                          !validationResults ||
                           (!isEdited && !isUpgrade)
                         }
                         tooltip={
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/upgrade_package_policy_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/upgrade_package_policy_page/index.tsx
index 853caeb0cc826..da107aec7341d 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/upgrade_package_policy_page/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/upgrade_package_policy_page/index.tsx
@@ -14,7 +14,7 @@ import { EditPackagePolicyForm } from '../edit_package_policy_page';
 
 export const UpgradePackagePolicyPage = memo(() => {
   const {
-    params: { packagePolicyId },
+    params: { packagePolicyId, policyId },
   } = useRouteMatch<{ policyId: string; packagePolicyId: string }>();
   const { search } = useLocation();
 
@@ -30,5 +30,12 @@ export const UpgradePackagePolicyPage = memo(() => {
     from = 'upgrade-from-integrations-policy-list';
   }
 
-  return <EditPackagePolicyForm packagePolicyId={packagePolicyId} from={from} forceUpgrade />;
+  return (
+    <EditPackagePolicyForm
+      packagePolicyId={packagePolicyId}
+      policyId={policyId}
+      from={from}
+      forceUpgrade
+    />
+  );
 });
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx
index 261dfbdd83365..e0235fab01446 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx
@@ -68,7 +68,7 @@ export const AgentBulkActions: React.FunctionComponent<Props> = ({
   // Actions states
   const [isReassignFlyoutOpen, setIsReassignFlyoutOpen] = useState<boolean>(false);
   const [isUnenrollModalOpen, setIsUnenrollModalOpen] = useState<boolean>(false);
-  const [updateModalState, setUpgradeModalState] = useState({
+  const [upgradeModalState, setUpgradeModalState] = useState({
     isOpen: false,
     isScheduled: false,
     isUpdating: false,
@@ -256,13 +256,13 @@ export const AgentBulkActions: React.FunctionComponent<Props> = ({
           />
         </EuiPortal>
       )}
-      {updateModalState.isOpen && (
+      {upgradeModalState.isOpen && (
         <EuiPortal>
           <AgentUpgradeAgentModal
             agents={agents}
             agentCount={agentCount}
-            isScheduled={updateModalState.isScheduled}
-            isUpdating={updateModalState.isUpdating}
+            isScheduled={upgradeModalState.isScheduled}
+            isUpdating={upgradeModalState.isUpdating}
             onClose={() => {
               setUpgradeModalState({ isOpen: false, isScheduled: false, isUpdating: false });
               refreshAgents();
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx
index 71d4b85981954..887e58a5c6180 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx
@@ -20,20 +20,23 @@ import { useQuery } from '@tanstack/react-query';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import { AGENTS_INDEX, AGENT_ACTIONS_INDEX, API_VERSIONS } from '../../../../../../common';
+
 import { sendRequest } from '../../../hooks';
 
+import { debugRoutesService } from '../../../../../../common/services';
+
+import { ENROLLMENT_API_KEYS_INDEX } from '../../../constants';
+
 import { CodeBlock } from './code_block';
 
 const fetchIndex = async (index?: string) => {
   if (!index) return;
-  const path = `/${index}/_search`;
   const response = await sendRequest({
     method: 'post',
-    path: `/api/console/proxy`,
-    query: {
-      path,
-      method: 'GET',
-    },
+    path: debugRoutesService.getIndexPath(),
+    body: { index },
+    version: API_VERSIONS.internal.v1,
   });
 
   return response;
@@ -41,9 +44,9 @@ const fetchIndex = async (index?: string) => {
 
 export const FleetIndexDebugger = () => {
   const indices = [
-    { label: '.fleet-agents', value: '.fleet-agents' },
-    { label: '.fleet-actions', value: '.fleet-actions' },
-    { label: '.fleet-enrollment-api-keys', value: '.fleet-enrollment-api-keys' },
+    { label: AGENTS_INDEX, value: AGENTS_INDEX },
+    { label: AGENT_ACTIONS_INDEX, value: AGENT_ACTIONS_INDEX },
+    { label: ENROLLMENT_API_KEYS_INDEX, value: ENROLLMENT_API_KEYS_INDEX },
   ];
   const [index, setIndex] = useState<string | undefined>();
 
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx
index 40f0c8e70a59b..cf41612a0d5fd 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx
@@ -22,6 +22,8 @@ import { FormattedMessage } from '@kbn/i18n-react';
 
 import { sendRequest } from '../../../hooks';
 
+import { debugRoutesService } from '../../../../../../common/services';
+
 import {
   OUTPUT_SAVED_OBJECT_TYPE,
   AGENT_POLICY_SAVED_OBJECT_TYPE,
@@ -29,7 +31,7 @@ import {
   PACKAGES_SAVED_OBJECT_TYPE,
   DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE,
   FLEET_SERVER_HOST_SAVED_OBJECT_TYPE,
-  INGEST_SAVED_OBJECT_INDEX,
+  API_VERSIONS,
 } from '../../../../../../common/constants';
 
 import { CodeBlock } from './code_block';
@@ -37,35 +39,22 @@ import { SavedObjectNamesCombo } from './saved_object_names_combo';
 
 const fetchSavedObjects = async (type?: string, name?: string) => {
   if (!type || !name) return;
-  const path = `/${INGEST_SAVED_OBJECT_INDEX}/_search`;
-  const body = {
-    query: {
-      bool: {
-        must: {
-          match: { [`${type}.name`]: name },
-        },
-        filter: {
-          term: {
-            type,
-          },
-        },
-      },
-    },
-  };
+
   const response = await sendRequest({
     method: 'post',
-    path: `/api/console/proxy`,
-    query: {
-      path,
-      method: 'GET',
+    path: debugRoutesService.getSavedObjectsPath(),
+    body: {
+      type,
+      name,
     },
-    body,
+    version: API_VERSIONS.internal.v1,
   });
 
   if (response.error) {
     throw new Error(response.error.message);
   }
-  return response.data?.hits;
+
+  return response.data?.saved_objects;
 };
 
 export const SavedObjectDebugger: React.FunctionComponent = () => {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx
index 356d591fa2bf6..d7ddd8e2dd6aa 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx
@@ -12,35 +12,15 @@ import { EuiComboBox } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 
 import { sendRequest } from '../../../hooks';
-import { INGEST_SAVED_OBJECT_INDEX } from '../../../../../../common/constants';
+import { debugRoutesService } from '../../../../../../common/services';
+import { API_VERSIONS } from '../../../../../../common/constants';
 
 const fetchSavedObjectNames = async (type: string) => {
-  const path = `/${INGEST_SAVED_OBJECT_INDEX}/_search`;
-  const body = {
-    size: 0,
-    query: {
-      bool: {
-        filter: {
-          term: {
-            type,
-          },
-        },
-      },
-    },
-    aggs: {
-      names: {
-        terms: { field: `${type}.name`, size: 500 },
-      },
-    },
-  };
   const response = await sendRequest({
     method: 'post',
-    path: `/api/console/proxy`,
-    query: {
-      path,
-      method: 'GET',
-    },
-    body,
+    path: debugRoutesService.getSavedObjectNamesPath(),
+    body: { type },
+    version: API_VERSIONS.internal.v1,
   });
 
   if (response.error) {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx
index 5075d532dd3b1..c57d26603c889 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx
@@ -192,7 +192,7 @@ describe('EditOutputFlyout', () => {
   it('should populate secret input with plain text value when editing kafka output', async () => {
     jest
       .spyOn(ExperimentalFeaturesService, 'get')
-      .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true });
+      .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true } as any);
 
     mockedUseFleetStatus.mockReturnValue({
       isLoading: false,
@@ -232,7 +232,7 @@ describe('EditOutputFlyout', () => {
   it('should populate secret password input with plain text value when editing kafka output', async () => {
     jest
       .spyOn(ExperimentalFeaturesService, 'get')
-      .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true });
+      .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true } as any);
 
     mockedUseFleetStatus.mockReturnValue({
       isLoading: false,
@@ -273,7 +273,9 @@ describe('EditOutputFlyout', () => {
   });
 
   it('should populate secret input with plain text value when editing logstash output', async () => {
-    jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ outputSecretsStorage: true });
+    jest
+      .spyOn(ExperimentalFeaturesService, 'get')
+      .mockReturnValue({ outputSecretsStorage: true } as any);
 
     mockedUseFleetStatus.mockReturnValue({
       isLoading: false,
@@ -325,7 +327,7 @@ describe('EditOutputFlyout', () => {
   it('should render the flyout if the output provided is a remote ES output', async () => {
     jest
       .spyOn(ExperimentalFeaturesService, 'get')
-      .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true });
+      .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true } as any);
 
     mockedUseFleetStatus.mockReturnValue({
       isLoading: false,
@@ -356,7 +358,7 @@ describe('EditOutputFlyout', () => {
   it('should populate secret service token input with plain text value when editing remote ES output', async () => {
     jest
       .spyOn(ExperimentalFeaturesService, 'get')
-      .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true });
+      .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true } as any);
 
     mockedUseFleetStatus.mockReturnValue({
       isLoading: false,
@@ -392,7 +394,7 @@ describe('EditOutputFlyout', () => {
   });
 
   it('should not display remote ES output in type lists if serverless', async () => {
-    jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true });
+    jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true } as any);
     mockUseStartServices.mockReset();
     mockStartServices(true);
     const { utils } = renderFlyout({
diff --git a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx
index 967590c36ce07..70fa3fed682f7 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx
@@ -42,6 +42,14 @@ const breadcrumbGetters: {
       }),
     },
   ],
+  integration_create: () => [
+    BASE_BREADCRUMB,
+    {
+      text: i18n.translate('xpack.fleet.breadcrumbs.createIntegrationPageTitle', {
+        defaultMessage: 'Create integration',
+      }),
+    },
+  ],
   integration_details_overview: ({ pkgTitle }) => [BASE_BREADCRUMB, { text: pkgTitle }],
   integration_policy_edit: ({ pkgTitle, pkgkey, policyName }) => [
     BASE_BREADCRUMB,
diff --git a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx
index a1cc117cea673..fd30ef4b85090 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx
@@ -33,7 +33,7 @@ export function useIsReadOnly() {
 export function useSetIsReadOnly(isReadOnly: boolean) {
   const context = useContext(ReadOnlyContext);
   useEffect(() => {
-    context.setIsReadOnly(true);
+    context.setIsReadOnly(isReadOnly);
     return () => context.setIsReadOnly(false);
-  }, [context]);
+  }, [context, isReadOnly]);
 }
diff --git a/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx b/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx
index a3d1809f3fde6..5b1105762dd5a 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx
@@ -8,7 +8,7 @@ import React, { memo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiNotificationBadge } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import { useLink } from '../../../hooks';
+import { useLink, useStartServices } from '../../../hooks';
 import type { Section } from '../sections';
 
 import { WithHeaderLayout } from '.';
@@ -21,6 +21,7 @@ interface Props {
 
 export const DefaultLayout: React.FC<Props> = memo(
   ({ section, children, notificationsBySection }) => {
+    const { integrationAssistant } = useStartServices();
     const { getHref } = useLink();
     const tabs = [
       {
@@ -45,6 +46,8 @@ export const DefaultLayout: React.FC<Props> = memo(
       },
     ];
 
+    const CreateIntegrationCardButton = integrationAssistant?.CreateIntegrationCardButton;
+
     return (
       <WithHeaderLayout
         leftColumn={
@@ -70,8 +73,18 @@ export const DefaultLayout: React.FC<Props> = memo(
                 </p>
               </EuiText>
             </EuiFlexItem>
+
+            <EuiSpacer size="s" />
           </EuiFlexGroup>
         }
+        rightColumnGrow={false}
+        rightColumn={
+          CreateIntegrationCardButton ? (
+            <EuiFlexItem grow={false}>
+              <CreateIntegrationCardButton href={getHref('integration_create')} />
+            </EuiFlexItem>
+          ) : undefined
+        }
         tabs={tabs.map((tab) => {
           const notificationCount = notificationsBySection?.[tab.section];
           return {
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/components/side_bar_column.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/components/side_bar_column.tsx
new file mode 100644
index 0000000000000..e0fd9bdd5a0d3
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/components/side_bar_column.tsx
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import styled from 'styled-components';
+import { EuiFlexItem } from '@elastic/eui';
+
+export const SideBarColumn = styled(EuiFlexItem)`
+  max-width: 160px;
+`;
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/index.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/index.tsx
index ed267952b7f89..741eca1497fdc 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/index.tsx
@@ -11,14 +11,16 @@ import { Routes, Route } from '@kbn/shared-ux-router';
 import { EuiSkeletonText } from '@elastic/eui';
 
 import { INTEGRATIONS_ROUTING_PATHS } from '../../constants';
-import { IntegrationsStateContextProvider, useBreadcrumbs } from '../../hooks';
+import { IntegrationsStateContextProvider, useBreadcrumbs, useStartServices } from '../../hooks';
 
 import { EPMHomePage } from './screens/home';
 import { Detail } from './screens/detail';
 import { Policy } from './screens/policy';
+import { CreateIntegration } from './screens/create';
 import { CustomLanguagesOverview } from './screens/detail/custom_languages_overview';
 
 export const EPMApp: React.FunctionComponent = () => {
+  const { integrationAssistant } = useStartServices();
   useBreadcrumbs('integrations');
 
   return (
@@ -38,6 +40,11 @@ export const EPMApp: React.FunctionComponent = () => {
           </React.Suspense>
         </IntegrationsStateContextProvider>
       </Route>
+      {integrationAssistant && (
+        <Route path={INTEGRATIONS_ROUTING_PATHS.integrations_create}>
+          <CreateIntegration />
+        </Route>
+      )}
       <Route path={INTEGRATIONS_ROUTING_PATHS.integrations}>
         <EPMHomePage />
       </Route>
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/create/index.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/create/index.tsx
new file mode 100644
index 0000000000000..18454a865c2db
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/create/index.tsx
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+
+import { useStartServices, useBreadcrumbs } from '../../../../hooks';
+
+export const CreateIntegration = React.memo(() => {
+  const { integrationAssistant } = useStartServices();
+  useBreadcrumbs('integration_create');
+
+  const CreateIntegrationAssistant = useMemo(
+    () => integrationAssistant?.CreateIntegration,
+    [integrationAssistant]
+  );
+
+  return CreateIntegrationAssistant ? <CreateIntegrationAssistant /> : null;
+});
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx
index c8f60a35c9039..4f11f0412ee1e 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx
@@ -10,6 +10,8 @@ import { Redirect } from 'react-router-dom';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiSpacer, EuiTitle, EuiCallOut } from '@elastic/eui';
 
+import { ExperimentalFeaturesService } from '../../../../../../../services';
+
 import type {
   EsAssetReference,
   AssetSOObject,
@@ -31,12 +33,12 @@ import {
   useAuthz,
   useFleetStatus,
 } from '../../../../../hooks';
-
 import { sendGetBulkAssets } from '../../../../../hooks';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 import { DeferredAssetsSection } from './deferred_assets_accordion';
-
 import { AssetsAccordion } from './assets_accordion';
+import { InstallKibanaAssetsButton } from './install_kibana_assets_button';
 
 interface AssetsPanelProps {
   packageInfo: PackageInfo;
@@ -50,6 +52,8 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps
   const { docLinks } = useStartServices();
   const { spaceId } = useFleetStatus();
 
+  const { useSpaceAwareness } = ExperimentalFeaturesService.get();
+
   const customAssetsExtension = useUIExtension(packageInfo.name, 'package-detail-assets');
 
   const canReadPackageSettings = useAuthz().integrations.readPackageInfo;
@@ -62,23 +66,30 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps
     'installationInfo' in packageInfo ? packageInfo.installationInfo : undefined;
 
   const installedSpaceId = pkgInstallationInfo?.installed_kibana_space_id;
-  const assetsInstalledInCurrentSpace = !installedSpaceId || installedSpaceId === spaceId;
-
+  const assetsInstalledInCurrentSpace =
+    !installedSpaceId ||
+    installedSpaceId === spaceId ||
+    pkgInstallationInfo?.additional_spaces_installed_kibana?.[spaceId || 'default'];
   const [assetSavedObjectsByType, setAssetsSavedObjectsByType] = useState<
     Record<string, Record<string, SimpleSOAssetType & { appLink?: string }>>
   >({});
   const [deferredInstallations, setDeferredInstallations] = useState<EsAssetReference[]>();
+
+  const kibanaAssets = useMemo(() => {
+    return !installedSpaceId || installedSpaceId === spaceId
+      ? pkgInstallationInfo?.installed_kibana || []
+      : pkgInstallationInfo?.additional_spaces_installed_kibana?.[spaceId || 'default'] || [];
+  }, [
+    installedSpaceId,
+    spaceId,
+    pkgInstallationInfo?.installed_kibana,
+    pkgInstallationInfo?.additional_spaces_installed_kibana,
+  ]);
   const pkgAssets = useMemo(
-    () => [
-      ...(assetsInstalledInCurrentSpace ? pkgInstallationInfo?.installed_kibana || [] : []),
-      ...(pkgInstallationInfo?.installed_es || []),
-    ],
-    [
-      assetsInstalledInCurrentSpace,
-      pkgInstallationInfo?.installed_es,
-      pkgInstallationInfo?.installed_kibana,
-    ]
+    () => [...kibanaAssets, ...(pkgInstallationInfo?.installed_es || [])],
+    [kibanaAssets, pkgInstallationInfo?.installed_es]
   );
+
   const pkgAssetsByType = useMemo(
     () =>
       pkgAssets.reduce((acc, asset) => {
@@ -231,6 +242,13 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps
                 }}
               />
             </p>
+            {useSpaceAwareness ? (
+              <InstallKibanaAssetsButton
+                installInfo={pkgInstallationInfo}
+                title={packageInfo.title}
+                onSuccess={forceRefreshAssets}
+              />
+            ) : null}
           </EuiCallOut>
 
           <EuiSpacer size="m" />
@@ -282,7 +300,7 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps
 
   return (
     <EuiFlexGroup alignItems="flexStart">
-      <EuiFlexItem grow={1} />
+      <SideBarColumn grow={1} />
       <EuiFlexItem grow={7}>
         {fetchError && (
           <>
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx
new file mode 100644
index 0000000000000..d56b39f0c0bcd
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx
@@ -0,0 +1,76 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiButton } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+
+import type { InstallationInfo } from '../../../../../../../../common/types';
+import { useAuthz, useInstallKibanaAssetsMutation, useStartServices } from '../../../../../hooks';
+
+interface InstallKibanaAssetsButtonProps {
+  title: string;
+  installInfo: InstallationInfo;
+  onSuccess?: () => void;
+}
+
+export function InstallKibanaAssetsButton({
+  installInfo,
+  title,
+  onSuccess,
+}: InstallKibanaAssetsButtonProps) {
+  const { notifications } = useStartServices();
+  const { name, version } = installInfo;
+  const canInstallPackages = useAuthz().integrations.installPackages;
+  const { mutateAsync, isLoading } = useInstallKibanaAssetsMutation();
+
+  const handleClickInstall = useCallback(async () => {
+    try {
+      await mutateAsync({
+        pkgName: name,
+        pkgVersion: version,
+      });
+      if (onSuccess) {
+        await onSuccess();
+      }
+    } catch (err) {
+      notifications.toasts.addError(err, {
+        title: i18n.translate('xpack.fleet.fleetServerSetup.kibanaInstallAssetsErrorTitle', {
+          defaultMessage: 'Error installing Kibana assets',
+        }),
+      });
+    }
+  }, [mutateAsync, onSuccess, name, version, notifications.toasts]);
+
+  return (
+    <EuiButton
+      disabled={!canInstallPackages}
+      iconType="importAction"
+      isLoading={isLoading}
+      onClick={handleClickInstall}
+    >
+      {isLoading ? (
+        <FormattedMessage
+          id="xpack.fleet.integrations.installPackage.kibanaAssetsInstallingButtonLabel"
+          defaultMessage="Installing Kibana assets in current space"
+          values={{
+            title,
+          }}
+        />
+      ) : (
+        <FormattedMessage
+          id="xpack.fleet.integrations.installPackage.kibanaAssetsInstallButtonLabel"
+          defaultMessage="Install Kibana assets in current space"
+          values={{
+            title,
+          }}
+        />
+      )}
+    </EuiButton>
+  );
+}
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/configs/index.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/configs/index.tsx
index ac1855afae7b4..0167c337d7ddf 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/configs/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/configs/index.tsx
@@ -26,6 +26,7 @@ import { useGetInputsTemplatesQuery, useStartServices } from '../../../../../hoo
 import { PrereleaseCallout } from '../overview/overview';
 
 import { isPackagePrerelease } from '../../../../../../../../common/services';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 interface ConfigsProps {
   packageInfo: PackageInfo;
@@ -56,7 +57,7 @@ export const Configs: React.FC<ConfigsProps> = ({ packageInfo }) => {
 
   return (
     <EuiFlexGroup data-test-subj="epm.Configs" alignItems="flexStart">
-      <EuiFlexItem grow={1} />
+      <SideBarColumn grow={1} />
       <EuiFlexItem grow={7}>
         {isLoading && !configs ? (
           <EuiSkeletonText lines={10} />
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/custom/custom.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/custom/custom.tsx
index 824ceb0d569f7..0d66fd96e75c3 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/custom/custom.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/custom/custom.tsx
@@ -12,6 +12,7 @@ import { useLink, useUIExtension } from '../../../../../hooks';
 import type { PackageInfo } from '../../../../../types';
 import { pkgKeyFromPackageInfo } from '../../../../../services';
 import { ExtensionWrapper } from '../../../../../components';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 interface Props {
   packageInfo: PackageInfo;
@@ -24,7 +25,7 @@ export const CustomViewPage: React.FC<Props> = memo(({ packageInfo }) => {
 
   return customViewExtension ? (
     <EuiFlexGroup alignItems="flexStart">
-      <EuiFlexItem grow={1} />
+      <SideBarColumn grow={1} />
       <EuiFlexItem grow={7}>
         <ExtensionWrapper>
           <customViewExtension.Component pkgkey={pkgkey} packageInfo={packageInfo} />
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/documentation/index.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/documentation/index.tsx
index 40a87bde535b4..a418c38cd8f33 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/documentation/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/documentation/index.tsx
@@ -29,6 +29,7 @@ import type {
 } from '../../../../../types';
 import { useStartServices } from '../../../../../../../hooks';
 import { getStreamsForInputType } from '../../../../../../../../common/services';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 interface Props {
   packageInfo: PackageInfo;
@@ -70,7 +71,7 @@ export const DocumentationPage: React.FunctionComponent<Props> = ({ packageInfo,
 
   return (
     <EuiFlexGroup alignItems="flexStart">
-      <EuiFlexItem grow={1} />
+      <SideBarColumn grow={1} />
       <EuiFlexItem grow={7}>
         <EuiText>
           <FormattedMessage
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx
index 9d6d05a7b11ee..85899dc8d86c3 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx
@@ -34,6 +34,7 @@ import {
 } from '../../../../../../../hooks';
 import { isPackageUnverified } from '../../../../../../../services';
 import type { PackageInfo, RegistryPolicyTemplate } from '../../../../../types';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 import { Screenshots } from './screenshots';
 import { Readme } from './readme';
@@ -59,13 +60,12 @@ interface HeadingWithPosition {
   position: number;
 }
 
-const SideBar = styled(EuiFlexItem)`
+const SideBar = styled(SideBarColumn)`
   position: sticky;
   top: 70px;
   padding-top: 50px;
   padding-left: 10px;
   text-overflow: ellipsis;
-  max-width: 180px;
   max-height: 500px;
 `;
 const StyledSideNav = styled(EuiSideNav)`
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/requirements.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/requirements.tsx
index e028f45aaf7c8..fb106f38f628e 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/requirements.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/overview/requirements.tsx
@@ -7,9 +7,20 @@
 import React, { memo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { EuiFlexGroup, EuiFlexItem, EuiText, EuiDescriptionList, EuiToolTip } from '@elastic/eui';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiText,
+  EuiDescriptionList,
+  EuiToolTip,
+  EuiLink,
+} from '@elastic/eui';
+
+import { useStartServices } from '../../../../../hooks';
 
 export const Requirements = memo(() => {
+  const { docLinks } = useStartServices();
+
   return (
     <EuiFlexGroup direction="column" gutterSize="s">
       <EuiFlexItem>
@@ -48,13 +59,27 @@ export const Requirements = memo(() => {
                       'xpack.fleet.epm.requirements.permissionRequireRootTooltip',
                       {
                         defaultMessage:
-                          'Elastic agent needs to be run with root or administor privileges',
+                          'Elastic agent needs to be run with root or administrator privileges',
                       }
                     )}
                   >
                     <FormattedMessage
                       id="xpack.fleet.epm.requirements.permissionRequireRootMessage"
-                      defaultMessage="root privileges"
+                      defaultMessage="{guideLink}"
+                      values={{
+                        guideLink: (
+                          <EuiLink
+                            href={docLinks.links.fleet.unprivilegedMode}
+                            target="_blank"
+                            external
+                          >
+                            <FormattedMessage
+                              id="xpack.fleet.permissionRequireRootMessage.guideLink"
+                              defaultMessage="Root privileges"
+                            />
+                          </EuiLink>
+                        ),
+                      }}
                     />
                   </EuiToolTip>
                 </>
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx
index 6e1ce1cf8b2d4..50b5b6e89a3ef 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx
@@ -21,7 +21,6 @@ import { i18n } from '@kbn/i18n';
 import { FormattedRelative, FormattedMessage } from '@kbn/i18n-react';
 
 import { policyHasFleetServer } from '../../../../../../../../common/services';
-import { ExperimentalFeaturesService } from '../../../../../services';
 
 import { InstallStatus } from '../../../../../types';
 import type { GetAgentPoliciesResponseItem, InMemoryPackagePolicy } from '../../../../../types';
@@ -40,6 +39,9 @@ import {
   AgentPolicySummaryLine,
   PackagePolicyActionsMenu,
 } from '../../../../../components';
+import { SideBarColumn } from '../../../components/side_bar_column';
+
+import { useMultipleAgentPolicies } from '../../../../../hooks';
 
 import { PackagePolicyAgentsCell } from './components/package_policy_agents_cell';
 import { usePackagePoliciesWithAgentPolicy } from './use_package_policies_with_agent_policy';
@@ -103,7 +105,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps
   const getPackageInstallStatus = useGetPackageInstallStatus();
   const packageInstallStatus = getPackageInstallStatus(name);
   const { pagination, pageSizeOptions, setPagination } = useUrlPagination();
-  const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get();
+  const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies();
 
   const {
     data,
@@ -173,7 +175,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps
     [setPagination]
   );
   const canShowMultiplePoliciesCell =
-    enableReusableIntegrationPolicies && canReadIntegrationPolicies && canReadAgentPolicies;
+    canUseMultipleAgentPolicies && canReadIntegrationPolicies && canReadAgentPolicies;
   const columns: Array<EuiTableFieldDataColumnType<InMemoryPackagePolicyAndAgentPolicy>> = useMemo(
     () => [
       {
@@ -364,7 +366,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps
   return (
     <AgentPolicyRefreshContext.Provider value={{ refresh: refreshPolicies }}>
       <EuiFlexGroup alignItems="flexStart">
-        <EuiFlexItem grow={1} />
+        <SideBarColumn grow={1} />
         <EuiFlexItem grow={7}>
           <EuiBasicTable
             items={packageAndAgentPolicies || []}
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx
index 9255048674aef..769f979e83bf3 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx
@@ -45,6 +45,7 @@ import {
   AUTO_UPGRADE_POLICIES_PACKAGES,
   SO_SEARCH_LIMIT,
 } from '../../../../../constants';
+import { SideBarColumn } from '../../../components/side_bar_column';
 
 import { KeepPoliciesUpToDateSwitch } from '../components';
 
@@ -255,7 +256,7 @@ export const SettingsPage: React.FC<Props> = memo(({ packageInfo, startServices
   return (
     <>
       <EuiFlexGroup alignItems="flexStart">
-        <EuiFlexItem grow={1} />
+        <SideBarColumn grow={1} />
         <EuiFlexItem grow={7}>
           <EuiText>
             <EuiTitle>
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx
index 77cfdb3a9102e..40c865f8ad4d8 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx
@@ -25,7 +25,7 @@ const getHref = (k: string) => k;
 describe('Card utils', () => {
   describe('mapToCard', () => {
     beforeEach(() => {
-      ExperimentalFeaturesService.init({});
+      ExperimentalFeaturesService.init({} as any);
     });
 
     it('should use the installed version if available, without prelease', () => {
diff --git a/x-pack/plugins/fleet/public/components/cloud_security_posture/services/get_template_url_from_package_info.ts b/x-pack/plugins/fleet/public/components/cloud_security_posture/services/get_template_url_from_package_info.ts
index f3132eb2fb318..def0915a47a88 100644
--- a/x-pack/plugins/fleet/public/components/cloud_security_posture/services/get_template_url_from_package_info.ts
+++ b/x-pack/plugins/fleet/public/components/cloud_security_posture/services/get_template_url_from_package_info.ts
@@ -9,7 +9,9 @@ import type { PackageInfo } from '../../../types';
 
 export const SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS = {
   CLOUD_FORMATION: 'cloud_formation_template',
+  CLOUD_FORMATION_CREDENTIALS: 'cloud_formation_credentials_template',
   ARM_TEMPLATE: 'arm_template_url',
+  CLOUD_SHELL_URL: 'cloud_shell_url',
 };
 
 export const getTemplateUrlFromPackageInfo = (
diff --git a/x-pack/plugins/fleet/public/components/enrollment_instructions/root_privileges_callout.tsx b/x-pack/plugins/fleet/public/components/enrollment_instructions/root_privileges_callout.tsx
index 3c115a78567af..50177698099de 100644
--- a/x-pack/plugins/fleet/public/components/enrollment_instructions/root_privileges_callout.tsx
+++ b/x-pack/plugins/fleet/public/components/enrollment_instructions/root_privileges_callout.tsx
@@ -6,13 +6,16 @@
  */
 
 import React from 'react';
-import { EuiCallOut, EuiSpacer } from '@elastic/eui';
+import { EuiCallOut, EuiLink, EuiSpacer } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import { useStartServices } from '../../hooks';
+
 export const RootPrivilegesCallout: React.FC<{
   rootIntegrations?: Array<{ name: string; title: string }>;
 }> = ({ rootIntegrations = [] }) => {
+  const { docLinks } = useStartServices();
   return rootIntegrations.length > 0 ? (
     <>
       <EuiCallOut
@@ -26,7 +29,17 @@ export const RootPrivilegesCallout: React.FC<{
         <FormattedMessage
           id="xpack.fleet.agentEnrollmentCallout.rootPrivilegesMessage"
           defaultMessage="This agent policy contains the following integrations that require Elastic Agents to have root privileges.
-            To ensure that all data required by the integrations can be collected, enroll the agents using an account with root privileges."
+            To ensure that all data required by the integrations can be collected, enroll the agents using an account with root privileges. For more information, see the {guideLink}"
+          values={{
+            guideLink: (
+              <EuiLink href={docLinks.links.fleet.unprivilegedMode} target="_blank" external>
+                <FormattedMessage
+                  id="xpack.fleet.agentEnrollmentCallout.rootPrivilegesMessage.guideLink"
+                  defaultMessage="Fleet and Elastic Agent Guide"
+                />
+              </EuiLink>
+            ),
+          }}
         />
         <ul>
           {rootIntegrations.map((item) => (
diff --git a/x-pack/plugins/fleet/public/components/enrollment_instructions/unprivileged_info.tsx b/x-pack/plugins/fleet/public/components/enrollment_instructions/unprivileged_info.tsx
index d6f1fd368538f..e8d36591998cb 100644
--- a/x-pack/plugins/fleet/public/components/enrollment_instructions/unprivileged_info.tsx
+++ b/x-pack/plugins/fleet/public/components/enrollment_instructions/unprivileged_info.tsx
@@ -6,20 +6,31 @@
  */
 
 import React from 'react';
-import { EuiCode, EuiSpacer, EuiText } from '@elastic/eui';
+import { EuiCode, EuiLink, EuiSpacer, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import { useStartServices } from '../../hooks';
+
 export const UnprivilegedInfo: React.FC = () => {
+  const { docLinks } = useStartServices();
   return (
     <>
       <EuiText>
         <p>
           <FormattedMessage
             id="xpack.fleet.agentEnrollmentFlyout.unprivilegedMessage"
-            defaultMessage="To install Elastic Agent without root privileges, add the {flag} flag to the {command} install command below."
+            defaultMessage="To install Elastic Agent without root privileges, add the {flag} flag to the {command} install command below. For more information, see the {guideLink}"
             values={{
               flag: <EuiCode>--unprivileged</EuiCode>,
               command: <EuiCode>sudo ./elastic-agent</EuiCode>,
+              guideLink: (
+                <EuiLink href={docLinks.links.fleet.unprivilegedMode} target="_blank" external>
+                  <FormattedMessage
+                    id="xpack.fleet.agentEnrollmentFlyout.unprivilegedMessage.guideLink"
+                    defaultMessage="Fleet and Elastic Agent Guide"
+                  />
+                </EuiLink>
+              ),
             }}
           />
         </p>
diff --git a/x-pack/plugins/fleet/public/components/header.tsx b/x-pack/plugins/fleet/public/components/header.tsx
index d32a96ee26cdd..c5a1f15819fe0 100644
--- a/x-pack/plugins/fleet/public/components/header.tsx
+++ b/x-pack/plugins/fleet/public/components/header.tsx
@@ -83,7 +83,6 @@ export const Header: React.FC<HeaderProps> = ({
       <EuiFlexGroup>
         {tabs ? (
           <EuiFlexItem>
-            <EuiSpacer size="s" />
             <Tabs className={tabsClassName}>
               {tabs.map((props, index) => (
                 <EuiTab {...(props as EuiTabProps)} key={`${props.id}-${index}`}>
diff --git a/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx b/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx
index 96849c077f881..e099092b4b863 100644
--- a/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx
+++ b/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx
@@ -12,10 +12,21 @@ import { act } from '@testing-library/react';
 import type { AgentPolicy, InMemoryPackagePolicy } from '../types';
 import { createIntegrationsTestRendererMock } from '../mock';
 
-import { ExperimentalFeaturesService } from '../services';
+import { useMultipleAgentPolicies } from '../hooks';
 
 import { PackagePolicyActionsMenu } from './package_policy_actions_menu';
 
+jest.mock('../hooks', () => {
+  return {
+    ...jest.requireActual('../hooks'),
+    useMultipleAgentPolicies: jest.fn(),
+  };
+});
+
+const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction<
+  typeof useMultipleAgentPolicies
+>;
+
 function renderMenu({
   agentPolicies,
   packagePolicy,
@@ -87,9 +98,7 @@ function createMockPackagePolicy(
 }
 describe('PackagePolicyActionsMenu', () => {
   beforeAll(() => {
-    jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({
-      enableReusableIntegrationPolicies: false,
-    } as any);
+    useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false });
   });
 
   it('Should disable upgrade button if package does not have upgrade', async () => {
diff --git a/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx b/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx
index c4bdd8a4671fd..35f2313f37e0a 100644
--- a/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx
+++ b/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx
@@ -10,11 +10,10 @@ import { EuiCallOut, EuiConfirmModal, EuiSpacer, EuiIconTip } from '@elastic/eui
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import { ExperimentalFeaturesService } from '../services';
 import { useStartServices, sendDeletePackagePolicy, useConfig } from '../hooks';
 import { AGENTS_PREFIX } from '../../common/constants';
 import type { AgentPolicy } from '../types';
-import { sendGetAgents } from '../hooks';
+import { sendGetAgents, useMultipleAgentPolicies } from '../hooks';
 
 interface Props {
   agentPolicies?: AgentPolicy[];
@@ -42,10 +41,10 @@ export const PackagePolicyDeleteProvider: React.FunctionComponent<Props> = ({
   const [agentsCount, setAgentsCount] = useState<number>(0);
   const [isLoading, setIsLoading] = useState<boolean>(false);
   const onSuccessCallback = useRef<OnSuccessCallback | null>(null);
-  const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get();
+  const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies();
 
   const hasMultipleAgentPolicies =
-    enableReusableIntegrationPolicies && agentPolicies && agentPolicies.length > 1;
+    canUseMultipleAgentPolicies && agentPolicies && agentPolicies.length > 1;
 
   const fetchAgentsCount = useMemo(
     () => async () => {
diff --git a/x-pack/plugins/fleet/public/constants/page_paths.ts b/x-pack/plugins/fleet/public/constants/page_paths.ts
index 9601198112ab3..f3a0fb26de672 100644
--- a/x-pack/plugins/fleet/public/constants/page_paths.ts
+++ b/x-pack/plugins/fleet/public/constants/page_paths.ts
@@ -11,6 +11,7 @@ export type StaticPage =
   | 'base'
   | 'overview'
   | 'integrations'
+  | 'integration_create'
   | 'policies'
   | 'policies_list'
   | 'enrollment_tokens'
@@ -97,6 +98,7 @@ export const INTEGRATIONS_ROUTING_PATHS = {
   integrations_all: '/browse/:category?/:subcategory?',
   integrations_installed: '/installed/:category?',
   integrations_installed_updates_available: '/installed/updates_available/:category?',
+  integrations_create: '/create',
   integration_details: '/detail/:pkgkey/:panel?',
   integration_details_overview: '/detail/:pkgkey/overview',
   integration_details_policies: '/detail/:pkgkey/policies',
@@ -152,6 +154,7 @@ export const pagePathGetters: {
     const queryParams = query ? `?${INTEGRATIONS_SEARCH_QUERYPARAM}=${query}` : ``;
     return [INTEGRATIONS_BASE_PATH, `/installed/updates_available${categoryPath}${queryParams}`];
   },
+  integration_create: () => [INTEGRATIONS_BASE_PATH, `/create`],
   integration_details_overview: ({ pkgkey, integration }) => [
     INTEGRATIONS_BASE_PATH,
     `/detail/${pkgkey}/overview${integration ? `?integration=${integration}` : ''}`,
diff --git a/x-pack/plugins/fleet/public/hooks/index.ts b/x-pack/plugins/fleet/public/hooks/index.ts
index e9450a975d3b5..f537698897a19 100644
--- a/x-pack/plugins/fleet/public/hooks/index.ts
+++ b/x-pack/plugins/fleet/public/hooks/index.ts
@@ -34,3 +34,4 @@ export * from './use_fleet_server_standalone';
 export * from './use_locator';
 export * from './use_agent_version';
 export * from './use_fleet_server_agents';
+export * from './use_multiple_agent_policies';
diff --git a/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts b/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts
new file mode 100644
index 0000000000000..2adf814e8ffba
--- /dev/null
+++ b/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ExperimentalFeaturesService } from '../services';
+
+import { useLicense } from './use_license';
+
+export const LICENCE_FOR_MULTIPLE_AGENT_POLICIES = 'enterprise';
+
+export function useMultipleAgentPolicies() {
+  const licenseService = useLicense();
+  const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get();
+
+  const hasEnterpriseLicence = licenseService.hasAtLeast(LICENCE_FOR_MULTIPLE_AGENT_POLICIES);
+
+  const canUseMultipleAgentPolicies = enableReusableIntegrationPolicies && hasEnterpriseLicence;
+
+  return { canUseMultipleAgentPolicies };
+}
diff --git a/x-pack/plugins/fleet/public/hooks/use_request/epm.ts b/x-pack/plugins/fleet/public/hooks/use_request/epm.ts
index 03bf36da75763..bd4bec9be6a1a 100644
--- a/x-pack/plugins/fleet/public/hooks/use_request/epm.ts
+++ b/x-pack/plugins/fleet/public/hooks/use_request/epm.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { useMutation, useQuery } from '@tanstack/react-query';
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
 
 import { useState } from 'react';
 
@@ -289,6 +289,11 @@ interface UpdatePackageArgs {
   body: UpdatePackageRequest['body'];
 }
 
+interface InstallKibanaAssetsArgs {
+  pkgName: string;
+  pkgVersion: string;
+}
+
 export const useUpdatePackageMutation = () => {
   return useMutation<UpdatePackageResponse, RequestError, UpdatePackageArgs>(
     ({ pkgName, pkgVersion, body }: UpdatePackageArgs) =>
@@ -301,6 +306,22 @@ export const useUpdatePackageMutation = () => {
   );
 };
 
+export const useInstallKibanaAssetsMutation = () => {
+  const queryClient = useQueryClient();
+
+  return useMutation<any, RequestError, InstallKibanaAssetsArgs>({
+    mutationFn: ({ pkgName, pkgVersion }: InstallKibanaAssetsArgs) =>
+      sendRequestForRq({
+        path: epmRouteService.getInstallKibanaAssetsPath(pkgName, pkgVersion),
+        method: 'post',
+        version: API_VERSIONS.public.v1,
+      }),
+    onSuccess: (data, { pkgName, pkgVersion }) => {
+      return queryClient.invalidateQueries([pkgName, pkgVersion]);
+    },
+  });
+};
+
 export const sendUpdatePackage = (
   pkgName: string,
   pkgVersion: string,
diff --git a/x-pack/plugins/fleet/public/plugin.ts b/x-pack/plugins/fleet/public/plugin.ts
index ec1ead9aabd94..ce922f838ae4e 100644
--- a/x-pack/plugins/fleet/public/plugin.ts
+++ b/x-pack/plugins/fleet/public/plugin.ts
@@ -18,6 +18,7 @@ import { DEFAULT_APP_CATEGORIES } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 
 import type { NavigationPublicPluginStart } from '@kbn/navigation-plugin/public';
+import type { IntegrationAssistantPluginStart } from '@kbn/integration-assistant-plugin/public';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 
 import type {
@@ -130,6 +131,7 @@ export interface FleetStartDeps {
   navigation: NavigationPublicPluginStart;
   customIntegrations: CustomIntegrationsStart;
   share: SharePluginStart;
+  integrationAssistant?: IntegrationAssistantPluginStart;
   cloud?: CloudStart;
   usageCollection?: UsageCollectionStart;
   guidedOnboarding?: GuidedOnboardingPluginStart;
@@ -139,6 +141,7 @@ export interface FleetStartServices extends CoreStart, Exclude<FleetStartDeps, '
   storage: Storage;
   share: SharePluginStart;
   dashboard: DashboardStart;
+  integrationAssistant?: IntegrationAssistantPluginStart;
   cloud?: CloudSetup & CloudStart;
   discover?: DiscoverStart;
   spaces?: SpacesPluginStart;
diff --git a/x-pack/plugins/fleet/server/config.test.ts b/x-pack/plugins/fleet/server/config.test.ts
index 1f6795f010542..7919c9436c9e3 100644
--- a/x-pack/plugins/fleet/server/config.test.ts
+++ b/x-pack/plugins/fleet/server/config.test.ts
@@ -102,6 +102,14 @@ describe('Config schema', () => {
       });
     }).not.toThrow();
   });
+  it('should allow to specify a URL in xpack.fleet.agentless.api.url ', () => {
+    expect(() => {
+      config.schema.validate({
+        agentless: { api: { url: 'https://agentless.api.url' } },
+      });
+    }).not.toThrow();
+  });
+
   describe('deprecations', () => {
     it('should add a depreciations when trying to enable a non existing experimental feature', () => {
       const res = applyConfigDeprecations({
diff --git a/x-pack/plugins/fleet/server/config.ts b/x-pack/plugins/fleet/server/config.ts
index d339642492bb9..87df985be7a51 100644
--- a/x-pack/plugins/fleet/server/config.ts
+++ b/x-pack/plugins/fleet/server/config.ts
@@ -33,6 +33,7 @@ export const config: PluginConfigDescriptor = {
     agents: {
       enabled: true,
     },
+    agentless: true,
     enableExperimental: true,
     developer: {
       maxAgentPoliciesWithInactivityTimeout: true,
@@ -141,6 +142,13 @@ export const config: PluginConfigDescriptor = {
           })
         ),
       }),
+      agentless: schema.maybe(
+        schema.object({
+          api: schema.object({
+            url: schema.maybe(schema.uri({ scheme: ['http', 'https'] })),
+          }),
+        })
+      ),
       packages: PreconfiguredPackagesSchema,
       agentPolicies: PreconfiguredAgentPoliciesSchema,
       outputs: PreconfiguredOutputsSchema,
diff --git a/x-pack/plugins/fleet/server/constants/index.ts b/x-pack/plugins/fleet/server/constants/index.ts
index 4b71f9e16c8d6..adb7858094865 100644
--- a/x-pack/plugins/fleet/server/constants/index.ts
+++ b/x-pack/plugins/fleet/server/constants/index.ts
@@ -38,6 +38,7 @@ export {
   PRECONFIGURATION_API_ROUTES,
   DOWNLOAD_SOURCE_API_ROOT,
   DOWNLOAD_SOURCE_API_ROUTES,
+  FLEET_DEBUG_ROUTES,
   // Saved Object indices
   INGEST_SAVED_OBJECT_INDEX,
   // Saved object types
diff --git a/x-pack/plugins/fleet/server/mocks/index.ts b/x-pack/plugins/fleet/server/mocks/index.ts
index 781cc18e33425..9e517ad928ba3 100644
--- a/x-pack/plugins/fleet/server/mocks/index.ts
+++ b/x-pack/plugins/fleet/server/mocks/index.ts
@@ -12,6 +12,7 @@ import {
   loggingSystemMock,
   savedObjectsClientMock,
   savedObjectsServiceMock,
+  securityServiceMock,
 } from '@kbn/core/server/mocks';
 import { dataPluginMock } from '@kbn/data-plugin/server/mocks';
 import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
@@ -50,6 +51,7 @@ export interface MockedFleetAppContext extends FleetAppContext {
   data: ReturnType<typeof dataPluginMock.createStartContract>;
   encryptedSavedObjectsStart?: ReturnType<typeof encryptedSavedObjectsMock.createStart>;
   savedObjects: ReturnType<typeof savedObjectsServiceMock.createStartContract>;
+  securityCoreStart: ReturnType<typeof securityServiceMock.createStart>;
   securitySetup: ReturnType<typeof securityMock.createSetup>;
   securityStart: ReturnType<typeof securityMock.createStart>;
   logger: ReturnType<ReturnType<typeof loggingSystemMock.create>['get']>;
@@ -74,6 +76,7 @@ export const createAppContextStartContractMock = (
     encryptedSavedObjectsStart: encryptedSavedObjectsMock.createStart(),
     encryptedSavedObjectsSetup: encryptedSavedObjectsMock.createSetup({ canEncrypt: true }),
     savedObjects: savedObjectsServiceMock.createStartContract(),
+    securityCoreStart: securityServiceMock.createStart(),
     securitySetup: securityMock.createSetup(),
     securityStart: securityMock.createStart(),
     logger: loggingSystemMock.create().get(),
diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts
index 67240be2cc542..4256a4a90e537 100644
--- a/x-pack/plugins/fleet/server/plugin.ts
+++ b/x-pack/plugins/fleet/server/plugin.ts
@@ -23,6 +23,7 @@ import type {
   PluginInitializerContext,
   SavedObjectsClientContract,
   SavedObjectsServiceStart,
+  SecurityServiceStart,
   ServiceStatus,
 } from '@kbn/core/server';
 import { DEFAULT_APP_CATEGORIES, SavedObjectsClient, ServiceStatusLevels } from '@kbn/core/server';
@@ -155,6 +156,7 @@ export interface FleetAppContext {
   data: DataPluginStart;
   encryptedSavedObjectsStart?: EncryptedSavedObjectsPluginStart;
   encryptedSavedObjectsSetup?: EncryptedSavedObjectsPluginSetup;
+  securityCoreStart: SecurityServiceStart;
   securitySetup: SecurityPluginSetup;
   securityStart: SecurityPluginStart;
   config$?: Observable<FleetConfigType>;
@@ -292,6 +294,7 @@ export class FleetPlugin
     core.status.set(this.fleetStatus$.asObservable());
 
     const experimentalFeatures = parseExperimentalConfigValue(config.enableExperimental ?? []);
+    const requireAllSpaces = experimentalFeatures.useSpaceAwareness ? false : true;
 
     registerSavedObjects(core.savedObjects, {
       useSpaceAwareness: experimentalFeatures.useSpaceAwareness,
@@ -331,7 +334,7 @@ export class FleetPlugin
           ? [
               {
                 name: 'Agents',
-                requireAllSpaces: true,
+                requireAllSpaces,
                 privilegeGroups: [
                   {
                     groupType: 'mutually_exclusive',
@@ -365,7 +368,7 @@ export class FleetPlugin
               },
               {
                 name: 'Agent policies',
-                requireAllSpaces: true,
+                requireAllSpaces,
                 privilegeGroups: [
                   {
                     groupType: 'mutually_exclusive',
@@ -402,7 +405,7 @@ export class FleetPlugin
               },
               {
                 name: 'Settings',
-                requireAllSpaces: true,
+                requireAllSpaces,
                 privilegeGroups: [
                   {
                     groupType: 'mutually_exclusive',
@@ -440,7 +443,7 @@ export class FleetPlugin
           all: {
             api: [`${PLUGIN_ID}-read`, `${PLUGIN_ID}-all`],
             app: [PLUGIN_ID],
-            requireAllSpaces: true,
+            requireAllSpaces,
             catalogue: ['fleet'],
             savedObject: {
               all: allSavedObjectTypes,
@@ -452,7 +455,7 @@ export class FleetPlugin
             api: [`${PLUGIN_ID}-read`],
             app: [PLUGIN_ID],
             catalogue: ['fleet'],
-            requireAllSpaces: true,
+            requireAllSpaces,
             savedObject: {
               all: [],
               read: allSavedObjectTypes,
@@ -612,6 +615,7 @@ export class FleetPlugin
       data: plugins.data,
       encryptedSavedObjectsStart: plugins.encryptedSavedObjects,
       encryptedSavedObjectsSetup: this.encryptedSavedObjectsSetup,
+      securityCoreStart: core.security,
       securitySetup: this.securitySetup,
       securityStart: plugins.security,
       configInitialValue: this.configInitialValue,
diff --git a/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts b/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts
index d652dacf0dd9a..b6355bf0c7f78 100644
--- a/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts
+++ b/x-pack/plugins/fleet/server/routes/agent_policy/handlers.ts
@@ -215,7 +215,7 @@ export const createAgentPolicyHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const soClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const withSysMonitoring = request.query.sys_monitoring ?? false;
   const monitoringEnabled = request.body.monitoring_enabled;
   const { has_fleet_server: hasFleetServer, force, ...newPolicy } = request.body;
@@ -261,7 +261,7 @@ export const updateAgentPolicyHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const { force, ...data } = request.body;
 
   const spaceId = fleetContext.spaceId;
@@ -271,11 +271,7 @@ export const updateAgentPolicyHandler: FleetRequestHandler<
       esClient,
       request.params.agentPolicyId,
       data,
-      {
-        force,
-        user: user || undefined,
-        spaceId,
-      }
+      { force, user, spaceId }
     );
     const body: UpdateAgentPolicyResponse = { item: agentPolicy };
     return response.ok({
@@ -300,16 +296,14 @@ export const copyAgentPolicyHandler: RequestHandler<
   const coreContext = await context.core;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   try {
     const agentPolicy = await agentPolicyService.copy(
       soClient,
       esClient,
       request.params.agentPolicyId,
       request.body,
-      {
-        user: user || undefined,
-      }
+      { user }
     );
 
     const body: CopyAgentPolicyResponse = { item: agentPolicy };
@@ -329,16 +323,13 @@ export const deleteAgentPoliciesHandler: RequestHandler<
   const coreContext = await context.core;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   try {
     const body: DeleteAgentPolicyResponse = await agentPolicyService.delete(
       soClient,
       esClient,
       request.body.agentPolicyId,
-      {
-        user: user || undefined,
-        force: request.body.force,
-      }
+      { user, force: request.body.force }
     );
     return response.ok({
       body,
diff --git a/x-pack/plugins/fleet/server/routes/debug/handler.ts b/x-pack/plugins/fleet/server/routes/debug/handler.ts
new file mode 100644
index 0000000000000..4f38208fc1781
--- /dev/null
+++ b/x-pack/plugins/fleet/server/routes/debug/handler.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+
+import type { FleetRequestHandler } from '../../types';
+import { fetchIndex, fetchSavedObjectNames, fetchSavedObjects } from '../../services/debug';
+import type {
+  FetchIndexRequestSchema,
+  FetchSavedObjectNamesRequestSchema,
+  FetchSavedObjectsRequestSchema,
+} from '../../types/rest_spec/debug';
+
+export const fetchIndexHandler: FleetRequestHandler<
+  undefined,
+  undefined,
+  TypeOf<typeof FetchIndexRequestSchema.body>
+> = async (context, request, response) => {
+  const coreContext = await context.core;
+  const esClient = coreContext.elasticsearch.client.asInternalUser;
+  const res = await fetchIndex(esClient, request.body.index);
+  return response.ok({ body: res });
+};
+
+export const fetchSavedObjectsHandler: FleetRequestHandler<
+  undefined,
+  undefined,
+  TypeOf<typeof FetchSavedObjectsRequestSchema.body>
+> = async (context, request, response) => {
+  const soClient = (await context.fleet).internalSoClient;
+  const res = await fetchSavedObjects(soClient, request.body.type, request.body.name);
+  return response.ok({ body: res });
+};
+
+export const fetchSavedObjectNamesHandler: FleetRequestHandler<
+  undefined,
+  undefined,
+  TypeOf<typeof FetchSavedObjectNamesRequestSchema.body>
+> = async (context, request, response) => {
+  const soClient = (await context.fleet).internalSoClient;
+  const res = await fetchSavedObjectNames(soClient, request.body.type);
+  return response.ok({ body: res });
+};
diff --git a/x-pack/plugins/fleet/server/routes/debug/index.ts b/x-pack/plugins/fleet/server/routes/debug/index.ts
new file mode 100644
index 0000000000000..bfe2bfd0f0e20
--- /dev/null
+++ b/x-pack/plugins/fleet/server/routes/debug/index.ts
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FleetAuthzRouter } from '../../services/security';
+
+import { FLEET_DEBUG_ROUTES } from '../../constants';
+import { API_VERSIONS } from '../../../common/constants';
+
+import {
+  FetchIndexRequestSchema,
+  FetchSavedObjectNamesRequestSchema,
+  FetchSavedObjectsRequestSchema,
+} from '../../types/rest_spec/debug';
+
+import {
+  fetchIndexHandler,
+  fetchSavedObjectNamesHandler,
+  fetchSavedObjectsHandler,
+} from './handler';
+
+export const registerRoutes = (router: FleetAuthzRouter) => {
+  router.versioned
+    .post({
+      path: FLEET_DEBUG_ROUTES.INDEX_PATTERN,
+      access: 'internal',
+      fleetAuthz: {
+        fleet: { all: true },
+      },
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.internal.v1,
+        validate: { request: FetchIndexRequestSchema },
+      },
+      fetchIndexHandler
+    );
+
+  router.versioned
+    .post({
+      path: FLEET_DEBUG_ROUTES.SAVED_OBJECTS_PATTERN,
+      access: 'internal',
+      fleetAuthz: {
+        fleet: { all: true },
+      },
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.internal.v1,
+        validate: { request: FetchSavedObjectsRequestSchema },
+      },
+      fetchSavedObjectsHandler
+    );
+
+  router.versioned
+    .post({
+      path: FLEET_DEBUG_ROUTES.SAVED_OBJECT_NAMES_PATTERN,
+      access: 'internal',
+      fleetAuthz: {
+        fleet: { all: true },
+      },
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.internal.v1,
+        validate: { request: FetchSavedObjectNamesRequestSchema },
+      },
+      fetchSavedObjectNamesHandler
+    );
+};
diff --git a/x-pack/plugins/fleet/server/routes/epm/handlers.ts b/x-pack/plugins/fleet/server/routes/epm/handlers.ts
index 709bd7b362a9f..9ce8c9afa4e6a 100644
--- a/x-pack/plugins/fleet/server/routes/epm/handlers.ts
+++ b/x-pack/plugins/fleet/server/routes/epm/handlers.ts
@@ -307,7 +307,7 @@ export const installPackageFromRegistryHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
 
   const { pkgName, pkgVersion } = request.params;
 
@@ -340,6 +340,7 @@ export const installPackageFromRegistryHandler: FleetRequestHandler<
     return await defaultFleetErrorHandler({ error: res.error, response });
   }
 };
+
 export const createCustomIntegrationHandler: FleetRequestHandler<
   undefined,
   undefined,
@@ -349,7 +350,7 @@ export const createCustomIntegrationHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const kibanaVersion = appContextService.getKibanaVersion();
   const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
   const spaceId = fleetContext.spaceId;
@@ -424,7 +425,7 @@ export const bulkInstallPackagesFromRegistryHandler: FleetRequestHandler<
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
   const spaceId = fleetContext.spaceId;
-  const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
 
   const bulkInstalledResponses = await bulkInstallPackages({
@@ -456,7 +457,7 @@ export const installPackageByUploadHandler: FleetRequestHandler<
   const contentType = request.headers['content-type'] as string; // from types it could also be string[] or undefined but this is checked later
   const archiveBuffer = Buffer.from(request.body);
   const spaceId = fleetContext.spaceId;
-  const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
 
   const res = await installPackage({
@@ -560,7 +561,7 @@ export const reauthorizeTransformsHandler: FleetRequestHandler<
 
   let username;
   try {
-    const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
+    const user = appContextService.getSecurityCore().authc.getCurrentUser(request);
     if (user) {
       username = user.username;
     }
@@ -640,6 +641,7 @@ const soToInstallationInfo = (pkg: PackageListItem | PackageInfo) => {
       ...pick(pkg.savedObject, ['created_at', 'updated_at', 'namespaces', 'type']),
       installed_kibana: attributes.installed_kibana,
       installed_kibana_space_id: attributes.installed_kibana_space_id,
+      additional_spaces_installed_kibana: attributes.additional_spaces_installed_kibana,
       installed_es: attributes.installed_es,
       install_status: attributes.install_status,
       install_source: attributes.install_source,
diff --git a/x-pack/plugins/fleet/server/routes/epm/index.ts b/x-pack/plugins/fleet/server/routes/epm/index.ts
index 3b7260c79aa7f..8f62dbe88d6a6 100644
--- a/x-pack/plugins/fleet/server/routes/epm/index.ts
+++ b/x-pack/plugins/fleet/server/routes/epm/index.ts
@@ -7,6 +7,8 @@
 
 import type { IKibanaResponse } from '@kbn/core/server';
 
+import { parseExperimentalConfigValue } from '../../../common/experimental_features';
+
 import { API_VERSIONS } from '../../../common/constants';
 
 import type { FleetAuthz } from '../../../common';
@@ -48,7 +50,10 @@ import {
   GetDataStreamsRequestSchema,
   CreateCustomIntegrationRequestSchema,
   GetInputsRequestSchema,
+  InstallKibanaAssetsRequestSchema,
+  DeleteKibanaAssetsRequestSchema,
 } from '../../types';
+import type { FleetConfigType } from '../../config';
 
 import {
   getCategoriesHandler,
@@ -70,6 +75,10 @@ import {
   getInputsHandler,
 } from './handlers';
 import { getFileHandler } from './file_handler';
+import {
+  deletePackageKibanaAssetsHandler,
+  installPackageKibanaAssetsHandler,
+} from './kibana_assets_handler';
 
 const MAX_FILE_SIZE_BYTES = 104857600; // 100MB
 
@@ -81,7 +90,9 @@ export const READ_PACKAGE_INFO_AUTHZ: FleetAuthzRouteConfig['fleetAuthz'] = {
   integrations: { readPackageInfo: true },
 };
 
-export const registerRoutes = (router: FleetAuthzRouter) => {
+export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType) => {
+  const experimentalFeatures = parseExperimentalConfigValue(config.enableExperimental);
+
   router.versioned
     .get({
       path: EPM_API_ROUTES.CATEGORIES_PATTERN,
@@ -219,6 +230,38 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
       installPackageFromRegistryHandler
     );
 
+  if (experimentalFeatures.useSpaceAwareness) {
+    router.versioned
+      .post({
+        path: EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN,
+        fleetAuthz: {
+          integrations: { installPackages: true },
+        },
+      })
+      .addVersion(
+        {
+          version: API_VERSIONS.public.v1,
+          validate: { request: InstallKibanaAssetsRequestSchema },
+        },
+        installPackageKibanaAssetsHandler
+      );
+
+    router.versioned
+      .delete({
+        path: EPM_API_ROUTES.DELETE_KIBANA_ASSETS_PATTERN,
+        fleetAuthz: {
+          integrations: { installPackages: true },
+        },
+      })
+      .addVersion(
+        {
+          version: API_VERSIONS.public.v1,
+          validate: { request: DeleteKibanaAssetsRequestSchema },
+        },
+        deletePackageKibanaAssetsHandler
+      );
+  }
+
   router.versioned
     .post({
       path: EPM_API_ROUTES.BULK_INSTALL_PATTERN,
diff --git a/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts b/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts
new file mode 100644
index 0000000000000..8fe83f98669d1
--- /dev/null
+++ b/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts
@@ -0,0 +1,113 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+
+import { defaultFleetErrorHandler, FleetNotFoundError } from '../../errors';
+import { appContextService } from '../../services';
+import {
+  deleteKibanaAssetsAndReferencesForSpace,
+  installKibanaAssetsAndReferences,
+} from '../../services/epm/kibana/assets/install';
+import {
+  getInstallationObject,
+  getInstalledPackageWithAssets,
+} from '../../services/epm/packages/get';
+import type {
+  DeleteKibanaAssetsRequestSchema,
+  FleetRequestHandler,
+  InstallKibanaAssetsRequestSchema,
+} from '../../types';
+
+export const installPackageKibanaAssetsHandler: FleetRequestHandler<
+  TypeOf<typeof InstallKibanaAssetsRequestSchema.params>,
+  undefined,
+  TypeOf<typeof InstallKibanaAssetsRequestSchema.body>
+> = async (context, request, response) => {
+  try {
+    const fleetContext = await context.fleet;
+    const savedObjectsClient = fleetContext.internalSoClient;
+    const logger = appContextService.getLogger();
+    const spaceId = fleetContext.spaceId;
+    const { pkgName, pkgVersion } = request.params;
+
+    const installedPkgWithAssets = await getInstalledPackageWithAssets({
+      savedObjectsClient,
+      pkgName,
+      logger,
+    });
+
+    const installation = await getInstallationObject({
+      pkgName,
+      savedObjectsClient,
+    });
+
+    if (
+      !installation ||
+      !installedPkgWithAssets ||
+      installedPkgWithAssets?.installation.version !== pkgVersion
+    ) {
+      throw new FleetNotFoundError('Requested version is not installed');
+    }
+
+    const { packageInfo } = installedPkgWithAssets;
+
+    await installKibanaAssetsAndReferences({
+      savedObjectsClient,
+      logger,
+      pkgName,
+      pkgTitle: packageInfo.title,
+      installAsAdditionalSpace: true,
+      spaceId,
+      assetTags: installedPkgWithAssets.packageInfo?.asset_tags,
+      installedPkg: installation,
+      packageInstallContext: {
+        packageInfo,
+        paths: installedPkgWithAssets.paths,
+        assetsMap: installedPkgWithAssets.assetsMap,
+      },
+    });
+
+    return response.ok({ body: { success: true } });
+  } catch (error) {
+    return await defaultFleetErrorHandler({ error, response });
+  }
+};
+
+export const deletePackageKibanaAssetsHandler: FleetRequestHandler<
+  TypeOf<typeof DeleteKibanaAssetsRequestSchema.params>,
+  undefined
+> = async (context, request, response) => {
+  try {
+    const fleetContext = await context.fleet;
+    const savedObjectsClient = fleetContext.internalSoClient;
+    const logger = appContextService.getLogger();
+    const spaceId = fleetContext.spaceId;
+    const { pkgName, pkgVersion } = request.params;
+
+    const installation = await getInstallationObject({
+      pkgName,
+      savedObjectsClient,
+    });
+
+    if (!installation || installation.attributes.version !== pkgVersion) {
+      throw new FleetNotFoundError('Version is not installed');
+    }
+
+    await deleteKibanaAssetsAndReferencesForSpace({
+      savedObjectsClient,
+      logger,
+      pkgName,
+      spaceId,
+      installedPkg: installation,
+    });
+
+    return response.ok({ body: { success: true } });
+  } catch (error) {
+    return await defaultFleetErrorHandler({ error, response });
+  }
+};
diff --git a/x-pack/plugins/fleet/server/routes/index.ts b/x-pack/plugins/fleet/server/routes/index.ts
index 5177b85d84dea..77c4fa9eb4249 100644
--- a/x-pack/plugins/fleet/server/routes/index.ts
+++ b/x-pack/plugins/fleet/server/routes/index.ts
@@ -26,13 +26,14 @@ import { registerRoutes as registerFleetServerHostRoutes } from './fleet_server_
 import { registerRoutes as registerFleetProxiesRoutes } from './fleet_proxies';
 import { registerRoutes as registerMessageSigningServiceRoutes } from './message_signing_service';
 import { registerRoutes as registerUninstallTokenRoutes } from './uninstall_token';
+import { registerRoutes as registerDebugRoutes } from './debug';
 
 export function registerRoutes(fleetAuthzRouter: FleetAuthzRouter, config: FleetConfigType) {
   // Always register app routes for permissions checking
   registerAppRoutes(fleetAuthzRouter);
 
   // The upload package route is only authorized for the superuser
-  registerEPMRoutes(fleetAuthzRouter);
+  registerEPMRoutes(fleetAuthzRouter, config);
 
   registerSetupRoutes(fleetAuthzRouter, config);
   registerAgentPolicyRoutes(fleetAuthzRouter);
@@ -47,6 +48,7 @@ export function registerRoutes(fleetAuthzRouter: FleetAuthzRouter, config: Fleet
   registerHealthCheckRoutes(fleetAuthzRouter);
   registerMessageSigningServiceRoutes(fleetAuthzRouter);
   registerUninstallTokenRoutes(fleetAuthzRouter, config);
+  registerDebugRoutes(fleetAuthzRouter);
 
   // Conditional config routes
   if (config.agents.enabled) {
diff --git a/x-pack/plugins/fleet/server/routes/package_policy/handlers.ts b/x-pack/plugins/fleet/server/routes/package_policy/handlers.ts
index b15b36a8fbd68..8aa7770be3977 100644
--- a/x-pack/plugins/fleet/server/routes/package_policy/handlers.ts
+++ b/x-pack/plugins/fleet/server/routes/package_policy/handlers.ts
@@ -231,7 +231,7 @@ export const createPackagePolicyHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const soClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const { force, id, package: pkg, ...newPolicy } = request.body;
   const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
   let wasPackageAlreadyInstalled = false;
@@ -339,7 +339,7 @@ export const updatePackagePolicyHandler: FleetRequestHandler<
   const soClient = fleetContext.internalSoClient;
   const limitedToPackages = fleetContext.limitedToPackages;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const packagePolicy = await packagePolicyService.get(soClient, request.params.packagePolicyId);
 
   if (!packagePolicy) {
@@ -442,7 +442,7 @@ export const deletePackagePolicyHandler: RequestHandler<
   const coreContext = await context.core;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
 
   try {
     const body: PostDeletePackagePoliciesResponse = await packagePolicyService.delete(
@@ -470,7 +470,7 @@ export const deleteOnePackagePolicyHandler: RequestHandler<
   const coreContext = await context.core;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
 
   try {
     const res = await packagePolicyService.delete(
@@ -509,7 +509,7 @@ export const upgradePackagePolicyHandler: RequestHandler<
   const coreContext = await context.core;
   const soClient = coreContext.savedObjects.client;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   try {
     const body: UpgradePackagePolicyResponse = await packagePolicyService.upgrade(
       soClient,
diff --git a/x-pack/plugins/fleet/server/routes/settings/index.ts b/x-pack/plugins/fleet/server/routes/settings/index.ts
index d8d8aee742c9a..a72d2da7805d5 100644
--- a/x-pack/plugins/fleet/server/routes/settings/index.ts
+++ b/x-pack/plugins/fleet/server/routes/settings/index.ts
@@ -49,13 +49,11 @@ export const putSettingsHandler: FleetRequestHandler<
 > = async (context, request, response) => {
   const soClient = (await context.fleet).internalSoClient;
   const esClient = (await context.core).elasticsearch.client.asInternalUser;
-  const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
+  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
 
   try {
     const settings = await settingsService.saveSettings(soClient, request.body);
-    await agentPolicyService.bumpAllAgentPolicies(esClient, {
-      user: user || undefined,
-    });
+    await agentPolicyService.bumpAllAgentPolicies(esClient, { user });
     const body = {
       item: settings,
     };
diff --git a/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts b/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts
index 122a8d7a7ddc7..45b0995aac078 100644
--- a/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts
+++ b/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts
@@ -515,7 +515,7 @@ describe('validateKuery validates real kueries', () => {
   beforeEach(() => {
     mockedAppContextService.getExperimentalFeatures.mockReturnValue({
       enableStrictKQLValidation: true,
-    });
+    } as any);
   });
   afterEach(() => {
     mockedAppContextService.getExperimentalFeatures.mockReset();
@@ -849,7 +849,7 @@ describe('validateKuery validates real kueries', () => {
     beforeEach(() => {
       mockedAppContextService.getExperimentalFeatures.mockReturnValue({
         enableStrictKQLValidation: false,
-      });
+      } as any);
     });
 
     it('Allows to skip validation for a free text query', async () => {
diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts
index f3377b6665cc0..3f91146536a9d 100644
--- a/x-pack/plugins/fleet/server/saved_objects/index.ts
+++ b/x-pack/plugins/fleet/server/saved_objects/index.ts
@@ -86,7 +86,10 @@ import {
   migratePackagePolicyEvictionsFromV81102,
 } from './migrations/security_solution/to_v8_11_0_2';
 import { settingsV1 } from './model_versions/v1';
-import { packagePolicyV10OnWriteScanFix } from './model_versions/security_solution';
+import {
+  packagePolicyV13AdvancedFields,
+  packagePolicyV10OnWriteScanFix,
+} from './model_versions/security_solution';
 import {
   migratePackagePolicyIdsToV8150,
   migratePackagePolicySetRequiresRootToV8150,
@@ -611,6 +614,14 @@ export const getSavedObjectTypes = (
             },
           ],
         },
+        '13': {
+          changes: [
+            {
+              type: 'data_backfill',
+              backfillFn: packagePolicyV13AdvancedFields,
+            },
+          ],
+        },
       },
       migrations: {
         '7.10.0': migratePackagePolicyToV7100,
@@ -669,6 +680,10 @@ export const getSavedObjectTypes = (
             dynamic: false,
             properties: {},
           },
+          additional_spaces_installed_kibana: {
+            type: 'flattened',
+            index: false,
+          },
           install_started_at: { type: 'date' },
           install_version: { type: 'keyword' },
           install_status: { type: 'keyword' },
@@ -711,6 +726,16 @@ export const getSavedObjectTypes = (
             },
           ],
         },
+        '3': {
+          changes: [
+            {
+              type: 'mappings_addition',
+              addedMappings: {
+                additional_spaces_installed_kibana: { type: 'flattened', index: false },
+              },
+            },
+          ],
+        },
       },
       migrations: {
         '7.14.0': migrateInstallationToV7140,
diff --git a/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts
index 780bc55f9cd3e..d14e27d2d8a14 100644
--- a/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts
+++ b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts
@@ -6,3 +6,4 @@
  */
 
 export { packagePolicyV10OnWriteScanFix } from './v10_on_write_scan_fix';
+export { packagePolicyV13AdvancedFields } from './v13_advanced_package_policy_fields';
diff --git a/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.test.ts b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.test.ts
new file mode 100644
index 0000000000000..35eaf5bcd7f3b
--- /dev/null
+++ b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.test.ts
@@ -0,0 +1,232 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObject } from '@kbn/core-saved-objects-common/src/server_types';
+
+import type { ModelVersionTestMigrator } from '@kbn/core-test-helpers-model-versions';
+import { createModelVersionTestMigrator } from '@kbn/core-test-helpers-model-versions';
+
+import { cloneDeep } from 'lodash';
+
+import type { PackagePolicy } from '../../../../common';
+
+import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../common';
+import { getSavedObjectTypes } from '../..';
+
+const policyDoc: SavedObject<PackagePolicy> = {
+  id: 'mock-saved-object-id',
+  attributes: {
+    name: 'Some Policy Name',
+    package: {
+      name: 'endpoint',
+      title: '',
+      version: '',
+    },
+    id: 'endpoint',
+    policy_id: '',
+    policy_ids: [''],
+    enabled: true,
+    namespace: '',
+    revision: 0,
+    updated_at: '',
+    updated_by: '',
+    created_at: '',
+    created_by: '',
+    inputs: [
+      {
+        type: 'endpoint',
+        enabled: true,
+        streams: [],
+        config: {
+          policy: {
+            value: {
+              windows: {
+                malware: {
+                  mode: 'detect',
+                  blocklist: true,
+                },
+                antivirus_registration: {
+                  enabled: true,
+                },
+              },
+              mac: {
+                malware: {
+                  mode: 'detect',
+                  blocklist: true,
+                },
+              },
+              linux: {
+                malware: {
+                  mode: 'detect',
+                  blocklist: true,
+                },
+              },
+            },
+          },
+        },
+      },
+    ],
+  },
+  type: PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+  references: [],
+};
+
+describe('8.15.0 Endpoint Package Policy migration', () => {
+  let migrator: ModelVersionTestMigrator;
+
+  beforeEach(() => {
+    migrator = createModelVersionTestMigrator({
+      type: getSavedObjectTypes()[PACKAGE_POLICY_SAVED_OBJECT_TYPE],
+    });
+  });
+
+  describe('backfilling `advanced` fields for Windows, Linux, and Mac', () => {
+    it('should backfill `advanced` fields on Kibana update if there are no advanced options yet', () => {
+      const originalPolicyConfigSO = cloneDeep(policyDoc);
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: originalPolicyConfigSO,
+        fromVersion: 12,
+        toVersion: 13,
+      });
+      const migratedPolicyConfig = migratedPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      expect(migratedPolicyConfig.windows.advanced).toEqual({
+        events: {
+          deduplicate_network_events: false,
+          ancestry_in_all_events: true,
+          process_ancestry_length: 20,
+        },
+      });
+      expect(migratedPolicyConfig.linux.advanced).toEqual({
+        events: {
+          deduplicate_network_events: false,
+          ancestry_in_all_events: true,
+          process_ancestry_length: 20,
+        },
+      });
+      expect(migratedPolicyConfig.mac.advanced).toEqual({
+        events: {
+          deduplicate_network_events: false,
+          ancestry_in_all_events: true,
+          process_ancestry_length: 20,
+        },
+      });
+    });
+    it('should backfill `advanced` fields without modifying other `advanced` options', () => {
+      const originalPolicyConfigSO = cloneDeep(policyDoc);
+      const originalPolicyConfig = originalPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      originalPolicyConfig.linux.advanced = {
+        ping: 'pong',
+      };
+      originalPolicyConfig.windows.advanced = {
+        ping: 'pong pong',
+      };
+      originalPolicyConfig.mac.advanced = {
+        ping: 'pong pong pong',
+      };
+      const expectedPolicyConfig = cloneDeep(originalPolicyConfig);
+
+      expectedPolicyConfig.windows.advanced.events = {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+      };
+      expectedPolicyConfig.linux.advanced.events = {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+      };
+      expectedPolicyConfig.mac.advanced.events = {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+      };
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: originalPolicyConfigSO,
+        fromVersion: 12,
+        toVersion: 13,
+      });
+
+      const migratedPolicyConfig = migratedPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      expect(migratedPolicyConfig).toStrictEqual(expectedPolicyConfig);
+    });
+    it('should backfill `advanced` fields without modifying other `events`', () => {
+      const originalPolicyConfigSO = cloneDeep(policyDoc);
+      const originalPolicyConfig = originalPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      originalPolicyConfig.windows.advanced = {
+        events: {
+          ping: 'pong',
+        },
+      };
+      originalPolicyConfig.linux.advanced = {
+        events: {
+          ping: 'pong',
+        },
+      };
+      originalPolicyConfig.mac.advanced = {
+        events: {
+          ping: 'pong',
+        },
+      };
+      const expectedPolicyConfig = cloneDeep(originalPolicyConfig);
+
+      expectedPolicyConfig.windows.advanced.events.deduplicate_network_events = false;
+      expectedPolicyConfig.windows.advanced.events.process_ancestry_length = 20;
+      expectedPolicyConfig.windows.advanced.events.ancestry_in_all_events = true;
+      expectedPolicyConfig.linux.advanced.events.deduplicate_network_events = false;
+      expectedPolicyConfig.linux.advanced.events.process_ancestry_length = 20;
+      expectedPolicyConfig.linux.advanced.events.ancestry_in_all_events = true;
+      expectedPolicyConfig.mac.advanced.events.deduplicate_network_events = false;
+      expectedPolicyConfig.mac.advanced.events.process_ancestry_length = 20;
+      expectedPolicyConfig.mac.advanced.events.ancestry_in_all_events = true;
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: originalPolicyConfigSO,
+        fromVersion: 12,
+        toVersion: 13,
+      });
+
+      const migratedPolicyConfig = migratedPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      expect(migratedPolicyConfig).toStrictEqual(expectedPolicyConfig);
+    });
+    it('should not backfill `advanced` fields if values are already present', () => {
+      const originalPolicyConfigSO = cloneDeep(policyDoc);
+      const originalPolicyConfig = originalPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      originalPolicyConfig.windows.advanced = {
+        events: {
+          deduplicate_network_events: true,
+          process_ancestry_length: 10,
+          ancestry_in_all_events: false,
+        },
+      };
+      originalPolicyConfig.linux.advanced = {
+        events: {
+          deduplicate_network_events: true,
+          process_ancestry_length: 10,
+          ancestry_in_all_events: false,
+        },
+      };
+      originalPolicyConfig.mac.advanced = {
+        events: {
+          deduplicate_network_events: true,
+          process_ancestry_length: 10,
+          ancestry_in_all_events: false,
+        },
+      };
+      const expectedPolicyConfig = cloneDeep(originalPolicyConfig);
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: originalPolicyConfigSO,
+        fromVersion: 12,
+        toVersion: 13,
+      });
+
+      const migratedPolicyConfig = migratedPolicyConfigSO.attributes.inputs[0].config?.policy.value;
+      expect(migratedPolicyConfig).toStrictEqual(expectedPolicyConfig);
+    });
+  });
+});
diff --git a/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.ts b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.ts
new file mode 100644
index 0000000000000..2bf6f8830efee
--- /dev/null
+++ b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/v13_advanced_package_policy_fields.ts
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  SavedObjectModelDataBackfillFn,
+  SavedObjectUnsanitizedDoc,
+} from '@kbn/core-saved-objects-server';
+
+import type { PackagePolicy } from '../../../../common';
+
+export const packagePolicyV13AdvancedFields: SavedObjectModelDataBackfillFn<
+  PackagePolicy,
+  PackagePolicy
+> = (packagePolicyDoc) => {
+  if (packagePolicyDoc.attributes.package?.name !== 'endpoint') {
+    return { attributes: packagePolicyDoc.attributes };
+  }
+
+  const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = packagePolicyDoc;
+
+  const input = updatedPackagePolicyDoc.attributes.inputs[0];
+
+  if (input && input.config) {
+    const policy = input.config.policy.value;
+
+    policy.windows.advanced = {
+      ...policy.windows.advanced,
+      events: {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+        ...policy.windows.advanced?.events,
+      },
+    };
+
+    policy.linux.advanced = {
+      ...policy.linux.advanced,
+      events: {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+        ...policy.linux.advanced?.events,
+      },
+    };
+
+    policy.mac.advanced = {
+      ...policy.mac.advanced,
+      events: {
+        deduplicate_network_events: false,
+        process_ancestry_length: 20,
+        ancestry_in_all_events: true,
+        ...policy.mac.advanced?.events,
+      },
+    };
+  }
+
+  return { attributes: updatedPackagePolicyDoc.attributes };
+};
diff --git a/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts b/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts
index 4410aa4494bb6..0586f924633b6 100644
--- a/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts
@@ -43,5 +43,5 @@ export const getAgentIdsForAgentPolicies = async (
     },
   });
 
-  return res.hits.hits.map((hit) => hit._id);
+  return res.hits.hits.map((hit) => hit._id!);
 };
diff --git a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts
index 42fc4dda938a9..40cda7583a3c1 100644
--- a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts
@@ -877,4 +877,51 @@ describe('Fleet - storedPackagePoliciesToAgentInputs', () => {
       },
     ]);
   });
+
+  it('does not include processor add_fields when global tags array is empty', async () => {
+    expect(
+      await storedPackagePoliciesToAgentInputs(
+        [
+          {
+            ...mockPackagePolicy,
+            package: {
+              name: 'mock_package',
+              title: 'Mock package',
+              version: '0.0.0',
+            },
+            inputs: [
+              {
+                ...mockInput,
+                compiled_input: {
+                  inputVar: 'input-value',
+                },
+                streams: [],
+              },
+            ],
+          },
+        ],
+        packageInfoCache,
+        undefined,
+        undefined,
+        []
+      )
+    ).toEqual([
+      {
+        id: 'test-logs-some-uuid',
+        name: 'mock_package-policy',
+        package_policy_id: 'some-uuid',
+        revision: 1,
+        type: 'test-logs',
+        data_stream: { namespace: 'default' },
+        use_output: 'default',
+        meta: {
+          package: {
+            name: 'mock_package',
+            version: '0.0.0',
+          },
+        },
+        inputVar: 'input-value',
+      },
+    ]);
+  });
 });
diff --git a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts
index 0a1643f293e58..d7f0c70a0786b 100644
--- a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts
@@ -146,7 +146,10 @@ export const storedPackagePoliciesToAgentInputs = async (
 ): Promise<FullAgentPolicyInput[]> => {
   const fullInputs: FullAgentPolicyInput[] = [];
 
-  const addFields = globalDataTags ? globalDataTagsToAddFields(globalDataTags) : undefined;
+  const addFields =
+    globalDataTags && globalDataTags.length > 0
+      ? globalDataTagsToAddFields(globalDataTags)
+      : undefined;
 
   for (const packagePolicy of packagePolicies) {
     if (!isPolicyEnabled(packagePolicy)) {
diff --git a/x-pack/plugins/fleet/server/services/agent_policy.test.ts b/x-pack/plugins/fleet/server/services/agent_policy.test.ts
index d5d4813fdb7e0..cd170e6ef6da8 100644
--- a/x-pack/plugins/fleet/server/services/agent_policy.test.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policy.test.ts
@@ -426,99 +426,255 @@ describe('Agent policy', () => {
     let soClient: ReturnType<typeof savedObjectsClientMock.create>;
     let esClient: ReturnType<typeof elasticsearchServiceMock.createClusterClient>['asInternalUser'];
 
-    beforeEach(() => {
-      soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] });
-      mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
-        {
-          id: 'package-1',
-        },
-      ] as any);
-      esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+    describe('with enableReusableIntegrationPolicies disabled', () => {
+      beforeEach(() => {
+        soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] });
+        mockedPackagePolicyService.create.mockReset();
+        esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+
+        (getAgentsByKuery as jest.Mock).mockResolvedValue({
+          agents: [],
+          total: 0,
+          page: 1,
+          perPage: 10,
+        });
 
-      (getAgentsByKuery as jest.Mock).mockResolvedValue({
-        agents: [],
-        total: 0,
-        page: 1,
-        perPage: 10,
+        mockedPackagePolicyService.delete.mockResolvedValue([
+          {
+            id: 'package-1',
+          } as any,
+        ]);
+        jest
+          .spyOn(appContextService, 'getExperimentalFeatures')
+          .mockReturnValue({ enableReusableIntegrationPolicies: false } as any);
       });
 
-      mockedPackagePolicyService.delete.mockResolvedValue([
-        {
-          id: 'package-1',
-        } as any,
-      ]);
-    });
+      it('should throw error for agent policy which has managed package policy', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            is_managed: true,
+          },
+        ] as any);
+        try {
+          await agentPolicyService.delete(soClient, esClient, 'mocked');
+        } catch (e) {
+          expect(e.message).toEqual(
+            new PackagePolicyRestrictionRelatedError(
+              `Cannot delete agent policy mocked that contains managed package policies`
+            ).message
+          );
+        }
+      });
 
-    it('should throw error for agent policy which has managed package policy', async () => {
-      mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
-        {
-          id: 'package-1',
-          is_managed: true,
-        },
-      ] as any);
-      try {
+      it('should allow delete with force for agent policy which has managed package policy', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            is_managed: true,
+          },
+        ] as any);
+        const response = await agentPolicyService.delete(soClient, esClient, 'mocked', {
+          force: true,
+        });
+        expect(response.id).toEqual('mocked');
+      });
+
+      it('should call audit logger', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+          },
+        ] as any);
         await agentPolicyService.delete(soClient, esClient, 'mocked');
-      } catch (e) {
-        expect(e.message).toEqual(
-          new PackagePolicyRestrictionRelatedError(
-            `Cannot delete agent policy mocked that contains managed package policies`
-          ).message
+
+        expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({
+          action: 'delete',
+          id: 'mocked',
+          savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE,
+        });
+      });
+
+      it('should throw error if active agents are assigned to the policy', async () => {
+        (getAgentsByKuery as jest.Mock).mockResolvedValue({
+          agents: [],
+          total: 2,
+          page: 1,
+          perPage: 10,
+        });
+        await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError(
+          'Cannot delete an agent policy that is assigned to any active or inactive agents'
         );
-      }
-    });
+      });
 
-    it('should allow delete with force for agent policy which has managed package policy', async () => {
-      mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
-        {
-          id: 'package-1',
-          is_managed: true,
-        },
-      ] as any);
-      const response = await agentPolicyService.delete(soClient, esClient, 'mocked', {
-        force: true,
+      it('should delete .fleet-policies entries on agent policy delete', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+          },
+        ] as any);
+        esClient.deleteByQuery.mockResolvedValueOnce({
+          deleted: 2,
+        });
+
+        await agentPolicyService.delete(soClient, esClient, 'mocked');
+
+        expect(esClient.deleteByQuery).toHaveBeenCalledWith(
+          expect.objectContaining({
+            index: AGENT_POLICY_INDEX,
+            query: {
+              term: {
+                policy_id: 'mocked',
+              },
+            },
+          })
+        );
+      });
+
+      it('should delete all integration polices', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            policy_id: ['policy_1'],
+            policy_ids: ['policy_1', 'int_policy_2'],
+          },
+          {
+            id: 'package-2',
+            policy_id: ['policy_1'],
+            policy_ids: ['policy_1'],
+          },
+          {
+            id: 'package-3',
+          },
+        ] as any);
+        await agentPolicyService.delete(soClient, esClient, 'mocked');
+        expect(mockedPackagePolicyService.delete).toBeCalledWith(
+          expect.anything(),
+          expect.anything(),
+          ['package-1', 'package-2', 'package-3'],
+          expect.anything()
+        );
       });
-      expect(response.id).toEqual('mocked');
     });
 
-    it('should call audit logger', async () => {
-      await agentPolicyService.delete(soClient, esClient, 'mocked');
+    describe('with enableReusableIntegrationPolicies enabled', () => {
+      beforeEach(() => {
+        soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] });
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+          },
+        ] as any);
+        esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+
+        (getAgentsByKuery as jest.Mock).mockResolvedValue({
+          agents: [],
+          total: 0,
+          page: 1,
+          perPage: 10,
+        });
+        mockedPackagePolicyService.create.mockReset();
+        jest
+          .spyOn(appContextService, 'getExperimentalFeatures')
+          .mockReturnValue({ enableReusableIntegrationPolicies: true } as any);
+      });
 
-      expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({
-        action: 'delete',
-        id: 'mocked',
-        savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE,
+      it('should throw error for agent policy which has managed package policy', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            is_managed: true,
+          },
+        ] as any);
+        try {
+          await agentPolicyService.delete(soClient, esClient, 'mocked');
+        } catch (e) {
+          expect(e.message).toEqual(
+            new PackagePolicyRestrictionRelatedError(
+              `Cannot delete agent policy mocked that contains managed package policies`
+            ).message
+          );
+        }
       });
-    });
 
-    it('should throw error if active agents are assigned to the policy', async () => {
-      (getAgentsByKuery as jest.Mock).mockResolvedValue({
-        agents: [],
-        total: 2,
-        page: 1,
-        perPage: 10,
+      it('should allow delete with force for agent policy which has managed package policy', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            is_managed: true,
+          },
+        ] as any);
+        const response = await agentPolicyService.delete(soClient, esClient, 'mocked', {
+          force: true,
+        });
+        expect(response.id).toEqual('mocked');
       });
-      await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError(
-        'Cannot delete an agent policy that is assigned to any active or inactive agents'
-      );
-    });
 
-    it('should delete .fleet-policies entries on agent policy delete', async () => {
-      esClient.deleteByQuery.mockResolvedValueOnce({
-        deleted: 2,
+      it('should call audit logger', async () => {
+        await agentPolicyService.delete(soClient, esClient, 'mocked');
+
+        expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({
+          action: 'delete',
+          id: 'mocked',
+          savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE,
+        });
       });
 
-      await agentPolicyService.delete(soClient, esClient, 'mocked');
+      it('should throw error if active agents are assigned to the policy', async () => {
+        (getAgentsByKuery as jest.Mock).mockResolvedValue({
+          agents: [],
+          total: 2,
+          page: 1,
+          perPage: 10,
+        });
+        await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError(
+          'Cannot delete an agent policy that is assigned to any active or inactive agents'
+        );
+      });
 
-      expect(esClient.deleteByQuery).toHaveBeenCalledWith(
-        expect.objectContaining({
-          index: AGENT_POLICY_INDEX,
-          query: {
-            term: {
-              policy_id: 'mocked',
+      it('should delete .fleet-policies entries on agent policy delete', async () => {
+        esClient.deleteByQuery.mockResolvedValueOnce({
+          deleted: 2,
+        });
+
+        await agentPolicyService.delete(soClient, esClient, 'mocked');
+
+        expect(esClient.deleteByQuery).toHaveBeenCalledWith(
+          expect.objectContaining({
+            index: AGENT_POLICY_INDEX,
+            query: {
+              term: {
+                policy_id: 'mocked',
+              },
             },
+          })
+        );
+      });
+
+      it('should only delete package polices that are not shared with other agent policies', async () => {
+        mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
+          {
+            id: 'package-1',
+            policy_id: ['policy_1'],
+            policy_ids: ['policy_1', 'int_policy_2'],
           },
-        })
-      );
+          {
+            id: 'package-2',
+            policy_id: ['policy_1'],
+            policy_ids: ['policy_1'],
+          },
+          {
+            id: 'package-3',
+          },
+        ] as any);
+        await agentPolicyService.delete(soClient, esClient, 'mocked');
+        expect(mockedPackagePolicyService.delete).toBeCalledWith(
+          expect.anything(),
+          expect.anything(),
+          ['package-2', 'package-3'],
+          expect.anything()
+        );
+      });
     });
   });
 
diff --git a/x-pack/plugins/fleet/server/services/agent_policy.ts b/x-pack/plugins/fleet/server/services/agent_policy.ts
index 029352e145ca6..9ce4e869819c3 100644
--- a/x-pack/plugins/fleet/server/services/agent_policy.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policy.ts
@@ -11,6 +11,7 @@ import { safeDump } from 'js-yaml';
 import pMap from 'p-map';
 import { lt } from 'semver';
 import type {
+  AuthenticatedUser,
   ElasticsearchClient,
   SavedObjectsBulkUpdateObject,
   SavedObjectsBulkUpdateResponse,
@@ -20,7 +21,6 @@ import type {
 } from '@kbn/core/server';
 import { SavedObjectsUtils } from '@kbn/core/server';
 
-import type { AuthenticatedUser } from '@kbn/security-plugin/server';
 import type { BulkResponseItem } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 
 import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
@@ -1008,16 +1008,22 @@ class AgentPolicyService {
           `Cannot delete agent policy ${id} that contains managed package policies`
         );
       }
+      const packagePoliciesToDelete = this.packagePoliciesWithoutMultiplePolicies(packagePolicies);
 
       await packagePolicyService.delete(
         soClient,
         esClient,
-        packagePolicies.map((p) => p.id),
+        packagePoliciesToDelete.map((p) => p.id),
         {
           force: options?.force,
           skipUnassignFromAgentPolicies: true,
         }
       );
+      logger.debug(
+        `Deleted package policies with ids ${packagePoliciesToDelete
+          .map((policy) => policy.id)
+          .join(', ')}`
+      );
     }
 
     if (agentPolicy.is_preconfigured && !options?.force) {
@@ -1550,6 +1556,16 @@ class AgentPolicyService {
       );
     }
   }
+
+  private packagePoliciesWithoutMultiplePolicies(packagePolicies: PackagePolicy[]) {
+    // Find package policies that don't have multiple agent policies and mark them for deletion
+    if (appContextService.getExperimentalFeatures().enableReusableIntegrationPolicies) {
+      return packagePolicies.filter(
+        (policy) => !policy?.policy_ids || policy?.policy_ids.length <= 1
+      );
+    }
+    return packagePolicies;
+  }
 }
 
 export const agentPolicyService = new AgentPolicyService();
diff --git a/x-pack/plugins/fleet/server/services/agent_policy_create.ts b/x-pack/plugins/fleet/server/services/agent_policy_create.ts
index de05b3f69685c..dc5a57e81a16a 100644
--- a/x-pack/plugins/fleet/server/services/agent_policy_create.ts
+++ b/x-pack/plugins/fleet/server/services/agent_policy_create.ts
@@ -5,9 +5,11 @@
  * 2.0.
  */
 
-import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
-
-import type { AuthenticatedUser } from '@kbn/security-plugin/common';
+import type {
+  AuthenticatedUser,
+  ElasticsearchClient,
+  SavedObjectsClientContract,
+} from '@kbn/core/server';
 
 import type { HTTPAuthorizationHeader } from '../../common/http_authorization_header';
 
diff --git a/x-pack/plugins/fleet/server/services/agents/action_status.ts b/x-pack/plugins/fleet/server/services/agents/action_status.ts
index 60716e23f9666..1435857ffe670 100644
--- a/x-pack/plugins/fleet/server/services/agents/action_status.ts
+++ b/x-pack/plugins/fleet/server/services/agents/action_status.ts
@@ -323,7 +323,7 @@ async function getHostNames(esClient: ElasticsearchClient, agentIds: string[]) {
     _source: ['local_metadata.host.name'],
   });
   const hostNames = agentsRes.hits.hits.reduce((acc: { [key: string]: string }, curr) => {
-    acc[curr._id] = (curr._source as any).local_metadata.host.name;
+    acc[curr._id!] = (curr._source as any).local_metadata.host.name;
     return acc;
   }, {});
 
diff --git a/x-pack/plugins/fleet/server/services/agents/helpers.ts b/x-pack/plugins/fleet/server/services/agents/helpers.ts
index 2ddad0c24abab..7433fa441953d 100644
--- a/x-pack/plugins/fleet/server/services/agents/helpers.ts
+++ b/x-pack/plugins/fleet/server/services/agents/helpers.ts
@@ -58,7 +58,7 @@ export function searchHitToAgent(
       }))
     : undefined;
   const agent: Agent = {
-    id: hit._id,
+    id: hit._id!,
     type: hit._source?.type!,
     namespaces: hit._source?.namespaces,
     active: hit._source?.active!,
diff --git a/x-pack/plugins/fleet/server/services/app_context.ts b/x-pack/plugins/fleet/server/services/app_context.ts
index 9770d6a696e85..970291bf7d552 100644
--- a/x-pack/plugins/fleet/server/services/app_context.ts
+++ b/x-pack/plugins/fleet/server/services/app_context.ts
@@ -14,6 +14,7 @@ import type {
   HttpServiceSetup,
   Logger,
   KibanaRequest,
+  SecurityServiceStart,
 } from '@kbn/core/server';
 
 import { CoreKibanaRequest } from '@kbn/core/server';
@@ -61,6 +62,7 @@ class AppContextService {
   private data: DataPluginStart | undefined;
   private esClient: ElasticsearchClient | undefined;
   private experimentalFeatures?: ExperimentalFeatures;
+  private securityCoreStart: SecurityServiceStart | undefined;
   private securitySetup: SecurityPluginSetup | undefined;
   private securityStart: SecurityPluginStart | undefined;
   private config$?: Observable<FleetConfigType>;
@@ -86,6 +88,7 @@ class AppContextService {
     this.encryptedSavedObjectsStart = appContext.encryptedSavedObjectsStart;
     this.encryptedSavedObjects = appContext.encryptedSavedObjectsStart?.getClient();
     this.encryptedSavedObjectsSetup = appContext.encryptedSavedObjectsSetup;
+    this.securityCoreStart = appContext.securityCoreStart;
     this.securitySetup = appContext.securitySetup;
     this.securityStart = appContext.securityStart;
     this.savedObjects = appContext.savedObjects;
@@ -129,6 +132,10 @@ class AppContextService {
     return this.encryptedSavedObjects;
   }
 
+  public getSecurityCore() {
+    return this.securityCoreStart!;
+  }
+
   public getSecurity() {
     return this.securityStart!;
   }
diff --git a/x-pack/plugins/fleet/server/services/artifacts/mappings.ts b/x-pack/plugins/fleet/server/services/artifacts/mappings.ts
index 3645f957417e3..8d5382f1fb193 100644
--- a/x-pack/plugins/fleet/server/services/artifacts/mappings.ts
+++ b/x-pack/plugins/fleet/server/services/artifacts/mappings.ts
@@ -27,7 +27,7 @@ export const esSearchHitToArtifact = <
 }: T): Artifact => {
   return {
     ...attributesNotNeedingRename,
-    id,
+    id: id!,
     compressionAlgorithm,
     decodedSha256,
     decodedSize,
diff --git a/x-pack/plugins/fleet/server/services/debug/index.ts b/x-pack/plugins/fleet/server/services/debug/index.ts
new file mode 100644
index 0000000000000..b0e9d7167f1a4
--- /dev/null
+++ b/x-pack/plugins/fleet/server/services/debug/index.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
+
+export async function fetchIndex(esClient: ElasticsearchClient, index: string) {
+  return esClient.search({ index });
+}
+
+export async function fetchSavedObjects(
+  soClient: SavedObjectsClientContract,
+  type: string,
+  name: string
+) {
+  return soClient.find({
+    type,
+    search: `\"${name}\"`, // Search for phrase
+    searchFields: ['name'], // SO type automatically inferred
+  });
+}
+
+export async function fetchSavedObjectNames(soClient: SavedObjectsClientContract, type: string) {
+  return soClient.find({
+    type,
+    aggs: {
+      names: {
+        terms: { field: `${type}.attributes.name` }, // cf. SavedObjectsFindOptions definition in packages/core/saved-objects/core-saved-objects-api-server/src/apis/find.ts
+      },
+    },
+  });
+}
diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts
index 3547fc70daa15..3b200ac5115cf 100644
--- a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts
@@ -10,10 +10,9 @@ import type {
   SavedObjectsImportSuccess,
   SavedObjectsImportResponse,
 } from '@kbn/core/server';
-
 import { loggingSystemMock } from '@kbn/core/server/mocks';
 
-import type { ArchiveAsset } from './install';
+import { type ArchiveAsset } from './install';
 
 jest.mock('timers/promises', () => ({
   async setTimeout() {},
diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts
index 2956cb5fe20c2..e7e453648a596 100644
--- a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts
+++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts
@@ -19,32 +19,22 @@ import type {
 import { createListStream } from '@kbn/utils';
 import { partition } from 'lodash';
 
-import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server';
-
-import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../../../common';
 import { getAssetFromAssetsMap, getPathParts } from '../../archive';
 import { KibanaAssetType, KibanaSavedObjectType } from '../../../../types';
-import type {
-  AssetType,
-  AssetReference,
-  AssetParts,
-  Installation,
-  PackageSpecTags,
-} from '../../../../types';
-import { savedObjectTypes } from '../../packages';
-import type { PackageInstallContext } from '../../../../../common/types';
+import type { AssetReference, AssetParts, Installation, PackageSpecTags } from '../../../../types';
+import type { KibanaAssetReference, PackageInstallContext } from '../../../../../common/types';
 import {
   indexPatternTypes,
   getIndexPatternSavedObjects,
   makeManagedIndexPatternsGlobal,
 } from '../index_pattern/install';
-import { saveKibanaAssetsRefs } from '../../packages/install';
+import { kibanaAssetsToAssetsRef, saveKibanaAssetsRefs } from '../../packages/install';
 import { deleteKibanaSavedObjectsAssets } from '../../packages/remove';
-import { KibanaSOReferenceError } from '../../../../errors';
-
+import { FleetError, KibanaSOReferenceError } from '../../../../errors';
 import { withPackageSpan } from '../../packages/utils';
 
 import { tagKibanaAssets } from './tag_assets';
+import { getSpaceAwareSaveobjectsClients } from './saved_objects';
 
 type SavedObjectsImporterContract = Pick<ISavedObjectsImporter, 'import' | 'resolveImportErrors'>;
 const formatImportErrorsForLog = (errors: SavedObjectsImportFailure[]) =>
@@ -163,11 +153,8 @@ export async function installKibanaAssets(options: {
   return installedAssets;
 }
 
-export async function installKibanaAssetsAndReferences({
+export async function installKibanaAssetsAndReferencesMultispace({
   savedObjectsClient,
-  savedObjectsImporter,
-  savedObjectTagAssignmentService,
-  savedObjectTagClient,
   logger,
   pkgName,
   pkgTitle,
@@ -175,11 +162,9 @@ export async function installKibanaAssetsAndReferences({
   installedPkg,
   spaceId,
   assetTags,
+  installAsAdditionalSpace,
 }: {
   savedObjectsClient: SavedObjectsClientContract;
-  savedObjectsImporter: Pick<ISavedObjectsImporter, 'import' | 'resolveImportErrors'>;
-  savedObjectTagAssignmentService: IAssignmentService;
-  savedObjectTagClient: ITagsClient;
   logger: Logger;
   pkgName: string;
   pkgTitle: string;
@@ -187,15 +172,89 @@ export async function installKibanaAssetsAndReferences({
   installedPkg?: SavedObject<Installation>;
   spaceId: string;
   assetTags?: PackageSpecTags[];
+  installAsAdditionalSpace?: boolean;
 }) {
-  const kibanaAssets = await getKibanaAssets(packageInstallContext);
-  if (installedPkg) await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg });
-  // save new kibana refs before installing the assets
-  const installedKibanaAssetsRefs = await saveKibanaAssetsRefs(
+  if (installedPkg && !installAsAdditionalSpace) {
+    // Install in every space => upgrades
+    const refs = await installKibanaAssetsAndReferences({
+      savedObjectsClient,
+      logger,
+      pkgName,
+      pkgTitle,
+      packageInstallContext,
+      installedPkg,
+      spaceId,
+      assetTags,
+      installAsAdditionalSpace,
+    });
+
+    for (const additionnalSpaceId of Object.keys(
+      installedPkg.attributes.additional_spaces_installed_kibana ?? {}
+    )) {
+      await installKibanaAssetsAndReferences({
+        savedObjectsClient,
+        logger,
+        pkgName,
+        pkgTitle,
+        packageInstallContext,
+        installedPkg,
+        spaceId: additionnalSpaceId,
+        assetTags,
+        installAsAdditionalSpace: true,
+      });
+    }
+    return refs;
+  }
+
+  return installKibanaAssetsAndReferences({
     savedObjectsClient,
+    logger,
     pkgName,
-    kibanaAssets
-  );
+    pkgTitle,
+    packageInstallContext,
+    installedPkg,
+    spaceId,
+    assetTags,
+    installAsAdditionalSpace,
+  });
+}
+
+export async function installKibanaAssetsAndReferences({
+  savedObjectsClient,
+  logger,
+  pkgName,
+  pkgTitle,
+  packageInstallContext,
+  installedPkg,
+  spaceId,
+  assetTags,
+  installAsAdditionalSpace,
+}: {
+  savedObjectsClient: SavedObjectsClientContract;
+  logger: Logger;
+  pkgName: string;
+  pkgTitle: string;
+  packageInstallContext: PackageInstallContext;
+  installedPkg?: SavedObject<Installation>;
+  spaceId: string;
+  assetTags?: PackageSpecTags[];
+  installAsAdditionalSpace?: boolean;
+}) {
+  const { savedObjectsImporter, savedObjectTagAssignmentService, savedObjectTagClient } =
+    getSpaceAwareSaveobjectsClients(spaceId);
+  const kibanaAssets = await getKibanaAssets(packageInstallContext);
+  if (installedPkg) {
+    await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg, spaceId });
+  }
+  let installedKibanaAssetsRefs: KibanaAssetReference[] = [];
+  if (!installAsAdditionalSpace) {
+    // save new kibana refs before installing the assets
+    installedKibanaAssetsRefs = await saveKibanaAssetsRefs(
+      savedObjectsClient,
+      pkgName,
+      kibanaAssetsToAssetsRef(kibanaAssets)
+    );
+  }
 
   const importedAssets = await installKibanaAssets({
     savedObjectsClient,
@@ -204,6 +263,24 @@ export async function installKibanaAssetsAndReferences({
     pkgName,
     kibanaAssets,
   });
+  if (installAsAdditionalSpace) {
+    const assets = importedAssets.map(
+      ({ id, type, destinationId }) =>
+        ({
+          id: destinationId ?? id,
+          originId: id,
+          type,
+        } as KibanaAssetReference)
+    );
+    installedKibanaAssetsRefs = await saveKibanaAssetsRefs(
+      savedObjectsClient,
+      pkgName,
+      assets,
+      installedPkg && installedPkg.attributes.installed_kibana_space_id === spaceId
+        ? false
+        : installAsAdditionalSpace
+    );
+  }
   await withPackageSpan('Create and assign package tags', () =>
     tagKibanaAssets({
       savedObjectTagAssignmentService,
@@ -220,20 +297,32 @@ export async function installKibanaAssetsAndReferences({
   return installedKibanaAssetsRefs;
 }
 
-export const deleteKibanaInstalledRefs = async (
-  savedObjectsClient: SavedObjectsClientContract,
-  pkgName: string,
-  installedKibanaRefs: AssetReference[]
-) => {
-  const installedAssetsToSave = installedKibanaRefs.filter(({ id, type }) => {
-    const assetType = type as AssetType;
-    return !savedObjectTypes.includes(assetType);
-  });
+export async function deleteKibanaAssetsAndReferencesForSpace({
+  savedObjectsClient,
+  logger,
+  pkgName,
+  installedPkg,
+  spaceId,
+}: {
+  savedObjectsClient: SavedObjectsClientContract;
+  logger: Logger;
+  pkgName: string;
+  installedPkg: SavedObject<Installation>;
+  spaceId: string;
+}) {
+  if (!installedPkg) {
+    return;
+  }
+
+  if (installedPkg.attributes.installed_kibana_space_id === spaceId) {
+    throw new FleetError(
+      'Impossible to delete kibana assets from the space where the package was installed, you must uninstall the package.'
+    );
+  }
+  await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg, spaceId });
+  await saveKibanaAssetsRefs(savedObjectsClient, pkgName, [], true);
+}
 
-  return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
-    installed_kibana: installedAssetsToSave,
-  });
-};
 export async function getKibanaAssets(
   packageInstallContext: PackageInstallContext
 ): Promise<Record<KibanaAssetType, ArchiveAsset[]>> {
diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts
new file mode 100644
index 0000000000000..8ac5703265075
--- /dev/null
+++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { savedObjectsClientMock, savedObjectsServiceMock } from '@kbn/core/server/mocks';
+
+import { appContextService } from '../../../app_context';
+
+import { getSpaceAwareSaveobjectsClients } from './saved_objects';
+
+jest.mock('../../../app_context');
+
+describe('getSpaceAwareSaveobjectsClients', () => {
+  it('return space scopped clients', () => {
+    const soStartMock = savedObjectsServiceMock.createStartContract();
+    const mockedSavedObjectTagging = {
+      createInternalAssignmentService: jest.fn(),
+      createTagClient: jest.fn(),
+    };
+
+    const scoppedSoClient = savedObjectsClientMock.create();
+    jest
+      .mocked(appContextService.getInternalUserSOClientForSpaceId)
+      .mockReturnValue(scoppedSoClient);
+
+    jest.mocked(appContextService.getSavedObjects).mockReturnValue(soStartMock);
+    jest.mocked(appContextService.getSavedObjectsTagging).mockReturnValue(mockedSavedObjectTagging);
+
+    getSpaceAwareSaveobjectsClients('test1');
+
+    expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test1');
+    expect(soStartMock.createImporter).toBeCalledWith(scoppedSoClient, expect.anything());
+    expect(mockedSavedObjectTagging.createInternalAssignmentService).toBeCalledWith({
+      client: scoppedSoClient,
+    });
+    expect(mockedSavedObjectTagging.createTagClient).toBeCalledWith({ client: scoppedSoClient });
+  });
+});
diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts
new file mode 100644
index 0000000000000..c4ff55ca8ac82
--- /dev/null
+++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { appContextService } from '../../../app_context';
+
+export function getSpaceAwareSaveobjectsClients(spaceId?: string) {
+  // Saved object client need to be scopped with the package space for saved object tagging
+  const savedObjectClientWithSpace = appContextService.getInternalUserSOClientForSpaceId(spaceId);
+
+  const savedObjectsImporter = appContextService
+    .getSavedObjects()
+    .createImporter(savedObjectClientWithSpace, { importSizeLimit: 15_000 });
+
+  const savedObjectTagAssignmentService = appContextService
+    .getSavedObjectsTagging()
+    .createInternalAssignmentService({ client: savedObjectClientWithSpace });
+
+  const savedObjectTagClient = appContextService
+    .getSavedObjectsTagging()
+    .createTagClient({ client: savedObjectClientWithSpace });
+
+  return {
+    savedObjectClientWithSpace,
+    savedObjectsImporter,
+    savedObjectTagAssignmentService,
+    savedObjectTagClient,
+  };
+}
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts
index 780f1ceb60566..97b0eeb823e02 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts
@@ -10,12 +10,9 @@ import type {
   Logger,
   SavedObject,
   SavedObjectsClientContract,
-  ISavedObjectsImporter,
 } from '@kbn/core/server';
 import { SavedObjectsErrorHelpers } from '@kbn/core/server';
 
-import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server';
-
 import type { HTTPAuthorizationHeader } from '../../../../common/http_authorization_header';
 import type { PackageInstallContext } from '../../../../common/types';
 import { getNormalizedDataStreams } from '../../../../common/services';
@@ -60,9 +57,6 @@ import { installIndexTemplatesAndPipelines } from './install_index_template_pipe
 // only the more explicit `installPackage*` functions should be used
 export async function _installPackage({
   savedObjectsClient,
-  savedObjectsImporter,
-  savedObjectTagAssignmentService,
-  savedObjectTagClient,
   esClient,
   logger,
   installedPkg,
@@ -77,9 +71,6 @@ export async function _installPackage({
   skipDataStreamRollover,
 }: {
   savedObjectsClient: SavedObjectsClientContract;
-  savedObjectsImporter: Pick<ISavedObjectsImporter, 'import' | 'resolveImportErrors'>;
-  savedObjectTagAssignmentService: IAssignmentService;
-  savedObjectTagClient: ITagsClient;
   esClient: ElasticsearchClient;
   logger: Logger;
   installedPkg?: SavedObject<Installation>;
@@ -157,9 +148,6 @@ export async function _installPackage({
     const kibanaAssetPromise = withPackageSpan('Install Kibana assets', () =>
       installKibanaAssetsAndReferences({
         savedObjectsClient,
-        savedObjectsImporter,
-        savedObjectTagAssignmentService,
-        savedObjectTagClient,
         pkgName,
         pkgTitle,
         packageInstallContext,
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts
index 14f3068795120..53112c5eea673 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts
@@ -382,39 +382,6 @@ describe('install', () => {
 
         expect(response.status).toEqual('installed');
       });
-
-      it('should use a scoped to package space soClient for tagging', async () => {
-        const mockedTaggingSo = savedObjectsClientMock.create();
-        jest
-          .mocked(appContextService.getInternalUserSOClientForSpaceId)
-          .mockReturnValue(mockedTaggingSo);
-        jest
-          .mocked(getInstallationObject)
-          .mockResolvedValueOnce({ attributes: { version: '1.2.0' } } as any);
-
-        jest.spyOn(licenseService, 'hasAtLeast').mockReturnValue(true);
-        await installPackage({
-          spaceId: 'test',
-          installSource: 'registry',
-          pkgkey: 'apache-1.3.0',
-          savedObjectsClient: savedObjectsClientMock.create(),
-          esClient: {} as ElasticsearchClient,
-        });
-
-        expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test');
-        expect(appContextService.getSavedObjectsTagging().createTagClient).toBeCalledWith(
-          expect.objectContaining({
-            client: mockedTaggingSo,
-          })
-        );
-        expect(
-          appContextService.getSavedObjectsTagging().createInternalAssignmentService
-        ).toBeCalledWith(
-          expect.objectContaining({
-            client: mockedTaggingSo,
-          })
-        );
-      });
     });
 
     describe('with enablePackagesStateMachine = true', () => {
@@ -632,39 +599,6 @@ describe('install', () => {
 
         expect(response.status).toEqual('installed');
       });
-
-      it('should use a scoped to package space soClient for tagging', async () => {
-        const mockedTaggingSo = savedObjectsClientMock.create();
-        jest
-          .mocked(appContextService.getInternalUserSOClientForSpaceId)
-          .mockReturnValue(mockedTaggingSo);
-        jest
-          .mocked(getInstallationObject)
-          .mockResolvedValueOnce({ attributes: { version: '1.2.0', installed_kibana: [] } } as any);
-
-        jest.spyOn(licenseService, 'hasAtLeast').mockReturnValue(true);
-        await installPackage({
-          spaceId: 'test',
-          installSource: 'registry',
-          pkgkey: 'apache-1.3.0',
-          savedObjectsClient: savedObjectsClientMock.create(),
-          esClient: {} as ElasticsearchClient,
-        });
-
-        expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test');
-        expect(appContextService.getSavedObjectsTagging().createTagClient).toBeCalledWith(
-          expect.objectContaining({
-            client: mockedTaggingSo,
-          })
-        );
-        expect(
-          appContextService.getSavedObjectsTagging().createInternalAssignmentService
-        ).toBeCalledWith(
-          expect.objectContaining({
-            client: mockedTaggingSo,
-          })
-        );
-      });
     });
   });
 
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install.ts b/x-pack/plugins/fleet/server/services/epm/packages/install.ts
index 9f200e97c3cfd..f27cb794475c9 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install.ts
@@ -10,6 +10,7 @@ import { i18n } from '@kbn/i18n';
 import semverLt from 'semver/functions/lt';
 import type Boom from '@hapi/boom';
 import moment from 'moment';
+import { omit } from 'lodash';
 import type {
   ElasticsearchClient,
   SavedObject,
@@ -21,7 +22,11 @@ import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
 import pRetry from 'p-retry';
 import type { LicenseType } from '@kbn/licensing-plugin/server';
 
-import type { PackageDataStreamTypes, PackageInstallContext } from '../../../../common/types';
+import type {
+  KibanaAssetReference,
+  PackageDataStreamTypes,
+  PackageInstallContext,
+} from '../../../../common/types';
 import type { HTTPAuthorizationHeader } from '../../../../common/http_authorization_header';
 import { isPackagePrerelease, getNormalizedDataStreams } from '../../../../common/services';
 import { FLEET_INSTALL_FORMAT_VERSION } from '../../../constants/fleet_es_assets';
@@ -619,27 +624,9 @@ async function installPackageCommon(options: {
       return { error: err, installType, installSource };
     }
 
-    // Saved object client need to be scopped with the package space for saved object tagging
-    const savedObjectClientWithSpace = appContextService.getInternalUserSOClientForSpaceId(spaceId);
-
-    const savedObjectsImporter = appContextService
-      .getSavedObjects()
-      .createImporter(savedObjectClientWithSpace, { importSizeLimit: 15_000 });
-
-    const savedObjectTagAssignmentService = appContextService
-      .getSavedObjectsTagging()
-      .createInternalAssignmentService({ client: savedObjectClientWithSpace });
-
-    const savedObjectTagClient = appContextService
-      .getSavedObjectsTagging()
-      .createTagClient({ client: savedObjectClientWithSpace });
-
     // try installing the package, if there was an error, call error handler and rethrow
     return await _installPackage({
       savedObjectsClient,
-      savedObjectsImporter,
-      savedObjectTagAssignmentService,
-      savedObjectTagClient,
       esClient,
       logger,
       installedPkg,
@@ -1294,10 +1281,17 @@ export async function createInstallation(options: {
   return created;
 }
 
+export const kibanaAssetsToAssetsRef = (
+  kibanaAssets: Record<KibanaAssetType, ArchiveAsset[]>
+): KibanaAssetReference[] => {
+  return Object.values(kibanaAssets).flat().map(toAssetReference);
+};
+
 export const saveKibanaAssetsRefs = async (
   savedObjectsClient: SavedObjectsClientContract,
   pkgName: string,
-  kibanaAssets: Record<KibanaAssetType, ArchiveAsset[]>
+  assetRefs: KibanaAssetReference[],
+  saveAsAdditionnalSpace = false
 ) => {
   auditLoggingService.writeCustomSoAuditLog({
     action: 'update',
@@ -1305,20 +1299,43 @@ export const saveKibanaAssetsRefs = async (
     savedObjectType: PACKAGES_SAVED_OBJECT_TYPE,
   });
 
-  const assetRefs = Object.values(kibanaAssets).flat().map(toAssetReference);
+  const spaceId = savedObjectsClient.getCurrentNamespace() || DEFAULT_SPACE_ID;
+
   // Because Kibana assets are installed in parallel with ES assets with refresh: false, we almost always run into an
   // issue that causes a conflict error due to this issue: https://github.com/elastic/kibana/issues/126240. This is safe
   // to retry constantly until it succeeds to optimize this critical user journey path as much as possible.
   await pRetry(
-    () =>
-      savedObjectsClient.update(
+    async () => {
+      const installation = saveAsAdditionnalSpace
+        ? await savedObjectsClient
+            .get<Installation>(PACKAGES_SAVED_OBJECT_TYPE, pkgName)
+            .catch((e) => {
+              if (SavedObjectsErrorHelpers.isNotFoundError(e)) {
+                return undefined;
+              }
+              throw e;
+            })
+        : undefined;
+
+      return savedObjectsClient.update<Installation>(
         PACKAGES_SAVED_OBJECT_TYPE,
         pkgName,
-        {
-          installed_kibana: assetRefs,
-        },
+        saveAsAdditionnalSpace
+          ? {
+              additional_spaces_installed_kibana: {
+                ...omit(
+                  installation?.attributes?.additional_spaces_installed_kibana ?? {},
+                  spaceId
+                ),
+                ...(assetRefs.length > 0 ? { [spaceId]: assetRefs } : {}),
+              },
+            }
+          : {
+              installed_kibana: assetRefs,
+            },
         { refresh: false }
-      ),
+      );
+    },
     { retries: 20 } // Use a number of retries higher than the number of es asset update operations
   );
 
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts
index c77433774a5cf..5e4dd084b2274 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts
@@ -41,7 +41,7 @@ jest.mock('../../elasticsearch/ilm/install');
 jest.mock('../../elasticsearch/datastream_ilm/install');
 
 import { updateCurrentWriteIndices } from '../../elasticsearch/template/template';
-import { installKibanaAssetsAndReferences } from '../../kibana/assets/install';
+import { installKibanaAssetsAndReferencesMultispace } from '../../kibana/assets/install';
 
 import { MAX_TIME_COMPLETE_INSTALL } from '../../../../../common/constants';
 
@@ -58,7 +58,9 @@ const mockedUpdateCurrentWriteIndices = updateCurrentWriteIndices as jest.Mocked
   typeof updateCurrentWriteIndices
 >;
 const mockedInstallKibanaAssetsAndReferences =
-  installKibanaAssetsAndReferences as jest.MockedFunction<typeof installKibanaAssetsAndReferences>;
+  installKibanaAssetsAndReferencesMultispace as jest.MockedFunction<
+    typeof installKibanaAssetsAndReferencesMultispace
+  >;
 
 function sleep(millis: number) {
   return new Promise((resolve) => setTimeout(resolve, millis));
@@ -293,9 +295,10 @@ describe('_stateMachineInstallPackage', () => {
     describe('When timeout is reached', () => {
       it('restarts installation', async () => {
         await _stateMachineInstallPackage({
+          installSource: 'registry',
+          installType: 'install',
+          spaceId: 'default',
           savedObjectsClient: soClient,
-          // @ts-ignore
-          savedObjectsImporter: jest.fn(),
           esClient,
           logger: loggerMock.create(),
           packageInstallContext: {
@@ -326,9 +329,10 @@ describe('_stateMachineInstallPackage', () => {
       describe('With no force flag', () => {
         it('throws concurrent installation error', async () => {
           const installPromise = _stateMachineInstallPackage({
+            installSource: 'registry',
+            installType: 'install',
+            spaceId: 'default',
             savedObjectsClient: soClient,
-            // @ts-ignore
-            savedObjectsImporter: jest.fn(),
             esClient,
             logger: loggerMock.create(),
             packageInstallContext: {
@@ -356,9 +360,10 @@ describe('_stateMachineInstallPackage', () => {
       describe('With force flag provided', () => {
         it('restarts installation', async () => {
           await _stateMachineInstallPackage({
+            installSource: 'registry',
+            installType: 'install',
+            spaceId: 'default',
             savedObjectsClient: soClient,
-            // @ts-ignore
-            savedObjectsImporter: jest.fn(),
             esClient,
             logger: loggerMock.create(),
             packageInstallContext: {
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts
index d66334b315a42..afad28d28a461 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts
@@ -9,12 +9,9 @@ import type {
   Logger,
   SavedObject,
   SavedObjectsClientContract,
-  ISavedObjectsImporter,
 } from '@kbn/core/server';
 import { SavedObjectsErrorHelpers } from '@kbn/core/server';
 
-import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server';
-
 import { PackageSavedObjectConflictError } from '../../../../errors';
 
 import type { HTTPAuthorizationHeader } from '../../../../../common/http_authorization_header';
@@ -53,9 +50,6 @@ import { handleState } from './state_machine';
 
 export interface InstallContext extends StateContext<StateNames> {
   savedObjectsClient: SavedObjectsClientContract;
-  savedObjectsImporter: Pick<ISavedObjectsImporter, 'import' | 'resolveImportErrors'>;
-  savedObjectTagAssignmentService: IAssignmentService;
-  savedObjectTagClient: ITagsClient;
   esClient: ElasticsearchClient;
   logger: Logger;
   installedPkg?: SavedObject<Installation>;
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts
index e13e3c9b095b2..7d466f03d52fe 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts
@@ -12,14 +12,15 @@ import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
 
 import { appContextService } from '../../../../app_context';
 import { createAppContextStartContractMock } from '../../../../../mocks';
-import { installKibanaAssetsAndReferences } from '../../../kibana/assets/install';
+import { installKibanaAssetsAndReferencesMultispace } from '../../../kibana/assets/install';
 
 jest.mock('../../../kibana/assets/install');
 
 import { stepInstallKibanaAssets } from './step_install_kibana_assets';
 
-const mockedInstallKibanaAssetsAndReferences =
-  installKibanaAssetsAndReferences as jest.MockedFunction<typeof installKibanaAssetsAndReferences>;
+const mockedInstallKibanaAssetsAndReferencesMultispace = jest.mocked(
+  installKibanaAssetsAndReferencesMultispace
+);
 
 describe('stepInstallKibanaAssets', () => {
   let soClient: jest.Mocked<SavedObjectsClientContract>;
@@ -42,8 +43,6 @@ describe('stepInstallKibanaAssets', () => {
   it('Should call installKibanaAssetsAndReferences', async () => {
     const installationPromise = stepInstallKibanaAssets({
       savedObjectsClient: soClient,
-      // @ts-ignore
-      savedObjectsImporter: jest.fn(),
       esClient,
       logger: loggerMock.create(),
       packageInstallContext: {
@@ -68,14 +67,14 @@ describe('stepInstallKibanaAssets', () => {
     });
 
     await expect(installationPromise).resolves.not.toThrowError();
-    expect(mockedInstallKibanaAssetsAndReferences).toBeCalledTimes(1);
+    expect(mockedInstallKibanaAssetsAndReferencesMultispace).toBeCalledTimes(1);
   });
   esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
   appContextService.start(createAppContextStartContractMock());
 
   it('Should correctly handle errors', async () => {
     // force errors from this function
-    mockedInstallKibanaAssetsAndReferences.mockImplementation(async () => {
+    mockedInstallKibanaAssetsAndReferencesMultispace.mockImplementation(async () => {
       throw new Error('mocked async error A: should be caught');
     });
 
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts
index 56649c04428ac..2db6f622d3281 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts
@@ -5,32 +5,20 @@
  * 2.0.
  */
 
-import { installKibanaAssetsAndReferences } from '../../../kibana/assets/install';
+import { installKibanaAssetsAndReferencesMultispace } from '../../../kibana/assets/install';
 
 import { withPackageSpan } from '../../utils';
 
 import type { InstallContext } from '../_state_machine_package_install';
 
 export async function stepInstallKibanaAssets(context: InstallContext) {
-  const {
-    savedObjectsClient,
-    savedObjectsImporter,
-    savedObjectTagAssignmentService,
-    savedObjectTagClient,
-    logger,
-    installedPkg,
-    packageInstallContext,
-    spaceId,
-  } = context;
+  const { savedObjectsClient, logger, installedPkg, packageInstallContext, spaceId } = context;
   const { packageInfo } = packageInstallContext;
   const { name: pkgName, title: pkgTitle } = packageInfo;
 
   const kibanaAssetPromise = withPackageSpan('Install Kibana assets', () =>
-    installKibanaAssetsAndReferences({
+    installKibanaAssetsAndReferencesMultispace({
       savedObjectsClient,
-      savedObjectsImporter,
-      savedObjectTagAssignmentService,
-      savedObjectTagClient,
       pkgName,
       pkgTitle,
       packageInstallContext,
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts
index 436c2efaa2275..5369da9da82e2 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts
@@ -181,6 +181,7 @@ async function deleteAssets(
     installed_es: installedEs,
     installed_kibana: installedKibana,
     installed_kibana_space_id: spaceId = DEFAULT_SPACE_ID,
+    additional_spaces_installed_kibana: installedInAdditionalSpacesKibana = {},
   }: Installation,
   savedObjectsClient: SavedObjectsClientContract,
   esClient: ElasticsearchClient
@@ -237,6 +238,9 @@ async function deleteAssets(
     await Promise.all([
       ...deleteESAssets(otherAssets, esClient),
       deleteKibanaAssets(installedKibana, spaceId),
+      Object.entries(installedInAdditionalSpacesKibana).map(([additionalSpaceId, kibanaAssets]) =>
+        deleteKibanaAssets(kibanaAssets, additionalSpaceId)
+      ),
     ]);
   } catch (err) {
     // in the rollback case, partial installs are likely, so missing assets are not an error
@@ -271,21 +275,32 @@ async function deleteComponentTemplate(esClient: ElasticsearchClient, name: stri
 export async function deleteKibanaSavedObjectsAssets({
   savedObjectsClient,
   installedPkg,
+  spaceId,
 }: {
   savedObjectsClient: SavedObjectsClientContract;
   installedPkg: SavedObject<Installation>;
+  spaceId?: string;
 }) {
-  const { installed_kibana: installedRefs, installed_kibana_space_id: spaceId } =
-    installedPkg.attributes;
-  if (!installedRefs.length) return;
+  const { installed_kibana_space_id: installedSpaceId } = installedPkg.attributes;
+
+  let refsToDelete: KibanaAssetReference[];
+  let spaceIdToDelete: string | undefined;
+  if (!spaceId || spaceId === installedSpaceId) {
+    refsToDelete = installedPkg.attributes.installed_kibana;
+    spaceIdToDelete = installedSpaceId;
+  } else {
+    refsToDelete = installedPkg.attributes.additional_spaces_installed_kibana?.[spaceId] ?? [];
+    spaceIdToDelete = spaceId;
+  }
+  if (!refsToDelete.length) return;
 
   const logger = appContextService.getLogger();
-  const assetsToDelete = installedRefs
+  const assetsToDelete = refsToDelete
     .filter(({ type }) => kibanaSavedObjectTypes.includes(type))
     .map(({ id, type }) => ({ id, type } as KibanaAssetReference));
 
   try {
-    await deleteKibanaAssets(assetsToDelete, spaceId);
+    await deleteKibanaAssets(assetsToDelete, spaceIdToDelete);
   } catch (err) {
     // in the rollback case, partial installs are likely, so missing assets are not an error
     if (!SavedObjectsErrorHelpers.isNotFoundError(err)) {
diff --git a/x-pack/plugins/fleet/server/services/files/client_from_host.ts b/x-pack/plugins/fleet/server/services/files/client_from_host.ts
index 4329743f92fbf..814d342ddd993 100644
--- a/x-pack/plugins/fleet/server/services/files/client_from_host.ts
+++ b/x-pack/plugins/fleet/server/services/files/client_from_host.ts
@@ -180,7 +180,7 @@ export class FleetFromHostFilesClient implements FleetFromHostFileClientInterfac
       } = fileDoc._source;
 
       const file: FleetFile = {
-        id: fileDoc._id,
+        id: fileDoc._id!,
         agents: [agentId],
         sha256: hash?.sha256 ?? '',
         created: new Date(created).toISOString(),
diff --git a/x-pack/plugins/fleet/server/services/files/index.ts b/x-pack/plugins/fleet/server/services/files/index.ts
index 203bc374b2bf1..c7a00ee597f62 100644
--- a/x-pack/plugins/fleet/server/services/files/index.ts
+++ b/x-pack/plugins/fleet/server/services/files/index.ts
@@ -78,12 +78,12 @@ export async function fileIdsWithoutChunksByIndex(
 ): Promise<{ fileIdsByIndex: FileIdsByIndex; allFileIds: Set<string> }> {
   const allFileIds: Set<string> = new Set();
   const noChunkFileIdsByIndex = files.reduce((acc, file) => {
-    allFileIds.add(file._id);
+    allFileIds.add(file._id!);
 
     const { index: metadataIndex } = parseFileStorageIndex(file._index);
     const fileIds = acc[metadataIndex];
 
-    acc[metadataIndex] = fileIds ? fileIds.add(file._id) : new Set([file._id]);
+    acc[metadataIndex] = fileIds ? fileIds.add(file._id!) : new Set([file._id!]);
 
     return acc;
   }, {} as FileIdsByIndex);
diff --git a/x-pack/plugins/fleet/server/services/output.test.ts b/x-pack/plugins/fleet/server/services/output.test.ts
index 887a0ac9e0c8f..3bc9003162f44 100644
--- a/x-pack/plugins/fleet/server/services/output.test.ts
+++ b/x-pack/plugins/fleet/server/services/output.test.ts
@@ -40,7 +40,7 @@ mockedAppContextService.getLogger.mockImplementation(() => {
   } as unknown as Logger;
 });
 
-mockedAppContextService.getExperimentalFeatures.mockReturnValue({});
+mockedAppContextService.getExperimentalFeatures.mockReturnValue({} as any);
 
 const mockedAgentPolicyService = agentPolicyService as jest.Mocked<typeof agentPolicyService>;
 
diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts
index dd4d26e28ca7e..8fd71a76355c8 100644
--- a/x-pack/plugins/fleet/server/services/package_policy.ts
+++ b/x-pack/plugins/fleet/server/services/package_policy.ts
@@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n';
 import semverLt from 'semver/functions/lt';
 import { getFlattenedObject } from '@kbn/std';
 import type {
+  AuthenticatedUser,
   KibanaRequest,
   ElasticsearchClient,
   SavedObjectsClientContract,
@@ -25,8 +26,6 @@ import { safeLoad } from 'js-yaml';
 
 import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
 
-import { type AuthenticatedUser } from '@kbn/security-plugin/server';
-
 import pMap from 'p-map';
 
 import type { SavedObjectError } from '@kbn/core-saved-objects-common';
diff --git a/x-pack/plugins/fleet/server/services/package_policy_service.ts b/x-pack/plugins/fleet/server/services/package_policy_service.ts
index 5f5e775bf910a..1462d451388b5 100644
--- a/x-pack/plugins/fleet/server/services/package_policy_service.ts
+++ b/x-pack/plugins/fleet/server/services/package_policy_service.ts
@@ -5,9 +5,14 @@
  * 2.0.
  */
 
-import type { KibanaRequest, Logger, RequestHandlerContext } from '@kbn/core/server';
-import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
-import type { AuthenticatedUser } from '@kbn/security-plugin/server';
+import type {
+  AuthenticatedUser,
+  KibanaRequest,
+  Logger,
+  RequestHandlerContext,
+  ElasticsearchClient,
+  SavedObjectsClientContract,
+} from '@kbn/core/server';
 
 import type { SavedObjectError } from '@kbn/core-saved-objects-common';
 
diff --git a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts
index 5de46b845bfcc..2d7d898246796 100644
--- a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts
+++ b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts
@@ -10,12 +10,10 @@ import type {
   CheckPrivilegesResponse,
   CheckPrivilegesPayload,
 } from '@kbn/security-plugin/server';
-import type { RequestHandler } from '@kbn/core/server';
+import type { AuthenticatedUser, RequestHandler } from '@kbn/core/server';
 import type { VersionedRouter } from '@kbn/core-http-server';
 import { loggingSystemMock } from '@kbn/core/server/mocks';
 
-import type { AuthenticatedUser } from '@kbn/security-plugin/common';
-
 import { coreMock } from '@kbn/core/server/mocks';
 
 import { API_VERSIONS } from '../../../common/constants';
@@ -85,7 +83,7 @@ describe('FleetAuthzRouter', () => {
     // @ts-expect-error type doesn't properly respect deeply mocked keys
     mockContext.securityStart.authz.actions.ui.get.mockImplementation((priv) => `ui:${priv}`);
 
-    mockContext.securityStart.authc.getCurrentUser.mockReturnValue({
+    mockContext.securityCoreStart.authc.getCurrentUser.mockReturnValue({
       username: 'foo',
       roles,
     } as unknown as AuthenticatedUser);
diff --git a/x-pack/plugins/fleet/server/services/security/security.test.ts b/x-pack/plugins/fleet/server/services/security/security.test.ts
index 9f13b39203c2e..d231d5b202342 100644
--- a/x-pack/plugins/fleet/server/services/security/security.test.ts
+++ b/x-pack/plugins/fleet/server/services/security/security.test.ts
@@ -8,6 +8,8 @@
 import { deepFreeze } from '@kbn/std';
 import type { SecurityPluginStart, CheckPrivilegesDynamically } from '@kbn/security-plugin/server';
 
+import { securityServiceMock, type SecurityStartMock } from '@kbn/core-security-server-mocks';
+
 import { appContextService } from '../app_context';
 import type { FleetAuthz } from '../../../common';
 
@@ -554,12 +556,13 @@ describe('When using calculateRouteAuthz()', () => {
 });
 
 describe('getAuthzFromRequest', () => {
+  let mockSecurityCore: SecurityStartMock;
   let mockSecurity: jest.MockedObjectDeep<SecurityPluginStart>;
   let checkPrivileges: jest.MockedFn<CheckPrivilegesDynamically>;
   beforeEach(() => {
     checkPrivileges = jest.fn();
+    mockSecurityCore = securityServiceMock.createStart();
     mockSecurity = {
-      authc: { getCurrentUser: jest.fn() },
       authz: {
         checkPrivilegesDynamicallyWithRequest: jest.fn().mockReturnValue(checkPrivileges),
         actions: {
@@ -576,6 +579,7 @@ describe('getAuthzFromRequest', () => {
       },
     } as unknown as jest.MockedObjectDeep<SecurityPluginStart>;
 
+    jest.mocked(appContextService.getSecurityCore).mockReturnValue(mockSecurityCore);
     jest.mocked(appContextService.getSecurity).mockReturnValue(mockSecurity);
     jest.mocked(appContextService.getSecurityLicense).mockReturnValue({
       isEnabled: () => true,
diff --git a/x-pack/plugins/fleet/server/services/security/security.ts b/x-pack/plugins/fleet/server/services/security/security.ts
index b55440527e304..9d028efa8aaaf 100644
--- a/x-pack/plugins/fleet/server/services/security/security.ts
+++ b/x-pack/plugins/fleet/server/services/security/security.ts
@@ -45,7 +45,7 @@ export function checkSuperuser(req: KibanaRequest) {
     return false;
   }
 
-  const security = appContextService.getSecurity();
+  const security = appContextService.getSecurityCore();
   const user = security.authc.getCurrentUser(req);
 
   if (!user) {
diff --git a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
index 211026bf6e487..4cb5aa1221db7 100644
--- a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
+++ b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
@@ -284,7 +284,7 @@ export class UninstallTokenService implements UninstallTokenServiceInterface {
           ? `${this.soClient.getCurrentNamespace()}:`
           : '';
         return {
-          id: _id.replace(`${namespacePrefix}${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}:`, ''),
+          id: _id!.replace(`${namespacePrefix}${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}:`, ''),
           policy_id: policyId,
           policy_name: policyIdNameDictionary[policyId] ?? null,
           created_at: _source.created_at,
diff --git a/x-pack/plugins/fleet/server/types/rest_spec/debug.ts b/x-pack/plugins/fleet/server/types/rest_spec/debug.ts
new file mode 100644
index 0000000000000..a94c112fe4e00
--- /dev/null
+++ b/x-pack/plugins/fleet/server/types/rest_spec/debug.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const FetchIndexRequestSchema = {
+  body: schema.object({
+    index: schema.string(),
+  }),
+};
+
+export const FetchSavedObjectsRequestSchema = {
+  body: schema.object({
+    type: schema.string(),
+    name: schema.string(),
+  }),
+};
+
+export const FetchSavedObjectNamesRequestSchema = {
+  body: schema.object({
+    type: schema.string(),
+  }),
+};
diff --git a/x-pack/plugins/fleet/server/types/rest_spec/epm.ts b/x-pack/plugins/fleet/server/types/rest_spec/epm.ts
index 3264926b39498..4b83c7f7c7c58 100644
--- a/x-pack/plugins/fleet/server/types/rest_spec/epm.ts
+++ b/x-pack/plugins/fleet/server/types/rest_spec/epm.ts
@@ -241,6 +241,26 @@ export const DeletePackageRequestSchema = {
   ),
 };
 
+export const InstallKibanaAssetsRequestSchema = {
+  params: schema.object({
+    pkgName: schema.string(),
+    pkgVersion: schema.string(),
+  }),
+  // body is deprecated on delete request
+  body: schema.nullable(
+    schema.object({
+      force: schema.maybe(schema.boolean()),
+    })
+  ),
+};
+
+export const DeleteKibanaAssetsRequestSchema = {
+  params: schema.object({
+    pkgName: schema.string(),
+    pkgVersion: schema.string(),
+  }),
+};
+
 export const DeletePackageRequestSchemaDeprecated = {
   params: schema.object({
     pkgkey: schema.string(),
diff --git a/x-pack/plugins/fleet/tsconfig.json b/x-pack/plugins/fleet/tsconfig.json
index 7a8f58732902f..8986527bed977 100644
--- a/x-pack/plugins/fleet/tsconfig.json
+++ b/x-pack/plugins/fleet/tsconfig.json
@@ -110,5 +110,7 @@
     "@kbn/fields-metadata-plugin",
     "@kbn/test-jest-helpers",
     "@kbn/core-saved-objects-utils-server",
+    "@kbn/integration-assistant-plugin",
+    "@kbn/core-security-server-mocks",
   ]
 }
diff --git a/x-pack/plugins/index_lifecycle_management/__jest__/policy_table.test.tsx b/x-pack/plugins/index_lifecycle_management/__jest__/policy_table.test.tsx
index f6a579b58f09b..19c0078c7eb6a 100644
--- a/x-pack/plugins/index_lifecycle_management/__jest__/policy_table.test.tsx
+++ b/x-pack/plugins/index_lifecycle_management/__jest__/policy_table.test.tsx
@@ -209,7 +209,7 @@ describe('policy table', () => {
     expect(deprecatedPolicies.length).toBe(0);
 
     // Enable filtering by deprecated policies
-    const searchInput = rendered.find('.euiFieldSearch').first();
+    const searchInput = rendered.find('input.euiFieldSearch').first();
     (searchInput.instance() as unknown as HTMLInputElement).value = 'is:policy.deprecated';
     searchInput.simulate('keyup', { key: 'Enter', keyCode: 13, which: 13 });
     rendered.update();
@@ -221,7 +221,7 @@ describe('policy table', () => {
 
   test('filters based on content of search input', () => {
     const rendered = mountWithIntl(component);
-    const searchInput = rendered.find('.euiFieldSearch').first();
+    const searchInput = rendered.find('input.euiFieldSearch').first();
     (searchInput.instance() as unknown as HTMLInputElement).value = 'testy0';
     searchInput.simulate('keyup', { key: 'Enter', keyCode: 13, which: 13 });
     rendered.update();
diff --git a/x-pack/plugins/index_lifecycle_management/integration_tests/helpers/setup_environment.tsx b/x-pack/plugins/index_lifecycle_management/integration_tests/helpers/setup_environment.tsx
index 91aebb485ea7f..be7a2a104bfa4 100644
--- a/x-pack/plugins/index_lifecycle_management/integration_tests/helpers/setup_environment.tsx
+++ b/x-pack/plugins/index_lifecycle_management/integration_tests/helpers/setup_environment.tsx
@@ -17,6 +17,10 @@ import {
   fatalErrorsServiceMock,
   docLinksServiceMock,
   executionContextServiceMock,
+  overlayServiceMock,
+  applicationServiceMock,
+  httpServiceMock,
+  scopedHistoryMock,
 } from '@kbn/core/public/mocks';
 import { licensingMock } from '@kbn/licensing-plugin/public/mocks';
 import { init as initHttp } from '../../public/application/services/http';
@@ -31,8 +35,12 @@ const appContextMock = {
   breadcrumbService,
   license: licensingMock.createLicense({ license: { type: 'enterprise' } }),
   docLinks: docLinksServiceMock.createStartContract(),
-  getUrlForApp: () => {},
+  getUrlForApp: applicationServiceMock.createStartContract().getUrlForApp,
   executionContext: executionContextServiceMock.createSetupContract(),
+  navigateToUrl: applicationServiceMock.createStartContract().navigateToUrl,
+  overlays: overlayServiceMock.createStartContract(),
+  http: httpServiceMock.createSetupContract(),
+  history: scopedHistoryMock.create(),
 };
 
 export const WithAppDependencies =
diff --git a/x-pack/plugins/index_lifecycle_management/public/application/index.tsx b/x-pack/plugins/index_lifecycle_management/public/application/index.tsx
index 6360bee1af571..bb004766d89f7 100644
--- a/x-pack/plugins/index_lifecycle_management/public/application/index.tsx
+++ b/x-pack/plugins/index_lifecycle_management/public/application/index.tsx
@@ -21,10 +21,8 @@ import {
 import { App } from './app';
 import { BreadcrumbService } from './services/breadcrumbs';
 
-type StartServices = Pick<CoreStart, 'analytics' | 'i18n' | 'theme'>;
-
 export const renderApp = (
-  startServices: StartServices,
+  startServices: CoreStart,
   element: Element,
   history: ScopedHistory,
   application: ApplicationStart,
@@ -34,7 +32,9 @@ export const renderApp = (
   executionContext: ExecutionContextStart,
   cloud?: CloudSetup
 ): UnmountCallback => {
-  const { getUrlForApp } = application;
+  const { navigateToUrl, getUrlForApp } = application;
+  const { overlays, http } = startServices;
+
   render(
     <KibanaRenderContextProvider {...startServices}>
       <div className={APP_WRAPPER_CLASS}>
@@ -51,6 +51,10 @@ export const renderApp = (
               getUrlForApp,
               docLinks,
               executionContext,
+              navigateToUrl,
+              overlays,
+              http,
+              history,
             }}
           >
             <App history={history} />
diff --git a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx
index b63f0b595a540..83faaa3bf28f7 100644
--- a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx
+++ b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx
@@ -7,11 +7,10 @@
 
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
+import { useUnsavedChangesPrompt } from '@kbn/unsaved-changes-prompt';
 import React, { Fragment, useEffect, useMemo, useState } from 'react';
 import { get } from 'lodash';
 
-import { useHistory } from 'react-router-dom';
-
 import './edit_policy.scss';
 
 import {
@@ -27,7 +26,13 @@ import {
   EuiTimeline,
 } from '@elastic/eui';
 
-import { TextField, useForm, useFormData, useKibana } from '../../../shared_imports';
+import {
+  TextField,
+  useForm,
+  useFormData,
+  useKibana,
+  useFormIsModified,
+} from '../../../shared_imports';
 import { toasts } from '../../services/notification';
 import { UseField } from './form';
 import { savePolicy } from './save_policy';
@@ -69,10 +74,11 @@ export const EditPolicy: React.FunctionComponent = () => {
   } = useEditPolicyContext();
 
   const {
-    services: { cloud, docLinks },
+    services: { cloud, docLinks, history, navigateToUrl, overlays, http },
   } = useKibana();
 
   const [isClonedPolicy, setIsClonedPolicy] = useState(false);
+  const [hasSubmittedForm, setHasSubmittedForm] = useState<boolean>(false);
   const originalPolicyName: string = isNewPolicy ? '' : policyName!;
   const isAllowedByLicense = license.canUseSearchableSnapshot();
   const isCloudEnabled = Boolean(cloud?.isCloudEnabled);
@@ -105,6 +111,8 @@ export const EditPolicy: React.FunctionComponent = () => {
   });
 
   const [formData] = useFormData({ form, watch: policyNamePath });
+  const isFormDirty = useFormIsModified({ form });
+
   const getPolicyName = () => {
     return isNewPolicy || isClonedPolicy ? get(formData, policyNamePath) : originalPolicyName;
   };
@@ -119,7 +127,6 @@ export const EditPolicy: React.FunctionComponent = () => {
     [originalPolicyName, existingPolicies, isClonedPolicy]
   );
 
-  const history = useHistory();
   const backToPolicyList = () => {
     history.push('/policies');
   };
@@ -134,6 +141,7 @@ export const EditPolicy: React.FunctionComponent = () => {
         })
       );
     } else {
+      setHasSubmittedForm(true);
       const success = await savePolicy(
         {
           ...policy,
@@ -141,6 +149,7 @@ export const EditPolicy: React.FunctionComponent = () => {
         },
         isNewPolicy || isClonedPolicy
       );
+
       if (success) {
         backToPolicyList();
       }
@@ -151,6 +160,21 @@ export const EditPolicy: React.FunctionComponent = () => {
     setIsShowingPolicyJsonFlyout(!isShowingPolicyJsonFlyout);
   };
 
+  useUnsavedChangesPrompt({
+    titleText: i18n.translate('xpack.indexLifecycleMgmt.editPolicy.unsavedPrompt.title', {
+      defaultMessage: 'Exit without saving changes?',
+    }),
+    messageText: i18n.translate('xpack.indexLifecycleMgmt.editPolicy.unsavedPrompt.body', {
+      defaultMessage:
+        'The data will be lost if you leave this page without saving the policy changes.',
+    }),
+    hasUnsavedChanges: isFormDirty && hasSubmittedForm === false,
+    openConfirm: overlays.openConfirm,
+    history,
+    http,
+    navigateToUrl,
+  });
+
   return (
     <>
       <EuiPageHeader
diff --git a/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts b/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts
index 7538dc66de002..1c907fdd2b5c7 100644
--- a/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts
+++ b/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts
@@ -28,6 +28,7 @@ export {
   getFieldValidityAndErrorMessage,
   useFormContext,
   UseMultiFields,
+  useFormIsModified,
 } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
 
 export { fieldValidators } from '@kbn/es-ui-shared-plugin/static/forms/helpers';
diff --git a/x-pack/plugins/index_lifecycle_management/public/types.ts b/x-pack/plugins/index_lifecycle_management/public/types.ts
index 40772dbe12884..6ea4c4d2b18ae 100644
--- a/x-pack/plugins/index_lifecycle_management/public/types.ts
+++ b/x-pack/plugins/index_lifecycle_management/public/types.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ApplicationStart } from '@kbn/core/public';
+import { ApplicationStart, HttpSetup, OverlayStart, ScopedHistory } from '@kbn/core/public';
 import { DocLinksStart } from '@kbn/core/public';
 import { HomePublicPluginSetup } from '@kbn/home-plugin/public';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
@@ -41,5 +41,9 @@ export interface AppServicesContext {
   license: ILicense;
   cloud?: CloudSetup;
   getUrlForApp: ApplicationStart['getUrlForApp'];
+  navigateToUrl: ApplicationStart['navigateToUrl'];
   docLinks: DocLinksStart;
+  overlays: OverlayStart;
+  http: HttpSetup;
+  history: ScopedHistory;
 }
diff --git a/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts b/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
index 302b92a98407e..dabfaa73231d6 100644
--- a/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
+++ b/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
@@ -32,7 +32,7 @@ async function createPolicy(
  * We only specify a rough structure based on https://www.elastic.co/guide/en/elasticsearch/reference/current/_actions.html.
  */
 const bodySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   deprecated: schema.maybe(schema.boolean()),
   phases: schema.object({
     hot: schema.any(),
diff --git a/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts b/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts
index 3f6b4ce843e89..ef119db413707 100644
--- a/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts
+++ b/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts
@@ -78,6 +78,7 @@ async function updateIndexTemplate(
   }
 
   if (isLegacy) {
+    // @ts-expect-error Types of property auto_expand_replicas are incompatible.
     return client.indices.putTemplate({ name: templateName, body: indexTemplate });
   }
   // @ts-expect-error Type 'IndexSettings' is not assignable to type 'IndicesIndexSettings'.
diff --git a/x-pack/plugins/index_lifecycle_management/tsconfig.json b/x-pack/plugins/index_lifecycle_management/tsconfig.json
index 231a9775bf4ab..b9249bc2212f8 100644
--- a/x-pack/plugins/index_lifecycle_management/tsconfig.json
+++ b/x-pack/plugins/index_lifecycle_management/tsconfig.json
@@ -39,6 +39,7 @@
     "@kbn/shared-ux-link-redirect-app",
     "@kbn/index-management",
     "@kbn/react-kibana-context-render",
+    "@kbn/unsaved-changes-prompt",
   ],
   "exclude": [
     "target/**/*",
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx b/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx
index 5c448aef1790c..020750cdd8b93 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx
+++ b/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx
@@ -82,8 +82,8 @@ const appDependencies = {
     enableLegacyTemplates: true,
     enableIndexActions: true,
     enableIndexStats: true,
+    enableDataStreamStats: true,
     editableIndexSettings: 'all',
-    enableDataStreamsStorageColumn: true,
     enableMappingsSourceFieldSection: true,
     enableTogglingDataRetention: true,
     enableSemanticText: false,
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/home/data_streams_tab.test.ts b/x-pack/plugins/index_management/__jest__/client_integration/home/data_streams_tab.test.ts
index d364d81c42b56..0d0c883d5c4e1 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/home/data_streams_tab.test.ts
+++ b/x-pack/plugins/index_management/__jest__/client_integration/home/data_streams_tab.test.ts
@@ -303,14 +303,14 @@ describe('Data Streams tab', () => {
       ]);
     });
 
-    test('hides Storage size column from stats if enableDataStreamsStorageColumn===false', async () => {
+    test('hides stats toggle if enableDataStreamStats===false', async () => {
       testBed = await setup(httpSetup, {
         config: {
-          enableDataStreamsStorageColumn: false,
+          enableDataStreamStats: false,
         },
       });
 
-      const { actions, component, table } = testBed;
+      const { actions, component, exists } = testBed;
 
       await act(async () => {
         actions.goToDataStreamsList();
@@ -318,18 +318,7 @@ describe('Data Streams tab', () => {
 
       component.update();
 
-      // Switching the stats on
-      await act(async () => {
-        actions.clickIncludeStatsSwitch();
-      });
-      component.update();
-
-      // The table renders with the stats columns except the Storage size column
-      const { tableCellsValues } = table.getMetaData('dataStreamTable');
-      expect(tableCellsValues).toEqual([
-        ['', 'dataStream1', 'green', 'December 31st, 1969 7:00:00 PM', '1', '7 days', 'Delete'],
-        ['', 'dataStream2', 'green', 'December 31st, 1969 7:00:00 PM', '1', '5 days ', 'Delete'],
-      ]);
+      expect(exists('includeStatsSwitch')).toBeFalsy();
     });
 
     test('clicking the indices count navigates to the backing indices', async () => {
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/index_details_page.test.tsx b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/index_details_page.test.tsx
index 18f43807041ff..c79efbbf53f53 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/index_details_page.test.tsx
+++ b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/index_details_page.test.tsx
@@ -647,6 +647,10 @@ describe('<IndexDetailsPage />', () => {
       });
       describe('Add Semantic text field', () => {
         const customInferenceModel = 'my-elser-model';
+        const mockLicense = {
+          isActive: true,
+          hasAtLeast: jest.fn((type) => true),
+        };
         beforeEach(async () => {
           httpRequestsMockHelpers.setInferenceModels({
             data: [
@@ -674,7 +678,18 @@ describe('<IndexDetailsPage />', () => {
                     enterpriseSearch: '',
                   },
                 },
+                core: {
+                  application: { capabilities: { ml: { canGetTrainedModels: true } } },
+                },
                 plugins: {
+                  licensing: {
+                    license$: {
+                      subscribe: jest.fn((callback) => {
+                        callback(mockLicense);
+                        return { unsubscribe: jest.fn() };
+                      }),
+                    },
+                  },
                   ml: {
                     mlApi: {
                       trainedModels: {
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/semantic_text_bannner.test.tsx b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/semantic_text_bannner.test.tsx
index 1370c328bf873..6be691a03d8f1 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/semantic_text_bannner.test.tsx
+++ b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/semantic_text_bannner.test.tsx
@@ -20,7 +20,7 @@ describe('When semantic_text is enabled', () => {
     getItemSpy = jest.spyOn(Storage.prototype, 'getItem');
     setItemSpy = jest.spyOn(Storage.prototype, 'setItem');
     const setup = registerTestBed(SemanticTextBanner, {
-      defaultProps: { isSemanticTextEnabled: true },
+      defaultProps: { isSemanticTextEnabled: true, isPlatinumLicense: true },
       memoryRouter: { wrapComponent: false },
     });
     const testBed = setup();
@@ -56,6 +56,21 @@ describe('When semantic_text is enabled', () => {
   });
 });
 
+describe('when user does not have ML permissions', () => {
+  const setupWithNoMlPermission = registerTestBed(SemanticTextBanner, {
+    defaultProps: { isSemanticTextEnabled: true, isPlatinumLicense: false },
+    memoryRouter: { wrapComponent: false },
+  });
+
+  const { find } = setupWithNoMlPermission();
+
+  it('should contain content related to semantic_text', () => {
+    expect(find('indexDetailsMappingsSemanticTextBanner').text()).toContain(
+      'Semantic text now available for platinum license'
+    );
+  });
+});
+
 describe('When semantic_text is disabled', () => {
   const setup = registerTestBed(SemanticTextBanner, {
     defaultProps: { isSemanticTextEnabled: false },
diff --git a/x-pack/plugins/index_management/__jest__/components/index_table.test.js b/x-pack/plugins/index_management/__jest__/components/index_table.test.js
index 721d6a65d92cf..2ae162b421001 100644
--- a/x-pack/plugins/index_management/__jest__/components/index_table.test.js
+++ b/x-pack/plugins/index_management/__jest__/components/index_table.test.js
@@ -298,7 +298,7 @@ describe('index table', () => {
     await runAllPromises();
     rendered.update();
 
-    const searchInput = rendered.find('.euiFieldSearch').first();
+    const searchInput = rendered.find('input.euiFieldSearch').first();
     searchInput.instance().value = 'testy0';
     searchInput.simulate('keyup', { key: 'Enter', keyCode: 13, which: 13 });
     rendered.update();
diff --git a/x-pack/plugins/index_management/kibana.jsonc b/x-pack/plugins/index_management/kibana.jsonc
index 84e4a6221c502..b9bec8115e019 100644
--- a/x-pack/plugins/index_management/kibana.jsonc
+++ b/x-pack/plugins/index_management/kibana.jsonc
@@ -8,7 +8,7 @@
     "browser": true,
     "configPath": ["xpack", "index_management"],
     "requiredPlugins": ["home", "management", "features", "share"],
-    "optionalPlugins": ["security", "usageCollection", "fleet", "cloud", "ml", "console"],
+    "optionalPlugins": ["security", "usageCollection", "fleet", "cloud", "ml", "console","licensing"],
     "requiredBundles": ["kibanaReact", "esUiShared", "runtimeFields"]
   }
 }
diff --git a/x-pack/plugins/index_management/public/application/app_context.tsx b/x-pack/plugins/index_management/public/application/app_context.tsx
index 964a0e098c15e..f19575811725a 100644
--- a/x-pack/plugins/index_management/public/application/app_context.tsx
+++ b/x-pack/plugins/index_management/public/application/app_context.tsx
@@ -26,6 +26,7 @@ import type { CloudSetup } from '@kbn/cloud-plugin/public';
 import type { ConsolePluginStart } from '@kbn/console-plugin/public';
 
 import { EuiBreadcrumb } from '@elastic/eui';
+import { LicensingPluginStart } from '@kbn/licensing-plugin/public';
 import { ExtensionsService } from '../services';
 import { HttpService, NotificationService, UiMetricService } from './services';
 import { IndexManagementBreadcrumb } from './services/breadcrumbs';
@@ -48,6 +49,7 @@ export interface AppDependencies {
     share: SharePluginStart;
     cloud?: CloudSetup;
     console?: ConsolePluginStart;
+    licensing?: LicensingPluginStart;
     ml?: MlPluginStart;
   };
   services: {
@@ -60,8 +62,8 @@ export interface AppDependencies {
     enableIndexActions: boolean;
     enableLegacyTemplates: boolean;
     enableIndexStats: boolean;
+    enableDataStreamStats: boolean;
     editableIndexSettings: 'all' | 'limited';
-    enableDataStreamsStorageColumn: boolean;
     enableMappingsSourceFieldSection: boolean;
     enableTogglingDataRetention: boolean;
     enableSemanticText: boolean;
diff --git a/x-pack/plugins/index_management/public/application/lib/render_badges.tsx b/x-pack/plugins/index_management/public/application/lib/render_badges.tsx
index 54bdd906a7ec1..4b8c85ab6743f 100644
--- a/x-pack/plugins/index_management/public/application/lib/render_badges.tsx
+++ b/x-pack/plugins/index_management/public/application/lib/render_badges.tsx
@@ -9,6 +9,7 @@ import React, { Fragment, ReactNode } from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiBadge, Query } from '@elastic/eui';
 
+import { ROLLUP_DEPRECATION_BADGE_LABEL, RollupDeprecationTooltip } from '@kbn/rollup';
 import { ExtensionsService } from '../../services';
 import { Index } from '../..';
 
@@ -18,7 +19,8 @@ export const renderBadges = (
   onFilterChange?: (query: Query) => void
 ) => {
   const badgeLabels: ReactNode[] = [];
-  extensionsService.badges.forEach(({ matchIndex, label, color, filterExpression }) => {
+  extensionsService.badges.forEach((indexBadge) => {
+    const { matchIndex, label, color, filterExpression } = indexBadge;
     if (matchIndex(index)) {
       const clickHandler = () => {
         if (onFilterChange && filterExpression) {
@@ -37,7 +39,14 @@ export const renderBadges = (
         ) : (
           <EuiBadge color={color}>{label}</EuiBadge>
         );
-      badgeLabels.push(<Fragment key={label}> {badge}</Fragment>);
+      const badgeItem =
+        // If the badge is for Rollups, add a tooltip with deprecation information
+        indexBadge.label === ROLLUP_DEPRECATION_BADGE_LABEL ? (
+          <RollupDeprecationTooltip>{badge}</RollupDeprecationTooltip>
+        ) : (
+          badge
+        );
+      badgeLabels.push(<Fragment key={label}> {badgeItem}</Fragment>);
     }
   });
   return <Fragment>{badgeLabels}</Fragment>;
diff --git a/x-pack/plugins/index_management/public/application/mount_management_section.ts b/x-pack/plugins/index_management/public/application/mount_management_section.ts
index 76c3dd6cd7a23..d0cd5b07eab0f 100644
--- a/x-pack/plugins/index_management/public/application/mount_management_section.ts
+++ b/x-pack/plugins/index_management/public/application/mount_management_section.ts
@@ -83,6 +83,7 @@ export function getIndexManagementDependencies({
       cloud,
       console: startDependencies.console,
       ml: startDependencies.ml,
+      licensing: startDependencies.licensing,
     },
     services: {
       httpService,
diff --git a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx
index 125f676897ffb..0103b51f1f51d 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx
@@ -60,8 +60,11 @@ export const DataStreamList: React.FunctionComponent<RouteComponentProps<MatchPa
   const {
     core: { getUrlForApp, executionContext },
     plugins: { isFleetEnabled },
+    config,
   } = useAppContext();
 
+  const { enableDataStreamStats: isDataStreamStatsEnabled } = config;
+
   useExecutionContext(executionContext, {
     type: 'application',
     page: 'indexManagementDataStreamsTab',
@@ -146,35 +149,37 @@ export const DataStreamList: React.FunctionComponent<RouteComponentProps<MatchPa
           </EuiText>
         </EuiFlexItem>
 
-        <EuiFlexItem grow={false}>
-          <EuiFlexGroup gutterSize="s">
-            <EuiFlexItem grow={false}>
-              <EuiSwitch
-                label={i18n.translate(
-                  'xpack.idxMgmt.dataStreamListControls.includeStatsSwitchLabel',
-                  {
-                    defaultMessage: 'Include stats',
-                  }
-                )}
-                checked={isIncludeStatsChecked}
-                onChange={(e) => setIsIncludeStatsChecked(e.target.checked)}
-                data-test-subj="includeStatsSwitch"
-              />
-            </EuiFlexItem>
+        {isDataStreamStatsEnabled && (
+          <EuiFlexItem grow={false}>
+            <EuiFlexGroup gutterSize="s">
+              <EuiFlexItem grow={false}>
+                <EuiSwitch
+                  label={i18n.translate(
+                    'xpack.idxMgmt.dataStreamListControls.includeStatsSwitchLabel',
+                    {
+                      defaultMessage: 'Include stats',
+                    }
+                  )}
+                  checked={isIncludeStatsChecked}
+                  onChange={(e) => setIsIncludeStatsChecked(e.target.checked)}
+                  data-test-subj="includeStatsSwitch"
+                />
+              </EuiFlexItem>
 
-            <EuiFlexItem grow={false}>
-              <EuiIconTip
-                content={i18n.translate(
-                  'xpack.idxMgmt.dataStreamListControls.includeStatsSwitchToolTip',
-                  {
-                    defaultMessage: 'Including stats can increase reload times',
-                  }
-                )}
-                position="top"
-              />
-            </EuiFlexItem>
-          </EuiFlexGroup>
-        </EuiFlexItem>
+              <EuiFlexItem grow={false}>
+                <EuiIconTip
+                  content={i18n.translate(
+                    'xpack.idxMgmt.dataStreamListControls.includeStatsSwitchToolTip',
+                    {
+                      defaultMessage: 'Including stats can increase reload times',
+                    }
+                  )}
+                  position="top"
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        )}
         <EuiFlexItem grow={false}>
           <FilterListButton<DataStreamFilterName> filters={filters} onChange={setFilters} />
         </EuiFlexItem>
diff --git a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_table/data_stream_table.tsx b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_table/data_stream_table.tsx
index 791c934bf8958..337ef1e66174f 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_table/data_stream_table.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_table/data_stream_table.tsx
@@ -116,18 +116,16 @@ export const DataStreamTable: React.FunctionComponent<Props> = ({
             }),
     });
 
-    if (config.enableDataStreamsStorageColumn) {
-      columns.push({
-        field: 'storageSizeBytes',
-        name: i18n.translate('xpack.idxMgmt.dataStreamList.table.storageSizeColumnTitle', {
-          defaultMessage: 'Storage size',
-        }),
-        truncateText: true,
-        sortable: true,
-        render: (storageSizeBytes: DataStream['storageSizeBytes'], dataStream: DataStream) =>
-          dataStream.storageSize,
-      });
-    }
+    columns.push({
+      field: 'storageSizeBytes',
+      name: i18n.translate('xpack.idxMgmt.dataStreamList.table.storageSizeColumnTitle', {
+        defaultMessage: 'Storage size',
+      }),
+      truncateText: true,
+      sortable: true,
+      render: (storageSizeBytes: DataStream['storageSizeBytes'], dataStream: DataStream) =>
+        dataStream.storageSize,
+    });
   }
 
   columns.push({
diff --git a/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/details_page_mappings_content.tsx b/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/details_page_mappings_content.tsx
index b8d2e3a5dc59f..effa53f717cde 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/details_page_mappings_content.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/details_page_mappings_content.tsx
@@ -27,6 +27,7 @@ import { css } from '@emotion/react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import React, { FunctionComponent, useCallback, useEffect, useMemo, useState } from 'react';
+import { ILicense } from '@kbn/licensing-plugin/public';
 import { Index } from '../../../../../../common';
 import { useDetailsPageMappingsModelManagement } from '../../../../../hooks/use_details_page_mappings_model_management';
 import { useAppContext } from '../../../../app_context';
@@ -65,17 +66,33 @@ export const DetailsPageMappingsContent: FunctionComponent<{
 }> = ({ index, data, jsonData, refetchMapping, showAboutMappings }) => {
   const {
     services: { extensionsService },
-    core: { getUrlForApp },
-    plugins: { ml },
+    core: {
+      getUrlForApp,
+      application: { capabilities },
+    },
+    plugins: { ml, licensing },
     url,
     config,
   } = useAppContext();
+
+  const [isPlatinumLicense, setIsPlatinumLicense] = useState<boolean>(false);
+  useEffect(() => {
+    const subscription = licensing?.license$.subscribe((license: ILicense) => {
+      setIsPlatinumLicense(license.isActive && license.hasAtLeast('platinum'));
+    });
+
+    return () => subscription?.unsubscribe();
+  }, [licensing]);
+
   const { enableSemanticText: isSemanticTextEnabled } = config;
   const [errorsInTrainedModelDeployment, setErrorsInTrainedModelDeployment] = useState<string[]>(
     []
   );
+
+  const hasMLPermissions = capabilities?.ml?.canGetTrainedModels ? true : false;
+
   const semanticTextInfo = {
-    isSemanticTextEnabled,
+    isSemanticTextEnabled: isSemanticTextEnabled && hasMLPermissions && isPlatinumLicense,
     indexName: index.name,
     ml,
     setErrorsInTrainedModelDeployment,
@@ -164,7 +181,7 @@ export const DetailsPageMappingsContent: FunctionComponent<{
   const [isModalVisible, setIsModalVisible] = useState(false);
 
   useEffect(() => {
-    if (!isSemanticTextEnabled) {
+    if (!isSemanticTextEnabled || !hasMLPermissions) {
       return;
     }
 
@@ -182,15 +199,19 @@ export const DetailsPageMappingsContent: FunctionComponent<{
         return;
       }
 
+      if (!hasMLPermissions) {
+        return;
+      }
+
       await fetchInferenceToModelIdMap();
     } catch (exception) {
       setSaveMappingError(exception.message);
     }
-  }, [fetchInferenceToModelIdMap, isSemanticTextEnabled]);
+  }, [fetchInferenceToModelIdMap, isSemanticTextEnabled, hasMLPermissions]);
 
   const updateMappings = useCallback(async () => {
     try {
-      if (isSemanticTextEnabled) {
+      if (isSemanticTextEnabled && hasMLPermissions) {
         await fetchInferenceToModelIdMap();
 
         if (pendingDeployments.length > 0) {
@@ -487,7 +508,12 @@ export const DetailsPageMappingsContent: FunctionComponent<{
             </EuiFlexItem>
           </EuiFlexGroup>
           <EuiFlexItem grow={true}>
-            <SemanticTextBanner isSemanticTextEnabled={isSemanticTextEnabled} />
+            {hasMLPermissions && (
+              <SemanticTextBanner
+                isSemanticTextEnabled={isSemanticTextEnabled}
+                isPlatinumLicense={isPlatinumLicense}
+              />
+            )}
           </EuiFlexItem>
           {errorSavingMappings}
           {isAddingFields && (
diff --git a/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/semantic_text_banner.tsx b/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/semantic_text_banner.tsx
index 6eb388a7d4545..0773069754483 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/semantic_text_banner.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/index_list/details_page/semantic_text_banner.tsx
@@ -11,9 +11,47 @@ import useLocalStorage from 'react-use/lib/useLocalStorage';
 
 interface SemanticTextBannerProps {
   isSemanticTextEnabled: boolean;
+  isPlatinumLicense?: boolean;
 }
 
-export function SemanticTextBanner({ isSemanticTextEnabled }: SemanticTextBannerProps) {
+const defaultLicenseMessage = (
+  <FormattedMessage
+    id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.descriptionForPlatinumLicense"
+    defaultMessage="{label} Upgrade your license to add semantic_text field types to your indices.'"
+    values={{
+      label: (
+        <strong>
+          <FormattedMessage
+            id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.semanticTextFieldAvailableForPlatinumLicense"
+            defaultMessage="Semantic text now available for platinum license."
+          />
+        </strong>
+      ),
+    }}
+  />
+);
+
+const platinumLicenseMessage = (
+  <FormattedMessage
+    id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.description"
+    defaultMessage="{label} Add a field to your mapping and choose 'semantic_text' to get started.'"
+    values={{
+      label: (
+        <strong>
+          <FormattedMessage
+            id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.semanticTextFieldAvailable"
+            defaultMessage="semantic_text field type now available!"
+          />
+        </strong>
+      ),
+    }}
+  />
+);
+
+export function SemanticTextBanner({
+  isSemanticTextEnabled,
+  isPlatinumLicense = false,
+}: SemanticTextBannerProps) {
   const [isSemanticTextBannerDisplayable, setIsSemanticTextBannerDisplayable] =
     useLocalStorage<boolean>('semantic-text-banner-display', true);
 
@@ -23,20 +61,7 @@ export function SemanticTextBanner({ isSemanticTextEnabled }: SemanticTextBanner
         <EuiFlexGroup>
           <EuiFlexItem>
             <EuiText size="m" color="success">
-              <FormattedMessage
-                id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.description"
-                defaultMessage="{label} Add a field to your mapping and choose 'semantic_text' to get started.'"
-                values={{
-                  label: (
-                    <strong>
-                      <FormattedMessage
-                        id="xpack.idxMgmt.indexDetails.mappings.semanticTextBanner.semanticTextFieldAvailable"
-                        defaultMessage="semantic_text field type now available!"
-                      />
-                    </strong>
-                  ),
-                }}
-              />
+              {isPlatinumLicense ? platinumLicenseMessage : defaultLicenseMessage}
             </EuiText>
           </EuiFlexItem>
           <EuiFlexItem grow={false}>
diff --git a/x-pack/plugins/index_management/public/plugin.ts b/x-pack/plugins/index_management/public/plugin.ts
index a94fca4f6198f..f6ae66d8e52bc 100644
--- a/x-pack/plugins/index_management/public/plugin.ts
+++ b/x-pack/plugins/index_management/public/plugin.ts
@@ -41,8 +41,8 @@ export class IndexMgmtUIPlugin
     enableIndexActions: boolean;
     enableLegacyTemplates: boolean;
     enableIndexStats: boolean;
+    enableDataStreamStats: boolean;
     editableIndexSettings: 'all' | 'limited';
-    enableDataStreamsStorageColumn: boolean;
     isIndexManagementUiEnabled: boolean;
     enableMappingsSourceFieldSection: boolean;
     enableTogglingDataRetention: boolean;
@@ -59,8 +59,8 @@ export class IndexMgmtUIPlugin
       enableIndexActions,
       enableLegacyTemplates,
       enableIndexStats,
+      enableDataStreamStats,
       editableIndexSettings,
-      enableDataStreamsStorageColumn,
       enableMappingsSourceFieldSection,
       enableTogglingDataRetention,
       dev: { enableSemanticText },
@@ -70,8 +70,8 @@ export class IndexMgmtUIPlugin
       enableIndexActions: enableIndexActions ?? true,
       enableLegacyTemplates: enableLegacyTemplates ?? true,
       enableIndexStats: enableIndexStats ?? true,
+      enableDataStreamStats: enableDataStreamStats ?? true,
       editableIndexSettings: editableIndexSettings ?? 'all',
-      enableDataStreamsStorageColumn: enableDataStreamsStorageColumn ?? true,
       enableMappingsSourceFieldSection: enableMappingsSourceFieldSection ?? true,
       enableTogglingDataRetention: enableTogglingDataRetention ?? true,
       enableSemanticText: enableSemanticText ?? false,
@@ -112,7 +112,7 @@ export class IndexMgmtUIPlugin
   }
 
   public start(coreStart: CoreStart, plugins: StartDependencies): IndexManagementPluginStart {
-    const { fleet, usageCollection, cloud, share, console, ml } = plugins;
+    const { fleet, usageCollection, cloud, share, console, ml, licensing } = plugins;
     return {
       extensionsService: this.extensionsService.setup(),
       getIndexMappingComponent: (deps: { history: ScopedHistory<unknown> }) => {
@@ -134,6 +134,7 @@ export class IndexMgmtUIPlugin
             cloud,
             console,
             ml,
+            licensing,
           },
           services: {
             extensionsService: this.extensionsService,
diff --git a/x-pack/plugins/index_management/public/types.ts b/x-pack/plugins/index_management/public/types.ts
index 30df6157abd8b..9c9340b334ce2 100644
--- a/x-pack/plugins/index_management/public/types.ts
+++ b/x-pack/plugins/index_management/public/types.ts
@@ -17,6 +17,7 @@ import { ManagementSetup } from '@kbn/management-plugin/public';
 import { MlPluginStart } from '@kbn/ml-plugin/public';
 import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
+import { LicensingPluginStart } from '@kbn/licensing-plugin/public';
 
 export interface IndexManagementStartServices {
   analytics: Pick<AnalyticsServiceStart, 'reportEvent'>;
@@ -40,6 +41,7 @@ export interface StartDependencies {
   fleet?: unknown;
   usageCollection: UsageCollectionSetup;
   management: ManagementSetup;
+  licensing?: LicensingPluginStart;
   ml?: MlPluginStart;
 }
 
@@ -50,8 +52,8 @@ export interface ClientConfigType {
   enableIndexActions?: boolean;
   enableLegacyTemplates?: boolean;
   enableIndexStats?: boolean;
+  enableDataStreamStats?: boolean;
   editableIndexSettings?: 'all' | 'limited';
-  enableDataStreamsStorageColumn?: boolean;
   enableMappingsSourceFieldSection?: boolean;
   enableTogglingDataRetention?: boolean;
   dev: {
diff --git a/x-pack/plugins/index_management/server/config.ts b/x-pack/plugins/index_management/server/config.ts
index c213cf5b8a87f..8625274e31d2a 100644
--- a/x-pack/plugins/index_management/server/config.ts
+++ b/x-pack/plugins/index_management/server/config.ts
@@ -43,17 +43,17 @@ const schemaLatest = schema.object(
       // We take this approach in order to have a central place (serverless.yml) for serverless config across Kibana
       serverless: schema.boolean({ defaultValue: true }),
     }),
+    enableDataStreamStats: offeringBasedSchema({
+      // Data stream stats information is disabled in serverless; refer to the serverless.yml file as the source of truth
+      // We take this approach in order to have a central place (serverless.yml) for serverless config across Kibana
+      serverless: schema.boolean({ defaultValue: true }),
+    }),
     editableIndexSettings: offeringBasedSchema({
       // on serverless only a limited set of index settings can be edited
       serverless: schema.oneOf([schema.literal('all'), schema.literal('limited')], {
         defaultValue: 'all',
       }),
     }),
-    enableDataStreamsStorageColumn: offeringBasedSchema({
-      // The Storage size column in Data streams is disabled in serverless; refer to the serverless.yml file as the source of truth
-      // We take this approach in order to have a central place (serverless.yml) for serverless config across Kibana
-      serverless: schema.boolean({ defaultValue: true }),
-    }),
     enableMappingsSourceFieldSection: offeringBasedSchema({
       // The _source field in the Mappings editor's advanced options form is disabled in serverless; refer to the serverless.yml file as the source of truth
       // We take this approach in order to have a central place (serverless.yml) for serverless config across Kibana
@@ -77,8 +77,8 @@ const configLatest: PluginConfigDescriptor<IndexManagementConfig> = {
     enableIndexActions: true,
     enableLegacyTemplates: true,
     enableIndexStats: true,
+    enableDataStreamStats: true,
     editableIndexSettings: true,
-    enableDataStreamsStorageColumn: true,
     enableMappingsSourceFieldSection: true,
     enableTogglingDataRetention: true,
   },
diff --git a/x-pack/plugins/index_management/server/plugin.ts b/x-pack/plugins/index_management/server/plugin.ts
index 9d3b4858b0630..bb2d563ee1b8c 100644
--- a/x-pack/plugins/index_management/server/plugin.ts
+++ b/x-pack/plugins/index_management/server/plugin.ts
@@ -56,7 +56,7 @@ export class IndexMgmtServerPlugin implements Plugin<IndexManagementPluginSetup,
         isSecurityEnabled: () => security !== undefined && security.license.isEnabled(),
         isLegacyTemplatesEnabled: this.config.enableLegacyTemplates,
         isIndexStatsEnabled: this.config.enableIndexStats,
-        isDataStreamsStorageColumnEnabled: this.config.enableDataStreamsStorageColumn,
+        isDataStreamStatsEnabled: this.config.enableDataStreamStats,
         enableMappingsSourceFieldSection: this.config.enableMappingsSourceFieldSection,
         enableTogglingDataRetention: this.config.enableTogglingDataRetention,
       },
diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/register_privileges_route.test.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/register_privileges_route.test.ts
index b441912153926..0548af172c094 100644
--- a/x-pack/plugins/index_management/server/routes/api/component_templates/register_privileges_route.test.ts
+++ b/x-pack/plugins/index_management/server/routes/api/component_templates/register_privileges_route.test.ts
@@ -48,7 +48,7 @@ describe('GET privileges', () => {
         isSecurityEnabled: () => true,
         isLegacyTemplatesEnabled: true,
         isIndexStatsEnabled: true,
-        isDataStreamsStorageColumnEnabled: true,
+        isDataStreamStatsEnabled: true,
         enableMappingsSourceFieldSection: true,
         enableTogglingDataRetention: true,
       },
@@ -119,7 +119,7 @@ describe('GET privileges', () => {
           isSecurityEnabled: () => false,
           isLegacyTemplatesEnabled: true,
           isIndexStatsEnabled: true,
-          isDataStreamsStorageColumnEnabled: true,
+          isDataStreamStatsEnabled: true,
           enableMappingsSourceFieldSection: true,
           enableTogglingDataRetention: true,
         },
diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts
index 65d939ef5f886..eb9fdb87d9a74 100644
--- a/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts
+++ b/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts
@@ -43,7 +43,6 @@ export const registerUpdateRoute = ({
             template: template as estypes.IndicesIndexState,
             version,
             _meta,
-            // @ts-expect-error deprecated property is not yet part of the API types
             deprecated,
           },
         });
diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts
index 58d593d543455..f5bddb2b138ea 100644
--- a/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts
+++ b/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts
@@ -8,7 +8,7 @@
 import { schema } from '@kbn/config-schema';
 
 export const componentTemplateSchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   template: schema.object({
     settings: schema.maybe(schema.object({}, { unknowns: 'allow' })),
     aliases: schema.maybe(schema.object({}, { unknowns: 'allow' })),
diff --git a/x-pack/plugins/index_management/server/routes/api/data_streams/register_get_route.ts b/x-pack/plugins/index_management/server/routes/api/data_streams/register_get_route.ts
index a72c6ea985c6d..11db019eacf6a 100644
--- a/x-pack/plugins/index_management/server/routes/api/data_streams/register_get_route.ts
+++ b/x-pack/plugins/index_management/server/routes/api/data_streams/register_get_route.ts
@@ -100,7 +100,7 @@ export function registerGetAllRoute({ router, lib: { handleEsError }, config }:
         let dataStreamsStats;
         let dataStreamsPrivileges;
 
-        if (includeStats) {
+        if (includeStats && config.isDataStreamStatsEnabled !== false) {
           ({ data_streams: dataStreamsStats } = await getDataStreamsStats(client));
         }
 
@@ -137,9 +137,14 @@ export function registerGetOneRoute({ router, lib: { handleEsError }, config }:
     async (context, request, response) => {
       const { name } = request.params as TypeOf<typeof paramsSchema>;
       const { client } = (await context.core).elasticsearch;
+      let dataStreamsStats;
+
       try {
-        const [{ data_streams: dataStreams }, { data_streams: dataStreamsStats }] =
-          await Promise.all([getDataStreams(client, name), getDataStreamsStats(client, name)]);
+        const { data_streams: dataStreams } = await getDataStreams(client, name);
+
+        if (config.isDataStreamStatsEnabled !== false) {
+          ({ data_streams: dataStreamsStats } = await getDataStreamsStats(client, name));
+        }
 
         if (dataStreams[0]) {
           let dataStreamsPrivileges;
diff --git a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts
index 8b43fc19d2a31..24110cc685676 100644
--- a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts
+++ b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts
@@ -17,7 +17,7 @@ import { normalizeFieldsList, getIndices, FieldCapsList, getCommonFields } from
 
 const validationSchema = schema.object({
   policy: schema.object({
-    name: schema.string(),
+    name: schema.string({ maxLength: 1000 }),
     type: schema.oneOf([
       schema.literal('match'),
       schema.literal('range'),
diff --git a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_privileges_route.test.ts b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_privileges_route.test.ts
index 05ee689871aea..2fc1d3e38599e 100644
--- a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_privileges_route.test.ts
+++ b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_privileges_route.test.ts
@@ -48,7 +48,7 @@ describe('GET privileges', () => {
         isSecurityEnabled: () => true,
         isLegacyTemplatesEnabled: true,
         isIndexStatsEnabled: true,
-        isDataStreamsStorageColumnEnabled: true,
+        isDataStreamStatsEnabled: true,
         enableMappingsSourceFieldSection: true,
         enableTogglingDataRetention: true,
       },
@@ -119,7 +119,7 @@ describe('GET privileges', () => {
           isSecurityEnabled: () => false,
           isLegacyTemplatesEnabled: true,
           isIndexStatsEnabled: true,
-          isDataStreamsStorageColumnEnabled: true,
+          isDataStreamStatsEnabled: true,
           enableMappingsSourceFieldSection: true,
           enableTogglingDataRetention: true,
         },
diff --git a/x-pack/plugins/index_management/server/routes/api/templates/lib.ts b/x-pack/plugins/index_management/server/routes/api/templates/lib.ts
index f900e76ac17f5..757ba6fd6da7f 100644
--- a/x-pack/plugins/index_management/server/routes/api/templates/lib.ts
+++ b/x-pack/plugins/index_management/server/routes/api/templates/lib.ts
@@ -55,6 +55,7 @@ export const saveTemplate = async ({
       body: {
         index_patterns,
         version,
+        // @ts-expect-error Types of property auto_expand_replicas are incompatible.
         settings,
         mappings,
         aliases,
diff --git a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
index 782277d3abc03..73dc3f59a08b1 100644
--- a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
+++ b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
@@ -8,7 +8,7 @@
 import { schema } from '@kbn/config-schema';
 
 export const templateSchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   indexPatterns: schema.arrayOf(schema.string()),
   version: schema.maybe(schema.number()),
   order: schema.maybe(schema.number()),
diff --git a/x-pack/plugins/index_management/server/test/helpers/route_dependencies.ts b/x-pack/plugins/index_management/server/test/helpers/route_dependencies.ts
index 6fbfef5a9528e..b6a6ee4900b13 100644
--- a/x-pack/plugins/index_management/server/test/helpers/route_dependencies.ts
+++ b/x-pack/plugins/index_management/server/test/helpers/route_dependencies.ts
@@ -14,7 +14,7 @@ export const routeDependencies: Omit<RouteDependencies, 'router'> = {
     isSecurityEnabled: jest.fn().mockReturnValue(true),
     isLegacyTemplatesEnabled: true,
     isIndexStatsEnabled: true,
-    isDataStreamsStorageColumnEnabled: true,
+    isDataStreamStatsEnabled: true,
     enableMappingsSourceFieldSection: true,
     enableTogglingDataRetention: true,
   },
diff --git a/x-pack/plugins/index_management/server/types.ts b/x-pack/plugins/index_management/server/types.ts
index 1405ed1c3ed93..65f55b9f135fd 100644
--- a/x-pack/plugins/index_management/server/types.ts
+++ b/x-pack/plugins/index_management/server/types.ts
@@ -25,7 +25,7 @@ export interface RouteDependencies {
     isSecurityEnabled: () => boolean;
     isLegacyTemplatesEnabled: boolean;
     isIndexStatsEnabled: boolean;
-    isDataStreamsStorageColumnEnabled: boolean;
+    isDataStreamStatsEnabled: boolean;
     enableMappingsSourceFieldSection: boolean;
     enableTogglingDataRetention: boolean;
   };
diff --git a/x-pack/plugins/index_management/tsconfig.json b/x-pack/plugins/index_management/tsconfig.json
index ec199f7b11f53..e5d24269ba476 100644
--- a/x-pack/plugins/index_management/tsconfig.json
+++ b/x-pack/plugins/index_management/tsconfig.json
@@ -51,6 +51,7 @@
     "@kbn/ml-plugin",
     "@kbn/react-kibana-context-render",
     "@kbn/react-kibana-mount",
+    "@kbn/rollup",
     "@kbn/ml-error-utils",
   ],
   "exclude": ["target/**/*"]
diff --git a/x-pack/plugins/ingest_pipelines/__jest__/client_integration/ingest_pipelines_list.test.ts b/x-pack/plugins/ingest_pipelines/__jest__/client_integration/ingest_pipelines_list.test.ts
index 19babe16de1a8..bad60a75b3b18 100644
--- a/x-pack/plugins/ingest_pipelines/__jest__/client_integration/ingest_pipelines_list.test.ts
+++ b/x-pack/plugins/ingest_pipelines/__jest__/client_integration/ingest_pipelines_list.test.ts
@@ -103,7 +103,7 @@ describe('<PipelinesList />', () => {
       expect(tableCellsValues.length).toEqual(pipelinesWithoutDeprecated.length);
 
       // Enable filtering by deprecated pipelines
-      const searchInput = component.find('.euiFieldSearch').first();
+      const searchInput = component.find('input.euiFieldSearch').first();
       (searchInput.instance() as unknown as HTMLInputElement).value = 'is:deprecated';
       searchInput.simulate('keyup', { key: 'Enter', keyCode: 13, which: 13 });
       component.update();
diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
index 30637d00f495c..80c43af7b7d4d 100644
--- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
+++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
@@ -157,10 +157,11 @@ export const PipelineForm: React.FunctionComponent<PipelineFormProps> = ({
   */
   useUnsavedChangesPrompt({
     titleText: i18n.translate('xpack.ingestPipelines.form.unsavedPrompt.title', {
-      defaultMessage: `Exit pipeline creation without saving changes?`,
+      defaultMessage: 'Exit without saving changes?',
     }),
     messageText: i18n.translate('xpack.ingestPipelines.form.unsavedPrompt.body', {
-      defaultMessage: `The data will be lost if you leave this page without saving the pipeline changes`,
+      defaultMessage:
+        'The data will be lost if you leave this page without saving the pipeline changes.',
     }),
     hasUnsavedChanges: (isFormDirty || areProcessorsDirty) && !hasSubmittedForm,
     openConfirm: overlays.openConfirm,
diff --git a/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts b/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts
index 4e82b2fa0f8f7..ab23b58afba48 100644
--- a/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts
+++ b/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts
@@ -14,7 +14,7 @@ import { RouteDependencies } from '../../types';
 import { pipelineSchema } from './shared';
 
 const bodySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   ...pipelineSchema,
 });
 
diff --git a/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts b/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts
new file mode 100644
index 0000000000000..78228d5a4cbca
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Integration } from '../../common/api/model/common_attributes';
+
+export const testIntegration: Integration = {
+  name: 'integration',
+  title: 'Integration',
+  description: 'Integration description',
+  dataStreams: [
+    {
+      name: 'datastream',
+      title: 'Datastream',
+      description: 'Datastream description',
+      inputTypes: ['filestream', 'tcp', 'udp'],
+      docs: [
+        {
+          key: 'value',
+          anotherKey: 'anotherValue',
+        },
+      ],
+      rawSamples: ['{"test1": "test1"}'],
+      pipeline: {
+        processors: [
+          {
+            set: {
+              field: 'ecs.version',
+              value: '8.11.0',
+            },
+          },
+          {
+            rename: {
+              field: 'message',
+              target_field: 'event.original',
+              ignore_missing: true,
+              if: 'ctx.event?.original == null',
+            },
+          },
+        ],
+      },
+    },
+  ],
+};
diff --git a/x-pack/plugins/integration_assistant/__jest__/fixtures/categorization.ts b/x-pack/plugins/integration_assistant/__jest__/fixtures/categorization.ts
index 62fa18f5523c1..75ef8069294b5 100644
--- a/x-pack/plugins/integration_assistant/__jest__/fixtures/categorization.ts
+++ b/x-pack/plugins/integration_assistant/__jest__/fixtures/categorization.ts
@@ -181,7 +181,7 @@ export const categorizationTestState = {
   exAnswer: 'testanswer',
   lastExecutedChain: 'testchain',
   packageName: 'testpackage',
-  dataStreamName: 'testdatastream',
+  dataStreamName: 'testDataStream',
   errors: { test: 'testerror' },
   pipelineResults: [{ test: 'testresult' }],
   finalized: false,
diff --git a/x-pack/plugins/integration_assistant/__jest__/fixtures/ecs_mapping.ts b/x-pack/plugins/integration_assistant/__jest__/fixtures/ecs_mapping.ts
index f0ae923def0ef..167995931b568 100644
--- a/x-pack/plugins/integration_assistant/__jest__/fixtures/ecs_mapping.ts
+++ b/x-pack/plugins/integration_assistant/__jest__/fixtures/ecs_mapping.ts
@@ -443,6 +443,6 @@ export const ecsTestState = {
   rawSamples: ['{"test1": "test1"}'],
   samples: ['{ "test1": "test1" }'],
   packageName: 'testpackage',
-  dataStreamName: 'testdatastream',
+  dataStreamName: 'testDataStream',
   formattedSamples: '{"test1": "test1"}',
 };
diff --git a/x-pack/plugins/integration_assistant/__jest__/fixtures/related.ts b/x-pack/plugins/integration_assistant/__jest__/fixtures/related.ts
index f34133a4f520f..3a2b4100686dd 100644
--- a/x-pack/plugins/integration_assistant/__jest__/fixtures/related.ts
+++ b/x-pack/plugins/integration_assistant/__jest__/fixtures/related.ts
@@ -163,7 +163,7 @@ export const relatedTestState = {
   ecs: 'testtypes',
   exAnswer: 'testanswer',
   packageName: 'testpackage',
-  dataStreamName: 'testdatastream',
+  dataStreamName: 'testDataStream',
   errors: { test: 'testerror' },
   pipelineResults: [{ test: 'testresult' }],
   finalized: false,
diff --git a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.schema.yaml b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.schema.yaml
index d46213e5c8afb..37b5750e01aca 100644
--- a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.schema.yaml
@@ -19,15 +19,15 @@ paths:
               type: object
               required:
                 - packageName
-                - datastreamName
+                - dataStreamName
                 - rawSamples
                 - currentPipeline
                 - connectorId
               properties:
                 packageName:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/PackageName"
-                datastreamName:
-                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DatastreamName"
+                dataStreamName:
+                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DataStreamName"
                 rawSamples:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/RawSamples"
                 currentPipeline:
diff --git a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts
new file mode 100644
index 0000000000000..f7ef31f5fdb99
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { expectParseSuccess } from '@kbn/zod-helpers';
+import { CategorizationRequestBody } from './categorization_route';
+import { getCategorizationRequestMock } from '../model/api_test.mock';
+
+describe('Categorization request schema', () => {
+  test('full request validate', () => {
+    const payload: CategorizationRequestBody = getCategorizationRequestMock();
+
+    const result = CategorizationRequestBody.safeParse(payload);
+    expectParseSuccess(result);
+    expect(result.data).toEqual(payload);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts
index e3c81c95b7404..067c3c88a07ed 100644
--- a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts
+++ b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.ts
@@ -9,7 +9,7 @@ import { z } from 'zod';
 
 import {
   Connector,
-  DatastreamName,
+  DataStreamName,
   PackageName,
   Pipeline,
   RawSamples,
@@ -19,7 +19,7 @@ import { CategorizationAPIResponse } from '../model/response_schemas';
 export type CategorizationRequestBody = z.infer<typeof CategorizationRequestBody>;
 export const CategorizationRequestBody = z.object({
   packageName: PackageName,
-  datastreamName: DatastreamName,
+  dataStreamName: DataStreamName,
   rawSamples: RawSamples,
   currentPipeline: Pipeline,
   connectorId: Connector,
diff --git a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.schema.yaml b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.schema.yaml
index 996635404e0b9..d539ae5877da8 100644
--- a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.schema.yaml
@@ -19,14 +19,14 @@ paths:
               type: object
               required:
                 - packageName
-                - datastreamName
+                - dataStreamName
                 - rawSamples
                 - connectorId
               properties:
                 packageName:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/PackageName"
-                datastreamName:
-                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DatastreamName"
+                dataStreamName:
+                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DataStreamName"
                 rawSamples:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/RawSamples"
                 mapping:
diff --git a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts
new file mode 100644
index 0000000000000..770c3ff96f675
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { expectParseSuccess } from '@kbn/zod-helpers';
+import { EcsMappingRequestBody } from './ecs_route';
+import { getEcsMappingRequestMock } from '../model/api_test.mock';
+
+describe('Ecs Mapping request schema', () => {
+  test('full request validate', () => {
+    const payload: EcsMappingRequestBody = getEcsMappingRequestMock();
+
+    const result = EcsMappingRequestBody.safeParse(payload);
+    expectParseSuccess(result);
+    expect(result.data).toEqual(payload);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts
index 0a265c75da493..b1973159f9304 100644
--- a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts
+++ b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.ts
@@ -9,7 +9,7 @@ import { z } from 'zod';
 
 import {
   Connector,
-  DatastreamName,
+  DataStreamName,
   Mapping,
   PackageName,
   RawSamples,
@@ -19,7 +19,7 @@ import { EcsMappingAPIResponse } from '../model/response_schemas';
 export type EcsMappingRequestBody = z.infer<typeof EcsMappingRequestBody>;
 export const EcsMappingRequestBody = z.object({
   packageName: PackageName,
-  datastreamName: DatastreamName,
+  dataStreamName: DataStreamName,
   rawSamples: RawSamples,
   mapping: Mapping.optional(),
   connectorId: Connector,
diff --git a/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts b/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts
new file mode 100644
index 0000000000000..92208abd04832
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts
@@ -0,0 +1,82 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BuildIntegrationRequestBody } from '../build_integration/build_integration';
+import type { CategorizationRequestBody } from '../categorization/categorization_route';
+import type { EcsMappingRequestBody } from '../ecs/ecs_route';
+import type { RelatedRequestBody } from '../related/related_route';
+import type { DataStream, Integration, Pipeline } from './common_attributes';
+
+const rawSamples = ['{"test1": "test1"}'];
+
+export const getDataStreamMock = (): DataStream => ({
+  description: 'Test description',
+  name: 'Test name',
+  inputTypes: ['filestream'],
+  title: 'Test title',
+  docs: [
+    {
+      key: 'value',
+      anotherKey: 'anotherValue',
+    },
+  ],
+  rawSamples,
+  pipeline: getPipelineMock(),
+});
+
+export const getIntegrationMock = (): Integration => ({
+  description: 'Test description',
+  name: 'Test name',
+  title: 'Test title',
+  dataStreams: [getDataStreamMock()],
+});
+
+export const getPipelineMock = (): Pipeline => ({
+  processors: [
+    {
+      set: {
+        field: 'ecs.version',
+        value: '8.11.0',
+      },
+    },
+    {
+      rename: {
+        field: 'message',
+        target_field: 'event.original',
+        ignore_missing: true,
+        if: 'ctx.event?.original == null',
+      },
+    },
+  ],
+});
+
+export const getCategorizationRequestMock = (): CategorizationRequestBody => ({
+  connectorId: 'test-connector-id',
+  currentPipeline: getPipelineMock(),
+  dataStreamName: 'test-data-stream-name',
+  packageName: 'test-package-name',
+  rawSamples,
+});
+
+export const getBuildIntegrationRequestMock = (): BuildIntegrationRequestBody => ({
+  integration: getIntegrationMock(),
+});
+
+export const getEcsMappingRequestMock = (): EcsMappingRequestBody => ({
+  rawSamples,
+  dataStreamName: 'test-data-stream-name',
+  packageName: 'test-package-name',
+  connectorId: 'test-connector-id',
+});
+
+export const getRelatedRequestMock = (): RelatedRequestBody => ({
+  dataStreamName: 'test-data-stream-name',
+  packageName: 'test-package-name',
+  rawSamples,
+  connectorId: 'test-connector-id',
+  currentPipeline: getPipelineMock(),
+});
diff --git a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml
index eb8c303edb5ab..24cb71ed5274c 100644
--- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml
@@ -11,10 +11,10 @@ components:
       minLength: 1
       description: Package name for the integration to be built.
 
-    DatastreamName:
+    DataStreamName:
       type: string
       minLength: 1
-      description: Datastream name for the integration to be built.
+      description: DataStream name for the integration to be built.
 
     RawSamples:
       type: array
@@ -64,12 +64,13 @@ components:
 
     InputType:
       type: string
-      description: The input type for the datastream to pull logs from.
+      description: The input type for the dataStream to pull logs from.
       enum:
         - aws_cloudwatch
         - aws_s3
         - azure_blob_storage
         - azure_eventhub
+        - cel
         - cloudfoundry
         - filestream
         - gcp_pubsub
@@ -80,9 +81,9 @@ components:
         - tcp
         - udp
 
-    Datastream:
+    DataStream:
       type: object
-      description: The datastream object.
+      description: The dataStream object.
       required:
         - name
         - title
@@ -94,27 +95,27 @@ components:
       properties:
         name:
           type: string
-          description: The name of the datastream.
+          description: The name of the dataStream.
         title:
           type: string
-          description: The title of the datastream.
+          description: The title of the dataStream.
         description:
           type: string
-          description: The description of the datastream.
+          description: The description of the dataStream.
         inputTypes:
           type: array
           items:
             $ref: "#/components/schemas/InputType"
-          description: The input types of the datastream.
+          description: The input types of the dataStream.
         rawSamples:
           $ref: "#/components/schemas/RawSamples"
-          description: The raw samples of the datastream.
+          description: The raw samples of the dataStream.
         pipeline:
           $ref: "#/components/schemas/Pipeline"
-          description: The pipeline of the datastream.
+          description: The pipeline of the dataStream.
         docs:
           $ref: "#/components/schemas/Docs"
-          description: The documents of the datastream.
+          description: The documents of the dataStream.
 
     Integration:
       type: object
@@ -137,20 +138,8 @@ components:
         dataStreams:
           type: array
           items:
-            $ref: "#/components/schemas/Datastream"
-          description: The datastreams of the integration.
+            $ref: "#/components/schemas/DataStream"
+          description: The dataStreams of the integration.
         logo:
           type: string
           description: The logo of the integration.
-
-    PipelineResults:
-      type: array
-      description: An array of pipeline results.
-      items:
-        type: object
-
-    Errors:
-      type: array
-      description: An array of errors.
-      items:
-        type: object
diff --git a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts
index 426224a0622d0..fdb20931ccce0 100644
--- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts
+++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts
@@ -16,10 +16,10 @@ export type PackageName = z.infer<typeof PackageName>;
 export const PackageName = z.string().min(1);
 
 /**
- * Datastream name for the integration to be built.
+ * DataStream name for the integration to be built.
  */
-export type DatastreamName = z.infer<typeof DatastreamName>;
-export const DatastreamName = z.string().min(1);
+export type DataStreamName = z.infer<typeof DataStreamName>;
+export const DataStreamName = z.string().min(1);
 
 /**
  * String array containing the json raw samples that are used for ecs mapping.
@@ -31,7 +31,7 @@ export const RawSamples = z.array(z.string());
  * mapping object to ECS Mapping Request.
  */
 export type Mapping = z.infer<typeof Mapping>;
-export const Mapping = z.object({});
+export const Mapping = z.object({}).passthrough();
 
 /**
  * LLM Connector to be used in each API request.
@@ -43,7 +43,7 @@ export const Connector = z.string();
  * An array of processed documents.
  */
 export type Docs = z.infer<typeof Docs>;
-export const Docs = z.array(z.object({}));
+export const Docs = z.array(z.object({}).passthrough());
 
 /**
  * The pipeline object.
@@ -73,7 +73,7 @@ export const Pipeline = z.object({
 });
 
 /**
- * The input type for the datastream to pull logs from.
+ * The input type for the dataStream to pull logs from.
  */
 export type InputType = z.infer<typeof InputType>;
 export const InputType = z.enum([
@@ -81,6 +81,7 @@ export const InputType = z.enum([
   'aws_s3',
   'azure_blob_storage',
   'azure_eventhub',
+  'cel',
   'cloudfoundry',
   'filestream',
   'gcp_pubsub',
@@ -95,36 +96,36 @@ export type InputTypeEnum = typeof InputType.enum;
 export const InputTypeEnum = InputType.enum;
 
 /**
- * The datastream object.
+ * The dataStream object.
  */
-export type Datastream = z.infer<typeof Datastream>;
-export const Datastream = z.object({
+export type DataStream = z.infer<typeof DataStream>;
+export const DataStream = z.object({
   /**
-   * The name of the datastream.
+   * The name of the dataStream.
    */
   name: z.string(),
   /**
-   * The title of the datastream.
+   * The title of the dataStream.
    */
   title: z.string(),
   /**
-   * The description of the datastream.
+   * The description of the dataStream.
    */
   description: z.string(),
   /**
-   * The input types of the datastream.
+   * The input types of the dataStream.
    */
   inputTypes: z.array(InputType),
   /**
-   * The raw samples of the datastream.
+   * The raw samples of the dataStream.
    */
   rawSamples: RawSamples,
   /**
-   * The pipeline of the datastream.
+   * The pipeline of the dataStream.
    */
   pipeline: Pipeline,
   /**
-   * The documents of the datastream.
+   * The documents of the dataStream.
    */
   docs: Docs,
 });
@@ -147,23 +148,11 @@ export const Integration = z.object({
    */
   description: z.string(),
   /**
-   * The datastreams of the integration.
+   * The dataStreams of the integration.
    */
-  dataStreams: z.array(Datastream),
+  dataStreams: z.array(DataStream),
   /**
    * The logo of the integration.
    */
   logo: z.string().optional(),
 });
-
-/**
- * An array of pipeline results.
- */
-export type PipelineResults = z.infer<typeof PipelineResults>;
-export const PipelineResults = z.array(z.object({}));
-
-/**
- * An array of errors.
- */
-export type Errors = z.infer<typeof Errors>;
-export const Errors = z.array(z.object({}));
diff --git a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml
index 100581cd21ceb..8afbab533a6d3 100644
--- a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml
@@ -57,9 +57,12 @@ components:
     CheckPipelineAPIResponse:
       type: object
       required:
-        - pipelineResults
+        - results
       properties:
-        pipelineResults:
-          $ref: "./common_attributes.schema.yaml#/components/schemas/PipelineResults"
-        errors:
-          $ref: "./common_attributes.schema.yaml#/components/schemas/Errors"
+        results:
+          type: object
+          required:
+            - docs
+          properties:
+            docs:
+              $ref: "./common_attributes.schema.yaml#/components/schemas/Docs"
diff --git a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts
index f8a42d2081488..7e6eee10576f8 100644
--- a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts
+++ b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts
@@ -16,7 +16,7 @@
 
 import { z } from 'zod';
 
-import { Docs, Errors, Mapping, Pipeline, PipelineResults } from './common_attributes';
+import { Docs, Mapping, Pipeline } from './common_attributes';
 
 export type EcsMappingAPIResponse = z.infer<typeof EcsMappingAPIResponse>;
 export const EcsMappingAPIResponse = z.object({
@@ -44,6 +44,7 @@ export const RelatedAPIResponse = z.object({
 
 export type CheckPipelineAPIResponse = z.infer<typeof CheckPipelineAPIResponse>;
 export const CheckPipelineAPIResponse = z.object({
-  pipelineResults: PipelineResults,
-  errors: Errors.optional(),
+  results: z.object({
+    docs: Docs,
+  }),
 });
diff --git a/x-pack/plugins/integration_assistant/common/api/related/related_route.schema.yaml b/x-pack/plugins/integration_assistant/common/api/related/related_route.schema.yaml
index 3172d9f9ba812..13990dc1b66d8 100644
--- a/x-pack/plugins/integration_assistant/common/api/related/related_route.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/related/related_route.schema.yaml
@@ -19,15 +19,15 @@ paths:
               type: object
               required:
                 - packageName
-                - datastreamName
+                - dataStreamName
                 - rawSamples
                 - currentPipeline
                 - connectorId
               properties:
                 packageName:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/PackageName"
-                datastreamName:
-                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DatastreamName"
+                dataStreamName:
+                  $ref: "../model/common_attributes.schema.yaml#/components/schemas/DataStreamName"
                 rawSamples:
                   $ref: "../model/common_attributes.schema.yaml#/components/schemas/RawSamples"
                 currentPipeline:
diff --git a/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts b/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts
new file mode 100644
index 0000000000000..8f69c13303056
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { expectParseSuccess } from '@kbn/zod-helpers';
+import { RelatedRequestBody } from './related_route';
+import { getRelatedRequestMock } from '../model/api_test.mock';
+
+describe('Related request schema', () => {
+  test('full request validate', () => {
+    const payload: RelatedRequestBody = getRelatedRequestMock();
+
+    const result = RelatedRequestBody.safeParse(payload);
+    expectParseSuccess(result);
+    expect(result.data).toEqual(payload);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/common/api/related/related_route.ts b/x-pack/plugins/integration_assistant/common/api/related/related_route.ts
index 2b8c46866cc7b..4c5242e48d2c3 100644
--- a/x-pack/plugins/integration_assistant/common/api/related/related_route.ts
+++ b/x-pack/plugins/integration_assistant/common/api/related/related_route.ts
@@ -9,7 +9,7 @@ import { z } from 'zod';
 
 import {
   Connector,
-  DatastreamName,
+  DataStreamName,
   PackageName,
   Pipeline,
   RawSamples,
@@ -19,7 +19,7 @@ import { RelatedAPIResponse } from '../model/response_schemas';
 export type RelatedRequestBody = z.infer<typeof RelatedRequestBody>;
 export const RelatedRequestBody = z.object({
   packageName: PackageName,
-  datastreamName: DatastreamName,
+  dataStreamName: DataStreamName,
   rawSamples: RawSamples,
   currentPipeline: Pipeline,
   connectorId: Connector,
diff --git a/x-pack/plugins/integration_assistant/common/constants.ts b/x-pack/plugins/integration_assistant/common/constants.ts
index 59b0a2cd9b094..7e365342adb89 100644
--- a/x-pack/plugins/integration_assistant/common/constants.ts
+++ b/x-pack/plugins/integration_assistant/common/constants.ts
@@ -13,8 +13,10 @@ export const INTEGRATION_ASSISTANT_APP_ROUTE = '/app/integration_assistant';
 
 // Server API Routes
 export const INTEGRATION_ASSISTANT_BASE_PATH = '/api/integration_assistant';
+
 export const ECS_GRAPH_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/ecs`;
 export const CATEGORIZATION_GRAPH_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/categorization`;
 export const RELATED_GRAPH_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/related`;
+export const CHECK_PIPELINE_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/pipeline`;
 export const INTEGRATION_BUILDER_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/build`;
-export const TEST_PIPELINE_PATH = `${INTEGRATION_ASSISTANT_BASE_PATH}/pipeline`;
+export const FLEET_PACKAGES_PATH = `/api/fleet/epm/packages`;
diff --git a/x-pack/plugins/integration_assistant/common/index.ts b/x-pack/plugins/integration_assistant/common/index.ts
index d5e72ede8e164..c49e2825d8206 100644
--- a/x-pack/plugins/integration_assistant/common/index.ts
+++ b/x-pack/plugins/integration_assistant/common/index.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
 export { BuildIntegrationRequestBody } from './api/build_integration/build_integration';
 export {
   CategorizationRequestBody,
@@ -17,7 +16,13 @@ export {
 export { EcsMappingRequestBody, EcsMappingResponse } from './api/ecs/ecs_route';
 export { RelatedRequestBody, RelatedResponse } from './api/related/related_route';
 
-export type { Datastream, InputType, Integration, Pipeline } from './api/model/common_attributes';
+export type {
+  DataStream,
+  InputType,
+  Integration,
+  Pipeline,
+  Docs,
+} from './api/model/common_attributes';
 export type { ESProcessorItem } from './api/model/processor_attributes';
 
 export {
@@ -28,5 +33,5 @@ export {
   INTEGRATION_BUILDER_PATH,
   PLUGIN_ID,
   RELATED_GRAPH_PATH,
-  TEST_PIPELINE_PATH,
+  CHECK_PIPELINE_PATH,
 } from './constants';
diff --git a/x-pack/plugins/integration_assistant/jest.config.js b/x-pack/plugins/integration_assistant/jest.config.js
index 5da1e904b8894..5712a959c461f 100644
--- a/x-pack/plugins/integration_assistant/jest.config.js
+++ b/x-pack/plugins/integration_assistant/jest.config.js
@@ -12,10 +12,10 @@ module.exports = {
   coverageDirectory: '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/integration_assistant',
   coverageReporters: ['text', 'html'],
   collectCoverageFrom: [
-    '<rootDir>/x-pack/plugins/integration_assistant/{common,server}/**/*.{ts,tsx}',
+    '<rootDir>/x-pack/plugins/integration_assistant/{common,server,public}/**/*.{ts,tsx}',
     '!<rootDir>/x-pack/plugins/integration_assistant/{__jest__}/**/*',
-    '!<rootDir>/x-pack/plugins/integration_assistant/*.test.{ts,tsx}',
-    '!<rootDir>/x-pack/plugins/integration_assistant/*.config.ts',
+    '!<rootDir>/x-pack/plugins/integration_assistant/**/*.test.{ts,tsx}',
+    '!<rootDir>/x-pack/plugins/integration_assistant/**/*.config.ts',
   ],
   setupFiles: ['jest-canvas-mock'],
 };
diff --git a/x-pack/plugins/integration_assistant/kibana.jsonc b/x-pack/plugins/integration_assistant/kibana.jsonc
index 9ce4f435c893b..a70120d9cefba 100644
--- a/x-pack/plugins/integration_assistant/kibana.jsonc
+++ b/x-pack/plugins/integration_assistant/kibana.jsonc
@@ -2,14 +2,20 @@
   "type": "plugin",
   "id": "@kbn/integration-assistant-plugin",
   "owner": "@elastic/security-solution",
-  "description": "A simple example of how to use core's routing services test",
+  "description": "Plugin implementing the Integration Assistant API and UI",
   "plugin": {
     "id": "integrationAssistant",
     "server": true,
-    "browser": false,
-    "configPath": ["xpack", "integration_assistant"],
-    "requiredPlugins": ["actions", "licensing", "management", "features", "share", "fileUpload"],
-    "optionalPlugins": ["security", "usageCollection", "console"],
-    "extraPublicDirs": ["common"]
+    "browser": true,
+    "configPath": [
+      "xpack",
+      "integration_assistant"
+    ],
+    "requiredPlugins": [
+      "kibanaReact",
+      "triggersActionsUi",
+      "actions",
+      "stackConnectors",
+    ],
   }
 }
diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx
new file mode 100644
index 0000000000000..3890cd3b797cd
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EuiCallOut } from '@elastic/eui';
+import React, { useMemo, type PropsWithChildren } from 'react';
+import { useAuthorization, type Authorization } from '../../hooks/use_authorization';
+import { MissingPrivilegesDescription } from './missing_privileges_description';
+import * as i18n from './translations';
+
+type AuthorizationWrapperProps = PropsWithChildren<Partial<Authorization>>;
+export const AuthorizationWrapper = React.memo<AuthorizationWrapperProps>(
+  ({ children, ...authRequired }) => {
+    const authorization = useAuthorization();
+
+    const isAuthorized = useMemo(
+      () =>
+        Object.entries(authRequired).every(
+          ([key, enabled]) => !enabled || authorization[key as keyof Authorization]
+        ),
+      [authorization, authRequired]
+    );
+
+    if (!isAuthorized) {
+      return (
+        <EuiCallOut title={i18n.PRIVILEGES_MISSING_TITLE} iconType="iInCircle">
+          <MissingPrivilegesDescription {...authRequired} />
+        </EuiCallOut>
+      );
+    }
+
+    return <>{children}</>;
+  }
+);
+AuthorizationWrapper.displayName = 'AuthorizationWrapper';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts b/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts
new file mode 100644
index 0000000000000..b70eae012a8ad
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { AuthorizationWrapper } from './authorization_wrapper';
+export { MissingPrivilegesTooltip } from './missing_privileges_tooltip';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx
new file mode 100644
index 0000000000000..15365aeb3a08e
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiCode, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import type { Authorization } from '../../hooks/use_authorization';
+import * as i18n from './translations';
+
+type MissingPrivilegesDescriptionProps = Partial<Authorization>;
+export const MissingPrivilegesDescription = React.memo<MissingPrivilegesDescriptionProps>(
+  ({ canCreateIntegrations, canCreateConnectors, canExecuteConnectors }) => {
+    return (
+      <EuiFlexGroup gutterSize="m" direction="column">
+        <EuiFlexItem>{i18n.PRIVILEGES_REQUIRED_TITLE}</EuiFlexItem>
+        <EuiFlexItem>
+          <EuiCode>
+            <ul>
+              {canCreateIntegrations && (
+                <>
+                  <li>{i18n.REQUIRED_PRIVILEGES.FLEET_ALL}</li>
+                  <li>{i18n.REQUIRED_PRIVILEGES.INTEGRATIONS_ALL}</li>
+                </>
+              )}
+              {canCreateConnectors ? (
+                <li>{i18n.REQUIRED_PRIVILEGES.CONNECTORS_ALL}</li>
+              ) : (
+                <>{canExecuteConnectors && <li>{i18n.REQUIRED_PRIVILEGES.CONNECTORS_READ}</li>}</>
+              )}
+            </ul>
+          </EuiCode>
+        </EuiFlexItem>
+        <EuiFlexItem>{i18n.CONTACT_ADMINISTRATOR}</EuiFlexItem>
+      </EuiFlexGroup>
+    );
+  }
+);
+MissingPrivilegesDescription.displayName = 'MissingPrivilegesDescription';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx
new file mode 100644
index 0000000000000..ae684c56136f1
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiToolTip } from '@elastic/eui';
+import type { Authorization } from '../../hooks/use_authorization';
+import { MissingPrivilegesDescription } from './missing_privileges_description';
+import * as i18n from './translations';
+
+type MissingPrivilegesTooltip = Partial<Authorization> & {
+  children: React.ReactElement; // EuiToolTip requires a single ReactElement child
+};
+export const MissingPrivilegesTooltip = React.memo<MissingPrivilegesTooltip>(
+  ({ children, ...authMissing }) => (
+    <EuiToolTip
+      title={i18n.PRIVILEGES_MISSING_TITLE}
+      content={<MissingPrivilegesDescription {...authMissing} />}
+    >
+      {children}
+    </EuiToolTip>
+  )
+);
+MissingPrivilegesTooltip.displayName = 'MissingPrivilegesTooltip';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts b/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts
new file mode 100644
index 0000000000000..9da73799dc69c
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const PRIVILEGES_MISSING_TITLE = i18n.translate(
+  'xpack.integrationAssistant.missingPrivileges.title',
+  {
+    defaultMessage: 'Missing privileges',
+  }
+);
+
+export const PRIVILEGES_REQUIRED_TITLE = i18n.translate(
+  'xpack.integrationAssistant.missingPrivileges.privilegesNeededTitle',
+  {
+    defaultMessage: 'The minimum Kibana privileges required to use this feature are:',
+  }
+);
+
+export const REQUIRED_PRIVILEGES = {
+  FLEET_ALL: i18n.translate(
+    'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.fleet',
+    {
+      defaultMessage: 'Management > Fleet: All',
+    }
+  ),
+  INTEGRATIONS_ALL: i18n.translate(
+    'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.integrations',
+    {
+      defaultMessage: 'Management > Integrations: All',
+    }
+  ),
+  CONNECTORS_READ: i18n.translate(
+    'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.connectorsRead',
+    {
+      defaultMessage: 'Management > Connectors: Read',
+    }
+  ),
+  CONNECTORS_ALL: i18n.translate(
+    'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.connectorsAll',
+    {
+      defaultMessage: 'Management > Connectors: All',
+    }
+  ),
+};
+
+export const CONTACT_ADMINISTRATOR = i18n.translate(
+  'xpack.integrationAssistant.missingPrivileges.contactAdministrator',
+  {
+    defaultMessage: 'Contact your administrator for assistance.',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/common/components/buttons_footer.tsx b/x-pack/plugins/integration_assistant/public/common/components/buttons_footer.tsx
new file mode 100644
index 0000000000000..d70e2bcb288cb
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/buttons_footer.tsx
@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiLink } from '@elastic/eui';
+import { css } from '@emotion/react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import React from 'react';
+import { useKibana } from '../hooks/use_kibana';
+
+const bottomBarCss = css`
+  animation: none !important; // disable the animation to prevent the footer from flickering
+`;
+const containerCss = css`
+  min-height: 40px;
+`;
+const contentCss = css`
+  width: 100%;
+  max-width: 730px;
+`;
+
+interface ButtonsFooterProps {
+  cancelButtonText?: React.ReactNode;
+  nextButtonText?: React.ReactNode;
+  backButtonText?: React.ReactNode;
+  onNext?: () => void;
+  onBack?: () => void;
+  hideCancel?: boolean;
+  isNextDisabled?: boolean;
+}
+export const ButtonsFooter = React.memo<ButtonsFooterProps>(
+  ({
+    cancelButtonText,
+    nextButtonText,
+    backButtonText,
+    onNext,
+    onBack,
+    hideCancel = false,
+    isNextDisabled = false,
+  }) => {
+    const integrationsUrl = useKibana().services.application.getUrlForApp('integrations');
+    return (
+      <KibanaPageTemplate.BottomBar paddingSize="s" position="sticky" css={bottomBarCss}>
+        <EuiFlexGroup direction="column" alignItems="center" css={containerCss}>
+          <EuiFlexItem css={contentCss}>
+            <EuiFlexGroup
+              direction="row"
+              justifyContent="spaceBetween"
+              alignItems="center"
+              gutterSize="l"
+            >
+              <EuiFlexItem>
+                {!hideCancel && (
+                  <EuiLink href={integrationsUrl} color="text">
+                    {cancelButtonText || (
+                      <FormattedMessage
+                        id="xpack.integrationAssistant.footer.cancel"
+                        defaultMessage="Cancel"
+                      />
+                    )}
+                  </EuiLink>
+                )}
+              </EuiFlexItem>
+              <EuiFlexItem>
+                <EuiFlexGroup
+                  direction="row"
+                  justifyContent="flexEnd"
+                  alignItems="center"
+                  gutterSize="l"
+                >
+                  <EuiFlexItem grow={false}>
+                    {onBack && (
+                      <EuiLink onClick={onBack} color="text">
+                        {backButtonText || (
+                          <FormattedMessage
+                            id="xpack.integrationAssistant.footer.back"
+                            defaultMessage="Back"
+                          />
+                        )}
+                      </EuiLink>
+                    )}
+                  </EuiFlexItem>
+                  <EuiFlexItem grow={false}>
+                    {onNext && (
+                      <EuiButton fill color="primary" onClick={onNext} isDisabled={isNextDisabled}>
+                        {nextButtonText || (
+                          <FormattedMessage
+                            id="xpack.integrationAssistant.footer.next"
+                            defaultMessage="Next"
+                          />
+                        )}
+                      </EuiButton>
+                    )}
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </KibanaPageTemplate.BottomBar>
+    );
+  }
+);
+ButtonsFooter.displayName = 'ButtonsFooter';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/integration_image_header.tsx b/x-pack/plugins/integration_assistant/public/common/components/integration_image_header.tsx
new file mode 100644
index 0000000000000..6028f18af952f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/integration_image_header.tsx
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiFlexGroup, EuiFlexItem, EuiImage, EuiSpacer } from '@elastic/eui';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import { css } from '@emotion/react';
+import integrationsImage from '../images/integrations_light.svg';
+
+const headerCss = css`
+  > div {
+    padding-block: 0;
+  }
+`;
+const imageCss = css`
+  width: 318px;
+  height: 183px;
+  object-fit: cover;
+  object-position: center top;
+`;
+
+export const IntegrationImageHeader = React.memo(() => {
+  return (
+    <KibanaPageTemplate.Header css={headerCss}>
+      <EuiFlexGroup direction="column" alignItems="center">
+        <EuiFlexItem>
+          <EuiSpacer size="xl" />
+          <EuiImage alt="create integration background" src={integrationsImage} css={imageCss} />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </KibanaPageTemplate.Header>
+  );
+});
+IntegrationImageHeader.displayName = 'IntegrationImageHeader';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/section_title.tsx b/x-pack/plugins/integration_assistant/public/common/components/section_title.tsx
new file mode 100644
index 0000000000000..0e29239b8fcca
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/section_title.tsx
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiFlexGroup, EuiFlexItem, EuiText, EuiTitle } from '@elastic/eui';
+import { css } from '@emotion/react';
+
+const contentCss = css`
+  width: 100%;
+  max-width: 47em;
+`;
+const titleCss = css`
+  text-align: center;
+`;
+
+export interface SectionTitleProps {
+  title: string;
+  description?: string;
+}
+export const SectionTitle = React.memo<SectionTitleProps>(({ title, description }) => {
+  return (
+    <EuiFlexGroup direction="column" alignItems="center" justifyContent="center">
+      <EuiFlexItem css={contentCss}>
+        <EuiTitle size="l">
+          <h1 css={titleCss}>{title}</h1>
+        </EuiTitle>
+      </EuiFlexItem>
+      {description && (
+        <EuiFlexItem css={contentCss}>
+          <EuiText size="s" textAlign="center" color="subdued">
+            {description}
+          </EuiText>
+        </EuiFlexItem>
+      )}
+    </EuiFlexGroup>
+  );
+});
+SectionTitle.displayName = 'SectionTitle';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/section_wrapper.tsx b/x-pack/plugins/integration_assistant/public/common/components/section_wrapper.tsx
new file mode 100644
index 0000000000000..096998716fe2e
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/section_wrapper.tsx
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type PropsWithChildren } from 'react';
+import { EuiSpacer, EuiFlexGroup, EuiFlexItem, EuiText, EuiTitle } from '@elastic/eui';
+import { css } from '@emotion/react';
+
+const contentCss = css`
+  width: 100%;
+  max-width: 660px;
+`;
+const titleCss = css`
+  text-align: center;
+`;
+
+export type SectionWrapperProps = PropsWithChildren<{
+  title: React.ReactNode;
+  subtitle?: React.ReactNode;
+}>;
+export const SectionWrapper = React.memo<SectionWrapperProps>(({ children, title, subtitle }) => (
+  <>
+    <EuiSpacer size="xxl" />
+    <EuiFlexGroup direction="column" alignItems="center" justifyContent="center">
+      <EuiFlexItem css={contentCss}>
+        <EuiFlexGroup direction="column" alignItems="center" justifyContent="center" gutterSize="m">
+          <EuiFlexItem>
+            <EuiTitle size="l">
+              <h1 css={titleCss}>{title}</h1>
+            </EuiTitle>
+          </EuiFlexItem>
+          {subtitle && (
+            <EuiFlexItem>
+              <EuiText size="s" textAlign="center" color="subdued">
+                {subtitle}
+              </EuiText>
+            </EuiFlexItem>
+          )}
+        </EuiFlexGroup>
+        <EuiSpacer size="l" />
+        {children}
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  </>
+));
+SectionWrapper.displayName = 'SectionWrapper';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/success_section/index.ts b/x-pack/plugins/integration_assistant/public/common/components/success_section/index.ts
new file mode 100644
index 0000000000000..6a5264d6d841b
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/success_section/index.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { SuccessSection } from './success_section';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/success_section/success_section.tsx b/x-pack/plugins/integration_assistant/public/common/components/success_section/success_section.tsx
new file mode 100644
index 0000000000000..62df4a8f98660
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/success_section/success_section.tsx
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo, type PropsWithChildren } from 'react';
+
+import { EuiButton, EuiCard, EuiFlexGroup, EuiFlexItem, EuiIcon } from '@elastic/eui';
+import * as i18n from './translations';
+import { useKibana } from '../../hooks/use_kibana';
+import { SectionWrapper } from '../section_wrapper';
+
+export type SectionWrapperProps = PropsWithChildren<{
+  integrationName: string;
+}>;
+
+export const SuccessSection = React.memo<SectionWrapperProps>(({ integrationName, children }) => {
+  const getUrlForApp = useKibana().services.application?.getUrlForApp;
+
+  const { installIntegrationUrl, viewIntegrationUrl } = useMemo(() => {
+    if (!getUrlForApp) {
+      return { installIntegrationUrl: '', viewIntegrationUrl: '' };
+    }
+    return {
+      installIntegrationUrl: getUrlForApp?.('fleet', {
+        path: `/integrations/${integrationName}/add-integration`,
+      }),
+      viewIntegrationUrl: getUrlForApp?.('integrations', {
+        path: `/detail/${integrationName}`,
+      }),
+    };
+  }, [integrationName, getUrlForApp]);
+
+  return (
+    <SectionWrapper title={i18n.SUCCESS_TITLE} subtitle={i18n.SUCCESS_DESCRIPTION}>
+      <EuiFlexGroup direction="row" gutterSize="l" alignItems="center" justifyContent="center">
+        <EuiFlexItem>
+          <EuiCard
+            paddingSize="l"
+            titleSize="xs"
+            icon={<EuiIcon type="launch" size="l" />}
+            title={i18n.ADD_TO_AGENT_TITLE}
+            description={i18n.ADD_TO_AGENT_DESCRIPTION}
+            footer={<EuiButton href={installIntegrationUrl}>{i18n.ADD_TO_AGENT_BUTTON}</EuiButton>}
+          />
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiCard
+            paddingSize="l"
+            titleSize="xs"
+            icon={<EuiIcon type="eye" size="l" />}
+            title={i18n.VIEW_INTEGRATION_TITLE}
+            description={i18n.VIEW_INTEGRATION_DESCRIPTION}
+            footer={<EuiButton href={viewIntegrationUrl}>{i18n.VIEW_INTEGRATION_BUTTON}</EuiButton>}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      {children}
+    </SectionWrapper>
+  );
+});
+SuccessSection.displayName = 'SuccessSection';
diff --git a/x-pack/plugins/integration_assistant/public/common/components/success_section/translations.ts b/x-pack/plugins/integration_assistant/public/common/components/success_section/translations.ts
new file mode 100644
index 0000000000000..4e684dae2a846
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/components/success_section/translations.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const SUCCESS_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.title',
+  {
+    defaultMessage: 'Success',
+  }
+);
+
+export const SUCCESS_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.description',
+  {
+    defaultMessage: 'Your integration is successfully created.',
+  }
+);
+
+export const ADD_TO_AGENT_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.addToAgent.title',
+  {
+    defaultMessage: 'Add to an agent',
+  }
+);
+
+export const ADD_TO_AGENT_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.addToAgent.description',
+  {
+    defaultMessage: 'Add your new integration to an agent to start collecting data',
+  }
+);
+
+export const ADD_TO_AGENT_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.addToAgent.button',
+  {
+    defaultMessage: 'Add to an agent',
+  }
+);
+
+export const VIEW_INTEGRATION_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.viewIntegration.title',
+  {
+    defaultMessage: 'View integration',
+  }
+);
+
+export const VIEW_INTEGRATION_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.viewIntegration.description',
+  {
+    defaultMessage: 'See detailed information about your new custom integration',
+  }
+);
+
+export const VIEW_INTEGRATION_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationSuccess.viewIntegration.button',
+  {
+    defaultMessage: 'View Integration',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/common/constants.ts b/x-pack/plugins/integration_assistant/public/common/constants.ts
new file mode 100644
index 0000000000000..5efd69dc6914c
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/constants.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum Page {
+  landing = 'landing',
+  upload = 'upload',
+  assistant = 'assistant',
+}
+
+export const PagePath = {
+  [Page.landing]: '/create',
+  [Page.upload]: '/create/upload',
+  [Page.assistant]: '/create/assistant',
+};
diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts
new file mode 100644
index 0000000000000..c4ce31bf96cca
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useKibana } from './use_kibana';
+
+export interface Authorization {
+  canCreateIntegrations: boolean;
+  canExecuteConnectors: boolean;
+  canCreateConnectors: boolean;
+}
+export const useAuthorization = (): Authorization => {
+  const { capabilities } = useKibana().services.application;
+  const { fleet: integrations, fleetv2: fleet, actions } = capabilities;
+  return {
+    canCreateIntegrations: Boolean(fleet?.all && integrations?.all),
+    canExecuteConnectors: Boolean(actions?.show && actions?.execute),
+    canCreateConnectors: Boolean(actions?.save),
+  };
+};
+
+export interface RoutesAuthorization {
+  canUseIntegrationAssistant: boolean;
+  canUseIntegrationUpload: boolean;
+}
+export const useRoutesAuthorization = (): RoutesAuthorization => {
+  const { canCreateIntegrations, canExecuteConnectors } = useAuthorization();
+  return {
+    canUseIntegrationAssistant: canCreateIntegrations && canExecuteConnectors,
+    canUseIntegrationUpload: canCreateIntegrations,
+  };
+};
diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts
new file mode 100644
index 0000000000000..440c504d6b334
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useKibana as _useKibana } from '@kbn/kibana-react-plugin/public';
+import type { Services } from '../../services';
+
+export const useKibana = () => _useKibana<Services>();
diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts
new file mode 100644
index 0000000000000..e8465ca14ec3d
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback } from 'react';
+import { Page, PagePath } from '../constants';
+import { useKibana } from './use_kibana';
+
+export { Page }; // re-export for convenience
+
+export const useNavigate = () => {
+  const { navigateToApp } = useKibana().services.application;
+  const navigateToPage = useCallback(
+    (page: Page) => {
+      navigateToApp('integrations', { path: PagePath[page] });
+    },
+    [navigateToApp]
+  );
+  return navigateToPage;
+};
diff --git a/x-pack/plugins/integration_assistant/public/common/images/integrations_light.svg b/x-pack/plugins/integration_assistant/public/common/images/integrations_light.svg
new file mode 100644
index 0000000000000..fff4506113954
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/images/integrations_light.svg
@@ -0,0 +1,9 @@
+<svg width="560" height="372" viewBox="0 0 560 372" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<rect width="560" height="372" fill="url(#pattern0)"/>
+<defs>
+<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
+<use xlink:href="#image0_1318_262859" transform="scale(0.000892857 0.00134409)"/>
+</pattern>
+<image id="image0_1318_262859" width="1120" height="744" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGAAAALoCAYAAAA3PYMmAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAQlHSURBVHgB7P19dGR3ft93fn+3HvAMVDeb3ezhzBCIRMqyvSZmnUjWg0X0sRIrG2kGTDQTK7sWu/cc2SN7ddhtySd7fGbc6LVO/thI7qYVzYzlzaI52azk0cgER9mNpJXToLySPdq12YyTSEOOBJAzfOhmk12NxwKq6v7y+/5u3cKtQlWhgAYKVaj3iwcEUHXr1gPQhbqf+v6+XxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEmXEgAA0Nf+0l+amTz/+OSrH318Mvf228uvCAAAAA4dAQwAAH1Mw5eylVvuy0kxMuNCGCGEAQAAOHwEMAAA9Kma8CVGCAMAAHAkjAAAgP279ZsaXMxIjxr59p0X/+x/9f94RpLhS4KxMveHf7h4TQAAAHAoAgEAAH1l4P6KfMd/+7XnpEn4oqyRue/5npmrAgAAgENBAAMAQB/R8OW7fuWf+s970RDme7935rIAAADgoRHAAADQJ/YTvigjsmyMLAgAAAAeGgEMAAB94CDhS2Dkwr/6V4vLAgAAgIdGAAMAwAlH+AIAAHD80gIA2JfXl+5OGynPyiGyKVl+6uPnbwpwyAhfAAAAugMBDADsW3laguBQp8OY0Cy6TzcFOESELwAAAN2DJUgAAJxAhC8AAADdhQAGAIAucOZf/8+SKhTkMBC+AAAAdB8CGAAAjtlHfvcPZOrXf0v+zK985aFDGMIXAACA7kQAAwDAMdLw5fHf/Zf+6+F33peP/+aiHBThCwAAQPeiCS8AAMdEq1506VFS/P3Sp39E9oPwBQAAoLtRAQMAwDFoFL7E9PSP/+Ytadd+w5ftUxPyx3/j0y8SvgAAAHQOFTAAAHRQurAl3/nll2XsT7/Vcrtzv/9vpDw0KG//8Pe13O5g4ctnZOvUuAAAAKBzqIABAKCDsh+u+F4v7Uj2h2mE8AUAAKB3EMAAANBBGx951Icg5cHBtrZvFsIQvgAAAPQWAhgAADpMQ5g//cxfbXv7+hCG8AUAAKD3EMAAAHAM8n/2O/c16UhDGG3OS/gCAADQm2jCCwDAMbn3F/+c/6wTkdqh25UGB3wj33YQvgAAAHQPKmAAADhGGsLsNekoifAFAACgNxHAAABwzN754e/fVwizF8IXAACA7kMAAwBAFzisEIbwBQAAoDsRwAAA0CUeNoQhfAEAAOheBDAAAHQRDWHe+8H/rewX4QsAAEB3I4ABAKDLfOtHL1QnJLWD8AUAAKD7EcAAANCFlj79I22FMIQvAAAAvSEtAIB9CSTIW2MW5RDZMHxNgDpv/dgFGX7nfRl+927D8wlfAAAAegcBDADs03dOnVtwnxYEOGLlwQH547/5Gfkz//gru0IYwhcAAIDewhIkAAC6WBzCaOASI3wBAADoPQQwAAB0OR/C/I0ohCF8AQAA6E0sQQIAoAdo4KLBS/w1AAAAegsBDAAAPYLgBQAAoHexBAkAAAAAAOCIEcAAAAAAAAAcMQIYAAAAAACAI0YPGAAA0Lv+7h9elCD1jAA4+ax9Wf6v/+6CAECPIoABAAC9ywQz7qjsOQHQB+yb7n8EMAB6FkuQAAAAAAAAjhgBDAAAAAAAwBEjgAEAAAAAADhiBDAAAAAAAABHjAAGAAAAAADgiBHAAAAAAAAAHDECGAAAAAAAgCNGAAMAAAAAAHDECGAAAAAAAACOGAEMAAAAAADAEUsLAAA4gOCKSJiTnlVaFgAAAHQMAQwAAAdx4T+6LQAAAECbWIIEAAAAAABwxAhgAAAAAAAAjhgBDAAAAAAAwBEjgAEAAAAAADhiBDAAAAAAAABHjAAGAAAAAADgiBHAAAAAAAAAHDECGAAAAAAAgCNGAAMAAAAAAHDECGAAAAAAAACOGAEMAAAAAADAESOAAQAAAAAAOGJpAQAAAADgiNjL87n17ZHJMCxP6/flwcLCqRuX8gL0GQIYAAAAAMCh0cBltTA4G0jmGWvt7FpBcnq6iQ8/C4OL7v8EMOg7BDAAAAAAgIe2+tlfnbGSvri2KZ8yRnJWrKYuACoIYAAAAAAAB7b52V+dLNnMdRE76/MWQhegIZrwAgAAAAAOZO1vfvX5kk2/KsbOCoCWqIABAAAAAOxL1Odl5LoVe1EAtIUABgAAAADQNl1ytFZILRgxTwuAtrEECQAAAADQFq18KUvmlhC+APtGBQwAAAAAoC1rhZFFF8NMCoB9I4ABAAAAAOxp9bO/ftV9OlDlixG7bCRY9N8MFvIC9CECGAAAAABAS6uf/dUZ92luHxfRadSL5VBeDofXbp66cYnQBX2PAAYAgIP4H/67BffKspfXv78gF370hgAA0AYjmXkrtr2NreStsVfGvvSZmwKgigAGAICDMHbC/X9SeldOAABow8pnv3LRtt33JXytZMLZU1/6iWUBUIMpSAAAAACApgIJrra3pQtfBjdmCF+AxghgAAAAAAANtVv9ok12ffhCrxegKQIYAAAAAEBDRsxz7WxXlPIFwhegNXrAAAAA4MQaP39GOiksh7J290MBToL7l1/KSaE0s9d2LqS5ybIjYG8EMAAAADixxs4/Kp1U3i4SwODESG2UZ9pZM1GU4jUBsCeWIAEAAAAAdjFBeXrPbUQWqX4B2kMAAwAAAADYxUqwZwAjpvyyAGgLAQwAAAAAYJfAyBN7bWNt6rYAaAsBDAAAAABgN2tye21SktKyAGgLAQwAAAAA4EDo/wK0jwAGAAAAAADgiBHAAAAAAAB2sWInBcChIYABAAAAANRY+1tf2XsCkpW8AGgbAQwAAAAAoEZYCib32sYYYQISsA8EMAAAAACAWoGd3XsjsywA2kYAAwAAAACo2vzsr04akef22i6U8BUB0DYCGAAAAABAVUnSe4YvqizlRQHQNgIYAAAAAICn1S/u09xe2xmRxVNf+ollAdC2tAAAAKBj0tmMdFppuygAsBd7eT63Xsjc0vFGewnFvigA9oUABgAAoIPOPPWEpDocwrz9b/5IAKAVDV/WCiOL7qvJvbY1YpfHvvSZmwJgXwhgAAAAAKCP6bKjSuXLZDvbhyLXBMC+EcAAAAAAQB+Kql5Gny9ZuSzG5tq5DNUvwMERwAAAAABAH1n97K/OuEPBZ9Y2NXiRnHbUbZcVc0kAHAgBDAAAAACcIGt/6yvT5ZKZCQI7aSSYsJWlRfrZWKOVLlG1yz6Cl4prY1/69KIAOBACGAAAAADocb6qxaSel9DM2FByQaCnGg1dqtsYTVz2H7p4bi8vjn/p03MC4MAIYAAAAACgB8U9XER7uGhVi2YtBwxYWgtfKw9uXBYAD4UABgAAAAB6jFa8rBcy835y0ZGELhGtfNHw5dSNS3kB8FAIYAAAAACgR/iql63Rq1r1klxedESusewIODwEMAAAAADQAzY/+6uT64XMLak01T0qOmpapx3RcBc4XIEAAAAAALqahi9lydyyRxm+WNFlRteKg+ufIHwBDh8VMAAAAADQxY46fDHG3rbWvFwaWrtBrxfg6BDAAAAAAECX0p4vuuzoMMMXXWJkbHC7ZO0rKWsXR//JZ24LgCNHAAMAAAAAXWq1MHrDHCB8MSKL5VBeNmKWM0GqGrAMfenZZQFwLAhgAAAAAKALrXz2KxddkPJc2xfQHi5GXigNspQI6EYEMADwEOytXE4GJSel9KRYMxkGNude/OSCtH0i2sBM7mxc+drYZfP99y4IAABAC4EEV9sdNa0VL0VTunTqSz+xLAC6EgEMALTB/svcpBQzMxqwBCn7tIRm2lqZtMaFL6FUZspZffHjXwHZ0DTaS+VTey+kAABA/9Lql330fbk2+qVPzwmArkYAAwB1qmFLKpwOxDzjg5bQBS2pKGCphitGAAAAjsQ+ql+ujRG+AD2BAAZA37O//+h0aO1MEMgzLmiZ2QlbTPSyh6AFAAB00Mrf+OpsO9UvuuyIyhegdxDAAOg7vm9LKjMrmfAZWzb6AidnTGVlEGELAAA4boGdbWezopQuCYCeQQADoC9o6BJm0heDQD7lgpYZ349FlxIRuAAAgC5jrHxqr9coRsxNGu4CvYUABsCJVR+6+P4t9L8FAABdbPWzvzrjPuX22q4oxWsCoKcQwAA4UfzyonR6WlJyldAFAAD0GhOmp22wxzYii1S/AL2HAAbAieCDl8H087Ysl0VHQxO6AACAHmQDbb7bev2RlfAVAdBzCGAA9DT7L87MxNUuEgo9XQAAQE+zYib3ejljQ7ktAHoOAQyAnmR//9GLYuxzPnjpsWqX0EzkvvnWH83bcvnN5OlWUsv62Yjxn9NSWp6aOr8sAACgb7jwZWLPbYIgLwB6DgEMgJ5Rbapr7PNW7GSvLjMKg7GctfaiBLULvE31DkWfSxLIG2/e0e+WjdFQxualHL4WSnA7kCD/5NSjiwIAAACgJxDAAOgJ9g9OP2/DYM4Yydk+W2fk7q0Lm3Q9uBMEs1FsE/pwxrntNlh2578iYep2WtZuT01N8a5YZ1xzv5kvSs9KUb4OAADQQQQwALqaX2ok4VVrzST9XRqaFus+xMxKEEpJhjWYuW1D+4oLqhazsrFIIHNELvzYogAAcMj8m017VPmawPK3HehBBDAAutJOc107Q2fdfZs2gZl2j9rzPpB56+6i2PBlG5YWn5r6KFUPAAB0qfuXX8rZQml6r+2K2fVlAdBzCGAAdBV7KzcpA+n5Xmyu27WiEGvGBBn55pt3lt1ba4u2bF6khwwAAN0lXShM73mIZiV/6sYlKmCAHkQAA6AraINdGUw/b8ty2b2wyAmOhI36yVyUwF6Mw5iwvP0ClTEAABw/K+mLe9X9GsMIaqBXEcAAOHZ+uVFg520ofdHnJQhX8xKGzyZPs5Ka1M9GytHnVPCEFTMpoc25V1ruNHvooVQcxpggc9H3jTHhC5myLDL6GgCAztv87K9OlkSe23NDU35ZAPQkAhgAx8ZXvQykr1orl/upz0tgH+SfnDq/uJ/LLC0t5UoyOG0kyFkJp11A83QlsNpznXibpo0N5kuByDffunuTqhgAADqrKOm5tl4NmWBRAPQkAhgAx6Ja9WJdiIA9VSYZLVa+XYhPj4MZ0aa7xjxjrZl52GoZG1fFvHV30Ur5xac+fv6mAEBpWzounZW+xePdV1Z++p/OGrt39Yux9vboFz7DGyRAjyKAAdBR/Vr1clQSwYx+3NDTXl+6O22CcMa9Q/apaET1AQMZa2eMBDPffPPO1dCE1whigD73/p92PhT42F+QvvXuH0tHafhy/s8IOk+XHpVt6rptY/pAaOQFAdCzAgGADnHhy7RkU69G4QuOylNTZ28/+cRjN578+NkLTz5x9pSE4QUbyovuZd2yHID2itHlSS6IWXr9rXcvCgAAOBRrP/WV6bJkbrnwZXKvbY3Y5fEvfeamAOhZBDAAOsL+wennbSZ9yzeWRUdpv5mnps5dfOqJc1MPE8YQxAAAcHjW/uZXn7eBaSt8UaHINQHQ01iCBOBI+SVH2cx17SvCiqPjV2n+qx/yzaU7s+7F3KwJ2pi4kJAIYq7aMLj05NSjiwIAANqy+tlfnXGHYVdd8DLT7mW0+mWM6heg5xHAADgyLnyZlGyq7Xd20FnfOXVOm/ku/NHSu3MpkRkJgqtG2m+K7MdYB+EtnZqUKpevMb4aAIBaldHSk/7NC0lNizX6pse+e7MVpXxBAPQ8AhgAR0KnHFkjL8kBXmScBEbMsv/C2mX3Td59kd850+Sli3x3FJzc1I/Xl969aFKp57QBb7uX1+qmUhBcfONb7889+bFHKY8GAKCiJOl592mmWgR8sGrga6e+9BPLAqDnEcAAOHT2989cde/0zMnJljdWXLhib4fWvBaELlRJFW9L4E7/vvyy9Kinpvyko5s6Scn9JC/va3lSGM598807F1mWBADAobk29qVPzwmAE4EABsChsn9w5vpJnHLkwpbbobGvBOXgtmSKi70csrRDJym5Txej5UnBXLtBDMuSAAA4NIQvwAlDAAPgUPhmuwPpl1z4MiMngAtcFl3gopUtCzJaum0+ke+qZUOdUlmetP8gxtqL5SCYeWPpfaphAADYP8IX4AQigAHw0LTZrs2kF8TK09K78r7KReTlYKR0s18Dl2biIOaNpXdv2iCYb6dZrxWT09Xve3l96dvTItnpncvZfCBBnuAGANB3rORtEF4a/+J/uiAAThwCGAAPJZ50JPuYntNNtNJFQvOijBUXCF32VhljPaXNeltNTbIiyxLKs09Nnb/d6HwX5MxIKnXVbai9ZnL+EhVRf8JQ3njzjn6zYCV8+amP+940AACcXNYslEzxyqkv0nAXOKkIYAAc2M6YaTMpPcQd4N8OQ3k5GC3dIHQ5GG3W+0dL7y5mxFy2gXm+9lyTj8KXs7vCl53gxc64j72vyMqskWD2m2/euRqa8BpBDADgpHGvSxatLjn6xz++KABONAIYAAfSi+GLr3axcs385XuLgodWWZZ02QUxN1JBcCuuhrGmfKVR5csbb9297kKXy20FL3W0ua+xwfwbb73/9JMff/SKAADQw4zYZfca6kX35eLolz69KAD6AgEMgH3rsfAlb8W+GATlGyd9ctFxqQQxU28svTtnUsETTzaoUnn9rbvzLni5KA/LhpffePPOTDrcuDA1NUX1EgCgu1n7mjHGBS5mOZTwgXtD4XZGMotDX3p2WQD0HQIYAPvSQ+FL3obygi4zClhm1BFPTp2fa3S6hi/mMMKXHdOl1MhL7vMFAQCgi439489cFgCoCAQA2tQj4YsGL9fMcGkq9ZfvzdHj5Xi98a07Vw85fIlYO/PGW+9fFwAAAKBHEMAAaEsvhC9G7E0TlD5B8NIdlpbenZRQ5uSo6HKkpfdnBAAAAOgBLEECsCcXvuRsJr0gXTpqeqe57geLgq5RlGDOyBFL2avu/4sCAAAAdDkqYADsLZueFyNPS/fJWytXzA/eu8Bko+6i1S8mkOfkqOlSJKpgAAAA0AMIYAC0ZH//zFUrMitdxi830j4vP3jvhqDrlMR07HfGSrnrfj8BAACAegQwAJqqhC9z0k2MXTahXDA/8MEl+rx0sVTwKemQIDAduy4AAADgoAhgADRk/8WZmW4LX4zIghkqf4LlRj3AyrR0iPs9nVxaWsoJAAAA0MVowgtgFz/xKLDzPvLoDtrr5VrAcqOesLR0P1eS7Y4GIgUZ1OujIgoAAABdiwAGwG7dNG5alxzZ8rPBD+ZvC3pCQQq5dIcLLNOSnnSflgUAAADoUixBAlDD/sGZ690SvlSXHP0A4Qtas7JF9QsAAAC6GgEMgCr7B6eft1YuSxewItfMD9x7lka7vee7p84vS4dlpLgsAAAAQBcjgAHgad8XGwZz0gVCsZdSP3BvTtCzTGeXA+WnpqYI6gAAANDVCGAARLKpW+6o+bgnyeSNlD6R/oEPbgp6WhiGr0iHhKHt2HUBAAAAB0UAA0Ds75+5eux9X7TZblCi38sJYURuSoeYlF0QAAAAoMsRwAB9zi89EpmT46ThiylfMN+XXxacCE9OnV90P9gjXxbkfneXM+UCAQwAAAC6HgEM0O906dFxInw5ucLSNTliJpQX6f8CAACAXkAAA/SxY196RPhyoj059ZEb7od8ZEvKtPrlyalzcwIAAAD0AAIYoE8d+9Ijwpe+UArLzx7VUqRyGF4QAAAAoEcQwAD96jiXHhG+9I3vnjq/bEO5cNghTBCGl3TfAgAAAPQIAhigD9nff/TiMS49yhO+9Jenps7e1hBGlwzJQzN5DV++Y+r8zeSpS0tLxz1CHQAAAGiJAAboM7r0SCS8KsfESInwpQ9pCOOXDBmzKAdl7WIpLH+iPnxR5dTo/B8vvXdZAAAAgC5FAAP0mTCTmjuu6hdr5Yr5gfyRNWVFd9MlQ09+/OwFG4aXxEr7vwcueLEmvPTk5GMXGi07euNbd65aG86mAnN1aendSQEAAAC6UFoA9A3feNeY5+QYWJFrqR+8d0PQ956KKlhuvr50d9oE4Ywx5hkbijaFri4jCgK5bcvha+7LxSenzi8229cbb929LqGNK19ypVRq3n2mOS8AAAC6DgEM0E8G0tc1Cek0I7IQ/MC9OQESdFmS+6Qf+w7mtOdLKTXyklg7U3OG+16XIv2ZqccI+wAAANBVWIIE9An7e4/MWiuz0mnGLktQuiLAISoHw6/uCl8qoqVINOUFAABAdyGAAfpFSq7LMWDiEY6CDcsvtDg7V0oNzwsAAADQRQhggD5wXGOnte8L4QuOwpNTH7nRcqKSldk3lt6fEQAAAKBLEMAAfaHzY6eNlcUUfV9whErl8iX3m5ZvukEQHkvVFwAAANAIAQxwwh1L9Yv2fUmVLglwhPxI6rB0rcUm09qQVwAAAIAuQAADnHidr34JbcDSI3SEX4ok5naz82nICwAAgG5BAAOcYPZfnJnpdPWLEXsz/QPv3xSgU8JyqylbuZIMUwUDAACAY0cAA5xkKel09UtegvI1ATroyanzi8YEC003COR5qmAAAQAAx4wABjih7K3cpLUyIx1kRV5g6RGOQ7FcutKiIS9VMAAAADh2BDDACRVmUnPSScYuM/UIxyVqyFt+oekGVMEAAADgmBHAACeQVr8YY56TDjIluSLAMUrL4A2qYAAAANCtCGCAkyibmZEO0sa75oc+WBDgGE1NncpTBQMAAIBuRQADnEgdHj1N4110CapgAAAA0K0IYIATptOjp331C4130SWoggEAAEC3IoABTpjQ2IvSSVS/oMvsVQVTTA3OCgAAANBhBDDACRMYeUY6hOoXdCOtgjFh+GKz842kOtqgGgAAAFAEMMAJUvq9R2Y7ufyI6hd0q6LYG03PtHbmjaX3ZwQAAADoIAIY4AQJArkoHUL1C7rZd0+dXxZjFpudb6XMMiQAAAB0FAEMcELYW7mcO+D8lHRKaF4UoJuVm1domcA8RzNeAAAAdBIBDHBClFOpGemc2+Yv31sUoIs9OXV+sfVI6qGLAgAAgK6nb5y98eZ7l/VjaendSelRaQFwIphAOrakIhTzggC9QEdSB8HVhuelAq0YuyEAAABoKaocHswVpZwzMpCzYifj80wQ5iS0NZXFJpV6otF+3OXcdqa2Ctlatz+pvbzfZmefpcR5pcBc/+a37178zo+e7bmKfAIY4IQwnVp+ZOxy+vvv3RSgB+hI6pJsNw5grJ3RFxNTU1N5AQAA6HNvLL07I4GZNiZ42gclViY1GDEik3EAYvwiGvd2bM0ljR/FmmStbXFNu88zbWxTo2zn3P8JYAB0nv0XZ2bqU+OjYqwsCtAjdCT1G2/dXdSwpdH5lWVIVMEAAACkUlf1NVMyPDGCw0QAA5wAodhZ07Gnx4DlR+gt5fBl967MTMPzWIYEAADgPfnxsxe0v0pJZFK/t5KaTC4vMqngiRYXz9n6pUV7sOHOMqZ6xtQuQTopCGCAE8AE5hnpBGOXzfffuy04erdemnTpwIzgof37b/9b+elTH2l29ozc+tpFQe/65toTstlbMwU2R+5KkO7wbX58Qx7aSMYl/nvc7ne2RdZCAQD0pqmp88vu07Ics9eX37sdhTAnCwEM0ON0/LQVmZYOsCHNdzsnPen+Ny94aMvFgvznd/+0xRaGx7mXfeeq9JoH7r+O+9/IIRjee5NXVtyr5i0BAOCg3njr7nWx9ulW21hrlqUHMYYa6HGdHD8dpEoLAgAAAABH4I1v3dE+NJflhCKAAXqcMTIjnXHbfF9+WQAAAADgkP3Jt+4+L6HMNTrPdMGyqMNAAAP0uE71f7FiXhEAAAAAOGSvL92dDkPbcDCCdeGLDe2JaIVAAAP0MO3/Ih3q/xKEluVHAAAAAA6VTl4KAvtS43NNvhyGF6zYvJwABDBAL0unOxK++OlHf/neogAAAADAIdHwpRwEt2xl9HU9a8pXvjuazHQiMAWpz9lf/vxFd3Q9KdYlioFddgf0y+ZvzDFmuEeEJpw2nchRrXlNAAAAAOCQLC0t5YrGLJgm4YuEcu2pqfM35QQhgOl3xjznwpcZ7WrkDrJFimUNZfQbDWFekTC9YH5mblHQlYyYGemAUAzLjwAAQM+yv/S5WQnM9bpT82KCfM3XoX3TvzFpxH2dWpYByfPmJHA0yqnReWPDxuOmrV18cuqxufjbpiFNjyGAQRNGl7ZMS1B+3gUyy+7rRQlS18xPzy0LuocxT0gHpER44QEAAHpXYLRv3mTtiUYP8na+tWH15OgyZffmpERvTloXyATmtg9qtDLYhLepHAcOTsdN2zCcbXSeNt0tW3tJTiACGLRj0n1clLB80f0BukkQ01U60QMmb37gfV5cAACA/mUk56vGPTu7u3LchTNWXhObuk31ONCahi/Nxk1HTXfLF/bq+xLa8IH0IAIY7BdBTJewv5+bttIRjJ8GAABoqlI5rpUzphLKGLMoNnzNnbYoQ+lFc2nuRExwAR7WN5benm0evjhheK2dpruplLkvPYgpSDgoDWJu2S98blZwLMrl1KR0gA1ZfgQAALAvvlrGPC/WvCQb5fv2C3//lv3lz92wvzQ3I0CfisZNZ+abbhDKtSenHrvR6Cwjfhlhz6MCBg9jUv+o2C9enTM/fe2aoKOMMR0ZQR1o/x8AAAAcXBTIzPj+iv/V5/PuBdaiWHlZhlMLVMegH8Tjpt0/hsZBSl3T3Xqhu5ypNmjqXQQweHhhOGe/8Plp2UpdMlf4A9Ipxthp6cSTULq0LAAAADgcvp+MaBX5rGyU5+0X/r4LY+yLEqQWWd6Pk0jHTWv4YptMMjrJTXfrsQQJh0P/iGRLt+z1uRNRGtYLTGAm5OjlzffllwUAAABHI2ruOy9hecm9qfmS/eXPXxTgBNFx07bpGGltuhteaKfvy0lAAINDZKYJYTrImkk5YsbQ/wUAAKBjosqYeRfCLLmPefsrcx1Zcg4cFT9u2obN+4a22XTXpFJPyAlAAINDpiFM+brgyFmxk3LErJWeHO8GAADQ4yZFh14Uy6/aX/7cq1oVY+d5kxO9pfW4aWnZdHcvthy+KT2IAAZH4aL9wucvC46M/Ze5SekAJiABAICTwUxKz/KDF+ZlQ8OYz8/bL85NCtDl9ho3bYwsPDl1bk76DAEMjoaV6/aXPjcjOBql9KR0gLVmWQAAANANJkWrYrRXDEEMuthe46a16W6xHF6RPkQAg6MTmHn6wfS2lLHLAgAAgG4TBTFf+Pu37C/NzQjQJfYcN33ApruBlRNxXEkA0++GgmcltBfcx7PuH8kL7h/EYS45mZRsyFKko9CBBrxeYBgrDgAA0K10glJQvkUQg26w17hpFYbFSweZeGSbBjq9JS3oa+bSnB5gL1a+XdD/2V+emxZbuizGPCcPzT5vr8/dMFfmOJA/RGFQzplO5KfbxWUBAABAd4uCmBkXxCyKCS6Zn55bFqDD/LhpG0423SCUa9819fiC9DEqYLCL+dtzt83/6ecvSpCact8ty8PJUQVzBGzQkQTYXMgTnHULa6MPAACAZjSIoUcMjsFe46b7teluPQIYNKXJufnb/5cpCXVp0sPwVTD0gjlUnSjBo/9LVyluu7cVSgIAANAGmvWiY/7kW3efbzXxSJvupsobl+QhWDE5qdun9CACGOzJ/MzPX3YhzDU5uJwMlC8KDo85GU2osA/ZAZF0RgAAAPZBg5hbLoi5KMAReH3p7nQY2hvNztegRJvuTk1NPWRl/cnoAUMAg7a4EGZOrH1RDsx8StBjaMALAABwAky6j3kXwixRDYPDFI2bti+12saE4YGa7p5UBDBoXzF9+cA9YaydYRlSbzFGCGAAAABOjslodPXnr/O6HA8rHjfdauKRNt19cur8oqCKAAZt85OMXIIpB5UtzwqAw6NNecNQAAAA2mblsntd/irLkvAwSqnUfKvwxYb2BZru7sYYauyL+ZmfX/Tj7bTD+r7ZacHhKGTdj+CI89NUWdDdzPqajgoXOzwsMjgoAAAAbZqUaFnSMxKkrjG2GvuhE48kbH48aK197ampxw5tEu4fLb07KScEAQz2L+oFMyP7FjwjOBSl//7f0yVCR8poyyz5TUH3ssMjLijbEslmBQAA4AC0Se+M/aXPXdI3WgXYQxS+tJ54VLaWlQ9NsAQJ+7edWnD/P0B/EDspAPYvDMWsruxebhS4p/ChoegzAADAwUxKYG7ZL169KkAL31h6e7ZV+OKF5lma7jbHq3bsm+8FY8xt2b8cndeBAzBGrOHpGgAAHKEwnGNSEpqJJh5l5ltuFNorT02dPchx4r4ZSS9LD+IVPQ7GymuCE81aMyk4PoU1MRvrUaNdXW82OkqlCwAAOGo6KYkGvagRTzxyL0ybT8/yE48euyFHIN1q0lKPoQcMDupgI4pLpUn3/2UB0NpaIQpctL9LOiMAAGBv9vLspH4upaMDNhOUc6GVnN1cedoMjQnaogfZ8/aLV58wP33tmqDvFY1ZMC1CEPde4cJ3MvGoLQQwOJgwXDzQu/Hp1LLg4ZmjD7HMQCknOD65nFitfEmlWm+3tSWSyVAdAwDoCxqwlLPl6VJJJgNjJk1gntA+g1ZDAyuTRantl2bDaGqBLawLAcw++SVJn5uVIP1sN09Jen3p29NGBnJPTj26KDh0b7x197pY+3Sz87XpbqkcXhG0hQAGB1Lpkr4oOLHsdpoA5jil23h6LpfFrK+Lzbhtx8YFAICT5Gn7njwtd/znZ+RN+bjNXy2mw6viQpX4fQerS3VxhMy0hOVb9otzF7oxhHn9rbvzxtqLuv7lm2/eWU6F4YUpGsAemsq46abjpP3EI/eY03S3fQQwQA+yoc27d3zkqNn56Ulz6fayoPPcW3tmc8OFLKHY8fHGFS6plNhRHUXNUzkAoPc9Y5flL7jA5VP2j+Uv2DuSk4KgK2hfmCX7hc9fMX/rHxxJj4+D2AlfIi4M8H1KlpbeJYQ5BH/yrbvPh6Gda7WNDUtXvnvq8WU5BiUpLUsP4lU70IOClOSlE2/4vDbp/teRRuZopFiqfC6KDAxEX+so6mQYkx0QAAB6Uc4W5JPyDR+8/Jj9BoFLt7Ny3X7x6kQ39IWpVGZcrD9dQ5hSELz6+tK3Lzw19VFexB6QNt0t7TluWq5919TjC9IBaSnnSydkfhABDNCDjE0t27o1zkdhOyXTQtPk45FOR9Ut28Wox4va2oqWHI2P0ZgXQHdKuVB4oLuen7bWNqSTyvq8fRgGRqWj0lnpBA1d/rq85qtcfsi+Kegx2hfmC5/Pmb/1D46t50cUvrQMB3ImyLz6zW/fvfidHz37omBf2pl4ZEP7wlNTj83JMerVZU8EMEAPsiXJd+Jfr7Fl+sAcJ61uSVa4uCDG6lSkICUA0JUmzoqcHZZucu/1Hj3IP/vvyEmhocvT8p583r5C6HISWLnsQphJ2UpdMlfmDjYZ9YDaCF+qbNnefONb708++bFHmeTUpqWlpZyGL7bFxCNr7WsufLksHTQ19dHbb7x1d9Fd+Yx+b4zclB5FAAP0oLJIviOH4MPb04LuoUuPRjv8jugePnP+UTmXpRrnMP3OvfvyjfVNAYBe94TNy0/Ka/Iz4ddZXnTSWJmVbGnSfnGuYxOSWoYvxlQPzmuE4ZwLYYQQpj3l1Oi8teFks/N9011rZ+UYlMrlS+nA+OtOlTdvSo8igAF60NCNheXtn/ukHLVgc3BCcDzW8mKK7s/c4KDYoSHpVoPuLYhcmj8lh2kwdXRrnCeHBuWJwQE5N5CRQUaXH4lCGPoA7c3NLcmXSgL0I+3pQrVLP+jchKRW4UsQhpe+Y+r8zdeX7tw0gTy3awMNYd56P/fkxx9lVHIL+hjbMGwRrph8OSwf28SjyvV2TRPog+JVM9CrjCy7GHpSjtLA9ozgeBRKUcXL5qZL3Lo3gEFv0JDsk2dPyxMugMHR+66RaAnO7334QF65/0CAfvGT9jX3cZvgpb9MHnUI0zx8MXkbygUXvvhmu09Nnbv4xtK7y+7109Vdm9rw8htv3ZlMlzcuTU1NdXTZVC9oZ+KRC7KuMW764fH2F9CjbNm9yjlioTWTguORy/kmvL4Rr9175JVZW3MvQ/JtbYv+8vTYiPzUxx4jfDkGP3R6Qn7qo49RbYQTT4OXN8r/SP5v4cuEL/0pDmEm5ZA1C190KYyGL09Nna2ZdPTk1Pk5DQoa7szKbDkYflWbzAqqXl+6O+3Cl9aVJaFce3LqsZ6vPukGvCIAepUxR5/eF9NiL89OCjpPl/VUmvCatVURF7C05F6FiBGgxmMDWfnk2UcIAI6R/gw+89gZAU6iZPDyhFBU0OcOPYRpVflSDsNd4UusVQijzWW1ySwhTEQfhyCwL7XaxhhZeHLq3JzgUPCKDOhR1trb0gHFoDwjOFZ2bHzP5ru6jZ3I+b+SQOzTHPh3Ba0+euY0LbVwcmiPl98NXyR4Qb1DC2H2Wna011KYvUKYUhC8+o2lO8fSTLZbtDXxSGQ5Vd64JDg0BDBAj0prD5hOMIZJSEAP0qVHNEjuHt8zMUYlEnqeTjXS4OX/E36ZpUZo5qFDmL3Cl2aVL/VaLkcSybmn5Jfe+Nb7V6VP+YlHe4QvWmlEz5zDxSsBoEcVy6mOVMAYY58W9B7tBVMuC/qXBjDoHhq+0IcHvUynGv3/wl8heEE7XAhTeslen8vJPh1W+BLTEMaGYfMKjmhC0nXpM37ikQ1bVwCF5lma7h4+AhigR+koav1jJEfMipm2t3L7/gOKh1Qq1H6vgUqp5Bvtmo31vS+/uSlmfU3QvzjY7z5PDGUF6DW63Ej7vHw+fEVyUhCgPWZaBsKX9nOJww5fYk9Nnb/ZMoTRCUlv3umb5rytRnpXhfbKQR9vtEYAA/Q096ro6OVK/2qaZUidlnfhSakYfV0ui7l/X8zKir5T44OYPQ0ORr1j0JdY6tKdhoKUAL3iY6X78nL+V/xyo/o+L+t5ghi0wdoZ+8ufn29n01ahwMOEL7E9QxiR6X5ozvvG0rsze4cvTDw6SrxCA3qZlVekA8ofjBHAdNrooHuGrhysxUFMhc3UvYveaPS0HoDTkLdvEcAAeBhP2/dc8PKi/HD27Ybnj+SosEPbLtovXm3ZZ6VV+BK40OSwKjH2CmHi5rx/vPTeZTmBNFwyQdA6ELN2kYlHR4tXaEAvCzozCcnFAJ8SdNbgaBSiqIFBsaMjYkfch64GGxqq3bZRAIO+lm+nSgodtxnSlwnd72fs132vl38ntSKZAaq2cAjCcM5+4fMNQ429wpfvcKGJHKI2KmFyqcBcP2nNeTV8aWfiUclaJh4dMQIYoJcVO9OI1/eBmZuhD8xxyg64IGZgJ5RJotoBDby5yRKBbnNni2AM3SuecPSL4W8LcOisXLe//PdqKqo7Hb7E2ghhqs15dVSznAClVKrlxCPts6MTj2i6e/R41Q70sOyNhdudaMQr2gdmLccypE7b2PBNd4GDWC5sCboLoRi6lS45+t3KaOnCRlHef3tFHny44b+2IVWWOCypl+Lx1G+8dff6cYQvsbZCGBteLgfDPd+c1wdd1s602iYMi5cIXzqDAAbocUakM1Uwe42qw+EbGhI7PNz8/Lg57+amAPX+ML8qBW3ajK7w2uo6S8PQlf6Ljf/OLzmKG+2Gpeh5Y3uzJKv3N30IE9MwZrtAKIMD8+Opl15fmncvLBv3WQntlaMOX2LthDBaNdLLzXnbm3gk175r6vEFQUcQwAA9LhTbkUa8Lul5TtBZ2kQ322JsbaEQ9X/RAIY+MKij4cvv3V8RHL8HLnj5vQ8fCNBNxsOC/KL9bfm5gX9Tc/rAUEbSmUCyAykZGs1K1n0fy99blwcfbPpwBjgYM537k399seFZxzB9p90QRpvzfmPpTk+9GfmNpbdn9wpfXJj6Ak13O4sABuhxgQSL0hm54s/Nzgi6RzYjNp0Sm0kz8QgNfT2/Iq/c58D/OGn48uW371L9gq6iI6a/evcL8pP3bu06L+XCl1NnR2XizIiMTgxKKhX9fSmXQykVo+qYUAj9cXC5P31Nckuv1Z7ow5fjCQLaWo7kbnYQyEu90pxXK3aCINNy4pG19rWnph47kROfuhkBDNDj0iXpVB8YliF1Gx1HPT4hMjYuQDNaefG1ux/6IACd9WahQPiCrqPNdn/DfkU+Ye5INptu+3KpVOArY9RavsAyJDyU06//oQys3Iu+OcbwJdZmCBM15+3yECaeeOReuTdtIKwTj8rW8rr+GBDAAD3O3FjId6oPDMuQjp825TWrLZaV6FIkliOhzmura/KP3nzHBzEaChAIHA1d9qWP7dcfrMqX37lL+IKu8+e235H/79ovy3Rwx1e4DI1m93X5nLvM2KkhXxljAiovcXBBcUvO////X5LeWDn28CW2rxDmrfevS5cqGrPAxKPu1X7sDaBruSfRl4PAzMjR88uQMr+wsCjoDA1TisWdXjDuHUibSjXd1k9N0mVJVMWgAQ1i9ANA//l4+b58beWfyBn/5+Fg4YmGLoPDGQEOQ3pjVSZvfXlCuoiGMN9cupO3gZlvVUGiE5LeeOvudLq8/uzU1FTXjKz006WsfbrlRmF4jfDl+FABA5wANkx1rnP5wFZPrH09MXQU9Zo7YC5FUyh8sDI80nhbY8ROTBC+AABq6LKjfy7/jXzslKn2dEnS5rrFrXL1e52EFJaopkQHWLlsv/C5rloK851T5xZsKBf2XOJv7Uw3jamujJtu3dPlGBodoxYBDHACDN1YWHZvZi1LB9jQzNi5mZygMwYHxQ4MuGfrVHvbBzytAwB2aPjyu+GXq2OmG0lnUhKkd/5+rK9uyUp+o+n22pB3Y2VLgENhzbz94tykdJGnps7ebieE6ZYx1e1MPHLv0y0w8ej48UodOClCeVk6oZiW7bVxOqZ3ii43GhnZCVa0n0QYCgAAe0mGL6ViuWlVS3LaUfz9xOnhpvvVhrzD4wMCHJKce4dvXrqMhjClsPwJbVjbarvjDmHamnjk7kOqvLF3fxscOQIY4IQwJujYMiT3Eu15eytHFcwxMOvrIoVNAQCglT9feld+u3hTPh7el7ILX+7fXW9Z1ZKkvV5osouOsnbGfuHzXfcGn/ZK0Ya17YQwpSB49fWlb09LB7U98cjdh27qVdPPCGCAEyJqjGs69cSaK97+s4yuOwZ2dFRkcKjBGTaqjgEA9D2ddvTr7/2yjL33bbn37qp86MIXVR+p6CjpVr1e6AODjrJy1V6f67o3+NoNYZycCTKvfvPbdzs2NXTviUdOaJ6l6W73IIABThJrX5QOMW8/wkjq46BLkpr1eWFpEgD0vZwtyH99b17Gw0LN6dmBlIwnlhVpo90P7qzJh+83noym4cz2NsE+OionA+WuW4qk9hHCiC3bm3+89N6RV/PoxCNjzB4Tj+wVXUol6BoEMMAJ0sllSFbMjI6kFhw9F6z4pUetAhZjdkZVAwD60sdK9+W33v1F/zmmwcvI2ICMnhquWVZUKoY+ZGm21IiR0zgWVmbtL31uRrpQHMK4fx17BhqpwFx/41vvH9nkUCYe9S4CGOAE6fAyJKfMSOoOMOvu3cmtLTErK/4zAACNXP/w13z4MjCYlonTQ3L67IhMnBnxDXPrx09nh9KSOzMspx8dEaCrBGa+G5ciKQ1h0mHmgnvja3GvbW0pnJIj8MbSuzNMPOpdBDDACWPFviAdQhVMh5jKi+a4EqZcFgAAkn7Gfl3+/YG3o4qX3JALWDKSyqSq50dLjlZlc327elpmIE2zXXSjScmGXTtxc2rqVP7Jj5+9YENpvvQ/lGtPTZ27KEegJLLcaikUE4+6GwEMcMJkS0GHSw2pgjlqdnhE7Ej8MRz1gYlpGEPvFwDoazpu+hfD35ah0ayveElWu+gyo+JWyf252N1wd3NtW/L31gXoPvZ5+8W5SeliPmAJw2u7zvBLf46u+qRVPxomHnW/tAA4UcyNhXzx5z61aMXOSAdoFUzpv/grs+m/98871n+m72jT3YGBXSebjQ2RQkGs9n7R6UgAgL6j4cvvhl9uev6DDzdcAFOWU+dG5NHHx2vO03BGg5lWvWDi7UrFsq+YATok537xtCHvBeliT06dn3tj6V19rebfkHT/Vl54auqxub0ut7S0lNuW4RnjXq8HqWBCTwvL4QMTyLINS4tPTX20ZZ8ZDWFeX7r7rARSM4LahOElJh51NypggBPJXJMOClcHrttbua5cq3uiFSoTLgzl4wDQr75694vyhDR+s7uwUZR0JiVDwxlt1L/rfO0N88i50ZbhSzwtKX9vw4c5QMdYO9OtDXmTNITRShitPsnI5lyrbTV40ea8pWBkyb2/9pL7t/e8tfaifujX7kXddT/K+s07S6+/9e7FVvvy043C0s5rfl95c35R0NUIYIATqOPNeIvpydKtv9S1a3VPrEz0TqTZ3hYAQP/52Qe/Ix/Z+kBKpca9wTIDLnwZ1QlIQ7ua8LZre7vsK2D815sl2SowmhodlAp6Yqm7hjCZcOMTrZb+fPPbd5/T4MWFNXPJqpVG3L+4SWOD+TfeuntraendyebX+5EbviHwES97wuGhjhA4obQZr3up1bE/WnYj+7ydm7lh5hZZc3pUSkUftmhPGGVHx6IqGCpgsA+D7i03/chljv4lQCEMJV8s+c9HqZP3qVP0ccuXONBFc7r06P9c+OciLmRJud9/7eeilSyFjSiUH88NSyr98O+16kSl9bTx/WMCt790orEvcOQqVTDmZ35+Ubpcq/BFx0bbsp2T/XL3vxwEGsJcmGqytMiW5cpTU+f2HI2N7kAAA5xQ2oy3mLbP75WwH6JcOZXWtbrPCg6Pjp/WPi8TEy5oCcQmD8g0eBkaEqAdT4+N+I8nhgal097cLMhrq+v+47Bo4PK9E2PyF8ZHJJc+mS9nNLj6xvqG/N6HK4Qx2EX7vmjDXbV6f9MvN0payW9I7szDj5jWUEf3U94uMzUJxyMw+vrySEY6d8KffOvu82F4gPClQqthohBmqWGFjV+KhJ7BEiTghNJmvC41f1E6KHwwPMtY6kOWyYiND5h1+tH4hAD7oeHET33sMfnk2UeOJXxRer16/T/zxEcOJSz5rpEhv68fOj1xYsMXpSHT02Oj/r4+c4p/+9jxeftKTd+XeIlQUqm4U3mmfVw2VrZ2baOXW1/dkrUHhYb7iKVSgR9rTfiCYzJpf/nzF6UH6fIhl6XPyUPSEKaUGp4X9DwCGOAEK5c7PZJaKyXDeTs3Q0Pew6ITkLIDzc/XpR1bWwI0Eocvj+mkrC6gt+evP372oUITreL5zGOP+nCin2jY9MmzpwXQpUefD1+pOW1kfFCCtPFLhLTvi0oGKtb9qdCgpb5/iwYvGszo8iX9ALpYT/SCqVeUYO7QqtGtzL6x9P6MoKcRwAAn2NCNhWUjZlE6ybiEfm28J/9I9iRdhtQlB9foLnHY0W1BxcPcLr2sVtL0K62G+Q/OkG/3u39270s1y438CGn3t+CRc2N+otHYqSEZGs36z7FUNpDTZ0fcn4va/i3JkCZIc1iArtZzVTBa/WICeU4OkUmFh7o/dB7PtMCJ19mR1Mq9nLvMUqTDY9Zb9M3QAIYmvGhA+6N06/IcvV3fmxuT/frM+TPS7753YvxEL7tCazr16LHNe77nSxye6Hjo1ZXN6ja6XGh0YlCCwEi5vBOwpDKpXUuItHImO5Dy2w8OZwTocj31Bp+LSWfkkFkrs4KeRgADnHA6krrjVTDCUqTDZAePp28HettTo93doPl7XEC0nyoY7SNzjmov73tyo4L+o0uP/o4LYJI0hBl/ZMgFKLv/vQcuiNmrZUsqE/hGvloxk6Q9Y7YZN43uM6kTkaRHuMDzKMKS3OtL354W9CwCGKAvdL4KRpciVaYi4WGl9jHy84jH/aI3aFjR7VUSGr6cG2g/UJkcGhBEvmtkWNB/Pm9/T06fHZWh4YxMPDLse7rce3fVhyXGvS1+/+5azZKitAtXtOJFz6+fkLQXf7kWTXmBY5MKeqcKxgRH1D09RQDTwwhggD6gVTDutVlHJyIpnYpU+LkfuyzojHJZzIMHAjw20BtLCfZzO8/1yH3qBJYg9R+tfvlJe9tXrIyeGpLsYLra50VHQ1sjTUdEb2+X/ZKlUqnc7tX5/bAkCV3J2pleqoIB6hHAAH0iLGsX9s4LMuXr2393lqS+E1IpsTlWfUF6ZkLQfm7noOElSxIhTH/5pdVf9xOLwlKip0sqqIYkcd+XRgob277PSzq9j2pKoJv1UhXMEbAS5AU9i1czQJ/QiUjuZVvnlyIV07os5iU7Pz0pOHo05EUPKexjyVzBsrwuqcByw77xo8X/Rf5i/ht+THT+3rqvZilu7e7PosuMPrizWrMMSU2cHpbx0yxbwwmiVTDX57r+HSdbLr8pR8BIcVnQswhggD6SLQU33NN251NzHU39zY+8ZG9RnnFQZm2V/i5oW77YG80z88X2l0Q82Me2J52GLwQw/eN68LsyPBL1SyqXo34uOvloq1ByQUy5WhWTGUjJwGBm1zIk/d4EhPM4YbJhLyxxX5RD5v61Lz819dHbgp5F/SrQR8yNhfz235m9JoG9Lh1mt9LT5f/hL7nr/a1Lgr0V1lxE7l5wZ7NiNjZEtotiSitiJyaocsGevrG+Kb3gztZ229v+sbtPOjkJIm9ubknXOrP9grwztCA4FP/P4ldnnzD55yUXLS/a3CzWVLjoqOnQWjFh62VISdq817hdDI/T2Bq9zD5vr8/dMFfmunY5TkYGF1xM6l772kN7A9L9k18U9DQCGKDPZP/hwo3tn/vkc+7LjvdlCTezF4s/98nlzC98rfNLoXrNWsG9Y7ktdmjIhTGF6DR9x3vLHXg1GkvtzjMb62KHR/QVuaC/aXXEm5sFPw2pW722ui75UvuVOhrW6P3qlf42R0kfu651fuO2/Gc/vCg4FD/+s5+sThMccSGMfpSLZZfDGwnSO/8W1vMF/7025tVeMdmBtG/U28jgYEa2txgxjZ6Xk4HSjPvctYHv1NSp/BtL777gXpcdWs+aYjnkNXSP41UM0Ifcy7Yrckzcm25zhbkfZjJSu0pFXwVT1ayMvFzyVTJ+e8D5nQ+6u0ff7324v4ldGr783v0V6XdvukD2G+sbgpPv2//ZzMX7769NlorRcrP4cyqTqglflFazxA15twpF2VxrXiWlk5Q0qAF6X/C8dLm0DB7e8v9Qrn331PllQU8jgAH6kI6ldknIC3JMgrXh66WfnX1OsLfBQbGjo2LHxsSOj/sEy+Tz2oCudrtMNpqAlKWkHJH3tra7NoT57Q/u76v6Jfb1/Iq8trom/eqBe8y+dudDQX8wVq5q6LK9WfTLhorbzf/NJPu8nH50VCbOjAhw4vVAM16tgpGw/Kw8JGvta09OnZsT9DwCGKBPZfxYanNsR2dhdvum/b//RUKYZs6cEXvqlA9WvIx7Z1PHzroPOzDQuA8MSzNQRwOLV+7vr9LkqGn48of5VTmor939UL7+4OCX71Uavnz57bsHCq7QezYvz06OjA1M6vjoAW3AW7ZSLkUVMDoNSRvxKp2IpM14k+IgRicl1U9EAk6cHmjG++TU+UUbhgfugajhS9naWcGJwKt1oE9pQ97AmuNriFtMS/GNc4QwrTQKWVIpEe0LA7RJl/r80pvv+KUrx0mv/598+72HCl9iv3Pvvg9iHvRBGKFLrzRE+5VvvUf40keCVHlOlxVpJUsqZXzvl7jBbqlYrhlD3Whh6vZmyU9KioMa4OSyPfE68qmp8zdLYTilU4z2czkXor6QsZszLD06ORilAfS54t/91Ev2OFP1TEkyT965aP6P//pFwY7//ldn3Nuet6RYFLO5GS0/6sLpRz/5kbNd3ei1F33t/Q/ktZWjabKaS6fl3EBWHhvISKfcL5bk9fXNIxub/Ji7P08MDZy45rz6eL23Vaw2H+4d9pJc+ORNwYFp9UsqHS7JQ9DKFw1pMgNpRlBXpHLnJDj1mOAECu0F8zM/vyg94vWldy9qY173L3Oy8RYm7/4R3xZrr2n1jOBEYQoS0OfSRXOpmJaZwxyRty9aCfO/PH6z9LMfk/QvLhDCxNKDUeCSSonVqhfgEGgFhX58o4uH6OyX9rp5bx/jrIFulwrKM43eI/WhynZJ0i5IDdK7zy9XmvSurRZkPDck2aHOBa3AsQpE30hclB6h1TDu083Xl+5OB2InrYTRZNLA5E1ollOyvjg1NdXdnfRxYAQwQJ/TpUiln529FBr7khyj0IQ3y1d/ZDJ17bcYr6fSladnDV9GR9u/XLEYXYZ+MADQk0ql8GoqHfjKldD3fdGwxcqH76/7ECaVCuT0Y7v/LmiPmFQ2JUMueNHWL0T36B9GlyH13ITNp6bO3naf9KNrR2nj8PEKHYBWniwc51SkWHk9O1f8uU9eFdTSiUfl8u7TdVnC5mbtaRq+dOFSJQDA3t76iZnZ9bWtyQ/urLnwxbqnfv0I/UfcUDf5dVJ2KO37xWjli36uV9wq+30CJ1DO/tLnZgToAQQwADw/FcnurzHYUXAvDTWEuW5v5bp6rGAnmfU1/7GLVrkMDtaOpNbTCGAAoCedPj00m0lHtSuFjW158OGGn3T04MOdsH1kbOBAfV102ZLlzwNOqiCYEaAHEMAA8HQpUrkcXDjO0dQxFydcLv7O979qL89OCsSOjokdG296vrl/371Sr0y4KTMlBQB6VXYw84xOPzpzfsyPl9ZKl7jiZWg060/X8w9Cly41qowBTohPCdADCGAAVA3dWFiW0HRHD5ZierKYCm9tX//+aUHrqhb3orpaBZOitRcA9KKVn/4PZsOynYy/10qXgcGdhrv6dVz5og137727KuurWwJA2Wn7xblJAbocAQyAGtl/uHCjG/rBeEYm5e0zr5av/gh9YZpxwYydyLn0bEgAAL1rJb89Wyrt9PvSni7jjwxL7vSIjE4M+pHSsdUHm74qZnONCWBAlS3PCtDlCGAA7JL9xa9pJ/nb0iV8c97P/Ycv9dWSpFIharIb0wqXQkFMfdNdAMCJYESeazReOpUJ/PKjpOGRAckOpHyVjNJpSY0a8wJ9xcqMAF2OAAZAQ+VS8Gw3NOWN2UJmtrIk6aL0g/yamJWVne+LRTEbG9HUI8uLbAA4SXT6kVa8pCsNeLcLJdlY2Wo6tUi3nTgzUg1mgnQgpWLoLwP0sWcE6HIEMAAa8v1gAhfCdEFT3qpoSdJ86XM/Mm/npyflJBsdFDsyvPN9Oi024z50qVE7U462tghqAKBHuBfkszomOrbughTt77K6srvqUUOZ4tbuhuulYtll9EUqYdDPGEeNrkcAA6Cp7H+5cFtCc0W6TFjIXiz+Tx+/tf13fuyinFSDoyKZRMm5jpfWSUjt9nphHDUA9IxsNvV0vJxIDQ5nfMPdoeHsrm11PHX+3sauoEWrYR45N3qgEdXAiZEyDG9AV2NcBo7Vt95dnUml5aqYna7/6C733IfZXM+brc2cdJdJ9zH/zt/7b09kg95bKx/K//7NfysHlskIAKD7bV6enUylw5qDRg1T4uVFWgmztV6U04+N+u91DHUc0CithkmlUtKofwzQf4yOo74hQJcigMGxWFqyuYHRNXfgbC/7E6iW7Wp2cMR/dCXrg5gTZyBI1Z6gDXkDihYB4KRJBeUZ34JXoma6K/lNGR4dkOxg2vd1yaRTslHekrUHBT8NSWnPF6Xhi1bDaCAzdoppeIBYSwUMuhqv5tFxWvUyMLb6ajV8AbC3jfWdr+ntAgAnRjncmdyi1S7aC2a70uMlnQmq/V4ajZzWICaqlhkQAF7O/socIQy6FhUw6JiaqheOH4HWdOpRPi92dERfgYuMjvmTzfqayNa22FwuqogJQzHb7vvBQQHaMeh+b3KZtP+MznnP/bstJEfLAxWrDzaeyT0SVZkWt6OwpVzcacirS440aEn2dilvh/Lh+2vyyGNj1aoYABXFsgYwtwXoQgQw6Ajf6yWzOn9Sl4sAR0IP1oqlKIAplaJJSO6jJsAsundEt7fcUTUvwNHa5NCg/NCpcTk3kCV8OSZvbhbktdV1/wGod//azGSxUJ588OGGTJweltHxId9kdyS3s5zIN+Md3WnGq813rcticmeGJUg17vtS2CjK6v1NGc0NytBIVoC+EgQ6jvqmAF2IAAZHqt2qF/dS4lpQyt4UHJpyqpwLAntVrJ3d1wVD+7IJsywPO2Yv3v32jB0cnJeBSll5qO+GuqfsARe0JCvN3fd2YHf4YrYK7gV6oKM1BP1Nw5ZnTk3I9+TGBMfrCReC6cf3TIzJr793T/KlkqC/FY1MD2QC91QdvSTPDqUllQ5ceBJNOdJeMAPDtU3VNVix1srEmea92TIDKb98yTAND/0opA8MuhcBDI5MO1Uv7g3+17KmfPHs2VOUCR4i/9gHdq+Ko7z72DXZyL1Yu3/+/NCy4Hjd+s1lGR6ufmtKLoDZyIsdH2+vGe/2tr+M1WlIvADva3/98bPyGEFcV3lsIOt/Lv/N23cJYfqce3qetqEGJjsvyVcfbPo+MGp9ZWtXADOSG/TNetX2ZtEFLeldE5BSqUBOnR0VoD8RwKB7UYOMQ6dVL+/cW30plba3WgUAWvXy0XPj04Qvh6fdxz609oWttfKUoHcUCtGSpK2ttja3I6NRXxjCl772Vx85RfjSpXLptHzy7GlBf0tZeaZcDmVzbee5XcOTmFayxHRZkS5V0vPjwObBh5vugyVtQD0a8aJbUQGDQ/X2nZVZk/JVL7lm21D1cjTe+2Dt+dCuzrV67N15y2VjLn3s7PiifvvO+yuCLvOVL1+Ucnmx/mQfppTdO+UDbU660CqZIUaS9jM9wGfZUXfT5UhPj43QE6aPWSPTY7mhmgoYbbobulBGlw/FDXbLxVC2XACT7PmiS5FU8rIAKmjEiy7FMzYOhe/1MrY27/uNNO/1krdiX/jouYk5waF5993NSZsuzYdhONNqO616Ka6Hc1NTp/KttrPWnhIcj6/Ozxpj51148ppdX7/l3uaMerhomJJYjtSM2d4S6160E7xA/dDpcUH3I4DpbxOnh3PZwdqX41rhEvd30aVG2oQ3XpakXwerWzIyNiCDw1nfJ4YR1EAjLENCdyKAwUNrp+rFHRoumlLp0kfOn1oWHJp331+9ak3x8l6PfdqWrrRdcRQEE4LjkZJFCSUvRp42W1tP60lW+0OMJtbxx8uQtBIm2QvG2uj0VEoApdUV6H76c9JGyYyo7j/bl2enJb3zc9d+LmsPCj5kmTg9IluF6HtdhqRNeuO+MKUt93fBBTB6emagdTi/7faRHcwI0H/MpABdiB4wODCtvNB+IyaQl1oEAHl3YHjlI4+OXThP+HJotMnut++u3LZi59p57Fnu1SOevZQ3Vl7WL20QLPrT6nu4FLfFbG5Gy5FiLnwx+Xw09Wh4RAClS5DQG3Q0OPpPkCpPxl9vrm37fi7lspVSMZT11UK10a5WxOiypInTQ/LIudGW04+StDqGXA997GkBuhCvznAgUb+R4lw7VS8EL4enZqx3Szz2vSr88ecuuk8X5dZvzthyeWbXxKPsgNiUe+pOHly7kIaGu0gifAG633vvrE4ODKV1GdKu8zR0GRjJVKpc4hHV7VeyhCXrJyMNDlP9gr6VE6AL8QoN+9JmvxGtvLj2kbPjNwSHpp2x3qJ9dkK59Pi5sQVBzzMb62K190uqNmyRRgfX9H1BAstZgO43OJiaNJXgfGg068MSbb6rUploOWlqqHGx+vrqlhQ2tmV4dECGRnZXUJWKZckSxKK/5ewX5ybNT88tC9BFWIKEtmnVi80UXxWxM8230sqL8ic+cnaC8OWQ7He09OPnxglfTgirfV5sg67W2hemzXHU6E8awBDC9I4tflZ9aezU8OTYqZ3wXHu/aCCz5sIVXYYU06VEGqjEdGz1xsqWr3LZXN1uuO/sEOELICmqYNB9eHbGnqh6OT4HGS2Nk8No+LK5KXbY7FTBaL+XlWh8uM1kZNcSJXcgZ/xlhlmS1OfeLBTku9qYnoXj9cAFqu9tbQv6TxAEE7ZudKT2gNneLMnAYFnSmej5/f7dNX+6LkfKnRnxy5N0PLU22NWvNaDRj8JG0feKAVDBKGp0IQIYtESvl+PR7mhp95Lr2vZ6eGOv0dLoQYU1kY3KQdlmYWcSUrLfSyV80Qa8oi/Cx8ajipntba1tZyJSn/t6fo0Apgd8Pb8q6E/W2EnNX4pbJfd0nfI9WzR00RHT6coSJA1jNHxROgWpVHLBTDrllyzpR0yrZwhfgDqGChh0HwIYNETVy/E5ktHS6D2lxJSj+kqW+oNqPTtewuBexNtTpwR40wV3+sE46u6l1S+vra4L+pQ1udAFKjr9SKtbtBmvTkPS/i5Fd7p+r8FKkjF0DwDaZl3ICXQZAhjsQtXL8dAmuyZlb1ixT4ttuhmhVz/RqhatZMnWvasZV7lUliDZCd7gQWNfu/uh/OTjZ2WCZpxdR3v0fOW9e/Tq6Ws2t1Uo+ZBlZCwKSrWqRXu8DFQmHmkwc+rsqGxvFv3XqVQUyGjVTDwdCUATQWpCgC7DMzeqqHo5HoyWRkPuRblk3QvwgQbVC+WymPX1aDlSLuc/m62CP90OjwgQy5dK8uW37xLCdBmtfNHwhd4v/ctens1tud+DtQeFmioX/VrDFf2cHYz+zeqypHQmCuL1PF2WtOkCGQ1m4kAGQANUwKAL8WoMHlUvx4PR0mhqdFBspsloaXcgbXXsdPKd88KWD2B8s94B+gBgh4Yw/+jNd+TpsVF55vQ4Qcwx0mqXrz9YlT/Mr1L50udcZJ6LR05rA10NVgoboWQH0i53z7g37ncvNdJt8vc2qt8TvgB7IIBBF+JVWJ+j6uV4+Mc9U7ruHtfZFsuN/Gjp4no4R5PdPjQ4Wv3SrK25V97F2t4uQ7XhjM1m3Tbu3fRgjxfkGtIkGviif7y2uuY/tCfMRDolpzK8BOiU+8WSPCiV5c7WNsELqrTXixoczkg2m5YP31+TcrEsE2caVzKmEqFMkN79HK5BjgkIZQCgm/Hqq49R9XI82nrcGS2NJBuKTe8x0UgnHg3tsdRZly49eBCFNfGY6occVa0Hlflkw2A8tELZylHSxrwAjpd7xs7pVCP/tQtWNje3fY+XUtk2DVI0dNFlR1oJo6FNTLdfvb8p29tlOXN+rOH16YhqnawUj7YG+sSkAF2GAKYPUfVyPBgtjQNx75bb0QYvqItFMaurIgPZSt+XPQ7aNzd91YwdG3VBTChmfU2shjYP2TPm5bsfCABgf0xacrkz0US7UjGUzQdbMv7IsKRdGLOS3/RNeeOwJCyFPkDRMdNRP5hszb60kW/czLcRDWi018zwSLbaSwYAcDyIwfuMVl/YTPFV9+d4ptk27u/3wtZaeeojZycIXw6JHy29x+MejZYuf+LxRydYcoQdulSoUaVKXHWiTTxLxWhSkk5Hara8IVt5wa4v3AcHxQ4N756uBADoGJ1ipB86+ej02REflNy/t+4Dl2SYopUtWiFTKpWb7CclQ8MZmTjduG9Ycbskj5wb9QEO0G/s9TlGRaKrUAHTJ9qtetFmr4+dG6fZ6yGJmuzaeatNwHpntDR/qLpBYc2FL9md4MTxk462t8UOD4vR0EXHVGuQEr8bqgFMHMbUS9UtYaIRKwB0jVQmJeWSdU/5KV8JkxT1iEnJB3fWZDQ3KEMjtRUwuoRp9NRQ030bnZRHbxj0q0H/upY3NtE1eAXeB3z1hRTnWm2jVS+bq+VLVF4cjprR0i1XhnRhjx1jCWC6wZqOJo3CFq1Y8TY2o5ClsCVWTwtStcGKVsvsUdXiQxy3CzvYYLy17tvwIh0Ajtq9b+eXQxNVrwwOZ30T3uxQ9KEVMFrtkh3c6fNSLltJpY3Lznee83W7D99flzEXvgxURlZrL5i0C2uSIY1W2UTbWwnSPMcDwHEigDnBvn13bdr9ub1pxT7dYjOqXg7Z23dWZk1q9TqjpfFQci4H0x4vOtmoEpbYYfcOZ7EUTUBqNMVoaysKULK17476fjHr61HAYiuJoI6qToYt7nRz/35t4NOIXr5Y3H0dAIB900a8xa1NX8Vy6uyIr1TRfi86IWnslFSb7WpQc/pcbT8w3dYEURCjyttRr5hsOdxVJRNt3/g2aGgz1qKCBgBweAhgTqio6iWca7WNO/a6WVgtX6Hq5XDEy7x8nxdGS+NhpdNiJyZ2AhM14IKRZgUuLnzxIYv7h20zmdpwJZUS6/ZndPmShjf15yu93OiIu96MtLS5KaZQiPYzxAt2ADgM5fJO/66BkTh0af0yXQOYsfEh32BXg5pUNhBt7GsqAb2eXiqWZTw3JBvr25J1+8sO7t4n4QsAdA4BzAnTVtVLPOL4zNii4FAwWhpHIlnlotUtGpzoaS5IMS4IsePjO0FK3HxXA5tyqTZI0cuMjorVbeorZ8plvz9fEdNOU15t4KvLnqiAAYADG8wN+ufrjZUtH6TohKK4T4tWwyQb5mqFizbi1T4w8TSkWCod+KVJanNt2+X0meoyo8D9fdClTbp8Sc/TkKdRANMvbKkodnNN0HlmYOi2+0U9njceC/R/QXchgDkhtOfI4Oja83tVvVB9cbgYLY2OSFa36NIkDU38RyJocQGK9Y15082rWDR8cSGMD290qZGGN4WCGLd/m9q7f4y/ThtGYU0n0ZsGwAlz6ku/tbz2t/93PnQZPzXUMhjR5UgavOi0pNGJQR+mbKxv+d4xI2MDMnFmRNbzBV/lohUvcUVLMqg5/dioD2T2I39v3U9mGjs1XB2J3cvCtQ/9BzrPSHAl8wsLiwKAAOYkiCbtrM7bVj1HqL44VDuBV+vmxnGT3Y90U5Nd9KBoGZLV5ov6AlrDFq2GSU4y0h4u/sW1bdn32ayvRX1ktIpFe70MDYnVYEYnKbmARZv02sEmPWb0NJt4AR9X4uhSpKOqiNHrcOGTD4wGGKEK4ORwz9X53JmR3F7hRjqjjXeL1e81jNGGulo9M+RCmCDlDm/T0T6aLVvSqpr90suEEjJBCQ8tXZJlAeARwPSwdiftUPVyuNoKvLpvtDR6TangnqErzXAHBl3gkt0JRfRz3TuZZmM9ClbUUGWEaYN3O/30I7sZLWeK9xX3cikUomqb7WJUaVNP95fYp5+opFUxrUd9PZxSqRIQZaTraaVOvJwLAPaw8uFG3oUbuUfOjfqQQ5caadWJ1gu4124yMj7gm+lq5Yt+aMPee++u+qoU3T7jghsNX5Ser5OQ4iDmMNAbBofF3FhYFgAeAUyPikMAoeqlY3p6tDR6T7puElFy+ZALTMzKij/g94163Xk2mxXjAhj/+cEDv60dH9u9HEmDnEylWqWkgY2Nxlnr/rWyRpc1tdELxqyt+sDHtts7phXtb6PvzjZaOjU8LL3C/0xcIGXjXj3dRIOho6pS0uBJf4b1k7UA7CWvYUq8vGirUPL9WuJQe3uzWDPNaPX+hg9flIYtcUCizXaVLk8CuhBvAAMJBDA9hqqX49HWaGkXeLnjkCuMlsahuHdP5JFHaitO4gqVYlHsyEh0kB8f6GuVjAYhOiJaD7aVHhiXitH0owbLinxfGQ0MBtwL/JHRaEnT+MTet02DH23om3HbDxzCQf1BKkZ0aZIulxod65qDfh+86H3ptvBFHfVt0t8HevUA++KylDcDI9PxEh+dZKQBi1a/+Aa6Q1EorQGNbpNcAZpKVLroUqE4mNEqmtWVgkycrg2vtTdMtJSpsW0X/mysbfnLseQIh2xZAFQRwPQQql46j9HSOFb104xKlR4A8TSjVN2LafeC3Wxv+S99z5RMVkw+H1XObLkQ5tSpmkoIOzoaHTDv9+BcL9NOUHOUtHpHl1zVP0ZHTZdcNVgC5jWr1tHHv6CVS8P7Dyji6VYPG6Ck9//n3gdcyaVvTTc0PVWpBHSLM+fH8pp1xIGHfs4OpXcFJRrMqHRmRLY3o6WmWjGjNHiJv46+d/uxUl2mpDSUuX93XTIDKcmdGWl4WzTEyaRThC84dC465LUxkND7Lc37gFa9vPP+6vVU2t5qFb5oCLC1Xv7Exx5lvPRh0NHSNlN81YcvzWjgJebCR89OXCZ8waEaHdwVLGi1hy4/8uOnU7vfyfQ9WeI+MPGLaGt3PutH8mA6ldr5XkOCjfWoSW980H9Y9Hq12iZ5Ox6WPg66/KpV+NLkevzyqVJRDiQs7//x0eU5ha0DXadZdbfVhTfHwert3toSAEfDZZe3k4FHeTsKSlbvb/omu/U0JIl7veg2WhmTv7fhnpZ2tk1lAxl/pLaKRUdYK+0hE1fK7Np3JpCRXOMlTL6qxl1fqXjIfxvQF4wNlgVAFRUwXY6ql8779t216cDY63uMls5bsS8wWhpHZnB052sdFa3LjzJpscMj0cQjrWzJZnaqKrQiZH1j5zKVF9l2eCgKZbQCQrdrVgmhS5cKlYNtrZAJdt5R9X1nKj1iDkSvd6Tyrmt9CNSKLjPSJVJDQ433mWpeTu8nOj14EF02eXldPmUrfW8OInOAJVfaWyeeNNWEWV3xPzMfriWqZOzYMS6xOmiVk/5+bmyI1d81GhIDTbmnobwkqlXK5SjgiJccNevpoo16tVeMbqdjqBtFKhq26P6y2ZQPUHRfOm2pvsJl5YMN37i3Vf+Y+Lp02VM6w79p7E/Z2DcFQBUBTJei10vn7YyWDudab8loaRyt1D978bnw/v0530Q3lRajVQhadbG1vRMc6PcamGhYolUg9WFE/CJ7YNCFGOu+OW/MBxPav2U4UYqu5xc2dwcFumTJBTB+wLUGFzpFSa9bA5+6pq6+Ca3R0GBcmnL792GDu712eERa0vDFV40cYBKHX6LVIOjRMKPV7TsK7YRXzapqjrJ3i+/bEvrfsUPfr/7O+l9BDtaAZrbXy7fXVjZ9wKGVLRqmBGnjq1+0Z0vcoFeDj82Nbb80yQcu8dP7UFqGxxv/G9P9pN3zvPaTWV/d8pdrNKK6WCq753MNaJrfTl26dPrsiKQyBwyu0d9scFsAVBHAdCGqXjqP0dLoJu4195z7Rz5pVteicdDJNyz14FYrOvwBeyKddcGCHRuNRklrIJOYTGS1b0lYThzMu3dbdbxz8kr18hMNRk8nA4ByVMbul9I0KmPX26kv5rUPTbPJSHq7tSKnnWU8vnKlRfiit6dZD5tm96cd8UQf1W5j2coSLl9xc4BAw9/W/Tax1e0fpgeOXl5/Dod9TKXhmvYboiEv0NL7GxvL2crT6ubatgyPDsjpR0f9cp9oIlLogxn9Xnu/6Ec2m/Z9XLTCRZciNRM35tXtNHwZGGlcgafX1w7CFxyUCWjCCyQRwHQZ7fWy95hj0QOdSfcS99Y7768IDoOVVo95YGTBFstXGC2NTrA2fFmC1HMyOOgTBD/pR3uzuFcx1eU0umSo0lzXL03Sqo7kiOmkuoqPmmBCl4toYLJZEKvVLYN1Zehpt+/RkSg0ia9bw5XKRKZkZYfdq7KkEpgcysG53m6t5NEqnNH2DiDalgx02g1F9H75njNNtm0nLNnvY+J+B8za2u5lVu3SqqnUER1UNbsvWjmVnN4F9LGpm4v5t39iZtl9Oanfrz7YlKHhrO/hosuGgsqko6gpb9RDqrhVkmH3vJsaDvw2G+vbknHnZ10Yo98/+HBDJk6P+AoYDXW0+uXUuRH3T73xv8l4SZJuq1/HDX9V8jYAB5X9LxeogAESCGC6yDt3H1z24Qu6R6XS6CNnaGyMDvrxS5fl1m/qOPNb/ns9WE2GG7osKFlB4sIRX32x15Ke+jBBQ4z793e+D8uNL6eBS7KiRUdhb0T9Zvzo5TYPpn1YUL/0qRW9nnV3v3QpVn1woYGHhkVH0WMkU3td2rTXX9de4UmrAEr7+GgvHQ2LsocwultpOHZUj8FR0SVP9P8HqnKPjrxWLJQmtdpFlxtp6LG9lXZPuSkpue8HXSCjVTAaoGjhYVz1ooHJ2oOC/1ob754eHPVLk7RR7gd3Vv2yIQ1u/NKhdOugVStrqvvSaUjusnqahjkaBrWqtAH2QPgC1OEZtZsEwacOZToIDgX9ddCtTKNpOloJEwcbWhmz7sIODU0qB+d+upHvIRNEjV4ro5R9k1f9WisT4uBBq1v0tGZBQdxfJjlFKdaiYsRqI979VD7oboyJKn+kMuXJhU92ZDTaz0FGH8e3Tx+jlZXGVT9JRfeYbRej5sXtLPVpdv+1Ea+GZvsdB60/62bXGz8GGshpv5uH6eUS/+056mVDcYXWfpdbASdUJpNazmRT1elEGoBsFYo+YFEayoydGpTsUEa23ekf3FlzT8G+K5c/X4Oa0VPD1csOj2Rlc7Polx5p/5dGzXV13xr4DI9EPWc0cIl7z1Sebn2oMzSc2TUSG9gP91tKA16gDgFMF7E2fMWImREcL/rr4BgFv/HiVfeC5aLk83kNSnzYEi8PiisdtncHMLbSHNdoI109yNUlQ/H2cQPfytd+G32VrZeJQ5fkUhS9XKuDY92/nq9LijbWd4KfSkVN0yqPJuFDNVjRMCEZIrgAyWYT9yGe8rS5uTNVqQ1+Io/eP71f8TIgH+xI0xVDnt6/gcHoNrQRFsQhlx+PrdeXXHakYck+bnNVG6GPv38jww/XyyWu0GlUbdRIo0bM7ndVl8TZdu6n7z3T4AYTzKDPuEh8sVAoP79yf9OHMDqpSHu8bKxs+eVFGpToqOmJ08Py4MNoJH1ZomBFwxftzbJdKMnKBwUZdOGLjpLWAEaN5xqH1JvrW+6pyfrrGzs15JcePXJurDqNSWmYM3qq+dJG319muyTZwQP2oEJfcL9liwKgBgFMF9lOhzey28G0++P3KcFx8KOlHz87MSfAMXGHn3P+Cw1K8jvFV34pTmUKkVat+IlDyYo5rYDQag2djORCFXv69M55eqCc5Lbx758mgxbdl1ZSaEhSd2DsD8zreoz4kEGvL3mwHlfUuMv7IMYFKtrs109GisdlN6LXq4GR3vaRJn+WtHInnsDUqmKlAd8nJr5P8e2Nm/Q2qDr0vWX8YyPNm/w2uh597PT2Ve6n7ke/t4MD7S+7ahFA+OlRlV48/udR2dYHHpkGB0GtmhTX0wqd5OPUjvptfShTbLxtovKoptqq/vK6tO2we/oAXWx1vXh7c3WrWgGjS4i0b8uoC1K0/8qGC0u0MiVeIhQbGMpIUOnrUnBBjV5ue6skQy6EOXV2xFfJaJiiY6Yzg2l/emxoZMDvT/eRVD+iupW4v8zoRDTBCWjERYQsQQLqEMB0kalTfqnL7NLS/dxgpfnmSWfTpZfc/6eTp4XWXkmVswvSYYVCIc9yIxw7I4suhZnRL/WA2Gxv75yngYeGDzplRgMQrVooV6YZVaosbDySWg9yfQXHgK9S8NvrAbA7wK3uM3lgXqmA8NebDG8qt2MXP1q5QRCiB9buYFsDDN8nphJwGL+MpzJ6ui4Q8KdpJc1ewUrdkiN/e60GHEP+/ppiZXlSrNJDRlwAsqs/TmUJkg9IdL+J67Z6EKL3uVlwEVe2BHVLsPTxSD4m1WU9TfajgUPy8nqbNLTRUCVeJpbcV7ESpMW/B9oEOVnFlHxs9LEvRAdsTata9PcjDlEa3Vf9HUo3D8R2SVYs1dPbo4+zjjR3t9uHRvW9a3SfhC/oM/n/fF4y/+Cn8mZzrfq6T6telAYbGsxo0KGnaUCi32vlS5BoqqtVL4ELRIZGo39TWr2idNvt7bKU3HNLTQDj9qvNdusDl/VKENRo2VI9DW90VHZ2iAoYNJf5hYVFAVCDAKYLVUKAvggC3rm3mt89fcjkz58fWhagD9n/+LkL8tX5WRkannYHrFclrnpQySAkqExEWl+Lwg3t+aJNYPWAOg4eVKkYhTLxwW584JyqO4DWg3itdMkk/izEFRT7nZSjl9GDbQ0IqnfM+qVTZts9tQ1ko0DEJHrJtGpg66to6m6HhheVwMgHHDpytb4HSrx/rawZGGxcsRHduNrT95jm5Jca6WMeT59qwo8QT94O/blUqoas+zn4psTJsEu308dJPwouqNDb6267HRqMwg39eevl9bNu2yyw0ss3q0SpuSM7B19+GZitLGWTqGGyXxbWrHqnVBkl3m5D4XhZklbv6O9ghoM2YGlpKVc0ZiH4s/9uLv2vF6unj4zvhJOZAfe85oIRrYY5/eiID0jiyUTasDd/T5/rja96qQ9U9Pu4GqZe/bYa8OiyJ6UBzl5VLalM4Bv07pc29tW+MjoaGyebYfkR0BCjCACg2/z4pQUXYCzql3qAr8t6fEVEsrrChSN+glHcD6YS0mg4UA1f1NZ2TSWKPwB2B8N2fKL2OnWijl6Hjrz2l9vy1Ri+IqOdg/kGS3l0f9YvbclEB+qpSlBiG2/fkN6OlZXdS64qS5J8YDRQmdJUF0j4sKP6Td0BiF5+dCTqnaIVNMmpUnuIK4L2vAe+z0wi5NCKFP156djvuCopKXEbjP48teeN/pwrlSw+eNGfW2aP0EMrgSqPjQ9tktUv5cSkq2QVi17XVuV64gqf+u1j8c/EhTR+WdR+xMHhfsdQl8sCnCRR+DK0aIx5Ojz/RPV0DVfSialF2iD3zPkxH75oaJIcC60Nestl68MTrUaJ+f4sW9G/YQ1TkmFLcjulIY7uR8IolNHqGq1q0SVG2ltmP/R6P3xv1TcAbkbP0ybDOPlCMa8IgF2ogAGAbteoWkCrI/RFeimqUrENRhH7cCFuABv3JVlbjcIarXaJlyXFkstN4r4xidBDqyT8t40qLzY3oiAjeWCtt1ErH7RSxYUOvlqkLpTYub6iXxq1a6lQXLVSH9jo93qfUy3ega0ctPuQpsmSmep904lIur+hocb7SVbPaDVKLtO8V4sGGcViFH4kqnLs8FDUDDm+jvqKnESvnqjapRiNBt/vmOn4ftUvB4rHemuAVLfUpyYM8r18xqP73WgJUrKnUDHxtS6h0nHougzsMBvp6vI4DRH3qDgCekUyfNHvy3/u3xPz//6ye2pNy9D4YE0zXBV/vb1Z9L1edDS1Ti3SZUCbm9u+R4wGG1oto5fVSUn6OXdmOKqgqbh/d81fXkMdbfSrNHzRpUfajDejVS2nh6tLnYK6SkkNZQYGM/66G9HLDY8P1oRE9bRqJpXi/d9+EEiwKAB2IYABUMuaZUFPsFqtUunpon01fM8PrXAZH2+8dEgrL+IDZq220F4wzQ7udT+6j8zO+OVqBKL9VrSPRzq9c/lkcOIP0O1O5UXcNLYFX+XhG8wO7wqF/FKe+ua02kvEXaY6cajR46NBQOUx2UurEdnVkd7J4KlVBUc8rUm7+CaDDt+fJ938sloVo6FHPAK80fKeOOTQ2xI/vltR4+W9q0oqP8FGj1d942X9+TabhqXXrVVR5UqD4cRts9q7Iv5ZHdZEI31cdDdpli3hZCinRueNDZ+Ov7enHpWJJycls/aBD0N0KdCECyq0EiYZdmhYslUo+VAlSKf8MiANUu7fXZfCVlGGZSAKQUayfkKRbpMMc0K70+g3pkuNdPKS7lP7wsSGx2v/NmiVjTbu1f3Vn5eU3Ecj2Wz7S1r1uqy2ykozGa0H5en/AjRGBA0AvUr7iMSvS+MKkWLjSUb+wH0tsTTJhyuZncvWLzOKl4roZI54aczAoBgdNa3LgeI+M9uVPi/Fol8SpUtSoiVDq9EUp7jhr4YyLZYdaeWLD1oaHbDrbam/P1oNoQFBfeiQvC9xBU6LYEIrK3xPl0xmd4+Zyu21zUIq3abB0iW/tEmrk+pDDfd4+Meu6Y2p9M5p1YxYlwb5ZUyJseLJn0MrOlJbA6u9AiltotxqiZhvAp2Lfl6JEeT+9073r4+3/p7oz/8wlg7FDZ/324sI6EKvv3V33tpwtv70ze/4hP+czabdr3taHnyw4fu7aHVLLG54q31U4qlJflz0xGDNyGkNSCZcMJNKGR/mbFWWEmlYo/seG995jvHLjoYye05A2t4s+XBlwIU7umxpr+VJ64nJTgcVlq3708Hyw17kfvIsPwKaIIABgF62vROcaDVCTaWJVsbodCFfrVD7IrZa8aHbaHDiApNqU9sK3wPGHdzXBCnJqUy6jQt1/DQiXbaiZeXJQELDgUK0T6MBQbI3Tb36kESvp1UIoH1QRkZqAxu9vkb3Re97ucnBglaPlHaf53vfbFQqWfTgv0Eo4sOUeJskrZYZ3x10+H449fvR26yhld5u97PyPVU0vNBlTA167/jKFN3HUOVgy4cTA7uXGyUvo8FPHIa003slDoL22ja5PK0yUarmbK3+qQu1/G2p+z2roUGeLpOzD3fgBnQjDV9ciH2x0Xmb3xENhNTlQTrVSGnVSbFU29tFaViSDEw0GNEqliQNSe69uyob69suyIj+bWpYo0uABkb2V02m/WQ0UNEKHKuT53Sa/Ha5UqGy+99q3NDX95Z5CFrhkx2kWL8XmTDo+DRToFcQwABAN1rLt3UQ6vuK6Gc90NVqBA0m9EBbgxWdZFPYiqpRtPdHpZLD90SJl7cUd14gm626KorkAXUcBjR6l1QPqLX6wYUO9QGDrTSM9b1dRhpM04mvuxJC1Nz2ZLgRhysaJDRrmJs8PdFjwO9rs7D7Ot2BvlZx1DQkjvvGjI3tWSniH/s2ljdVNapuiZdeadWJXrcebOnX+rOov5+VSVI1S3viip9moUY8ragy4tqHGzG9jrpALcmHb8nt9fYlbpcPqeJR1/XLpZIVVvW3pVUAo0FePAkKOEFahS+q8Ph3uefoYR+c6FIfDVgmHhnyFSvxadqDRbWzjCdZgbK5WvvvPNmkN0lP2y4U/UdMrzd/b6fixphAUtmg5TIkbej7yLnRPZcj6T71PjWrlNH73aqhL7qXy+AWBUBDxMoA0I3Sezw9V3qB+ANWDQESy2R84BCPkI4PZPXAVytk6kMQvawewOs7mfXhiTtPqxV8uDNYCXpGRqMQJLldNvEiW5e5pCpLoCrXreGK71ejt8c3lq2ML06GCMlmrtr3RW9LcumPHvjHB+b6daPgQx8zfTx8/5Sdy+6aNhSfHk980ooTDQX0bV0d+6yPkV53g6DHV6a4x9YHSvVVJxpG6HXHlSO6Xz0tLNeO3U7SMEwzDA2MdOJVfPp4g9us983dF9+TRverj5E/LSfN1EzE0m3jgM6G1fPs+NhOf5V4ApJ+rw2Ak5OZVlej73WClAZXGlLFv6ftBFEukIl617Q4eNT90WgXJ8wb37pz1T3HXtxruwdPfp+Ev7vgJxupTDb696UhyFZiyU+j5UIaVqzkN31gEfV10X9nUZCSHYr2o0GHVsTEzXxPnRupTlyKRlrvhN6PPJaWIGX86fF16uhoXdbU6naoVKa993e1SkZvj47JblSVo72fWjX0RXfS8dNDNxaWBUBDBDAA0I0GR2ub2eqBr36vB/jaBNcvLYreGTTxuOEKX5mh5+n40WTfF78UJ/Tjma0GKro/XRaTPIBPHoBr89zKQX6VHnxXghkvnaptwOtPS0f7CaIlSdZUXkDHfWNU3EBX75eGMnHFSjyxabhuupHeTg2KTLATzMSBTGKpjG9A3O6IY6200fuhBxFxAKTXXQkVfNBReRyq11dpsGvigEsb0WoQ4QMx9y6xPqZx412tLokfpyDVOKRwgYg9dapxOBNfR/L+hJUqmWyTChENfbRqRcMWDZj0vlXeQPZTsVw45itX6i4T8+fpz8wHLOONt4t732T22RS30c+1sj+9Xv873Kr/TeXn5R/vgIMy9IYofJG5vbZz/7qWC//2f7ySKtuX9HsNHuKAY2h0oBrA6Ona8yWmY6U1dNlc26oGN1pVokuNdApS4PaRykQhiwYs8Rhqv3+TeO5M5M16XlAJWnQ5VNbtXytx9uoT0w69/nTl9gyOZf11xQFRPaYl9SYbpl4UAE0RwABAN/rw3qSprBK17qDVLw/Syotk+FGx61BcqxziggYdl1yqLFvJDkQH59s68jk6zfdtSUyXqR6Ax9OF4mAgOYpZgxltAKxhSlg36cZtVzORSQ+o40CiUqESXW+0r7h3iI2btyarYuqCn/rKCB9CbW1HzWArjV+jM+oOEvQ26QF+/cQkDUv0foU72yeb5/opSvVLYeKqomTFTiWw2lW1k7yu5IFE/dSiZuOsdTS2hmkDiVBCA5v4/tZvr78X+rjr7atcX3USlAZ3lWDMVwjFQYcPUnaWD+l5prKsyD9u+nUldPPhlq+6Cnau3y+bcoGgewxs/QSr5P3V0xtNdfJXaqOgaK9ju/jnpY93kBWg2+0nfCmH4YWP/+J/vXzv0l9Zzg5lJzU40Qa8OgHI94UZG/DLinT5kVayaCNebdirpzXcp9smM5zxy4qKG8Xo6TXxtDHkzktWs+iyIg1sNMQZSPRd0RAkNRxdUPfl/5RUztceL6v3N33FjYZC8QSnURfaDI00/jeqIZCOvNb7ofvWy+JkYfkR0BoBDNDPjOTdK7+coOu4dyafqyYrWrGiB+LF6EC3hh5oj4zWnhZXyGjjxWwmOjDWV9++v0plbX8ccASJkMAmJh7pwW4cIOjIZz2413BBJ+D4g/c47Ki73uSUn/hyuvRJq2R0f7rkRm+DLluq7/URH7xXKiK0usa2Wo5SH47o9enBvt6+7e2d6UW69MVXf9QtfXHBlr8ven16u32FRqWaR5vB6mOglTrxEi8NGTTE0VAiGSjE+62v7tClVHFFThxYaBVH3I9HlzpVrlu/N/rY60OgR0na6FKXBqUa/JluVv1R3GlcXF1qptsmb5epG41dL35M9HLag6fSF8jo7dHHJvnzqARbVRoqZXYfTGllkP6e2mYBTGWq0p70tlV+B4Fut9/w5bunzi/r92OPjLy4sbp1dfX+lq84GdewwgUe5UojXa0g+fD9NR/ODA1nfZihIUhMm/EOutO1/0p5u3ZZkRr0wUsgw2PR86Mub1I6ulpHUcdxvFbVbBWKvlol7uWilTW+YqUSwMR9ZPT0wZGMC2SiXjOb7nMcwOhtGxkbrI6S1t4wShsEa6jUspfMIUmO4sbRYvkRsDdq+4D+lhd0JWuCV6rf6EGnHthqFUJmp3eKr0oYHatOGvL0oFjDhEozV60QqS6DSTRc1Ua8fulL8mC+sp0/yK0cLPuKmcBEjXv1YDw+KNdKDHeQ7wOSODjRSgldKjQ25qt2qgpbO8GAjpserfRP0WUyuco445rKlGJNOKMTlPz0HB0XnQhd9L7X3Ae9jVrBovdDHwcdMa0fPsxp8n6DXlaDktOno33p7fCTiSqTlHxQFVXb+OlK+r0LKHQZV7UqyD/OO1UjNfR6GwUmyfHhen16Xb5yaCu6Xm2erMvH6kOmcrlpE2L/eOhjoEvPWjTXrdKAqdF28e1NVvPo7ao04PXNeTd2bpv/XdKgKRm+JMaBN1zO1IguUdP9NmuyrAhf0AMOGr6od+6t3NAqEn++b1Ibfb29HYUd2rslHk294sKNdDbwQYbSoOTU2aj5rW+ou7270e7QWLYm9NBAR5c3fXBnTeLrVRqYaG+WZENeXdaUXP6k+8lWqnO0l4yOudbKmpHhgert1yqZODxS8QQnDY4GElUyGuLcv7t2oKa7Oq57q8VY7Og20Ni7E1h+BOyNAAZArTB8IDh+udyiP3DVigt3YKsH6PFYaA0wfGihy5E0KNCD43hKUasD72TjW61y0H4h8YhiPegdqIyxTo531qU2vudI4uDaLwGp9GLRqpe4CkJP08trJYTbv1ZS6FIlH8a4/WkDW729plw3qjq+DXHY4MKZmulEG5vR7dMwqf7+JZe8+GVATZrBtjqor6f7jEOuOPza2t65j1oBUyrv3BbddmBwJ+yJfxb+NtdNM8pWlhDFlTZa/REHP/XK5d1jv/V3oNkkKL1tGmyVo2bC8YSiGvFjXAnq/DKyZhOH9LaNjUbBll63C518uBcHRe7wUYMrXxVTWZIWL1+qBla+b4/ZvTQpEdDEj5W/Lf527wSKPphqJ0wCusTDhC9q6uZiPkhFSzhSLgTJDkbVJxpuaGhx+uxItZrE78cFCxqEPPr4uD8/Hj+tlS9xdUtS3Pdl2wUWGkwMuP0nG+3GtjdLvgJmeGwncNHtNCSpTkTS1YMu8I0b5WplzajeBvfvO57kpBUvuoSq3mBiCZQGNLq9hksb642XVDV9HCujsFsVuOgyp+RyKxyZfGY8z/hpYA8sQQJQwxhzX9AdKpUIUUVL4t09bVqbye6M9dVtVteiA3sNDOI+IBVGD5R1Oz2gzlWWemggohUl1cuv1oxerk4F0u10Oc/IKb/oyGgT2sTIUBNXm2jDWnfU4Juk6hIXDWw0eKmvhNFQwS9LqjT3TYQVPryoBDc1VSPJgCCuZNH7ro9DkGjK6+533B/HxqfHS6308YqnEun90SqcRst74m00RNLX6/p4xMu+0pWeOBpU+UYI9WOWi7uXUVWaBPsgLVEpVN1emyLHvU2ULtXR++9HU1ca3er90qVQLgzR84xeTpcyaRVOsVQJSsaq1Tx+WZr+jOqW/PhpVHrwNZrobeP72RSr042qj2+1qigble/r9WwXa+9vcvmaPmYazOhjpD9D3Y/fZ+OKlbh/jwxkoz41QXS//WMfh1F62+KfRZY+Eeh+f/Ktu8+HoZ3be0uTL4flXeFLzD0lXEtngpnT53aWC8a9WDQE0a/DShN2DS0yiWK1eFR1Ulwho0FIqjLZ6MEHG7u20yVEugxJw4x4jLVW4Giw42+1NvR1163VJPqvNJ66pEGOnh4HLVp9E/d2icMZf50fbvintdOP1S6DTPkQx/in3JGxFo24G9DbpFU/DyO+baMTQzVhkZ6mVUDaBDmd4T3rvQTWLJi5RSqrgT0QwABAt5mfz8n6+rQ/+I97t1TYwQHtnhh9U0wcECemF8V9SqJlMlHliNFmtfG4YQ0Z7t+vDTY0RMnno230MolGv9VeKjpiWkOEVCIEiW+bXoceeGezlUBmvRLgVPqZDNX2RzFxbxU9wE9HTVqjg/ytXZNw/P2JG9emopCn5vbp//z450rAoQGE9hSpn5KkB/Px5TYLlb4u7rZWqjH8iO3NjWq1i41HSgfZKLCJmxWnoolGPmyyUg0HbHJ09PZ27dSgRoLUzhQoiZbyVHusJNsi6N3yQVIQXbf+bEvJg6fEz7FRPxWtzHHX4UOa+DbpsisXxvmqHR1bXqdmMlOiOscvNdL7pkFLYty2D10qn6PbPxh96O9aMvip3mJTuVuJ2649XvR3Ir7eytjtZk2KgW7yzW/ffS4s2xt7b2ny7imxafiiPvZri4uFKz+66L6c0XBAK0riyUEadiSX6diw9dIa3+9lfKBm23jikYYX2gw3Xr6jYc6KC2Y0PGm0X9+T5pFhv+RHt01WlayvFmQ8NVTdpp5urx/NPHJuTI6K71EznNmzD4ypy1h0qde2+7ukj3d9aITdimVzTQDsiQAGALrJV+an3ZHprNnauuorNbRixTfLNVFVR3Lkc7JKJDnNqNJ41W7ouORECboGK/qsrwe22vS12RKV+sCg0helusQlebpeb2VJkZ9s5A7sGx3Qm+26lW0aqMQBUxxc+GVIiW38spS1qMpDKyXSQzsVNElaEaJhk/ZASVR++MlHWqUSP2bxKOswCmX88q0kDVT09leXG0Uv1nXplFbvWH0TOLtTbeN7luj90NsWNzqO+bAoemxqQoWkyuOpIYTRZVb147xjGnzFk5CSlVBaLaNh2PBw67HMviIlEZiE4c40pwZLunbdXg1rNLyJR3Qn++nEPYfiKp9G9J36+lcblUlaNX1mKtdfg3HT6AEavtiyvdnWxmH52aemzt/ea7NUKn1t9cHGTFzRogGCVqLUhwhxxYb2ctGwZXAkKxvrO/+uNbzRAEHP12U+jzw25iceaaCg1R26P10CpKGKBg5W+4vrWOjKU3Yc/CTpsqXAlPyI6rX7m1o5W+0jEy87qr+duk+txEmers/Xejmd5pRcVnXY9Dr1ab9ZBymt0mlURaOP+dqDcsMlVKhF812gfQQwQF8zy+4l0KSgO3x1ftaY4CX3EvimaIPkVJDzB8s6pllDheT0mnhEsNKD5gZNTk1Y28xQqx38MqK4uWw9P4I5HVWlVKpCtF+Ln2KjFSv11Qi+QiEXVXBUpvs0Chr04N+Uam+LHdg9+cIODdYEML4aJR73rKGIVsro45AIffz1JcOPoZ0eMH5yVGLEdnWUtQ881mvuh8RLivS+B5XGuvGyl/Wo2sQvv3KBS03j4cptMzoifHyi7j4ORrc1s8fymWTA0kwyjIrpYzCQjiqdtA/CUJP+N/XBmYZQqUpz4PixTAXViiRfSRUHbrFMpuGuq814y2XZNTrcb2B2lr3V36b62+t/Lu53tN0lR1oJpNvHlV3AMXh96e50u+FLEIaXvmPq/GI722Z+YWHx3sW/suy+nNTvtfJFAxgNBTRM0fAiO5TxS4b06/t3130Ao9UnGq5srmz5p9PidskHDKkwGi8dP8WmUjv/vrXKZnhkoLpPPU+va3uz6L9X5WLonurL/vq1QiZeYjRxJgqO3397pbLf2rBD9x0vQ6qfeKSBkN4v1Wp0dbwfDZay7v5mB/d3+BJPcdovvY/tVM4oXXZl3PNavy5Vovku0D4CGADoFilZtGVtvmhftrmJl92ruZf0ZF99UDfFRw98/QvpuF9Kg0oBPZA1lb4d8Qhg3z+kUgGhy0nisdF+bHEyFKn0brHblWk8fjxykxehesCsYU/cOzGu/NDlUoNRlYvVJsIa4uhSnmaBRH0IUR8SZSqjq6VuiUqzKolE6OCXwWSy1Wax1X37qo5UFGz4ICKMHuu4OiRuXFxZzmTjA32t4NDt9Ly6oKs61rpSSdQyIIgb7TYLT2IatsXhS+VnJxrI6GOtP59UJdCIx0a7n5sPkkZGWj4uthJIVac/JZoh++bJg62DoagnTV0jX92PBjO+AfNI+0uINMirVBX5n+teE4+qP8P+PODB8dPwxf363Wpn20r4clP2oVAoX3P/fOa1Ge/QSPTvNp4glKSnaQVJ2YUUWs0SbkVhycTpnYa9qaFolHXcRDcOFrQqZe3Blg91zpwfq4YNen4yuNCJS7qNTl3SiUdJOu46poFQvDRJwxUdQ62hRKMKk2JiSlM8ulpvW9QrxvrGw/Ht2d4u+6VEZXcb4gAmOV5amwrrPiZO7yx/0u3joOig2h1frU2PtVImd2ZE+o6V5ew/XLgpANpCAAOgRmjtm4Lj8ewlbV53wX/9O1+ZNuvRBB07OvqKexW4lNzUBQEXXTiwIKl084Z3A0O+14bvd6IHwnpA7M/QRrrFT7hA5OloZ/KaCyFerQYbSaXyJ9z/n7ap9Gvu/FebXpeYWXc73X4ySz4QCXVSUuJPzNDwrj4we7GSyhkpTrsvcy48WXDXkTMrD2arS6T8+OetZbfvxZY7KhVzLryY1ReJJgxz7nK+JMOmgmWZOLXoXtG7V88rk2ZjY0bqq4MqIcDHBofl+84+HlVnVPz23W/LgyC14O5z7c9gY+MT7jY+Xf2+sPWKjGaXGt42rUQZ0ACh+Yt8s756sTqFKbrfy+5yizIeVZbY8VQlhNDGyusX/WnDQzejQYd7HDwkm+QWi5Nu3zPV69XKp1Ixb0fHm0+1yLh3zTPbk2Z7e8bd79dkZPRVt5+cbBdn3bnLMjy6WN22XJo0q6t+/26fr7jfOf+YmM3NWd8naGBgwT30+vPWFGjZHXHNurCo+XXr79TAIMuUus+y9IGd8MXm9tw4lGv7DV/UR39t8Wb+b/7V54fHBvTfRTVw0Oa3OqVoZHzAZdwZ3zB3PDfsq0Qy6UA+qDTY1aa6WnWip+s2cbVJdF70tVbFaKCj4YruW8MPrTKpr0aJc861fMGHDLrP1ZWCu94hv6Rp2G2/qRUz7rK65EnDnriPTNxORi+j1xtXwmioFE9qGhyInlt1FHbc40a3jQMUvZ3b7mN4fLC6L13yFFfOlFxAU98bxy+lauJhK1Z0uVZy2ZQ+hkGbYc1+xeO8263G6Tgb0PsF2AcCGADoRg/Wc9UDy9WVG/Ljl3YORF+anzRhcNFurV9xoc2yHID5jRergYC14YL88LNzwW98ed5aO23dO7XymUtRj4Jfn59zt+Np91bsgqwVbpps6rqV8svyn1y6WX97XMAxYX/8uUtyiGy0/5x88ifyej0SBrM192Nzc1IKm5P2P37uwq4LazPjSz7UEqv7CLf1OP+ie6/4uj+/XF6UCz9avb3W3VeTCj7lvpyu7qPSZPhBqSjXJ/98ze5/f+T0K5/+n35v98/gN+YvS3wdGiaUChflwk8sy0F8dX7WveK+WHfqpCy/fyW+b0n2q/Mvu8wlJ//hZ27KfuljJMGrUlny4G0Vl+XHfvTSXpdzj+tlKW7elAt/bdnfjt+Yv+jyn9vu8d3pdRE9LjP+6/yHC/LpS1HD0n/24rT7QefkP/pPd67nK/PT7mcxa8srL1R/F9uV+LkDR2Fp6d3J0j7Clyenzs3JAY2MDV2xEt6K+6WorfUoPNElQhrAaKWH9moZHMn4g/U4VBiohCjxtKJ6GlBoxYrSy2hoosGO9oaRJoUccU8YDQJ0n/FyI+0Hox+xjDtVb4tWw8TXEYdA2eG0r6LRcEWvN5UYZZ0MGOLT4tOTzX3jqh8dw+3v61BtlaGf2NQkgNbwRStWVLLqZz90RHeyuuagy5zapT+b7gxfqH4B9osABuhjthy+2ZV/0KHPzrfdz+dZ9+Im7w5UF2vOcwf8LlA4VamYOaidAwfjDpR/fX7Gir3oX6+mzPPu/5cqt+OGLZpl92p6wd0WF37YWfeyd9bOzy9UD3L19vz6/DW/n6Pw7M71yG+8uCzJgMAdyruD/9caXi7n72O+Zh/i7s9vzOfdfZh3ydOpmu0/fWnOPa43XchzWYyZkLCsa9pn3LukV//c6O4Gsz848ehSwwAskJu2LNpM+Rl39HXtoCGZl5JldwCXl+jntezCsRfdq/BnmgYMyaBuL9pzSIKrLoC74n/H3GPkDmWmfNClt9n9Tujv4Z77iR7buZrTkgFdLHpcZtyx3dNuv9XbaU14Yddxkgtd3G05Jfvlgh8N2A50WaANGr6Ug6Aj4YvSXjDvX/zhRff8PDM8OiDFws6yncAFF/o3XHu+aEXItgsFsoOZhst9dDsTRJUbzWgQooFEI37ZkwYqiQCmUbPd+uvMJoKR0YlBGXahRSqxhCkOZ2JaHaOhjF42eZ6GPRp6+KCpUgmSnJwUhmFNYNNadJt1+2a3X0Mt/Th1dqThNg+7tGk/9Pr1sauX7K9zbKh+AfaNAAYAulF0ULuwx/kH5t5RvRIdfLsDfD1o9xUifunApDv3lbrruem/fml+wR1AP+e+em1XAODCC+kAG7iD9XIw7w7iZ9xtvy0pF1I1CzianR5IfD9uNrnM5cQpiy6UufHrf/4H9bSr0o7oMbsoh+FZF0S8NP8JKbmfi4Yh/8khVnYYyVkNdlJ1S0bix60++HtY0eMyaxuffjgC7aMUHGoVFhCLwxdbGwI3dgjhS6xQKF1zx+AzW6lo+Y4edGtFhPZvUcZKtaIjndmqTjbSaUV64F5dMpQvyHZikpqOhY6nLMXLm3Rqkp6m32vIEB/4+6a9dW2ZdHvtvbJS6fOS7H8SN+3VChi9Ht2Xr0pJLHtsFiBkh3ZXk2yubVUrgJL3Xac3aSgT349GPWrqaa+WidNDu8KfehpYHcWbVPrY6mPyMNOV4ioefRzqmxt3DNUvwIHw1jeO1Tv3Vm8lew4o93fp0kfPjt8UHLm37zy46V5cPFdzYtle+chjEzcE/UmDmMM8ID4h3L+VOfdvpSaAcQc9N8+fHedgH+gDxxW+xL71EzM3xsYGno8PtpMNaLUJ7ofvrzW8nI6dDlwIEjfE1WU7usRIA4B2xMuUhhM9YZLjo7XPjC4tUsnlPCsfbFQDE6VBTrJqJL498WSnRuIeMrpP/TrUBsPuc7kcNRFO3u94m72mKXWDqD+OPNTEJL2v+vgNjQ7sCnL0PO2tU9+s+dCFwSUCGGD/qIAB+pg1kq9PYcPAcPDdzwhfAKDGfsIXd2D94lOHHL6o0oDMra9tPWdSJmdcgKIH3/HYaa360IBDqyL0NB3XrLS6JEjtTDXSapS4WqRU3Gp6XXGYobQnjH6k3X51ylBgdiYcKQ0Rol4uqWr4og19G+0zSUODoeFMtQpFq2G0V43uR++LXr822Y2qVYar1TMaNcRxjTb/1QoQDWbSbj/6mKyvbPm+OMnr033pxCVdntWInq+BSLKpbr246fDYxFD1MT2oZDWRPo56n/cbxtT3xKk/Lw5fkkFdkgY0jZY1tY3qF+DAGB0A9DFjhYNtAACaOED4clGOwNTNxbwtyzVtvLuxEk0O0koKDV2UhiB6QK6NcHNnhn3gMlY5wNblQBpOaEWKHowPjGT89qcfG/N9XOLlPCrrAg/te6IH8PEBugY5usxIgxgNDJLTlLSSRgOEbDblT9cD+/t31/1SJn+73O3Q/evt0WAmDnY0hBh11xGPrN6uTDGKlxJF2xi/jKpevA+lFUG6H52SFG2f3hU4bPllUoWayyXpaG6tpGl2vvL71CCnQbj0MHRplf5Mj0q53Pg+tQpfNGxq1SvIo/cLcGBUwAAAAAB1lpaWcm0vO7J28ampxy7KEfroP1288d7/4cKn3EH1THyaBhbJ8cQaJujXyX4sDz5Yrx6Ia6ChVSU7B+BRyKHLiDR8mahcLjUcvUcb71t7rcSTlOLARvcTV75oOKPhSxxi6LZxyKJ0/zpiWk+rb2yr90G/1/3Gy2n0+0bNhDVIisdTJ0MEXxHkgqLkshsNp/R+B5WKHq2w0bHZ9QGN3v9SqXWwopeZONN4NJTefm0QrE2Ss4P7O7RqdB8PS1TZo0vN2n+/PTkh6tHHxxtuY4xZyFD9AhwYAQyAGtaYZQEAoI9p+FI0Q4umncoXa1/L2M1npQNsyV5yx9Ov+tHtElXBaGVJvJRH+7LE1Se+mW5UuFGlQYGuH0kuGdKlPFo1E4+YVloFoaHL4HDWV5losLGpAUomVdPLRa87CAPfK+bM0Jh8cGe1Wj0R9TqJlsDES5f0tLILBVLuTsTLfjbWt2Socj2tJKtvtKolOZwuGoFdv8wpLWl3/Q8+jAIFX8GTLe6aYJQcn30QGjypleJm0ylSnRQ/5hqk6M/n1LmRPRsTx/R3QIOwdLb59qWiuSIADowlSEAfCwhbAACoUQ1fjHl6r20r4cvM1NRUR5b0nv+1xWVdipQ8TcMIDUy06kTDBA1LtEGtBgPr+SgciPubaCijB+a6TEirHeJmvBpWaDiil3n/7RW/T60e0dNUXM2SDC+06kT3o6HLZqXvjFbexMFOPE5axRUr+qFhgN4GDXiUjpMedgf9Ghzo7dtONO+NgyD9iJdeqfG60ERvny5B0u2TS6T8KOxsuub7wxZX7TxMU9398mOy17cbnhcHQuOPRD+vdsMXpY+PBmHNKnlctHZt6MbCsgA4MAIYAAAAoKKcGp1vK3wRWS5bO9up8CWmS5FcLPJC/L0ejK+4oGVjdSeg0MAlDhtG3AG1hhzJ8EGDFQ1B4uoQDT80TImXA8WNdOPPuoRIg5l7765WA5LklKPtSi8a3xg4N+QrauqX12gYEAc4ya9jWjmj4cGauy9xbxu9LRos6Yc1JnH/GocKDz7c9BU1Mb1fA0NRXxgNSpITl/S+xhOc9D5pyNOqD0wzGjqdPjtSs+yr3kH2u5dmvWPiZVg+NJt4uOqeGtp4txQwJRN4SCxBAlDDbJVozAsA6Euvv3V33tpwdq/tfPgShhe+e+r8shyDj57LzX3wYPVTW4XypDbJnThdO3I47qmiQUY8/UenCa3kN3zQoZfRoCSu2gjLO2OpNaTQJUF6ml5WQ5itSrWFr1LZ2PYVEjqaOg4wdPuYLkeKNZvC02j0tC6F0tBG+9hoOKS3X6sx9HbrsioNULbWi/5z3LxXK170NuhSKT1dqz7i5U5x35lYfUNaPV9vn15PuVJBpMFUOqgNdzQU0gqhgRb9XVKZ5lUmeh1x35r4OpqN3m7EB1DbJV8lFGsUYB2UPoa6fKvVFCjPBtfMjQVeIwIPiQAG6GMlY5ZTUvuCJJViMhIAoP9o+GKsvbjXdscdvig9EP7WX5u55LKNW6OjAzUhhwYLWh0xdmq45iBdAwqt0tADbu31odUsepouQ9KQQMMYrZiI+8lo01kNcLQypnq97np8OKOBRansgx/dvlHIouFHQUdXp4PqaOvx3HD1QF/3selup17H6EQUBumH3iYNHeJeNslAp75PjDbWjUON3MBINOK5QkOOsk5Xctej4Yn2gNFlU3ofoya/I5XwYY9Aw93u5H73yz9mlX3rfctI+0uCqpcZ2N9l9uPD99f9Y9WoWkYfHx1r7kKqmwM03gUOBUuQAAAA0NfeeOvu9V4JX2If+7XFRRvKlfRgbcWJBh8aqqw92JTtws4yFT2Y1gqSuAFvXDUTL4/Ry8ThS8yPmHYH/7qMRytFdGx13B/E2KjBry5j0jCnfpmNhiXaBFhP1/DDV3JUpg3pcp8P7qz526qnr3ywUb2cVrzobdOgR8+Pm/rqPpLLnpIajVv2y6EeGfa3Wb/WkEYrUeJlVXpa/f2NHye9Px++t+YfE+19o8GQ3g+93boUK+6zEm+vp2u4c5SOYhmT8uPLxxo3QNbHa3Nte/nDd1YZOw0cEgIYADXOnz+1LAAA9Ik3vnXnqlh7ea/tuil8iWk/mFRgXkieFi/P0WDjwQeblSU9635Zj6+O2Y4CiOxQxh1471Q96BKgevH45XEXimigEle6aFWLhhcaOsTjqRtVwWjvmWRlRSad8gf18WVi1tRep9629ZWCv726bCq6vTvLgLRqRnu46O0fGs7ImLsO3ac2BE6GIzG/rGo0KxMubGgUutTcljAKO/zEpsTSLA1/4tut1x2Wd4IrPV3vVxySaCjTLDDR0+tDnL1opY+GQvqzjPern/W0uBmvXud2XUClp+ljEi8VaySbTTVtTjwwknEBXPqSNn8WAIeCAAboY+lSaVkAAOhTPnwJZW7vLU1eQvNsN4Uvsewvfu2yEbOoX+sBen01SBwQaJigwUly3LQubTn92KgPNnRyklZ96JIT3U+rgMAvH1prfFCvB/t60K/70EBAK03iA3wNguJlP0pPT6WN6DKqRvT8gcHafikadGiYpLdPq29GXPiiVTl6/7Raxo/frgs/dD/RBKbAXz6uqoken3LN9xpEaUWIPibJvi/JZUh+WVUls9BgSJsO60cyoErS2xNfR1x9lKw60fP1/mw3qPDRn4tWLkW3NfSVQPF+NFjKVKY8aUC0tlr7M9OwLX5M6un1JQOdRoJUcO3Rm7+7KAAODT1gACTR/wUA0Bf2E77YUC48NXX2tnSpdMk8uyWlV134MhmfpsGGhgalSjChhoYy1QoZPfDe8gGJqVZ66Od4dHWpuC3D2l/G7K5u0YqMZNCTrfQo0XAjbnwbipUHH2zUjGfWShdfgeJCGt2n9qRJnq9hSGAC3ydGl8bEY6WTzXzjCUnxfdBWMXqO3le93PDIQMOKDt1PvExIz9elSUp73OhtSE5tqu81U7k2X0ET+n45tVUjjapqkufrY6KPtYZd/vEaqg2VNLTSkERvo96u5GXjiVZxUJJccpasLmrUx0YDpJI7LdNgapQPnmyL0dxWlgd+8WtzAuBQEcAA2GEIYAAAJ1/74YsLEsLipe+aerxrwxelTXk3L89eGBzK3CoWS5M6vSg+OI9DlUCrSUaiA/Ro7PRaw94pWpmxubktaQ1vimUfomiVh04XSmdTMuT2oVUpWlWjwYteVzzVJxmOxDSsGDs14IMePdiP+73obdDpPulM1gcP2jhYQ4o4HPHbVprsakPe+P7o/oJ0yYdKGjgEbr9xuBJXhSRpiLO6UthVeRN/1pBir2VJSkdcqzPnxypVNq2b4+r9SWfSPkAZHMvWLLOKm9vq9CYNf+Lqmkwm2BWIxA2D9XHQ2xqfrz9TDXJa3Ya48qcRDb+Sy5mS1+u+Xw7D1AUBcOgIYIA+pv1e3nl/ZecEawhgAAAn2n7ClyAMLz059fiC9IChGwvLGsKk0vZVG4Y5XZ6jYYUGKlpNEosrX+rDFz0A19HSWv0RV4Akm+NqSBCPtNbgQ8OX+vHLejndd3JZy/D4oA9fNJzRoCTZSFdDCuOCnWQD20ZLYjTw0ABI9x9XemiIES/10f3E96GeVshokGR38hd/e/R2aFiTfGxaiQKL0C8J0uU7GpxogKKVRv9re3fT1Ma27gn+WStTgN9FlQ3G9ralqI13ndER3XW7zmyL+gKGaU8MnwDcET1GjLsjwBE16gl40lPj6Hkhz27duhWwR+ds4xOSbQwGfC4y4G2QMtfq9axUipSQQNjYEuj/i7BBUuoFCYlc/1zrebpqlklx6MWBDQdXXFSYn7vo7BReGhT+TG6s+8S20nx953Lws/IypKBblGt+tm8rzMvPFy972jHPPz8WDnr4PK9IT67814U8AcCZQw0YAIhCAAMAABfW399tTpwmfPkPyYF5Okc4hDGJxnBh63OBa4XUq4fCM19qO/aEHY5ql95wUMAD8uvxS/ayMEjhfxy++KVgiVDIdh6KX6qc5iU74XW4bku4rQ1vXG7P3F1VW8XWR/n3h7VUOLwI7R8c3g/fXljfJHycwf1dOhLC8AwZ7tjEzwPfL89I4dkk0QLCjAMdDlaiPw/7tw+79rww9OAaMVzvhQMsW4fmH8Fzyc8117jh5UT8M/HME+7kFH1uQhz82E5PkdCFr1d737X4NQ3rtnC409XT+Fg63x6HcCfxywWDbdFhxQvHaPrKf/3/zkXoCHAeYQYMQKfjZUea4gQAAHCBvV7dfKx8PdvUxoqmz1v4Eur6vxaWV//39LAQtGgG1nEOJ8Jishwy1Ft2ROU6L2ExWA4COBzgGRH24nKoEa2jwgFAWBCWb5cDmiDEOAx3DmvLHN4nz1rhrkrRoORa7yU6+KNoZ5JEQwXehuumhMtvah8DBxl8XQ47uCiwEA06OZlQp2TCIt4+en1+fDFyKq2ko48zXMrEs1xqlyjxaZ4txCFHWP/my+cDE2Zo+1g50ArDFQ6pfN8/Mkumtg7McW2x+THz88aP6d+VZ6mcyC/3Ca/BrzHPCArvix9neHuu4zzt+r9R9wXge0IAAwA868UGMELrPAEAAFwwHL5oX883tbEJXwaT/Rk6x+79v1kbwvT0OIsmuKgcZDmo02WHl+Actnf2K7MweEYH13rhwfrBfqlqNgoLwxd7vSJ/320DiWiI8cWEKkHNGBPW9ARLZq7cODpLhYMF/sfX5xkevNzHFvQ1oUZ3pJ5NbfclVV6CE16/EZ6tEy6X4u1kOXAKQ4jaJVlcNJdn2fDlHMDwLBoOUv4w9919KQiJOHAKZ8XY270UBDK1j+PTP4Jgx40dVBX6rRVeL5y1VFkGVjicqROENIfLvnhbx5V1Z8Jcidev/cI/G9ef4dvh57ly31r/xh21CAC+KyxBAgAAAIAL61VuM9VJ4UuIQ5jrN68N2xbaZdFCtBUmHOBwgWeF8GA+Go7wrBCeEVN31kwZb89LieotoeGOROE2HPTcMAN+DnO+fD7aFpkDD3584aQNvt+whXIYQNhlR5HOPbUtqqM/Jz/2RoLitYehRThTJ3o6nCmzUwiW8ex++mLPi7Z65tsJHwsHJlygl2fkMA46bJem8tOpmizXws8DByTh0jEpDl8Pfu7Cn4+XRvFzVNt6mh8jh1hcK6aesG6OitaP0ZT3fWeEAOC7wwwYgE5nC+8Gf4TNH+M3BAAAcEFw+CIkLTa18QUKX0K8HKn4f44Mmz/z5jnQce7Gw7VUwtopFncR+hy0QOZAgZcd+UXfzgqp1GzpCtou+8XDmilh0V7urMR1Xj5FCvbyzBCetcIhB4cEvMyF2z0HLa91EEz4wSwP/p4DBw4seIbHv7991YY5UWFYwNfn5T3hYwrDhFDY3YmzC14a1Gj5T9Vt21k1QSBkC+p2uXavKPzZw/iDwx5lgpmr147OLLFLhKSomokS1lXhWSYcIJ3UacnW1XGcSoATBjt82jWPj58TDrrC++PnkX/+G//uSqWjFP+c/Bpx+MIzl/h14J+NZ7iEtxcuOao8Hhu+yGFbPwgAvjsEMACdLqgBAwAAcKEchi/65DpnFzB8CXEI82VyZMhx9KIJOBIcCNjAwQzauy8HM0F4iVDPlRgVTVDwxQQBHHLw+cWiZ7sHhfVMODDhUIGXEl3tDQrsstpCvxwU8PV5lgYHBRys2Nojke3CUIWL83JYwMLlNWEgUvkZTNjC3XqiIQ8/xtqiwRwshbN1eOkTd/fh2/73t127jCi6HRfjZRxG8PeXLnVV3R7PPPE8ny6bwOXj+q49zT+T61Z3fuLnI6wpc+vu9cPHF1kCFHYwstubx1P4tz/s0qYwTApm7PxhHwvPouHTXECXnzMOWPhx2bCpHFbx4+DFQxx+ca4SthSP35T2fvm15CVXvEyMA7DgNTks+FtZJoXwBeCHQwADABVCowsSNGclt54mR06Y/efUcdsJIfJ0AewfHCSEqK5ZYAYg6ZW3m80dWW9ruiAILejPE+37F3q2oiYRl468Qd/IfD6NNBW+GMIRD16/3ZyjFjPRQYK+g1Xzz93eJPfzv1WdH12ko1SwFIntxqSd0RH6R53b3K85HS4T4s/KT12SPkXOO6hz/ZIJRD6bUMErBvfJoY5n7nePqPI4Qh/M+RyaRNsuF7l9ddfRagp8n/wY/q0ruG2+zlakbkr4c0Zrqdifufwv3Cb8+T/zsqjIEqxd87idyMyb8Pb4PjfMffJpDk4ct36lB798exzZ7JUfQ/S53+CZO5H75NfIKb8e4c8jy49ht+a6H2tet/Ayfl536hTu9a78O/J6++ZW/o//h84b85M9i/mUTSYH8gRwjiCAAehw2ldvwmmpSmIQBscLghdnyuwBpnmkcGIfBq0TdAHYXVt9ZKpYgr7TYOlH05gGd77Ii13Cjz9XtP6xv5Pm/sbogvPit+y/Zvj0bbwmtuH7KNU5r9G2p70f74Trf+3PWO9x17vP4xtKH97W15zX6DGc9vkj/ht2Tv9OC5Jpz3wUmuB03vH9aQQxcF4ggAGACsyAgUaqgxcM1gEAAKD1ODz1pUyvvNuadz3vGYIYaHfoggTQ4bQ4DF0wAwZqcfBil9lIuWjDFwAAAIA2YpfuKZUxQcyiCWKmcrn1BAG0KQQwAB0Os16gHgQvAAAAcJ4giIHzAEuQAKDC9bw8QUc7zVIjc2lekH5KSi8TwMWQJulMNFu4FQAA2k8kiBnD0iRoNwhgADqcFCKPih5w2uCFhJp+eH9gngAugNe5jRHtiIlgttfZfCJqrV8KrTMuv19apEROXJDfMWGSJidBHURIFTcBOMJC6CC8VF7HtZSPRRNF8BHEQDtCAAMAFQMDvXmCjoLgBTrZq9z6mJRySgedQE7Y2uz4K/+pfR+Y65y08y+E+NX8m/OkxE4/AMDZyvDndzOfxSwaxLx6u479GGipEzuIAnxPax93j9SXUJrG7/Vdnyf4IdY3d8a0oDn+/s6t6/hM6BBVwcsJELzARZLL5eKee3XC/LGZbGapUfj7H/P3F5LJZKVm1ml2/s02eY0gBgDgzJ3mszjEn8kK+zXQIhhsQUshgGm9d1u7aYf0ovm2YAKYXoILDcELdKrTBi/mPZLVUj876fcfQQwAQOshiIHzAgEMtBQCmNarBDCC8nduXk8SXEgIXqBTfU3wYv5NDyYHsnQKCGIAAFoPQQy0OwQw0FIIYFpvdXMvJYVaQgBzMSF4gU71o4KXWqcNYrDTDwBw9hDEQLtCAAMthQCm9dbXtxPadXLm4yB759a1YYILAcELdKpcbj1RIpkRUjz6kcFLLQQxAACtt5Jbm9TSmUAQA+0CAQy0FAKY1kMAc7EgeIFOxb/7muSYkPS4qStoWiCtnp518FILQQwAQGv91QTzLtFYs+2rQ/hMhu8BAQy0FAKY1sttb8e7PWcbAcz5huAFOtVpfveZEDRf8tX0n35w7RUOYoTjPG7mcWKnHwDg7CGIgXaAAAZaCgFMe1jb2tFC0/xA3/VxgnMFwQt0qtMFL6JAyn/q0v5stJV0K5zmcWOnHwDg7CGIgVZCAAMthQCmPSCAOX8QvECnOq/BSy0EMQAArcVBTIzEpJZi4jTXw2cyfAsEMNBSCGDaw9rHnW2haAEBTPtD8AKd6nVuY0Q7Zif5nAcvtRDEAAC0Fgcxji3e3mQNsTJ8JsPXQAADLYUApj2YACanlH5xr+/GJEFbQvACnYprp0gpp3RT08TPT/BS6zRFhLHTDwBw9hDEwI+AAAZaCgFMe+AARvv62d3+GxmCtnJRllsAnEYul4t77tUJ8wdhsplW0mHoGPP3F8777/5pBgDY6QcAOHsIYuB7QgADLYUApj0ggGk/CF6gE502eDHvj6yW+tlF3NlFEAMA0FoIYuB7QAADLYUApj0ggGkfCF6gE31N8GL+TQ8mB7J0wSGIAQBoLQQxcJYQwEBLIYBpD/w6aF+9RADTOgheoBMheGkeghgAgNZCEANnAQEMtBQCmPaAAKZ1ELxAJ8qZndiS3YkVjxC8nA6CGACA1kIQA98CAQy0FAKY9oAA5sdD8AKd6DSdfiwELw0hiAEAaK2vDWLMp/IyKfFkMHkrS9BxEMBASyGAaQ/r69uJ/X0qJJO9GNx/ZwheoBOd7vfe/OYLmi/5avpPyYE8wbEQxAAAtNZXBzFCZMkX0whiOgsCGGgpBDDQKRC8QCfC7/2PgyAGAKC1EMRAMxDAQEshgIGLDgNQ6ET4vW8dBDEAAK2FIAaOgwAGWgoBDFxUGIBCJ3qd2xjRjpjA733rIYgBAGit0y6/rUAQc6EhgIGWQgADFw2CF+hEr3LrY1LKKU2UOHlr/N7/SAhiAABa61uCGNf3x5Ooh3ahIICBlkIAAxcFghfoNLlcLu65VyfMh/ZkM62kTTiTF6SfuurLPH7vf7wwiCFJv4oTgjIEMQAAZ+9rgxghxLzj+9MIYi4GBDDQUghg4LxD8AKd5rTBC7eS1lI/w2C+PXAQ4xKNaSkfI4gBAPjxeN/RfAbPiaZmjR5CEHMxIICBlkIAA+fVCoIX6DBfE7yYf9ODyYEsQdtBEAMA0Fq8fJeknEIQ01kQwEBLIYCB8wbBC3QaBC8XG4IYAIDWQhDTWRDAQEshgIHzAsELdJqcGZiXbPFW8QjBy8WHIAYAoLUQxHQGBDDQUghgoN0heIFOw7/zmuRYM11zLAQvF06zgwAEMQAAZw9BzMWGAAZaCgEMtCsEL9BpVk7ZnUEImi/5avpP2NG7sBDEAAC0DoKYiwkBDLQUAhhoNwheoNPgdx5OgiAGAKB1EMRcLAhgoKUQwEC7wCAUOg1+5+G0EMQAALQOgpiLAQEMtBQCGGg1DEKh07zObYxoR0zgdx6+FoIYAIDWQRBzviGAgZZCAAOtguAFOg3vsEmzw6ab2mHD7zycDEEMAEDrIIg5nxDAQEshgIEfDcELdJJcLhf33KsT5oN1splW0iacyQvST131ZR6/89AsBDEAAK2DIOZ8QQADLYUABn4UBC/QSU4bvHAraS31MwyM4VsgiAEAaB0EMecDAhhoKQQw8L0heIFO8jXBi/k3PZgcyBLAGUEQAwDQOghi2hsCGGgpBDDwvSB4gU6C4AXaEYIYAIDWQRDTnhDAQEshgIGzhuAFOkkut54okcwIKR4heIF2hSAGAKA1/mr2E1yiMS3l49MEMfx5bK4z73reMwQxZwsBDLQUAhg4KwheoJPw77smOSYkPW7qCgheoA0giAEAaA0EMe0DAQy0FAIY+FY8A8BznDkEL9AJThc08jRimi/5avpP2GmCNsJBjHCcxyf9HiOIAQA4WwhiWg8BDLQUAhj4WodLL5qZAYDgBc43zPCCi6jZ32sEMQAAZwtBTOsggIGWQgADp4XgBToJgpf2ZQsfO5fntF+afpi8t0zw1RDEAAC0BgcxMRKTWoqJ01wvDGIGf7o1TXAqCGCgpRDAQLMQvEAnQfDS/l7nPszaHVYhsoP3+4YJvhn/3gtHTmhNI8dthyAGoDNw0E3U07DAfIn8uKDukwvQG5p0gr6BID9BX0mTiEtH3qD2ltBNLm+Owufx6SGAgZZCAAMnOV3wEhLL5tMNA1E4nzSlmupohOClpVbeboZ/vwqDD/p7Cc4MH5F1mvjcx44/wPfH+2Hh9x659ntFygQfovJ3KhpOCMd5EL2+rlneYgb5idr7CG5LNxWkQHvC53HzEMBASyGAgZO8frOR06dYmwpw0Zn3Q16QfuqqL/MIXlon+tnkKZVEoeOzhyAGoDnRmSLRWSHRWR9hSBKdjaFt6BEEKdFgRGC/C77esjkoMUTQEAIYaCkEMHAcuwxDykUCANtKWkv9DIPM9rDyZkOH3ytFo78k+xcIvgsEMXBeRWePhMJZJKzZmSSVA1Fax833ke0RlEAbUnJ4MHkrS1CXSwAAbcolv+CRJICOZoIX8296MDmQJWgLudx23KNi5bQwgyiC76Y8u2jMBDGZ44IYHqQKLedW3m4+Vr5+ilAMzsLf321yXaJUdDZu7TKaRktovLq3qCrfBXs4OnLZ4T6PuY+618bRc2h3Cn8Tj4WRDQC0rSR3FlEK1dWhM3HwotTwYOL2MMKX9rJP+1U7l3wUeiX3YTJYBgDfCwcxD5P9Y7zkSyt61nBDrdNS0nNeJvbq7foYAXwDpWjMhCFjdsZ2+R+/56P/UL8E4JAJYNAZ8BgIUaGlsAQJmsFLkTQ5CYK2IUmljrQs1LRMWj0h+GYuUT6JmiJtq3Z5pFb66cPk7UmCH+o0S5O0UkcCG/N3Jd/4OqLhZZoOCjFy6tZfwvu28xzXqcc7ZolQvf2aep12hCNritqKqm3M50/ltBAoZgstpmh6MNmfIWgIS5AAoO3h6H/rrK9/SVDMnxKKlm/3XX0anm8HoFQTwJAo4LWCTiQdYQta8vsC74Ef5+jSJPGo3uDTLh2Rcqr2fEH6mFtvfJmgWIOlJbY2EDUmCpp03eDGDJzzja+nC4K7njW61PffUDOkuX8lT1W4+7ggqlan1nwoF0Nv9LzmqYWqi/M6cRPwROrHyLhqUH/Gnj4h+DFHTKvq0djrCNSkOZ/MZ4PWp/xsoIIJv5e1r56Z342R4Dy9gL+BJ0MAAwDQod6t76ZdcvMDA5fyjbbRMW+OZ6lp85d2dXPnE2anARzFg5BXudUUdjxbIxLEJMyO7ZiW8nF7FifVZgBM9Wcn1GnNW3XxcWGRbL6igJCaTqf57V+/3Zz/+X7fOEHbOCEc+mGOmyVUGwx9LUWUlrVBqzYBgRZPqY2YnzVPX8k9VaC3X/iBnRKzBE1DAAMA0IFWN/dSUqhFrYovzMmRhhtGlgg6RL+aL/ME0OF0UPchesaIkLERE8IMPeTaVTUwM+bHKAcxGRPEzLd3EHMx2TopRAhg4IgfEQS9qtNximd2PEz2zRNAG0EAAwDQge71XV1+v/VpWohgh6jRbBgl9FOpxYQZYObJ9ysFkbsv9UwdHBQJAGwgk5eClr06dUGCjkkHKcIRwh8mGsSY4DgtHMfWiOFaGTxtnpfi0DkVrffRjB+6JEQRiuYDAJwAAQwAQIe6e+tGJvxeSj1JTmmbao5e3rt5Y9IMIDPJZG/VgMX31UvzJU0AQEKL/M8P+kbrXVZ+78wS/HDlIGaeMHPv1I5bMhKFosMAAKeDAAYA4ALjpUZC6DmtxTjPeqm3jS20q/Yn9/+gBl09eo+c7xWL2XpFLQE6gYgUrmRaELqOwIXSLrVDAAAumuardgEAwLnjkEoJ0imh/YZ1XnSstKiFHAmDlvV/7E6tfdzJrW/tVgIWDmnMedtrHz5NEkDHq+60I9H2FQAAAJqAGTAAABfYQNC1aP64bQ52/aHoaeWppJAioYPivHZN/37PfqHbc/PmSH+eAOCb8PKOIl1Od5FaxhIOAACAzoEABgCgw9UuMZJKZRTJvFT+fGWbXrvNEAHAN/Po0piUNOMJJ2tODhMAAAB0BCxBAgAA693Wbpq/Dgz05u/238jwVz69/nHv8fut3SVbKwYAjtB0uhowg8nbs0LRqOf7aNkLAADQQRDAAAAAvf24M+KQXgxDmCit9STXkfGdIuq/ANTXMIB5/WYj97fchyPvnZ+T/Qt/wvIjAACAjoIABgCgw7zd2BnJbW9XDRjv37y+ILxY8qdb17K122tSL0iIhS5S8wQAp6KVeiZJZgkAAAA6HmrAAAB0EJ7h4pB+LksOL32Yj142MHApX+86d2/dyBAANCWXW094jpxRPj37Jdm/MJgcyBAAAAAAYQYMANTBsyPWtnaf186SgPOPZ7j4JIYd38+ur28n+LzVzb0Uv96rmztj0W1zOR3nfwQAJ+LORvzVI0qQ5g5iKkUAAAAAEZgBAwBHcMcbMyifLne+gQumdpmRFHqOSKekEAmKzIrpvra7xF9NMDOtNBXu919fIADgorsJUXPePvVwAFMYTA5kX+U2h35JDiwfdxt/f7c5oTzdO5jszxAAAAB0BMyAAYC67vVdXSboDFo9C76oFzWXxM1IMyEFzbmSnoczZgDgeA+Tfcu8FOm4bZSiMbMXNhXOnAEAAICLDwEMAECHu9N3Y/bOreuCW0/zaW43/X5zZ96EL4cDQ035sC31h3/sTfRc6pkhAKjr9dut556UdbsfhTzlj2olhpLJJGYaAgAAdAgsQQKAE62u7qUcxyk0KtIKFweHLzpWWhJB+FJQWg6TVKnSnl9ZfqS0MoNKkSAAqHDIPwwsff8NSUGOkI/MqVk+ayW3njY7XflkufU0WlADAAB0HgQwAHAsXnaiXbVE2rYgHie40LRTHCEtygNJkS8vRatejqb0U/M/ZsAARAjqrgQwDnVnSuqAz53n03/l5UhSLvrC1ljC5ygAAECHwhIkADgWLztR2gy4fX+a4Nx4v/Fp/mtqtghfLfByI/NtIawNU4uXLO1/+TJMAFBXMtlbeJi8Pcm1YPg0z3bRSo0rXzwlAAAA6FiYAQMAJ7rXd2OS4Fy5239jrN7577Z20w6JR3duXX1S7/JynZckAcBXCwrr9sSTkWVGD5MD8wQAAAAdDTNgAAA6iOt5eU+ol40uz+V0nP8RAJyKJi8Rfu/Ly0uelEvocAQAAABRCGAAOhzPiFj78OnUM1xWN/dSX3M9aA0OVdY2+fXqofs3ry9EL7NdjzZ2M/x91+Xd+e6re89rr8+dj9a29lD3BaABKeXUytutmVxuO66JEuaseJEup5u57qvcaooAAADgwkMAA9Dhfrp1LXvwxRbYrVjf3Bl7/3Fv7rjrcXHWO7dvzBKcCz1XdkdIiBklS0cGep7rJYSjH+e2t+NKilmfqKreD4d0SinzWqvJ9xs7IwQAR2gScUEqzvVfPKWSQtGoIJE/KVx5lVsfEzK29Ort+hgBAADAhYYaMABgC0ZGT2vSca38T81cl2dPoD11+xvouz6/urm3fK//6nLtZRzC0WHdl2zt5a7WCS0IAI6j1PTPyds2lC63mM6v5NYmScQem++HGl1NkixoTcu+OvreAwAAgIsFAQxAh+MAxXf8eLndsMVdbhptz0tZkklRCWz29/cLBOdC9DU+DSV0whzJJ22O6N/tr16+BACho7WTBpN3+LP02JmCPyf7+T2F9xUAAEAHwBIkgA7Hs1eE8Ed4+clJ23Jb467LO5O87drW7vP1rd2p2tkzDEVcz6+wVsz7jU+Zt+XlRndv3cgIL5ZE+AIAAAAA8PUQwAAAFV3VVC0XblF8t/9Gxp7QOqWJ6tYDiV3ZyXBYQ3BuvFvfTXOw1n1t7znXihFSTLmSnpugbYkvxzIzgJNxvZdGnY/4/Ga7Iq28+TCJDkoAAAAXDwIYAKBkb2+B//H3XIB37eNO7rgZMbyt8P3hgz1vuN7l9/puTHJYQ9DWojOVdKz8vVIvotsofbRlNXdE6r7UM0EAcEg6E1xM15OXcyu5rXR4Ngcpr3KbY75zdY4vOylYydmivWJmn3oQwAAAAFwwqAEDAFV8ksuS9HIYyDSCgOV8e/txZ8TVu8/N11FuSx1pTT27vr69UIo5KZPQxx2vK7tqQrl7fdfnw+uaUGZSkEgQAERUAs24cBQX3s3yCV9eXhKkE1pre6FHV1NEjQvuJpP3uFYTyl4DAABcQAhgAMDiYrxaFEfu9F3l5UijfB63HBZS/Hrn1rUnBBeK7/hZ6TvjHLzwTBj36l6q3A0pDNfy4ba53HZV7RczkHxmvkwRAFQx743fSFPWI22XdZr3TtyjUpx7y9nLFT17mLyVDbfP5dYTyaBjEgAAAHQALEECAEs7xRElKRE9TwqKmxHDGzoDKMzbOmtbuzPm32L0PJ7hdO+mbU2d6r62m3NIL/J2HMTVXr+20LL0uuZJaHS/AqghtF54mLw9WW5Dbd87nvKHtBJDrvqj92Gyf6z6GugiBwAA0EkwAwYArHqtpwciy05CXP/D89Wne3UuO44Z5C+tfdwhpeTo17ZDhq8jPO9pw8u0ypiD8+VwTE9q10tQeQYU40BGud5zX+jpcJmSksUx0gKBGkCUpmWX9sszX3JxXmo0mLyV/VPNDBcu1PswWGZkApokAhgAAIAOghkwANC0d1u7aaXUrBQ010zb6iihaNr8v+z4JQw4fjBeUtSoZs/d/usjSsshJWicW03fuXVtNHq5ZwIZQTolFVVebyEIryHAEaJwGKjEEiTV4itbUPfQ69zGCBfqXcmhyxEAAEAnwgwYgA7HQUqs5Iw4fix7UqthoYUZXOi8GYHnGxXp5RkTvuNNlmJeJrpNeTbNPEHbKc9IqjsrievCmNc06Zjv32/tLvFMGFKaAKAxLqT7Krc5FM50CTnUlS2pg6cm1Fzm4ryv32yQo9Qw6sAAAAB0BsyAAehwNiSROqVlcfakbXmgfqfvOs+SGG60TSlWSglBv/bsE47utimux1Ov1kvU6upe5cg91wfSbikniAqxkr+sBV5bgFr8vniV25j/PffBLtV7mOxb5pbSf3+3WWnZzjVhuEaMS37BxJgJ/ueRGCEAAADoCAhgAIDu3bwxefCHGqt32drmp0me+XDckiPulsStivl7rhNy99a1IbSpbl/d1/aem0BliUOY1c3d2fC1C3GLatmtlmrOLwjPG+fXtegqE9bpLAFAhSQdNztVC7LcAYnxTJj/8FPfkRpMfD53RDJh9YJHeoEAAACgI2AJEgBQ2IbYfF1OJkUhPC/8nmc+HHd9IcUU1wkxIc1Co6VJ0D6UEk9MgJIipzgphbBH503YQmFhZW5R7fruguN5WT5dLtB8OKg0r3Hu/T9emm/TBAAVPyf7G4YpQc2Xnni43OhoR6Sjfs+9H5HUVRiMtK4GAACA8wszYACAYld2MtyGuPvyzjyffr/5ab776m6OZ73w4JuXHB0XrAjPG/VJDJ8Uvrzd2Bk5bfFeOHu8lOxoFytdWXLEr+Odm9dGj5vF5BWLWQKApvl0KeNJmastzBvigOb33EbVcqQuKmYRvgAAAFwcCGAAgD8I8vxVRwuxaio0W8eFB+pcrPW4bXhZiyvpefeBHCNoC47PS4nEsrbdqVRVDaD19e3E2sed7dXNT5XzOUA7qXYMQKcyn5+Vz8tXuc2xXG49sfKGux2tJ4JzRZaXHNUW5g158tK8uXwm2h0JbaoBAAAuFixBAuhwq5t7KV/oZROgiPC8u303xvgrL0PiYqz37l2tGjC8W99NC18UwvN5UK5db858WzhwvfF6M2F4WYtTlNNSK9Q7aBPlGS5D9S7b76FCty8q3ZG4FhCZwaGWdlnSMAFALRucrOTW0yT1nEe81E/M+I74szl7vLw8qeHn3+CD2yjGCwAAcMFhBgxAhyvFSnmpdN2ZLrw0yRZjXd2uTJnnwMZx9WL0fM/1Eub4b9r8G3E9t7ItBzjh9xzK3O2/kUFx3tbiWSzR0xym1ZvVUl6GNHx0qRI6IAEcZzA5kPWUSrrqy7xWarzkq+nwsle5zZQJaDKHs2IAAACgk2AGDECHK89WqXtUVgu5QIIeOM5hEV4ObLo9h+fb58PzefnR6sdPT6WWfw6XIr3f+pQRtDu1vr6dROjy461v7owpTSb0ul55bbn+jiyJNJVf72DmUmlRi1LeXDYUzlwqz2iaEUTLA7eu2cEj1wIyr+XC/j5hSQTACf5ULrRrzIfncfgipX6uSSY8IX4lzCQDaCv/6T+nJ4nEo5O2c4Ue/+d/zuarrzu82Pgaevlf/3v2yUn3Fb3dVCodd7vF89pbklq8/Jd/+W+Z8HSj7UJC6Gf/45+z8+Hpf/pLekxr8fi426z32KK380//lE5pKWbq3p/ST/7H/8jWXWYJAAEEMABAudx2PJnsLXA7aSHFBPnqxZ3bN2bLYUo2ui0P0lc3t4dKnynP1wnP51bW0e2EGfybv9hZXspC8MMNHJ25EoZtldfJd/y4nQapKVGu91M4PF+PaBIJc9IGMHapWpFrUlzN82m3qyvteR7B2eL6H99S9yOsH/Ktt4HaI1/nuOdOkEqX31OkNWaSAbQbLShl9l3S9HXSjS8Sp76vnh6Ke3Uu11Llm9musj3Ry5rTidrHWnub9R5b9Ha0Yz6/GtynvQwAjoUABgAoDFKkoLgmnRauyB+3/b2+3hOPbtS2LobW4UK6QotsdDYM425IHKZp4cZ/isxS4vPfbe0Oe3te5XWWQs9Rt+2UZPckbRckKacIjuAlJuQ4v2rynz28PzB/0vY8aPfkpTES8pHZkU69frNhw0vti2fNdMCx16eelHCcx+b6I2YXOL7ydjNLWr3Qyss2KvoavX6JroxIh341wcBISfl8pHae4NT2qacSZNYaTN6efZXbzJpwM+HS52z0spXch0mXvsxHw5vgdYklTnr9AAAA4PxAAANwSul0Op7NZi/k0WGeNfH2407B3/Wz0fM//GNvwld6TPjqGc+Mqb2enTnj0IwgmRm4efUZQVu511c9O6n6svphWm1XK6XFeLRVNZxAmyCTZNqEKVMcpii/+DQ6kOYaIJ7rPubtPM31k+x1gi9cZ0frMZJ6zFw/X//6R0MXXb5+eP8mK0sLGaPwNnxfv+iiP7J8MV9XkxgxydojzxwRFeZeo1eHr2N2qhImgEtwHZh6lz9M9lUKW0d5pBcGj8ycMWGOQ6l62wMAAMD5hAAG4BT+8pd04vMXsfif/rf/Mv+v//LfpukC8nevZd2re7zTnw3PU1plBA8KHZGg8qwWrhOiZHGs2KVmqUhjvIxFC5UxFyGAOWfCYsnJpDgSLPLSI6n89EGsNJ/s7cVA8JTsdG8TppggZGzlzcayVvplGHqQUqe6PgcpJiZ5qhUlPCkfHwldTrgNKWnMo8vmHH6ddVwQnDUt5ZxWij8Ds3zaBm2OnCEhlwd/utXwb0akZkxFMjhvngAAAODCQBckgCZx+OJrsWgHM0Jn/tf//F/m6ILgQTZ/5VCl+9puziG9+P7j3uHPp7QdOAguylumnSLXi5nqKjppM0CfVFo/Nds9jXY+amRta3ep6vbhu+PXlovwHjn/495jfs27r+5ur334dGSmjND+pAneZmIlZyQ8jzsnuU4sQXBaKa6xJII1+KcWrN0XM7ZOE538PjvmlrBG/3tRpdFfkgMZ/paL7vqOO0M8Q0mpzMqbzSUOZFbebU29frs5F9brAQAAgM6BAAagCVXhS5kgPXaRQpi1rb0ZntFC5eKQQqux8DKu53Kw5/cO3Lw6Hj3PEzTKdUW4yxEvc+HzeCC/urkz1uh+bAggdEJoLGf5kbiwbrnQbhWt9WT4mpugZaq2TbU0A0ez0RNbVDk8T+pJt8tFgAYdy4RgdcMTQd32fC5sbjseaRV5P+lUiSjDYYx5340V6XI6vITDGgIAAIALDwEMwAnqhS+hixLCcNFVpdVvWjgL3F6az7MzWiKiHY9C929WF3VlHNSUPvsLDe7KduI52PWTB3seWrD+QPwa120HLqoKhsZdSc/XtnYr7TT5OhysRQv48ownQZQngE4l5I3jLt6n/XjV3wylps2/4RjtT/JXrcS4JFV49XZ9jC+O0ed8uCnPjPk9tzFy3O2/ym3M/577sEAAAABwrqAGDMAx/umf0ikTvjzXxywZKIcw9D//+38bp3Ps3mHb4iQvV7k3cCkfvXx9c2fM80X+p4Hq4qy16gU1X7MN/Bii5I0rKcfML3JCCPE4OLdcFJbKy43IzQ9Efh84lFnJrY+TlIsEAEdwTZdX5j3CRZK1r357WF6WVJY1l43x+0eYPy5/za1nk5EaMFwgWZog9FVudahRBySfVMZxvrpdLgAAALQIZsAANMDhixb1Z77UukjLkXj5UEmWqqbDv/24M6IFzTkuzdB3wHVjOPQhOHP8vK5u7s7Wq//COEy5238jU4ypSa31M/PLnOclR/a6/9idcly9qGWxUnh5bWv3OS9XIwA4lgld5gfv9w3H6EtmJbeVrrk4PF0IwprNVDgbhjsoeUolY1TKN7ptvk4zLc4BAACgvWAGDEAdYfhiBqNNF0k8rzNhOPxwLu+mYyq2TE4pzUGLFERrH3fyohQb5pkPsZK/rGPugqu8qi4etv20FBPKDNwjM2gs2z1H6Dlq0Lo6qvva3nNzlPiT+fbYafdwevs9+4Vu333A9V9MuDbi+LHsQM3sJsZLw8yXseh5ytdJwa1yZLDcQse8uaC9saaunp5CsVgkAIhw1ARFOsgxz7nynLRKmxDGLrscTN7KiqC7Ec84i7/KraaE5FpL8pH5fplnvdTrigQAAADnH2bAANT4mvAlFM6ESaXT56a7hRlH27of2i3ltIzMcOG20uWZD7YOyM1ro3191W2IhWO7saRNYDMXzrDgUMaEN9tSqCUuOkmOfHTSY+BlMG7QwhrOGAcr/NqVYk6KXycdKy2Z1yfXzCyWu33Xx3wSwwd73qg9Qx8uTZJCZAgAqmkaCWeyMBuu+Pqp5ppJUi3yv5Xch8lwlou5whMOXDylJ8PvCQAAAC4sBDAAEd8SvoQ4hHG/iMXzEsLYwqxhIVZ9/M/Ns1reb+xmKmco9cIuWSGRLc+g4BsZid4Oz46hJh5DbbgDZ0tocfgaa15Wpyabud5Pt65lw5o9mnRlBpT5Pc8TAFTRWv9GWk7x99wJScjYkqJSPqa6hirbONq+n3iWy+CD27O136/k1tN1liwBAADABYAABqDsLMKXiNR5CmG0Ty+Db8L6H2KZQxWhagfp/piQeiqc7cLdce7cvJ68c+tapaMRty3WygzUze3w7InapUnvtnbTBD8cByl3bl0Xwosl+XXRmn4LXwuu8cOzYtbXtxONrs/hmyD5a3haowsSwFFazz580J8MThRs9yOe1cIhplA0ahLpJ8fVbsnlVlO2uLVUi9GZNAAAAHAxoAYMAJ15+BIKQ5jh5Wy2rbv+CKGz5v9HUoiF27eu81HYSs0WLryqXW9OEGW1FNoMKKjHc7nOwXS92yq3Os40ui8OAghaplz/Jb/68VPWUZqLLWelkuY8RXXbVJc5fqngO/I3IeilIDFlfmlSBAB18ewXTxa3+XsTpNiCuT8n+4+0jX6V+zD7MHl7kme9mPja/Osyn70l8/dCf9PfIr49RTL+S537BAAAgNZBAAMd73/7S/qxUmL2jMOX0LkIYXwhlx1eYKKP7vQrp5Qx4Utac9cOpe15ZssM1QQw7zd2FoQUuTu3rj0haHv3bt6ozG6613eVl38lw9NcmNm9upeKhmXlcCa8Tub1240R8/U5AUADwbI/368uypvLrSdK5KRj5GeTJnzh8zQ5BeHQjeT93sJfc+tDDjnxh8mBr16W6ZmQ1eXloAAAANBWsAQJOpoNX7SY/07hS6jtlyO5QjzwBI2akcKRWS2+pAUSImv+VR1JXfvwqWp5khaSlx69bHQfXJz3/dbuEi9lIWhr3dd2l0wgt/h+41Om0TbaV209qwugFQSJOAcsHu1PkvKfmrPyPbRf9V4x4Qgv5ZzznaBWDHuY7FsevN9nw2vbYtqcpm9ga8okb88SAAAAtBUEMNCxKuHLj9HWIYwmleFW0zzLgWc/vDVhSVgf5P7N6wt3bl4b5k46QtN4pWCvI6Y4TFn/uGc7IPEsirv91xtOdxdSTAnSKSkVZk38AGtbu4vNdDqqZev7qOB76YgHBACnoOOe48yRNOEK/yOdKFEsUbWFrZ8kCsoXTzmsWXmzuf233IemimIzvg4BAADAuYQABjrSDw5fQjaE+ctf0glqM1rRSw5fuN4Lz37gttQ8AyIozPolEW43YAvqiuDIrA6CGK11qme/iRlEWgXdkLRAt6MfQXAHKl/Uns0BG/9rdDXuZnUQ84d4RtT+rv+EX38T5jwPCy8DwAl8PzoTMC6crqog9GFyYH7wQV9vMMulp6BJNz2bjGvLlBxKEwAAAJxLCGCg47QofAmlfN1+Iczdvutj/NVzvUTQorjMfK9l0U5jf7/5aZ4DGVHyxpXWT13yR3nWy51b14aOK94ash2Tbl0XZvtRgu+OZy3d67tRdVQ9DNi6r+5u1y4hi+IQhmc+9VxxRnSstMStxaMh27v13bTb1ZUmADhiMDmQ0UqNVzqFaZ2uneHy93ebEytvNxeJ9uPcNek/NlguFG73+u3mXC6Xi3M3peO6KIV4WwIAAIC2gwAGOkqLwxfL7JQn2jGEYSaAaTg7RUsq8NIUDlt4YN/X13vsTBaeMbG2tbt03EAffiztFEcqAZsrJqKXlWe6LHKdnnDWk+ZOLJriStN4GLLxZY6rF13HmSIAqItnuXCwEgYxjhCVFu68hEgpPcvBTInEZHBeLr7y5sNk7fKicDut9ZhHl8aaue/f36xnPHl5+xW3tAYAAIC2gi5I0DH+01/SaZMfjJFtuXwCLfjo4VfuvOrlSp2URluYfyUlMsSPp03wspTu0s4Y1S5a0UEHj3LXnEkegCtZHJOqa77c0rjqNnp69uOV87WOKxmZURNh21vz7Apfv7zTfwPdOn4A4asF7TgT5jVOaF8/C8/nAsnaKc1x2MIvf3nW0wjPWsrltuf5qHu4re/4cST3AM3hIMZ8mY+e59HhZ6Ioz5Lx5eUl8yXhSfnYfB063FpUWlJrp3qpUtBNyY8/TN6rCsOl0txRacEjB4WyAQAA2gwCGOgY//rP2az5km1m2//lL+kxqcUcfQ1BT8r3da4413bTJng6UrRVaFVVWJdnUQghphSVeKc/H72s++reoiadWl/fTg702hkTyUb3xyHN6ubecOmPUp7ghyjPYjnymhT/8LPd11zzeuq0PUPKG+Fl0fCF8bKztx93RrXvc2j2mADgWK9zGyPKUfFw6ZBLfsErT0AO67/ociijqbo+k1Y0LBzzuez7L8thToUnhQlKu7hQ9lD0/MHkHQ5Q0QEJAACgDSGAAQCLa37wwFpoUXC1Tij+J2X2p5r6Ljwr4t3W7vJP/deyR26EC+1KmeeBPtcJ+WmgzjYRPJgnaDkOWUwY9kRK4gCuIEqeLb6rXW/OhG35faf0hOvChNvz78pKbr1AwdF6ACgTjmM7h/GSIk9eGtNKpLSkx8L897fch3g36QVPOosctQhBCy7tBwG3UtPcNckxX7nQridLi0rp6YfJPr58uN59uerLGAEAAMC5ggAGACzudCNK7pPaZUWMl6gIh3hGUEEpOao9Tdyq+n5N22kOZ6h85FXHdHx1dS9VulLKRwfv8H3xMjDn8m76/jEtwesph2GVgd7ax93Fcu0J6irKN+asDAHAsbhWy6vc6lOf3DETx0yIyHo9R4opT/EMl/KSIhJxj3q47st8MjmQoch77FXuw0vFy1kjbKhDV1ODyVtZPp1MJvG5CgAAcM5gKT8AUNBiWI9wbZd6LYqFIya4PggXcJVSLdoirJKev9/4lGl0mzxLQnarpe4DOUbww/AyMH5tVjd3xqLnr5vT65t7dsbKu63d9Em3o5T6LfxeSPmIAOBEPKuFa7IokvNcfNcEMr8FdVx4gqB+5hHNm69PzYZZDjh51osnJdd/sTVdVnLraf7+YfL25J+SA/mVdxtTK283nvN5JeqZJfP5SwAAAHBuYQYMAFCsFEuQUGagLabMAJ67dQw33FgftiM220+YgX7+Xt/1+XqbCk3jZtSRrT0/7LJTb7YNfCMuAG1Gfo7vZ6Nna0lT5rVImNAseffWtQy/Bvz82+LLV3bGVNHJlkpX8slkMFgsxVSmqyTjJny54SpvmgDgRNoPgsuHyT6evWLrLf3VBCsOOfGHyf5wRsukDVqkTNvrEBVsQV0hFsxnao4itcqER7+VSNmC2T5RxlVqngAAAODcQgADAFHccaOq+9Pbjzsj9kitJbJmEDDtENcKsdvFpaC59fXt7EBNrRg20CCYIdo3A3yHr58nOFNqXzyhLkH3Bq7nqy8g23JFC4rza6p1iWcwTfvO7jIXX5bdirp7dgtrW7vLd25dGy4vGxuL3gSHNbHY58S9e6jdA3CS33MbI130RzaZHMjz6b+/25xQWiQG7996MpgcyL7KrY+bN2XKJz1r3poJIcSfTRrz55W3m4uD9/tsCP5zsr+ylPBPwe3ko/fBy5KKdDndRcq8J/cL0WVJJuTJ8Iyb8vUAAACgDWAJEgAE9T+C1tk8uyW+trVX6YbkO35Wayq3LNZpx1cpM0Af8gSNBmdRPhq+rG7upXj5S7CsqT7enpcoEXw1DkNql4vxc87LvhxSE7XbH3z2h5SWQ/f6bkxKJfNkjrZzkWV+ffk11CSWtdIvSKsX0evxTJnw9ey+tpvj21/f2p0iAGiIZ7hISc995/IMhySvch9mldKzWqsRPs3bcFejcKkRBzJaqXFetmTej6lwm1oc4vwt92EyPF2inhG+n5IQ80XqSke3NbeZQfgCAADQXjADBgDqUJNrWztjB66f5JkQ77Z25x3Stn6IkpTggb+/S1l55fNQ6XN1G2kp1XOuFdPtO1Orq3ujmC3xfcSu7GTM0XN+bufD8/i1Wt389FQLeSTcKreT5hbSIyWnlDXbjkYvbnQ/ShYzUojHPfsmpHGpXDxUT7pO7I2nfQKAo8JW0ya8HvPklRFRLrwrlBwPZ6mEIUt4Okb7C8kHyXk+v1GBXeX5vU5kiZJ5B2ZjghY8pZ/0mPvjWS8u7c8S9cRrZ8QAAABA6yGAAQDLIxp3hZgwR2hfKpJZLXScB/S2HTF5MzxLwpw/yoFL97VdWzTyzs3r9QbuwZFbLtjbbQtG9hKcudJnlSmHKlV4hstx14uV/OVYieKrm3sJKfSU0mL6uHbgUqmMCXSWBwZ6s6sfPz2VWvDsmrjb7cx4+whgAKKEI20b6mTy3vLKm83lYKmm5gLmy0JS/udyB6NXuXUTzEjbWe5VbnXYvDMnPUmP/5b78CSZvD3b6PYHg25JFeUZLjZMfZ3bGDEZzJSnLhVc6ubOSghfAAAA2gwCGACwy1nu3xQ8a+LIzIlSrJRyNaV4iZLjOYV7yauFtc1PTxvdlg1ySExppV6IYFlTBbelxoyYs1EvfGlGuFxs7eNOzoZkwgZmw7x0zJE0USL1gpcomXCG6/ykFS9N0mKcr3Pv5o1JE8KYMZ584JXUS7K1gAAgpH31Jvx+8EHfEActgkR8sCZU4Zov5W/j5Dgp8rlIkyRH2I5jRwKYYLZMTzx5zJIih7qyJXXw1Ce9MNjg8+FVbmP+YbJ/jAAAAKAlEMAAAPGMFjMgpwPHHyoXX63gGiFOST7jbjhcPJfd6bvR8AhtubbLkSDnw8ed50qrES78erf/RoagpbSilyYgS1A4Y4n8MRO0jLmC0iSVncHE5wpzBF8IXZnJxCEMfy13cSEAOKRJJrjeiyaRLRfgna/dhjse+VI+1nxCqWmuBbPy5sMIf8/Lh17lNlOadOKXSAFeny5lSIpHJogZarSsqBzKHj8Djv449nIAAAD4vrD3DNDhbLFcLfIe0ZMwfHm3vpsOC6/yeXf7bowd7F4d9x0nHbaQPg2eXaE0jfD3QhOmxf8g6+Y15NdrbfPTZO3rdrfv+phPYvhgz7PdVqQZ3JkvBa31szB8iYgfV1QZAAJC0mMhxQQXxvXk5e16xXTNZ21C265HNB8uKXLVlzH+nsMVR9IcX/9VbjXFl6283XjOxXlNKPOUL/89935k5c3mtvm3VHvbfH8c8DR+hD14HwMAALQQZsAAAB243mgYvvCgXQvNtQmo23O58K4doHPRV8k1YmK26K6t/WKXrfhOYWDgUv642y+Z63SXnDzxjAueYVFnij2cPW1eL4qVZsw3ce16HLAMh5fxsrOfbolseFoomuaKLvf6bsybwKZAQlQtL4qVnOzax50H5rayJkVLeZ6fPzgoEgDUpxSNcmDCbaWVrz79krxtQ2jueGSCkqraWNFZLVrpaeHQo8HkveVcbjte0kWeEfPbLw+CsEaStHVlNC9kquHLy2EoU7ewthe0ls8QAAAAtARmwAB0ONdzUz37wTIUnvmipXh8eKlOv9/4lOHZD46vZrl1MSldqf8ipZ5RsjgWnq5tixzicEf4/rC9vhS/rq5upwi+O24XrpSutBB/v7W7tLa1o7nNeNflndm1jU+VJQ4Dfdfn75l//P1BTM1TTf0ec0TehC/8e6JHeIaMIJEmgE6l1adjLybKh0uItO8/E46uWpbJgQv/49kqr99uzkVnyvxsrvfz/f7xYLveQkz9MfRLpPguz5Qxgemor/zRo/erf9NKPYuex3VfotclAAAAaBkEMAAdztvzuMNNnme+OK5eJK3T0cuFFFPdB3KMt7lz89potP7Lwa43Gq3n0n1tb25181Pd2S18/QPHG9davxAxJ0HwQ3BXJKFpnFtWC9uRhalJ3xELvpRHXqsP/9ibiJWcES6mHLS5FlleqiRK/hAfmeduWATQ4cx7odD4MnrGocnhOc6y1HLKLht6tzUV3bZEYtJ8Jo75zuXKjDOeMbPydsue5u1LdClTu5SJQxrugBQsR9qoLEUafHB7pDZkQdFdAACA9oEABqDD8RHW95uf5u1ylXoE5YVWC42uG5314pF+JrRsODAJ68nc7b++QPBdcKep2vN4dotP9CSc1aK0fsrFkn+6dS1bu63SipeaPeLL7QwaLZ7IcrcjDtt4JhNf3wwz8RoC1NBKveTAI7qkSDg0o23XI/NZqVTmr+UaLbncaorrxXAtmJKvpiu3oXVCK3/YtpU22/M2JeoZCa5TXeNFkVzWQj21QYwJburVnAEAAID2gRowAMCzXB5pbYIWnvEgtC3KS7Y7jk6Rp5+GrYsZBy7u1b0UD955aVK3t7u9tvHpxZ3+GyONOiCF3m/sjEjlL0dvD07Gs5OC+izBEqHjiJhKmC/Ltefz67W+vj3kO7H4vb7GrcB5psv+/uHyI67fEyvJl+Fr5pGbMAPE7MGX/QJJOUIAUCEdmeOvHJ5oSVOu+mPY8/2X5r2SrmxDMrXybutxyfN7tfJGf0nerfrM5NkzwfKk7XiJivy5HDfv/yxf5lHPpJYO13OyM2z+FLSlnufOSVx0Jgx+OIjx3KsTmnTh4U99T+kU7HXp0lht62wAAAD4dpgBA9Dhgu42IktKT/OMhzs3ryfN1+ED1xu2HXEcMbP2cWfb/Mu929pNd1/d3XZIL5rBfMLegOCirMHg4CQcvkQH99AcrssjzFHxZrYNZxfZ7kdbu4v8uq1/3LN1fThEcUilwo5I3B2ptrsRb9PTE3RKCQI297mSQbFeW3TZ1YuupOc9l3ueEwDUpUmZzzmR4O9d6pm1n5MBE1yqVDizRUp36nee6VLG4UeRLqf5e55h+PBBf1IrGnZN8BncrrNAimx9mFe59bFXb9fH+PuHyb7lwcTtSpFtDmrsfSg9u5LbStMp8HX5sREAAACcOQQwAB2OlwVxbRdhBtVrHz5NRs8vfr4+aQcOXHxVRa6kKc8D9fJ1h8O6MDyw5/bVje7LXifZiwDmlPg5jtbaaYbvFCe58C4XzNVaVY5ka+6eIouz5eBtIlaKJaLXW/u4+1y7JRu2BZfptKsjg7GwOK8WWOoA0IDLbaO1euPJy4ue602Q74dLjOJCiejMMV6GZOvC8NIi7mLELah5OVF4nvlsXjShzSK3peaghf/xZUI6M0LLucN21ZszK7mNTPUjEQWPvDyd6rH3zColRutd9ir34VSzYriGzfFtsQEAADoLliABgOUJGvW/qGz0vO5ru0s8gOcZMi55T+7c6uW2qL31rs/Fd7UoTUhhi7TOE7SUqOpidNhuuhyWhYOoqla1toCytl2O8q7v2ZDNBDHDXKiZL+elS7yMScfcGRJ2Rg66WQHU4KVDviwuClv3hbgfdYocxwTZ2p4UJBY4CdW8zFOL0Rh9zvP5vpSLOryO1mmeueJx42gK6mz55FR3JjMhj8nFU9KJcUA6Lnz9UjnKbsuFeFdy6+Zze395MFKPphnlkLzuMsWHyduTdBpKjxTJ9svOEAAAACCAgR+PWx0LRydKMX+BfII2ESvFlu8nrxd4WYoZvc9oIedJ+bZ2wJ2+65WjnrUzWPj19HrMAL1UPkPRN+EisvfuNa5RAs0pumo2VpJ2MOb4vn391rZ2n2uln4XLlHhJkRncjZViXsa2Ctd2OdmEGfz9FtZ8CQv1cjjDHZXK54+awV2azICRAKCKT8V0JUgJRbrLmY/I5V8S/ZnoxRzaeFSsuo6Qak5xxRgh5s17eHowqPdC/N7jGTae8p5p4cSV8l7w+T+X216HzPZZ/vr6zUbOU/rpfzyjmi58/+ZxxX+pub96Bh/0DdE58frt1nMugHyeHjMAAJw/CGDgh+JiolroOf6+23Mf2+NibUgoXqevs/QVhH8+a5wES1Zo0hyWTQnBz4FK3+m7MR7d5v3Wp4wQ4vGB4w/xgJ3Pk1JNdhWd+WKXnzEDfuoiNU/fQHbrudXV7fF793oRwnyD8utTdbRaK8WvbFDLxXcKWnozPDB0PXfh3dauuUQfqevCy8p8x5t0fA8FOQFOoEkkzKdp4bgV3tKxS/qqwgsOtk2wMS0c+eeSr564JEa0FDP8J1KZz+Sfy+GLDWpkcZHnxZCSww8Ttyqz2GzxXOfKcxv2CDk7eP/Wk/JjKriS+D6r3sNBsd2rKU0HhYfJe01/3nKwc9G6LXFnKq3ViAmoT1WwGC6Waz00ub+vMydt98//nM3XnucKnaRTqHdf0dvl7//yl/SR2+zpqd7HbLRdo+2v9tCsud/547ap99ii2/zrP2ezje6z9rYA4CgEMPBDaTuVOkxd+Ijg4dKIdvI//yV7bDefi0gLucAdjrTY5YK8eamOBimC5COzc5+IfbZHd+0O+93+GyORTU43Pb0OLgRMcGr82iWT4tgdn/C1Wt/aTpOjUuYNmebTnustdxXlpDnUzicLZsA2H15HOaWMOfux+f3Im5OzH/6xN6GUTnu+lz84KBIARAQzXaYPzzDvSZ5JKJ2JcCmR2SZV76q8bCj8/lVuPSXCv5WqWAnCPbc4Ec4y5OAken2fi/eGM220mvw9t/GSZ6m4yh8tkZjkWizJcpBjb1ZeWTT/m/uJ0UpuY3owWT0rhzs5OaSWo9cJJU+5rClk69w4zhTP6Kl3u9/bytutmTCYiip3k2rTQ0Lwo2SzWf69/qrf7XqhzLfeV7O3eZr7buZ+z/KxAcBRKMILP9RBzAzqta0RQu0avnQq13Pz3dd2c2awPScc8Zhc9/GRjWyLaso7DhW4SOv6x705gpZb29pd4u5U0SLKUbYjUrmT1duPOyMDt3qz+7wEkFuPCzlvCy53qVmfxPDBnp8Mlygx80ciy9sIrRb4dpTigr56xAwOvzlsA7hoTDj5wqWe5bDrkVbFYQ5WhFLPKhtpynIQwUuDVt5sbq+82ViqnVFikoB8+H209otQNGa/CprnWSt8vfC6JROWVN9Gyd4G15bhrkaelEvVj9V/ofl+zGPVjsr/nns/8vrt5lx4e1rSc09WFQw+Az0FrXSqRP6xM2j+/m5zInhezraAr+vvTZ/2OitvPkyikDAAAJwVBDDwQ9k6E74/rLQc4lbHBG0h6IizT7bbEePOOaQzHLJEtxMlf/jgsz/EdUCk0pNaq7FKO+oIruNy5LzNT7Orq9spgqa93dg5MvjhmjtHOk2J4Mi6cMWf692OksWMfW3N6+rqoOMKvxcVydGBm1fHw9PmNY13X3Nya1t7MzyjxgZsUv6675Se8GvuO/6FWnYA8LWiAUmU44htXk40eL9vePBBvwiX9vycvD2plTLvNf3E1X+Me8SfsTyT0L53TSBR3Y3MBiN29owa7nKdRxxGcMtpcxvPeJmM4//xJFiOdCVXpEvzfB2exWECmlEOZ/h6fN92aU25Ho2uOaLNwRC3uebH+vD+wLyUzpjWeoyXJfHlrlJJV+kzmwnKwY59bhL9QyctedKeSmrzmVUkdaZ/M047c+evNngRM74jpwgAAOAMIICBH44HctxNxZ4IB/zQUjz45tdFaBo/nKFkBhNEE0E4E+BtnMtOmmdC3O2/PsJBWlisNfTh485z2a2W3m/tLr3f+JThbfl8LuCKui7VOOQ47nIpjr4/nBiZgUD1EgYz6Jo2gdn0/q7/pN7taOHMll9XPvpsjwCvfdxdlMK8TlWzmHQqeE+qSZ4NxQEb/+s+kGN8Kb9v+XdEaf3UKxbHCQCa9jA5MD/44PYshwA8S4aDFC3UuKv+6K0NJIJt+3q53orZjmebpcgXKRuamDCHb6Mo97nVfFySqFyXC/HyckEuksun7dIapZ+YUGbBUerI7I/ozA6P78cEN4PJW1k+7ZOY9KTMhW2uTys6q+dVbmPek5e3ubNTM9fjwOphoj/5S/LuqQKgV7n1sfDxnkWdmjDUKvnq1DNneEbR0bbgAADQ6RDAQGsJjQCmjQz0XZ83R0CDqfJ2wK5HuopOOryciyi7kp5rt7TEwQwPyDlECIMEng2jNNlZG8IM5oUUUzpWarpTDnfpabSM5iJyr+6l1mtmGUXdM69H7Xl3bl4bLn1WGf4+fN75dbt760am+4ocW9v4ZAcsHHytbu7O8ld+ne70XU/euXW993B5URDiiMgsJhPULBC3r+ZW4vrwPpUMassERbTFI5ecnOf7eQKAKtxaeuXd1tTK283FV+82ufAthad/z22M8CyWoBZLb4GDFJ55Ujsrg0OElbcbzyvhiKIn5oaXdXnZLp/P4YJUusDnu/THbHjdHIcPij8f9Fh43mDy9uzP9/tH/4MJdaL3E8ygkTmui8KnOWzg7kr8GIOfRZnPAZ2NhkN8v69ym2MnLckxP+8MBy5hCCLIX+YZPR55+eiyqXpK1DPCz1X0PpsJbliM9hcOH2/zuxe85KnRz8Sh1p+OqVfDPysvJzu6jMyEYEL/SgAAABEowgvQ4XgQ39OzHx8YuJTn0zwI19qPczejA3Lj3h+e3Znl4quer8bLqW2cC/GawX1Bx3YXeWnLu63d4YFb17Jrmzt5s+eZqNyBrmnH2uhx8EwbX6eF65xqivh5FrZ4Pi0evHGwYp77JRO4vLxTLq4rfLXgOJTl75VbHDNHxieULPHp/OGyJZGiIhfZVfw825o+4Sym8sy0Xv6eB2c9V5wRJbQJcG7Mc+0YrWnODsuEHum+1LOAIrwANTiA1ip4P2pKv8p/GDeBiF0aKCWlubBKifRTM9if5fCDZ8BwCMOX8wC+RFcSQuo5TnJ8R/J7dJwDgJXcekFKuWgG+1nPdjm6kuWlQxTpbGRDD9IJ8tVwF+2fONuQP0dM2DPONb848OCCvTzrRWgxsZLbSJSL8s5Gr8OFezlc94STNSeHj3ke0vylvJwpO5i8Mxve1t/fbC4pcxt/y314Uq819sNIUMQtrz3HmTLPafpVbnUoqHuznjDnzZEvpsPZOoc/UzTM2jdh0YdMjPTscQV/+bOupIqTHsk31GBp2bF8/5OWTnyfejiAKdT8HPMEAC0VzsQO93Ob0UxjA4CvhQAGoMPFrnxOKK0SVN7xLA/Cq2ahcC0YLr4qD3tEFHg5ES8xMjvrfF2SSqWJC7ZyjR8px7hdNQcx4ZKXEAct3b6TU+aobnSGBy+DMjvCZv/5Ov7gNcAzUHySy/wa7ffsF7o9N69JVwZa0eVgRVfNup6b/anfhGJbu+YIty6/pmZk160n+It5DX4TgpZ5uZg5yv7ibv+1THh9HpxRZPDg+DpFkV8AIZoL1gA6mfkc/DPXcxEkeHCe55lnUopHJuh4xJdLch+ZQCFbIifuSb0k+I2pddZcM+4r7wVvE7aetjdY6XJU/lotZd7HcWVCFPNBOlJ7IYcZ5MgJ7Zemw1kitSGBnfVCTrljYTAbJ2Y+18MAQ4UbKjqWp/xRs4PJIU629jLFs+y0nYKdoBNI6cworVNa69/Cx8z1c/jn147/7Ljr2jBJiomSsJ+R8422K3/WHdtCOKhfU79+DC8LM5fPDn5lZygA+L4810twjTtqMmDlfV5H7M6Z/dUh3jclgDOGJUjQEifVvoAfJwhcdCo8QsCvDf/xidZ+qWXG4Vn+aoKWbPmsAretXt3cSynpjt3tv5HhJS8He34vf3/kBkwoU/rsL9SeXd4Rhjreb33KaMEzUPwxPs07Bdyyu+7za7j7boo7W/H3JgSLDi4qz7E5Iv9ASHoULBfTU+tbu1PRuj1Rkdc6lCCADqVPMVOCC9266nNy8EHfkO04VCnAyzmKGrGzOchPHd64fsmFaruomOWT/LnoKZUMar2Uj8gqOlKTxBb+Ndf7JXl7pMFDSfMMHe6qxLNQeFnUkdtI3pm1hXxNcMEFaIWUc9FOSBys2CK/Qqd52U30utElOLxkh+vX8Pcr5fv6W+6DDYE93x/XSgzxEiw6xqvcZkpVlko6k4ePcSBrCxzfr15SVftYHPqSsfdzzHbN+P3NesaTl3N/PWbZVRLhC0Db4tnG0e6OJ3E9L0+R2loAZw0BDLREz5XdkXfH1L6AH4sH11yrhZeZdF/bXTLHPxe7irKyw2uXyojDgbu3L6fD85X2h1ztD9vOSOSnzafKo3C7eoGKDQ76bswibDnKdh6qE34wReY1Ig6ugvovx96OCc8cVy9qt5Tj9xkXTOYW02Gbaf5abpMbNzdcsKc18WyaDNft8Z3ikYERv9bC85NmcPiEZzV5pdMXpQToNFxol7+GA3Thq9+ObKMpzjNRBBflNe9DVW4nzct9wiKuDskMhxFK6XEOH3h5EIca3B3p9erm4+jtNaqZwjM1OJDgcEQp7xn5ys6w4duJtp+2hXzL29n7enC4TMgxIc7P9/vHuaOTeayVz3AOY7jmSxiyHD4WE+Tz3w7ffykpCHH5dh8m+04c3PjkcxeoafNYxmuXGp3Ec65M8XPezP0w+1y+26rb6cgEUnkTOmV7aB9/swDOMe7G2cx2vD975+a1Ucx+ge8FS5Dgu+BBH0/3a5Q4D5SXnqx93CFoPR5cr33czbuapng0wD1WtRD56DZm5/8Z1xTh77nLkXntCrXLiDhYofI6f55N4WvxohQr5bt9Z8lsO12vqCwcql0OFlWuF5Otd73atcq807C2tcsDj0JwJOdIvRl7Wxy4xTx/+Sezs2EGSkOxazIjtZiQQjw2l2Xv36x+/5aXONnX1y5nkMjwAarx+5BneIqCVP6T2sK35DgPTCoT2ZZDmpINM38OZoRUAgxfcaexLnqd2xjRkmzIIsguPQrel5p4dkhcezRmvlaW43jUM0lSTf01t56sLR4bBhKubV1dCG6bl/PY613icGg2ul0t33w2cVDjkWv+XnijfF601bUr7d+IyiCnHLRX1YoJi90eV5eFlR97hr7C4P2+J81ua5d46RIvc+IAapofX4nEJDl6mWfPoJYLwMXA3TgJoA1g7xlOZb2qZW1j4XQ/Ltza6Ig+tBfurnOw5w3bGi6CxmvDkns3b0zeuXVdmLGDPWrK7Yp5oM5tp2uXrfBSJC0oVfpcynMYwJ2VagMdOIqXg500TZaf27cbOyPhaa4L0311d3t1dTsV3Y6XJ5l/w7VtwqM4YAkv54GSLklz5Fvz6xt3tZgK7+/9xm4mXJpGANAYdyVSf/TykqMwfHmV+zDLsyuCsEOV37uiYNtMm39hq2Ue+IezWrgLEsnYc+GKR4rq1nsxqbhngxst/We8XMdeL7eVdqlnNpzBEt5u9Gq2iC1xC+ueuENdWbssSumnikT+aPeh9Ux0aVGPCWA8eSVnAp5FT8olbvncQz2FMExSwedHQ1xThosPh9elH4h/bn4twi5PoWCJlz8UU59tUBTWjhFazv31hG5Px+HXhADgQuBl4GtcL+8EKLEAzUAAA6dTKp1q2YHS2hy5Kx6Z8scDSAQz7Yd3RPf344V7Nw/DF7ssZmt3KqwJo6SYDdbGiqwS+pnSIhG2mw5fU9v2mKdvlpcZcYvk03T8OezYc/F86++9FHqOW4HXBC4F2eMsrn3cyZmQ9HGj++UANXr/tTsKbkw8Fo6wbVNFULiSeFmZkHqi+9pujpemvS+HP25XV5oA4Ahe+hIuOQrqqIgJrdSYNu9buwEX2VX+aNiemr/aWRdCLJSL66a4VovgWSVKZez1TfDBS3Fi9CUT3g/Xa+ElQpKcXyWpsaCwrZfg7j/hDJaVNx8WOPCIBislnlUi5ZQv5aJHXoprx3A9FnMbKROqT4Tb+XTJbuc5V55HrpsmqnxuxDXFEmGAUVvXpV5r53IxYn6ohWh7a55RZwIkHV0K1YyVdxtTtcueGuHivY2CFQ6rwtcsaL9Ny/w6/emEWTrHOWn5UxCabZ44oAOA1vOF2e/V6tjC37x/xftKvC9GAMfAEiQ4FT5azh8wvuPHy91y6uIBtOPHslTaH9/fpyNrKF2H5hSVxgVBu+m+tvfc/PFIHDj+UM9+T1zH9ma0CdK6irYFThikDIXbr69vZ7XjcDHHBDklnjUxXnubPNB3Lu+m/S4/yzNieGaUUpS4c+vqEw4FBm5erbpOvQK9FwGHWH6plDbfzvP7aH9/v3BcLZyg6xEHWtfnK8uMyh1EHCd4X/FyPvsauA7/wY+TsN2oqnYSOEBTupQUmh4rR72k8nT67qt7i2tbO0GQ4+snyje7GJIHSMK8d4Oj68q8rjJoV20Jh2bMa3Zjb3c3y4MzAuhAkmRBN7iMwwRNYiRsf8ytns01uD4WL9XJ+1qbIEWmTCiTsVcwoYsnxSfS4sbhrQhz+7ogwmLXSr94mOyfr72vXG415Wk9RkJmBxN9Q1xc1yfN78vkig0mxAMhaCGsKxNwZs19/plnKfJMlrAdNNeI4WAiWGJ0NaWplLdVX5QuBPdlPr8c75HWhy2QBCkbltQGFfZxKT2rHcmfL5XP90FzP+b5MLfnVO0/mGBmRNunQo+VqKfyGdUIhxcx8gslT71xHfkrNYGL93Ibb27/dlywEm2ZHfws6wkuRKyUyHOrbg7MtHfwIhogvX679dw8LwmtSuPR8xmHRKTEpDCvp6P+GAqDHkk6oZR+SQDwQ52mxTQfMI6p2PLAzUsn7pdyd0qzr/wUM77hJJgBA6fGHzCOX2r4wcVLFsxQfU67pSWesFxvgHmw6ydPU5EcfoxglotOmMF2ottz53TMvIYmfDGp/8tG3XZssbK+67aw6/5nv+66e/fqXsqVNNezT8EsGq0mqTwVn8OX2uKz571Ar10m9PFwmVCIw6dwadfAwKU85xqNpqvy9bnrEb+XTKC53H111x5R4aViwoslq5cW9fAIhmvy/EYlf7r2sdjiuiKoIRHdMTBHesPlZHlXqqx5jce4c1V06ZIWMnyfFsrbJsxAY96NOQkC6FDmvVP3M0oL8/kp5SLPtOAZJhxm8KwPwTVclH4SMwNw13EmtBRzh7dFeS50+zDRn+TitkHhWRrm7knckci8r0fDmSW/596P8KwZO3sit54xQQYXqh129Wdbj8VXvtn5p2UODTjscNUfwz/f7x+NBg48M8PVXZW6LK4j/hx+bz5JKFxiZH7GLC+nGkz0jx4+1uDzittCm/+fxGi/7t/xJIcQ5uc1wU8lYODngmfi8HVqZ4cokvOVDk/kL0evU+/2ffLN+fsFrs/CRYHrbcPLnaIzf1jQKer2cL3t+b5ydZYc2RlDJGakpOccQgmtUtxJKrqN0JqvZz5r3cyRG1Z6iGcN6ZrOcVzs+KROUABwtng/l2eprH/cqVtS4d36bjrcHzUHtxI845hneDdx0+QUnTTvK6PeIZwEM2A6HH/I2EG2p6fv3L4x28x1ylXBGw6QeWYMF2jlGiHlbipVOxiV2THH3Aa0Eg/QeWeSg5fyWUpUdrJ5NoU5O6W0fsF/ZNa2dhd5SRLPZml0i+VZM72Ve9D+uNmDzoenedaNtvdJyc3N7VRfX++xU7fbBddEMceHJ0xgMRo9n5cJyaBA5rGTvLjjVPnbZO1lQttinsH3Qi8ofRicBOHNISWLGbN93AzqRgf6g+CEXxdhwhZflZ7ao9iBQnQpGC8NW9/cyZPvZ/sitWCit13eXnAg5GqqLEVwnNivnl8kADgkIoNsHnAX6XK6i7rmfVXMO/Qly7MfTDDQKyS/J7X9zPSVrny+cqDAM2iEo3lpzUszSK/6uyxJpnjGjAl0luyCIy1+HUz0DZfrm2SkFI+0CUk9KUdWclvDyZruQWGgwe9zLtLrSmfJ8T9XPrt9vv1yyCLIGTFBSubw2gVyfRr1qCdlQpTlZOL41sscAB3e73bcl8Ulc9Qv4alLfH81P5dO+Mob59bb4QwRDps8GZszgdMyByfR7f9UbnFdywRTY+YTMcVLtTz7WtifpamDPb68vMSv2UpuY5q7TB0+NrmgiH41Ydiz8udj1ed9UFMnaJddj6f0ZMwR2xxGoV01QGvwzGvP18kSeRkTID9VWh4Jd4N9Or2oVZEPTo3wgaj3W5+mzXvfvm/D8UvtPlgoJqjqNnl/uST0b7UNDc6S3QdX6tOd/hsjBOcGApgOx7NZuktOQcnqIzPfwhbq1OFRfVE1kOY0mY/qK1niHZg8QVsph2vDvPRFCzFhBv3j0aVmfORAezrD30tBI3bpiy0QqdPvN3ZeNjuraeBWbzZ6Win1mxTBhLx64QsHhY3+4LVSucPQkeDJE3paKoofd137HJuBErd1rnc5Bx8m9LA7+vdv3jjyvNplRWYHwTf3xeuEeJbST33xrL2M32fmNTE7GTx4iLS9FUeDLbMzUZI2LMrTMWIlf1nHHBus2qvVaacLAMRLkypLh6SkqZL6nH+YvBcNWcYaXZlnt9g6MNrOTDkyWOdlQiag4QT012C7YBZbiWSGZ9lUL4vy0hTpnBYspXGWOBp6lVsdNo9j2QQWw9FQgIvylqiY51k7iuQyzyDhZTd8mQ0oTKgbDUM4LBpsEIZEcXCx8uaD+cyQcY+UvT0uwhsu1+EZQULIJ8n7h49FkByxM0e0iB/+DNvxIu1P/mKeh9r7COrtaHNUWxZKKsbdizL1HgvPjImZ56W2C5OdHah1Qjj0IHq+Q39kf36QTFJDPBsnnFAu5msvLc8+GqcmcECGkAbgbPEBJLOfOcsL6WMlZ/lu3/VMve14n047Tl6YwDQ8jw9U8Vfb3ZU0z+7nfaxkvQYHA5GZL8HsY5Vxtd3v+i4BTLivpwQ9JThXEMB0uPKAO8k7NXRGPNdbFiX5lAd7tdPwBoJ2t73nfYnJRRTWablvQpTyH5H52m1ipViChF3/bwbietp3nLSjaZynpRf/UNna7fmIwxdZelb+PWvouNaA/EfMp1KK2rANaKMOQycd7eBCtlrSDA+yyq276aTb4XXI98sBl12epHWGp9e4mubIHnU5rKnAj2tt89MTrt/i+GpBu84Mny+Eztfeh455c+Y20mbnYtiV9Ku53Ukbsvj6STgrLrg/em6OKI/GhHzkaf3MKxUJbagBqpn3ZMFTajjmuDPljkcpIWNLv+fWp/nd4tL+bKMBdtgSOjytfW1DTluTRV4aMwHFn7XvPyPpTFRmJ0oxY4KMrAke4tUT7kTBO/KZaYOCuF3q4zgpE64kYuXlPmHdF/O3OUt2n4Dv87IdhJiQZZqDH624AOVhKMRBhvkMmDO3MxqGNMcZfHB7pPq5ctPmfmzxW+4aVfu8iODxPzaDnngYTPC+gwmS5rmbEdfY8chNuOTlOUzhoMM81mGXZ+c0eI5tbRrzmEtK84Cl6u+O68dGfSqmS5F6OWFo9Xvuw8tfkrfrHmHm5Vavcx+ecs0eEwx99UDLdogKgvAsAcCZkUrmy/uu5Ph+ttF25X26StgarRXDYxun5JjbObm+i11dIEvPzed0QXjeKH2jta29mXqzzMuPF+U0zyEEMGDVC0TsEXpz9E6U/GNb2R65rWCwXbVjExRdtbVEXqiikzVnLRO0FbscRlNidXPnN6n0fL0laUKrDH/Ue4LGpTZHCYQ/MlA+OsB/cNa2dra5gCvXEOHTSpVmY77kP2b296H8e5BWWkwfV8Q5qrzdhfp9kcpf9kVsWIvm2hWaMGXSPO8z5rUZP7q2WOT5D3xtsesw2Fld3Us5bmnYF06itFunuHF0wKeIBxhBnZ7IrLhg50Vn79+8xte3t5F7uzlmghgC6EQ8UG60A1UOAp6acKIyYJflgtUldYnfX5O8vEZKd8pVapTDg3Kh1zmiw/cUt4Xm4IFnnpiTCZ7RZm5ojJSedqlrtiSLSzzTRjrdU9r3ZrUUf7ZdhpQ/yiHEoAkh+HZNUD7Fy4yCoGBjtGRCF156xKGNR5Jev92c9+3ngEqEYQoHGLZgrTlfU/C5MVgzo8Q3QYFL+kkXfcny6cOf6Q87q4aLz5oxz9jPD/rrzh6JLlGqF5i41LNcUsVnWtCvikz4X/k70FMQ4uDPnpA5fpZ8kub53hp3aY8vz3N7bWqwxDl8DtzyY66+zO671HxG9piDDcW8rBOKBPVi9m3Hq59PqOVy+Dr408kGBYAfltuWA8DZ4v1InrXiO7H4vYHrea7zwiNgnmncaFlRsN+1O2P2a0kd+EP3eu3s7GQz96dkaVbwDGcSC6cZPzVysHe6DrSMH7/wuxbacfY4oAgvHMMW29NHl1HwgO6k6/JUPV6XWGldrPQYL1MxyfGM7FbHFrNypPz1Irchbkc8y4R0eco80Q0lRYFnXISvX8gEB5O8ZIZnZvAftHBqJuPlbFzMVelgaYpySvaySBFXXmo0y7VlTJCTiN4u/6Fo1J6Zz79ovw/8B5mfv3qtuesV5RW+WjBHv+fDIzdmv2GmfFFBm8EY314YonJw+v7jni0ux8+reb8taeHMmT2C5WjQys+rXVKm9Aul9dOax1IIZyXxbB0p1FKwzOxTJtxAOk6aAKCu2oKrleV/Ttje3RaxTnmOa9s+K8eZqLR35hbISj+RjpjgWSi1t8VLjfi97Cs1zAV6g8K4Ms1Fewcf9PXykqCg1sxqiuugaKUSYcDxc2WmyuHnDHceCu+jXIurfEc6ax8buWn+WlsQl4MmLh4c3rYgGReCKu2czYd/2mRGVUEIhzSv3mzkuJNQ9HyembLyprqdNP+MD5P9Y1ycONpZiM93tfek6rmWatE8Vznluo89KZf+WqeYbujncsAU3C93fWq8Ld/XYKJ/KBoWMRNOzXB773I4VsHPeb3b8bjLE3d4criNNwD8eD1mfEETPDZxXL3ItV5WNz/NlpuG5Gz5hAje71LmYCM3Jrh373R1CYt/+GPcLKG2PuDXOu2qAbtPb8Zb5c6k0IYQwEBDfAT9zq3rvdH01nxwcYCyFBRebcwRNMUDtq5iMEizU/BEpZBr/P3W7lK9LjHM7FS+RAXxH0uSn66csN0t5DJXfnc9t2pnMuh4VJ5ZYT7gqzoX9fYWuBtSOHCXvp/xBI1WDexNeMNBAs8ACc8KjjKIGSWLY9H74oE/By9B163GU0bbnT3ScgJ+Hu0Moo+7i91Xd7fXPnyqGojw887doiLvxSDY1PpZbd0dHoyZUOWT/T4oBGw7Fwntj4T3tfZxJ6dFcYRfs7v9N0YqS8BEZbAUX13dTvFrzG2nw9sW8rDda8n3FggAqpgwIL7yZmNJB22q88G5gpfYDGslhh7e5yK7W2k7oDchS3mZEneGC46smlCFB/wudc9HZ6dFqfIyIA5AukgtCz4taSoakHBAwEufzHt2TpuwgoOP1yb44G0ccuKRG5vWqjQUnnSksDvsdlmy4u4/QZekIHC4vP233IeGMz3KHYkqA46g41D/UHQbc99pWx/Hr/7ZeGYKhznUtCt5fbRuVVwFrb3jrnSe17uW7R71ZrPyc3iOM8eBTfS5+/u7zQl+DRv9rPa54aWaRKQi5/MSMn7O64Uwweuthvn1P7ydXFMzIAHg23muxx0cx3hsojS9NPtK0yJykLncyazCHii7eX0+DD94X44PQjU6WBjF1znNzBM+cMb7XPx9o86Yp8EH+MzPNk6+f+qZM7zv/WFzb4Lgu0IAcwG939jN0BmpHWSbT6ggNKn5oGI8Y6KyWckb56Pq4UCbP8gOHG+cj9abI2RZQTrlaoFktk14MljTal6beaHUJH94c3jC8+zXP+7N1ZuBwp1+uNV4OEsmmKmyOxv+vvBrXlsLhcMbDhL29+OVNN8eZbC/K2o+uq05gpAtffYXOCQ4iymcrcAF0vhIS22gUst3bEtV87YKWrYKN2gLy4V2+TaOXMG8j6SUk6XPdrBRhZ9jx3erBzKa8lqQbfUdzFQKBnC8JIzDVPvH37x20RlvutuN82tMke5LJkitFJKsGsQBQJldjp/iOQ8x1TXEbaQ95Q/xjAtuvcyDdJ6t8ert+hgPyh+Wl+dwpxxPqSTPXuEZGXanXyn+e7mgFNcQCN6zHDr4yrchBy/x4VkYHOJwW+j9YOmNndVhBhMj5e0T3M1IUCxvHlo2eIx+5PNIF3h2iVD6qebPCUXlor774fXz5ks8vD1XCrtjziEFz2QJQwoOd0ywsXTSs1MizZ8zy+a+7AwWLuK78nbjOT8fdArhDCAOtaqLi4fPk648F9HrxYg7t+m4DGcV+f5L3ieJLoFSSvPnZyoMo+rdd/h8CW4bXsYza1zzGkZn60RFixWv5NYmefZMoxCGHze3GT9udg4ANE9qnolf/l4IzTO4lZTzvH/ES+dPOtDH+3LCfCZoWazav+L9quj452tw3cVwlk1PT6HpfSs+gFk7Uz16m8ftO/MBdT4YV3t989QklKgf/sPZQQ2YC0gfzjRpiAd25l2W4MHwkcu4dofrPZeuN6p9Xi5kOxbY7cx4/IlLYkqRPlJxOyb9yg5M+U1vd8x4kOd7fq/vi2VztD5jB5SOHDn47M93X3NO3GGD749rfGjtT9/pP1xSFCvFlnlapu2kI2jMJP+Ju+ZyO7WRVMrs9P8mhCz07NtBe0E7xRHzR21Cx0qPzYc6t1GeHbh1rW76zvVmTKgzXfp8bYFrlyST4khAcREKNfP7wDxfQ6UvpXy9y8MCb5F6OJm3H3eW/V0/G1bQV34wIKoi5SPl+y/4OeIlgbJHcbG3hDmqM26b25KddpoUjrzB02DMwCshybw2bmnCvK5Dd/qu2qPS5g8wLy3izmRc3Z/PKvBgxtzvi59uXc+ub20/UcqJC1meNu+6j80f66fdvrPkeyrhHfgEABEmXBhM9EdbJtu/x7y8xoQbiRKpWVfRtF+uKWKL3bqXJ3i2iRBi3oQqec98bwKNfFg7hcMOEwrYnWQTFiyXu+qYz20xoso1Y6QUSw/v37bn+yQmlQlvzJlTXBOGi/H+KdnHl9m/4381A3tXiAfmQEjeBCL28ZVrmFQ+h4P6LoK7OcV1OXxh5nG84BkgnirOctRUDil4No/5nDos8h3WgzGPYWHwp1uVvwPlx16ZFSOlM2MC+BR3PDKPK8uX8yyVGPmFsFZKWCB4sKal9p8Oa6kM2Ror5ufWUnOIlDC3PG+L2kaKBAczU5yCq/7oDQOXwTqdkjhcUUI8MkeQn4Xn8XVj5rrhY6p9vkKN6rvY19C8FuFz4ZFYcJROOFQf/yzmD++Eee0emXDqaXTmDACcnglPHtBh3Tr7eVqeoV1V18XO/DUHn4quN1zVQEIIWxNL1YyxzD7vomv2v9a29mbDQrk8W8br8Zaj1w/HVrqmu+hRPfbAJ5Wc6eNm0dh9cammXM/l28rSaQni0gPxcB8+PLs8y32W4LtCAHOORKtxH6eZ4qZm8PzJDJbrpqZBa2r5bKDXdiyq+mAqz2g4EvCs/2N3SikaMYPH6dpZD1z3Q5P4zQzIs3y6HM7YNzcP1KH1wkK30d8xnpURnSIXLj8RpCZ5aYsJY1LR2ziIqfmY7xTMQP+xLdwo7NEGu7PJIVxJ6d/C5UgHu3xEuLewtrVjNrOdLppq0XkeHfd+5OVG3H0oukwr8v5ZNn+wk/fuXc/zCTuzKOZPcU2FOzev2gFe0C5czUXqdtJ+zF8wf0oX7NKuyMApxPV3zB9u4hDtzq1rQ7aNoeMscicl4flD0SMm3C68HNLY0+aocsbxHa7xg9kv0NF6qKfg2dkUJ+PlO7xkxQSZFBPyxs/3++zn3e9v1jMeSQ5f7PuJa4SE72WeuRIEBl3hjIzwgpGwNbRSHndESvEsFc9XlZCDwwGeHUOKC/Lqp5GgwgZB5ry4638ePayDwrMweuLRwIO/N4HIUA/tm5+zZ5LDHA5ffikXmzXhxrgJ4CfMg34W3md4HzYMkXLG1mZRKmV+jhe1s0I4xCk5+yO+r38zz0tKlx9nUHRYPy8qwZ8z9vMrqLOiEn/LfXjyH5ONlintF35OJqsegye5+5s5gECywGEML8cq2p8hOVL9WKpbP9eGK8FtySVfnPy3yr7Wvv40mOzPRM83+0cZHQRU9nUqvyaTjW6HOyqFs6mElnMrua18bQAFAM1TSjwxB5qe8wEpno3faDuh/UkThqdin+0sucrn1p2bQXOJe0dDkfL+kOL3sw1gHJem3H37WVH5XCnFSikT1KTM5x2H1g1rwyhZzJjx0mMtFR98yzfarrxv2UvHOG7cyD8Pfw6jK21roHXVOcG1IcyOTurA9ZMntfRthl1jGC/QmdzW9na823Nsu0rzG5W/c/N6suqykrPE041ra1Uwnv4WFn8N8VF81IBpDft75qtPd/pv2B3U1Y+fZqUOppxrIeeFLcwcDOrNkdVh8tx87W3wOltH64xJbJaE59iZUnyEgLRcCE/7vh93HKdATonX4hakigV/5GL+r3YQ4qsXQnedOJMrSnT5j/iwrfadF3TW+HGZI9dqXw7bx30Mj7yEy9F2neeGH6Ov9Jg+EON8OzxriKvUUxM0/3y2iLE9OjpsjnrkVZd6LJSfIf4j7/N65sPb4vbS9WpImKPDo8IetdYp/r7y3JeVZCklSzIf/pzaHLHhbcPL+f2phchr35s4OChWDWRM0LocKy+P6GQlc/RalJdqnEtKP3HLMyOgMV7+c+RMc6BhMNEXnQHDg/LFyHuxYHbuF0zw8IJnP/AcMik5rBaPam6JlyCNStf5c1UAUz7fLe+Yc5Fdt85OupLOcxW+b5Ua5m2U6zyq3JY5muv6fjCzVZq/0Uo947bOJjhZ5OCEi/t2Rdoxe1KY64lfTeD7RPhHP9sq90sq7kiaiRYONrc9LqjedVTa/PRZbT4zw8uFNIGyeWz8/HBwYjeTQeF+niHE55u/Q2lBTvD7KX3zOSZ4UPPY7NDm+b74Z/VJprQkrgNTcJUa4uK8XB+GP6OEGYhVHoKjH3E41vgxBvdh7n3GHgH3xfE1Ffj2fK7BJbO1z4u9qfBnqrmMCy5zDQqlSqM806ZEjjmPZsxj7jWDsQWXqpfoAsBRVZ9xoZrP5GZCB65RGR4M4/FSz9U98/4Uhdt9V5/W29aWVNDqWVgjka/jXt1L1Wu0cJxgCf8+2W5NTXYKbeT95s68+Vz89cAxBzx7EbK0GwQw50RQqFQ+4va+dEq8ROHevaNv5NoPIf7AiMU+J6Lb1rtuUICXOxpRXpRiw3bGjO/kgvoRYpmPqjd6LPzhYgbjvOyowNetHdwBwPng+4r2Dw4IAAAAoB1JMy65dKn7Gc/S/pogIuiUFBxQuXPrelPj5srBZV8/uXP7xmwz1wlmNNMMNz+hJtnxmDlgWe8+7LhRyl/v3LzW8QfF2hGK8J4TQUeixuELzzSpbaHGeI0gdy0Kq2tH1SbAsSs7GVtLoow/DPi6YUtbFnQu0ikumuprYY+exUrOiMfTcrV+crDnDUfvu7ZauG1NzEGNnfWyH+26AgAAAAAAcCaEFLYlc9iVlfH4pvlOP858uf6LnTkXNJw42piiSnlmP88Wpib5JJfNfTTdtcgWzxXmALYjH4WPi2vHhB1m7bgR4UvbQg2YC6Kc6maj59kinkLHlZZD9+5dP3EqWymmMiZMqWzHS0ME6SfScypT0WtrwART72hG+DR+p/8wgeUPBumr5z75vBxksnKbQsxLrXjq1TLXmlj7uEsAAAAAAABnyVeau3pO34+UQdC8TFLbmkx2SVFtrZT17e0E7fcQF8EtLwWqHFzmWf/cpOK4+zS3/UwI8bgcjlTu9/3Wp4wg50ZYrDcqrMVYez6PpxzfScdK/nK0Rh+P+6J1On2nOCm1GDMD+zFznd6vXXbEB/NPu3QKTg9LkKClgg8jtKMGOG+4mcCXfW6drQkAAACg3QhB8z/f768qns0hg7fnLYcrAbgZgeNQvK+v99R1V8I2ztUdj7YTypEZPtgc1oUJ75drPZW4WULNdb5VuVTFYyl0/vbN698884UP4pdipTzqx3wfCGCg5aKFXgHg/PA8n0qlEimEMAAAANBOtM66+stotMsZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCP8P8Da7b9Za9/OxYAAAAASUVORK5CYII="/>
+</defs>
+</svg>
diff --git a/x-pack/plugins/integration_assistant/public/common/lib/api.ts b/x-pack/plugins/integration_assistant/public/common/lib/api.ts
new file mode 100644
index 0000000000000..ab56578c8ce64
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/lib/api.ts
@@ -0,0 +1,116 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { HttpSetup } from '@kbn/core-http-browser';
+import type {
+  EcsMappingRequestBody,
+  EcsMappingResponse,
+  CategorizationRequestBody,
+  CategorizationResponse,
+  RelatedRequestBody,
+  RelatedResponse,
+  CheckPipelineRequestBody,
+  CheckPipelineResponse,
+  BuildIntegrationRequestBody,
+} from '../../../common';
+import {
+  INTEGRATION_BUILDER_PATH,
+  ECS_GRAPH_PATH,
+  CATEGORIZATION_GRAPH_PATH,
+  RELATED_GRAPH_PATH,
+  CHECK_PIPELINE_PATH,
+} from '../../../common';
+import { FLEET_PACKAGES_PATH } from '../../../common/constants';
+
+export interface EpmPackageResponse {
+  response: [{ id: string; name: string }];
+}
+
+const defaultHeaders = {
+  'Elastic-Api-Version': '1',
+};
+const fleetDefaultHeaders = {
+  'Elastic-Api-Version': '2023-10-31',
+};
+
+export interface RequestDeps {
+  http: HttpSetup;
+  abortSignal: AbortSignal;
+}
+
+export const runEcsGraph = async (
+  body: EcsMappingRequestBody,
+  { http, abortSignal }: RequestDeps
+): Promise<EcsMappingResponse> =>
+  http.post<EcsMappingResponse>(ECS_GRAPH_PATH, {
+    headers: defaultHeaders,
+    body: JSON.stringify(body),
+    signal: abortSignal,
+  });
+
+export const runCategorizationGraph = async (
+  body: CategorizationRequestBody,
+  { http, abortSignal }: RequestDeps
+): Promise<CategorizationResponse> =>
+  http.post<CategorizationResponse>(CATEGORIZATION_GRAPH_PATH, {
+    headers: defaultHeaders,
+    body: JSON.stringify(body),
+    signal: abortSignal,
+  });
+
+export const runRelatedGraph = async (
+  body: RelatedRequestBody,
+  { http, abortSignal }: RequestDeps
+): Promise<RelatedResponse> =>
+  http.post<RelatedResponse>(RELATED_GRAPH_PATH, {
+    headers: defaultHeaders,
+    body: JSON.stringify(body),
+    signal: abortSignal,
+  });
+
+export const runCheckPipelineResults = async (
+  body: CheckPipelineRequestBody,
+  { http, abortSignal }: RequestDeps
+): Promise<CheckPipelineResponse> =>
+  http.post<CheckPipelineResponse>(CHECK_PIPELINE_PATH, {
+    headers: defaultHeaders,
+    body: JSON.stringify(body),
+    signal: abortSignal,
+  });
+
+export const runBuildIntegration = async (
+  body: BuildIntegrationRequestBody,
+  { http, abortSignal }: RequestDeps
+): Promise<Blob> =>
+  http.post<Blob>(INTEGRATION_BUILDER_PATH, {
+    headers: defaultHeaders,
+    body: JSON.stringify(body),
+    signal: abortSignal,
+  });
+
+export const runInstallPackage = async (
+  zipFile: Blob,
+  { http, abortSignal }: RequestDeps
+): Promise<EpmPackageResponse> =>
+  http.post<EpmPackageResponse>(FLEET_PACKAGES_PATH, {
+    headers: {
+      ...fleetDefaultHeaders,
+      Accept: 'application/zip',
+      'Content-Type': 'application/zip',
+    },
+    body: zipFile,
+    signal: abortSignal,
+  });
+
+export const getInstalledPackages = async ({
+  http,
+  abortSignal,
+}: RequestDeps): Promise<EpmPackageResponse> =>
+  http.get<EpmPackageResponse>(FLEET_PACKAGES_PATH, {
+    headers: fleetDefaultHeaders,
+    signal: abortSignal,
+  });
diff --git a/x-pack/plugins/integration_assistant/public/common/lib/api_parsers.ts b/x-pack/plugins/integration_assistant/public/common/lib/api_parsers.ts
new file mode 100644
index 0000000000000..20b371ff0c002
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/common/lib/api_parsers.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { EpmPackageResponse } from './api';
+
+/**
+ * This is a hacky way to get the integration name from the response.
+ * Since the integration name is not returned in the response we have to parse it from the ingest pipeline name.
+ * TODO: Return the package name from the fleet API: https://github.com/elastic/kibana/issues/185932
+ */
+export const getIntegrationNameFromResponse = (response: EpmPackageResponse) => {
+  const ingestPipelineName = response.response?.[0]?.id;
+  if (ingestPipelineName) {
+    const match = ingestPipelineName.match(/^.*-([a-z\d_]+)\..*-([\d\.]+)$/);
+    const integrationName = match?.at(1);
+    const version = match?.at(2);
+    if (integrationName && version) {
+      return `${integrationName}-${version}`;
+    }
+  }
+  return '';
+};
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx
new file mode 100644
index 0000000000000..e915ac920d7df
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { Switch } from 'react-router-dom';
+import { Route } from '@kbn/shared-ux-router';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import type { Services } from '../../services';
+import { TelemetryContextProvider } from './telemetry';
+import { CreateIntegrationLanding } from './create_integration_landing';
+import { CreateIntegrationUpload } from './create_integration_upload';
+import { CreateIntegrationAssistant } from './create_integration_assistant';
+import { Page, PagePath } from '../../common/constants';
+import { useRoutesAuthorization } from '../../common/hooks/use_authorization';
+
+interface CreateIntegrationProps {
+  services: Services;
+}
+export const CreateIntegration = React.memo<CreateIntegrationProps>(({ services }) => (
+  <KibanaContextProvider services={services}>
+    <TelemetryContextProvider>
+      <CreateIntegrationRouter />
+    </TelemetryContextProvider>
+  </KibanaContextProvider>
+));
+
+CreateIntegration.displayName = 'CreateIntegration';
+
+const CreateIntegrationRouter = React.memo(() => {
+  const { canUseIntegrationAssistant, canUseIntegrationUpload } = useRoutesAuthorization();
+
+  return (
+    <Switch>
+      {canUseIntegrationAssistant && (
+        <Route path={PagePath[Page.assistant]} component={CreateIntegrationAssistant} />
+      )}
+      {canUseIntegrationUpload && (
+        <Route path={PagePath[Page.upload]} component={CreateIntegrationUpload} />
+      )}
+      <Route path={PagePath[Page.landing]} component={CreateIntegrationLanding} />
+    </Switch>
+  );
+});
+CreateIntegrationRouter.displayName = 'CreateIntegrationRouter';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx
new file mode 100644
index 0000000000000..d2aec8dd2a661
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx
@@ -0,0 +1,103 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useReducer, useMemo, useCallback, useEffect } from 'react';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import { Header } from './header';
+import { Footer } from './footer';
+import { ConnectorStep, isConnectorStepReady } from './steps/connector_step';
+import { IntegrationStep, isIntegrationStepReady } from './steps/integration_step';
+import { DataStreamStep, isDataStreamStepReady } from './steps/data_stream_step';
+import { ReviewStep, isReviewStepReady } from './steps/review_step';
+import { DeployStep } from './steps/deploy_step';
+import { reducer, initialState, ActionsProvider, type Actions } from './state';
+import { useTelemetry } from '../telemetry';
+
+export const CreateIntegrationAssistant = React.memo(() => {
+  const [state, dispatch] = useReducer(reducer, initialState);
+
+  const telemetry = useTelemetry();
+  useEffect(() => {
+    telemetry.reportAssistantOpen();
+  }, [telemetry]);
+
+  const actions = useMemo<Actions>(
+    () => ({
+      setStep: (payload) => {
+        dispatch({ type: 'SET_STEP', payload });
+      },
+      setConnector: (payload) => {
+        dispatch({ type: 'SET_CONNECTOR', payload });
+      },
+      setIntegrationSettings: (payload) => {
+        dispatch({ type: 'SET_INTEGRATION_SETTINGS', payload });
+      },
+      setIsGenerating: (payload) => {
+        dispatch({ type: 'SET_IS_GENERATING', payload });
+      },
+      setResult: (payload) => {
+        dispatch({ type: 'SET_GENERATED_RESULT', payload });
+      },
+    }),
+    []
+  );
+
+  const isNextStepEnabled = useMemo(() => {
+    if (state.step === 1) {
+      return isConnectorStepReady(state);
+    } else if (state.step === 2) {
+      return isIntegrationStepReady(state);
+    } else if (state.step === 3) {
+      return isDataStreamStepReady(state);
+    } else if (state.step === 4) {
+      return isReviewStepReady(state);
+    }
+    return false;
+  }, [state]);
+
+  const onGenerate = useCallback(() => actions.setIsGenerating(true), [actions]);
+
+  return (
+    <ActionsProvider value={actions}>
+      <KibanaPageTemplate>
+        <Header currentStep={state.step} isGenerating={state.isGenerating} />
+        <KibanaPageTemplate.Section grow paddingSize="l">
+          {state.step === 1 && <ConnectorStep connector={state.connector} />}
+          {state.step === 2 && <IntegrationStep integrationSettings={state.integrationSettings} />}
+          {state.step === 3 && (
+            <DataStreamStep
+              integrationSettings={state.integrationSettings}
+              connector={state.connector}
+              isGenerating={state.isGenerating}
+            />
+          )}
+          {state.step === 4 && (
+            <ReviewStep
+              integrationSettings={state.integrationSettings}
+              isGenerating={state.isGenerating}
+              result={state.result}
+            />
+          )}
+          {state.step === 5 && (
+            <DeployStep
+              integrationSettings={state.integrationSettings}
+              result={state.result}
+              connector={state.connector}
+            />
+          )}
+        </KibanaPageTemplate.Section>
+        <Footer
+          currentStep={state.step}
+          onGenerate={onGenerate}
+          isGenerating={state.isGenerating}
+          isNextStepEnabled={isNextStepEnabled}
+        />
+      </KibanaPageTemplate>
+    </ActionsProvider>
+  );
+});
+CreateIntegrationAssistant.displayName = 'CreateIntegrationAssistant';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx
new file mode 100644
index 0000000000000..bcb3cf8ad21f8
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx
@@ -0,0 +1,82 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLoadingSpinner } from '@elastic/eui';
+import React, { useCallback, useMemo } from 'react';
+import { ButtonsFooter } from '../../../../common/components/buttons_footer';
+import { useNavigate, Page } from '../../../../common/hooks/use_navigate';
+import { useTelemetry } from '../../telemetry';
+import { useActions, type State } from '../state';
+import * as i18n from './translations';
+
+// Generation button for Step 3
+const AnalyzeButtonText = React.memo<{ isGenerating: boolean }>(({ isGenerating }) => {
+  if (!isGenerating) {
+    return <>{i18n.ANALYZE_LOGS}</>;
+  }
+  return (
+    <>
+      <EuiLoadingSpinner size="s" />
+      {i18n.LOADING}
+    </>
+  );
+});
+AnalyzeButtonText.displayName = 'AnalyzeButtonText';
+
+interface FooterProps {
+  currentStep: State['step'];
+  isGenerating: State['isGenerating'];
+  onGenerate: () => void;
+  isNextStepEnabled?: boolean;
+}
+
+export const Footer = React.memo<FooterProps>(
+  ({ currentStep, onGenerate, isGenerating, isNextStepEnabled = false }) => {
+    const telemetry = useTelemetry();
+    const { setStep } = useActions();
+    const navigate = useNavigate();
+
+    const onBack = useCallback(() => {
+      if (currentStep === 1) {
+        navigate(Page.landing);
+      } else {
+        setStep(currentStep - 1);
+      }
+    }, [currentStep, navigate, setStep]);
+
+    const onNext = useCallback(() => {
+      telemetry.reportAssistantStepComplete({ step: currentStep });
+      if (currentStep === 3) {
+        onGenerate();
+      } else {
+        setStep(currentStep + 1);
+      }
+    }, [currentStep, onGenerate, setStep, telemetry]);
+
+    const nextButtonText = useMemo(() => {
+      if (currentStep === 3) {
+        return <AnalyzeButtonText isGenerating={isGenerating} />;
+      }
+      if (currentStep === 4) {
+        return i18n.ADD_TO_ELASTIC;
+      }
+    }, [currentStep, isGenerating]);
+
+    if (currentStep === 5) {
+      return <ButtonsFooter cancelButtonText={i18n.CLOSE} />;
+    }
+    return (
+      <ButtonsFooter
+        isNextDisabled={!isNextStepEnabled || isGenerating}
+        onBack={onBack}
+        onNext={onNext}
+        nextButtonText={nextButtonText}
+      />
+    );
+  }
+);
+Footer.displayName = 'Footer';
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/constants.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/index.ts
similarity index 80%
rename from x-pack/test/api_integration/apis/asset_manager/tests/constants.ts
rename to x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/index.ts
index e71ee4fa7f49a..fbdbe09af8565 100644
--- a/x-pack/test/api_integration/apis/asset_manager/tests/constants.ts
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/index.ts
@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export const ASSETS_ENDPOINT = '/api/asset-manager/assets';
+export { Footer } from './footer';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/translations.ts
new file mode 100644
index 0000000000000..aedfd63ba2213
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/translations.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const ANALYZE_LOGS = i18n.translate('xpack.integrationAssistant.bottomBar.analyzeLogs', {
+  defaultMessage: 'Analyze logs',
+});
+
+export const LOADING = i18n.translate('xpack.integrationAssistant.bottomBar.loading', {
+  defaultMessage: 'Loading',
+});
+
+export const ADD_TO_ELASTIC = i18n.translate('xpack.integrationAssistant.bottomBar.addToElastic', {
+  defaultMessage: 'Add to Elastic',
+});
+
+export const CLOSE = i18n.translate('xpack.integrationAssistant.bottomBar.close', {
+  defaultMessage: 'Close',
+});
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/header.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/header.tsx
new file mode 100644
index 0000000000000..7b417aee5576f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/header.tsx
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiAvatar,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+  EuiText,
+  useEuiTheme,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import { AssistantAvatar } from '@kbn/elastic-assistant';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import React from 'react';
+import { useActions } from '../state';
+import { Steps } from './steps';
+import * as i18n from './translations';
+
+const useAvatarCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return css`
+    border: 1px solid ${euiTheme.colors.lightShade};
+    padding: ${euiTheme.size.xs};
+  `;
+};
+
+const contentCss = css`
+  width: 100%;
+  max-width: 730px;
+`;
+
+interface HeaderProps {
+  currentStep: number;
+  isGenerating: boolean;
+}
+export const Header = React.memo<HeaderProps>(({ currentStep, isGenerating }) => {
+  const { setStep } = useActions();
+  const { euiTheme } = useEuiTheme();
+  const avatarCss = useAvatarCss();
+  return (
+    <KibanaPageTemplate.Header>
+      <EuiFlexGroup direction="column" alignItems="center">
+        <EuiFlexItem css={contentCss}>
+          <EuiFlexGroup direction="column" gutterSize="l">
+            <EuiFlexItem>
+              <EuiSpacer size="s" />
+              <EuiFlexGroup
+                direction="row"
+                alignItems="center"
+                gutterSize="s"
+                justifyContent="center"
+              >
+                <EuiFlexItem grow={false}>
+                  <EuiAvatar
+                    name={i18n.ASSISTANT_AVATAR}
+                    size="m"
+                    iconType={AssistantAvatar}
+                    color={euiTheme.colors.emptyShade}
+                    css={avatarCss}
+                  />
+                </EuiFlexItem>
+                <EuiFlexItem>
+                  <EuiText>
+                    <h1>
+                      <span>{i18n.TITLE}</span>
+                    </h1>
+                  </EuiText>
+                </EuiFlexItem>
+              </EuiFlexGroup>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <Steps currentStep={currentStep} setStep={setStep} isGenerating={isGenerating} />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </KibanaPageTemplate.Header>
+  );
+});
+Header.displayName = 'Header';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/index.ts
new file mode 100644
index 0000000000000..37156e1b6cacd
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { Header } from './header';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/steps.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/steps.tsx
new file mode 100644
index 0000000000000..ae04d1d4b0089
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/steps.tsx
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiStepsHorizontal, type EuiStepStatus, type EuiStepsHorizontalProps } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import React, { useMemo } from 'react';
+
+interface StepsProps {
+  currentStep: number;
+  setStep: (step: number) => void;
+  isGenerating: boolean;
+}
+
+const STEP_CONNECTOR = i18n.translate('xpack.integrationAssistant.step.connector', {
+  defaultMessage: 'Connector',
+});
+
+const STEP_INTEGRATION = i18n.translate('xpack.integrationAssistant.step.integration', {
+  defaultMessage: 'Integration',
+});
+
+const STEP_DATA_STREAM = i18n.translate('xpack.integrationAssistant.step.dataStream', {
+  defaultMessage: 'Data stream',
+});
+
+const STEP_REVIEW = i18n.translate('xpack.integrationAssistant.step.review', {
+  defaultMessage: 'Review',
+});
+
+const getStepStatus = (step: number, currentStep: number, loading?: boolean): EuiStepStatus => {
+  if (step === currentStep) {
+    return loading ? 'loading' : 'current';
+  } else if (step < currentStep) {
+    return 'complete';
+  } else {
+    return 'disabled';
+  }
+};
+
+const getStepOnClick = (step: number, currentStep: number, setStep: (step: number) => void) => {
+  if (step < currentStep) {
+    return () => setStep(step);
+  }
+  return () => {};
+};
+
+export const Steps = React.memo<StepsProps>(({ currentStep, setStep, isGenerating }) => {
+  const steps = useMemo<EuiStepsHorizontalProps['steps']>(() => {
+    return [
+      {
+        title: STEP_CONNECTOR,
+        status: getStepStatus(1, currentStep),
+        onClick: getStepOnClick(1, currentStep, setStep),
+      },
+      {
+        title: STEP_INTEGRATION,
+        status: getStepStatus(2, currentStep),
+        onClick: getStepOnClick(2, currentStep, setStep),
+      },
+      {
+        title: STEP_DATA_STREAM,
+        status: getStepStatus(3, currentStep, isGenerating),
+        onClick: getStepOnClick(3, currentStep, setStep),
+      },
+      {
+        title: STEP_REVIEW,
+        status: getStepStatus(4, currentStep, isGenerating),
+        onClick: getStepOnClick(4, currentStep, setStep),
+      },
+    ];
+  }, [currentStep, setStep, isGenerating]);
+
+  return <EuiStepsHorizontal steps={steps} size="s" />;
+});
+Steps.displayName = 'Steps';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/translations.ts
new file mode 100644
index 0000000000000..85d342ce6aa33
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/header/translations.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const TITLE = i18n.translate('xpack.integrationAssistant.pages.header.title', {
+  defaultMessage: 'New integration',
+});
+
+export const ASSISTANT_AVATAR = i18n.translate(
+  'xpack.integrationAssistant.pages.header.avatarTitle',
+  {
+    defaultMessage: 'Powered by generative AI',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/index.ts
new file mode 100644
index 0000000000000..d0255856adbe8
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { CreateIntegrationAssistant } from './create_integration_assistant';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts
new file mode 100644
index 0000000000000..161d1b0646541
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts
@@ -0,0 +1,75 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createContext, useContext } from 'react';
+import type { Pipeline, Docs } from '../../../../common';
+import type { AIConnector, IntegrationSettings } from './types';
+
+export interface State {
+  step: number;
+  connector?: AIConnector;
+  integrationSettings?: IntegrationSettings;
+  isGenerating: boolean;
+  result?: {
+    pipeline: Pipeline;
+    docs: Docs;
+  };
+}
+
+export const initialState: State = {
+  step: 1,
+  connector: undefined,
+  integrationSettings: undefined,
+  isGenerating: false,
+  result: undefined,
+};
+
+type Action =
+  | { type: 'SET_STEP'; payload: State['step'] }
+  | { type: 'SET_CONNECTOR'; payload: State['connector'] }
+  | { type: 'SET_INTEGRATION_SETTINGS'; payload: State['integrationSettings'] }
+  | { type: 'SET_IS_GENERATING'; payload: State['isGenerating'] }
+  | { type: 'SET_GENERATED_RESULT'; payload: State['result'] };
+
+export const reducer = (state: State, action: Action): State => {
+  switch (action.type) {
+    case 'SET_STEP':
+      return {
+        ...state,
+        step: action.payload,
+        isGenerating: false,
+        ...(action.payload < state.step && { result: undefined }), // reset the result when we go back
+      };
+    case 'SET_CONNECTOR':
+      return { ...state, connector: action.payload };
+    case 'SET_INTEGRATION_SETTINGS':
+      return { ...state, integrationSettings: action.payload };
+    case 'SET_IS_GENERATING':
+      return { ...state, isGenerating: action.payload };
+    case 'SET_GENERATED_RESULT':
+      return { ...state, result: action.payload };
+    default:
+      return state;
+  }
+};
+
+export interface Actions {
+  setStep: (payload: State['step']) => void;
+  setConnector: (payload: State['connector']) => void;
+  setIntegrationSettings: (payload: State['integrationSettings']) => void;
+  setIsGenerating: (payload: State['isGenerating']) => void;
+  setResult: (payload: State['result']) => void;
+}
+
+const ActionsContext = createContext<Actions | undefined>(undefined);
+export const ActionsProvider = ActionsContext.Provider;
+export const useActions = () => {
+  const actions = useContext(ActionsContext);
+  if (!actions) {
+    throw new Error('useActions must be used within a ActionsProvider');
+  }
+  return actions;
+};
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx
new file mode 100644
index 0000000000000..6684ed95dde2f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { useEuiTheme, EuiBadge, EuiFlexGroup, EuiFlexItem, EuiPanel, EuiRadio } from '@elastic/eui';
+import { noop } from 'lodash/fp';
+import { css } from '@emotion/react';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+import type { AIConnector } from '../../types';
+import { useActions } from '../../state';
+
+const useRowCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return css`
+    &.euiPanel:hover,
+    &.euiPanel:focus {
+      box-shadow: none;
+      transform: none;
+    }
+    &.euiPanel:hover {
+      background-color: ${euiTheme.colors.lightestShade};
+    }
+    .euiRadio {
+      color: ${euiTheme.colors.primaryText};
+      label.euiRadio__label {
+        padding-left: ${euiTheme.size.xl} !important;
+      }
+    }
+  `;
+};
+
+interface ConnectorSelectorProps {
+  connectors: AIConnector[];
+  selectedConnectorId: string | undefined;
+}
+export const ConnectorSelector = React.memo<ConnectorSelectorProps>(
+  ({ connectors, selectedConnectorId }) => {
+    const {
+      triggersActionsUi: { actionTypeRegistry },
+    } = useKibana().services;
+    const { setConnector } = useActions();
+    const rowCss = useRowCss();
+    return (
+      <>
+        {connectors.map((connector) => (
+          <EuiFlexItem key={connector.id}>
+            <EuiPanel
+              key={connector.id}
+              onClick={() => setConnector(connector)}
+              hasShadow={false}
+              hasBorder
+              paddingSize="l"
+              css={rowCss}
+            >
+              <EuiFlexGroup direction="row" alignItems="center" justifyContent="spaceBetween">
+                <EuiFlexItem>
+                  <EuiRadio
+                    label={connector.name}
+                    id={connector.id}
+                    checked={selectedConnectorId === connector.id}
+                    onChange={noop}
+                  />
+                </EuiFlexItem>
+                <EuiFlexItem grow={false}>
+                  <EuiBadge color="hollow">
+                    {actionTypeRegistry.get(connector.actionTypeId).actionTypeTitle}
+                  </EuiBadge>
+                </EuiFlexItem>
+              </EuiFlexGroup>
+            </EuiPanel>
+          </EuiFlexItem>
+        ))}
+      </>
+    );
+  }
+);
+ConnectorSelector.displayName = 'ConnectorSelector';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_setup.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_setup.tsx
new file mode 100644
index 0000000000000..ffcff21bd673f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_setup.tsx
@@ -0,0 +1,129 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo, useState } from 'react';
+import {
+  useEuiTheme,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiListGroup,
+  EuiIcon,
+  EuiPanel,
+  EuiLoadingSpinner,
+  EuiText,
+  EuiLink,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import {
+  ConnectorAddModal,
+  type ActionConnector,
+} from '@kbn/triggers-actions-ui-plugin/public/common/constants';
+import { useLoadActionTypes } from '@kbn/elastic-assistant/impl/connectorland/use_load_action_types';
+import type { ActionType } from '@kbn/actions-plugin/common';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+
+const usePanelCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return css`
+    &.euiPanel:hover {
+      background-color: ${euiTheme.colors.lightestShade};
+    }
+  `;
+};
+
+interface ConnectorSetupProps {
+  onConnectorSaved?: (savedAction: ActionConnector) => void;
+  onClose?: () => void;
+  actionTypeIds?: string[];
+  compressed?: boolean;
+}
+export const ConnectorSetup = React.memo<ConnectorSetupProps>(
+  ({ onConnectorSaved, onClose, actionTypeIds, compressed = false }) => {
+    const panelCss = usePanelCss();
+    const {
+      http,
+      triggersActionsUi: { actionTypeRegistry },
+      notifications: { toasts },
+    } = useKibana().services;
+    const [selectedActionType, setSelectedActionType] = useState<ActionType | null>(null);
+
+    const onModalClose = useCallback(() => {
+      setSelectedActionType(null);
+      onClose?.();
+    }, [onClose]);
+
+    const { data } = useLoadActionTypes({ http, toasts });
+
+    const actionTypes = useMemo(() => {
+      if (actionTypeIds && data) {
+        return data.filter((actionType) => actionTypeIds.includes(actionType.id));
+      }
+      return data;
+    }, [data, actionTypeIds]);
+
+    if (!actionTypes) {
+      return <EuiLoadingSpinner />;
+    }
+
+    return (
+      <>
+        {compressed ? (
+          <EuiListGroup
+            flush
+            listItems={actionTypes.map((actionType) => ({
+              id: actionType.id,
+              label: actionType.name,
+              size: 's',
+              icon: (
+                <EuiIcon
+                  size="l"
+                  color="text"
+                  type={actionTypeRegistry.get(actionType.id).iconClass}
+                />
+              ),
+              isDisabled: !actionType.enabled,
+              onClick: () => setSelectedActionType(actionType),
+            }))}
+          />
+        ) : (
+          <EuiFlexGroup direction="column" gutterSize="s">
+            {actionTypes?.map((actionType: ActionType) => (
+              <EuiFlexItem data-test-subj="action-option" key={actionType.id}>
+                <EuiLink onClick={() => setSelectedActionType(actionType)}>
+                  <EuiPanel hasShadow={false} hasBorder paddingSize="l" css={panelCss}>
+                    <EuiFlexGroup direction="row" alignItems="center" gutterSize="s">
+                      <EuiFlexItem grow={false}>
+                        <EuiIcon
+                          size="xl"
+                          color="text"
+                          type={actionTypeRegistry.get(actionType.id).iconClass}
+                        />
+                      </EuiFlexItem>
+                      <EuiFlexItem>
+                        <EuiText size="s">{actionType.name}</EuiText>
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                  </EuiPanel>
+                </EuiLink>
+              </EuiFlexItem>
+            ))}
+          </EuiFlexGroup>
+        )}
+
+        {selectedActionType && (
+          <ConnectorAddModal
+            actionTypeRegistry={actionTypeRegistry}
+            actionType={selectedActionType}
+            onClose={onModalClose}
+            postSaveEventHandler={onConnectorSaved}
+          />
+        )}
+      </>
+    );
+  }
+);
+ConnectorSetup.displayName = 'ConnectorSetup';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx
new file mode 100644
index 0000000000000..8b2ec53406a06
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useEffect, useState } from 'react';
+import { useLoadConnectors } from '@kbn/elastic-assistant';
+import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner, EuiPopover, EuiLink } from '@elastic/eui';
+import {
+  AuthorizationWrapper,
+  MissingPrivilegesTooltip,
+} from '../../../../../common/components/authorization';
+import { useAuthorization } from '../../../../../common/hooks/use_authorization';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+import { StepContentWrapper } from '../step_content_wrapper';
+import { ConnectorSelector } from './connector_selector';
+import { ConnectorSetup } from './connector_setup';
+import type { AIConnector } from '../../types';
+import { useActions } from '../../state';
+import * as i18n from './translations';
+
+/**
+ * List of allowed action type IDs for the integrations assistant.
+ */
+const AllowedActionTypeIds = ['.bedrock'];
+
+interface ConnectorStepProps {
+  connector: AIConnector | undefined;
+}
+export const ConnectorStep = React.memo<ConnectorStepProps>(({ connector }) => {
+  const { http, notifications } = useKibana().services;
+  const { setConnector } = useActions();
+  const [connectors, setConnectors] = useState<AIConnector[]>();
+  const {
+    isLoading,
+    data: aiConnectors,
+    refetch: refetchConnectors,
+  } = useLoadConnectors({ http, toasts: notifications.toasts });
+
+  useEffect(() => {
+    if (aiConnectors != null) {
+      // filter out connectors, this is temporary until we add support for more models
+      const filteredAiConnectors = aiConnectors.filter(({ actionTypeId }) =>
+        AllowedActionTypeIds.includes(actionTypeId)
+      );
+      setConnectors(filteredAiConnectors);
+      if (filteredAiConnectors && filteredAiConnectors.length === 1) {
+        // pre-select the connector if there is only one
+        setConnector(filteredAiConnectors[0]);
+      }
+    }
+  }, [aiConnectors, setConnector]);
+
+  const onConnectorSaved = useCallback(() => refetchConnectors(), [refetchConnectors]);
+
+  const hasConnectors = !isLoading && connectors?.length;
+
+  return (
+    <StepContentWrapper
+      title={i18n.TITLE}
+      subtitle={i18n.DESCRIPTION}
+      right={hasConnectors ? <CreateConnectorPopover onConnectorSaved={onConnectorSaved} /> : null}
+    >
+      <EuiFlexGroup direction="column" alignItems="stretch">
+        <EuiFlexItem>
+          {isLoading ? (
+            <EuiLoadingSpinner />
+          ) : (
+            <>
+              {hasConnectors ? (
+                <EuiFlexGroup alignItems="stretch" direction="column" gutterSize="s">
+                  <ConnectorSelector connectors={connectors} selectedConnectorId={connector?.id} />
+                </EuiFlexGroup>
+              ) : (
+                <AuthorizationWrapper canCreateConnectors>
+                  <ConnectorSetup
+                    actionTypeIds={AllowedActionTypeIds}
+                    onConnectorSaved={onConnectorSaved}
+                  />
+                </AuthorizationWrapper>
+              )}
+            </>
+          )}
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </StepContentWrapper>
+  );
+});
+ConnectorStep.displayName = 'ConnectorStep';
+
+interface CreateConnectorPopoverProps {
+  onConnectorSaved: () => void;
+}
+const CreateConnectorPopover = React.memo<CreateConnectorPopoverProps>(({ onConnectorSaved }) => {
+  const { canCreateConnectors } = useAuthorization();
+  const [isOpen, setIsPopoverOpen] = useState(false);
+  const openPopover = useCallback(() => setIsPopoverOpen(true), []);
+  const closePopover = useCallback(() => setIsPopoverOpen(false), []);
+
+  const onConnectorSavedAndClose = useCallback(() => {
+    onConnectorSaved();
+    closePopover();
+  }, [onConnectorSaved, closePopover]);
+
+  if (!canCreateConnectors) {
+    return (
+      <MissingPrivilegesTooltip canCreateConnectors>
+        <EuiLink disabled>{i18n.CREATE_CONNECTOR}</EuiLink>
+      </MissingPrivilegesTooltip>
+    );
+  }
+  return (
+    <EuiPopover
+      button={<EuiLink onClick={openPopover}>{i18n.CREATE_CONNECTOR}</EuiLink>}
+      isOpen={isOpen}
+      closePopover={closePopover}
+    >
+      <EuiFlexGroup alignItems="flexStart">
+        <EuiFlexItem grow={false}>
+          <ConnectorSetup
+            actionTypeIds={AllowedActionTypeIds}
+            onConnectorSaved={onConnectorSavedAndClose}
+            onClose={closePopover}
+            compressed
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiPopover>
+  );
+});
+CreateConnectorPopover.displayName = 'CreateConnectorPopover';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/index.ts
new file mode 100644
index 0000000000000..a69f8d4bc3a85
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { ConnectorStep } from './connector_step';
+export * from './is_step_ready';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts
new file mode 100644
index 0000000000000..5b425b0940094
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { State } from '../../state';
+
+export const isConnectorStepReady = ({ connector }: State) => connector != null;
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/translations.ts
new file mode 100644
index 0000000000000..4b6ab77fb9790
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/translations.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const TITLE = i18n.translate('xpack.integrationAssistant.steps.connector.title', {
+  defaultMessage: 'Choose your AI connector',
+});
+
+export const DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.steps.connector.description',
+  {
+    defaultMessage: 'Select an AI connector to help you create your custom integration',
+  }
+);
+
+export const CREATE_CONNECTOR = i18n.translate(
+  'xpack.integrationAssistant.steps.connector.createConnectorLabel',
+  {
+    defaultMessage: 'Create new connector',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx
new file mode 100644
index 0000000000000..24b290a158f04
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx
@@ -0,0 +1,231 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useEffect, useMemo, useState } from 'react';
+import {
+  EuiFieldText,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiForm,
+  EuiFormRow,
+  EuiPanel,
+  EuiSelect,
+} from '@elastic/eui';
+import type { InputType } from '../../../../../../common';
+import { useActions, type State } from '../../state';
+import type { IntegrationSettings } from '../../types';
+import { StepContentWrapper } from '../step_content_wrapper';
+import { SampleLogsInput } from './sample_logs_input';
+import type { OnComplete } from './generation_modal';
+import { GenerationModal } from './generation_modal';
+import { useLoadPackageNames } from './use_load_package_names';
+import * as i18n from './translations';
+
+export const InputTypeOptions: Array<{ value: InputType; text: string }> = [
+  { value: 'aws_cloudwatch', text: 'AWS Cloudwatch' },
+  { value: 'aws_s3', text: 'AWS S3' },
+  { value: 'azure_blob_storage', text: 'Azure Blob Storage' },
+  { value: 'azure_eventhub', text: 'Azure Event Hub' },
+  { value: 'cel', text: 'Common Expression Language (CEL)' },
+  { value: 'cloudfoundry', text: 'Cloud Foundry' },
+  { value: 'filestream', text: 'File Stream' },
+  { value: 'gcp_pubsub', text: 'GCP Pub/Sub' },
+  { value: 'gcs', text: 'Google Cloud Storage' },
+  { value: 'http_endpoint', text: 'HTTP Endpoint' },
+  { value: 'journald', text: 'Journald' },
+  { value: 'kafka', text: 'Kafka' },
+  { value: 'tcp', text: 'TCP' },
+  { value: 'udp', text: 'UDP' },
+];
+
+const isValidName = (name: string) => /^[a-z0-9_]+$/.test(name);
+const getNameFromTitle = (title: string) => title.toLowerCase().replaceAll(/[^a-z0-9]/g, '_');
+
+interface DataStreamStepProps {
+  integrationSettings: State['integrationSettings'];
+  connector: State['connector'];
+  isGenerating: State['isGenerating'];
+}
+export const DataStreamStep = React.memo<DataStreamStepProps>(
+  ({ integrationSettings, connector, isGenerating }) => {
+    const { setIntegrationSettings, setIsGenerating, setStep, setResult } = useActions();
+    const { isLoading: isLoadingPackageNames, packageNames } = useLoadPackageNames(); // this is used to avoid duplicate names
+
+    const [name, setName] = useState<string>(integrationSettings?.name ?? '');
+    const [dataStreamName, setDataStreamName] = useState<string>(
+      integrationSettings?.dataStreamName ?? ''
+    );
+    const [invalidFields, setInvalidFields] = useState({ name: false, dataStreamName: false });
+
+    const setIntegrationValues = useCallback(
+      (settings: Partial<IntegrationSettings>) =>
+        setIntegrationSettings({ ...integrationSettings, ...settings }),
+      [integrationSettings, setIntegrationSettings]
+    );
+
+    const onChange = useMemo(() => {
+      return {
+        name: (e: React.ChangeEvent<HTMLInputElement>) => {
+          const nextName = e.target.value;
+          setName(nextName);
+          if (!isValidName(nextName) || packageNames?.has(nextName)) {
+            setInvalidFields((current) => ({ ...current, name: true }));
+            setIntegrationValues({ name: undefined });
+          } else {
+            setInvalidFields((current) => ({ ...current, name: false }));
+            setIntegrationValues({ name: nextName });
+          }
+        },
+        dataStreamName: (e: React.ChangeEvent<HTMLInputElement>) => {
+          const nextDataStreamName = e.target.value;
+          setDataStreamName(nextDataStreamName);
+          if (!isValidName(nextDataStreamName)) {
+            setInvalidFields((current) => ({ ...current, dataStreamName: true }));
+            setIntegrationValues({ dataStreamName: undefined });
+          } else {
+            setInvalidFields((current) => ({ ...current, dataStreamName: false }));
+            setIntegrationValues({ dataStreamName: nextDataStreamName });
+          }
+        },
+        // inputs without validation
+        dataStreamTitle: (e: React.ChangeEvent<HTMLInputElement>) =>
+          setIntegrationValues({ dataStreamTitle: e.target.value }),
+        dataStreamDescription: (e: React.ChangeEvent<HTMLInputElement>) =>
+          setIntegrationValues({ dataStreamDescription: e.target.value }),
+        inputType: (e: React.ChangeEvent<HTMLSelectElement>) => {
+          setIntegrationValues({ inputType: e.target.value as InputType });
+        },
+      };
+    }, [setIntegrationValues, setInvalidFields, packageNames]);
+
+    useEffect(() => {
+      // Pre-populates the name from the title set in the previous step.
+      // Only executed once when the packageNames are loaded
+      if (packageNames != null && integrationSettings?.name == null && integrationSettings?.title) {
+        const generatedName = getNameFromTitle(integrationSettings.title);
+        if (!packageNames.has(generatedName)) {
+          setName(generatedName);
+          setIntegrationValues({ name: generatedName });
+        }
+      }
+      // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [packageNames]);
+
+    const onGenerationCompleted = useCallback<OnComplete>(
+      (result: State['result']) => {
+        if (result) {
+          setResult(result);
+          setIsGenerating(false);
+          setStep(4);
+        }
+      },
+      [setResult, setIsGenerating, setStep]
+    );
+    const onGenerationClosed = useCallback(() => {
+      setIsGenerating(false); // aborts generation
+    }, [setIsGenerating]);
+
+    const nameInputError = useMemo(() => {
+      if (packageNames && name && packageNames.has(name)) {
+        return i18n.NAME_ALREADY_EXISTS_ERROR;
+      }
+    }, [packageNames, name]);
+
+    return (
+      <EuiFlexGroup direction="column" gutterSize="l">
+        <EuiFlexItem>
+          <StepContentWrapper
+            title={i18n.INTEGRATION_NAME_TITLE}
+            subtitle={i18n.INTEGRATION_NAME_DESCRIPTION}
+          >
+            <EuiPanel hasShadow={false} hasBorder>
+              <EuiForm component="form" fullWidth>
+                <EuiFormRow
+                  label={i18n.INTEGRATION_NAME_LABEL}
+                  helpText={
+                    !nameInputError && !invalidFields.name ? i18n.NO_SPACES_HELP : undefined
+                  }
+                  isInvalid={!!nameInputError || invalidFields.name}
+                  error={[nameInputError ?? i18n.NO_SPACES_HELP]}
+                >
+                  <EuiFieldText
+                    name="name"
+                    value={name}
+                    onChange={onChange.name}
+                    isInvalid={invalidFields.name}
+                    isLoading={isLoadingPackageNames}
+                    disabled={isLoadingPackageNames}
+                  />
+                </EuiFormRow>
+              </EuiForm>
+            </EuiPanel>
+          </StepContentWrapper>
+        </EuiFlexItem>
+
+        <EuiFlexItem>
+          <StepContentWrapper
+            title={i18n.DATA_STREAM_TITLE}
+            subtitle={i18n.DATA_STREAM_DESCRIPTION}
+          >
+            <EuiPanel hasShadow={false} hasBorder>
+              <EuiForm component="form" fullWidth>
+                <EuiFormRow label={i18n.DATA_STREAM_TITLE_LABEL}>
+                  <EuiFieldText
+                    name="dataStreamTitle"
+                    value={integrationSettings?.dataStreamTitle ?? ''}
+                    onChange={onChange.dataStreamTitle}
+                  />
+                </EuiFormRow>
+                <EuiFormRow label={i18n.DATA_STREAM_DESCRIPTION_LABEL}>
+                  <EuiFieldText
+                    name="dataStreamDescription"
+                    value={integrationSettings?.dataStreamDescription ?? ''}
+                    onChange={onChange.dataStreamDescription}
+                  />
+                </EuiFormRow>
+                <EuiFormRow
+                  label={i18n.DATA_STREAM_NAME_LABEL}
+                  helpText={!invalidFields.dataStreamName ? i18n.NO_SPACES_HELP : undefined}
+                  isInvalid={invalidFields.dataStreamName}
+                  error={[i18n.NO_SPACES_HELP]}
+                >
+                  <EuiFieldText
+                    name="dataStreamName"
+                    value={dataStreamName}
+                    onChange={onChange.dataStreamName}
+                    isInvalid={invalidFields.dataStreamName}
+                  />
+                </EuiFormRow>
+                <EuiFormRow label={i18n.DATA_COLLECTION_METHOD_LABEL}>
+                  <EuiSelect
+                    name="dataCollectionMethod"
+                    options={InputTypeOptions}
+                    value={integrationSettings?.inputType ?? ''}
+                    onChange={onChange.inputType}
+                  />
+                </EuiFormRow>
+                <SampleLogsInput
+                  integrationSettings={integrationSettings}
+                  setIntegrationSettings={setIntegrationSettings}
+                />
+              </EuiForm>
+            </EuiPanel>
+          </StepContentWrapper>
+          {isGenerating && (
+            <GenerationModal
+              integrationSettings={integrationSettings}
+              connector={connector}
+              onComplete={onGenerationCompleted}
+              onClose={onGenerationClosed}
+            />
+          )}
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    );
+  }
+);
+DataStreamStep.displayName = 'DataStreamStep';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx
new file mode 100644
index 0000000000000..08df5d3d2d74b
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx
@@ -0,0 +1,239 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiLoadingSpinner,
+  EuiModal,
+  EuiModalBody,
+  EuiModalFooter,
+  EuiModalHeader,
+  EuiModalHeaderTitle,
+  EuiProgress,
+  EuiSpacer,
+  EuiText,
+  useEuiTheme,
+} from '@elastic/eui';
+import { isEmpty } from 'lodash/fp';
+import React, { useEffect, useMemo, useState } from 'react';
+import { css } from '@emotion/react';
+import type {
+  CategorizationRequestBody,
+  EcsMappingRequestBody,
+  RelatedRequestBody,
+} from '../../../../../../common';
+import {
+  runCategorizationGraph,
+  runEcsGraph,
+  runRelatedGraph,
+} from '../../../../../common/lib/api';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+import type { State } from '../../state';
+import * as i18n from './translations';
+import { useTelemetry } from '../../../telemetry';
+
+export type OnComplete = (result: State['result']) => void;
+
+const ProgressOrder = ['ecs', 'categorization', 'related'];
+type ProgressItem = typeof ProgressOrder[number];
+
+const progressText: Record<ProgressItem, string> = {
+  ecs: i18n.PROGRESS_ECS_MAPPING,
+  categorization: i18n.PROGRESS_CATEGORIZATION,
+  related: i18n.PROGRESS_RELATED_GRAPH,
+};
+
+interface UseGenerationProps {
+  integrationSettings: State['integrationSettings'];
+  connector: State['connector'];
+  onComplete: OnComplete;
+}
+export const useGeneration = ({
+  integrationSettings,
+  connector,
+  onComplete,
+}: UseGenerationProps) => {
+  const { reportGenerationComplete } = useTelemetry();
+  const { http, notifications } = useKibana().services;
+  const [progress, setProgress] = useState<ProgressItem>();
+  const [error, setError] = useState<null | string>(null);
+
+  useEffect(() => {
+    if (
+      http == null ||
+      connector == null ||
+      integrationSettings == null ||
+      notifications?.toasts == null
+    ) {
+      return;
+    }
+    const generationStartedAt = Date.now();
+    const abortController = new AbortController();
+    const deps = { http, abortSignal: abortController.signal };
+
+    (async () => {
+      try {
+        const ecsRequest: EcsMappingRequestBody = {
+          packageName: integrationSettings.name ?? '',
+          dataStreamName: integrationSettings.dataStreamName ?? '',
+          rawSamples: integrationSettings.logsSampleParsed ?? [],
+          connectorId: connector.id,
+        };
+
+        setProgress('ecs');
+        const ecsGraphResult = await runEcsGraph(ecsRequest, deps);
+        if (abortController.signal.aborted) return;
+        if (isEmpty(ecsGraphResult?.results)) {
+          setError('No results from ECS graph');
+          return;
+        }
+        const categorizationRequest: CategorizationRequestBody = {
+          ...ecsRequest,
+          currentPipeline: ecsGraphResult.results.pipeline,
+        };
+
+        setProgress('categorization');
+        const categorizationResult = await runCategorizationGraph(categorizationRequest, deps);
+        if (abortController.signal.aborted) return;
+        const relatedRequest: RelatedRequestBody = {
+          ...categorizationRequest,
+          currentPipeline: categorizationResult.results.pipeline,
+        };
+
+        setProgress('related');
+        const relatedGraphResult = await runRelatedGraph(relatedRequest, deps);
+        if (abortController.signal.aborted) return;
+
+        if (isEmpty(relatedGraphResult?.results)) {
+          throw new Error('Results not found in response');
+        }
+
+        reportGenerationComplete({
+          connector,
+          integrationSettings,
+          durationMs: Date.now() - generationStartedAt,
+        });
+
+        onComplete(relatedGraphResult.results);
+      } catch (e) {
+        if (abortController.signal.aborted) return;
+        const errorMessage = e.body?.message ?? e.message;
+
+        reportGenerationComplete({
+          connector,
+          integrationSettings,
+          durationMs: Date.now() - generationStartedAt,
+          error: errorMessage,
+        });
+
+        setError(`Error: ${errorMessage}`);
+      }
+    })();
+    return () => {
+      abortController.abort();
+    };
+  }, [
+    onComplete,
+    setProgress,
+    connector,
+    http,
+    integrationSettings,
+    reportGenerationComplete,
+    notifications?.toasts,
+  ]);
+
+  return {
+    progress,
+    error,
+  };
+};
+
+const useModalCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return {
+    headerCss: css`
+      justify-content: center;
+      margin-top: ${euiTheme.size.m};
+    `,
+    bodyCss: css`
+      padding: ${euiTheme.size.xxxxl};
+      min-width: 600px;
+    `,
+  };
+};
+
+interface GenerationModalProps {
+  integrationSettings: State['integrationSettings'];
+  connector: State['connector'];
+  onComplete: OnComplete;
+  onClose: () => void;
+}
+export const GenerationModal = React.memo<GenerationModalProps>(
+  ({ integrationSettings, connector, onComplete, onClose }) => {
+    const { headerCss, bodyCss } = useModalCss();
+    const { progress, error } = useGeneration({
+      integrationSettings,
+      connector,
+      onComplete,
+    });
+
+    const progressValue = useMemo<number>(
+      () => (progress ? ProgressOrder.indexOf(progress) + 1 : 0),
+      [progress]
+    );
+
+    return (
+      <EuiModal onClose={onClose}>
+        <EuiModalHeader css={headerCss}>
+          <EuiModalHeaderTitle>{i18n.ANALYZING}</EuiModalHeaderTitle>
+        </EuiModalHeader>
+        <EuiModalBody css={bodyCss}>
+          <EuiFlexGroup direction="column" gutterSize="l" justifyContent="center">
+            {progress && (
+              <>
+                <EuiFlexItem>
+                  <EuiFlexGroup
+                    direction="row"
+                    gutterSize="s"
+                    alignItems="center"
+                    justifyContent="center"
+                  >
+                    {!error && (
+                      <EuiFlexItem grow={false}>
+                        <EuiLoadingSpinner size="s" />
+                      </EuiFlexItem>
+                    )}
+                    <EuiFlexItem grow={false}>
+                      <EuiText size="xs" color="subdued">
+                        {progressText[progress]}
+                      </EuiText>
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiFlexItem>
+                <EuiFlexItem>
+                  <EuiProgress value={progressValue} max={4} color="primary" size="m" />
+                </EuiFlexItem>
+                {error && (
+                  <EuiFlexItem>
+                    <EuiText color="danger" size="xs">
+                      {error}
+                    </EuiText>
+                  </EuiFlexItem>
+                )}
+              </>
+            )}
+          </EuiFlexGroup>
+        </EuiModalBody>
+        <EuiModalFooter>
+          <EuiSpacer size="xl" />
+        </EuiModalFooter>
+      </EuiModal>
+    );
+  }
+);
+GenerationModal.displayName = 'GenerationModal';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/index.ts
new file mode 100644
index 0000000000000..09222640c9f24
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { DataStreamStep } from './data_stream_step';
+export * from './is_step_ready';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/is_step_ready.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/is_step_ready.ts
new file mode 100644
index 0000000000000..43e0006275fa9
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/is_step_ready.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { State } from '../../state';
+
+export const isDataStreamStepReady = ({ integrationSettings }: State) =>
+  Boolean(
+    integrationSettings?.name &&
+      integrationSettings?.dataStreamTitle &&
+      integrationSettings?.dataStreamDescription &&
+      integrationSettings?.dataStreamName &&
+      integrationSettings?.logsSampleParsed
+  );
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/sample_logs_input.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/sample_logs_input.tsx
new file mode 100644
index 0000000000000..fd3a185edcc7a
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/sample_logs_input.tsx
@@ -0,0 +1,148 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useState } from 'react';
+import { EuiCallOut, EuiFilePicker, EuiFormRow, EuiSpacer, EuiText } from '@elastic/eui';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { isPlainObject } from 'lodash/fp';
+import type { IntegrationSettings } from '../../types';
+import * as i18n from './translations';
+
+const MaxLogsSampleRows = 10;
+
+/**
+ * Parse the logs sample file content (json or ndjson) and return the parsed logs sample
+ */
+const parseLogsContent = (
+  fileContent: string | undefined,
+  fileType: string
+): { error?: string; isTruncated?: boolean; logsSampleParsed?: string[] } => {
+  if (fileContent == null) {
+    return { error: i18n.LOGS_SAMPLE_ERROR.CAN_NOT_READ };
+  }
+  let parsedContent;
+  try {
+    if (fileType === 'application/json') {
+      parsedContent = JSON.parse(fileContent);
+    } else if (fileType === 'application/x-ndjson') {
+      parsedContent = fileContent
+        .split('\n')
+        .filter((line) => line.trim() !== '')
+        .map((line) => JSON.parse(line));
+    }
+  } catch (_) {
+    return { error: i18n.LOGS_SAMPLE_ERROR.FORMAT(fileType) };
+  }
+
+  if (!Array.isArray(parsedContent)) {
+    return { error: i18n.LOGS_SAMPLE_ERROR.NOT_ARRAY };
+  }
+  if (parsedContent.length === 0) {
+    return { error: i18n.LOGS_SAMPLE_ERROR.EMPTY };
+  }
+
+  let isTruncated = false;
+  if (parsedContent.length > MaxLogsSampleRows) {
+    parsedContent = parsedContent.slice(0, MaxLogsSampleRows);
+    isTruncated = true;
+  }
+
+  if (parsedContent.some((log) => !isPlainObject(log))) {
+    return { error: i18n.LOGS_SAMPLE_ERROR.NOT_OBJECT };
+  }
+
+  const logsSampleParsed = parsedContent.map((log) => JSON.stringify(log));
+  return { isTruncated, logsSampleParsed };
+};
+
+interface SampleLogsInputProps {
+  integrationSettings: IntegrationSettings | undefined;
+  setIntegrationSettings: (param: IntegrationSettings) => void;
+}
+export const SampleLogsInput = React.memo<SampleLogsInputProps>(
+  ({ integrationSettings, setIntegrationSettings }) => {
+    const { notifications } = useKibana().services;
+    const [isParsing, setIsParsing] = useState(false);
+    const [sampleFileError, setSampleFileError] = useState<string>();
+
+    const onChangeLogsSample = useCallback(
+      (files: FileList | null) => {
+        const logsSampleFile = files?.[0];
+        if (logsSampleFile == null) {
+          setSampleFileError(undefined);
+          setIntegrationSettings({ ...integrationSettings, logsSampleParsed: undefined });
+          return;
+        }
+
+        const reader = new FileReader();
+        reader.onload = function (e) {
+          const fileContent = e.target?.result as string | undefined; // We can safely cast to string since we call `readAsText` to load the file.
+          const { error, isTruncated, logsSampleParsed } = parseLogsContent(
+            fileContent,
+            logsSampleFile.type
+          );
+          setIsParsing(false);
+          setSampleFileError(error);
+          if (error) {
+            setIntegrationSettings({ ...integrationSettings, logsSampleParsed: undefined });
+            return;
+          }
+
+          if (isTruncated) {
+            notifications?.toasts.addInfo(i18n.LOGS_SAMPLE_TRUNCATED(MaxLogsSampleRows));
+          }
+
+          setIntegrationSettings({
+            ...integrationSettings,
+            logsSampleParsed,
+          });
+        };
+        setIsParsing(true);
+        reader.readAsText(logsSampleFile);
+      },
+      [integrationSettings, setIntegrationSettings, notifications?.toasts, setIsParsing]
+    );
+    return (
+      <EuiFormRow
+        label={i18n.LOGS_SAMPLE_LABEL}
+        helpText={
+          <EuiText color="danger" size="xs">
+            {sampleFileError}
+          </EuiText>
+        }
+        isInvalid={sampleFileError != null}
+      >
+        <>
+          <EuiCallOut iconType="iInCircle" color="warning">
+            {i18n.LOGS_SAMPLE_WARNING}
+          </EuiCallOut>
+          <EuiSpacer size="s" />
+
+          <EuiFilePicker
+            id="logsSampleFilePicker"
+            initialPromptText={
+              <>
+                <EuiText size="s" textAlign="center">
+                  {i18n.LOGS_SAMPLE_DESCRIPTION}
+                </EuiText>
+                <EuiText size="xs" color="subdued" textAlign="center">
+                  {i18n.LOGS_SAMPLE_DESCRIPTION_2}
+                </EuiText>
+              </>
+            }
+            onChange={onChangeLogsSample}
+            display="large"
+            aria-label="Upload logs sample file"
+            accept="application/json,application/x-ndjson"
+            isLoading={isParsing}
+          />
+        </>
+      </EuiFormRow>
+    );
+  }
+);
+SampleLogsInput.displayName = 'SampleLogsInput';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts
new file mode 100644
index 0000000000000..396e6a7990157
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts
@@ -0,0 +1,168 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const INTEGRATION_NAME_TITLE = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.integrationNameTitle',
+  {
+    defaultMessage: 'Define package name',
+  }
+);
+export const INTEGRATION_NAME_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.integrationNameDescription',
+  {
+    defaultMessage:
+      "The package name is used to refer to the integration in Elastic's ingest pipeline",
+  }
+);
+export const DATA_STREAM_TITLE = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataStreamTitle',
+  {
+    defaultMessage: 'Define data stream and upload logs',
+  }
+);
+export const DATA_STREAM_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataStreamDescription',
+  {
+    defaultMessage:
+      'Logs are analyzed to automatically map ECS fields and help create the ingestion pipeline',
+  }
+);
+
+export const INTEGRATION_NAME_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.integrationName.label',
+  {
+    defaultMessage: 'Integration package name',
+  }
+);
+export const NO_SPACES_HELP = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.noSpacesHelpText',
+  {
+    defaultMessage: 'Name can only contain lowercase letters, numbers, and underscore (_)',
+  }
+);
+export const PACKAGE_NAMES_FETCH_ERROR = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.packageNamesFetchError',
+  {
+    defaultMessage: 'Error fetching package names',
+  }
+);
+export const NAME_ALREADY_EXISTS_ERROR = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.nameAlreadyExistsError',
+  {
+    defaultMessage: 'This integration name is already in use. Please choose a different name.',
+  }
+);
+
+export const DATA_STREAM_TITLE_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataStreamTitle.label',
+  {
+    defaultMessage: 'Data stream title',
+  }
+);
+
+export const DATA_STREAM_DESCRIPTION_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataStreamDescription.label',
+  {
+    defaultMessage: 'Data stream description',
+  }
+);
+
+export const DATA_STREAM_NAME_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataStreamName.label',
+  {
+    defaultMessage: 'Data stream name',
+  }
+);
+
+export const DATA_COLLECTION_METHOD_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.dataCollectionMethod.label',
+  {
+    defaultMessage: 'Data collection method',
+  }
+);
+
+export const LOGS_SAMPLE_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.logsSample.label',
+  {
+    defaultMessage: 'Logs',
+  }
+);
+
+export const LOGS_SAMPLE_WARNING = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.logsSample.warning',
+  {
+    defaultMessage:
+      'Please note that this data will be analyzed by a third-party AI tool. Ensure that you comply with privacy and security guidelines when selecting data.',
+  }
+);
+
+export const LOGS_SAMPLE_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.logsSample.description',
+  {
+    defaultMessage: 'Drag and drop a file or Browse files.',
+  }
+);
+export const LOGS_SAMPLE_DESCRIPTION_2 = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.logsSample.description2',
+  {
+    defaultMessage: 'JSON/NDJSON format',
+  }
+);
+export const LOGS_SAMPLE_TRUNCATED = (maxRows: number) =>
+  i18n.translate('xpack.integrationAssistant.step.dataStream.logsSample.truncatedWarning', {
+    values: { maxRows },
+    defaultMessage: `The logs sample has been truncated to {maxRows} rows.`,
+  });
+export const LOGS_SAMPLE_ERROR = {
+  CAN_NOT_READ: i18n.translate(
+    'xpack.integrationAssistant.step.dataStream.logsSample.errorCanNotRead',
+    {
+      defaultMessage: 'Failed to read the logs sample file',
+    }
+  ),
+  FORMAT: (fileType: string) =>
+    i18n.translate('xpack.integrationAssistant.step.dataStream.logsSample.errorFormat', {
+      values: { fileType },
+      defaultMessage: 'The logs sample file has not a valid {fileType} format',
+    }),
+  NOT_ARRAY: i18n.translate('xpack.integrationAssistant.step.dataStream.logsSample.errorNotArray', {
+    defaultMessage: 'The logs sample file is not an array',
+  }),
+  EMPTY: i18n.translate('xpack.integrationAssistant.step.dataStream.logsSample.errorEmpty', {
+    defaultMessage: 'The logs sample file is empty',
+  }),
+  NOT_OBJECT: i18n.translate(
+    'xpack.integrationAssistant.step.dataStream.logsSample.errorNotObject',
+    {
+      defaultMessage: 'The logs sample file contains non-object entries',
+    }
+  ),
+};
+
+export const ANALYZING = i18n.translate('xpack.integrationAssistant.step.dataStream.analyzing', {
+  defaultMessage: 'Analyzing',
+});
+export const PROGRESS_ECS_MAPPING = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.progress.ecsMapping',
+  {
+    defaultMessage: 'Mapping ECS fields',
+  }
+);
+export const PROGRESS_CATEGORIZATION = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.progress.categorization',
+  {
+    defaultMessage: 'Adding categorization',
+  }
+);
+export const PROGRESS_RELATED_GRAPH = i18n.translate(
+  'xpack.integrationAssistant.step.dataStream.progress.relatedGraph',
+  {
+    defaultMessage: 'Generating related fields',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/use_load_package_names.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/use_load_package_names.ts
new file mode 100644
index 0000000000000..f25b3a809650e
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/use_load_package_names.ts
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useEffect, useState } from 'react';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+import { getInstalledPackages } from '../../../../../common/lib/api';
+import * as i18n from './translations';
+
+export const useLoadPackageNames = () => {
+  const { http, notifications } = useKibana().services;
+  const [packageNames, setPackageNames] = useState<Set<string>>();
+  const [isLoading, setIsLoading] = useState(true);
+
+  useEffect(() => {
+    const abortController = new AbortController();
+    const deps = { http, abortSignal: abortController.signal };
+    (async () => {
+      try {
+        setIsLoading(true);
+        const packagesResponse = await getInstalledPackages(deps);
+        if (abortController.signal.aborted) return;
+        if (!packagesResponse?.response?.length) {
+          throw Error('No packages found');
+        }
+        setPackageNames(new Set(packagesResponse.response.map((pkg) => pkg.name)));
+      } catch (e) {
+        if (!abortController.signal.aborted) {
+          notifications?.toasts.addError(e, {
+            title: i18n.PACKAGE_NAMES_FETCH_ERROR,
+          });
+        }
+      } finally {
+        setIsLoading(false);
+      }
+    })();
+    return () => {
+      abortController.abort();
+    };
+  }, [http, notifications]);
+
+  return {
+    isLoading,
+    packageNames,
+  };
+};
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/default_logo.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/default_logo.ts
new file mode 100644
index 0000000000000..26f4b8ca6ddc1
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/default_logo.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+/* geoToken icon svg base64 encoded */
+export const defaultLogoEncoded =
+  'PHN2ZyB3aWR0aD0iMzEiIGhlaWdodD0iMzEiIHZpZXdCb3g9IjAgMCAzMSAzMSIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzk4XzcwMDApIj4KPHJlY3Qgd2lkdGg9IjMxIiBoZWlnaHQ9IjMxIiByeD0iMyIgZmlsbD0id2hpdGUiLz4KPHJlY3Qgb3BhY2l0eT0iMC4xIiB3aWR0aD0iMzEiIGhlaWdodD0iMzEiIHJ4PSIzIiBmaWxsPSIjRDZCRjU3Ii8+CjxyZWN0IG9wYWNpdHk9IjAuMyIgeD0iMC41IiB5PSIwLjUiIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgcng9IjIuNSIgc3Ryb2tlPSIjRDZCRjU3Ii8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNMTUuNSA1LjgxMjVDMTguNjY5MiA1LjgxMjUgMjEuNDgzIDcuMzM0MzUgMjMuMjUwNCA5LjY4NzEyTDIzLjI1IDkuNjg3NUMyNC40NjczIDExLjMwNzkgMjUuMTg3NSAxMy4zMTk4IDI1LjE4NzUgMTUuNUMyNS4xODc1IDE3LjY4MDIgMjQuNDY3MyAxOS42OTIxIDIzLjI1MTkgMjEuMzEwOUwyMy4yNSAyMS4zMTI1QzIxLjQ4MTUgMjMuNjY2NSAxOC42Njg0IDI1LjE4NzUgMTUuNSAyNS4xODc1QzEyLjMzMTYgMjUuMTg3NSA5LjUxODU0IDIzLjY2NjUgNy43NTEwNCAyMS4zMTQ4TDcuNzUgMjEuMzEyNUM2LjUzMzI1IDE5LjY5MzcgNS44MTI1IDE3LjY4MSA1LjgxMjUgMTUuNUM1LjgxMjUgMTAuMTQ5NyAxMC4xNDk3IDUuODEyNSAxNS41IDUuODEyNVpNMTcuMzM2NSAyMS4zMTM1SDEzLjY2MzVDMTQuMjAwNSAyMi41MjQ2IDE0Ljg2OTUgMjMuMjUgMTUuNSAyMy4yNUMxNi4xMzA1IDIzLjI1IDE2Ljc5OTUgMjIuNTI0NiAxNy4zMzY1IDIxLjMxMzVaTTExLjYyNTIgMjEuMzEzOUwxMC4zNzU4IDIxLjMxNDRDMTAuOTA2NSAyMS43ODI0IDExLjUwMTcgMjIuMTc4OSAxMi4xNDY0IDIyLjQ4ODhDMTEuOTU3IDIyLjEyNjUgMTEuNzgyOCAyMS43MzM0IDExLjYyNTIgMjEuMzEzOVpNMjAuNjI0MiAyMS4zMTQ0TDE5LjM3NDggMjEuMzEzOUMxOS4yMTcyIDIxLjczMzQgMTkuMDQzIDIyLjEyNjUgMTguODU0IDIyLjQ4OTJDMTkuNDk4MyAyMi4xNzg5IDIwLjA5MzUgMjEuNzgyNCAyMC42MjQyIDIxLjMxNDRaTTEwLjY4MDIgMTYuNDY5M0w3LjgxMDE0IDE2LjQ3MDJDNy45NDEwOCAxNy41MTg3IDguMjgxNDUgMTguNTAyIDguNzg4MDYgMTkuMzc3MUwxMS4wNTk3IDE5LjM3NjdDMTAuODYxOCAxOC40NzEzIDEwLjczMTEgMTcuNDkzOCAxMC42ODAyIDE2LjQ2OTNaTTE4LjM4MDUgMTYuNDcxSDEyLjYxOTVDMTIuNjc1NSAxNy41MjQ2IDEyLjgyMDYgMTguNTA1NyAxMy4wMjczIDE5LjM3NkgxNy45NzI3QzE4LjE3OTQgMTguNTA1NyAxOC4zMjQ1IDE3LjUyNDYgMTguMzgwNSAxNi40NzFaTTIzLjE4OTkgMTYuNDcwMkwyMC4zMTk4IDE2LjQ2OTNDMjAuMjY4OSAxNy40OTM4IDIwLjEzODIgMTguNDcxMyAxOS45NDAzIDE5LjM3NjdMMjIuMjExOSAxOS4zNzcxQzIyLjcxODUgMTguNTAyIDIzLjA1ODkgMTcuNTE4NyAyMy4xODk5IDE2LjQ3MDJaTTExLjA1OTIgMTEuNjI1M0w4Ljc4Njk1IDExLjYyNDhDOC4yODA2NCAxMi40OTk5IDcuOTQwNTcgMTMuNDgzMyA3LjgwOTkgMTQuNTMxN0wxMC42ODAxIDE0LjUzMjZDMTAuNzMwOSAxMy41MDgyIDEwLjg2MTUgMTIuNTMwNiAxMS4wNTkyIDExLjYyNTNaTTE3Ljk3MzIgMTEuNjI2SDEzLjAyNjhDMTIuODIwMiAxMi40OTYzIDEyLjY3NTMgMTMuNDc3NCAxMi42MTk0IDE0LjUzMUgxOC4zODA2QzE4LjMyNDcgMTMuNDc3NCAxOC4xNzk4IDEyLjQ5NjMgMTcuOTczMiAxMS42MjZaTTIyLjIxMzEgMTEuNjI0OEwxOS45NDA4IDExLjYyNTNDMjAuMTM4NSAxMi41MzA2IDIwLjI2OTEgMTMuNTA4MiAyMC4zMTk5IDE0LjUzMjZMMjMuMTkwMSAxNC41MzE3QzIzLjA1OTQgMTMuNDgzMyAyMi43MTk0IDEyLjQ5OTkgMjIuMjEzMSAxMS42MjQ4Wk0xMi4xNDYgOC41MTA3NUwxMS45MDYyIDguNjMxODZDMTEuMzUyNiA4LjkyMjEyIDEwLjgzODQgOS4yNzczNCAxMC4zNzM4IDkuNjg3MzlMMTEuNjI0NCA5LjY4ODA0QzExLjc4MjIgOS4yNjc4IDExLjk1NjcgOC44NzQwNiAxMi4xNDYgOC41MTA3NVpNMTUuNSA3Ljc1QzE0Ljg2OTEgNy43NSAxNC4xOTk3IDguNDc2MjEgMTMuNjYyNiA5LjY4ODQ4SDE3LjMzNzRDMTYuODAwMyA4LjQ3NjIxIDE2LjEzMDkgNy43NSAxNS41IDcuNzVaTTE4Ljg1MzYgOC41MTExN0wxOC45MjUgOC42NDk5QzE5LjA4NzEgOC45NzM5NyAxOS4yMzc3IDkuMzIwODkgMTkuMzc1NiA5LjY4ODA0TDIwLjYyNjIgOS42ODczOUMyMC4wOTUgOS4yMTg2MSAxOS40OTkxIDguODIxNDkgMTguODUzNiA4LjUxMTE3WiIgZmlsbD0iIzgwNzIzNCIvPgo8L2c+CjxkZWZzPgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzk4XzcwMDAiPgo8cmVjdCB3aWR0aD0iMzEiIGhlaWdodD0iMzEiIHJ4PSIzIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx
new file mode 100644
index 0000000000000..dcf353a00727e
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx
@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React, { useCallback } from 'react';
+import {
+  EuiLink,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiIcon,
+  EuiLoadingSpinner,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+} from '@elastic/eui';
+// @ts-expect-error untyped library
+import { saveAs } from '@elastic/filesaver';
+import { SectionWrapper } from '../../../../../common/components/section_wrapper';
+import type { State } from '../../state';
+import { SuccessSection } from '../../../../../common/components/success_section';
+import { useDeployIntegration } from './use_deploy_integration';
+import * as i18n from './translations';
+
+interface DeployStepProps {
+  integrationSettings: State['integrationSettings'];
+  result: State['result'];
+  connector: State['connector'];
+}
+
+export const DeployStep = React.memo<DeployStepProps>(
+  ({ integrationSettings, result, connector }) => {
+    const { isLoading, error, integrationFile, integrationName } = useDeployIntegration({
+      integrationSettings,
+      result,
+      connector,
+    });
+
+    const onSaveZip = useCallback(() => {
+      saveAs(integrationFile, `${integrationName ?? 'custom_integration'}.zip`);
+    }, [integrationFile, integrationName]);
+
+    if (isLoading || error) {
+      return (
+        <SectionWrapper title={i18n.DEPLOYING}>
+          <EuiSpacer size="m" />
+          <EuiFlexGroup direction="row" justifyContent="center">
+            <EuiFlexItem grow={false}>
+              {isLoading && <EuiLoadingSpinner size="xl" />}
+              {error && (
+                <EuiText color="danger" size="s">
+                  {error}
+                </EuiText>
+              )}
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </SectionWrapper>
+      );
+    }
+    if (integrationName) {
+      return (
+        <SuccessSection integrationName={integrationName}>
+          <EuiSpacer size="m" />
+          <EuiPanel hasShadow={false} hasBorder paddingSize="l">
+            <EuiFlexGroup direction="row" alignItems="center">
+              <EuiFlexItem>
+                <EuiFlexGroup direction="row" alignItems="flexStart" justifyContent="flexStart">
+                  <EuiFlexItem grow={false} css={{ marginTop: '3px' }}>
+                    <EuiIcon type="download" color="primary" size="m" />
+                  </EuiFlexItem>
+                  <EuiFlexItem>
+                    <EuiFlexGroup direction="column" gutterSize="xs">
+                      <EuiFlexItem>
+                        <EuiText>
+                          <h4>{i18n.DOWNLOAD_ZIP_TITLE}</h4>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem>
+                        <EuiText color="subdued" size="s">
+                          {i18n.DOWNLOAD_ZIP_DESCRIPTION}
+                        </EuiText>
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlexItem>
+              <EuiFlexItem grow={false}>
+                <EuiLink onClick={onSaveZip}>{i18n.DOWNLOAD_ZIP_LINK}</EuiLink>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiPanel>
+        </SuccessSection>
+      );
+    }
+    return null;
+  }
+);
+DeployStep.displayName = 'DeployStep';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/index.ts
new file mode 100644
index 0000000000000..c6c2da0021e1c
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/index.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { DeployStep } from './deploy_step';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/translations.ts
new file mode 100644
index 0000000000000..4e63444f2e346
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/translations.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const DEPLOYING = i18n.translate('xpack.integrationAssistant.step.deploy.loadingTitle', {
+  defaultMessage: 'Deploying',
+});
+
+export const DOWNLOAD_ZIP_TITLE = i18n.translate(
+  'xpack.integrationAssistant.step.deploy.downloadZip.title',
+  {
+    defaultMessage: 'Download .zip package',
+  }
+);
+export const DOWNLOAD_ZIP_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.deploy.downloadZip.description',
+  {
+    defaultMessage: 'Download your integration package to reuse in other deployments. ',
+  }
+);
+
+export const DOWNLOAD_ZIP_LINK = i18n.translate(
+  'xpack.integrationAssistant.step.deploy.downloadZip.link',
+  {
+    defaultMessage: 'Download package',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts
new file mode 100644
index 0000000000000..f036562edc9d8
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts
@@ -0,0 +1,120 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useState, useEffect } from 'react';
+import { useKibana } from '../../../../../common/hooks/use_kibana';
+import type { BuildIntegrationRequestBody } from '../../../../../../common';
+import type { State } from '../../state';
+import { runBuildIntegration, runInstallPackage } from '../../../../../common/lib/api';
+import { defaultLogoEncoded } from '../default_logo';
+import { getIntegrationNameFromResponse } from '../../../../../common/lib/api_parsers';
+import { useTelemetry } from '../../../telemetry';
+
+interface PipelineGenerationProps {
+  integrationSettings: State['integrationSettings'];
+  result: State['result'];
+  connector: State['connector'];
+}
+
+export type ProgressItem = 'build' | 'install';
+
+export const useDeployIntegration = ({
+  integrationSettings,
+  result,
+  connector,
+}: PipelineGenerationProps) => {
+  const telemetry = useTelemetry();
+  const { http, notifications } = useKibana().services;
+  const [integrationFile, setIntegrationFile] = useState<Blob | null>(null);
+  const [integrationName, setIntegrationName] = useState<string>();
+  const [isLoading, setIsLoading] = useState<boolean>(false);
+  const [error, setError] = useState<null | string>(null);
+
+  useEffect(() => {
+    if (
+      http == null ||
+      connector == null ||
+      integrationSettings == null ||
+      notifications?.toasts == null ||
+      result?.pipeline == null
+    ) {
+      return;
+    }
+    const abortController = new AbortController();
+    const deps = { http, abortSignal: abortController.signal };
+
+    (async () => {
+      try {
+        const parameters: BuildIntegrationRequestBody = {
+          integration: {
+            title: integrationSettings.title ?? '',
+            description: integrationSettings.description ?? '',
+            name: integrationSettings.name ?? '',
+            logo: integrationSettings.logo ?? defaultLogoEncoded,
+            dataStreams: [
+              {
+                title: integrationSettings.dataStreamTitle ?? '',
+                description: integrationSettings.dataStreamDescription ?? '',
+                name: integrationSettings.dataStreamName ?? '',
+                inputTypes: integrationSettings.inputType ? [integrationSettings.inputType] : [],
+                rawSamples: integrationSettings.logsSampleParsed ?? [],
+                docs: result.docs ?? [],
+                pipeline: result.pipeline,
+              },
+            ],
+          },
+        };
+
+        setIsLoading(true);
+
+        const zippedIntegration = await runBuildIntegration(parameters, deps);
+        if (abortController.signal.aborted) return;
+        setIntegrationFile(zippedIntegration);
+
+        const installResult = await runInstallPackage(zippedIntegration, deps);
+        if (abortController.signal.aborted) return;
+
+        const integrationNameFromResponse = getIntegrationNameFromResponse(installResult);
+        if (integrationNameFromResponse) {
+          setIntegrationName(integrationNameFromResponse);
+          telemetry.reportAssistantComplete({
+            integrationName: integrationNameFromResponse,
+            integrationSettings,
+            connector,
+          });
+        } else {
+          throw new Error('Integration name not found in response');
+        }
+      } catch (e) {
+        if (abortController.signal.aborted) return;
+        setError(`Error: ${e.body?.message ?? e.message}`);
+      } finally {
+        setIsLoading(false);
+      }
+    })();
+
+    return () => {
+      abortController.abort();
+    };
+  }, [
+    setIntegrationFile,
+    http,
+    integrationSettings,
+    connector,
+    notifications?.toasts,
+    result?.docs,
+    result?.pipeline,
+    telemetry,
+  ]);
+
+  return {
+    isLoading,
+    integrationFile,
+    integrationName,
+    error,
+  };
+};
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/index.ts
new file mode 100644
index 0000000000000..6596685ecae07
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { IntegrationStep } from './integration_step';
+export * from './is_step_ready';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/integration_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/integration_step.tsx
new file mode 100644
index 0000000000000..b7fa1902821c0
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/integration_step.tsx
@@ -0,0 +1,146 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import {
+  EuiFieldText,
+  EuiFilePicker,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiForm,
+  EuiFormRow,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+  EuiTextArea,
+  useEuiBackgroundColor,
+  useEuiTheme,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import type { IntegrationSettings } from '../../types';
+import { StepContentWrapper } from '../step_content_wrapper';
+import { PackageCardPreview } from './package_card_preview';
+import { useActions } from '../../state';
+import * as i18n from './translations';
+
+const MaxLogoSize = 1048576; // One megabyte
+
+const useLayoutStyles = () => {
+  const { euiTheme } = useEuiTheme();
+  const subduedBgCss = useEuiBackgroundColor('subdued');
+  return {
+    left: css`
+      padding: ${euiTheme.size.l};
+    }
+  `,
+    right: css`
+      padding: ${euiTheme.size.l};
+      background: ${subduedBgCss};
+      width: 45%;
+    `,
+  };
+};
+
+interface IntegrationStepProps {
+  integrationSettings: IntegrationSettings | undefined;
+}
+
+export const IntegrationStep = React.memo<IntegrationStepProps>(({ integrationSettings }) => {
+  const styles = useLayoutStyles();
+  const { setIntegrationSettings } = useActions();
+  const [logoError, setLogoError] = React.useState<string>();
+
+  const setIntegrationValues = useCallback(
+    (settings: Partial<IntegrationSettings>) =>
+      setIntegrationSettings({ ...integrationSettings, ...settings }),
+    [integrationSettings, setIntegrationSettings]
+  );
+
+  const onChange = useMemo(() => {
+    return {
+      title: (e: React.ChangeEvent<HTMLInputElement>) =>
+        setIntegrationValues({ title: e.target.value }),
+      description: (e: React.ChangeEvent<HTMLTextAreaElement>) =>
+        setIntegrationValues({ description: e.target.value }),
+      logo: (files: FileList | null) => {
+        setLogoError(undefined);
+        const logoFile = files?.[0];
+        if (!logoFile) {
+          setIntegrationValues({ logo: undefined });
+          return;
+        }
+        if (logoFile.size > MaxLogoSize) {
+          setLogoError(`${logoFile.name} is too large, maximum size is 1Mb.`);
+          return;
+        }
+        logoFile
+          .arrayBuffer()
+          .then((fileBuffer) => {
+            const encodedLogo = window.btoa(String.fromCharCode(...new Uint8Array(fileBuffer)));
+            setIntegrationValues({ logo: encodedLogo });
+          })
+          .catch((e) => {
+            setLogoError(i18n.LOGO_ERROR);
+          });
+      },
+    };
+  }, [setIntegrationValues]);
+
+  return (
+    <StepContentWrapper title={i18n.TITLE} subtitle={i18n.DESCRIPTION}>
+      <EuiPanel paddingSize="none" hasShadow={false} hasBorder>
+        <EuiFlexGroup direction="row" gutterSize="none">
+          <EuiFlexItem css={styles.left}>
+            <EuiForm component="form" fullWidth>
+              <EuiFormRow label={i18n.TITLE_LABEL}>
+                <EuiFieldText
+                  name="title"
+                  value={integrationSettings?.title ?? ''}
+                  onChange={onChange.title}
+                />
+              </EuiFormRow>
+              <EuiFormRow label={i18n.DESCRIPTION_LABEL}>
+                <EuiTextArea
+                  name="description"
+                  value={integrationSettings?.description ?? ''}
+                  onChange={onChange.description}
+                />
+              </EuiFormRow>
+              <EuiFormRow label={i18n.LOGO_LABEL}>
+                <>
+                  <EuiFilePicker
+                    id="logsSampleFilePicker"
+                    initialPromptText={i18n.LOGO_DESCRIPTION}
+                    onChange={onChange.logo}
+                    display="large"
+                    aria-label="Upload an svg logo image"
+                    accept="image/svg+xml"
+                    isInvalid={logoError != null}
+                  />
+                  <EuiSpacer size="xs" />
+                  {logoError && (
+                    <EuiText color="danger" size="xs">
+                      {logoError}
+                    </EuiText>
+                  )}
+                </>
+              </EuiFormRow>
+            </EuiForm>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false} css={styles.right}>
+            <EuiFlexGroup direction="column" gutterSize="none">
+              <EuiFlexItem grow={false}>
+                <PackageCardPreview integrationSettings={integrationSettings} />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiPanel>
+    </StepContentWrapper>
+  );
+});
+IntegrationStep.displayName = 'IntegrationStep';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/is_step_ready.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/is_step_ready.ts
new file mode 100644
index 0000000000000..80ef605c981b0
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/is_step_ready.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { State } from '../../state';
+
+export const isIntegrationStepReady = ({ integrationSettings }: State) =>
+  Boolean(integrationSettings?.title && integrationSettings?.description);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/package_card_preview.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/package_card_preview.tsx
new file mode 100644
index 0000000000000..b73a796f4cb1b
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/package_card_preview.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { useEuiTheme, EuiCard, EuiIcon } from '@elastic/eui';
+import { css } from '@emotion/react';
+import { defaultLogoEncoded } from '../default_logo';
+import type { IntegrationSettings } from '../../types';
+import * as i18n from './translations';
+
+const useCardCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return css`
+    margin-top: calc(
+      ${euiTheme.size.m} + 7px
+    ); // To align with title input that has a margin-top of 4px to the label
+
+    min-height: 127px;
+
+    [class*='euiCard__content'] {
+      display: flex;
+      flex-direction: column;
+      block-size: 100%;
+    }
+
+    [class*='euiCard__description'] {
+      flex-grow: 1;
+    }
+  `;
+};
+
+interface PackageCardPreviewProps {
+  integrationSettings: IntegrationSettings | undefined;
+}
+
+export const PackageCardPreview = React.memo<PackageCardPreviewProps>(({ integrationSettings }) => {
+  const cardCss = useCardCss();
+  return (
+    <EuiCard
+      css={cardCss}
+      data-test-subj="package-card-preview"
+      layout="horizontal"
+      title={integrationSettings?.title ?? ''}
+      description={integrationSettings?.description ?? ''}
+      titleSize="xs"
+      hasBorder
+      icon={
+        <EuiIcon
+          size={'xl'}
+          type={`data:image/svg+xml;base64,${integrationSettings?.logo ?? defaultLogoEncoded}`}
+        />
+      }
+      betaBadgeProps={{
+        label: i18n.PREVIEW,
+        tooltipContent: i18n.PREVIEW_TOOLTIP,
+      }}
+    />
+  );
+});
+PackageCardPreview.displayName = 'PackageCardPreview';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/translations.ts
new file mode 100644
index 0000000000000..4de004950eb6f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/integration_step/translations.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const TITLE = i18n.translate('xpack.integrationAssistant.step.integration.title', {
+  defaultMessage: 'Integration details',
+});
+export const DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.integration.description',
+  {
+    defaultMessage: 'Name your integration, give it a description, and (optional) add a logo',
+  }
+);
+
+export const TITLE_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.integration.integrationTitle',
+  {
+    defaultMessage: 'Title',
+  }
+);
+export const DESCRIPTION_LABEL = i18n.translate(
+  'xpack.integrationAssistant.step.integration.integrationDescription',
+  {
+    defaultMessage: 'Description',
+  }
+);
+export const LOGO_LABEL = i18n.translate('xpack.integrationAssistant.step.integration.logo.label', {
+  defaultMessage: 'Logo (optional)',
+});
+
+export const LOGO_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.step.integration.logo.description',
+  {
+    defaultMessage: 'Drag and drop a .svg file or Browse files',
+  }
+);
+
+export const PREVIEW = i18n.translate('xpack.integrationAssistant.step.integration.preview', {
+  defaultMessage: 'Preview',
+});
+
+export const PREVIEW_TOOLTIP = i18n.translate(
+  'xpack.integrationAssistant.step.integration.previewTooltip',
+  {
+    defaultMessage: 'This is a preview of the integration card for the integrations catalog',
+  }
+);
+
+export const LOGO_ERROR = i18n.translate('xpack.integrationAssistant.step.integration.logo.error', {
+  defaultMessage: 'Error processing logo file',
+});
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/fields_table.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/fields_table.tsx
new file mode 100644
index 0000000000000..5f0ad8a4ef5e5
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/fields_table.tsx
@@ -0,0 +1,125 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+import { EcsFlat } from '@elastic/ecs';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiIcon,
+  EuiInMemoryTable,
+  EuiToken,
+  EuiToolTip,
+  type EuiBasicTableColumn,
+  type EuiSearchBarProps,
+} from '@elastic/eui';
+
+interface FieldObject {
+  type: string;
+  name: string;
+  value: string;
+}
+
+export const getIconFromType = (type: string | null | undefined) => {
+  switch (type) {
+    case 'string':
+      return 'tokenString';
+    case 'keyword':
+      return 'tokenKeyword';
+    case 'number':
+    case 'long':
+      return 'tokenNumber';
+    case 'date':
+      return 'tokenDate';
+    case 'ip':
+    case 'geo_point':
+      return 'tokenGeo';
+    case 'object':
+      return 'tokenQuestionInCircle';
+    case 'float':
+      return 'tokenNumber';
+    default:
+      return 'tokenQuestionInCircle';
+  }
+};
+
+const tooltipAnchorProps = { css: { display: 'flex' } };
+const columns: Array<EuiBasicTableColumn<FieldObject>> = [
+  {
+    field: 'name',
+    name: 'Name',
+    sortable: true,
+    render: (name: string, { type }) => {
+      return (
+        <EuiFlexGroup alignItems="center" gutterSize="s">
+          <EuiFlexItem grow={false}>
+            {type ? (
+              <EuiToolTip content={type} anchorProps={tooltipAnchorProps}>
+                <EuiToken
+                  data-test-subj={`field-${name}-icon`}
+                  iconType={getIconFromType(type ?? null)}
+                />
+              </EuiToolTip>
+            ) : (
+              <EuiIcon type="questionInCircle" />
+            )}
+          </EuiFlexItem>
+
+          <EuiFlexItem grow={false}>{name}</EuiFlexItem>
+        </EuiFlexGroup>
+      );
+    },
+  },
+  {
+    field: 'value',
+    name: 'Value',
+    sortable: true,
+  },
+];
+
+const search: EuiSearchBarProps = {
+  box: {
+    incremental: true,
+    schema: true,
+  },
+};
+
+const flattenDocument = (document?: object): FieldObject[] => {
+  if (!document) {
+    return [];
+  }
+  const fields: FieldObject[] = [];
+  const flatten = (object: object, prefix = '') => {
+    Object.entries(object).forEach(([key, value]) => {
+      const name = `${prefix}${key}` as keyof typeof EcsFlat;
+      if (!Array.isArray(value) && typeof value === 'object' && value !== null) {
+        flatten(value, `${name}.`);
+      } else {
+        fields.push({ name, value, type: EcsFlat[name]?.type });
+      }
+    });
+  };
+  flatten(document);
+  return fields;
+};
+
+interface FieldsTableProps {
+  documents?: object[];
+}
+export const FieldsTable = React.memo<FieldsTableProps>(({ documents = [] }) => {
+  const fields = useMemo(() => flattenDocument(documents[0]), [documents]);
+  return (
+    <EuiInMemoryTable
+      items={fields}
+      columns={columns}
+      search={search}
+      pagination={true}
+      sorting={true}
+    />
+  );
+});
+FieldsTable.displayName = 'FieldsTable';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/index.ts
new file mode 100644
index 0000000000000..a79476819eacd
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { ReviewStep } from './review_step';
+export * from './is_step_ready';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/is_step_ready.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/is_step_ready.ts
new file mode 100644
index 0000000000000..b03215c5e8255
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/is_step_ready.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { State } from '../../state';
+
+export const isReviewStepReady = ({ isGenerating, result }: State) =>
+  isGenerating === false && result != null;
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx
new file mode 100644
index 0000000000000..ab958eb4a7a53
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx
@@ -0,0 +1,145 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import {
+  EuiButton,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFlyout,
+  EuiFlyoutBody,
+  EuiFlyoutFooter,
+  EuiFlyoutHeader,
+  EuiLoadingSpinner,
+  EuiPanel,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import { CodeEditor } from '@kbn/code-editor';
+import { XJsonLang } from '@kbn/monaco';
+import React, { useCallback, useState } from 'react';
+import type { Pipeline } from '../../../../../../common';
+import type { State } from '../../state';
+import { FieldsTable } from './fields_table';
+import { StepContentWrapper } from '../step_content_wrapper';
+import { useCheckPipeline } from './use_check_pipeline';
+import * as i18n from './translations';
+
+const flyoutBodyCss = css`
+  height: 100%;
+  .euiFlyoutBody__overflowContent {
+    height: 100%;
+    padding: 0;
+  }
+`;
+
+interface ReviewStepProps {
+  integrationSettings: State['integrationSettings'];
+  result: State['result'];
+  isGenerating: State['isGenerating'];
+}
+export const ReviewStep = React.memo<ReviewStepProps>(
+  ({ integrationSettings, isGenerating, result }) => {
+    const [customPipeline, setCustomPipeline] = useState<Pipeline>();
+    const { error: checkPipelineError } = useCheckPipeline({
+      customPipeline,
+      integrationSettings,
+    });
+
+    const [isPipelineEditionVisible, setIsPipelineEditionVisible] = useState(false);
+    const [updatedPipeline, setUpdatedPipeline] = useState<string>();
+
+    const changeCustomPipeline = useCallback((value: string) => {
+      setUpdatedPipeline(value);
+    }, []);
+
+    const saveCustomPipeline = useCallback(() => {
+      if (updatedPipeline) {
+        try {
+          const pipeline = JSON.parse(updatedPipeline);
+          setCustomPipeline(pipeline);
+        } catch (_) {
+          return; // Syntax errors are already displayed in the code editor
+        }
+      }
+      setIsPipelineEditionVisible(false);
+    }, [updatedPipeline]);
+
+    return (
+      <StepContentWrapper
+        title={i18n.TITLE}
+        subtitle={i18n.DESCRIPTION}
+        right={
+          <EuiButton onClick={() => setIsPipelineEditionVisible(true)}>
+            {i18n.EDIT_PIPELINE_BUTTON}
+          </EuiButton>
+        }
+      >
+        <EuiPanel hasShadow={false} hasBorder>
+          {isGenerating ? (
+            <EuiLoadingSpinner size="l" />
+          ) : (
+            <>
+              {checkPipelineError && (
+                <EuiText color="danger" size="s">
+                  {checkPipelineError}
+                </EuiText>
+              )}
+              <FieldsTable documents={result?.docs} />
+            </>
+          )}
+          {isPipelineEditionVisible && (
+            <EuiFlyout onClose={() => setIsPipelineEditionVisible(false)}>
+              <EuiFlyoutHeader hasBorder>
+                <EuiTitle size="s">
+                  <h2>{i18n.INGEST_PIPELINE_TITLE}</h2>
+                </EuiTitle>
+              </EuiFlyoutHeader>
+              <EuiFlyoutBody css={flyoutBodyCss}>
+                <EuiFlexGroup
+                  direction="column"
+                  gutterSize="s"
+                  wrap={false}
+                  responsive={false}
+                  css={{ height: '100%' }}
+                >
+                  <EuiFlexItem grow={true} data-test-subj="inspectorRequestCodeViewerContainer">
+                    <CodeEditor
+                      languageId={XJsonLang.ID}
+                      value={JSON.stringify(result?.pipeline, null, 2)}
+                      onChange={changeCustomPipeline}
+                      width="100%"
+                      height="100%"
+                      options={{
+                        fontSize: 12,
+                        minimap: { enabled: true },
+                        folding: true,
+                        scrollBeyondLastLine: false,
+                        wordWrap: 'on',
+                        wrappingIndent: 'indent',
+                        automaticLayout: true,
+                      }}
+                    />
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlyoutBody>
+              <EuiFlyoutFooter>
+                <EuiFlexGroup direction="row" gutterSize="none" justifyContent="flexEnd">
+                  <EuiFlexItem grow={false}>
+                    <EuiButton fill onClick={saveCustomPipeline}>
+                      {i18n.SAVE_BUTTON}
+                    </EuiButton>
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlyoutFooter>
+            </EuiFlyout>
+          )}
+        </EuiPanel>
+      </StepContentWrapper>
+    );
+  }
+);
+ReviewStep.displayName = 'ReviewStep';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/translations.ts
new file mode 100644
index 0000000000000..dc8af8dc8bd3a
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/translations.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const TITLE = i18n.translate('xpack.integrationAssistant.step.review.title', {
+  defaultMessage: 'Review results',
+});
+export const DESCRIPTION = i18n.translate('xpack.integrationAssistant.step.review.description', {
+  defaultMessage:
+    'Review all the fields and their values in your integration. Make any necessary adjustments to ensure accuracy.',
+});
+
+export const EDIT_PIPELINE_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.step.review.editPipeline',
+  {
+    defaultMessage: 'Edit pipeline',
+  }
+);
+export const INGEST_PIPELINE_TITLE = i18n.translate(
+  'xpack.integrationAssistant.step.review.ingestPipelineTitle',
+  {
+    defaultMessage: 'Ingest pipeline',
+  }
+);
+
+export const SAVE_BUTTON = i18n.translate('xpack.integrationAssistant.step.review.save', {
+  defaultMessage: 'Save',
+});
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts
new file mode 100644
index 0000000000000..83975d97b8085
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts
@@ -0,0 +1,76 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { isEmpty } from 'lodash/fp';
+import { useState, useEffect } from 'react';
+import type { CheckPipelineRequestBody, Pipeline } from '../../../../../../common';
+import { useActions, type State } from '../../state';
+import { runCheckPipelineResults } from '../../../../../common/lib/api';
+
+interface CheckPipelineProps {
+  integrationSettings: State['integrationSettings'];
+  customPipeline: Pipeline | undefined;
+}
+
+export const useCheckPipeline = ({ integrationSettings, customPipeline }: CheckPipelineProps) => {
+  const { http, notifications } = useKibana().services;
+  const { setIsGenerating, setResult } = useActions();
+  const [error, setError] = useState<null | string>(null);
+
+  useEffect(() => {
+    if (
+      customPipeline == null ||
+      http == null ||
+      integrationSettings == null ||
+      notifications?.toasts == null
+    ) {
+      return;
+    }
+    const abortController = new AbortController();
+    const deps = { http, abortSignal: abortController.signal };
+
+    (async () => {
+      try {
+        const parameters: CheckPipelineRequestBody = {
+          pipeline: customPipeline,
+          rawSamples: integrationSettings.logsSampleParsed ?? [],
+        };
+        setIsGenerating(true);
+
+        const ecsGraphResult = await runCheckPipelineResults(parameters, deps);
+        if (abortController.signal.aborted) return;
+        if (isEmpty(ecsGraphResult?.results.docs)) {
+          setError('No results for the pipeline');
+          return;
+        }
+        setResult({
+          pipeline: customPipeline,
+          docs: ecsGraphResult.results.docs,
+        });
+      } catch (e) {
+        if (abortController.signal.aborted) return;
+        setError(`Error: ${e.body.message ?? e.message}`);
+      } finally {
+        setIsGenerating(false);
+      }
+    })();
+
+    return () => {
+      abortController.abort();
+    };
+  }, [
+    setIsGenerating,
+    http,
+    integrationSettings,
+    notifications?.toasts,
+    setResult,
+    customPipeline,
+  ]);
+
+  return { error };
+};
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/step_content_wrapper.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/step_content_wrapper.tsx
new file mode 100644
index 0000000000000..72b224f8fa087
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/step_content_wrapper.tsx
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type PropsWithChildren } from 'react';
+import { EuiSpacer, EuiFlexGroup, EuiFlexItem, EuiText, EuiTitle } from '@elastic/eui';
+import { css } from '@emotion/react';
+
+const contentCss = css`
+  width: 100%;
+  max-width: 730px;
+`;
+
+export type StepContentWrapperProps = PropsWithChildren<{
+  title: React.ReactNode;
+  subtitle: React.ReactNode;
+  right?: React.ReactNode;
+}>;
+
+export const StepContentWrapper = React.memo<StepContentWrapperProps>(
+  ({ children, title, subtitle, right }) => (
+    <>
+      <EuiFlexGroup direction="column" alignItems="center">
+        <EuiFlexItem css={contentCss}>
+          <EuiFlexGroup direction="row" justifyContent="spaceBetween" alignItems="flexEnd">
+            <EuiFlexItem>
+              <EuiFlexGroup
+                direction="column"
+                alignItems="flexStart"
+                justifyContent="flexStart"
+                gutterSize="xs"
+              >
+                <EuiFlexItem>
+                  <EuiTitle size="xs">
+                    <h1>{title}</h1>
+                  </EuiTitle>
+                </EuiFlexItem>
+                <EuiFlexItem>
+                  <EuiText size="s" color="subdued">
+                    {subtitle}
+                  </EuiText>
+                </EuiFlexItem>
+              </EuiFlexGroup>
+            </EuiFlexItem>
+            {right && <EuiFlexItem grow={false}>{right}</EuiFlexItem>}
+          </EuiFlexGroup>
+          <EuiSpacer size="m" />
+          {children}
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  )
+);
+StepContentWrapper.displayName = 'StepContentWrapper';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts
new file mode 100644
index 0000000000000..9e0100f2e95d5
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
+import type { ActionConnector } from '@kbn/triggers-actions-ui-plugin/public';
+import type { UserConfiguredActionConnector } from '@kbn/triggers-actions-ui-plugin/public/types';
+import type { InputType } from '../../../../common';
+
+interface GenAiConfig {
+  apiUrl?: string;
+  defaultModel?: string;
+}
+
+export type AIConnector = ActionConnector<GenAiConfig> & {
+  // related to OpenAI connectors, ex: Azure OpenAI, OpenAI
+  apiProvider?: OpenAiProviderType;
+};
+export type ConfiguredAIConnectorType = UserConfiguredActionConnector<
+  GenAiConfig,
+  Record<string, unknown>
+>;
+
+export interface IntegrationSettings {
+  title?: string;
+  description?: string;
+  logo?: string;
+  name?: string;
+  dataStreamTitle?: string;
+  dataStreamDescription?: string;
+  dataStreamName?: string;
+  inputType?: InputType;
+  logsSampleParsed?: string[];
+}
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx
new file mode 100644
index 0000000000000..b1e29dc25db93
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx
@@ -0,0 +1,159 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiButton,
+  EuiCard,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiIcon,
+  EuiLink,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+  useEuiTheme,
+} from '@elastic/eui';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import { AssistantAvatar } from '@kbn/elastic-assistant';
+import { css } from '@emotion/react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { useAuthorization } from '../../../common/hooks/use_authorization';
+import {
+  AuthorizationWrapper,
+  MissingPrivilegesTooltip,
+} from '../../../common/components/authorization';
+import { IntegrationImageHeader } from '../../../common/components/integration_image_header';
+import { ButtonsFooter } from '../../../common/components/buttons_footer';
+import { SectionWrapper } from '../../../common/components/section_wrapper';
+import { useNavigate, Page } from '../../../common/hooks/use_navigate';
+import * as i18n from './translations';
+
+const useAssistantCardCss = () => {
+  const { euiTheme } = useEuiTheme();
+  return css`
+    /* compensate for EuiCard children margin-block-start */
+    margin-block-start: calc(${euiTheme.size.s} * -2);
+  `;
+};
+
+const IntegrationAssistantCard = React.memo(() => {
+  const { canExecuteConnectors } = useAuthorization();
+  const navigate = useNavigate();
+  const assistantCardCss = useAssistantCardCss();
+  return (
+    <EuiCard
+      display="plain"
+      hasBorder={true}
+      paddingSize="l"
+      title={''} // title shown inside the child component
+      betaBadgeProps={{
+        label: i18n.TECH_PREVIEW,
+        tooltipContent: i18n.TECH_PREVIEW_TOOLTIP,
+      }}
+    >
+      <EuiFlexGroup
+        direction="row"
+        gutterSize="l"
+        alignItems="center"
+        justifyContent="center"
+        css={assistantCardCss}
+      >
+        <EuiFlexItem grow={false}>
+          <AssistantAvatar />
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiFlexGroup
+            direction="column"
+            gutterSize="s"
+            alignItems="flexStart"
+            justifyContent="flexStart"
+          >
+            <EuiFlexItem>
+              <EuiTitle size="xs">
+                <h3>{i18n.ASSISTANT_TITLE}</h3>
+              </EuiTitle>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiText size="s" color="subdued" textAlign="left">
+                {i18n.ASSISTANT_DESCRIPTION}
+              </EuiText>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          {canExecuteConnectors ? (
+            <EuiButton onClick={() => navigate(Page.assistant)}>{i18n.ASSISTANT_BUTTON}</EuiButton>
+          ) : (
+            <MissingPrivilegesTooltip canExecuteConnectors>
+              <EuiButton disabled>{i18n.ASSISTANT_BUTTON}</EuiButton>
+            </MissingPrivilegesTooltip>
+          )}
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiCard>
+  );
+});
+IntegrationAssistantCard.displayName = 'IntegrationAssistantCard';
+
+export const CreateIntegrationLanding = React.memo(() => {
+  const navigate = useNavigate();
+  return (
+    <KibanaPageTemplate>
+      <IntegrationImageHeader />
+      <KibanaPageTemplate.Section grow>
+        <SectionWrapper title={i18n.LANDING_TITLE} subtitle={i18n.LANDING_DESCRIPTION}>
+          <AuthorizationWrapper canCreateIntegrations>
+            <EuiFlexGroup
+              direction="column"
+              gutterSize="l"
+              alignItems="center"
+              justifyContent="flexStart"
+            >
+              <EuiFlexItem>
+                <EuiSpacer size="l" />
+                <IntegrationAssistantCard />
+              </EuiFlexItem>
+              <EuiFlexItem>
+                <EuiFlexGroup
+                  direction="row"
+                  gutterSize="s"
+                  alignItems="center"
+                  justifyContent="flexStart"
+                >
+                  <EuiFlexItem grow={false}>
+                    <EuiIcon type="package" size="l" />
+                  </EuiFlexItem>
+                  <EuiFlexItem>
+                    <EuiText size="s" color="subdued">
+                      <FormattedMessage
+                        id="xpack.integrationAssistant.createIntegrationLanding.uploadPackageDescription"
+                        defaultMessage="If you have an existing integration package, {link}"
+                        values={{
+                          link: (
+                            <EuiLink onClick={() => navigate(Page.upload)}>
+                              <FormattedMessage
+                                id="xpack.integrationAssistant.createIntegrationLanding.uploadPackageLink"
+                                defaultMessage="upload it as a .zip"
+                              />
+                            </EuiLink>
+                          ),
+                        }}
+                      />
+                    </EuiText>
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </AuthorizationWrapper>
+        </SectionWrapper>
+      </KibanaPageTemplate.Section>
+      <ButtonsFooter />
+    </KibanaPageTemplate>
+  );
+});
+CreateIntegrationLanding.displayName = 'CreateIntegrationLanding';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/index.ts
new file mode 100644
index 0000000000000..39e557e37c04b
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { CreateIntegrationLanding } from './create_integration_landing';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/translations.ts
new file mode 100644
index 0000000000000..cdda572d4dff4
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/translations.ts
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const LANDING_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.title',
+  {
+    defaultMessage: 'Create new integration',
+  }
+);
+
+export const LANDING_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.description',
+  {
+    defaultMessage:
+      'Start an AI-driven process to build your integration step-by-step, or upload a .zip package of a previously created integration',
+  }
+);
+
+export const PACKAGE_UPLOAD_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.packageUpload.title',
+  {
+    defaultMessage: 'Package upload',
+  }
+);
+
+export const PACKAGE_UPLOAD_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.packageUpload.description',
+  {
+    defaultMessage: 'Use this option if you have an existing integration package in a .zip file',
+  }
+);
+
+export const PACKAGE_UPLOAD_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.packageUpload.button',
+  {
+    defaultMessage: 'Upload .zip',
+  }
+);
+
+export const ASSISTANT_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.assistant.title',
+  {
+    defaultMessage: 'Create custom integration',
+  }
+);
+
+export const ASSISTANT_DESCRIPTION = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.assistant.description',
+  {
+    defaultMessage: 'Use our AI-driven process to build your custom integration',
+  }
+);
+
+export const ASSISTANT_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.assistant.button',
+  {
+    defaultMessage: 'Create Integration',
+  }
+);
+
+export const TECH_PREVIEW = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.assistant.techPreviewBadge',
+  {
+    defaultMessage: 'Technical preview',
+  }
+);
+
+export const TECH_PREVIEW_TOOLTIP = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationLanding.assistant.techPreviewTooltip',
+  {
+    defaultMessage:
+      'This functionality is in technical preview and is subject to change. Please use with caution in production environments.',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx
new file mode 100644
index 0000000000000..e2a4b381eab18
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx
@@ -0,0 +1,126 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useState } from 'react';
+import { EuiFlexGroup, EuiFlexItem, EuiFilePicker, EuiSpacer, EuiText } from '@elastic/eui';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { SuccessSection } from '../../../common/components/success_section';
+import { SectionWrapper } from '../../../common/components/section_wrapper';
+import { ButtonsFooter } from '../../../common/components/buttons_footer';
+import { IntegrationImageHeader } from '../../../common/components/integration_image_header';
+import { runInstallPackage, type RequestDeps } from '../../../common/lib/api';
+import { getIntegrationNameFromResponse } from '../../../common/lib/api_parsers';
+import { useNavigate, Page } from '../../../common/hooks/use_navigate';
+import { useTelemetry } from '../telemetry';
+import { DocsLinkSubtitle } from './docs_link_subtitle';
+import * as i18n from './translations';
+
+export const CreateIntegrationUpload = React.memo(() => {
+  const telemetry = useTelemetry();
+  const navigate = useNavigate();
+  const { http } = useKibana().services;
+  const [file, setFile] = useState<Blob>();
+  const [isLoading, setIsLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>();
+  const [integrationName, setIntegrationName] = useState<string>();
+
+  const onBack = useCallback(() => {
+    navigate(Page.landing);
+  }, [navigate]);
+
+  const onChangeFile = useCallback((files: FileList | null) => {
+    setFile(files?.[0]);
+    setError(undefined);
+  }, []);
+
+  const onConfirm = useCallback(() => {
+    if (http == null || file == null) {
+      return;
+    }
+    setIsLoading(true);
+    const abortController = new AbortController();
+    (async () => {
+      try {
+        const deps: RequestDeps = { http, abortSignal: abortController.signal };
+        const response = await runInstallPackage(file, deps);
+
+        const integrationNameFromResponse = getIntegrationNameFromResponse(response);
+        if (integrationNameFromResponse) {
+          telemetry.reportUploadZipIntegrationComplete({
+            integrationName: integrationNameFromResponse,
+          });
+          setIntegrationName(integrationNameFromResponse);
+        } else {
+          throw new Error('Integration name not found in response');
+        }
+      } catch (e) {
+        if (!abortController.signal.aborted) {
+          const errorMessage = e.body?.message ?? e.message;
+          telemetry.reportUploadZipIntegrationComplete({ error: errorMessage });
+          setError(`${i18n.UPLOAD_ERROR}: ${errorMessage}`);
+        }
+      } finally {
+        setIsLoading(false);
+      }
+    })();
+  }, [file, http, telemetry, setIntegrationName, setError]);
+
+  return (
+    <KibanaPageTemplate>
+      <IntegrationImageHeader />
+      {integrationName ? (
+        <>
+          <KibanaPageTemplate.Section grow>
+            <SuccessSection integrationName={integrationName} />
+          </KibanaPageTemplate.Section>
+          <ButtonsFooter cancelButtonText={i18n.CLOSE_BUTTON} />
+        </>
+      ) : (
+        <>
+          <KibanaPageTemplate.Section grow>
+            <SectionWrapper title={i18n.UPLOAD_TITLE} subtitle={<DocsLinkSubtitle />}>
+              <EuiFlexGroup
+                direction="row"
+                alignItems="center"
+                justifyContent="center"
+                gutterSize="xl"
+              >
+                <EuiFlexItem>
+                  <EuiFilePicker
+                    id="logsSampleFilePicker"
+                    initialPromptText={i18n.UPLOAD_INPUT_TEXT}
+                    onChange={onChangeFile}
+                    display="large"
+                    aria-label="Upload .zip file"
+                    accept="application/zip"
+                    isLoading={isLoading}
+                    fullWidth
+                    isInvalid={error != null}
+                  />
+                  <EuiSpacer size="xs" />
+                  {error && (
+                    <EuiText color="danger" size="xs">
+                      {error}
+                    </EuiText>
+                  )}
+                </EuiFlexItem>
+              </EuiFlexGroup>
+            </SectionWrapper>
+          </KibanaPageTemplate.Section>
+          <ButtonsFooter
+            isNextDisabled={file == null}
+            nextButtonText={i18n.INSTALL_BUTTON}
+            onBack={onBack}
+            onNext={onConfirm}
+          />
+        </>
+      )}
+    </KibanaPageTemplate>
+  );
+});
+CreateIntegrationUpload.displayName = 'CreateIntegrationUpload';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/docs_link_subtitle.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/docs_link_subtitle.tsx
new file mode 100644
index 0000000000000..144ab01a0d0ca
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/docs_link_subtitle.tsx
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { EuiText, EuiLink } from '@elastic/eui';
+
+export const DocsLinkSubtitle = React.memo(() => {
+  const { docLinks } = useKibana().services;
+  return (
+    <EuiText size="s" color="subdued">
+      <FormattedMessage
+        id="xpack.integrationAssistant.createIntegrationUpload.uploadHelpText"
+        defaultMessage="For more information, refer to {link}"
+        values={{
+          link: (
+            <EuiLink href={docLinks?.links.integrationDeveloper.upload} target="_blank">
+              <FormattedMessage
+                id="xpack.integrationAssistant.createIntegrationUpload.documentation"
+                defaultMessage="Upload an Integration"
+              />
+            </EuiLink>
+          ),
+        }}
+      />
+    </EuiText>
+  );
+});
+DocsLinkSubtitle.displayName = 'DocsLinkSubtitle';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/index.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/index.ts
new file mode 100644
index 0000000000000..f0754adfd57e6
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { CreateIntegrationUpload } from './create_integration_upload';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/translations.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/translations.ts
new file mode 100644
index 0000000000000..8f6128834cbe7
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/translations.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const UPLOAD_TITLE = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationUpload.title',
+  {
+    defaultMessage: 'Upload integration package',
+  }
+);
+
+export const UPLOAD_INPUT_TEXT = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationUpload.inputText',
+  {
+    defaultMessage: 'Drag and drop a .zip file or Browse files',
+  }
+);
+
+export const INSTALL_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationUpload.install',
+  {
+    defaultMessage: 'Add to Elastic',
+  }
+);
+
+export const CLOSE_BUTTON = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationUpload.close',
+  {
+    defaultMessage: 'Close',
+  }
+);
+
+export const UPLOAD_ERROR = i18n.translate(
+  'xpack.integrationAssistant.createIntegrationUpload.error',
+  {
+    defaultMessage: 'Error installing package',
+  }
+);
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx
new file mode 100644
index 0000000000000..84e5bd8eaa067
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLoadingSpinner } from '@elastic/eui';
+import React, { Suspense } from 'react';
+import type { Services } from '../../services';
+import type { CreateIntegrationComponent } from './types';
+
+const CreateIntegration = React.lazy(() =>
+  import('./create_integration').then((module) => ({
+    default: module.CreateIntegration,
+  }))
+);
+
+export const getCreateIntegrationLazy = (services: Services): CreateIntegrationComponent =>
+  React.memo(function CreateIntegrationLazy() {
+    return (
+      <Suspense fallback={<EuiLoadingSpinner size="l" />}>
+        <CreateIntegration services={services} />
+      </Suspense>
+    );
+  });
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx
new file mode 100644
index 0000000000000..fd62e54b20c83
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React, { useCallback, useMemo, useRef, type PropsWithChildren } from 'react';
+import { v4 as uuidV4 } from 'uuid';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
+import { TelemetryEventType } from '../../services/telemetry/types';
+import { useKibana } from '../../common/hooks/use_kibana';
+import type {
+  AIConnector,
+  ConfiguredAIConnectorType,
+  IntegrationSettings,
+} from './create_integration_assistant/types';
+
+const stepNames: Record<string, string> = {
+  '1': 'Connector Step',
+  '2': 'Integration Step',
+  '3': 'DataStream Step',
+  '4': 'Review Step',
+  '5': 'Deploy Step',
+};
+
+type ReportUploadZipIntegrationComplete = (params: {
+  integrationName?: string;
+  error?: string;
+}) => void;
+type ReportAssistantOpen = () => void;
+type ReportAssistantStepComplete = (params: { step: number }) => void;
+type ReportGenerationComplete = (params: {
+  connector: AIConnector;
+  integrationSettings: IntegrationSettings;
+  durationMs: number;
+  error?: string;
+}) => void;
+type ReportAssistantComplete = (params: {
+  integrationName: string;
+  integrationSettings: IntegrationSettings;
+  connector: AIConnector;
+}) => void;
+
+interface TelemetryContextProps {
+  reportUploadZipIntegrationComplete: ReportUploadZipIntegrationComplete;
+  reportAssistantOpen: ReportAssistantOpen;
+  reportAssistantStepComplete: ReportAssistantStepComplete;
+  reportGenerationComplete: ReportGenerationComplete;
+  reportAssistantComplete: ReportAssistantComplete;
+}
+
+const TelemetryContext = React.createContext<TelemetryContextProps | null>(null);
+export const useTelemetry = () => {
+  const context = React.useContext(TelemetryContext);
+  if (!context) {
+    throw new Error('useTelemetry must be used within a TelemetryContextProvider');
+  }
+  return context;
+};
+
+export const TelemetryContextProvider = React.memo<PropsWithChildren<{}>>(({ children }) => {
+  const sessionData = useRef({ sessionId: uuidV4(), startedAt: Date.now() });
+  const stepsData = useRef({ startedAt: Date.now() });
+
+  const { telemetry } = useKibana().services;
+
+  const reportUploadZipIntegrationComplete = useCallback<ReportUploadZipIntegrationComplete>(
+    ({ integrationName, error }) => {
+      telemetry.reportEvent(TelemetryEventType.UploadIntegrationZipComplete, {
+        integrationName,
+        errorMessage: error,
+      });
+    },
+    [telemetry]
+  );
+
+  const reportAssistantOpen = useCallback<ReportAssistantOpen>(() => {
+    const sessionId = uuidV4();
+    sessionData.current = { sessionId, startedAt: Date.now() };
+    stepsData.current = { startedAt: Date.now() };
+    telemetry.reportEvent(TelemetryEventType.IntegrationAssistantOpen, {
+      sessionId,
+    });
+  }, [telemetry]);
+
+  const reportAssistantStepComplete = useCallback<ReportAssistantStepComplete>(
+    ({ step }) => {
+      telemetry.reportEvent(TelemetryEventType.IntegrationAssistantStepComplete, {
+        sessionId: sessionData.current.sessionId,
+        step,
+        stepName: stepNames[step.toString()] ?? 'Unknown Step',
+        durationMs: Date.now() - stepsData.current.startedAt,
+        sessionElapsedTime: Date.now() - sessionData.current.startedAt,
+      });
+      stepsData.current = { startedAt: Date.now() };
+    },
+    [telemetry]
+  );
+
+  const reportGenerationComplete = useCallback<ReportGenerationComplete>(
+    ({ connector, integrationSettings, durationMs, error }) => {
+      telemetry.reportEvent(TelemetryEventType.IntegrationAssistantGenerationComplete, {
+        sessionId: sessionData.current.sessionId,
+        sampleRows: integrationSettings?.logsSampleParsed?.length ?? 0,
+        actionTypeId: connector.actionTypeId,
+        model: getConnectorModel(connector),
+        provider: connector.apiProvider ?? 'unknown',
+        durationMs,
+        errorMessage: error,
+      });
+    },
+    [telemetry]
+  );
+
+  const reportAssistantComplete = useCallback<ReportAssistantComplete>(
+    ({ integrationName, integrationSettings, connector }) => {
+      telemetry.reportEvent(TelemetryEventType.IntegrationAssistantComplete, {
+        sessionId: sessionData.current.sessionId,
+        integrationName,
+        integrationDescription: integrationSettings?.description ?? 'unknown',
+        dataStreamName: integrationSettings?.dataStreamName ?? 'unknown',
+        inputType: integrationSettings?.inputType ?? 'unknown',
+        actionTypeId: connector.actionTypeId,
+        model: getConnectorModel(connector),
+        provider: connector.apiProvider ?? 'unknown',
+        durationMs: Date.now() - sessionData.current.startedAt,
+      });
+    },
+    [telemetry]
+  );
+
+  const value = useMemo<TelemetryContextProps>(
+    () => ({
+      reportUploadZipIntegrationComplete,
+      reportAssistantOpen,
+      reportAssistantStepComplete,
+      reportGenerationComplete,
+      reportAssistantComplete,
+    }),
+    [
+      reportUploadZipIntegrationComplete,
+      reportAssistantOpen,
+      reportAssistantStepComplete,
+      reportGenerationComplete,
+      reportAssistantComplete,
+    ]
+  );
+  return <TelemetryContext.Provider value={value}>{children}</TelemetryContext.Provider>;
+});
+TelemetryContextProvider.displayName = 'TelemetryContextProvider';
+
+const getConnectorModel = (connector: AIConnector): string => {
+  let model: string = 'unknown';
+  if (!connector.isPreconfigured) {
+    const { apiUrl, defaultModel } = (connector as ConfiguredAIConnectorType).config ?? {};
+    if (connector.apiProvider === OpenAiProviderType.AzureAi) {
+      model = getAzureModelFromParameter(apiUrl ?? '') ?? 'unknown';
+    } else {
+      model = defaultModel ?? 'unknown';
+    }
+  }
+  return model;
+};
+
+const getAzureModelFromParameter = (url: string): string | undefined => {
+  const urlSearchParams = new URLSearchParams(new URL(url).search);
+  if (urlSearchParams.get('api-version')) {
+    return `OpenAI version ${urlSearchParams.get('api-version')}`;
+  }
+  return undefined;
+};
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index_route.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts
similarity index 79%
rename from x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index_route.ts
rename to x-pack/plugins/integration_assistant/public/components/create_integration/types.ts
index ce01b06537ee1..9fa3554d95040 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index_route.ts
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts
@@ -5,6 +5,4 @@
  * 2.0.
  */
 
-export interface DeleteIndexResponse {
-  acknowledged: boolean;
-}
+export type CreateIntegrationComponent = React.ComponentType;
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/create_integration_card_button.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/create_integration_card_button.tsx
new file mode 100644
index 0000000000000..cb6e64a1aa554
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/create_integration_card_button.tsx
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiLink,
+  EuiPanel,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiImage,
+  EuiIcon,
+  EuiText,
+  EuiTitle,
+  useEuiTheme,
+} from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { css } from '@emotion/react';
+import integrationsImage from '../../common/images/integrations_light.svg';
+
+const useStyles = () => {
+  const { euiTheme } = useEuiTheme();
+  return {
+    image: css`
+      width: 160px;
+      height: 155px;
+      object-fit: cover;
+      object-position: left center;
+    `,
+    container: css`
+      height: 135px;
+    `,
+    textContainer: css`
+      height: 100%;
+      padding: ${euiTheme.size.l} 0 ${euiTheme.size.l} ${euiTheme.size.l};
+    `,
+  };
+};
+
+export interface CreateIntegrationCardButtonProps {
+  href: string;
+}
+export const CreateIntegrationCardButton = React.memo<CreateIntegrationCardButtonProps>(
+  ({ href }) => {
+    const styles = useStyles();
+    return (
+      <EuiPanel hasShadow={false} hasBorder paddingSize="none">
+        <EuiFlexGroup
+          justifyContent="flexEnd"
+          gutterSize="none"
+          css={styles.container}
+          responsive={false}
+        >
+          <EuiFlexItem grow={false}>
+            <EuiFlexGroup
+              direction="column"
+              gutterSize="none"
+              justifyContent="spaceBetween"
+              css={styles.textContainer}
+            >
+              <EuiFlexItem>
+                <EuiTitle size="xs">
+                  <h2>
+                    <FormattedMessage
+                      id="xpack.integrationAssistant.createIntegrationTitle"
+                      defaultMessage="Can't find an Integration?"
+                    />
+                  </h2>
+                </EuiTitle>
+                <EuiText size="s">
+                  <FormattedMessage
+                    id="xpack.integrationAssistant.createIntegrationDescription"
+                    defaultMessage="Create a custom one to fit your requirements"
+                  />
+                </EuiText>
+              </EuiFlexItem>
+              <EuiFlexItem grow={false}>
+                <EuiLink color="primary" href={href}>
+                  <EuiFlexGroup justifyContent="center" gutterSize="s" responsive={false}>
+                    <EuiFlexItem grow={false}>
+                      <EuiIcon type="plusInCircle" />
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <FormattedMessage
+                        id="xpack.integrationAssistant.createIntegrationButton"
+                        defaultMessage="Create new integration"
+                      />
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiLink>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiImage
+              alt="create integration background"
+              src={integrationsImage}
+              css={styles.image}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiPanel>
+    );
+  }
+);
+CreateIntegrationCardButton.displayName = 'CreateIntegrationCardButton';
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx
new file mode 100644
index 0000000000000..af39fdec1cf59
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLoadingSpinner } from '@elastic/eui';
+import React, { Suspense } from 'react';
+import type { CreateIntegrationCardButtonComponent } from './types';
+
+const CreateIntegrationCardButton = React.lazy(() =>
+  import('./create_integration_card_button').then((module) => ({
+    default: module.CreateIntegrationCardButton,
+  }))
+);
+
+export const getCreateIntegrationCardButtonLazy = (): CreateIntegrationCardButtonComponent =>
+  React.memo(function CreateIntegrationCardButtonLazy(props) {
+    return (
+      <Suspense fallback={<EuiLoadingSpinner size="l" />}>
+        <CreateIntegrationCardButton {...props} />
+      </Suspense>
+    );
+  });
diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/types.ts b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/types.ts
new file mode 100644
index 0000000000000..1e4ddf573fe72
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/types.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CreateIntegrationCardButtonProps } from './create_integration_card_button';
+
+export type CreateIntegrationCardButtonComponent =
+  React.ComponentType<CreateIntegrationCardButtonProps>;
diff --git a/x-pack/plugins/integration_assistant/public/index.ts b/x-pack/plugins/integration_assistant/public/index.ts
new file mode 100644
index 0000000000000..9c77b3c7d71bc
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { IntegrationAssistantPlugin } from './plugin';
+export type { IntegrationAssistantPluginSetup, IntegrationAssistantPluginStart } from './types';
+
+export function plugin() {
+  return new IntegrationAssistantPlugin();
+}
diff --git a/x-pack/plugins/integration_assistant/public/plugin.ts b/x-pack/plugins/integration_assistant/public/plugin.ts
new file mode 100644
index 0000000000000..9eb03950062c6
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/plugin.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CoreStart, Plugin, CoreSetup } from '@kbn/core/public';
+import type {
+  IntegrationAssistantPluginSetup,
+  IntegrationAssistantPluginStart,
+  IntegrationAssistantPluginStartDependencies,
+} from './types';
+import { getCreateIntegrationLazy } from './components/create_integration';
+import { getCreateIntegrationCardButtonLazy } from './components/create_integration_card_button';
+import { Telemetry, type Services } from './services';
+
+export class IntegrationAssistantPlugin
+  implements Plugin<IntegrationAssistantPluginSetup, IntegrationAssistantPluginStart>
+{
+  private telemetry = new Telemetry();
+
+  public setup(core: CoreSetup): IntegrationAssistantPluginSetup {
+    this.telemetry.setup(core.analytics);
+    return {};
+  }
+
+  public start(
+    core: CoreStart,
+    dependencies: IntegrationAssistantPluginStartDependencies
+  ): IntegrationAssistantPluginStart {
+    const services: Services = {
+      ...core,
+      ...dependencies,
+      telemetry: this.telemetry.start(),
+    };
+
+    return {
+      CreateIntegration: getCreateIntegrationLazy(services),
+      CreateIntegrationCardButton: getCreateIntegrationCardButtonLazy(),
+    };
+  }
+
+  public stop() {}
+}
diff --git a/x-pack/plugins/integration_assistant/public/services/index.ts b/x-pack/plugins/integration_assistant/public/services/index.ts
new file mode 100644
index 0000000000000..346c3e2d04a37
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/services/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CoreStart } from '@kbn/core/public';
+import type { IntegrationAssistantPluginStartDependencies } from '../types';
+import type { TelemetryService } from './telemetry/service';
+
+export { Telemetry } from './telemetry/service';
+
+export type Services = CoreStart &
+  IntegrationAssistantPluginStartDependencies & { telemetry: TelemetryService };
diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts
new file mode 100644
index 0000000000000..91d8abbf68dbd
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts
@@ -0,0 +1,208 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { RootSchema } from '@kbn/core-analytics-browser';
+import { TelemetryEventType, type TelemetryEventTypeData } from './types';
+
+type TelemetryEventsSchemas = {
+  [T in TelemetryEventType]: RootSchema<TelemetryEventTypeData<T>>;
+};
+
+/**
+ * telemetryEventsSchemas
+ * Defines the schema for each of the event types
+ * */
+export const telemetryEventsSchemas: TelemetryEventsSchemas = {
+  [TelemetryEventType.UploadIntegrationZipComplete]: {
+    integrationName: {
+      type: 'keyword',
+      _meta: {
+        description: 'The name of the integration in the zip file that was uploaded',
+        optional: true,
+      },
+    },
+    errorMessage: {
+      type: 'text',
+      _meta: {
+        description: 'The error message if the upload failed',
+        optional: true,
+      },
+    },
+  },
+
+  [TelemetryEventType.IntegrationAssistantOpen]: {
+    sessionId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The ID to identify all the events the same session',
+        optional: false,
+      },
+    },
+  },
+
+  [TelemetryEventType.IntegrationAssistantStepComplete]: {
+    sessionId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The ID to identify all the events the same session',
+        optional: false,
+      },
+    },
+    step: {
+      type: 'long',
+      _meta: {
+        description: 'The step number',
+        optional: false,
+      },
+    },
+    stepName: {
+      type: 'keyword',
+      _meta: {
+        description: 'The name of the step',
+        optional: false,
+      },
+    },
+    durationMs: {
+      type: 'long',
+      _meta: {
+        description: 'Time spent in the current step',
+        optional: false,
+      },
+    },
+    sessionElapsedTime: {
+      type: 'long',
+      _meta: {
+        description: 'Total time spent in the current generation session',
+        optional: false,
+      },
+    },
+  },
+
+  [TelemetryEventType.IntegrationAssistantGenerationComplete]: {
+    sessionId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The ID to identify all the events the same session',
+        optional: false,
+      },
+    },
+    sampleRows: {
+      type: 'long',
+      _meta: {
+        description: 'The number of log rows provided as sample data',
+        optional: false,
+      },
+    },
+    durationMs: {
+      type: 'long',
+      _meta: {
+        description: 'Time spent in the generation process',
+        optional: false,
+      },
+    },
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The connector action type ID',
+        optional: false,
+      },
+    },
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'The model used to generate the integration',
+        optional: false,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'The provider of the LLM',
+        optional: false,
+      },
+    },
+    errorMessage: {
+      type: 'text',
+      _meta: {
+        description: 'The error message if the generation failed',
+        optional: true,
+      },
+    },
+  },
+
+  [TelemetryEventType.IntegrationAssistantComplete]: {
+    sessionId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The ID to identify all the events the same session',
+        optional: false,
+      },
+    },
+    durationMs: {
+      type: 'long',
+      _meta: {
+        description: 'Total time spent in the workflow',
+        optional: false,
+      },
+    },
+    integrationName: {
+      type: 'keyword',
+      _meta: {
+        description: 'The name of the integration',
+        optional: false,
+      },
+    },
+    integrationDescription: {
+      type: 'keyword',
+      _meta: {
+        description: 'The description of the integration',
+        optional: false,
+      },
+    },
+    dataStreamName: {
+      type: 'keyword',
+      _meta: {
+        description: 'The name of the data stream used for the integration',
+        optional: false,
+      },
+    },
+    inputType: {
+      type: 'keyword',
+      _meta: {
+        description: 'The input type used for the integration',
+        optional: false,
+      },
+    },
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'The connector action type ID',
+        optional: false,
+      },
+    },
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'The model used to generate the integration',
+        optional: false,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'The provider of the LLM',
+        optional: false,
+      },
+    },
+    errorMessage: {
+      type: 'text',
+      _meta: {
+        description: 'The error message if the workflow failed',
+        optional: true,
+      },
+    },
+  },
+};
diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts
new file mode 100644
index 0000000000000..647cd79df37eb
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { AnalyticsServiceSetup } from '@kbn/core-analytics-browser';
+import { telemetryEventsSchemas } from './events';
+import type { TelemetryEventType, TelemetryEventTypeData } from './types';
+
+export interface TelemetryService {
+  reportEvent: <T extends TelemetryEventType>(
+    eventType: T,
+    eventData: TelemetryEventTypeData<T>
+  ) => void;
+}
+
+/**
+ * Service that interacts with the Core's analytics module
+ */
+export class Telemetry {
+  private analytics?: AnalyticsServiceSetup;
+
+  public setup(analytics: AnalyticsServiceSetup) {
+    this.analytics = analytics;
+
+    Object.entries(telemetryEventsSchemas).forEach(([eventType, schema]) => {
+      const event = { eventType, schema };
+      analytics.registerEventType<TelemetryEventTypeData<TelemetryEventType>>(event);
+    });
+  }
+
+  public start(): TelemetryService {
+    const reportEvent = this.analytics?.reportEvent.bind(this.analytics);
+    if (!reportEvent) {
+      throw new Error(
+        'The Telemetry.setup() method has not been invoked, be sure to call it during the plugin setup.'
+      );
+    }
+    return { reportEvent };
+  }
+}
diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts
new file mode 100644
index 0000000000000..98ba1c0792caa
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts
@@ -0,0 +1,74 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// Event type definitions
+export enum TelemetryEventType {
+  UploadIntegrationZipComplete = 'upload_integration_zip_complete',
+  IntegrationAssistantOpen = 'integration_assistant_open',
+  IntegrationAssistantStepComplete = 'integration_assistant_step_complete',
+  IntegrationAssistantGenerationComplete = 'integration_assistant_generation_complete',
+  IntegrationAssistantComplete = 'integration_assistant_complete',
+}
+
+// Event data definitions
+
+interface UploadIntegrationZipCompleteData {
+  integrationName?: string;
+  errorMessage?: string;
+}
+
+interface IntegrationAssistantOpenData {
+  sessionId: string;
+}
+
+interface IntegrationAssistantStepCompleteData {
+  sessionId: string;
+  step: number;
+  stepName: string;
+  durationMs: number; // Time spent in the current step
+  sessionElapsedTime: number; // Total time spent in the current generation session
+}
+
+interface IntegrationAssistantGenerationCompleteData {
+  sessionId: string;
+  sampleRows: number;
+  durationMs: number;
+  actionTypeId: string;
+  model: string;
+  provider: string;
+  errorMessage?: string;
+}
+
+interface IntegrationAssistantCompleteData {
+  sessionId: string;
+  durationMs: number;
+  integrationName: string;
+  integrationDescription: string;
+  dataStreamName: string;
+  inputType: string;
+  actionTypeId: string;
+  model: string;
+  provider: string;
+  errorMessage?: string;
+}
+
+/**
+ * TelemetryEventTypeData
+ * Defines the relation between event types and their corresponding event data
+ * */
+export type TelemetryEventTypeData<T extends TelemetryEventType> =
+  T extends TelemetryEventType.UploadIntegrationZipComplete
+    ? UploadIntegrationZipCompleteData
+    : T extends TelemetryEventType.IntegrationAssistantOpen
+    ? IntegrationAssistantOpenData
+    : T extends TelemetryEventType.IntegrationAssistantStepComplete
+    ? IntegrationAssistantStepCompleteData
+    : T extends TelemetryEventType.IntegrationAssistantGenerationComplete
+    ? IntegrationAssistantGenerationCompleteData
+    : T extends TelemetryEventType.IntegrationAssistantComplete
+    ? IntegrationAssistantCompleteData
+    : never;
diff --git a/x-pack/plugins/integration_assistant/public/services/types.ts b/x-pack/plugins/integration_assistant/public/services/types.ts
new file mode 100644
index 0000000000000..0221da63b2676
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/services/types.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { CoreStart } from '@kbn/core/public';
+import type { IntegrationAssistantPluginStartDependencies } from '../types';
+import type { TelemetryService } from './telemetry/service';
+
+export type Services = CoreStart &
+  IntegrationAssistantPluginStartDependencies & { telemetry: TelemetryService };
diff --git a/x-pack/plugins/integration_assistant/public/types.ts b/x-pack/plugins/integration_assistant/public/types.ts
new file mode 100644
index 0000000000000..35f108f84883c
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/public/types.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type {
+  TriggersAndActionsUIPublicPluginSetup,
+  TriggersAndActionsUIPublicPluginStart,
+} from '@kbn/triggers-actions-ui-plugin/public';
+import type { CreateIntegrationComponent } from './components/create_integration/types';
+import type { CreateIntegrationCardButtonComponent } from './components/create_integration_card_button/types';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface IntegrationAssistantPluginSetup {}
+
+export interface IntegrationAssistantPluginStart {
+  CreateIntegration: CreateIntegrationComponent;
+  CreateIntegrationCardButton: CreateIntegrationCardButtonComponent;
+}
+
+export interface IntegrationAssistantPluginSetupDependencies {
+  triggersActionsUi: TriggersAndActionsUIPublicPluginSetup;
+}
+
+export interface IntegrationAssistantPluginStartDependencies {
+  triggersActionsUi: TriggersAndActionsUIPublicPluginStart;
+}
diff --git a/x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts b/x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts
new file mode 100644
index 0000000000000..35eb7fd28103a
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/__mocks__/mock_server.ts
@@ -0,0 +1,140 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { httpServiceMock } from '@kbn/core/server/mocks';
+import type { IRouter, RouteMethod, RequestHandler, KibanaRequest } from '@kbn/core/server';
+import type { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
+import type { RouterMock } from '@kbn/core-http-router-server-mocks';
+import type { AddVersionOpts, VersionedRouteConfig } from '@kbn/core-http-server';
+
+import { requestMock } from './request';
+import { responseMock as responseFactoryMock } from './response';
+import { requestContextMock } from './request_context';
+import { responseAdapter } from './test_adapters';
+
+interface Route {
+  config: AddVersionOpts<unknown, unknown, unknown>;
+  handler: RequestHandler;
+}
+
+interface RegisteredVersionedRoute {
+  routeConfig: VersionedRouteConfig<RouterMethod>;
+  versionConfig: AddVersionOpts<unknown, unknown, unknown>;
+  routeHandler: RequestHandler;
+}
+
+type RouterMethod = Extract<keyof IRouter, RouteMethod>;
+
+export const getRegisteredVersionedRouteMock = (
+  routerMock: RouterMock,
+  method: RouterMethod,
+  path: string,
+  version: string
+): RegisteredVersionedRoute => {
+  const route = routerMock.versioned.getRoute(method, path);
+  const routeVersion = route.versions[version];
+
+  if (!routeVersion) {
+    throw new Error(`Handler for [${method}][${path}] with version [${version}] no found!`);
+  }
+
+  return {
+    routeConfig: route.config,
+    versionConfig: routeVersion.config,
+    routeHandler: routeVersion.handler,
+  };
+};
+
+const getRoute = (routerMock: MockServer['router'], request: KibanaRequest): Route => {
+  const versionedRouteCalls = [
+    ...routerMock.versioned.get.mock.calls,
+    ...routerMock.versioned.post.mock.calls,
+    ...routerMock.versioned.put.mock.calls,
+    ...routerMock.versioned.patch.mock.calls,
+    ...routerMock.versioned.delete.mock.calls,
+  ];
+
+  const [versionedRoute] = versionedRouteCalls;
+
+  if (!versionedRoute) {
+    throw new Error('No route registered!');
+  }
+
+  const { routeHandler, versionConfig } = getRegisteredVersionedRouteMock(
+    routerMock,
+    request.route.method,
+    request.route.path,
+    '1'
+  );
+
+  return { config: versionConfig, handler: routeHandler };
+};
+
+const buildResultMock = () => ({ ok: jest.fn((x) => x), badRequest: jest.fn((x) => x) });
+
+class MockServer {
+  constructor(
+    public readonly router = httpServiceMock.createRouter(),
+    private responseMock = responseFactoryMock.create(),
+    private contextMock = requestContextMock.convertContext(requestContextMock.create()),
+    private resultMock = buildResultMock()
+  ) {}
+
+  public validate(request: KibanaRequest) {
+    this.validateRequest(request);
+    return this.resultMock;
+  }
+
+  public async inject(request: KibanaRequest, context: RequestHandlerContext = this.contextMock) {
+    const validatedRequest = this.validateRequest(request);
+
+    const [rejection] = this.resultMock.badRequest.mock.calls;
+    if (rejection) {
+      throw new Error(`Request was rejected with message: '${rejection}'`);
+    }
+
+    await this.getRoute(validatedRequest).handler(context, validatedRequest, this.responseMock);
+
+    return responseAdapter(this.responseMock);
+  }
+
+  private getRoute(request: KibanaRequest): Route {
+    return getRoute(this.router, request);
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  private maybeValidate(part: any, validator?: any): any {
+    return typeof validator === 'function' ? validator(part, this.resultMock) : part;
+  }
+
+  private validateRequest(request: KibanaRequest): KibanaRequest {
+    const config = this.getRoute(request).config;
+    const validations = config.validate
+      ? typeof config.validate === 'function'
+        ? config.validate().request
+        : config.validate.request
+      : undefined;
+    if (!validations) {
+      return request;
+    }
+
+    const validatedRequest = requestMock.create({
+      path: request.route.path,
+      method: request.route.method,
+      body: this.maybeValidate(request.body, validations.body),
+      query: this.maybeValidate(request.query, validations.query),
+      params: this.maybeValidate(request.params, validations.params),
+    });
+
+    return validatedRequest;
+  }
+}
+const createMockServer = () => new MockServer();
+
+export const serverMock = {
+  create: createMockServer,
+};
diff --git a/x-pack/plugins/integration_assistant/server/__mocks__/request.ts b/x-pack/plugins/integration_assistant/server/__mocks__/request.ts
new file mode 100644
index 0000000000000..827f08683e0b8
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/__mocks__/request.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { httpServerMock } from '@kbn/core/server/mocks';
+
+export const requestMock = {
+  create: httpServerMock.createKibanaRequest,
+};
diff --git a/x-pack/plugins/integration_assistant/server/__mocks__/request_context.ts b/x-pack/plugins/integration_assistant/server/__mocks__/request_context.ts
new file mode 100644
index 0000000000000..f7b27c353e2af
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/__mocks__/request_context.ts
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { coreMock } from '@kbn/core/server/mocks';
+import type { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server';
+import { loggerMock } from '@kbn/logging-mocks';
+import { FakeLLM } from '@langchain/core/utils/testing';
+import {
+  ActionsClientChatOpenAI,
+  ActionsClientSimpleChatModel,
+} from '@kbn/langchain/server/language_models';
+
+export const createMockClients = () => {
+  const core = coreMock.createRequestHandlerContext();
+
+  return {
+    core,
+    clusterClient: core.elasticsearch.client,
+    savedObjectsClient: core.savedObjects.client,
+  };
+};
+
+type MockClients = ReturnType<typeof createMockClients>;
+
+const convertRequestContextMock = <T extends Record<string, unknown>>(context: T) => {
+  return coreMock.createCustomRequestHandlerContext(context);
+};
+
+const mockLlm = new FakeLLM({
+  response: JSON.stringify({}, null, 2),
+}) as unknown as ActionsClientChatOpenAI | ActionsClientSimpleChatModel;
+
+jest.mock('@kbn/langchain/server/language_models', () => {
+  return {
+    ActionsClientSimpleChatModel: jest.fn().mockImplementation(() => {
+      return mockLlm;
+    }),
+    ActionsClientChatOpenAI: jest.fn().mockImplementation(() => {
+      return mockLlm;
+    }),
+  };
+});
+
+const actions = {
+  getActionsClientWithRequest: jest.fn().mockResolvedValue({
+    get: jest.fn().mockResolvedValue({
+      mockLlm,
+    }),
+    execute: jest.fn().mockResolvedValue({
+      status: 'ok',
+      data: {
+        message: '{"Answer": "testAction"}',
+      },
+    }),
+  }),
+} as unknown as ActionsPluginStart;
+
+const coreSetupMock = coreMock.createSetup();
+const createRequestContextMock = (clients: MockClients = createMockClients()) => {
+  return {
+    integrationAssistant: {
+      getStartServices: (coreSetupMock.getStartServices as jest.Mock).mockImplementation(
+        async () => {
+          return [
+            {},
+            {
+              actions,
+            },
+          ];
+        }
+      ),
+      logger: loggerMock.create(),
+    },
+  };
+};
+
+const createTools = () => {
+  const clients = createMockClients();
+  const context = createRequestContextMock(clients);
+
+  return { clients, context };
+};
+
+export const requestContextMock = {
+  create: createRequestContextMock,
+  convertContext: convertRequestContextMock,
+  createTools,
+};
diff --git a/x-pack/plugins/integration_assistant/server/__mocks__/response.ts b/x-pack/plugins/integration_assistant/server/__mocks__/response.ts
new file mode 100644
index 0000000000000..8efe2407f2245
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/__mocks__/response.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { httpServerMock } from '@kbn/core/server/mocks';
+
+export const responseMock = {
+  create: httpServerMock.createResponseFactory,
+};
diff --git a/x-pack/plugins/integration_assistant/server/__mocks__/test_adapters.ts b/x-pack/plugins/integration_assistant/server/__mocks__/test_adapters.ts
new file mode 100644
index 0000000000000..8972c5f102bdb
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/__mocks__/test_adapters.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { responseMock } from './response';
+
+type ResponseMock = ReturnType<typeof responseMock.create>;
+type Method = keyof ResponseMock;
+
+type MockCall = any; // eslint-disable-line @typescript-eslint/no-explicit-any
+
+interface ResponseCall {
+  body: any; // eslint-disable-line @typescript-eslint/no-explicit-any
+  status: number;
+}
+
+/**
+ * @internal
+ */
+export interface Response extends ResponseCall {
+  calls: ResponseCall[];
+}
+
+const buildResponses = (method: Method, calls: MockCall[]): ResponseCall[] => {
+  if (!calls.length) return [];
+
+  switch (method) {
+    case 'ok':
+      return calls.map(([call]) => ({ status: 200, body: call.body }));
+    case 'custom':
+      return calls.map(([call]) => ({
+        status: call.statusCode,
+        body: JSON.parse(call.body),
+      }));
+    case 'badRequest':
+      return calls.map(([call]) => ({
+        status: 400,
+        body: call.body,
+      }));
+    default:
+      throw new Error(`Encountered unexpected call to response.${method}`);
+  }
+};
+
+export const responseAdapter = (response: ResponseMock): Response => {
+  const methods = Object.keys(response) as Method[];
+  const calls = methods
+    .reduce<Response['calls']>((responses, method) => {
+      const methodMock = response[method];
+      return [...responses, ...buildResponses(method, methodMock.mock.calls)];
+    }, [])
+    .sort((call, other) => other.status - call.status);
+
+  const [{ body, status }] = calls;
+
+  return {
+    body,
+    status,
+    calls,
+  };
+};
diff --git a/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts b/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts
new file mode 100644
index 0000000000000..95c56c777a315
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { handleCategorizationValidation } from './validate';
+import type { CategorizationState } from '../../types';
+import { categorizationTestState } from '../../../__jest__/fixtures/categorization';
+
+const testState: CategorizationState = categorizationTestState;
+
+describe('Testing categorization invalid category', () => {
+  it('handleCategorizationValidation()', async () => {
+    testState.pipelineResults = [{ test: 'testresult', event: { category: ['foo'] } }];
+    const response = handleCategorizationValidation(testState);
+    expect(response.invalidCategorization).toEqual([
+      {
+        error:
+          "field event.category's values (foo) is not one of the allowed values (api, authentication, configuration, database, driver, email, file, host, iam, intrusion_detection, library, malware, network, package, process, registry, session, threat, vulnerability, web)",
+      },
+    ]);
+    expect(response.lastExecutedChain).toBe('handleCategorizationValidation');
+  });
+});
+
+describe('Testing categorization invalid type', () => {
+  it('handleCategorizationValidation()', async () => {
+    testState.pipelineResults = [{ test: 'testresult', event: { type: ['foo'] } }];
+    const response = handleCategorizationValidation(testState);
+    expect(response.invalidCategorization).toEqual([
+      {
+        error:
+          "field event.type's values (foo) is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user)",
+      },
+    ]);
+    expect(response.lastExecutedChain).toBe('handleCategorizationValidation');
+  });
+});
+
+describe('Testing categorization invalid compatibility', () => {
+  it('handleCategorizationValidation()', async () => {
+    testState.pipelineResults = [
+      { test: 'testresult', event: { category: ['authentication'], type: ['access'] } },
+    ];
+    const response = handleCategorizationValidation(testState);
+    expect(response.invalidCategorization).toEqual([
+      {
+        error: 'event.type (access) not compatible with any of the event.category (authentication)',
+      },
+    ]);
+    expect(response.lastExecutedChain).toBe('handleCategorizationValidation');
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/integration_builder/build_integration.ts b/x-pack/plugins/integration_assistant/server/integration_builder/build_integration.ts
index 05018d056b498..064fc5cd3ca8f 100644
--- a/x-pack/plugins/integration_assistant/server/integration_builder/build_integration.ts
+++ b/x-pack/plugins/integration_assistant/server/integration_builder/build_integration.ts
@@ -9,10 +9,10 @@ import AdmZip from 'adm-zip';
 import nunjucks from 'nunjucks';
 import { tmpdir } from 'os';
 import { join as joinPath } from 'path';
-import type { Datastream, Integration } from '../../common';
+import type { DataStream, Integration } from '../../common';
 import { copySync, createSync, ensureDirSync, generateUniqueId } from '../util';
 import { createAgentInput } from './agent';
-import { createDatastream } from './data_stream';
+import { createDataStream } from './data_stream';
 import { createFieldMapping } from './fields';
 import { createPipeline } from './pipeline';
 
@@ -26,27 +26,30 @@ export async function buildPackage(integration: Integration): Promise<Buffer> {
   });
 
   const tmpDir = joinPath(tmpdir(), `integration-assistant-${generateUniqueId()}`);
-  const packageDir = createDirectories(tmpDir, integration);
+  const packageDirectoryName = `${integration.name}-0.1.0`;
+  const packageDir = createDirectories(tmpDir, integration, packageDirectoryName);
   const dataStreamsDir = joinPath(packageDir, 'data_stream');
 
   for (const dataStream of integration.dataStreams) {
     const dataStreamName = dataStream.name;
     const specificDataStreamDir = joinPath(dataStreamsDir, dataStreamName);
 
-    createDatastream(integration.name, specificDataStreamDir, dataStream);
+    createDataStream(integration.name, specificDataStreamDir, dataStream);
     createAgentInput(specificDataStreamDir, dataStream.inputTypes);
     createPipeline(specificDataStreamDir, dataStream.pipeline);
     createFieldMapping(integration.name, dataStreamName, specificDataStreamDir, dataStream.docs);
   }
 
-  const tmpPackageDir = joinPath(tmpDir, `${integration.name}-0.1.0`);
-
-  const zipBuffer = await createZipArchive(tmpPackageDir);
+  const zipBuffer = await createZipArchive(tmpDir, packageDirectoryName);
   return zipBuffer;
 }
 
-function createDirectories(tmpDir: string, integration: Integration): string {
-  const packageDir = joinPath(tmpDir, `${integration.name}-0.1.0`);
+function createDirectories(
+  tmpDir: string,
+  integration: Integration,
+  packageDirectoryName: string
+): string {
+  const packageDir = joinPath(tmpDir, packageDirectoryName);
   ensureDirSync(tmpDir);
   ensureDirSync(packageDir);
   createPackage(packageDir, integration);
@@ -95,7 +98,7 @@ function createChangelog(packageDir: string): void {
 function createReadme(packageDir: string, integration: Integration) {
   const readmeDirPath = joinPath(packageDir, '_dev/build/docs/');
   ensureDirSync(readmeDirPath);
-  const readmeTemplate = nunjucks.render('readme.md.njk', {
+  const readmeTemplate = nunjucks.render('package_readme.md.njk', {
     package_name: integration.name,
     data_streams: integration.dataStreams,
   });
@@ -103,9 +106,10 @@ function createReadme(packageDir: string, integration: Integration) {
   createSync(joinPath(readmeDirPath, 'README.md'), readmeTemplate);
 }
 
-async function createZipArchive(tmpPackageDir: string): Promise<Buffer> {
+async function createZipArchive(tmpDir: string, packageDirectoryName: string): Promise<Buffer> {
+  const tmpPackageDir = joinPath(tmpDir, packageDirectoryName);
   const zip = new AdmZip();
-  zip.addLocalFolder(tmpPackageDir);
+  zip.addLocalFolder(tmpPackageDir, packageDirectoryName);
   const buffer = zip.toBuffer();
   return buffer;
 }
@@ -113,7 +117,7 @@ async function createZipArchive(tmpPackageDir: string): Promise<Buffer> {
 function createPackageManifest(packageDir: string, integration: Integration): void {
   const uniqueInputs: { [key: string]: { type: string; title: string; description: string } } = {};
 
-  integration.dataStreams.forEach((dataStream: Datastream) => {
+  integration.dataStreams.forEach((dataStream: DataStream) => {
     dataStream.inputTypes.forEach((inputType: string) => {
       if (!uniqueInputs[inputType]) {
         uniqueInputs[inputType] = {
diff --git a/x-pack/plugins/integration_assistant/server/integration_builder/data_stream.ts b/x-pack/plugins/integration_assistant/server/integration_builder/data_stream.ts
index 8236666aec321..3fb1fa21dc753 100644
--- a/x-pack/plugins/integration_assistant/server/integration_builder/data_stream.ts
+++ b/x-pack/plugins/integration_assistant/server/integration_builder/data_stream.ts
@@ -7,13 +7,13 @@
 
 import nunjucks from 'nunjucks';
 import { join as joinPath } from 'path';
-import type { Datastream } from '../../common';
+import type { DataStream } from '../../common';
 import { copySync, createSync, ensureDirSync, listDirSync } from '../util';
 
-export function createDatastream(
+export function createDataStream(
   packageName: string,
   specificDataStreamDir: string,
-  dataStream: Datastream
+  dataStream: DataStream
 ): void {
   const dataStreamName = dataStream.name;
   const pipelineDir = joinPath(specificDataStreamDir, 'elasticsearch', 'ingest_pipeline');
@@ -40,16 +40,6 @@ export function createDatastream(
 
     const combinedManifest = `${dataStreamManifest}\n${commonManifest}`;
     dataStreams.push(combinedManifest);
-
-    // We comment this out for now, as its not really needed for custom integrations
-    /* createDataStreamSystemTests(
-      specificDataStreamDir,
-      inputType,
-      mappedValues,
-      packageName,
-      dataStreamName
-    );
-    */
   }
 
   const finalManifest = nunjucks.render('data_stream.yml.njk', {
@@ -96,27 +86,3 @@ function createPipelineTests(
   );
   createSync(testFileName, rawSamples.join('\n'));
 }
-
-// We are skipping this one for now, as its not really needed for custom integrations
-/* function createDataStreamSystemTests(
-  specificDataStreamDir: string,
-  inputType: string,
-  mappedValues: Record<string, string>,
-  packageName: string,
-  dataStreamName: string
-): void {
-  const systemTestTemplatesDir = joinPath(__dirname, '../templates/system_tests');
-  nunjucks.configure({ autoescape: true });
-  const env = new nunjucks.Environment(new nunjucks.FileSystemLoader(systemTestTemplatesDir));
-  mappedValues.package_name = packageName.replace(/_/g, '-');
-  mappedValues.data_stream_name = dataStreamName.replace(/_/g, '-');
-  const systemTestFolder = joinPath(specificDataStreamDir, '_dev/test/system');
-
-  fs.mkdirSync(systemTestFolder, { recursive: true });
-
-  const systemTestTemplate = env.getTemplate(`test_${inputType.replaceAll('-', '_')}_config.yml.njk`);
-  const systemTestRendered = systemTestTemplate.render(mappedValues);
-
-  const systemTestFileName = joinPath(systemTestFolder, `test-${inputType}-config.yml`);
-  fs.writeFileSync(systemTestFileName, systemTestRendered, 'utf-8');
-}*/
diff --git a/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.test.ts b/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.test.ts
new file mode 100644
index 0000000000000..6809d826cb81f
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.test.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { serverMock } from '../__mocks__/mock_server';
+import { requestMock } from '../__mocks__/request';
+import { requestContextMock } from '../__mocks__/request_context';
+import { INTEGRATION_BUILDER_PATH } from '../../common';
+import { registerIntegrationBuilderRoutes } from './build_integration_routes';
+
+jest.mock('../integration_builder', () => {
+  return {
+    buildPackage: jest.fn().mockReturnValue(Buffer.from('{"test" : "test"}')),
+  };
+});
+
+describe('registerIntegrationBuilderRoutes', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let { context } = requestContextMock.createTools();
+
+  const req = requestMock.create({
+    method: 'post',
+    path: INTEGRATION_BUILDER_PATH,
+    body: {
+      integration: {
+        name: 'Test',
+        title: 'Title',
+        description: 'Description',
+        dataStreams: [
+          {
+            name: 'dsName',
+            title: 'dsTitle',
+            description: 'dsDesc',
+            inputTypes: ['filestream'],
+            rawSamples: ['{"ei":0}'],
+            pipeline: {
+              processors: [{ script: { source: {} } }],
+            },
+            docs: [],
+          },
+        ],
+      },
+    },
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    server = serverMock.create();
+    ({ context } = requestContextMock.createTools());
+    registerIntegrationBuilderRoutes(server.router);
+  });
+
+  it('Runs route and gets CheckPipelineResponse', async () => {
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.body).toEqual({ test: 'test' });
+    expect(response.status).toEqual(200);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.ts b/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.ts
index c3943c7d6398d..e9f0d000e040a 100644
--- a/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/build_integration_routes.ts
@@ -32,7 +32,11 @@ export function registerIntegrationBuilderRoutes(
         const { integration } = request.body;
         try {
           const zippedIntegration = await buildPackage(integration);
-          return response.custom({ statusCode: 200, body: zippedIntegration });
+          return response.custom({
+            statusCode: 200,
+            body: zippedIntegration,
+            headers: { 'Content-Type': 'application/zip' },
+          });
         } catch (e) {
           return response.customError({ statusCode: 500, body: e });
         }
diff --git a/x-pack/plugins/integration_assistant/server/routes/categorization_routes.test.ts b/x-pack/plugins/integration_assistant/server/routes/categorization_routes.test.ts
new file mode 100644
index 0000000000000..5a62162eae543
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/routes/categorization_routes.test.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { serverMock } from '../__mocks__/mock_server';
+import { requestMock } from '../__mocks__/request';
+import { requestContextMock } from '../__mocks__/request_context';
+import { CATEGORIZATION_GRAPH_PATH } from '../../common';
+import { registerCategorizationRoutes } from './categorization_routes';
+
+const mockResult = jest.fn().mockResolvedValue({
+  results: {
+    pipeline: {
+      processors: [{ script: { source: {} } }],
+    },
+    docs: [],
+  },
+});
+
+jest.mock('../graphs/categorization', () => {
+  return {
+    getCategorizationGraph: jest.fn().mockResolvedValue({
+      invoke: () => mockResult(),
+    }),
+  };
+});
+
+describe('registerCategorizationRoute', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let { context } = requestContextMock.createTools();
+
+  const req = requestMock.create({
+    method: 'post',
+    path: CATEGORIZATION_GRAPH_PATH,
+    body: {
+      packageName: 'pack',
+      dataStreamName: 'testStream',
+      rawSamples: ['{"ei":0}'],
+      currentPipeline: { processors: [{ script: { source: {} } }] },
+      connectorId: 'testConnector',
+    },
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    server = serverMock.create();
+    ({ context } = requestContextMock.createTools());
+    registerCategorizationRoutes(server.router);
+  });
+
+  it('Runs route and gets CategorizationResponse', async () => {
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.body).toEqual({
+      results: { docs: [], pipeline: { processors: [{ script: { source: {} } }] } },
+    });
+    expect(response.status).toEqual(200);
+  });
+
+  it('Runs route with badRequest', async () => {
+    mockResult.mockResolvedValueOnce({});
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.status).toEqual(400);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/routes/categorization_routes.ts b/x-pack/plugins/integration_assistant/server/routes/categorization_routes.ts
index 5ec9dc1b758ef..6654898bd0232 100644
--- a/x-pack/plugins/integration_assistant/server/routes/categorization_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/categorization_routes.ts
@@ -44,7 +44,7 @@ export function registerCategorizationRoutes(
         },
       },
       async (context, req, res): Promise<IKibanaResponse<CategorizationResponse>> => {
-        const { packageName, datastreamName, rawSamples, currentPipeline } = req.body;
+        const { packageName, dataStreamName, rawSamples, currentPipeline } = req.body;
         const services = await context.resolve(['core']);
         const { client } = services.core.elasticsearch;
         const { getStartServices, logger } = await context.integrationAssistant;
@@ -78,7 +78,7 @@ export function registerCategorizationRoutes(
           const graph = await getCategorizationGraph(client, model);
           const results = await graph.invoke({
             packageName,
-            datastreamName,
+            dataStreamName,
             rawSamples,
             currentPipeline,
           });
diff --git a/x-pack/plugins/integration_assistant/server/routes/ecs_routes.test.ts b/x-pack/plugins/integration_assistant/server/routes/ecs_routes.test.ts
new file mode 100644
index 0000000000000..70d0068eb963c
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/routes/ecs_routes.test.ts
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { serverMock } from '../__mocks__/mock_server';
+import { requestMock } from '../__mocks__/request';
+import { requestContextMock } from '../__mocks__/request_context';
+import { ECS_GRAPH_PATH } from '../../common';
+import { registerEcsRoutes } from './ecs_routes';
+
+const mockResult = jest.fn().mockResolvedValue({
+  results: {
+    pipeline: {
+      processors: [
+        {
+          script: {
+            source: {},
+          },
+        },
+      ],
+    },
+    mapping: {},
+  },
+});
+
+jest.mock('../graphs/ecs', () => {
+  return {
+    getEcsGraph: jest.fn().mockResolvedValue({
+      invoke: () => mockResult(),
+    }),
+  };
+});
+
+describe('registerEcsRoute', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let { context } = requestContextMock.createTools();
+
+  const req = requestMock.create({
+    method: 'post',
+    path: ECS_GRAPH_PATH,
+    body: {
+      packageName: 'pack',
+      dataStreamName: 'testStream',
+      rawSamples: ['{"ei":0}'],
+      connectorId: 'testConnector',
+    },
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    server = serverMock.create();
+    ({ context } = requestContextMock.createTools());
+    registerEcsRoutes(server.router);
+  });
+
+  it('Runs route and gets EcsMappingResponse', async () => {
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.body).toEqual({
+      results: { mapping: {}, pipeline: { processors: [{ script: { source: {} } }] } },
+    });
+    expect(response.status).toEqual(200);
+  });
+
+  it('Runs route with badRequest', async () => {
+    mockResult.mockResolvedValueOnce({});
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.status).toEqual(400);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/routes/ecs_routes.ts b/x-pack/plugins/integration_assistant/server/routes/ecs_routes.ts
index 1ee7659b3598b..ee461b94feba4 100644
--- a/x-pack/plugins/integration_assistant/server/routes/ecs_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/ecs_routes.ts
@@ -38,10 +38,9 @@ export function registerEcsRoutes(router: IRouter<IntegrationAssistantRouteHandl
         },
       },
       async (context, req, res): Promise<IKibanaResponse<EcsMappingResponse>> => {
-        const { packageName, datastreamName, rawSamples, mapping } = req.body;
+        const { packageName, dataStreamName, rawSamples, mapping } = req.body;
         const { getStartServices, logger } = await context.integrationAssistant;
         const [, { actions: actionsPlugin }] = await getStartServices();
-
         try {
           const actionsClient = await actionsPlugin.getActionsClientWithRequest(req);
           const connector = req.body.connectorId
@@ -73,14 +72,14 @@ export function registerEcsRoutes(router: IRouter<IntegrationAssistantRouteHandl
           if (req.body?.mapping) {
             results = await graph.invoke({
               packageName,
-              datastreamName,
+              dataStreamName,
               rawSamples,
               mapping,
             });
           } else
             results = await graph.invoke({
               packageName,
-              datastreamName,
+              dataStreamName,
               rawSamples,
             });
           return res.ok({ body: EcsMappingResponse.parse(results) });
diff --git a/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.test.ts b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.test.ts
new file mode 100644
index 0000000000000..c40472c1131d5
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.test.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { serverMock } from '../__mocks__/mock_server';
+import { requestMock } from '../__mocks__/request';
+import { requestContextMock } from '../__mocks__/request_context';
+import { CHECK_PIPELINE_PATH } from '../../common';
+import { registerPipelineRoutes } from './pipeline_routes';
+
+const errors: object[] = [];
+
+const pipelineResults = [
+  {
+    script: {
+      source: {},
+    },
+  },
+];
+
+jest.mock('../util/pipeline', () => {
+  return {
+    testPipeline: jest.fn().mockReturnValue({ errors, pipelineResults }),
+  };
+});
+
+describe('registerPipelineRoutes', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let { context } = requestContextMock.createTools();
+
+  const req = requestMock.create({
+    method: 'post',
+    path: CHECK_PIPELINE_PATH,
+    body: {
+      rawSamples: ['{"ei":0}'],
+      pipeline: { processors: [{ script: { source: {} } }] },
+    },
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    server = serverMock.create();
+    ({ context } = requestContextMock.createTools());
+    registerPipelineRoutes(server.router);
+  });
+
+  it('Runs route and gets CheckPipelineResponse', async () => {
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.body).toEqual({
+      results: { docs: [{ script: { source: {} } }] },
+    });
+    expect(response.status).toEqual(200);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts
index 4b4ccc0a859a5..0bf04e566c649 100644
--- a/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts
@@ -6,7 +6,7 @@
  */
 
 import type { IKibanaResponse, IRouter } from '@kbn/core/server';
-import { CheckPipelineRequestBody, CheckPipelineResponse, TEST_PIPELINE_PATH } from '../../common';
+import { CheckPipelineRequestBody, CheckPipelineResponse, CHECK_PIPELINE_PATH } from '../../common';
 import { ROUTE_HANDLER_TIMEOUT } from '../constants';
 import type { IntegrationAssistantRouteHandlerContext } from '../plugin';
 import { testPipeline } from '../util/pipeline';
@@ -15,7 +15,7 @@ import { buildRouteValidationWithZod } from '../util/route_validation';
 export function registerPipelineRoutes(router: IRouter<IntegrationAssistantRouteHandlerContext>) {
   router.versioned
     .post({
-      path: TEST_PIPELINE_PATH,
+      path: CHECK_PIPELINE_PATH,
       access: 'internal',
       options: {
         timeout: {
@@ -37,11 +37,13 @@ export function registerPipelineRoutes(router: IRouter<IntegrationAssistantRoute
         const services = await context.resolve(['core']);
         const { client } = services.core.elasticsearch;
         try {
-          const results = await testPipeline(rawSamples, pipeline, client);
-          if (results?.errors && results.errors.length > 0) {
-            return res.badRequest({ body: JSON.stringify(results.errors) });
+          const { errors, pipelineResults } = await testPipeline(rawSamples, pipeline, client);
+          if (errors?.length) {
+            return res.badRequest({ body: JSON.stringify(errors) });
           }
-          return res.ok({ body: CheckPipelineResponse.parse(results) });
+          return res.ok({
+            body: CheckPipelineResponse.parse({ results: { docs: pipelineResults } }),
+          });
         } catch (e) {
           return res.badRequest({ body: e });
         }
diff --git a/x-pack/plugins/integration_assistant/server/routes/related_routes.test.ts b/x-pack/plugins/integration_assistant/server/routes/related_routes.test.ts
new file mode 100644
index 0000000000000..f393b36a30599
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/routes/related_routes.test.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { serverMock } from '../__mocks__/mock_server';
+import { requestMock } from '../__mocks__/request';
+import { requestContextMock } from '../__mocks__/request_context';
+import { RELATED_GRAPH_PATH } from '../../common';
+import { registerRelatedRoutes } from './related_routes';
+
+const mockResult = jest.fn().mockResolvedValue({
+  results: {
+    pipeline: {
+      processors: [{ script: { source: {} } }],
+    },
+    docs: [],
+  },
+});
+
+jest.mock('../graphs/related', () => {
+  return {
+    getRelatedGraph: jest.fn().mockResolvedValue({
+      invoke: () => mockResult(),
+    }),
+  };
+});
+
+describe('registerRelatedRoutes', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let { context } = requestContextMock.createTools();
+
+  const req = requestMock.create({
+    method: 'post',
+    path: RELATED_GRAPH_PATH,
+    body: {
+      packageName: 'pack',
+      dataStreamName: 'testStream',
+      rawSamples: ['{"ei":0}'],
+      currentPipeline: { processors: [{ script: { source: {} } }] },
+      connectorId: 'testConnector',
+    },
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    server = serverMock.create();
+    ({ context } = requestContextMock.createTools());
+    registerRelatedRoutes(server.router);
+  });
+
+  it('Runs route and gets RelatedResponse', async () => {
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.body).toEqual({
+      results: { docs: [], pipeline: { processors: [{ script: { source: {} } }] } },
+    });
+    expect(response.status).toEqual(200);
+  });
+
+  it('Runs route with badRequest', async () => {
+    mockResult.mockResolvedValueOnce({});
+    const response = await server.inject(req, requestContextMock.convertContext(context));
+    expect(response.status).toEqual(400);
+  });
+});
diff --git a/x-pack/plugins/integration_assistant/server/routes/related_routes.ts b/x-pack/plugins/integration_assistant/server/routes/related_routes.ts
index 90533742e8ff7..e612b4d3a8d58 100644
--- a/x-pack/plugins/integration_assistant/server/routes/related_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/related_routes.ts
@@ -38,7 +38,7 @@ export function registerRelatedRoutes(router: IRouter<IntegrationAssistantRouteH
         },
       },
       async (context, req, res): Promise<IKibanaResponse<RelatedResponse>> => {
-        const { packageName, datastreamName, rawSamples, currentPipeline } = req.body;
+        const { packageName, dataStreamName, rawSamples, currentPipeline } = req.body;
         const services = await context.resolve(['core']);
         const { client } = services.core.elasticsearch;
         const { getStartServices, logger } = await context.integrationAssistant;
@@ -71,7 +71,7 @@ export function registerRelatedRoutes(router: IRouter<IntegrationAssistantRouteH
           const graph = await getRelatedGraph(client, model);
           const results = await graph.invoke({
             packageName,
-            datastreamName,
+            dataStreamName,
             rawSamples,
             currentPipeline,
           });
diff --git a/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs b/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs
new file mode 100644
index 0000000000000..2947f6343a763
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs
@@ -0,0 +1,163 @@
+data_stream:
+  dataset: {{data_stream.dataset}}
+interval: {{resource_interval}}
+
+program: {{escape_string program}}
+
+{{#if state}}
+state:
+  {{state}}
+{{/if}}
+redact.delete: {{delete_redacted_fields}}
+{{#if redact_fields}}
+redact.fields:
+{{#each redact_fields as |field|}}
+  - {{field}}
+{{/each}}
+{{/if}}
+
+{{#if regexp}}
+regexp:
+  {{regexp}}
+{{/if}}
+
+{{#if username}}
+auth.basic.user: {{username}}
+{{/if}}
+{{#if password}}
+auth.basic.password: {{password}}
+{{/if}}
+
+{{#unless username}}
+{{#unless password}}
+{{#if digest_username}}
+auth.digest.user: {{digest_username}}
+{{/if}}
+{{#if digest_password}}
+auth.digest.password: {{digest_password}}
+{{#if digest_no_reuse}}
+auth.digest.no_reuse: true
+{{/if}}
+{{/if}}
+{{/unless}}
+{{/unless}}
+
+{{#if pipeline}}
+pipeline: {{pipeline}}
+{{/if}}
+
+{{#unless username}}
+{{#unless password}}
+{{#unless digest_username}}
+{{#unless digest_password}}
+{{#if oauth_id}}
+auth.oauth2.client.id: {{oauth_id}}
+{{/if}}
+{{#if oauth_secret}}
+auth.oauth2.client.secret: {{oauth_secret}}
+{{/if}}
+{{#if oauth_token_url}}
+auth.oauth2.token_url: {{oauth_token_url}}
+{{/if}}
+{{#if oauth_provider}}
+auth.oauth2.provider: {{oauth_provider}}
+{{/if}}
+{{#if oauth_scopes}}
+auth.oauth2.scopes:
+{{#each oauth_scopes as |scope|}}
+  - {{scope}}
+{{/each}}
+{{/if}}
+{{#if oauth_google_credentials_file}}
+auth.oauth2.google.credentials_file: {{oauth_google_credentials_file}}
+{{/if}}
+{{#if oauth_google_credentials_json}}
+auth.oauth2.google.credentials_json: '{{oauth_google_credentials_json}}'
+{{/if}}
+{{#if oauth_google_jwt_file}}
+auth.oauth2.google.jwt_file: {{oauth_google_jwt_file}}
+{{/if}}
+{{#if oauth_google_jwt_json}}
+auth.oauth2.google.jwt_json: {{oauth_google_jwt_json}}
+{{/if}}
+{{#if oauth_google_delegated_account}}
+auth.oauth2.google.delegated_account: {{oauth_google_delegated_account}}
+{{/if}}
+{{#if oauth_azure_tenant_id}}
+auth.oauth2.azure.tenant_id: {{oauth_azure_tenant_id}}
+{{/if}}
+{{#if oauth_azure_resource}}
+auth.oauth2.azure.resource: {{oauth_azure_resource}}
+{{/if}}
+{{#if oauth_okta_jwk_file}}
+auth.oauth2.okta.jwk_file: {{oauth_okta_jwk_file}}
+{{/if}}
+{{#if oauth_okta_jwk_json}}
+auth.oauth2.okta.jwk_json: {{oauth_okta_jwk_json}}
+{{/if}}
+{{#if oauth_okta_jwk_pem}}
+auth.oauth2.okta.jwk_pem: {{oauth_okta_jwk_pem}}
+{{/if}}
+{{#if oauth_endpoint_params}}
+auth.oauth2.endpoint_params: 
+  {{oauth_endpoint_params}}
+{{/if}}
+{{/unless}}
+{{/unless}}
+{{/unless}}
+{{/unless}}
+
+resource.url: {{resource_url}}
+{{#if resource_ssl}}
+resource.ssl: 
+  {{resource_ssl}}
+{{/if}}
+{{#if resource_proxy_url}}
+resource.proxy_url: {{resource_proxy_url}}
+{{/if}}
+{{#if resource_retry_max_attempts}}
+resource.retry.max_attempts: {{resource_retry_max_attempts}}
+{{/if}}
+{{#if resource_retry_wait_min}}
+resource.retry.wait_min: {{resource_retry_wait_min}}
+{{/if}}
+{{#if resource_retry_wait_max}}
+resource.retry.wait_max: {{resource_retry_wait_max}}
+{{/if}}
+{{#if resource_redirect_forward_headers}}
+resource.redirect.forward_headers: {{resource_redirect_forward_headers}}
+{{/if}}
+{{#if resource_redirect_headers_ban_list}}
+resource.redirect.headers_ban_list:
+{{#each resource_redirect_headers_ban_list as |item|}}
+  - {{item}}
+{{/each}}
+{{/if}}
+{{#if resource_redirect_max_redirects}}
+resource.redirect.max_redirects: {{resource_redirect_max_redirects}}
+{{/if}}
+{{#if resource_rate_limit_limit}}
+resource.rate_limit.limit: {{resource_rate_limit_limit}}
+{{/if}}
+{{#if resource_rate_limit_burst}}
+resource.rate_limit.burst: {{resource_rate_limit_burst}}
+{{/if}}
+
+{{#if enable_request_tracer}}
+resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson"
+resource.tracer.maxbackups: 5
+{{/if}}
+
+{{#if tags}}
+tags:
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}
+{{/if}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+{{#if processors}}
+processors:
+{{processors}}
+{{/if}}
\ No newline at end of file
diff --git a/x-pack/plugins/integration_assistant/server/templates/img/logo.svg b/x-pack/plugins/integration_assistant/server/templates/img/logo.svg
deleted file mode 100644
index 173fdec5072e9..0000000000000
--- a/x-pack/plugins/integration_assistant/server/templates/img/logo.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path fill-rule="evenodd" clip-rule="evenodd" d="M17 13H8V15H17V13ZM24 18H8V20H24V18ZM8 23H24V25H8V23Z" fill="#017D73"/>
-    <path d="M21.41 0H5C3.34315 0 2 1.34315 2 3V29C2 30.6569 3.34315 32 5 32H27C28.6569 32 30 30.6569 30 29V8.59L21.41 0ZM22 3.41L26.59 8H22V3.41ZM27 30H5C4.44772 30 4 29.5523 4 29V3C4 2.44772 4.44772 2 5 2H20V10H28V29C28 29.5523 27.5523 30 27 30Z" fill="#343741"/>
-</svg>
\ No newline at end of file
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/aws_cloudwatch_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/aws_cloudwatch_manifest.yml.njk
index c2334c76052a0..df4168d944e72 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/aws_cloudwatch_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/aws_cloudwatch_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: aws-cloudwatch
   template_path: aws-cloudwatch.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: log_group_arn
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3.yml_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3_manifest.yml.njk
similarity index 98%
rename from x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3.yml_manifest.yml.njk
rename to x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3_manifest.yml.njk
index 6265b57e6ed35..af99ae4fc308d 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3.yml_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/aws_s3_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: aws-s3
   template_path: aws-s3.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: bucket_arn
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/azure_blob_storage_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/azure_blob_storage_manifest.yml.njk
index 897a6a043f86f..c3ba10d341241 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/azure_blob_storage_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/azure_blob_storage_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: azure-blob-storage
   template_path: azure-blob-storage.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: storage_url
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/azure_eventhub_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/azure_eventhub_manifest.yml.njk
index feac0ec87759f..fbe00b6212a9e 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/azure_eventhub_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/azure_eventhub_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: azure-eventhub
   template_path: azure-eventhub.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: eventhub
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk
new file mode 100644
index 0000000000000..04db3351691d4
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk
@@ -0,0 +1,339 @@
+- input: cel
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
+  vars:
+    - name: data_stream.dataset
+      type: text
+      title: Dataset name
+      description: |
+        Dataset to write data to. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html).
+      default: cel.cel
+      required: true
+      show_user: true
+    - name: pipeline
+      type: text
+      title: Ingest Pipeline
+      description: |
+        The Ingest Node pipeline ID to be used by the integration.
+      required: false
+      show_user: true
+    - name: resource_url
+      type: text
+      title: Resource URL
+      description: i.e. scheme://host:port/path
+      show_user: true
+      required: true
+      default: https://server.example.com:8089/api
+    - name: resource_interval
+      type: text
+      title: Resource Interval
+      description: How often the API is polled, supports seconds, minutes and hours.
+      show_user: true
+      required: true
+      default: 1m
+    - name: program
+      type: textarea
+      title: The CEL program to be run for each polling.
+      description: |
+        Program is the CEL program that is executed each polling period to get and transform the API data.
+        More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_execution).
+      show_user: true
+      multi: false
+      required: true
+      default: |
+        # // Fetch the agent's public IP every minute and note when the last request was made.
+        # // It does not use the Resource URL configuration value.
+        # bytes(get("https://api.ipify.org/?format=json").Body).as(body, {
+        #     "events": [body.decode_json().with({
+        #         "last_requested_at": has(state.cursor) && has(state.cursor.last_requested_at) ?
+        #             state.cursor.last_requested_at
+        #         :
+        #             now
+        #     })],
+        #     "cursor": {"last_requested_at": now}
+        # })
+    - name: state
+      type: yaml
+      title: Initial CEL evaluation state
+      description: |
+        State is the initial state to be provided to the program. If it has a cursor field, that field will be overwritten by any stored cursor, but will be available if no stored cursor exists.
+        More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#input-state-cel).
+      show_user: true
+      multi: false
+      required: false
+    - name: regexp
+      type: yaml
+      title: Defined Regular Expressions
+      description: |
+        Regexps is the set of regular expression to be made available to the program by name. The syntax used is [RE2](https://github.com/google/re2/wiki/Syntax).
+        More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#regexp-cel).
+      show_user: true
+      multi: false
+      required: false
+      default: |
+        #products: '(?i)(Elasticsearch|Beats|Logstash|Kibana)'
+        #solutions: '(?i)(Search|Observability|Security)'
+    - name: username
+      type: text
+      title: Basic Auth Username
+      show_user: true
+      required: false
+      description: The username to be used with Basic Auth headers
+    - name: password
+      type: password
+      title: Basic Auth Password
+      show_user: true
+      required: false
+      description: The password to be used with Basic Auth headers
+      secret: true
+    - name: digest_username
+      type: text
+      title: Digest Auth Username
+      show_user: true
+      required: false
+      description: The username to be used with Digest Auth headers
+    - name: digest_password
+      type: password
+      title: Digest Auth Password
+      show_user: true
+      required: false
+      description: The password to be used with Digest Auth headers
+      secret: true
+    - name: digest_no_reuse
+      type: bool
+      title: Digest No Challenge Reuse
+      show_user: true
+      required: false
+      description: Selecting no challenge reuse prevents the transport from reusing digest challenges
+    - name: oauth_id
+      type: text
+      title: OAuth2 Client ID
+      description: Client ID used for OAuth2 authentication
+      show_user: true
+      required: false
+    - name: oauth_secret
+      type: password
+      title: OAuth2 Client Secret
+      description: Client secret used for OAuth2 authentication
+      show_user: true
+      required: false
+      secret: true
+    - name: oauth_token_url
+      type: text
+      title: OAuth2 Token URL
+      description: The URL endpoint that will be used to generate the tokens during the oAuth2 flow. It is required if no oauth_custom variable is set or provider is not specified in oauth_custom variable.
+      show_user: true
+      required: false
+      secret: false
+    - name: redact_fields
+      type: text
+      title: Redacted fields
+      description: |
+        Fields to redact in debug logs. When logging at debug-level the input state and CEL evaluation state are included
+        in logs. This may leak secrets, so list sensitive state fields in this configuration.
+      show_user: true
+      multi: true
+      required: false
+    - name: delete_redacted_fields
+      type: bool
+      title: Delete redacted fields
+      description: |
+        The default behavior for field redaction is to replace characters with `*`s. If field value length or presence will
+        leak information, the fields can be deleted from logging by setting this configuration to true.
+      show_user: true
+      multi: false
+      default: false
+      required: true
+    - name: resource_ssl
+      type: yaml
+      title: Resource SSL Configuration
+      description: i.e. certificate_authorities, supported_protocols, verification_mode etc, more examples found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config)
+      multi: false
+      required: false
+      show_user: false
+    - name: resource_timeout
+      type: text
+      title: Resource Timeout
+      description: Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h. Default is "30"s.
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_proxy_url
+      type: text
+      title: Resource Proxy
+      description: This specifies proxy configuration in the form of `http[s]://<user>:<password>@<server name/ip>:<port>`.
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_retry_max_attempts
+      type: text
+      title: Resource Retry Max Attempts
+      description: The maximum number of retries for the HTTP client. Default is "5".
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_retry_wait_min
+      type: text
+      title: Resource Retry Wait Min
+      description: The minimum time to wait before a retry is attempted. Default is "1s".
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_retry_wait_max
+      type: text
+      title: Resource Retry Wait Max
+      description: The maximum time to wait before a retry is attempted. Default is "60s".
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_redirect_forward_headers
+      type: bool
+      title: Resource Redirect Forward Headers
+      description: When set to true resource headers are forwarded in case of a redirect. Default is "false".
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_redirect_headers_ban_list
+      type: text
+      title: Resource Redirect Headers Ban List
+      description: When Redirect Forward Headers is set to true, all headers except the ones defined in this list will be forwarded. All headers are forwarded by default.
+      show_user: false
+      multi: true
+      required: false
+    - name: resource_redirect_max_redirects
+      type: text
+      title: Resource Redirect Max Redirects
+      description: The maximum number of redirects to follow for a resource. Default is "10".
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_rate_limit_limit
+      type: text
+      title: Resource Rate Limit
+      description: The value of the response that specifies the total limit.
+      show_user: false
+      multi: false
+      required: false
+    - name: resource_rate_limit_burst
+      type: text
+      title: Resource Rate Limit Burst
+      description: The maximum burst size. Burst is the maximum number of resource requests that can be made above the overall rate limit.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_provider
+      type: text
+      title: OAuth2 Provider
+      description: Used to configure supported oAuth2 providers. Each supported provider will require specific settings. It is not set by default. Supported providers are "azure" and "google".
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_scopes
+      type: text
+      title: OAuth2 Scopes
+      description: A list of scopes that will be resourceed during the oAuth2 flow. It is optional for all providers.
+      show_user: false
+      multi: true
+      required: false
+    - name: oauth_google_credentials_file
+      type: text
+      title: OAuth2 Google Credentials File
+      description: The full path to the credentials file for Google.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_google_credentials_json
+      type: text
+      title: OAuth2 Google Credentials JSON
+      description: Your Google credentials information as raw JSON.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_google_jwt_file
+      type: text
+      title: OAuth2 Google JWT File
+      description: Full path to the JWT Account Key file for Google.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_google_jwt_json
+      type: text
+      title: OAuth2 Google JWT JSON
+      description: Your Google JWT information as raw JSON.
+      multi: false
+      required: false
+      show_user: false
+    - name: oauth_google_delegated_account
+      type: text
+      title: OAuth2 Google Delegated account
+      description: Email of the delegated account used to create the credentials (usually an admin).
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_azure_tenant_id
+      type: text
+      title: OAuth2 Azure Tenant ID
+      description: Optional setting used for authentication when using Azure provider. Since it is used in the process to generate the token_url, it can’t be used in combination with it.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_azure_resource
+      type: text
+      title: OAuth2 Azure Resource
+      description: Optional setting for the accessed WebAPI resource when using azure provider.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_okta_jwt_file
+      type: text
+      title: OAuth2 Okta JWT File
+      description: Full path to the JWT account private key file for Okta.
+      show_user: false
+      multi: false
+      required: false
+    - name: oauth_okta_jwt_json
+      type: text
+      title: OAuth2 Okta JWT JSON
+      description: Your Okta JWT private key as raw JSON.
+      multi: false
+      required: false
+      show_user: false
+    - name: oauth_okta_jwt_pem
+      type: text
+      title: OAuth2 Okta JWT PEM
+      description: Your Okta JWT private key encoded as a PEM block.
+      multi: false
+      required: false
+      show_user: false
+    - name: oauth_endpoint_params
+      type: yaml
+      title: OAuth2 Endpoint Params
+      description: Set of values that will be sent on each resource to the token_url. Each param key can have multiple values. Can be set for all providers except google.
+      show_user: false
+      multi: false
+      required: false
+    - name: processors
+      type: yaml
+      title: Processors
+      multi: false
+      required: false
+      show_user: false
+      description: >
+        Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+    - name: tags
+      type: text
+      title: Tags
+      multi: true
+      show_user: false
+      default:
+        - forwarded
+    - name: enable_request_tracer
+      type: bool
+      title: Enable request tracing
+      multi: false
+      required: false
+      show_user: false
+      description: >
+        The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.
\ No newline at end of file
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/cloudfoundry_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/cloudfoundry_manifest.yml.njk
index b8e85c57c52d1..4d6827967c3af 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/cloudfoundry_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/cloudfoundry_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: cloudfoundry
   template_path: cloudfoundry.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: api_address
       type: text
@@ -30,31 +32,36 @@
       title: Shard ID
       required: false
       show_user: false
-      description: Shard ID for the connection with Cloud Foundry. Use the same ID across multiple filebeat to shard the load of events. Default: "(generated UUID)".
+      description: |
+        Shard ID for the connection with Cloud Foundry. Use the same ID across multiple filebeat to shard the load of events. Default: "(generated UUID)".
     - name: version
       type: text
       title: Cloud Foundry API Version
       required: false
       show_user: false
-      description: Consumer API version to connect with Cloud Foundry to collect events. Use v1 to collect events using Doppler/Traffic Control. Use v2 to collect events from the RLP Gateway. Default: "v1".
+      description: |
+        Consumer API version to connect with Cloud Foundry to collect events. Use v1 to collect events using Doppler/Traffic Control. Use v2 to collect events from the RLP Gateway. Default: "v1".
     - name: doppler_address
       type: text
       title: Doppler Address
       required: false
       show_user: false
-      description: The URL of the Cloud Foundry Doppler Websocket. Optional. Default: "(value from ${api_address}/v2/info)".
+      description: |
+        The URL of the Cloud Foundry Doppler Websocket. Optional. Default: "(value from ${api_address}/v2/info)".
     - name: uaa_address
       type: text
       title: UAA Address
       required: false
       show_user: false
-      description: The URL of the Cloud Foundry UAA API. Optional. Default: "(value from ${api_address}/v2/info)".
+      description: |
+        The URL of the Cloud Foundry UAA API. Optional. Default: "(value from ${api_address}/v2/info)".
     - name: rlp_address
       type: text
       title: RLP Address
       required: false
       show_user: false
-      description: The URL of the Cloud Foundry RLP Gateway. Optional. Default: "(log-stream subdomain under the same domain as api_server)".
+      description: |
+        The URL of the Cloud Foundry RLP Gateway. Optional. Default: "(log-stream subdomain under the same domain as api_server)".
     - name: custom
       type: yaml
       title: Additional Log Configuration Options
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/data_stream.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/data_stream.yml.njk
index e90bdd91f69e4..0c716a463795f 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/data_stream.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/data_stream.yml.njk
@@ -1,4 +1,5 @@
-title: {{ title }}
+title: |
+  {{ title }}
 type: logs
 streams:{% for data_stream in data_streams %}
 {{ data_stream | indent(2, true) }}{% endfor %}
\ No newline at end of file
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/filestream_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/filestream_manifest.yml.njk
index 0884b55123850..f4e0781a76c27 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/filestream_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/filestream_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: filestream
   template_path: filestream.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: paths
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/gcp_pubsub_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/gcp_pubsub_manifest.yml.njk
index 920450fd7b911..f52390fd8ba89 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/gcp_pubsub_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/gcp_pubsub_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: gcp-pubsub
   template_path: gcp-pubsub.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: project_id
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/gcs_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/gcs_manifest.yml.njk
index 4beef9fc5f439..eeaea2f6da3aa 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/gcs_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/gcs_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: gcs
   template_path: gcs.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: project_id
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/http_endpoint_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/http_endpoint_manifest.yml.njk
index 1c75f6f337806..b62a582a1cfc9 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/http_endpoint_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/http_endpoint_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: http_endpoint
   template_path: http_endpoint.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: listen_address
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/journald_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/journald_manifest.yml.njk
index eef7588f18def..aaf09f77ae2e0 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/journald_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/journald_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: journald
   template_path: journald.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: include_matches
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/kafka_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/kafka_manifest.yml.njk
index 7374b34906c0c..a5e7f058c9471 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/kafka_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/kafka_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: kafka
   template_path: kafka.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: hosts
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/logfile_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/logfile_manifest.yml.njk
index 24de5572cf73d..844dd9db9cf60 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/logfile_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/logfile_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: logfile
   template_path: logfile.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: paths
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/package_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/package_manifest.yml.njk
index e4beecdd132ea..5d18001fb16a5 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/package_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/package_manifest.yml.njk
@@ -1,8 +1,10 @@
-format_version: {{ format_version }}
-name: {{ package_name }}
-title: {{ package_title }}
+format_version: "{{ format_version }}"
+name: "{{ package_name }}"
+title: |
+  {{ package_title }}
 version: {{ package_version }}
-description: {{ package_description }}
+description: |
+  {{ package_description }}
 type: integration
 categories:
   - security
@@ -12,17 +14,21 @@ conditions:
     version: {{ min_version }}
 icons:
   - src: /img/logo.svg
-    title: {{ package_name }} Logo
+    title: "{{ package_name }} Logo"
     size: 32x32
     type: image/svg+xml
 policy_templates:
   - name: {{ package_name }}
-    title: {{ package_title }}
-    description: {{ package_description}}
+    title: |
+      {{ package_title }}
+    description: |
+      {{ package_description}}
     inputs: {% for input in inputs %}
       - type: {{ input.type }}
-        title: {{ input.title }}
-        description: {{ input.description }} {% endfor %}
+        title: |
+          {{ input.title }}
+        description: |
+          {{ input.description }} {% endfor %}
 owner:
-  github: {{ package_owner }}
+  github: "{{ package_owner }}"
   type: elastic
\ No newline at end of file
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/ssl_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/ssl_manifest.yml.njk
index 0eb62ad2f5924..d64d241d3a9f8 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/ssl_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/ssl_manifest.yml.njk
@@ -36,21 +36,24 @@
     multi: true
     required: false
     show_user: false
-    description: The list of root certificates for verifications is required. If certificate_authorities is empty or not set, the system keystore is used. Example: /etc/pki/root/ca.pem
+    description: |
+      The list of root certificates for verifications is required. If certificate_authorities is empty or not set, the system keystore is used. Example: /etc/pki/root/ca.pem
   - name: ssl_certificate
     type: text
     title: SSL Certificate
     multi: false
     required: false
     show_user: false
-    description: Path to the SSL certificate file to be used. Example: /etc/pki/client/cert.pem
+    description: |
+      Path to the SSL certificate file to be used. Example: /etc/pki/client/cert.pem
   - name: ssl_certificate_key
     type: text
     title: SSL Certificate Key
     multi: false
     required: false
     show_user: false
-    description: Path to the SSL certificate key file to be used. Example: /etc/pki/client/cert.key
+    description: |
+      Path to the SSL certificate key file to be used. Example: /etc/pki/client/cert.key
   - name: ssl_certificate_key_passphrase
     type: text
     title: SSL Certificate Key Passphrase
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/tcp_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/tcp_manifest.yml.njk
index eb2b5d27d55c9..9cc75f6de3174 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/tcp_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/tcp_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: tcp
   template_path: tcp.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: listen_address
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/udp_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/udp_manifest.yml.njk
index 9955d2222b4ba..6093de977027d 100644
--- a/x-pack/plugins/integration_assistant/server/templates/manifest/udp_manifest.yml.njk
+++ b/x-pack/plugins/integration_assistant/server/templates/manifest/udp_manifest.yml.njk
@@ -1,7 +1,9 @@
 - input: udp
   template_path: udp.yml.hbs
-  title: {{ data_stream_title }}
-  description: {{ data_stream_description }}
+  title: |
+    {{ data_stream_title }}
+  description: |
+    {{ data_stream_description }}
   vars:
     - name: listen_address
       type: text
diff --git a/x-pack/plugins/integration_assistant/server/templates/package_readme.md.njk b/x-pack/plugins/integration_assistant/server/templates/package_readme.md.njk
new file mode 100644
index 0000000000000..02bf606ab386a
--- /dev/null
+++ b/x-pack/plugins/integration_assistant/server/templates/package_readme.md.njk
@@ -0,0 +1,38 @@
+# {{ package_name }} Integration
+
+## Overview
+
+Explain what the integration is, define the third-party product that is providing data, establish its relationship to the larger ecosystem of Elastic products, and help the reader understand how it can be used to solve a tangible problem.
+Check the [overview guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-overview) for more information.
+
+## Datastreams
+
+Provide a high-level overview of the kind of data that is collected by the integration. 
+Check the [datastreams guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-datastreams) for more information.
+
+## Requirements
+
+The requirements section helps readers to confirm that the integration will work with their systems.
+Check the [requirements guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-requirements) for more information.
+
+## Setup
+
+Point the reader to the [Observability Getting started guide](https://www.elastic.co/guide/en/observability/master/observability-get-started.html) for generic, step-by-step instructions. Include any additional setup instructions beyond what’s included in the guide, which may include instructions to update the configuration of a third-party service.
+Check the [setup guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-setup) for more information.
+
+## Troubleshooting (optional)
+
+Provide information about special cases and exceptions that aren’t necessary for getting started or won’t be applicable to all users. Check the [troubleshooting guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-troubleshooting) for more information.
+
+## Reference
+
+Provide detailed information about the log or metric types we support within the integration. Check the [reference guidelines](https://www.elastic.co/guide/en/integrations-developer/current/documentation-guidelines.html#idg-docs-guidelines-reference) for more information.
+
+## Logs
+{% for data_stream in data_streams %}
+### {{ data_stream.name }}
+
+Insert a description of the datastream here.
+
+{% raw %}{{fields {% endraw %}"{{ data_stream.name }}"{% raw %}}}{% endraw %}
+{% endfor %}
diff --git a/x-pack/plugins/integration_assistant/server/templates/readme.md.njk b/x-pack/plugins/integration_assistant/server/templates/readme.md.njk
deleted file mode 100644
index 74520da051b8b..0000000000000
--- a/x-pack/plugins/integration_assistant/server/templates/readme.md.njk
+++ /dev/null
@@ -1,24 +0,0 @@
-# {{ package_name }} Integration
-
-This integration is for ingesting data from [{{ package_name }}](https://example.com/).
-{% for data_stream in data_streams %}
-- `{{ data_stream.name }}`: {{ data_stream.description }}
-{% endfor %}
-See [Link to docs](https://example.com/docs) for more information.
-
-## Compatibility
-
-Insert compatibility information here. This could for example be which versions of the product it was tested with.
-
-## Setup
-
-Insert how to configure the vendor side of the integration here, for example how to configure the API, create a syslog remote destination etc.
-
-## Logs
-{% for data_stream in data_streams %}
-### {{ data_stream.name }}
-
-Insert a description of the data stream here.
-
-{% raw %}{{fields {% endraw %}"{{ data_stream.name }}"{% raw %}}}{% endraw %}
-{% endfor %}
diff --git a/x-pack/plugins/integration_assistant/tsconfig.json b/x-pack/plugins/integration_assistant/tsconfig.json
index 515611f12f166..ec7a7e094997d 100644
--- a/x-pack/plugins/integration_assistant/tsconfig.json
+++ b/x-pack/plugins/integration_assistant/tsconfig.json
@@ -5,6 +5,7 @@
   },
   "include": [
     "index.ts",
+    "public/**/*",
     "server/**/*.ts",
     "common/**/*.ts",
     "__jest__/**/*",
@@ -18,6 +19,22 @@
     "@kbn/core-elasticsearch-server",
     "@kbn/actions-plugin",
     "@kbn/data-plugin",
-    "@kbn/zod-helpers"
+    "@kbn/i18n-react",
+    "@kbn/shared-ux-page-kibana-template",
+    "@kbn/i18n",
+    "@kbn/core-http-browser",
+    "@kbn/elastic-assistant",
+    "@kbn/kibana-react-plugin",
+    "@kbn/code-editor",
+    "@kbn/monaco",
+    "@kbn/triggers-actions-ui-plugin",
+    "@kbn/shared-ux-router",
+    "@kbn/zod-helpers",
+    "@kbn/stack-connectors-plugin",
+    "@kbn/core-analytics-browser",
+    "@kbn/logging-mocks",
+    "@kbn/core-http-request-handler-context-server",
+    "@kbn/core-http-router-server-mocks",
+    "@kbn/core-http-server"
   ]
 }
diff --git a/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx b/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
index da083413ea92f..545a31032155a 100644
--- a/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
+++ b/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
@@ -913,7 +913,7 @@ export const LensTopNavMenu = ({
         ? async (fieldName?: string, _uiAction: 'edit' | 'add' = 'edit') => {
             if (currentIndexPattern?.id) {
               const indexPatternInstance = await data.dataViews.get(currentIndexPattern?.id);
-              closeFieldEditor.current = dataViewFieldEditor.openEditor({
+              closeFieldEditor.current = await dataViewFieldEditor.openEditor({
                 ctx: {
                   dataView: indexPatternInstance,
                 },
diff --git a/x-pack/plugins/lens/public/datasources/form_based/datapanel.tsx b/x-pack/plugins/lens/public/datasources/form_based/datapanel.tsx
index 5d7e928c95594..7271fb8e1a80b 100644
--- a/x-pack/plugins/lens/public/datasources/form_based/datapanel.tsx
+++ b/x-pack/plugins/lens/public/datasources/form_based/datapanel.tsx
@@ -307,7 +307,7 @@ export const InnerFormBasedDataPanel = function InnerFormBasedDataPanel({
       editPermission
         ? async (fieldName?: string, uiAction: 'edit' | 'add' = 'edit') => {
             const indexPatternInstance = await dataViews.get(currentIndexPattern?.id);
-            closeFieldEditor.current = indexPatternFieldEditor.openEditor({
+            closeFieldEditor.current = await indexPatternFieldEditor.openEditor({
               ctx: {
                 dataView: indexPatternInstance,
               },
diff --git a/x-pack/plugins/lens/public/plugin.ts b/x-pack/plugins/lens/public/plugin.ts
index cd48b0b33782e..ba615678c334e 100644
--- a/x-pack/plugins/lens/public/plugin.ts
+++ b/x-pack/plugins/lens/public/plugin.ts
@@ -46,6 +46,7 @@ import {
   ACTION_VISUALIZE_FIELD,
   VISUALIZE_FIELD_TRIGGER,
   VisualizeFieldContext,
+  ADD_PANEL_TRIGGER,
 } from '@kbn/ui-actions-plugin/public';
 import {
   VISUALIZE_EDITOR_TRIGGER,
@@ -648,7 +649,7 @@ export class LensPlugin {
 
     // Displays the add ESQL panel in the dashboard add Panel menu
     const createESQLPanelAction = new CreateESQLPanelAction(startDependencies, core);
-    startDependencies.uiActions.addTriggerAction('ADD_PANEL_TRIGGER', createESQLPanelAction);
+    startDependencies.uiActions.addTriggerAction(ADD_PANEL_TRIGGER, createESQLPanelAction);
 
     const discoverLocator = startDependencies.share?.url.locators.get('DISCOVER_APP_LOCATOR');
     if (discoverLocator) {
diff --git a/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx b/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx
index 07301f2394130..f1d58f9702fb4 100644
--- a/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx
+++ b/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx
@@ -9,6 +9,7 @@ import type { CoreStart } from '@kbn/core/public';
 import { Action, IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
+import { COMMON_VISUALIZATION_GROUPING } from '@kbn/visualizations-plugin/public';
 import type { LensPluginStartDependencies } from '../../plugin';
 
 const ACTION_CREATE_ESQL_CHART = 'ACTION_CREATE_ESQL_CHART';
@@ -20,6 +21,8 @@ export class CreateESQLPanelAction implements Action<EmbeddableApiContext> {
   public id = ACTION_CREATE_ESQL_CHART;
   public order = 50;
 
+  public grouping = COMMON_VISUALIZATION_GROUPING;
+
   constructor(
     protected readonly startDependencies: LensPluginStartDependencies,
     protected readonly core: CoreStart
diff --git a/x-pack/plugins/lens/public/vis_type_alias.ts b/x-pack/plugins/lens/public/vis_type_alias.ts
index e20b60a11c57a..90d1df663d3e4 100644
--- a/x-pack/plugins/lens/public/vis_type_alias.ts
+++ b/x-pack/plugins/lens/public/vis_type_alias.ts
@@ -27,6 +27,7 @@ export const getLensAliasConfig = (): VisTypeAlias => ({
   note: i18n.translate('xpack.lens.visTypeAlias.note', {
     defaultMessage: 'Recommended for most users.',
   }),
+  order: 60,
   icon: 'lensApp',
   stage: 'production',
   appExtensions: {
diff --git a/x-pack/plugins/license_management/__jest__/__snapshots__/upload_license.test.tsx.snap b/x-pack/plugins/license_management/__jest__/__snapshots__/upload_license.test.tsx.snap
index 8a845149b95e8..eb9f2e7265f47 100644
--- a/x-pack/plugins/license_management/__jest__/__snapshots__/upload_license.test.tsx.snap
+++ b/x-pack/plugins/license_management/__jest__/__snapshots__/upload_license.test.tsx.snap
@@ -37,33 +37,29 @@ exports[`UploadLicense should display a modal when license requires acknowledgem
         class="euiForm"
       >
         <div
-          class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+          class="euiFilePicker emotion-euiFilePicker-fullWidth"
         >
+          <input
+            aria-describedby="licenseFile-filePicker__prompt"
+            class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+            id="licenseFile"
+            type="file"
+          />
           <div
-            class="euiFilePicker__wrap"
+            class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+            id="licenseFile-filePicker__prompt"
           >
-            <input
-              aria-describedby="licenseFile-filePicker__prompt"
-              class="euiFilePicker__input"
-              id="licenseFile"
-              type="file"
+            <span
+              aria-hidden="true"
+              class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+              color="primary"
+              data-euiicon-type="importAction"
             />
-            <div
-              class="euiFilePicker__prompt"
-              id="licenseFile-filePicker__prompt"
+            <span
+              class="euiFilePicker__promptText"
             >
-              <span
-                aria-hidden="true"
-                class="euiFilePicker__icon"
-                color="primary"
-                data-euiicon-type="importAction"
-              />
-              <div
-                class="euiFilePicker__promptText"
-              >
-                Select or drag your license file
-              </div>
-            </div>
+              Select or drag your license file
+            </span>
           </div>
         </div>
         <div
@@ -180,33 +176,29 @@ exports[`UploadLicense should display an error when ES says license is expired 1
           </div>
         </div>
         <div
-          class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+          class="euiFilePicker emotion-euiFilePicker-fullWidth"
         >
+          <input
+            aria-describedby="licenseFile-filePicker__prompt"
+            class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+            id="licenseFile"
+            type="file"
+          />
           <div
-            class="euiFilePicker__wrap"
+            class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+            id="licenseFile-filePicker__prompt"
           >
-            <input
-              aria-describedby="licenseFile-filePicker__prompt"
-              class="euiFilePicker__input"
-              id="licenseFile"
-              type="file"
+            <span
+              aria-hidden="true"
+              class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+              color="primary"
+              data-euiicon-type="importAction"
             />
-            <div
-              class="euiFilePicker__prompt"
-              id="licenseFile-filePicker__prompt"
+            <span
+              class="euiFilePicker__promptText"
             >
-              <span
-                aria-hidden="true"
-                class="euiFilePicker__icon"
-                color="primary"
-                data-euiicon-type="importAction"
-              />
-              <div
-                class="euiFilePicker__promptText"
-              >
-                Select or drag your license file
-              </div>
-            </div>
+              Select or drag your license file
+            </span>
           </div>
         </div>
         <div
@@ -323,33 +315,29 @@ exports[`UploadLicense should display an error when ES says license is invalid 1
           </div>
         </div>
         <div
-          class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+          class="euiFilePicker emotion-euiFilePicker-fullWidth"
         >
+          <input
+            aria-describedby="licenseFile-filePicker__prompt"
+            class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+            id="licenseFile"
+            type="file"
+          />
           <div
-            class="euiFilePicker__wrap"
+            class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+            id="licenseFile-filePicker__prompt"
           >
-            <input
-              aria-describedby="licenseFile-filePicker__prompt"
-              class="euiFilePicker__input"
-              id="licenseFile"
-              type="file"
+            <span
+              aria-hidden="true"
+              class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+              color="primary"
+              data-euiicon-type="importAction"
             />
-            <div
-              class="euiFilePicker__prompt"
-              id="licenseFile-filePicker__prompt"
+            <span
+              class="euiFilePicker__promptText"
             >
-              <span
-                aria-hidden="true"
-                class="euiFilePicker__icon"
-                color="primary"
-                data-euiicon-type="importAction"
-              />
-              <div
-                class="euiFilePicker__promptText"
-              >
-                Select or drag your license file
-              </div>
-            </div>
+              Select or drag your license file
+            </span>
           </div>
         </div>
         <div
@@ -466,33 +454,29 @@ exports[`UploadLicense should display an error when submitting invalid JSON 1`]
           </div>
         </div>
         <div
-          class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+          class="euiFilePicker emotion-euiFilePicker-fullWidth"
         >
+          <input
+            aria-describedby="licenseFile-filePicker__prompt"
+            class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+            id="licenseFile"
+            type="file"
+          />
           <div
-            class="euiFilePicker__wrap"
+            class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+            id="licenseFile-filePicker__prompt"
           >
-            <input
-              aria-describedby="licenseFile-filePicker__prompt"
-              class="euiFilePicker__input"
-              id="licenseFile"
-              type="file"
+            <span
+              aria-hidden="true"
+              class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+              color="primary"
+              data-euiicon-type="importAction"
             />
-            <div
-              class="euiFilePicker__prompt"
-              id="licenseFile-filePicker__prompt"
+            <span
+              class="euiFilePicker__promptText"
             >
-              <span
-                aria-hidden="true"
-                class="euiFilePicker__icon"
-                color="primary"
-                data-euiicon-type="importAction"
-              />
-              <div
-                class="euiFilePicker__promptText"
-              >
-                Select or drag your license file
-              </div>
-            </div>
+              Select or drag your license file
+            </span>
           </div>
         </div>
         <div
@@ -609,33 +593,29 @@ exports[`UploadLicense should display error when ES returns error 1`] = `
           </div>
         </div>
         <div
-          class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+          class="euiFilePicker emotion-euiFilePicker-fullWidth"
         >
+          <input
+            aria-describedby="licenseFile-filePicker__prompt"
+            class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+            id="licenseFile"
+            type="file"
+          />
           <div
-            class="euiFilePicker__wrap"
+            class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+            id="licenseFile-filePicker__prompt"
           >
-            <input
-              aria-describedby="licenseFile-filePicker__prompt"
-              class="euiFilePicker__input"
-              id="licenseFile"
-              type="file"
+            <span
+              aria-hidden="true"
+              class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+              color="primary"
+              data-euiicon-type="importAction"
             />
-            <div
-              class="euiFilePicker__prompt"
-              id="licenseFile-filePicker__prompt"
+            <span
+              class="euiFilePicker__promptText"
             >
-              <span
-                aria-hidden="true"
-                class="euiFilePicker__icon"
-                color="primary"
-                data-euiicon-type="importAction"
-              />
-              <div
-                class="euiFilePicker__promptText"
-              >
-                Select or drag your license file
-              </div>
-            </div>
+              Select or drag your license file
+            </span>
           </div>
         </div>
         <div
diff --git a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts
index 46ac86a5c8aae..a41a78a6b8fed 100644
--- a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts
+++ b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts
@@ -61,7 +61,8 @@ export const transformElasticHitsToListItem = ({
         created_at,
         created_by,
         deserializer,
-        id: _id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: _id!,
         list_id,
         // meta can be null if deleted (empty in PUT payload), since update_by_query set deleted values as null
         // return it as undefined to keep it consistent with payload
diff --git a/x-pack/plugins/logstash/public/plugin.ts b/x-pack/plugins/logstash/public/plugin.ts
index dce6c41215d63..1b5067fdcecbb 100644
--- a/x-pack/plugins/logstash/public/plugin.ts
+++ b/x-pack/plugins/logstash/public/plugin.ts
@@ -34,18 +34,33 @@ export class LogstashPlugin implements Plugin<void, void, SetupDeps> {
       map((license) => new LogstashLicenseService(license))
     );
 
+    const pluginName = i18n.translate('xpack.logstash.managementSection.pipelinesTitle', {
+      defaultMessage: 'Logstash Pipelines',
+    });
+
     const managementApp = plugins.management.sections.section.ingest.registerApp({
       id: 'pipelines',
-      title: i18n.translate('xpack.logstash.managementSection.pipelinesTitle', {
-        defaultMessage: 'Logstash Pipelines',
-      }),
+      title: pluginName,
       order: 1,
       mount: async (params) => {
         const [coreStart] = await core.getStartServices();
         const { renderApp } = await import('./application');
         const isMonitoringEnabled = 'monitoring' in plugins;
 
-        return renderApp(coreStart, params, isMonitoringEnabled, logstashLicense$);
+        const { docTitle } = coreStart.chrome;
+        docTitle.change(pluginName);
+
+        const unmountAppCallback = await renderApp(
+          coreStart,
+          params,
+          isMonitoringEnabled,
+          logstashLicense$
+        );
+
+        return () => {
+          docTitle.reset();
+          unmountAppCallback();
+        };
       },
     });
 
diff --git a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
index 161acd3e5db73..76b2e17cb002e 100644
--- a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
@@ -19,12 +19,7 @@ import { Adapters } from '@kbn/inspector-plugin/common/adapters';
 import { SortDirection, SortDirectionNumeric } from '@kbn/data-plugin/common';
 import { getTileUrlParams } from '@kbn/maps-vector-tile-utils';
 import { AbstractESSource } from '../es_source';
-import {
-  getHttp,
-  getSearchService,
-  getSecurityService,
-  getTimeFilter,
-} from '../../../kibana_services';
+import { getCore, getHttp, getSearchService, getTimeFilter } from '../../../kibana_services';
 import {
   addFieldToDSL,
   getField,
@@ -532,7 +527,7 @@ export class ESSearchSource extends AbstractESSource implements IMvtVectorSource
     if (!(await this._isDrawingIndex())) {
       return {};
     }
-    const user = await getSecurityService()?.authc.getCurrentUser();
+    const user = await getCore().security.authc.getCurrentUser();
     const timestamp = new Date().toISOString();
     return {
       created: {
diff --git a/x-pack/plugins/maps/public/classes/styles/vector/components/symbol/__snapshots__/custom_icon_modal.test.tsx.snap b/x-pack/plugins/maps/public/classes/styles/vector/components/symbol/__snapshots__/custom_icon_modal.test.tsx.snap
index 7f380b8d15c72..16293d2db5057 100644
--- a/x-pack/plugins/maps/public/classes/styles/vector/components/symbol/__snapshots__/custom_icon_modal.test.tsx.snap
+++ b/x-pack/plugins/maps/public/classes/styles/vector/components/symbol/__snapshots__/custom_icon_modal.test.tsx.snap
@@ -35,11 +35,9 @@ exports[`should render a custom icon modal with an existing icon 1`] = `
           isInvalid={false}
           labelType="label"
         >
-          <EuiFilePicker
+          <EuiFilePickerClass
             accept=".svg"
             className="mapsImageUpload"
-            compressed={false}
-            display="large"
             initialPromptText="Select or drag and drop an SVG icon"
             isInvalid={false}
             onChange={[Function]}
@@ -254,11 +252,9 @@ exports[`should render an empty custom icon modal 1`] = `
           isInvalid={false}
           labelType="label"
         >
-          <EuiFilePicker
+          <EuiFilePickerClass
             accept=".svg"
             className="mapsImageUpload"
-            compressed={false}
-            display="large"
             initialPromptText="Select or drag and drop an SVG icon"
             isInvalid={false}
             onChange={[Function]}
diff --git a/x-pack/plugins/maps/public/kibana_services.ts b/x-pack/plugins/maps/public/kibana_services.ts
index e7dfeb2e08957..9c11f56a7f5c7 100644
--- a/x-pack/plugins/maps/public/kibana_services.ts
+++ b/x-pack/plugins/maps/public/kibana_services.ts
@@ -90,7 +90,6 @@ export const getUrlForApp = () => coreStart.application.getUrlForApp;
 export const getNavigateToUrl = () => coreStart.application.navigateToUrl;
 export const getSavedObjectsTagging = () => pluginsStart.savedObjectsTagging;
 export const getPresentationUtilContext = () => pluginsStart.presentationUtil.ContextProvider;
-export const getSecurityService = () => pluginsStart.security;
 export const getSpacesApi = () => pluginsStart.spaces;
 export const getTheme = () => coreStart.theme;
 export const getApplication = () => coreStart.application;
diff --git a/x-pack/plugins/maps/public/maps_vis_type_alias.ts b/x-pack/plugins/maps/public/maps_vis_type_alias.ts
index 48a96a2d0f988..dc7c8cc8dc7bd 100644
--- a/x-pack/plugins/maps/public/maps_vis_type_alias.ts
+++ b/x-pack/plugins/maps/public/maps_vis_type_alias.ts
@@ -33,6 +33,7 @@ export function getMapsVisTypeAlias() {
     description: appDescription,
     icon: APP_ICON,
     stage: 'production' as VisualizationStage,
+    order: 40,
     appExtensions: {
       visualizations: {
         docTypes: [MAP_SAVED_OBJECT_TYPE],
diff --git a/x-pack/plugins/maps/public/plugin.ts b/x-pack/plugins/maps/public/plugin.ts
index 42d40cc64e64a..169731af566fe 100644
--- a/x-pack/plugins/maps/public/plugin.ts
+++ b/x-pack/plugins/maps/public/plugin.ts
@@ -36,7 +36,6 @@ import type { FileUploadPluginStart } from '@kbn/file-upload-plugin/public';
 import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
 import type { SavedObjectTaggingPluginStart } from '@kbn/saved-objects-tagging-plugin/public';
 import type { ChartsPluginStart } from '@kbn/charts-plugin/public';
-import type { SecurityPluginStart } from '@kbn/security-plugin/public';
 import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
 import type { CloudSetup } from '@kbn/cloud-plugin/public';
 import type { LensPublicSetup } from '@kbn/lens-plugin/public';
@@ -123,7 +122,6 @@ export interface MapsPluginStartDependencies {
   visualizations: VisualizationsStart;
   savedObjectsTagging?: SavedObjectTaggingPluginStart;
   presentationUtil: PresentationUtilPluginStart;
-  security?: SecurityPluginStart;
   spaces?: SpacesPluginStart;
   mapsEms: MapsEmsPluginPublicStart;
   contentManagement: ContentManagementPublicStart;
diff --git a/x-pack/plugins/ml/common/constants/app.ts b/x-pack/plugins/ml/common/constants/app.ts
index d74e1cb30c761..dd41353184fd4 100644
--- a/x-pack/plugins/ml/common/constants/app.ts
+++ b/x-pack/plugins/ml/common/constants/app.ts
@@ -11,7 +11,7 @@ export const PLUGIN_ID = 'ml';
 export const PLUGIN_ICON = 'machineLearningApp';
 export const PLUGIN_ICON_SOLUTION = 'logoKibana';
 export const ML_APP_NAME = i18n.translate('xpack.ml.navMenu.mlAppNameText', {
-  defaultMessage: 'Machine Learning',
+  defaultMessage: 'Machine Learning and Analytics',
 });
 export const ML_APP_ROUTE = '/app/ml';
 export const ML_INTERNAL_BASE_PATH = '/internal/ml';
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
index 685c03e726c23..720b89a1b011b 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
@@ -76,7 +76,7 @@ export const AdvancedStepDetails: FC<{
           defaultMessage: 'Compute feature influence',
         }
       ),
-      description: computeFeatureInfluence,
+      description: computeFeatureInfluence.toString(),
     });
 
     advancedSecondCol.push({
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
index 6e93775486ed7..24577dd0dcc04 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
@@ -292,11 +292,11 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
                 ),
               },
             ]}
-            value={computeFeatureInfluence}
+            value={computeFeatureInfluence ? 'true' : 'false'}
             hasNoInitialSelection={false}
             onChange={(e) => {
               setFormState({
-                computeFeatureInfluence: e.target.value,
+                computeFeatureInfluence: e.target.value === 'true' ? true : false,
               });
             }}
           />
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
index 83a8f4ef518d9..e590f4cb7fd88 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
@@ -156,10 +156,10 @@ export const OutlierHyperParameters: FC<Props> = ({ actions, state, advancedPara
                 ),
               },
             ]}
-            value={standardizationEnabled}
+            value={standardizationEnabled ? 'true' : 'false'}
             hasNoInitialSelection={true}
             onChange={(e) => {
-              setFormState({ standardizationEnabled: e.target.value });
+              setFormState({ standardizationEnabled: e.target.value === 'true' ? true : false });
             }}
           />
         </EuiFormRow>
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/create_analytics_advanced_editor.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/create_analytics_advanced_editor.tsx
index 1a0c0f5dab368..cdc93fbeb4feb 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/create_analytics_advanced_editor.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/create_analytics_advanced_editor.tsx
@@ -11,15 +11,19 @@ import { debounce } from 'lodash';
 import { EuiCallOut, EuiFieldText, EuiForm, EuiFormRow, EuiSpacer } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
-import { CodeEditor } from '@kbn/code-editor';
 import { extractErrorMessage } from '@kbn/ml-error-utils';
 
+import { dynamic } from '@kbn/shared-ux-utility';
 import { useNotifications } from '../../../../../contexts/kibana';
 import { ml } from '../../../../../services/ml_api_service';
 import type { CreateAnalyticsFormProps } from '../../../analytics_management/hooks/use_create_analytics_form';
 import { CreateStep } from '../create_step';
 import { ANALYTICS_STEPS } from '../../page';
 
+const EditorComponent = dynamic(async () => ({
+  default: (await import('./editor_component')).EditorComponent,
+}));
+
 export const CreateAnalyticsAdvancedEditor: FC<CreateAnalyticsFormProps> = (props) => {
   const { actions, state } = props;
   const { setAdvancedEditorRawString, setFormState } = actions;
@@ -141,37 +145,10 @@ export const CreateAnalyticsAdvancedEditor: FC<CreateAnalyticsFormProps> = (prop
         style={{ maxWidth: '100%' }}
       >
         <div data-test-subj={'mlAnalyticsCreateJobWizardAdvancedEditorCodeEditor'}>
-          <CodeEditor
-            languageId={'json'}
-            height={500}
-            languageConfiguration={{
-              autoClosingPairs: [
-                {
-                  open: '{',
-                  close: '}',
-                },
-              ],
-            }}
+          <EditorComponent
             value={advancedEditorRawString}
             onChange={onChange}
-            options={{
-              ariaLabel: i18n.translate(
-                'xpack.ml.dataframe.analytics.create.advancedEditor.codeEditorAriaLabel',
-                {
-                  defaultMessage: 'Advanced analytics job editor',
-                }
-              ),
-              automaticLayout: true,
-              readOnly: isJobCreated,
-              fontSize: 12,
-              scrollBeyondLastLine: false,
-              quickSuggestions: true,
-              minimap: {
-                enabled: false,
-              },
-              wordWrap: 'on',
-              wrappingIndent: 'indent',
-            }}
+            readOnly={isJobCreated}
           />
         </div>
       </EuiFormRow>
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/editor_component.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/editor_component.tsx
new file mode 100644
index 0000000000000..8e81ed2373e33
--- /dev/null
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/create_analytics_advanced_editor/editor_component.tsx
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CodeEditor } from '@kbn/code-editor';
+import { i18n } from '@kbn/i18n';
+import dfaJsonSchema from '@kbn/json-schemas/src/put___ml_data_frame_analytics__id__schema.json';
+import { monaco } from '@kbn/monaco';
+import type { FC } from 'react';
+import React from 'react';
+
+export const EditorComponent: FC<{
+  value: string;
+  onChange: (update: string) => void;
+  readOnly: boolean;
+}> = ({ value, onChange, readOnly }) => {
+  return (
+    <CodeEditor
+      languageId={'json'}
+      height={500}
+      languageConfiguration={{
+        autoClosingPairs: [
+          {
+            open: '{',
+            close: '}',
+          },
+        ],
+      }}
+      value={value}
+      onChange={onChange}
+      options={{
+        ariaLabel: i18n.translate(
+          'xpack.ml.dataframe.analytics.create.advancedEditor.codeEditorAriaLabel',
+          {
+            defaultMessage: 'Advanced analytics job editor',
+          }
+        ),
+        automaticLayout: true,
+        readOnly,
+        fontSize: 12,
+        scrollBeyondLastLine: false,
+        quickSuggestions: true,
+        minimap: {
+          enabled: false,
+        },
+        wordWrap: 'on',
+        wrappingIndent: 'indent',
+      }}
+      editorDidMount={(editor: monaco.editor.IStandaloneCodeEditor) => {
+        const editorModelUri: string = editor.getModel()?.uri.toString()!;
+        monaco.languages.json.jsonDefaults.setDiagnosticsOptions({
+          validate: true,
+          enableSchemaRequest: false,
+          schemaValidation: 'error',
+          schemas: [
+            ...(monaco.languages.json.jsonDefaults.diagnosticsOptions.schemas ?? []),
+            {
+              uri: editorModelUri,
+              fileMatch: [editorModelUri],
+              schema: dfaJsonSchema,
+            },
+          ],
+        });
+      }}
+    />
+  );
+};
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
index c8ccf01cdae27..0157509867009 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
@@ -51,7 +51,7 @@ export interface State {
   disableSwitchToForm: boolean;
   form: {
     alpha: undefined | number;
-    computeFeatureInfluence: string;
+    computeFeatureInfluence: boolean;
     createDataView: boolean;
     classAssignmentObjective: undefined | string;
     dependentVariable: DependentVariable;
@@ -111,7 +111,7 @@ export interface State {
     sourceIndexNameValid: boolean;
     sourceIndexContainsNumericalFields: boolean;
     sourceIndexFieldsCheckFailed: boolean;
-    standardizationEnabled: undefined | string;
+    standardizationEnabled: undefined | boolean;
     timeFieldName: undefined | string;
     trainingPercent: number;
     useEstimatedMml: boolean;
@@ -137,7 +137,7 @@ export const getInitialState = (): State => ({
   disableSwitchToForm: false,
   form: {
     alpha: undefined,
-    computeFeatureInfluence: 'true',
+    computeFeatureInfluence: true,
     createDataView: true,
     classAssignmentObjective: undefined,
     dependentVariable: '',
@@ -197,7 +197,7 @@ export const getInitialState = (): State => ({
     sourceIndexNameValid: false,
     sourceIndexContainsNumericalFields: true,
     sourceIndexFieldsCheckFailed: false,
-    standardizationEnabled: 'true',
+    standardizationEnabled: true,
     timeFieldName: undefined,
     trainingPercent: 80,
     useEstimatedMml: true,
diff --git a/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/common/json_editor_flyout/json_editor_flyout.tsx b/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/common/json_editor_flyout/json_editor_flyout.tsx
index c9b50746da865..028cbc0e54f2a 100644
--- a/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/common/json_editor_flyout/json_editor_flyout.tsx
+++ b/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/common/json_editor_flyout/json_editor_flyout.tsx
@@ -9,7 +9,6 @@ import type { FC } from 'react';
 import React, { Fragment, useState, useContext, useEffect, useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { memoize } from 'lodash';
 import {
   EuiFlyout,
   EuiFlyoutFooter,
@@ -23,7 +22,6 @@ import {
   EuiCallOut,
 } from '@elastic/eui';
 import { XJson } from '@kbn/es-ui-shared-plugin/public';
-import { useMlApiContext } from '../../../../../../contexts/kibana';
 import type {
   CombinedJob,
   Datafeed,
@@ -49,23 +47,12 @@ interface Props {
   datafeedEditorMode: EDITOR_MODE;
 }
 
-const fetchSchemas = memoize(
-  async (jsonSchemaApi, path: string, method: string) =>
-    jsonSchemaApi.getSchemaDefinition({
-      path,
-      method,
-    }),
-  (jsonSchemaApi, path, method) => path + method
-);
-
 export const JsonEditorFlyout: FC<Props> = ({ isDisabled, jobEditorMode, datafeedEditorMode }) => {
   const { jobCreator, jobCreatorUpdate, jobCreatorUpdated } = useContext(JobCreatorContext);
   const { displayErrorToast } = useToastNotificationService();
   const [showJsonFlyout, setShowJsonFlyout] = useState(false);
   const [showChangedIndicesWarning, setShowChangedIndicesWarning] = useState(false);
 
-  const { jsonSchema: jsonSchemaApi } = useMlApiContext();
-
   const [jobConfigString, setJobConfigString] = useState(jobCreator.formattedJobJson);
   const [datafeedConfigString, setDatafeedConfigString] = useState(
     jobCreator.formattedDatafeedJson
@@ -98,28 +85,18 @@ export const JsonEditorFlyout: FC<Props> = ({ isDisabled, jobEditorMode, datafee
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [showJsonFlyout]);
 
-  useEffect(
-    function fetchSchemasOnMount() {
-      fetchSchemas(jsonSchemaApi, '/_ml/anomaly_detectors/{job_id}', 'put')
-        .then((result) => {
-          setJobSchema(result);
-        })
-        .catch((e) => {
-          // eslint-disable-next-line no-console
-          console.error(e);
-        });
+  useEffect(function fetchSchemasOnMount() {
+    // async import json schema
+    import('@kbn/json-schemas/src/put___ml_anomaly_detectors__job_id__schema.json').then(
+      (result) => {
+        setJobSchema(result);
+      }
+    );
 
-      fetchSchemas(jsonSchemaApi, '/_ml/datafeeds/{datafeed_id}', 'put')
-        .then((result) => {
-          setDatafeedSchema(result);
-        })
-        .catch((e) => {
-          // eslint-disable-next-line no-console
-          console.error(e);
-        });
-    },
-    [jsonSchemaApi]
-  );
+    import('@kbn/json-schemas/src/put___ml_datafeeds__datafeed_id__schema.json').then((result) => {
+      setDatafeedSchema(result);
+    });
+  }, []);
 
   const editJsonMode =
     jobEditorMode === EDITOR_MODE.EDITABLE || datafeedEditorMode === EDITOR_MODE.EDITABLE;
diff --git a/x-pack/plugins/ml/public/application/management/index.ts b/x-pack/plugins/ml/public/application/management/index.ts
index 7f8030f4e7ddb..93bc7da351907 100644
--- a/x-pack/plugins/ml/public/application/management/index.ts
+++ b/x-pack/plugins/ml/public/application/management/index.ts
@@ -21,15 +21,27 @@ export function registerManagementSection(
   isServerless: boolean,
   mlFeatures: MlFeatures
 ) {
+  const appName = i18n.translate('xpack.ml.management.jobsListTitle', {
+    defaultMessage: 'Machine Learning',
+  });
+
   return management.sections.section.insightsAndAlerting.registerApp({
     id: 'jobsListLink',
-    title: i18n.translate('xpack.ml.management.jobsListTitle', {
-      defaultMessage: 'Machine Learning',
-    }),
+    title: appName,
     order: 4,
     async mount(params: ManagementAppMountParams) {
+      const [{ chrome }] = await core.getStartServices();
+      const { docTitle } = chrome;
+
+      docTitle.change(appName);
+
       const { mountApp } = await import('./jobs_list');
-      return mountApp(core, params, deps, isServerless, mlFeatures);
+      const unmountAppCallback = await mountApp(core, params, deps, isServerless, mlFeatures);
+
+      return () => {
+        docTitle.reset();
+        unmountAppCallback();
+      };
     },
   });
 }
diff --git a/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx b/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx
index cb2f64c69050b..0cfb482fda7f7 100644
--- a/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx
+++ b/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx
@@ -397,6 +397,7 @@ export const NotificationsList: FC = () => {
 
       <EuiBasicTable<NotificationItem>
         columns={columns}
+        rowHeader="timestamp"
         items={itemsPerPage}
         itemId={'id'}
         loading={isLoading}
diff --git a/x-pack/plugins/ml/public/application/settings/calendars/edit/import_modal/__snapshots__/import_modal.test.js.snap b/x-pack/plugins/ml/public/application/settings/calendars/edit/import_modal/__snapshots__/import_modal.test.js.snap
index 6b56afba3ebe2..747e801a278a7 100644
--- a/x-pack/plugins/ml/public/application/settings/calendars/edit/import_modal/__snapshots__/import_modal.test.js.snap
+++ b/x-pack/plugins/ml/public/application/settings/calendars/edit/import_modal/__snapshots__/import_modal.test.js.snap
@@ -40,10 +40,9 @@ exports[`ImportModal Renders import modal 1`] = `
         <EuiFlexItem
           grow={false}
         >
-          <EuiFilePicker
+          <EuiFilePickerClass
             compressed={true}
             disabled={false}
-            display="large"
             initialPromptText="Select or drag and drop a file"
             onChange={[Function]}
           />
diff --git a/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx b/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx
index c4b88bdd43306..28b7b413827a5 100644
--- a/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx
+++ b/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx
@@ -41,6 +41,10 @@ export function createAddAnomalyChartsPanelAction(
         getIconType: () => PLUGIN_ICON,
       },
     ],
+    order: 30,
+    getIconType(): string {
+      return 'visLine';
+    },
     getDisplayName: () =>
       i18n.translate('xpack.ml.components.mlAnomalyExplorerEmbeddable.displayName', {
         defaultMessage: 'Anomaly chart',
diff --git a/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx b/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx
index 55b3bdf44663b..3b1e06f62538a 100644
--- a/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx
+++ b/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx
@@ -42,6 +42,8 @@ export function createAddSingleMetricViewerPanelAction(
         getIconType: () => PLUGIN_ICON,
       },
     ],
+    order: 20,
+    getIconType: () => 'visLine',
     getDisplayName: () =>
       i18n.translate('xpack.ml.components.singleMetricViewerEmbeddable.displayName', {
         defaultMessage: 'Single metric viewer',
diff --git a/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx b/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx
index 388b32148847f..b0f47eb4e1dc7 100644
--- a/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx
+++ b/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import React from 'react';
 import { i18n } from '@kbn/i18n';
 import type { PresentationContainer } from '@kbn/presentation-containers';
 import type { EmbeddableApiContext } from '@kbn/presentation-publishing';
@@ -41,6 +42,28 @@ export function createAddSwimlanePanelAction(
         getIconType: () => PLUGIN_ICON,
       },
     ],
+    order: 40,
+    // @ts-expect-error getIconType is typed as string, but EuiIcon accepts ReactComponent for custom icons.
+    // See https://github.com/elastic/kibana/issues/184643
+    getIconType: () => (iconProps) =>
+      (
+        <svg
+          width="16"
+          height="16"
+          viewBox="0 0 16 16"
+          xmlns="http://www.w3.org/2000/svg"
+          {...iconProps}
+        >
+          <path
+            d="M1 5V1H5V5H1ZM4 4V2H2V4H4ZM6 5V1H10V5H6ZM9 4V2H7V4H9ZM11 5V1H15V5H11ZM12 4H14V2H12V4ZM1 10V6H5V10H1ZM4 9V7H2V9H4ZM6 10V6H10V10H6ZM9 9V7H7V9H9ZM11 10V6H15V10H11ZM14 9V7H12V9H14ZM1 15V11H5V15H1ZM2 14H4V12H2V14ZM6 15V11H10V15H6ZM7 14H9V12H7V14ZM11 15V11H15V15H11ZM12 14H14V12H12V14Z"
+            fill="currentColor"
+          />
+          <rect width="4" height="4" transform="translate(6 1)" fill="currentColor" />
+          <rect width="4" height="4" transform="translate(11 6)" fill="currentColor" />
+          <rect width="4" height="4" transform="translate(6 6)" fill="currentColor" />
+          <rect width="4" height="4" transform="translate(1 11)" fill="currentColor" />
+        </svg>
+      ),
     getDisplayName: () =>
       i18n.translate('xpack.ml.components.jobAnomalyScoreEmbeddable.displayName', {
         defaultMessage: 'Anomaly swim lane',
diff --git a/x-pack/plugins/ml/public/ui_actions/index.ts b/x-pack/plugins/ml/public/ui_actions/index.ts
index 66dd1f0f06f34..1b650d331d007 100644
--- a/x-pack/plugins/ml/public/ui_actions/index.ts
+++ b/x-pack/plugins/ml/public/ui_actions/index.ts
@@ -8,7 +8,7 @@
 import type { CoreSetup } from '@kbn/core/public';
 import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public';
 import { CREATE_PATTERN_ANALYSIS_TO_ML_AD_JOB_TRIGGER } from '@kbn/ml-ui-actions';
-import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public';
+import { type UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import type { MlPluginStart, MlStartDependencies } from '../plugin';
 import { createApplyEntityFieldFiltersAction } from './apply_entity_filters_action';
 import { createApplyInfluencerFiltersAction } from './apply_influencer_filters_action';
@@ -67,9 +67,9 @@ export function registerMlUiActions(
   uiActions.registerAction(addAnomalyChartsPanelAction);
 
   // Assign triggers
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addSingleMetricViewerPanelAction);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addSwimlanePanelAction);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addAnomalyChartsPanelAction);
+  uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addSingleMetricViewerPanelAction);
+  uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addSwimlanePanelAction);
+  uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAnomalyChartsPanelAction);
 
   uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, openInExplorerAction);
   uiActions.attachAction(CONTEXT_MENU_TRIGGER, openInSingleMetricViewerAction.id);
diff --git a/x-pack/plugins/ml/scripts/apidoc_scripts/apidoc_config/apidoc.json b/x-pack/plugins/ml/scripts/apidoc_scripts/apidoc_config/apidoc.json
index c1dde5fda0507..f262a3c6029a7 100644
--- a/x-pack/plugins/ml/scripts/apidoc_scripts/apidoc_config/apidoc.json
+++ b/x-pack/plugins/ml/scripts/apidoc_scripts/apidoc_config/apidoc.json
@@ -193,9 +193,6 @@
 
     "ModelManagement",
     "GetModelManagementNodesOverview",
-    "GetModelManagementMemoryUsage",
-
-    "JsonSchema",
-    "GetJsonSchema"
+    "GetModelManagementMemoryUsage"
   ]
 }
diff --git a/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts b/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts
index 6afb7dc38e88b..b311a637eb2d7 100644
--- a/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts
+++ b/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts
@@ -288,6 +288,7 @@ export function registerJobsMonitoringRuleType({
             id: alertName,
             actionGroup: ANOMALY_DETECTION_JOB_REALTIME_ISSUE,
             context,
+            // @ts-expect-error type mismatch
             payload,
           });
         });
@@ -301,6 +302,7 @@ export function registerJobsMonitoringRuleType({
           alertsClient.setAlertData({
             id: recoveredAlertId,
             context: testResult.context,
+            // @ts-expect-error type mismatch
             payload: testResult.payload,
           });
         }
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.test.ts b/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.test.ts
deleted file mode 100644
index c9c66ee5a554b..0000000000000
--- a/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.test.ts
+++ /dev/null
@@ -1,612 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { JsonSchemaService } from './json_schema_service';
-
-describe.skip('JsonSchemaService', function () {
-  test('extract schema definition and applies overrides', async () => {
-    const service = new JsonSchemaService();
-
-    const result = await service.extractSchema('/_ml/anomaly_detectors/{job_id}', 'put');
-
-    expect(result).toEqual({
-      additionalProperties: false,
-      properties: {
-        allow_lazy_open: {
-          description:
-            'Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. By default, if a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide `xpack.ml.max_lazy_ml_nodes` setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.',
-          type: 'boolean',
-        },
-        analysis_config: {
-          additionalProperties: false,
-          description:
-            'Specifies how to analyze the data. After you create a job, you cannot change the analysis configuration; all the properties are informational.',
-          properties: {
-            bucket_span: {
-              description:
-                'The size of the interval that the analysis is aggregated into, typically between `5m` and `1h`. This value should be either a whole number of days or equate to a\nwhole number of buckets in one day. If the anomaly detection job uses a datafeed with aggregations, this value must also be divisible by the interval of the date histogram aggregation.\n* @server_default 5m',
-              type: 'string',
-            },
-            categorization_analyzer: {
-              anyOf: [
-                {
-                  type: 'string',
-                },
-                {
-                  additionalProperties: false,
-                  properties: {
-                    char_filter: {
-                      description:
-                        'One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of `categorization_filters` (which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters.',
-                      items: {
-                        anyOf: [
-                          {
-                            type: 'string',
-                          },
-                          {
-                            anyOf: [{}, {}, {}, {}, {}],
-                          },
-                        ],
-                      },
-                      type: 'array',
-                    },
-                    filter: {
-                      description:
-                        'One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization.',
-                      items: {
-                        anyOf: [
-                          {
-                            type: 'string',
-                          },
-                          {
-                            anyOf: [
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                              {},
-                            ],
-                          },
-                        ],
-                      },
-                      type: 'array',
-                    },
-                    tokenizer: {
-                      anyOf: [
-                        {
-                          type: 'string',
-                        },
-                        {
-                          anyOf: [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}],
-                        },
-                      ],
-                      description:
-                        'The name or definition of the tokenizer to use after character filters are applied. This property is compulsory if `categorization_analyzer` is specified as an object. Machine learning provides a tokenizer called `ml_standard` that tokenizes in a way that has been determined to produce good categorization results on a variety of log file formats for logs in English. If you want to use that tokenizer but change the character or token filters, specify "tokenizer": "ml_standard" in your `categorization_analyzer`. Additionally, the `ml_classic` tokenizer is available, which tokenizes in the same way as the non-customizable tokenizer in old versions of the product (before 6.2). `ml_classic` was the default categorization tokenizer in versions 6.2 to 7.13, so if you need categorization identical to the default for jobs created in these versions, specify "tokenizer": "ml_classic" in your `categorization_analyzer`.',
-                    },
-                  },
-                  type: 'object',
-                },
-              ],
-              description:
-                'If `categorization_field_name` is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time as `categorization_filters`. The categorization analyzer specifies how the `categorization_field` is interpreted by the categorization process. The `categorization_analyzer` field can be specified either as a string or as an object. If it is a string, it must refer to a built-in analyzer or one added by another plugin.',
-            },
-            categorization_field_name: {
-              description:
-                'If this property is specified, the values of the specified field will be categorized. The resulting categories must be used in a detector by setting `by_field_name`, `over_field_name`, or `partition_field_name` to the keyword `mlcategory`.',
-              type: 'string',
-            },
-            categorization_filters: {
-              description:
-                'If `categorization_field_name` is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as `categorization_analyzer`. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the `categorization_analyzer` property instead and include the filters as pattern_replace character filters. The effect is exactly the same.',
-              items: {
-                type: 'string',
-              },
-              type: 'array',
-            },
-            detectors: {
-              description:
-                'Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.',
-              items: {
-                additionalProperties: false,
-                properties: {
-                  by_field_name: {
-                    description:
-                      'The field used to split the data. In particular, this property is used for analyzing the splits with respect to their own history. It is used for finding unusual values in the context of the split.',
-                    type: 'string',
-                  },
-                  custom_rules: {
-                    description:
-                      'Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.',
-                    items: {
-                      additionalProperties: false,
-                      properties: {
-                        actions: {
-                          description:
-                            'The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.',
-                          items: {
-                            enum: ['skip_result', 'skip_model_update'],
-                            type: 'string',
-                          },
-                          type: 'array',
-                        },
-                        conditions: {
-                          description:
-                            'An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.',
-                          items: {
-                            additionalProperties: false,
-                            properties: {
-                              applies_to: {
-                                description:
-                                  'Specifies the result property to which the condition applies. If your detector uses `lat_long`, `metric`, `rare`, or `freq_rare` functions, you can only specify conditions that apply to time.',
-                                enum: ['actual', 'typical', 'diff_from_typical', 'time'],
-                                type: 'string',
-                              },
-                              operator: {
-                                description:
-                                  'Specifies the condition operator. The available options are greater than, greater than or equals, less than, and less than or equals.',
-                                enum: ['gt', 'gte', 'lt', 'lte'],
-                                type: 'string',
-                              },
-                              value: {
-                                description:
-                                  'The value that is compared against the `applies_to` field using the operator.',
-                                type: 'number',
-                              },
-                            },
-                            required: ['applies_to', 'operator', 'value'],
-                            type: 'object',
-                          },
-                          type: 'array',
-                        },
-                        scope: {
-                          additionalProperties: {
-                            additionalProperties: false,
-                            properties: {
-                              filter_id: {
-                                description: 'The identifier for the filter.',
-                                type: 'string',
-                              },
-                              filter_type: {
-                                description:
-                                  'If set to `include`, the rule applies for values in the filter. If set to `exclude`, the rule applies for values not in the filter.',
-                                enum: ['include', 'exclude'],
-                                type: 'string',
-                              },
-                            },
-                            required: ['filter_id'],
-                            type: 'object',
-                          },
-                          description:
-                            'A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in `by_field_name`, `over_field_name`, or `partition_field_name`.',
-                          type: 'object',
-                        },
-                      },
-                      type: 'object',
-                    },
-                    type: 'array',
-                  },
-                  detector_description: {
-                    description: 'A description of the detector.',
-                    type: 'string',
-                  },
-                  detector_index: {
-                    description:
-                      'A unique identifier for the detector. This identifier is based on the order of the detectors in the `analysis_config`, starting at zero. If you specify a value for this property, it is ignored.',
-                    type: 'number',
-                  },
-                  exclude_frequent: {
-                    description:
-                      'If set, frequent entities are excluded from influencing the anomaly results. Entities can be considered frequent over time or frequent in a population. If you are working with both over and by fields, you can set `exclude_frequent` to `all` for both fields, or to `by` or `over` for those specific fields.',
-                    enum: ['all', 'none', 'by', 'over'],
-                    type: 'string',
-                  },
-                  field_name: {
-                    description:
-                      'The field that the detector uses in the function. If you use an event rate function such as count or rare, do not specify this field. The `field_name` cannot contain double quotes or backslashes.',
-                    type: 'string',
-                  },
-                  function: {
-                    description:
-                      'The analysis function that is used. For example, `count`, `rare`, `mean`, `min`, `max`, or `sum`.',
-                    type: 'string',
-                  },
-                  over_field_name: {
-                    description:
-                      'The field used to split the data. In particular, this property is used for analyzing the splits with respect to the history of all splits. It is used for finding unusual values in the population of all splits.',
-                    type: 'string',
-                  },
-                  partition_field_name: {
-                    description:
-                      'The field used to segment the analysis. When you use this property, you have completely independent baselines for each value of this field.',
-                    type: 'string',
-                  },
-                  use_null: {
-                    description:
-                      'Defines whether a new series is used as the null series when there is no value for the by or partition fields.',
-                    type: 'boolean',
-                  },
-                },
-                required: ['function'],
-                type: 'object',
-              },
-              type: 'array',
-            },
-            influencers: {
-              description:
-                'A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.',
-              items: {
-                type: 'string',
-              },
-              type: 'array',
-            },
-            latency: {
-              anyOf: [
-                {
-                  type: 'string',
-                },
-                {
-                  type: 'number',
-                },
-              ],
-              description:
-                'The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is applicable only when you send data by using the post data API.',
-            },
-            model_prune_window: {
-              anyOf: [
-                {
-                  type: 'string',
-                },
-                {
-                  type: 'number',
-                },
-              ],
-              description:
-                'Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of the `bucket_span`. If set too low, important information may be removed from the model. For jobs created in 8.1 and later, the default value is the greater of `30d` or 20 times `bucket_span`.',
-            },
-            multivariate_by_fields: {
-              description:
-                'This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to `true`, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the `multivariate_by_fields` property, you must also specify `by_field_name` in your detector.',
-              type: 'boolean',
-            },
-            per_partition_categorization: {
-              additionalProperties: false,
-              description:
-                'Settings related to how categorization interacts with partition fields.',
-              properties: {
-                enabled: {
-                  description:
-                    'To enable this setting, you must also set the `partition_field_name` property to the same value in every detector that uses the keyword `mlcategory`. Otherwise, job creation fails.',
-                  type: 'boolean',
-                },
-                stop_on_warn: {
-                  description:
-                    'This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.',
-                  type: 'boolean',
-                },
-              },
-              type: 'object',
-            },
-            summary_count_field_name: {
-              description:
-                'If this property is specified, the data that is fed to the job is expected to be pre-summarized. This property value is the name of the field that contains the count of raw data points that have been summarized. The same `summary_count_field_name` applies to all detectors in the job. NOTE: The `summary_count_field_name` property cannot be used with the `metric` function.',
-              type: 'string',
-            },
-          },
-          required: ['bucket_span', 'detectors'],
-          type: 'object',
-        },
-        analysis_limits: {
-          additionalProperties: false,
-          description:
-            'Limits can be applied for the resources required to hold the mathematical models in memory. These limits are approximate and can be set per job. They do not control the memory used by other processes, for example the Elasticsearch Java processes.',
-          properties: {
-            categorization_examples_limit: {
-              description:
-                'The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The `categorization_examples_limit` applies only to analysis that uses categorization.',
-              type: 'number',
-            },
-            model_memory_limit: {
-              description:
-                'The approximate maximum amount of memory resources that are required for analytical processing. Once this limit is approached, data pruning becomes more aggressive. Upon exceeding this limit, new entities are not modeled. If the `xpack.ml.max_model_memory_limit` setting has a value greater than 0 and less than 1024mb, that value is used instead of the default. The default value is relatively small to ensure that high resource usage is a conscious decision. If you have jobs that are expected to analyze high cardinality fields, you will likely need to use a higher value. If you specify a number instead of a string, the units are assumed to be MiB. Specifying a string is recommended for clarity. If you specify a byte size unit of `b` or `kb` and the number does not equate to a discrete number of megabytes, it is rounded down to the closest MiB. The minimum valid value is 1 MiB. If you specify a value less than 1 MiB, an error occurs. If you specify a value for the `xpack.ml.max_model_memory_limit` setting, an error occurs when you try to create jobs that have `model_memory_limit` values greater than that setting value.',
-              type: 'string',
-            },
-          },
-          type: 'object',
-        },
-        background_persist_interval: {
-          anyOf: [
-            {
-              type: 'string',
-            },
-            {
-              type: 'number',
-            },
-          ],
-          description:
-            'Advanced configuration option. The time between each periodic persistence of the model. The default value is a randomized value between 3 to 4 hours, which avoids all jobs persisting at exactly the same time. The smallest allowed value is 1 hour. For very large models (several GB), persistence could take 10-20 minutes, so do not set the `background_persist_interval` value too low.',
-        },
-        custom_settings: {
-          description: 'Advanced configuration option. Contains custom meta data about the job.',
-        },
-        daily_model_snapshot_retention_after_days: {
-          description:
-            'Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to `model_snapshot_retention_days`.',
-          type: 'number',
-        },
-        data_description: {
-          additionalProperties: false,
-          description:
-            'Defines the format of the input data when you send data to the job by using the post data API. Note that when configure a datafeed, these properties are automatically set. When data is received via the post data API, it is not stored in Elasticsearch. Only the results for anomaly detection are retained.',
-          properties: {
-            field_delimiter: {
-              type: 'string',
-            },
-            format: {
-              description: 'Only JSON format is supported at this time.',
-              type: 'string',
-            },
-            time_field: {
-              description: 'The name of the field that contains the timestamp.',
-              type: 'string',
-            },
-            time_format: {
-              description:
-                "The time format, which can be `epoch`, `epoch_ms`, or a custom pattern. The value `epoch` refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value `epoch_ms` indicates that time is measured in milliseconds since the epoch. The `epoch` and `epoch_ms` time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: `yyyy-MM-dd'T'HH:mm:ssX`. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.",
-              type: 'string',
-            },
-          },
-          type: 'object',
-        },
-        datafeed_config: {
-          additionalProperties: false,
-          description:
-            'Defines a datafeed for the anomaly detection job. If Elasticsearch security features are enabled, your datafeed remembers which roles the user who created it had at the time of creation and runs the query using those same roles. If you provide secondary authorization headers, those credentials are used instead.',
-          properties: {
-            aggregations: {
-              additionalProperties: {},
-              description:
-                'If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.',
-              type: 'object',
-            },
-            aggs: {
-              additionalProperties: {},
-              description:
-                'If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.',
-              type: 'object',
-            },
-            chunking_config: {
-              additionalProperties: false,
-              description:
-                'Datafeeds might be required to search over long time periods, for several months or years. This search is split into time chunks in order to ensure the load on Elasticsearch is managed. Chunking configuration controls how the size of these time chunks are calculated and is an advanced configuration option.',
-              properties: {
-                mode: {
-                  description:
-                    'If the mode is `auto`, the chunk size is dynamically calculated;\nthis is the recommended value when the datafeed does not use aggregations.\nIf the mode is `manual`, chunking is applied according to the specified `time_span`;\nuse this mode when the datafeed uses aggregations. If the mode is `off`, no chunking is applied.',
-                  enum: ['auto', 'manual', 'off'],
-                  type: 'string',
-                },
-                time_span: {
-                  anyOf: [
-                    {
-                      type: 'string',
-                    },
-                    {
-                      type: 'number',
-                    },
-                  ],
-                  description:
-                    'The time span that each search will be querying. This setting is applicable only when the `mode` is set to `manual`.',
-                },
-              },
-              required: ['mode'],
-              type: 'object',
-            },
-            datafeed_id: {
-              description:
-                'A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters. The default value is the job identifier.',
-              type: 'string',
-            },
-            delayed_data_check_config: {
-              additionalProperties: false,
-              description:
-                'Specifies whether the datafeed checks for missing data and the size of the window. The datafeed can optionally search over indices that have already been read in an effort to determine whether any data has subsequently been added to the index. If missing data is found, it is a good indication that the `query_delay` option is set too low and the data is being indexed after the datafeed has passed that moment in time. This check runs only on real-time datafeeds.',
-              properties: {
-                check_window: {
-                  anyOf: [
-                    {
-                      type: 'string',
-                    },
-                    {
-                      type: 'number',
-                    },
-                  ],
-                  description:
-                    'The window of time that is searched for late data. This window of time ends with the latest finalized bucket.\nIt defaults to null, which causes an appropriate `check_window` to be calculated when the real-time datafeed runs.\nIn particular, the default `check_window` span calculation is based on the maximum of `2h` or `8 * bucket_span`.',
-                },
-                enabled: {
-                  description:
-                    'Specifies whether the datafeed periodically checks for delayed data.',
-                  type: 'boolean',
-                },
-              },
-              required: ['enabled'],
-              type: 'object',
-            },
-            frequency: {
-              description:
-                'The interval at which scheduled queries are made while the datafeed runs in real time. The default value is either the bucket span for short bucket spans, or, for longer bucket spans, a sensible fraction of the bucket span. For example: `150s`. When `frequency` is shorter than the bucket span, interim results for the last (partial) bucket are written then eventually overwritten by the full bucket results. If the datafeed uses aggregations, this value must be divisible by the interval of the date histogram aggregation.',
-              type: 'string',
-            },
-            indexes: {
-              items: {
-                type: 'string',
-              },
-              type: 'array',
-            },
-            indices: {
-              description:
-                'An array of index names. Wildcards are supported. If any indices are in remote clusters, the machine learning nodes must have the `remote_cluster_client` role.',
-              items: {
-                type: 'string',
-              },
-              type: 'array',
-            },
-            indices_options: {
-              description: 'Specifies index expansion options that are used during search.',
-            },
-            job_id: {
-              type: 'string',
-            },
-            max_empty_searches: {
-              description:
-                'If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after `frequency` times `max_empty_searches` of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.',
-              type: 'number',
-            },
-            query: {
-              description:
-                'The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch.',
-            },
-            query_delay: {
-              description:
-                'The number of seconds behind real time that data is queried. For example, if data from 10:04 a.m. might not be searchable in Elasticsearch until 10:06 a.m., set this property to 120 seconds. The default value is randomly selected between `60s` and `120s`. This randomness improves the query performance when there are multiple jobs running on the same node.',
-              type: 'string',
-            },
-            runtime_mappings: {
-              additionalProperties: {
-                anyOf: [
-                  {},
-                  {
-                    items: {},
-                    type: 'array',
-                  },
-                ],
-              },
-              description: 'Specifies runtime fields for the datafeed search.',
-              type: 'object',
-            },
-            script_fields: {
-              additionalProperties: {},
-              description:
-                'Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.',
-              type: 'object',
-            },
-            scroll_size: {
-              description:
-                'The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of `index.max_result_window`, which is 10,000 by default.',
-              type: 'number',
-            },
-          },
-          required: ['indices', 'query'],
-          type: 'object',
-        },
-        description: {
-          description: 'A description of the job.',
-          type: 'string',
-        },
-        groups: {
-          description: 'A list of job groups. A job can belong to no groups or many.',
-          items: {
-            type: 'string',
-          },
-          type: 'array',
-        },
-        job_id: {
-          description: 'Identifier for the anomaly detection job.',
-          type: 'string',
-        },
-        model_plot_config: {
-          additionalProperties: false,
-          description:
-            'This advanced configuration option stores model information along with the results. It provides a more detailed view into anomaly detection. If you enable model plot it can add considerable overhead to the performance of the system; it is not feasible for jobs with many entities. Model plot provides a simplified and indicative view of the model and its bounds. It does not display complex features such as multivariate correlations or multimodal data. As such, anomalies may occasionally be reported which cannot be seen in the model plot. Model plot config can be configured when the job is created or updated later. It must be disabled if performance issues are experienced.',
-          properties: {
-            annotations_enabled: {
-              description:
-                'If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.',
-              type: 'boolean',
-            },
-            enabled: {
-              description:
-                'If true, enables calculation and storage of the model bounds for each entity that is being analyzed.',
-              type: 'boolean',
-            },
-            terms: {
-              description:
-                'Limits data collection to this comma separated list of partition or by field values. If terms are not specified or it is an empty string, no filtering is applied. Wildcards are not supported. Only the specified terms can be viewed when using the Single Metric Viewer.',
-              type: 'string',
-            },
-          },
-          type: 'object',
-        },
-        model_snapshot_retention_days: {
-          description:
-            'Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. By default, snapshots ten days older than the newest snapshot are deleted.',
-          type: 'number',
-        },
-        renormalization_window_days: {
-          description:
-            'Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket spans.',
-          type: 'number',
-        },
-        results_index_name: {
-          description:
-            'A text string that affects the name of the machine learning results index. By default, the job generates an index named `.ml-anomalies-shared`.',
-          type: 'string',
-        },
-        results_retention_days: {
-          description:
-            'Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.',
-          type: 'number',
-        },
-      },
-      required: ['analysis_config', 'data_description'],
-      type: 'object',
-    });
-  });
-});
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.ts b/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.ts
deleted file mode 100644
index 86cfd6a0ff7d2..0000000000000
--- a/x-pack/plugins/ml/server/models/json_schema_service/json_schema_service.ts
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import Fs from 'fs';
-import Path from 'path';
-import { type SupportedPath } from '../../../common/api_schemas/json_schema_schema';
-import { jsonSchemaOverrides } from './schema_overrides';
-import { type PropertyDefinition } from './types';
-
-const supportedEndpoints = [
-  {
-    path: '/_ml/anomaly_detectors/{job_id}' as const,
-    method: 'put',
-  },
-  {
-    path: '/_ml/datafeeds/{datafeed_id}' as const,
-    method: 'put',
-  },
-];
-
-/**
- *
- */
-export class JsonSchemaService {
-  /**
-   * Dictionary with the schema components
-   * @private
-   */
-  private _schemaComponents: Record<string, PropertyDefinition> = {};
-
-  private _requiredComponents: Set<string> = new Set<string>();
-
-  /**
-   * Extracts properties definition
-   * @private
-   */
-  private extractProperties(propertyDef: PropertyDefinition): void {
-    for (const key in propertyDef) {
-      if (propertyDef.hasOwnProperty(key)) {
-        const propValue = propertyDef[key as keyof PropertyDefinition]!;
-
-        if (key === '$ref') {
-          const comp = (propValue as string).split('/');
-          const refKey = comp[comp.length - 1];
-
-          delete propertyDef.$ref;
-
-          // FIXME there is an issue with the maximum call stack size exceeded
-          if (!refKey.startsWith('Ml_Types_')) return;
-
-          const schemaComponent = this._schemaComponents[refKey];
-
-          this._requiredComponents.add(refKey);
-
-          Object.assign(propertyDef, schemaComponent);
-
-          this.extractProperties(propertyDef);
-        }
-
-        if (Array.isArray(propValue)) {
-          propValue.forEach((v) => {
-            if (typeof v === 'object') {
-              this.extractProperties(v);
-            }
-          });
-        } else if (typeof propValue === 'object') {
-          this.extractProperties(propValue as PropertyDefinition);
-        }
-      }
-    }
-  }
-
-  private applyOverrides(path: SupportedPath, schema: PropertyDefinition): PropertyDefinition {
-    const overrides = jsonSchemaOverrides[path];
-    return {
-      ...schema,
-      ...overrides,
-      properties: {
-        ...schema.properties,
-        ...overrides.properties,
-      },
-    };
-  }
-
-  /**
-   * Extracts resolved schema definition for requested path and method
-   * @param path
-   * @param method
-   */
-  public async extractSchema(path: SupportedPath, method: string, schema?: object) {
-    const fileContent =
-      schema ?? JSON.parse(Fs.readFileSync(Path.resolve(__dirname, 'openapi.json'), 'utf8'));
-
-    const definition = fileContent.paths[path][method];
-
-    if (!definition) {
-      throw new Error('Schema definition is not defined');
-    }
-
-    const bodySchema = definition.requestBody.content['application/json'].schema;
-
-    this._schemaComponents = fileContent.components.schemas;
-
-    this.extractProperties(bodySchema);
-
-    return this.applyOverrides(path, bodySchema);
-  }
-
-  /**
-   * Generates openapi file, removing redundant content.
-   * Only used internally via a node command to generate the file.
-   */
-  public async generateSchemaFile() {
-    const schema = JSON.parse(
-      Fs.readFileSync(Path.resolve(__dirname, 'openapi_source.json'), 'utf8')
-    );
-
-    await Promise.all(
-      supportedEndpoints.map(async (e) => {
-        // need to extract schema in order to keep required components
-        await this.extractSchema(e.path, e.method, schema);
-      })
-    );
-
-    for (const pathName in schema.paths) {
-      if (!schema.paths.hasOwnProperty(pathName)) continue;
-
-      const supportedEndpoint = supportedEndpoints.find((v) => v.path === pathName);
-      if (supportedEndpoint) {
-        for (const methodName in schema.paths[pathName]) {
-          if (methodName !== supportedEndpoint.method) {
-            delete schema.paths[pathName][methodName];
-          }
-        }
-      } else {
-        delete schema.paths[pathName];
-      }
-    }
-
-    const components = schema.components.schemas;
-    for (const componentName in components) {
-      if (!this._requiredComponents.has(componentName)) {
-        delete components[componentName];
-      }
-    }
-
-    Fs.writeFileSync(Path.resolve(__dirname, 'openapi.json'), JSON.stringify(schema, null, 2));
-  }
-}
diff --git a/x-pack/plugins/ml/server/models/json_schema_service/openapi.json b/x-pack/plugins/ml/server/models/json_schema_service/openapi.json
deleted file mode 100644
index 202e641e9494f..0000000000000
--- a/x-pack/plugins/ml/server/models/json_schema_service/openapi.json
+++ /dev/null
@@ -1,1235 +0,0 @@
-{
-  "openapi": "3.0.3",
-  "info": {
-    "title": "Elasticsearch specification",
-    "version": "8.3.0"
-  },
-  "paths": {
-    "/_ml/datafeeds/{datafeed_id}": {
-      "put": {
-        "operationId": "ml.put_datafeed",
-        "description": "Instantiates a datafeed.\nDatafeeds retrieve data from Elasticsearch for analysis by an anomaly detection job.\nYou can associate only one datafeed with each anomaly detection job.\nThe datafeed contains a query that runs at a defined interval (`frequency`).\nIf you are concerned about delayed data, you can add a delay (`query_delay') at each interval.\nWhen Elasticsearch security features are enabled, your datafeed remembers which roles the user who created it had\nat the time of creation and runs the query using those same roles. If you provide secondary authorization headers,\nthose credentials are used instead.\nYou must use Kibana, this API, or the create anomaly detection jobs API to create a datafeed. Do not add a datafeed\ndirectly to the `.ml-config` index. Do not give users `write` privileges on the `.ml-config` index.",
-        "parameters": [
-          {
-            "name": "datafeed_id",
-            "in": "path",
-            "required": true,
-            "schema": {
-              "type": "string"
-            },
-            "description": "A numerical character string that uniquely identifies the datafeed.\nThis identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores.\nIt must start and end with alphanumeric characters."
-          },
-          {
-            "name": "allow_no_indices",
-            "in": "query",
-            "schema": {
-              "type": "boolean"
-            },
-            "description": "If true, wildcard indices expressions that resolve into no concrete indices are ignored. This includes the `_all`\nstring or when no indices are specified."
-          },
-          {
-            "name": "expand_wildcards",
-            "in": "query",
-            "schema": {
-              "anyOf": [
-                {
-                  "type": "string",
-                  "enum": [
-                    "all",
-                    "open",
-                    "closed",
-                    "hidden",
-                    "none"
-                  ]
-                },
-                {
-                  "type": "array",
-                  "items": {
-                    "type": "string",
-                    "enum": [
-                      "all",
-                      "open",
-                      "closed",
-                      "hidden",
-                      "none"
-                    ]
-                  }
-                }
-              ]
-            },
-            "description": "Type of index that wildcard patterns can match. If the request can target data streams, this argument determines\nwhether wildcard expressions match hidden data streams. Supports comma-separated values."
-          },
-          {
-            "name": "ignore_throttled",
-            "in": "query",
-            "schema": {
-              "type": "boolean"
-            },
-            "description": "If true, concrete, expanded, or aliased indices are ignored when frozen."
-          },
-          {
-            "name": "ignore_unavailable",
-            "in": "query",
-            "schema": {
-              "type": "boolean"
-            },
-            "description": "If true, unavailable indices (missing or closed) are ignored."
-          }
-        ],
-        "tags": [
-          "ml"
-        ],
-        "requestBody": {
-          "required": true,
-          "content": {
-            "application/json": {
-              "schema": {
-                "type": "object",
-                "properties": {
-                  "aggregations": {
-                    "type": "object",
-                    "additionalProperties": {
-                      "$ref": "#/components/schemas/Types_Aggregations_AggregationContainer"
-                    },
-                    "description": "If set, the datafeed performs aggregation searches.\nSupport for aggregations is limited and should be used only with low cardinality data."
-                  },
-                  "chunking_config": {
-                    "$ref": "#/components/schemas/Ml_Types_ChunkingConfig",
-                    "description": "Datafeeds might be required to search over long time periods, for several months or years.\nThis search is split into time chunks in order to ensure the load on Elasticsearch is managed.\nChunking configuration controls how the size of these time chunks are calculated;\nit is an advanced configuration option."
-                  },
-                  "delayed_data_check_config": {
-                    "$ref": "#/components/schemas/Ml_Types_DelayedDataCheckConfig",
-                    "description": "Specifies whether the datafeed checks for missing data and the size of the window.\nThe datafeed can optionally search over indices that have already been read in an effort to determine whether\nany data has subsequently been added to the index. If missing data is found, it is a good indication that the\n`query_delay` is set too low and the data is being indexed after the datafeed has passed that moment in time.\nThis check runs only on real-time datafeeds."
-                  },
-                  "frequency": {
-                    "anyOf": [
-                      {
-                        "type": "string"
-                      },
-                      {
-                        "type": "number"
-                      }
-                    ],
-                    "description": "The interval at which scheduled queries are made while the datafeed runs in real time.\nThe default value is either the bucket span for short bucket spans, or, for longer bucket spans, a sensible\nfraction of the bucket span. When `frequency` is shorter than the bucket span, interim results for the last\n(partial) bucket are written then eventually overwritten by the full bucket results. If the datafeed uses\naggregations, this value must be divisible by the interval of the date histogram aggregation."
-                  },
-                  "indices": {
-                    "anyOf": [
-                      {
-                        "type": "string"
-                      },
-                      {
-                        "type": "array",
-                        "items": {
-                          "type": "string"
-                        }
-                      }
-                    ],
-                    "description": "An array of index names. Wildcards are supported. If any of the indices are in remote clusters, the machine\nlearning nodes must have the `remote_cluster_client` role."
-                  },
-                  "indexes": {
-                    "anyOf": [
-                      {
-                        "type": "string"
-                      },
-                      {
-                        "type": "array",
-                        "items": {
-                          "type": "string"
-                        }
-                      }
-                    ],
-                    "description": "An array of index names. Wildcards are supported. If any of the indices are in remote clusters, the machine\nlearning nodes must have the `remote_cluster_client` role."
-                  },
-                  "indices_options": {
-                    "$ref": "#/components/schemas/Types_IndicesOptions",
-                    "description": "Specifies index expansion options that are used during search"
-                  },
-                  "job_id": {
-                    "type": "string",
-                    "description": "Identifier for the anomaly detection job."
-                  },
-                  "max_empty_searches": {
-                    "type": "number",
-                    "description": "If a real-time datafeed has never seen any data (including during any initial training period), it automatically\nstops and closes the associated job after this many real-time searches return no documents. In other words,\nit stops after `frequency` times `max_empty_searches` of real-time operation. If not set, a datafeed with no\nend time that sees no data remains started until it is explicitly stopped. By default, it is not set."
-                  },
-                  "query": {
-                    "$ref": "#/components/schemas/Types_QueryDsl_QueryContainer",
-                    "description": "The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an\nElasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this\nobject is passed verbatim to Elasticsearch."
-                  },
-                  "query_delay": {
-                    "anyOf": [
-                      {
-                        "type": "string"
-                      },
-                      {
-                        "type": "number"
-                      }
-                    ],
-                    "description": "The number of seconds behind real time that data is queried. For example, if data from 10:04 a.m. might\nnot be searchable in Elasticsearch until 10:06 a.m., set this property to 120 seconds. The default\nvalue is randomly selected between `60s` and `120s`. This randomness improves the query performance\nwhen there are multiple jobs running on the same node."
-                  },
-                  "runtime_mappings": {
-                    "type": "object",
-                    "additionalProperties": {
-                      "anyOf": [
-                        {
-                          "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                        },
-                        {
-                          "type": "array",
-                          "items": {
-                            "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                          }
-                        }
-                      ]
-                    },
-                    "description": "Specifies runtime fields for the datafeed search."
-                  },
-                  "script_fields": {
-                    "type": "object",
-                    "additionalProperties": {
-                      "$ref": "#/components/schemas/Types_ScriptField"
-                    },
-                    "description": "Specifies scripts that evaluate custom expressions and returns script fields to the datafeed.\nThe detector configuration objects in a job can contain functions that use these script fields."
-                  },
-                  "scroll_size": {
-                    "type": "number",
-                    "description": "The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations.\nThe maximum value is the value of `index.max_result_window`, which is 10,000 by default."
-                  },
-                  "headers": {
-                    "type": "object",
-                    "additionalProperties": {
-                      "anyOf": [
-                        {
-                          "type": "string"
-                        },
-                        {
-                          "type": "array",
-                          "items": {
-                            "type": "string"
-                          }
-                        }
-                      ]
-                    }
-                  }
-                },
-                "additionalProperties": false
-              }
-            }
-          }
-        },
-        "responses": {
-          "200": {
-            "description": "",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "type": "object",
-                  "properties": {
-                    "aggregations": {
-                      "type": "object",
-                      "additionalProperties": {
-                        "$ref": "#/components/schemas/Types_Aggregations_AggregationContainer"
-                      }
-                    },
-                    "chunking_config": {
-                      "$ref": "#/components/schemas/Ml_Types_ChunkingConfig"
-                    },
-                    "delayed_data_check_config": {
-                      "$ref": "#/components/schemas/Ml_Types_DelayedDataCheckConfig"
-                    },
-                    "datafeed_id": {
-                      "type": "string"
-                    },
-                    "frequency": {
-                      "anyOf": [
-                        {
-                          "type": "string"
-                        },
-                        {
-                          "type": "number"
-                        }
-                      ]
-                    },
-                    "indices": {
-                      "type": "array",
-                      "items": {
-                        "type": "string"
-                      }
-                    },
-                    "job_id": {
-                      "type": "string"
-                    },
-                    "indices_options": {
-                      "$ref": "#/components/schemas/Types_IndicesOptions"
-                    },
-                    "max_empty_searches": {
-                      "type": "number"
-                    },
-                    "query": {
-                      "$ref": "#/components/schemas/Types_QueryDsl_QueryContainer"
-                    },
-                    "query_delay": {
-                      "anyOf": [
-                        {
-                          "type": "string"
-                        },
-                        {
-                          "type": "number"
-                        }
-                      ]
-                    },
-                    "runtime_mappings": {
-                      "type": "object",
-                      "additionalProperties": {
-                        "anyOf": [
-                          {
-                            "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                          },
-                          {
-                            "type": "array",
-                            "items": {
-                              "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                            }
-                          }
-                        ]
-                      }
-                    },
-                    "script_fields": {
-                      "type": "object",
-                      "additionalProperties": {
-                        "$ref": "#/components/schemas/Types_ScriptField"
-                      }
-                    },
-                    "scroll_size": {
-                      "type": "number"
-                    }
-                  },
-                  "additionalProperties": false,
-                  "required": [
-                    "aggregations",
-                    "chunking_config",
-                    "datafeed_id",
-                    "frequency",
-                    "indices",
-                    "job_id",
-                    "max_empty_searches",
-                    "query",
-                    "query_delay",
-                    "scroll_size"
-                  ]
-                }
-              }
-            }
-          }
-        }
-      }
-    },
-    "/_ml/anomaly_detectors/{job_id}": {
-      "put": {
-        "operationId": "ml.put_job",
-        "description": "Instantiates an anomaly detection job. If you include a `datafeed_config`, you must have read index privileges on the source index.",
-        "parameters": [
-          {
-            "name": "job_id",
-            "in": "path",
-            "required": true,
-            "schema": {
-              "type": "string"
-            },
-            "description": "The identifier for the anomaly detection job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters."
-          }
-        ],
-        "tags": [
-          "ml"
-        ],
-        "requestBody": {
-          "required": true,
-          "content": {
-            "application/json": {
-              "schema": {
-                "type": "object",
-                "properties": {
-                  "allow_lazy_open": {
-                    "type": "boolean",
-                    "description": "Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. By default, if a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide `xpack.ml.max_lazy_ml_nodes` setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available."
-                  },
-                  "analysis_config": {
-                    "$ref": "#/components/schemas/Ml_Types_AnalysisConfig",
-                    "description": "Specifies how to analyze the data. After you create a job, you cannot change the analysis configuration; all the properties are informational."
-                  },
-                  "analysis_limits": {
-                    "$ref": "#/components/schemas/Ml_Types_AnalysisLimits",
-                    "description": "Limits can be applied for the resources required to hold the mathematical models in memory. These limits are approximate and can be set per job. They do not control the memory used by other processes, for example the Elasticsearch Java processes."
-                  },
-                  "background_persist_interval": {
-                    "anyOf": [
-                      {
-                        "type": "string"
-                      },
-                      {
-                        "type": "number"
-                      }
-                    ],
-                    "description": "Advanced configuration option. The time between each periodic persistence of the model. The default value is a randomized value between 3 to 4 hours, which avoids all jobs persisting at exactly the same time. The smallest allowed value is 1 hour. For very large models (several GB), persistence could take 10-20 minutes, so do not set the `background_persist_interval` value too low."
-                  },
-                  "custom_settings": {
-                    "description": "Advanced configuration option. Contains custom meta data about the job."
-                  },
-                  "daily_model_snapshot_retention_after_days": {
-                    "type": "number",
-                    "description": "Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to `model_snapshot_retention_days`."
-                  },
-                  "data_description": {
-                    "$ref": "#/components/schemas/Ml_Types_DataDescription",
-                    "description": "Defines the format of the input data when you send data to the job by using the post data API. Note that when configure a datafeed, these properties are automatically set. When data is received via the post data API, it is not stored in Elasticsearch. Only the results for anomaly detection are retained."
-                  },
-                  "datafeed_config": {
-                    "$ref": "#/components/schemas/Ml_Types_DatafeedConfig",
-                    "description": "Defines a datafeed for the anomaly detection job. If Elasticsearch security features are enabled, your datafeed remembers which roles the user who created it had at the time of creation and runs the query using those same roles. If you provide secondary authorization headers, those credentials are used instead."
-                  },
-                  "description": {
-                    "type": "string",
-                    "description": "A description of the job."
-                  },
-                  "groups": {
-                    "type": "array",
-                    "items": {
-                      "type": "string"
-                    },
-                    "description": "A list of job groups. A job can belong to no groups or many."
-                  },
-                  "model_plot_config": {
-                    "$ref": "#/components/schemas/Ml_Types_ModelPlotConfig",
-                    "description": "This advanced configuration option stores model information along with the results. It provides a more detailed view into anomaly detection. If you enable model plot it can add considerable overhead to the performance of the system; it is not feasible for jobs with many entities. Model plot provides a simplified and indicative view of the model and its bounds. It does not display complex features such as multivariate correlations or multimodal data. As such, anomalies may occasionally be reported which cannot be seen in the model plot. Model plot config can be configured when the job is created or updated later. It must be disabled if performance issues are experienced."
-                  },
-                  "model_snapshot_retention_days": {
-                    "type": "number",
-                    "description": "Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. By default, snapshots ten days older than the newest snapshot are deleted."
-                  },
-                  "renormalization_window_days": {
-                    "type": "number",
-                    "description": "Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket spans."
-                  },
-                  "results_index_name": {
-                    "type": "string",
-                    "description": "A text string that affects the name of the machine learning results index. By default, the job generates an index named `.ml-anomalies-shared`."
-                  },
-                  "results_retention_days": {
-                    "type": "number",
-                    "description": "Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever."
-                  }
-                },
-                "additionalProperties": false,
-                "required": [
-                  "analysis_config",
-                  "background_persist_interval",
-                  "data_description"
-                ]
-              }
-            }
-          }
-        },
-        "responses": {
-          "200": {
-            "description": "",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "type": "object",
-                  "properties": {
-                    "allow_lazy_open": {
-                      "type": "boolean"
-                    },
-                    "analysis_config": {
-                      "$ref": "#/components/schemas/Ml_Types_AnalysisConfigRead"
-                    },
-                    "analysis_limits": {
-                      "$ref": "#/components/schemas/Ml_Types_AnalysisLimits"
-                    },
-                    "background_persist_interval": {
-                      "anyOf": [
-                        {
-                          "type": "string"
-                        },
-                        {
-                          "type": "number"
-                        }
-                      ]
-                    },
-                    "create_time": {
-                      "type": "string"
-                    },
-                    "custom_settings": {
-                      "description": "User provided value"
-                    },
-                    "daily_model_snapshot_retention_after_days": {
-                      "type": "number"
-                    },
-                    "data_description": {
-                      "$ref": "#/components/schemas/Ml_Types_DataDescription"
-                    },
-                    "datafeed_config": {
-                      "$ref": "#/components/schemas/Ml_Types_Datafeed"
-                    },
-                    "description": {
-                      "type": "string"
-                    },
-                    "groups": {
-                      "type": "array",
-                      "items": {
-                        "type": "string"
-                      }
-                    },
-                    "job_id": {
-                      "type": "string"
-                    },
-                    "job_type": {
-                      "type": "string"
-                    },
-                    "job_version": {
-                      "type": "string"
-                    },
-                    "model_plot_config": {
-                      "$ref": "#/components/schemas/Ml_Types_ModelPlotConfig"
-                    },
-                    "model_snapshot_id": {
-                      "type": "string"
-                    },
-                    "model_snapshot_retention_days": {
-                      "type": "number"
-                    },
-                    "renormalization_window_days": {
-                      "type": "number"
-                    },
-                    "results_index_name": {
-                      "type": "string"
-                    },
-                    "results_retention_days": {
-                      "type": "number"
-                    }
-                  },
-                  "additionalProperties": false,
-                  "required": [
-                    "allow_lazy_open",
-                    "analysis_config",
-                    "analysis_limits",
-                    "create_time",
-                    "daily_model_snapshot_retention_after_days",
-                    "data_description",
-                    "job_id",
-                    "job_type",
-                    "job_version",
-                    "model_snapshot_retention_days",
-                    "results_index_name"
-                  ]
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  },
-  "components": {
-    "schemas": {
-      "Ml_Types_AnalysisConfig": {
-        "type": "object",
-        "properties": {
-          "bucket_span": {
-            "type": "string",
-            "description": "The size of the interval that the analysis is aggregated into, typically between `5m` and `1h`. This value should be either a whole number of days or equate to a\nwhole number of buckets in one day. If the anomaly detection job uses a datafeed with aggregations, this value must also be divisible by the interval of the date histogram aggregation.\n* @server_default 5m"
-          },
-          "categorization_analyzer": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "$ref": "#/components/schemas/Ml_Types_CategorizationAnalyzerDefinition"
-              }
-            ],
-            "description": "If `categorization_field_name` is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time as `categorization_filters`. The categorization analyzer specifies how the `categorization_field` is interpreted by the categorization process. The `categorization_analyzer` field can be specified either as a string or as an object. If it is a string, it must refer to a built-in analyzer or one added by another plugin."
-          },
-          "categorization_field_name": {
-            "type": "string",
-            "description": "If this property is specified, the values of the specified field will be categorized. The resulting categories must be used in a detector by setting `by_field_name`, `over_field_name`, or `partition_field_name` to the keyword `mlcategory`."
-          },
-          "categorization_filters": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            },
-            "description": "If `categorization_field_name` is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as `categorization_analyzer`. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the `categorization_analyzer` property instead and include the filters as pattern_replace character filters. The effect is exactly the same."
-          },
-          "detectors": {
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/Ml_Types_Detector"
-            },
-            "description": "Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned."
-          },
-          "influencers": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            },
-            "description": "A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity."
-          },
-          "latency": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "type": "number"
-              }
-            ],
-            "description": "The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is applicable only when you send data by using the post data API."
-          },
-          "model_prune_window": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "type": "number"
-              }
-            ],
-            "description": "Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of the `bucket_span`. If set too low, important information may be removed from the model. For jobs created in 8.1 and later, the default value is the greater of `30d` or 20 times `bucket_span`."
-          },
-          "multivariate_by_fields": {
-            "type": "boolean",
-            "description": "This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to `true`, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the `multivariate_by_fields` property, you must also specify `by_field_name` in your detector."
-          },
-          "per_partition_categorization": {
-            "$ref": "#/components/schemas/Ml_Types_PerPartitionCategorization",
-            "description": "Settings related to how categorization interacts with partition fields."
-          },
-          "summary_count_field_name": {
-            "type": "string",
-            "description": "If this property is specified, the data that is fed to the job is expected to be pre-summarized. This property value is the name of the field that contains the count of raw data points that have been summarized. The same `summary_count_field_name` applies to all detectors in the job. NOTE: The `summary_count_field_name` property cannot be used with the `metric` function."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "bucket_span",
-          "detectors"
-        ]
-      },
-      "Ml_Types_AnalysisLimits": {
-        "type": "object",
-        "properties": {
-          "categorization_examples_limit": {
-            "type": "number",
-            "description": "The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The `categorization_examples_limit` applies only to analysis that uses categorization."
-          },
-          "model_memory_limit": {
-            "type": "string",
-            "description": "The approximate maximum amount of memory resources that are required for analytical processing. Once this limit is approached, data pruning becomes more aggressive. Upon exceeding this limit, new entities are not modeled. If the `xpack.ml.max_model_memory_limit` setting has a value greater than 0 and less than 1024mb, that value is used instead of the default. The default value is relatively small to ensure that high resource usage is a conscious decision. If you have jobs that are expected to analyze high cardinality fields, you will likely need to use a higher value. If you specify a number instead of a string, the units are assumed to be MiB. Specifying a string is recommended for clarity. If you specify a byte size unit of `b` or `kb` and the number does not equate to a discrete number of megabytes, it is rounded down to the closest MiB. The minimum valid value is 1 MiB. If you specify a value less than 1 MiB, an error occurs. If you specify a value for the `xpack.ml.max_model_memory_limit` setting, an error occurs when you try to create jobs that have `model_memory_limit` values greater than that setting value."
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_CategorizationAnalyzerDefinition": {
-        "type": "object",
-        "properties": {
-          "char_filter": {
-            "type": "array",
-            "items": {
-              "anyOf": [
-                {
-                  "type": "string"
-                },
-                {
-                  "anyOf": [
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_HtmlStripCharFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_MappingCharFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PatternReplaceCharFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuNormalizationCharFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KuromojiIterationMarkCharFilter"
-                    }
-                  ]
-                }
-              ]
-            },
-            "description": "One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of `categorization_filters` (which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters."
-          },
-          "filter": {
-            "type": "array",
-            "items": {
-              "anyOf": [
-                {
-                  "type": "string"
-                },
-                {
-                  "anyOf": [
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_AsciiFoldingTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_CommonGramsTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_ConditionTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_DelimitedPayloadTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_EdgeNGramTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_ElisionTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_FingerprintTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_HunspellTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_HyphenationDecompounderTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KeepTypesTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KeepWordsTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KeywordMarkerTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KStemTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_LengthTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_LimitTokenCountTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_LowercaseTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_MultiplexerTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_NGramTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_NoriPartOfSpeechTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PatternCaptureTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PatternReplaceTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PorterStemTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PredicateTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_RemoveDuplicatesTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_ReverseTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_ShingleTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_SnowballTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_StemmerOverrideTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_StemmerTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_StopTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_SynonymGraphTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_SynonymTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_TrimTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_TruncateTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_UniqueTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_UppercaseTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_WordDelimiterGraphTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_WordDelimiterTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KuromojiStemmerTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KuromojiReadingFormTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_KuromojiPartOfSpeechTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuTokenizer"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuCollationTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuFoldingTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuNormalizationTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_IcuTransformTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_PhoneticTokenFilter"
-                    },
-                    {
-                      "$ref": "#/components/schemas/Types_Analysis_DictionaryDecompounderTokenFilter"
-                    }
-                  ]
-                }
-              ]
-            },
-            "description": "One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization."
-          },
-          "tokenizer": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "anyOf": [
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_CharGroupTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_EdgeNGramTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_KeywordTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_LetterTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_LowercaseTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_NGramTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_NoriTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_PathHierarchyTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_StandardTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_UaxEmailUrlTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_WhitespaceTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_KuromojiTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_PatternTokenizer"
-                  },
-                  {
-                    "$ref": "#/components/schemas/Types_Analysis_IcuTokenizer"
-                  }
-                ]
-              }
-            ],
-            "description": "The name or definition of the tokenizer to use after character filters are applied. This property is compulsory if `categorization_analyzer` is specified as an object. Machine learning provides a tokenizer called `ml_standard` that tokenizes in a way that has been determined to produce good categorization results on a variety of log file formats for logs in English. If you want to use that tokenizer but change the character or token filters, specify \"tokenizer\": \"ml_standard\" in your `categorization_analyzer`. Additionally, the `ml_classic` tokenizer is available, which tokenizes in the same way as the non-customizable tokenizer in old versions of the product (before 6.2). `ml_classic` was the default categorization tokenizer in versions 6.2 to 7.13, so if you need categorization identical to the default for jobs created in these versions, specify \"tokenizer\": \"ml_classic\" in your `categorization_analyzer`."
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_ChunkingConfig": {
-        "type": "object",
-        "properties": {
-          "mode": {
-            "type": "string",
-            "enum": [
-              "auto",
-              "manual",
-              "off"
-            ],
-            "description": "If the mode is `auto`, the chunk size is dynamically calculated;\nthis is the recommended value when the datafeed does not use aggregations.\nIf the mode is `manual`, chunking is applied according to the specified `time_span`;\nuse this mode when the datafeed uses aggregations. If the mode is `off`, no chunking is applied."
-          },
-          "time_span": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "type": "number"
-              }
-            ],
-            "description": "The time span that each search will be querying. This setting is applicable only when the `mode` is set to `manual`."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "mode"
-        ]
-      },
-      "Ml_Types_DataDescription": {
-        "type": "object",
-        "properties": {
-          "format": {
-            "type": "string",
-            "description": "Only JSON format is supported at this time."
-          },
-          "time_field": {
-            "type": "string",
-            "description": "The name of the field that contains the timestamp."
-          },
-          "time_format": {
-            "type": "string",
-            "description": "The time format, which can be `epoch`, `epoch_ms`, or a custom pattern. The value `epoch` refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value `epoch_ms` indicates that time is measured in milliseconds since the epoch. The `epoch` and `epoch_ms` time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: `yyyy-MM-dd'T'HH:mm:ssX`. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails."
-          },
-          "field_delimiter": {
-            "type": "string"
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_DatafeedConfig": {
-        "type": "object",
-        "properties": {
-          "aggregations": {
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/Types_Aggregations_AggregationContainer"
-            },
-            "description": "If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data."
-          },
-          "aggs": {
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/Types_Aggregations_AggregationContainer"
-            },
-            "description": "If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data."
-          },
-          "chunking_config": {
-            "$ref": "#/components/schemas/Ml_Types_ChunkingConfig",
-            "description": "Datafeeds might be required to search over long time periods, for several months or years. This search is split into time chunks in order to ensure the load on Elasticsearch is managed. Chunking configuration controls how the size of these time chunks are calculated and is an advanced configuration option."
-          },
-          "datafeed_id": {
-            "type": "string",
-            "description": "A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters. The default value is the job identifier."
-          },
-          "delayed_data_check_config": {
-            "$ref": "#/components/schemas/Ml_Types_DelayedDataCheckConfig",
-            "description": "Specifies whether the datafeed checks for missing data and the size of the window. The datafeed can optionally search over indices that have already been read in an effort to determine whether any data has subsequently been added to the index. If missing data is found, it is a good indication that the `query_delay` option is set too low and the data is being indexed after the datafeed has passed that moment in time. This check runs only on real-time datafeeds."
-          },
-          "frequency": {
-            "type": "string",
-            "description": "The interval at which scheduled queries are made while the datafeed runs in real time. The default value is either the bucket span for short bucket spans, or, for longer bucket spans, a sensible fraction of the bucket span. For example: `150s`. When `frequency` is shorter than the bucket span, interim results for the last (partial) bucket are written then eventually overwritten by the full bucket results. If the datafeed uses aggregations, this value must be divisible by the interval of the date histogram aggregation."
-          },
-          "indexes": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "indices": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            },
-            "description": "An array of index names. Wildcards are supported. If any indices are in remote clusters, the machine learning nodes must have the `remote_cluster_client` role."
-          },
-          "indices_options": {
-            "$ref": "#/components/schemas/Types_IndicesOptions",
-            "description": "Specifies index expansion options that are used during search."
-          },
-          "job_id": {
-            "type": "string"
-          },
-          "max_empty_searches": {
-            "type": "number",
-            "description": "If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after `frequency` times `max_empty_searches` of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped."
-          },
-          "query": {
-            "$ref": "#/components/schemas/Types_QueryDsl_QueryContainer",
-            "description": "The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch."
-          },
-          "query_delay": {
-            "type": "string",
-            "description": "The number of seconds behind real time that data is queried. For example, if data from 10:04 a.m. might not be searchable in Elasticsearch until 10:06 a.m., set this property to 120 seconds. The default value is randomly selected between `60s` and `120s`. This randomness improves the query performance when there are multiple jobs running on the same node."
-          },
-          "runtime_mappings": {
-            "type": "object",
-            "additionalProperties": {
-              "anyOf": [
-                {
-                  "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                },
-                {
-                  "type": "array",
-                  "items": {
-                    "$ref": "#/components/schemas/Types_Mapping_RuntimeField"
-                  }
-                }
-              ]
-            },
-            "description": "Specifies runtime fields for the datafeed search."
-          },
-          "script_fields": {
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/Types_ScriptField"
-            },
-            "description": "Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields."
-          },
-          "scroll_size": {
-            "type": "number",
-            "description": "The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of `index.max_result_window`, which is 10,000 by default."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "indices",
-          "query"
-        ]
-      },
-      "Ml_Types_DelayedDataCheckConfig": {
-        "type": "object",
-        "properties": {
-          "check_window": {
-            "anyOf": [
-              {
-                "type": "string"
-              },
-              {
-                "type": "number"
-              }
-            ],
-            "description": "The window of time that is searched for late data. This window of time ends with the latest finalized bucket.\nIt defaults to null, which causes an appropriate `check_window` to be calculated when the real-time datafeed runs.\nIn particular, the default `check_window` span calculation is based on the maximum of `2h` or `8 * bucket_span`."
-          },
-          "enabled": {
-            "type": "boolean",
-            "description": "Specifies whether the datafeed periodically checks for delayed data."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "enabled"
-        ]
-      },
-      "Ml_Types_DetectionRule": {
-        "type": "object",
-        "properties": {
-          "actions": {
-            "type": "array",
-            "items": {
-              "type": "string",
-              "enum": [
-                "skip_result",
-                "skip_model_update"
-              ]
-            },
-            "description": "The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined."
-          },
-          "conditions": {
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/Ml_Types_RuleCondition"
-            },
-            "description": "An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND."
-          },
-          "scope": {
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/Ml_Types_FilterRef"
-            },
-            "description": "A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in `by_field_name`, `over_field_name`, or `partition_field_name`."
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_Detector": {
-        "type": "object",
-        "properties": {
-          "by_field_name": {
-            "type": "string",
-            "description": "The field used to split the data. In particular, this property is used for analyzing the splits with respect to their own history. It is used for finding unusual values in the context of the split."
-          },
-          "custom_rules": {
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/Ml_Types_DetectionRule"
-            },
-            "description": "Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules."
-          },
-          "detector_description": {
-            "type": "string",
-            "description": "A description of the detector."
-          },
-          "detector_index": {
-            "type": "number",
-            "description": "A unique identifier for the detector. This identifier is based on the order of the detectors in the `analysis_config`, starting at zero. If you specify a value for this property, it is ignored."
-          },
-          "exclude_frequent": {
-            "type": "string",
-            "enum": [
-              "all",
-              "none",
-              "by",
-              "over"
-            ],
-            "description": "If set, frequent entities are excluded from influencing the anomaly results. Entities can be considered frequent over time or frequent in a population. If you are working with both over and by fields, you can set `exclude_frequent` to `all` for both fields, or to `by` or `over` for those specific fields."
-          },
-          "field_name": {
-            "type": "string",
-            "description": "The field that the detector uses in the function. If you use an event rate function such as count or rare, do not specify this field. The `field_name` cannot contain double quotes or backslashes."
-          },
-          "function": {
-            "type": "string",
-            "description": "The analysis function that is used. For example, `count`, `rare`, `mean`, `min`, `max`, or `sum`."
-          },
-          "over_field_name": {
-            "type": "string",
-            "description": "The field used to split the data. In particular, this property is used for analyzing the splits with respect to the history of all splits. It is used for finding unusual values in the population of all splits."
-          },
-          "partition_field_name": {
-            "type": "string",
-            "description": "The field used to segment the analysis. When you use this property, you have completely independent baselines for each value of this field."
-          },
-          "use_null": {
-            "type": "boolean",
-            "description": "Defines whether a new series is used as the null series when there is no value for the by or partition fields."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "function"
-        ]
-      },
-      "Ml_Types_FilterRef": {
-        "type": "object",
-        "properties": {
-          "filter_id": {
-            "type": "string",
-            "description": "The identifier for the filter."
-          },
-          "filter_type": {
-            "type": "string",
-            "enum": [
-              "include",
-              "exclude"
-            ],
-            "description": "If set to `include`, the rule applies for values in the filter. If set to `exclude`, the rule applies for values not in the filter."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "filter_id"
-        ]
-      },
-      "Ml_Types_ModelPlotConfig": {
-        "type": "object",
-        "properties": {
-          "annotations_enabled": {
-            "type": "boolean",
-            "description": "If true, enables calculation and storage of the model change annotations for each entity that is being analyzed."
-          },
-          "enabled": {
-            "type": "boolean",
-            "description": "If true, enables calculation and storage of the model bounds for each entity that is being analyzed."
-          },
-          "terms": {
-            "type": "string",
-            "description": "Limits data collection to this comma separated list of partition or by field values. If terms are not specified or it is an empty string, no filtering is applied. Wildcards are not supported. Only the specified terms can be viewed when using the Single Metric Viewer."
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_PerPartitionCategorization": {
-        "type": "object",
-        "properties": {
-          "enabled": {
-            "type": "boolean",
-            "description": "To enable this setting, you must also set the `partition_field_name` property to the same value in every detector that uses the keyword `mlcategory`. Otherwise, job creation fails."
-          },
-          "stop_on_warn": {
-            "type": "boolean",
-            "description": "This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly."
-          }
-        },
-        "additionalProperties": false
-      },
-      "Ml_Types_RuleCondition": {
-        "type": "object",
-        "properties": {
-          "applies_to": {
-            "type": "string",
-            "enum": [
-              "actual",
-              "typical",
-              "diff_from_typical",
-              "time"
-            ],
-            "description": "Specifies the result property to which the condition applies. If your detector uses `lat_long`, `metric`, `rare`, or `freq_rare` functions, you can only specify conditions that apply to time."
-          },
-          "operator": {
-            "type": "string",
-            "enum": [
-              "gt",
-              "gte",
-              "lt",
-              "lte"
-            ],
-            "description": "Specifies the condition operator. The available options are greater than, greater than or equals, less than, and less than or equals."
-          },
-          "value": {
-            "type": "number",
-            "description": "The value that is compared against the `applies_to` field using the operator."
-          }
-        },
-        "additionalProperties": false,
-        "required": [
-          "applies_to",
-          "operator",
-          "value"
-        ]
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js b/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js
index 306f04c7ca95c..8ffe9fb71bcdb 100644
--- a/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js
+++ b/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js
@@ -125,7 +125,7 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) {
     return [];
   }
 
-  const aggregatedData = {};
+  const aggregatedData = Object.create(null);
   anomalyRecords.forEach((record) => {
     // Use moment.js to get start of interval.
     const roundedTime =
@@ -133,27 +133,32 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) {
         ? moment(record.timestamp).tz(dateFormatTz).startOf(interval).valueOf()
         : moment(record.timestamp).startOf(interval).valueOf();
     if (aggregatedData[roundedTime] === undefined) {
-      aggregatedData[roundedTime] = {};
+      aggregatedData[roundedTime] = Object.create(null);
     }
 
     // Aggregate by job, then detectorIndex.
     const jobId = record.job_id;
     const jobsAtTime = aggregatedData[roundedTime];
-    if (jobsAtTime[jobId] === undefined) {
-      jobsAtTime[jobId] = {};
+    if (jobsAtTime[jobId] === undefined || Object.hasOwn(jobsAtTime, jobId) === false) {
+      jobsAtTime[jobId] = Object.create(null);
     }
 
     // Aggregate by detector - default to function_description if no description available.
     const detectorIndex = record.detector_index;
+    if (typeof detectorIndex !== 'number') {
+      return;
+    }
     const detectorsForJob = jobsAtTime[jobId];
     if (detectorsForJob[detectorIndex] === undefined) {
-      detectorsForJob[detectorIndex] = {};
+      detectorsForJob[detectorIndex] = Object.create(null);
     }
 
     // Now add an object for the anomaly with the highest anomaly score per entity.
     // For the choice of entity, look in order for byField, overField, partitionField.
     // If no by/over/partition, default to an empty String.
-    const entitiesForDetector = detectorsForJob[detectorIndex];
+    const entitiesForDetector = Object.hasOwn(detectorsForJob, detectorIndex)
+      ? detectorsForJob[detectorIndex]
+      : Object.create(null);
 
     // TODO - are we worried about different byFields having the same
     // value e.g. host=server1 and machine=server1?
@@ -163,7 +168,7 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) {
     }
     if (entitiesForDetector[entity] === undefined) {
       entitiesForDetector[entity] = record;
-    } else {
+    } else if (Object.hasOwn(entitiesForDetector, entity)) {
       if (record.record_score > entitiesForDetector[entity].record_score) {
         entitiesForDetector[entity] = record;
       }
diff --git a/x-pack/plugins/ml/server/plugin.ts b/x-pack/plugins/ml/server/plugin.ts
index f8260e2211888..ac3fc8caea569 100644
--- a/x-pack/plugins/ml/server/plugin.ts
+++ b/x-pack/plugins/ml/server/plugin.ts
@@ -27,7 +27,6 @@ import type { HomeServerPluginSetup } from '@kbn/home-plugin/server';
 import type { CasesServerSetup } from '@kbn/cases-plugin/server';
 import type { PluginsSetup, PluginsStart, RouteInitialization } from './types';
 import type { MlCapabilities } from '../common/types/capabilities';
-import { jsonSchemaRoutes } from './routes/json_schema';
 import { notificationsRoutes } from './routes/notifications';
 import {
   type MlFeatures,
@@ -277,7 +276,6 @@ export class MlServerPlugin
       resolveMlCapabilities,
     });
     notificationsRoutes(routeInit);
-    jsonSchemaRoutes(routeInit);
     alertingRoutes(routeInit, sharedServicesProviders);
 
     initMlServerLog({ log: this.log });
diff --git a/x-pack/plugins/ml/server/routes/json_schema.ts b/x-pack/plugins/ml/server/routes/json_schema.ts
deleted file mode 100644
index 0c0ed7e3ea044..0000000000000
--- a/x-pack/plugins/ml/server/routes/json_schema.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { ML_INTERNAL_BASE_PATH } from '../../common/constants/app';
-import { getJsonSchemaQuerySchema } from '../../common/api_schemas/json_schema_schema';
-import { wrapError } from '../client/error_wrapper';
-import type { RouteInitialization } from '../types';
-import { JsonSchemaService } from '../models/json_schema_service';
-
-export function jsonSchemaRoutes({ router, routeGuard }: RouteInitialization) {
-  /**
-   * @apiGroup JsonSchema
-   *
-   * @api {get} /internal/ml/json_schema Get requested JSON schema
-   * @apiName GetJsonSchema
-   * @apiDescription Retrieves the JSON schema
-   */
-  router.versioned
-    .get({
-      path: `${ML_INTERNAL_BASE_PATH}/json_schema`,
-      access: 'internal',
-      options: {
-        tags: ['access:ml:canAccessML'],
-      },
-    })
-    .addVersion(
-      {
-        version: '1',
-        validate: {
-          request: {
-            query: getJsonSchemaQuerySchema,
-          },
-        },
-      },
-      routeGuard.fullLicenseAPIGuard(async ({ request, response }) => {
-        try {
-          const jsonSchemaService = new JsonSchemaService();
-
-          const result = await jsonSchemaService.extractSchema(
-            request.query.path,
-            request.query.method
-          );
-
-          return response.ok({
-            body: result,
-          });
-        } catch (e) {
-          return response.customError(wrapError(e));
-        }
-      })
-    );
-}
diff --git a/x-pack/plugins/ml/tsconfig.json b/x-pack/plugins/ml/tsconfig.json
index 8e7ddc53038ff..d20516c7d99ec 100644
--- a/x-pack/plugins/ml/tsconfig.json
+++ b/x-pack/plugins/ml/tsconfig.json
@@ -127,5 +127,6 @@
     "@kbn/react-kibana-context-render",
     "@kbn/esql-utils",
     "@kbn/core-lifecycle-browser",
+    "@kbn/json-schemas",
   ],
 }
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts b/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts
index 8a04150a7bbde..5ed5b85168ee2 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts
@@ -30,6 +30,9 @@ export function registerV1HealthRoute(server: MonitoringCore) {
     validate: {
       query: validateQuery,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req: LegacyRequest) {
       const logger = req.getLogger();
       const timeRange = {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts
index 326033e61f1c0..8b919fd1f86ea 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts
@@ -19,6 +19,9 @@ export function enableAlertsRoute(server: MonitoringCore, npRoute: RouteDependen
     {
       path: '/api/monitoring/v1/alerts/enable',
       validate: false,
+      options: {
+        access: 'internal',
+      },
     },
     async (context, request, response) => {
       try {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts
index a9efc14c8c458..64a0b7b92d85f 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts
@@ -28,6 +28,9 @@ export function alertStatusRoute(npRoute: RouteDependencies) {
           }),
         }),
       },
+      options: {
+        access: 'internal',
+      },
     },
     async (context, request, response) => {
       try {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts
index 92266c20596dc..8c8d7e0ad2c69 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts
@@ -29,6 +29,9 @@ export function apmInstanceRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const apmUuid = req.params.apmUuid;
       const config = server.config;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts
index 3dbe30c459ba6..bb8086867ed05 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts
@@ -27,6 +27,9 @@ export function apmInstancesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const ccs = req.payload.ccs;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts
index 468f267d517bd..12f0fcda23cb6 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts
@@ -28,6 +28,9 @@ export function apmOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const clusterUuid = req.params.clusterUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts
index 1a6e1da429f93..30ef661feb0f4 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts
@@ -29,6 +29,9 @@ export function beatsDetailRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
       const beatUuid = req.params.beatUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts
index f78a4902734fa..b59cec2898617 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts
@@ -27,6 +27,9 @@ export function beatsListingRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const ccs = req.payload.ccs;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts
index 3fac0fea06db5..cbdc28ebf4f9b 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts
@@ -29,6 +29,9 @@ export function beatsOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const ccs = req.payload.ccs;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts b/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts
index d1688bfbb087a..baab09e81becd 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts
@@ -21,6 +21,9 @@ export function checkAccessRoute(server: MonitoringCore) {
     method: 'get',
     path: '/api/monitoring/v1/check_access',
     validate: {},
+    options: {
+      access: 'internal',
+    },
     handler: async (req: LegacyRequest) => {
       const response: { has_access?: boolean } = {};
       try {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts
index 864b2beec5b7b..97a6bb8407b12 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts
@@ -30,6 +30,9 @@ export function clusterRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       const options = {
         clusterUuid: req.params.clusterUuid,
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts
index 1e5883360d09b..ab74302fa4e27 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts
@@ -30,6 +30,9 @@ export function clustersRoute(server: MonitoringCore) {
     validate: {
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       // NOTE using try/catch because checkMonitoringAuth is expected to throw
       // an error when current logged-in user doesn't have permission to read
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts
index efc3c439d7776..137175010cb22 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts
@@ -271,6 +271,9 @@ export function ccrRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const ccs = req.payload.ccs;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts
index cc37e52c0d9e8..3e215aaf67e35 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts
@@ -95,6 +95,9 @@ export function ccrShardRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const index = req.params.index;
       const shardId = req.params.shardId;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts
index 86a46dd8fae41..d420056d4ec0e 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts
@@ -36,6 +36,9 @@ export function esIndexRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       try {
         const config = server.config;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts
index 00956410d8c4d..d453a89b7d9dc 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts
@@ -32,6 +32,9 @@ export function esIndicesRoute(server: MonitoringCore) {
       query: validateQuery,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const { clusterUuid } = req.params;
       const { show_system_indices: showSystemIndices } = req.query;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts
index f51ca41ee4e9f..25f72a93c0c98 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts
@@ -29,6 +29,9 @@ export function mlJobRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
 
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts
index 4c95edeb718e1..a07b55b9be635 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts
@@ -41,6 +41,9 @@ export function esNodeRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const showSystemIndices = req.payload.showSystemIndices ?? false;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts
index f291af318bf9b..30bc527eea598 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts
@@ -32,6 +32,9 @@ export function esNodesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const {
         pagination,
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts
index 2d3b3600085d4..0b97f9ea63363 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts
@@ -34,6 +34,9 @@ export function esOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const clusterUuid = req.params.clusterUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts
index df2fafa2a952c..1aa326d872654 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts
@@ -18,6 +18,9 @@ export function clusterSettingsCheckRoute(server: MonitoringCore) {
     method: 'get',
     path: '/api/monitoring/v1/elasticsearch_settings/check/cluster',
     validate: {},
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       try {
         const response = await checkClusterSettings(req); // needs to be try/catch to handle privilege error
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts
index 192d5b995e10c..65726a56d8473 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts
@@ -83,6 +83,9 @@ export function internalMonitoringCheckRoute(server: MonitoringCore, npRoute: Ro
       validate: {
         body: validateBody,
       },
+      options: {
+        access: 'internal',
+      },
     },
     async (context, request, response) => {
       try {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts
index 90c37c6f910c9..6edabba7e7646 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts
@@ -18,6 +18,9 @@ export function nodesSettingsCheckRoute(server: MonitoringCore) {
     method: 'get',
     path: '/api/monitoring/v1/elasticsearch_settings/check/nodes',
     validate: {},
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       try {
         const response = await checkNodesSettings(req); // needs to be try/catch to handle privilege error
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts
index 941818699ede2..c171a20917c1f 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts
@@ -18,6 +18,9 @@ export function setCollectionEnabledRoute(server: MonitoringCore) {
     method: 'put',
     path: '/api/monitoring/v1/elasticsearch_settings/set/collection_enabled',
     validate: {},
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       try {
         const response = await setCollectionEnabled(req);
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts
index eb4798efc36cc..8cb27c86fac0c 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts
@@ -18,6 +18,9 @@ export function setCollectionIntervalRoute(server: MonitoringCore) {
     method: 'put',
     path: '/api/monitoring/v1/elasticsearch_settings/set/collection_interval',
     validate: {},
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       try {
         const response = await setCollectionInterval(req);
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts
index 6581b52655cee..2491e391c3947 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts
@@ -28,6 +28,9 @@ export function entSearchOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
       try {
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts
index d93b4ad829186..c265bbc9f4e27 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts
@@ -29,6 +29,9 @@ export function kibanaInstanceRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req: LegacyRequest) {
       const clusterUuid = req.params.clusterUuid;
       const kibanaUuid = req.params.kibanaUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts
index ebd8c870c33d1..0d63a12eff74a 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts
@@ -27,6 +27,9 @@ export function kibanaInstancesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
 
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts
index 936dbd95c1727..f398a1bda59d7 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts
@@ -29,6 +29,9 @@ export function kibanaOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
 
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts
index 4c0088b4112e6..5c7bbc36b168c 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts
@@ -34,6 +34,9 @@ export function logstashNodeRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const clusterUuid = req.params.clusterUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts
index 169165b0893fe..c4e32d86eec3a 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts
@@ -26,6 +26,9 @@ export function logstashNodesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
 
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts
index 8937c1dc7a9ad..26d63693fd6dd 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts
@@ -28,6 +28,9 @@ export function logstashOverviewRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const clusterUuid = req.params.clusterUuid;
 
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts
index ba4eb941f7ffe..99c0a054cc2e1 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts
@@ -34,6 +34,9 @@ export function logstashPipelineRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const clusterUuid = req.params.clusterUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts
index fe4d2c2b64ed7..791b6a5b16aec 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts
@@ -25,6 +25,9 @@ export function logstashClusterPipelineIdsRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const config = server.config;
       const clusterUuid = req.params.clusterUuid;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts
index 07404c28894c4..452be9d2896c6 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts
@@ -35,6 +35,9 @@ export function logstashClusterPipelinesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const {
         pagination,
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts
index 8cf74c1d93cc7..19cd898267fad 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts
@@ -34,6 +34,9 @@ export function logstashNodePipelinesRoute(server: MonitoringCore) {
       params: validateParams,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     async handler(req) {
       const {
         pagination,
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts
index 7f8a03cf03c6b..4ebd330270bb4 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts
@@ -35,6 +35,9 @@ export function clusterSetupStatusRoute(server: MonitoringCore) {
       query: validateQuery,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       const clusterUuid = req.params.clusterUuid;
       const skipLiveData = req.query.skipLiveData;
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts
index cdecf346bae9d..59426eeaa99b4 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts
@@ -19,6 +19,9 @@ export function disableElasticsearchInternalCollectionRoute(server: MonitoringCo
     validate: {
       params: createValidationFunction(postDisableInternalCollectionRequestParamsRT),
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       // NOTE using try/catch because checkMonitoringAuth is expected to throw
       // an error when current logged-in user doesn't have permission to read
diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts
index 58d51fa3edcf2..7f91386020228 100644
--- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts
+++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts
@@ -35,6 +35,9 @@ export function nodeSetupStatusRoute(server: MonitoringCore) {
       query: validateQuery,
       body: validateBody,
     },
+    options: {
+      access: 'internal',
+    },
     handler: async (req) => {
       const nodeUuid = req.params.nodeUuid;
       const skipLiveData = req.query.skipLiveData;
diff --git a/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts b/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts
index 4d18eeb6ec922..95e1770826d6f 100644
--- a/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts
+++ b/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts
@@ -37,6 +37,7 @@ export function registerDynamicRoute({
     {
       path: `${MONITORING_COLLECTION_BASE_PATH}/{type}`,
       options: {
+        access: 'internal',
         authRequired: true,
         tags: ['api'], // ensures that unauthenticated calls receive a 401 rather than a 302 redirect to login page
       },
diff --git a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts
index e7d04ffa3d97c..07db609558346 100644
--- a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts
+++ b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts
@@ -546,7 +546,7 @@ export const generalSettings: RawSettingDefinition[] = [
         'as it can lead to an explosion of transaction groups.\n' +
         'Take a look at the `transaction_name_groups` option on how to mitigate this problem by grouping URLs together.',
     }),
-    includeAgents: ['java'],
+    includeAgents: ['java', 'dotnet'],
   },
 
   {
@@ -565,6 +565,6 @@ export const generalSettings: RawSettingDefinition[] = [
         'such as `GET /users/42/cart` and `GET /users/73/cart` into a single transaction name `GET /users/*/cart`,\n' +
         'hence reducing the transaction name cardinality.',
     }),
-    includeAgents: ['java'],
+    includeAgents: ['java', 'dotnet'],
   },
 ];
diff --git a/x-pack/plugins/observability_solution/apm/common/entities/types.ts b/x-pack/plugins/observability_solution/apm/common/entities/types.ts
new file mode 100644
index 0000000000000..7b6d6fa7467c1
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/common/entities/types.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AgentName } from '../../typings/es_schemas/ui/fields/agent';
+
+export enum SignalTypes {
+  METRICS = 'metrics',
+  LOGS = 'logs',
+}
+
+export interface EntityMetrics {
+  latency: number | null;
+  throughput: number | null;
+  failedTransactionRate: number;
+  logRatePerMinute: number;
+  logErrorRate: number | null;
+}
+
+export interface EntityServiceListItem {
+  signalTypes: SignalTypes[];
+  metrics: EntityMetrics;
+  environments: string[];
+  serviceName: string;
+  agentName: AgentName;
+}
diff --git a/x-pack/plugins/observability_solution/apm/common/es_fields/__snapshots__/es_fields.test.ts.snap b/x-pack/plugins/observability_solution/apm/common/es_fields/__snapshots__/es_fields.test.ts.snap
index f313ef593cf04..3c101b4357528 100644
--- a/x-pack/plugins/observability_solution/apm/common/es_fields/__snapshots__/es_fields.test.ts.snap
+++ b/x-pack/plugins/observability_solution/apm/common/es_fields/__snapshots__/es_fields.test.ts.snap
@@ -57,6 +57,8 @@ exports[`Error CONTAINER_ID 1`] = `undefined`;
 
 exports[`Error CONTAINER_IMAGE 1`] = `undefined`;
 
+exports[`Error DATA_STEAM_TYPE 1`] = `undefined`;
+
 exports[`Error DESTINATION_ADDRESS 1`] = `undefined`;
 
 exports[`Error DEVICE_MODEL_IDENTIFIER 1`] = `undefined`;
@@ -401,6 +403,8 @@ exports[`Span CONTAINER_ID 1`] = `undefined`;
 
 exports[`Span CONTAINER_IMAGE 1`] = `undefined`;
 
+exports[`Span DATA_STEAM_TYPE 1`] = `undefined`;
+
 exports[`Span DESTINATION_ADDRESS 1`] = `undefined`;
 
 exports[`Span DEVICE_MODEL_IDENTIFIER 1`] = `undefined`;
@@ -732,6 +736,8 @@ exports[`Transaction CONTAINER_ID 1`] = `"container1234567890abcdef"`;
 
 exports[`Transaction CONTAINER_IMAGE 1`] = `undefined`;
 
+exports[`Transaction DATA_STEAM_TYPE 1`] = `undefined`;
+
 exports[`Transaction DESTINATION_ADDRESS 1`] = `undefined`;
 
 exports[`Transaction DEVICE_MODEL_IDENTIFIER 1`] = `undefined`;
diff --git a/x-pack/plugins/observability_solution/apm/common/es_fields/apm.ts b/x-pack/plugins/observability_solution/apm/common/es_fields/apm.ts
index 27a786df210e4..539484fed182e 100644
--- a/x-pack/plugins/observability_solution/apm/common/es_fields/apm.ts
+++ b/x-pack/plugins/observability_solution/apm/common/es_fields/apm.ts
@@ -176,6 +176,7 @@ export const VALUE_OTEL_JVM_PROCESS_MEMORY_NON_HEAP = 'non_heap';
 // Metadata
 export const TIER = '_tier';
 export const INDEX = '_index';
+export const DATA_STEAM_TYPE = 'data_stream.type';
 
 // Mobile
 export const NETWORK_CONNECTION_TYPE = 'network.connection.type';
diff --git a/x-pack/plugins/observability_solution/apm/common/es_fields/entities.ts b/x-pack/plugins/observability_solution/apm/common/es_fields/entities.ts
new file mode 100644
index 0000000000000..043d611d37ce5
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/common/es_fields/entities.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const LAST_SEEN = 'entity.lastSeenTimestamp';
+export const FIRST_SEEN = 'entity.firstSeenTimestamp';
+
+export const ENTITY = 'entity';
+export const ENTITY_ENVIRONMENT = 'entity.identityFields.service.environment';
diff --git a/x-pack/plugins/observability_solution/apm/common/i18n.ts b/x-pack/plugins/observability_solution/apm/common/i18n.ts
index b52bdd582bd10..5310aa3196b48 100644
--- a/x-pack/plugins/observability_solution/apm/common/i18n.ts
+++ b/x-pack/plugins/observability_solution/apm/common/i18n.ts
@@ -10,3 +10,7 @@ import { i18n } from '@kbn/i18n';
 export const NOT_AVAILABLE_LABEL = i18n.translate('xpack.apm.notAvailableLabel', {
   defaultMessage: 'N/A',
 });
+
+export const CLICK_ARIAL_LABEL = i18n.translate('xpack.apm.clickArialLabel.', {
+  defaultMessage: 'Click to view more details',
+});
diff --git a/x-pack/plugins/observability_solution/apm/common/utils/environment_query.ts b/x-pack/plugins/observability_solution/apm/common/utils/environment_query.ts
index b31e63e09cc1b..9d2f179cca7e8 100644
--- a/x-pack/plugins/observability_solution/apm/common/utils/environment_query.ts
+++ b/x-pack/plugins/observability_solution/apm/common/utils/environment_query.ts
@@ -10,16 +10,19 @@ import { SERVICE_ENVIRONMENT, SERVICE_NODE_NAME } from '../es_fields/apm';
 import { ENVIRONMENT_ALL, ENVIRONMENT_NOT_DEFINED } from '../environment_filter_values';
 import { SERVICE_NODE_NAME_MISSING } from '../service_nodes';
 
-export function environmentQuery(environment: string | undefined): QueryDslQueryContainer[] {
+export function environmentQuery(
+  environment: string | undefined,
+  field: string = SERVICE_ENVIRONMENT
+): QueryDslQueryContainer[] {
   if (!environment || environment === ENVIRONMENT_ALL.value) {
     return [];
   }
 
   if (environment === ENVIRONMENT_NOT_DEFINED.value) {
-    return [{ bool: { must_not: { exists: { field: SERVICE_ENVIRONMENT } } } }];
+    return [{ bool: { must_not: { exists: { field } } } }];
   }
 
-  return [{ term: { [SERVICE_ENVIRONMENT]: environment } }];
+  return [{ term: { [field]: environment } }];
 }
 
 export function serviceNodeNameQuery(serviceNodeName?: string): QueryDslQueryContainer[] {
diff --git a/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml b/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml
index 60c8a74d75b88..d37137302fd21 100644
--- a/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml
+++ b/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml
@@ -15,6 +15,7 @@ paths:
     post:
       summary: Create an APM agent key
       description: Create a new agent key for APM.
+      operationId: createAgentKey
       tags:
         - APM agent keys
       requestBody:
@@ -56,6 +57,7 @@ paths:
     get:
       summary: Search for annotations
       description: Search for annotations related to a specific service.
+      operationId: getAnnotation
       tags:
         - APM annotations
       parameters:
@@ -110,6 +112,7 @@ paths:
     post:
       summary: Create a service annotation
       description: Create a new annotation for a specific service.
+      operationId: createAnnotation
       tags:
         - APM annotations
       parameters:
diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx
index 14b10cb24ea30..53b327300c215 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx
@@ -5,9 +5,9 @@
  * 2.0.
  */
 import moment from 'moment';
-import { EuiFieldNumber } from '@elastic/eui';
+import { EuiExpression, EuiFieldNumber, EuiFormRow, EuiPopover } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
-import React from 'react';
+import React, { useState } from 'react';
 import {
   ERROR_GROUP_ID,
   SERVICE_ENVIRONMENT,
@@ -42,7 +42,7 @@ export function ServiceField({
       <SuggestionsSelect
         customOptions={allowAll ? [{ label: allOptionText, value: undefined }] : undefined}
         customOptionText={i18n.translate('xpack.apm.serviceNamesSelectCustomOptionText', {
-          defaultMessage: `Add '{searchValue}' as a new service name`,
+          defaultMessage: 'Add \\{searchValue\\} as a new service name',
         })}
         defaultValue={currentValue}
         fieldName={SERVICE_NAME}
@@ -76,7 +76,7 @@ export function EnvironmentField({
       <SuggestionsSelect
         customOptions={[ENVIRONMENT_ALL]}
         customOptionText={i18n.translate('xpack.apm.environmentsSelectCustomOptionText', {
-          defaultMessage: `Add '{searchValue}' as a new environment`,
+          defaultMessage: 'Add \\{searchValue\\} as a new environment',
         })}
         defaultValue={getEnvironmentLabel(currentValue)}
         fieldName={SERVICE_ENVIRONMENT}
@@ -110,7 +110,7 @@ export function TransactionNameField({
       <SuggestionsSelect
         customOptions={[{ label: allOptionText, value: undefined }]}
         customOptionText={i18n.translate('xpack.apm.alerting.transaction.name.custom.text', {
-          defaultMessage: `Add '{searchValue}' as a new transaction name`,
+          defaultMessage: 'Add \\{searchValue\\} as a new transaction name',
         })}
         defaultValue={currentValue}
         fieldName={TRANSACTION_NAME}
@@ -143,7 +143,7 @@ export function TransactionTypeField({
       <SuggestionsSelect
         customOptions={[{ label: allOptionText, value: undefined }]}
         customOptionText={i18n.translate('xpack.apm.transactionTypesSelectCustomOptionText', {
-          defaultMessage: `Add '{searchValue}' as a new transaction type`,
+          defaultMessage: 'Add \\{searchValue\\} as a new transaction type',
         })}
         defaultValue={currentValue}
         fieldName={TRANSACTION_TYPE}
@@ -176,7 +176,7 @@ export function ErrorGroupingKeyField({
       <SuggestionsSelect
         customOptions={[{ label: allOptionText, value: undefined }]}
         customOptionText={i18n.translate('xpack.apm.errorKeySelectCustomOptionText', {
-          defaultMessage: `Add '{searchValue}' as a new error grouping key`,
+          defaultMessage: 'Add \\{searchValue\\} as a new error grouping key',
         })}
         defaultValue={currentValue}
         fieldName={ERROR_GROUP_ID}
@@ -192,6 +192,10 @@ export function ErrorGroupingKeyField({
   );
 }
 
+function isNumeric(value: string): boolean {
+  return !isNaN(Number(value)) && value.trim() !== '';
+}
+
 export function IsAboveField({
   value,
   unit,
@@ -203,22 +207,56 @@ export function IsAboveField({
   onChange: (value: number) => void;
   step?: number;
 }) {
+  const [thresholdPopoverOpen, serThresholdPopoverOpen] = useState(false);
+  const [isAboveValue, setIsAboveValue] = useState(String(value));
+
   return (
-    <PopoverExpression
-      value={`${value}${unit}`}
-      title={i18n.translate('xpack.apm.transactionErrorRateRuleType.isAbove', {
-        defaultMessage: 'is above',
-      })}
+    <EuiPopover
+      isOpen={thresholdPopoverOpen}
+      anchorPosition={'downLeft'}
+      ownFocus
+      closePopover={() => {
+        serThresholdPopoverOpen(false);
+      }}
+      button={
+        <EuiExpression
+          value={`${value}${unit}`}
+          description={i18n.translate('xpack.apm.transactionErrorRateRuleType.isAbove', {
+            defaultMessage: 'is above',
+          })}
+          isInvalid={!isNumeric(isAboveValue)}
+          isActive={thresholdPopoverOpen}
+          onClick={() => {
+            serThresholdPopoverOpen(true);
+          }}
+        />
+      }
     >
-      <EuiFieldNumber
-        data-test-subj="apmIsAboveFieldFieldNumber"
-        min={0}
-        value={value ?? 0}
-        onChange={(e) => onChange(parseInt(e.target.value, 10))}
-        append={unit}
-        compressed
-        step={step}
-      />
-    </PopoverExpression>
+      <EuiFormRow
+        isInvalid={!isNumeric(isAboveValue)}
+        error={i18n.translate('xpack.apm.transactionErrorRateRuleType.error.validThreshold', {
+          defaultMessage: 'Thresholds must contain a valid number.',
+        })}
+      >
+        <EuiFieldNumber
+          data-test-subj="apmIsAboveFieldFieldNumber"
+          min={0}
+          value={isAboveValue}
+          onChange={(e) => {
+            const thresholdVal = e.target.value;
+            // Update the value to continue typing (if user stopped at . or ,)
+            setIsAboveValue(thresholdVal);
+            // Only send the value back to the rule if it's a valid number
+            if (!isNaN(Number(thresholdVal))) {
+              onChange(Number(thresholdVal));
+            }
+          }}
+          append={unit}
+          isInvalid={!isNumeric(isAboveValue)}
+          compressed
+          step={step}
+        />
+      </EuiFormRow>
+    </EuiPopover>
   );
 }
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts
index 7293c045093f1..2d3ea5fded80b 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts
@@ -9,6 +9,9 @@ export const AGENT_NAME_DASHBOARD_FILE_MAPPING: Record<string, string> = {
   nodejs: 'nodejs',
   'opentelemetry/nodejs': 'opentelemetry_nodejs',
   java: 'java',
+  'opentelemetry/java': 'opentelemetry_java',
+  'opentelemetry/java/opentelemetry-java-instrumentation': 'opentelemetry_java',
+  'opentelemetry/java/elastic': 'opentelemetry_java',
 };
 
 /**
@@ -35,6 +38,12 @@ export async function loadDashboardFile(filename: string): Promise<any> {
         './java.json'
       );
     }
+    case 'opentelemetry_java': {
+      return import(
+        /* webpackChunkName: "lazyJavaDashboard" */
+        './opentelemetry_java.json'
+      );
+    }
     default: {
       break;
     }
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json
new file mode 100644
index 0000000000000..727caf4636a67
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json
@@ -0,0 +1 @@
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"1b6a901c-d055-485f-b404-9a86fd52985d\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"1b6a901c-d055-485f-b404-9a86fd52985d\",\"fieldName\":\"service.node.name\",\"title\":\"Node name\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{},\"selectedOptions\":[]}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"agent.name : \\\"opentelemetry/java/opentelemetry-java-instrumentation\\\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":10,\"i\":\"7b6cce32-fe3c-47a3-8784-6646ee4d5b24\"},\"panelIndex\":\"7b6cce32-fe3c-47a3-8784-6646ee4d5b24\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-ffdfcd10-9cab-4806-813b-5c1c5053584e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"03bdc1b7-9f72-4d24-89ae-72014a51a251\",\"isTransposed\":false,\"oneClickFilter\":false},{\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\",\"isTransposed\":false},{\"columnId\":\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\",\"isTransposed\":false},{\"columnId\":\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\",\"isTransposed\":false},{\"columnId\":\"8bf5c093-6115-4f73-a279-1dd576647e20\",\"isTransposed\":false},{\"columnId\":\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\",\"isTransposed\":false,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.6},{\"color\":\"#54b399\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.8},{\"color\":\"#e7664c\",\"stop\":0.9},{\"color\":\"#cc5642\",\"stop\":1.9}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.6},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":0.9}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}},\"isMetric\":true},{\"columnId\":\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\",\"isTransposed\":false,\"isMetric\":true,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.5},{\"color\":\"#54b399\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.8},{\"color\":\"#e7664c\",\"stop\":0.9},{\"color\":\"#cc5642\",\"stop\":1.9}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.5},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":0.9}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}}}],\"layerId\":\"ffdfcd10-9cab-4806-813b-5c1c5053584e\",\"layerType\":\"data\"},\"query\":{\"query\":\"(not agent.name :\\\"java\\\" ) and  (jvm.cpu.recent_utilization :* or jvm.memory.used:* or jvm.thread.count :*)\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ffdfcd10-9cab-4806-813b-5c1c5053584e\":{\"columns\":{\"03bdc1b7-9f72-4d24-89ae-72014a51a251\":{\"label\":\"JVM (Top 10)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"service.node.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\":{\"label\":\"Heap memory avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":1}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"heap\\\" \",\"language\":\"kuery\"}},\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\":{\"label\":\"Non-heap memory avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":1}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"non_heap\\\" \",\"language\":\"kuery\"}},\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\":{\"label\":\"Thread count max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true},\"8bf5c093-6115-4f73-a279-1dd576647e20\":{\"label\":\"Host name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"average(jvm.memory.used)/average(jvm.memory.limit)\"}},\"references\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\"],\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\":{\"label\":\"Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used)/average(jvm.memory.limit)\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":1}}},\"references\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\"],\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"customLabel\":true},\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\":{\"label\":\"CPU avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":1}}},\"customLabel\":true}},\"columnOrder\":[\"03bdc1b7-9f72-4d24-89ae-72014a51a251\",\"8bf5c093-6115-4f73-a279-1dd576647e20\",\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\",\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\",\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\",\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":15,\"i\":\"5e044c2f-a316-4180-8f21-571fec481377\"},\"panelIndex\":\"5e044c2f-a316-4180-8f21-571fec481377\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"},{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-2df2bccd-257b-4ec4-ba84-b022128ff511\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [bytes]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\"},{\"layerId\":\"2df2bccd-257b-4ec4-ba84-b022128ff511\",\"layerType\":\"data\",\"accessors\":[\"8cbe1326-c46a-437b-ad96-5fb9feefa997\"],\"seriesType\":\"line\",\"xAccessor\":\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. committed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}},\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\":{\"label\":\"Avg. used\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"},\"2df2bccd-257b-4ec4-ba84-b022128ff511\":{\"linkToLayers\":[],\"columns\":{\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"8cbe1326-c46a-437b-ad96-5fb9feefa997\":{\"label\":\"Limit\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\",\"8cbe1326-c46a-437b-ad96-5fb9feefa997\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Heap memory usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":15,\"i\":\"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020\"},\"panelIndex\":\"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [bytes]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. committed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"non_heap\\\" \",\"language\":\"kuery\"}},\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\":{\"label\":\"Avg. used\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"non_heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Non-heap memory usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":40,\"w\":24,\"h\":15,\"i\":\"ca9786a7-abfe-452c-9c89-ab331870ca68\"},\"panelIndex\":\"ca9786a7-abfe-452c-9c89-ab331870ca68\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [%]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"splitAccessor\":\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"average(jvm.memory.used)/average(jvm.memory.limit)\"}},\"references\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\"],\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. usage\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used)/average(jvm.memory.limit)\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"references\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\"],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"customLabel\":true},\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\":{\"label\":\"Top 3 values of labels.jvm_memory_pool_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"labels.jvm_memory_pool_name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\",\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"\"},\"title\":\"Heap memory usage by pool\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":15,\"i\":\"4d8c0963-10dc-4ade-bb61-cbce3965daa5\"},\"panelIndex\":\"4d8c0963-10dc-4ade-bb61-cbce3965daa5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"4bee55ff-0735-4106-8e03-c68b714c86bd\"},{\"isTransposed\":false,\"columnId\":\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\",\"colorMode\":\"none\"},{\"columnId\":\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\",\"isTransposed\":false},{\"columnId\":\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\",\"isTransposed\":false,\"colorMode\":\"none\"},{\"columnId\":\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\",\"isTransposed\":false,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.5},{\"color\":\"#54b399\",\"stop\":0.6},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":1.8}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.5},{\"color\":\"#d6bf57\",\"stop\":0.6},{\"color\":\"#e7664c\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.8}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}}}],\"layerId\":\"c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\",\"layerType\":\"data\"},\"query\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\":{\"columns\":{\"4bee55ff-0735-4106-8e03-c68b714c86bd\":{\"label\":\"Memory pool\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"labels.jvm_memory_pool_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\":{\"label\":\"Committed [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\":{\"label\":\"Limit [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\":{\"label\":\"Used [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"jvm.memory.used: *\",\"language\":\"kuery\"},\"reducedTimeRange\":\"5m\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"jvm.memory.limit: *\",\"language\":\"kuery\"},\"reducedTimeRange\":\"5m\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\"],\"location\":{\"min\":0,\"max\":103},\"text\":\"average(jvm.memory.used, kql='jvm.memory.used: *')/average(jvm.memory.limit, kql='jvm.memory.limit: *')\"}},\"references\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\"],\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\":{\"label\":\"Used [%]\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used, kql='jvm.memory.used: *')/average(jvm.memory.limit, kql='jvm.memory.limit: *')\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"references\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\"],\"reducedTimeRange\":\"5m\",\"customLabel\":true}},\"columnOrder\":[\"4bee55ff-0735-4106-8e03-c68b714c86bd\",\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\",\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\",\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Heap memory pools\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"298e0934-8feb-44b8-8e5e-246a173a7036\"},\"panelIndex\":\"298e0934-8feb-44b8-8e5e-246a173a7036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-f29b4866-f576-49a4-af42-efafad81d0ff\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"f29b4866-f576-49a4-af42-efafad81d0ff\",\"accessors\":[\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\",\"2d12ce33-9691-4f4a-9717-eab6e4fed767\",\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"fd579e72-9688-4cc3-987a-814c255ef7a4\",\"yConfig\":[{\"forAccessor\":\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"color\":\"#d6bf57\"},{\"forAccessor\":\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\",\"color\":\"#da8b45\"}]}],\"yTitle\":\"Utilization [%]\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f29b4866-f576-49a4-af42-efafad81d0ff\":{\"columns\":{\"fd579e72-9688-4cc3-987a-814c255ef7a4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\":{\"label\":\"System average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.system.cpu.utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"2d12ce33-9691-4f4a-9717-eab6e4fed767\":{\"label\":\"System max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.system.cpu.utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\":{\"label\":\"Process average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\":{\"label\":\"Process max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2,\"compact\":false}}},\"customLabel\":true}},\"columnOrder\":[\"fd579e72-9688-4cc3-987a-814c255ef7a4\",\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\",\"2d12ce33-9691-4f4a-9717-eab6e4fed767\",\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CPU Usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":40,\"w\":24,\"h\":15,\"i\":\"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e\"},\"panelIndex\":\"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-ba118f97-82fd-4867-ae97-a071c22c7360\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"ba118f97-82fd-4867-ae97-a071c22c7360\",\"accessors\":[\"adb88f79-f380-4a6a-9f90-91316ececf1f\",\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69640a9f-0f72-46d0-94b2-47930dc0272e\"}],\"yTitle\":\"Thread count\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ba118f97-82fd-4867-ae97-a071c22c7360\":{\"columns\":{\"69640a9f-0f72-46d0-94b2-47930dc0272e\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"adb88f79-f380-4a6a-9f90-91316ececf1f\":{\"label\":\"Max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\":{\"label\":\"Average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69640a9f-0f72-46d0-94b2-47930dc0272e\",\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\",\"adb88f79-f380-4a6a-9f90-91316ececf1f\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Thread count\"}]","timeRestore":false,"title":"JVM-Dashboard - otel","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-04-30T09:07:18.434Z","created_by":"u_2555277038_cloud","id":"f29edbb0-2a0e-11ee-ba40-b1a1a11f1941","managed":false,"references":[{"id":"apm_static_data_view_id_default","name":"7b6cce32-fe3c-47a3-8784-6646ee4d5b24:indexpattern-datasource-layer-ffdfcd10-9cab-4806-813b-5c1c5053584e","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5e044c2f-a316-4180-8f21-571fec481377:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5e044c2f-a316-4180-8f21-571fec481377:indexpattern-datasource-layer-2df2bccd-257b-4ec4-ba84-b022128ff511","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"ca9786a7-abfe-452c-9c89-ab331870ca68:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"4d8c0963-10dc-4ade-bb61-cbce3965daa5:indexpattern-datasource-layer-c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"298e0934-8feb-44b8-8e5e-246a173a7036:indexpattern-datasource-layer-f29b4866-f576-49a4-af42-efafad81d0ff","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e:indexpattern-datasource-layer-ba118f97-82fd-4867-ae97-a071c22c7360","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"controlGroup_1b6a901c-d055-485f-b404-9a86fd52985d:optionsListDataView","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-04-30T09:07:18.434Z","version":"WzkyNiwyXQ=="}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_groups_list/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_groups_list/index.tsx
index 46b50f2ca30bf..e46a35e9bb0f8 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_groups_list/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_groups_list/index.tsx
@@ -14,6 +14,8 @@ import {
   EuiText,
   EuiLink,
 } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { apmEnableMultiSignal } from '@kbn/observability-plugin/common';
 import { i18n } from '@kbn/i18n';
 import { isEmpty, sortBy } from 'lodash';
 import React, { useState, useCallback } from 'react';
@@ -23,10 +25,16 @@ import { Sort } from './sort';
 import { RefreshServiceGroupsSubscriber } from '../refresh_service_groups_subscriber';
 import { ServiceGroupSaveButton } from '../service_group_save';
 import { BetaBadge } from '../../../shared/beta_badge';
+import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context';
 
 export type ServiceGroupsSortType = 'recently_added' | 'alphabetical';
 
+const GET_STARTED_URL = 'https://www.elastic.co/guide/en/apm/get-started/current/index.html';
+
 export function ServiceGroupsList() {
+  const { core } = useApmPluginContext();
+  const isMultiSignalEnabled = core.uiSettings.get<boolean>(apmEnableMultiSignal, false);
+
   const [filter, setFilter] = useState('');
 
   const [apmServiceGroupsSortType, setServiceGroupsSortType] =
@@ -130,6 +138,25 @@ export function ServiceGroupsList() {
                         {i18n.translate('xpack.apm.serviceGroups.listDescription', {
                           defaultMessage: 'Displayed service counts reflect the last 24 hours.',
                         })}
+                        {isMultiSignalEnabled && (
+                          <FormattedMessage
+                            id="xpack.apm.serviceGroups.onlyApm"
+                            defaultMessage="Only showing services {link}"
+                            values={{
+                              link: (
+                                <EuiLink
+                                  data-test-subj="apmServiceGroupsApmInstrumentedLink"
+                                  href={GET_STARTED_URL}
+                                  target="_blank"
+                                >
+                                  {i18n.translate('xpack.apm.serviceGroups.onlyApmLink', {
+                                    defaultMessage: 'instrumented with APM.',
+                                  })}
+                                </EuiLink>
+                              ),
+                            }}
+                          />
+                        )}
                       </EuiText>
                     </EuiFlexItem>
                     <EuiFlexItem grow={false}>
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/index.tsx
new file mode 100644
index 0000000000000..c4553a59be802
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/index.tsx
@@ -0,0 +1,341 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { usePerformanceContext } from '@kbn/ebt-tools';
+import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import React, { useCallback, useEffect, useMemo, useState } from 'react';
+import { v4 as uuidv4 } from 'uuid';
+import { apmEnableServiceInventoryTableSearchBar } from '@kbn/observability-plugin/common';
+import { useEditableSettings } from '@kbn/observability-shared-plugin/public';
+import { ApmDocumentType } from '../../../../../common/document_type';
+import {
+  ServiceInventoryFieldName,
+  ServiceListItem,
+} from '../../../../../common/service_inventory';
+import { useAnomalyDetectionJobsContext } from '../../../../context/anomaly_detection_jobs/use_anomaly_detection_jobs_context';
+import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context';
+import { useApmParams } from '../../../../hooks/use_apm_params';
+import { useStateDebounced } from '../../../../hooks/use_debounce';
+import { FETCH_STATUS, isFailure, isPending } from '../../../../hooks/use_fetcher';
+import { useLocalStorage } from '../../../../hooks/use_local_storage';
+import { usePreferredDataSourceAndBucketSize } from '../../../../hooks/use_preferred_data_source_and_bucket_size';
+import { useProgressiveFetcher } from '../../../../hooks/use_progressive_fetcher';
+import { useTimeRange } from '../../../../hooks/use_time_range';
+import { APIReturnType } from '../../../../services/rest/create_call_apm_api';
+import { SortFunction } from '../../../shared/managed_table';
+import { MLCallout, shouldDisplayMlCallout } from '../../../shared/ml_callout';
+import { SearchBar } from '../../../shared/search_bar/search_bar';
+import { isTimeComparison } from '../../../shared/time_comparison/get_comparison_options';
+import { ApmServicesTable } from './service_list/apm_services_table';
+import { orderServiceItems } from './service_list/order_service_items';
+
+type MainStatisticsApiResponse = APIReturnType<'GET /internal/apm/services'>;
+
+const INITIAL_PAGE_SIZE = 25;
+const INITIAL_DATA: MainStatisticsApiResponse & { requestId: string } = {
+  requestId: '',
+  items: [],
+  serviceOverflowCount: 0,
+  maxCountExceeded: false,
+};
+
+function useServicesMainStatisticsFetcher(searchQuery: string | undefined) {
+  const {
+    query: {
+      rangeFrom,
+      rangeTo,
+      environment,
+      kuery,
+      serviceGroup,
+      page = 0,
+      pageSize = INITIAL_PAGE_SIZE,
+      sortDirection,
+      sortField,
+    },
+  } = useApmParams('/services');
+
+  const { start, end } = useTimeRange({ rangeFrom, rangeTo });
+
+  const preferred = usePreferredDataSourceAndBucketSize({
+    start,
+    end,
+    kuery,
+    type: ApmDocumentType.ServiceTransactionMetric,
+    numBuckets: 20,
+  });
+
+  const shouldUseDurationSummary = !!preferred?.source?.hasDurationSummaryField;
+
+  const { data = INITIAL_DATA, status } = useProgressiveFetcher(
+    (callApmApi) => {
+      if (preferred) {
+        return callApmApi('GET /internal/apm/services', {
+          params: {
+            query: {
+              environment,
+              kuery,
+              start,
+              end,
+              serviceGroup,
+              useDurationSummary: shouldUseDurationSummary,
+              documentType: preferred.source.documentType,
+              rollupInterval: preferred.source.rollupInterval,
+              searchQuery,
+            },
+          },
+        }).then((mainStatisticsData) => {
+          return {
+            requestId: uuidv4(),
+            ...mainStatisticsData,
+          };
+        });
+      }
+    },
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [
+      environment,
+      kuery,
+      start,
+      end,
+      serviceGroup,
+      preferred,
+      searchQuery,
+      // not used, but needed to update the requestId to call the details statistics API when table options are updated
+      page,
+      pageSize,
+      sortField,
+      sortDirection,
+    ]
+  );
+
+  return { mainStatisticsData: data, mainStatisticsStatus: status };
+}
+
+function useServicesDetailedStatisticsFetcher({
+  mainStatisticsFetch,
+  renderedItems,
+}: {
+  mainStatisticsFetch: ReturnType<typeof useServicesMainStatisticsFetcher>;
+  renderedItems: ServiceListItem[];
+}) {
+  const {
+    query: { rangeFrom, rangeTo, environment, kuery, offset, comparisonEnabled },
+  } = useApmParams('/services');
+
+  const { start, end } = useTimeRange({ rangeFrom, rangeTo });
+
+  const dataSourceOptions = usePreferredDataSourceAndBucketSize({
+    start,
+    end,
+    kuery,
+    type: ApmDocumentType.ServiceTransactionMetric,
+    numBuckets: 20,
+  });
+
+  const { mainStatisticsData, mainStatisticsStatus } = mainStatisticsFetch;
+
+  const comparisonFetch = useProgressiveFetcher(
+    (callApmApi) => {
+      const serviceNames = renderedItems.map(({ serviceName }) => serviceName);
+
+      if (
+        start &&
+        end &&
+        serviceNames.length > 0 &&
+        mainStatisticsStatus === FETCH_STATUS.SUCCESS &&
+        dataSourceOptions
+      ) {
+        return callApmApi('POST /internal/apm/services/detailed_statistics', {
+          params: {
+            query: {
+              environment,
+              kuery,
+              start,
+              end,
+              offset: comparisonEnabled && isTimeComparison(offset) ? offset : undefined,
+              documentType: dataSourceOptions.source.documentType,
+              rollupInterval: dataSourceOptions.source.rollupInterval,
+              bucketSizeInSeconds: dataSourceOptions.bucketSizeInSeconds,
+            },
+            body: {
+              // Service name is sorted to guarantee the same order every time this API is called so the result can be cached.
+              serviceNames: JSON.stringify(serviceNames.sort()),
+            },
+          },
+        });
+      }
+    },
+    // only fetches detailed statistics when requestId is invalidated by main statistics api call or offset is changed
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [mainStatisticsData.requestId, renderedItems, offset, comparisonEnabled],
+    { preservePreviousData: false }
+  );
+
+  return { comparisonFetch };
+}
+
+export function ApmServiceInventory() {
+  const [debouncedSearchQuery, setDebouncedSearchQuery] = useStateDebounced('');
+  const { onPageReady } = usePerformanceContext();
+
+  const [renderedItems, setRenderedItems] = useState<ServiceListItem[]>([]);
+
+  const mainStatisticsFetch = useServicesMainStatisticsFetcher(debouncedSearchQuery);
+  const { mainStatisticsData, mainStatisticsStatus } = mainStatisticsFetch;
+
+  const displayHealthStatus = mainStatisticsData.items.some((item) => 'healthStatus' in item);
+
+  const serviceOverflowCount = mainStatisticsData?.serviceOverflowCount ?? 0;
+
+  const displayAlerts = mainStatisticsData.items.some(
+    (item) => ServiceInventoryFieldName.AlertsCount in item
+  );
+
+  const tiebreakerField = ServiceInventoryFieldName.Throughput;
+
+  const initialSortField = displayHealthStatus
+    ? ServiceInventoryFieldName.HealthStatus
+    : tiebreakerField;
+
+  const initialSortDirection = 'desc';
+
+  const { comparisonFetch } = useServicesDetailedStatisticsFetcher({
+    mainStatisticsFetch,
+    renderedItems,
+  });
+
+  const { anomalyDetectionSetupState } = useAnomalyDetectionJobsContext();
+
+  const [userHasDismissedCallout, setUserHasDismissedCallout] = useLocalStorage(
+    `apm.userHasDismissedServiceInventoryMlCallout.${anomalyDetectionSetupState}`,
+    false
+  );
+
+  const displayMlCallout =
+    !userHasDismissedCallout && shouldDisplayMlCallout(anomalyDetectionSetupState);
+
+  const noItemsMessage = useMemo(() => {
+    return (
+      <EuiEmptyPrompt
+        title={
+          <div>
+            {i18n.translate('xpack.apm.servicesTable.notFoundLabel', {
+              defaultMessage: 'No services found',
+            })}
+          </div>
+        }
+        titleSize="s"
+      />
+    );
+  }, []);
+
+  const mlCallout = (
+    <EuiFlexItem>
+      <MLCallout
+        isOnSettingsPage={false}
+        anomalyDetectionSetupState={anomalyDetectionSetupState}
+        onDismiss={() => setUserHasDismissedCallout(true)}
+      />
+    </EuiFlexItem>
+  );
+
+  const sortFn: SortFunction<ServiceListItem> = useCallback(
+    (itemsToSort, sortField, sortDirection) => {
+      return orderServiceItems({
+        items: itemsToSort,
+        primarySortField: sortField,
+        sortDirection,
+        tiebreakerField,
+      });
+    },
+    [tiebreakerField]
+  );
+
+  // TODO verify this with AI team
+  const setScreenContext = useApmPluginContext().observabilityAIAssistant?.service.setScreenContext;
+
+  useEffect(() => {
+    if (!setScreenContext) {
+      return;
+    }
+
+    if (isFailure(mainStatisticsStatus)) {
+      return setScreenContext({
+        screenDescription: 'The services have failed to load',
+      });
+    }
+
+    if (isPending(mainStatisticsStatus)) {
+      return setScreenContext({
+        screenDescription: 'The services are still loading',
+      });
+    }
+
+    return setScreenContext({
+      data: [
+        {
+          name: 'services',
+          description: 'The list of services that the user is looking at',
+          value: mainStatisticsData.items,
+        },
+      ],
+    });
+  }, [mainStatisticsStatus, mainStatisticsData.items, setScreenContext]);
+
+  useEffect(() => {
+    if (
+      mainStatisticsStatus === FETCH_STATUS.SUCCESS &&
+      comparisonFetch.status === FETCH_STATUS.SUCCESS
+    ) {
+      onPageReady();
+    }
+  }, [mainStatisticsStatus, comparisonFetch.status, onPageReady]);
+
+  const { fields, isSaving, saveSingleSetting } = useEditableSettings([
+    apmEnableServiceInventoryTableSearchBar,
+  ]);
+
+  const settingsField = fields[apmEnableServiceInventoryTableSearchBar];
+  const isTableSearchBarEnabled = Boolean(settingsField?.savedValue ?? settingsField?.defaultValue);
+
+  return (
+    <>
+      {/* keep this div as we're collecting telemetry to track the usage of the table fast search vs KQL bar */}
+      <div data-fastSearch={isTableSearchBarEnabled ? 'enabled' : 'disabled'}>
+        <SearchBar showTimeComparison />
+      </div>
+      <EuiFlexGroup direction="column" gutterSize="m">
+        {displayMlCallout && mlCallout}
+        <EuiFlexItem>
+          <ApmServicesTable
+            status={mainStatisticsStatus}
+            items={mainStatisticsData.items}
+            comparisonDataLoading={comparisonFetch.status === FETCH_STATUS.LOADING}
+            displayHealthStatus={displayHealthStatus}
+            displayAlerts={displayAlerts}
+            initialSortField={initialSortField}
+            initialSortDirection={initialSortDirection}
+            sortFn={sortFn}
+            comparisonData={comparisonFetch?.data}
+            noItemsMessage={noItemsMessage}
+            initialPageSize={INITIAL_PAGE_SIZE}
+            serviceOverflowCount={serviceOverflowCount}
+            onChangeSearchQuery={setDebouncedSearchQuery}
+            maxCountExceeded={mainStatisticsData?.maxCountExceeded ?? false}
+            onChangeRenderedItems={setRenderedItems}
+            isTableSearchBarEnabled={isTableSearchBarEnabled}
+            isSavingSetting={isSaving}
+            onChangeTableSearchBarVisibility={() => {
+              saveSingleSetting(apmEnableServiceInventoryTableSearchBar, !isTableSearchBarEnabled);
+            }}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_inventory.stories.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_inventory.stories.tsx
similarity index 74%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_inventory.stories.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_inventory.stories.tsx
index 41b69daf1cdf4..17848c98af8f6 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_inventory.stories.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_inventory.stories.tsx
@@ -8,16 +8,16 @@
 import { CoreStart } from '@kbn/core/public';
 import { Meta, Story } from '@storybook/react';
 import React from 'react';
-import { ServiceInventory } from '.';
-import { AnomalyDetectionSetupState } from '../../../../common/anomaly_detection/get_anomaly_detection_setup_state';
-import { AnomalyDetectionJobsContext } from '../../../context/anomaly_detection_jobs/anomaly_detection_jobs_context';
-import { ApmPluginContextValue } from '../../../context/apm_plugin/apm_plugin_context';
-import { MockApmPluginStorybook } from '../../../context/apm_plugin/mock_apm_plugin_storybook';
-import { FETCH_STATUS } from '../../../hooks/use_fetcher';
+import { ApmServiceInventory } from '.';
+import { AnomalyDetectionSetupState } from '../../../../../common/anomaly_detection/get_anomaly_detection_setup_state';
+import { AnomalyDetectionJobsContext } from '../../../../context/anomaly_detection_jobs/anomaly_detection_jobs_context';
+import { ApmPluginContextValue } from '../../../../context/apm_plugin/apm_plugin_context';
+import { MockApmPluginStorybook } from '../../../../context/apm_plugin/mock_apm_plugin_storybook';
+import { FETCH_STATUS } from '../../../../hooks/use_fetcher';
 
 const stories: Meta<{}> = {
   title: 'app/ServiceInventory',
-  component: ServiceInventory,
+  component: ApmServiceInventory,
   decorators: [
     (StoryComponent) => {
       const coreMock = {
@@ -60,5 +60,5 @@ const stories: Meta<{}> = {
 export default stories;
 
 export const Example: Story<{}> = () => {
-  return <ServiceInventory />;
+  return <ApmServiceInventory />;
 };
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/__fixtures__/service_api_mock_data.ts b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/__fixtures__/service_api_mock_data.ts
similarity index 94%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/__fixtures__/service_api_mock_data.ts
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/__fixtures__/service_api_mock_data.ts
index 7c6f3d85c13cb..7c050a9191283 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/__fixtures__/service_api_mock_data.ts
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/__fixtures__/service_api_mock_data.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { APIReturnType } from '../../../../../services/rest/create_call_apm_api';
+import { APIReturnType } from '../../../../../../services/rest/create_call_apm_api';
 
 type ServiceListAPIResponse = APIReturnType<'GET /internal/apm/services'>;
 
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/apm_services_table.tsx
similarity index 91%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/index.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/apm_services_table.tsx
index 7a01e5d6bc166..50f8a873b6c8c 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/apm_services_table.tsx
@@ -23,38 +23,41 @@ import { ALERT_STATUS_ACTIVE } from '@kbn/rule-data-utils';
 import { TypeOf } from '@kbn/typed-react-router-config';
 import { omit } from 'lodash';
 import React, { useContext, useMemo } from 'react';
-import { ServiceHealthStatus } from '../../../../../common/service_health_status';
+import { ServiceHealthStatus } from '../../../../../../common/service_health_status';
 import {
   ServiceInventoryFieldName,
   ServiceListItem,
-} from '../../../../../common/service_inventory';
-import { isDefaultTransactionType } from '../../../../../common/transaction_types';
+} from '../../../../../../common/service_inventory';
+import { isDefaultTransactionType } from '../../../../../../common/transaction_types';
 import {
   asMillisecondDuration,
   asPercent,
   asTransactionRate,
-} from '../../../../../common/utils/formatters';
-import { KibanaEnvironmentContext } from '../../../../context/kibana_environment_context/kibana_environment_context';
-import { useApmParams } from '../../../../hooks/use_apm_params';
-import { useApmRouter } from '../../../../hooks/use_apm_router';
-import { Breakpoints, useBreakpoints } from '../../../../hooks/use_breakpoints';
-import { useFallbackToTransactionsFetcher } from '../../../../hooks/use_fallback_to_transactions_fetcher';
-import { FETCH_STATUS, isFailure, isPending } from '../../../../hooks/use_fetcher';
-import { APIReturnType } from '../../../../services/rest/create_call_apm_api';
-import { unit } from '../../../../utils/style';
-import { ApmRoutes } from '../../../routing/apm_route_config';
-import { AggregatedTransactionsBadge } from '../../../shared/aggregated_transactions_badge';
-import { ChartType, getTimeSeriesColor } from '../../../shared/charts/helper/get_timeseries_color';
-import { EnvironmentBadge } from '../../../shared/environment_badge';
-import { ServiceLink } from '../../../shared/links/apm/service_link';
-import { ListMetric } from '../../../shared/list_metric';
+} from '../../../../../../common/utils/formatters';
+import { KibanaEnvironmentContext } from '../../../../../context/kibana_environment_context/kibana_environment_context';
+import { useApmParams } from '../../../../../hooks/use_apm_params';
+import { useApmRouter } from '../../../../../hooks/use_apm_router';
+import { Breakpoints, useBreakpoints } from '../../../../../hooks/use_breakpoints';
+import { useFallbackToTransactionsFetcher } from '../../../../../hooks/use_fallback_to_transactions_fetcher';
+import { FETCH_STATUS, isFailure, isPending } from '../../../../../hooks/use_fetcher';
+import { APIReturnType } from '../../../../../services/rest/create_call_apm_api';
+import { unit } from '../../../../../utils/style';
+import { ApmRoutes } from '../../../../routing/apm_route_config';
+import { AggregatedTransactionsBadge } from '../../../../shared/aggregated_transactions_badge';
+import {
+  ChartType,
+  getTimeSeriesColor,
+} from '../../../../shared/charts/helper/get_timeseries_color';
+import { EnvironmentBadge } from '../../../../shared/environment_badge';
+import { ServiceLink } from '../../../../shared/links/apm/service_link';
+import { ListMetric } from '../../../../shared/list_metric';
 import {
   ITableColumn,
   ManagedTable,
   SortFunction,
   TableSearchBar,
-} from '../../../shared/managed_table';
-import { TryItButton } from '../../../shared/try_it_button';
+} from '../../../../shared/managed_table';
+import { TryItButton } from '../../../../shared/try_it_button';
 import { HealthBadge } from './health_badge';
 import { ColumnHeaderWithTooltip } from './column_header_with_tooltip';
 
@@ -307,7 +310,7 @@ interface Props {
   isSavingSetting: boolean;
   onChangeTableSearchBarVisibility: () => void;
 }
-export function ServiceList({
+export function ApmServicesTable({
   status,
   items,
   noItemsMessage,
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/column_header_with_tooltip.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/column_header_with_tooltip.tsx
similarity index 100%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/column_header_with_tooltip.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/column_header_with_tooltip.tsx
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/health_badge.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/health_badge.tsx
similarity index 85%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/health_badge.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/health_badge.tsx
index aa4299006cc48..0a6d6398866f1 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/health_badge.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/health_badge.tsx
@@ -11,8 +11,8 @@ import {
   getServiceHealthStatusBadgeColor,
   getServiceHealthStatusLabel,
   ServiceHealthStatus,
-} from '../../../../../common/service_health_status';
-import { useTheme } from '../../../../hooks/use_theme';
+} from '../../../../../../common/service_health_status';
+import { useTheme } from '../../../../../hooks/use_theme';
 
 export function HealthBadge({ healthStatus }: { healthStatus: ServiceHealthStatus }) {
   const theme = useTheme();
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.test.ts b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.test.ts
similarity index 97%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.test.ts
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.test.ts
index 1b74d4d897df4..1308c3bf99a0c 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.test.ts
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.test.ts
@@ -4,8 +4,8 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ServiceHealthStatus } from '../../../../../common/service_health_status';
-import { ServiceInventoryFieldName } from '../../../../../common/service_inventory';
+import { ServiceHealthStatus } from '../../../../../../common/service_health_status';
+import { ServiceInventoryFieldName } from '../../../../../../common/service_inventory';
 import { orderServiceItems } from './order_service_items';
 
 describe('orderServiceItems', () => {
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.ts b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.ts
similarity index 94%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.ts
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.ts
index 85d2b9678f061..4a4e756492d79 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/order_service_items.ts
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/order_service_items.ts
@@ -5,11 +5,11 @@
  * 2.0.
  */
 import { orderBy } from 'lodash';
-import { ServiceHealthStatus } from '../../../../../common/service_health_status';
+import { ServiceHealthStatus } from '../../../../../../common/service_health_status';
 import {
   ServiceListItem,
   ServiceInventoryFieldName,
-} from '../../../../../common/service_inventory';
+} from '../../../../../../common/service_inventory';
 
 type SortValueGetter = (item: ServiceListItem) => string | number;
 
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.stories.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.stories.tsx
similarity index 74%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.stories.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.stories.tsx
index 6b2f8abd52d74..9be7faa2f3671 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.stories.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.stories.tsx
@@ -8,16 +8,16 @@
 import { CoreStart } from '@kbn/core/public';
 import { Meta, Story } from '@storybook/react';
 import React, { ComponentProps } from 'react';
-import { FETCH_STATUS } from '../../../../hooks/use_fetcher';
-import { ServiceList } from '.';
-import { ServiceHealthStatus } from '../../../../../common/service_health_status';
-import { ServiceInventoryFieldName } from '../../../../../common/service_inventory';
-import type { ApmPluginContextValue } from '../../../../context/apm_plugin/apm_plugin_context';
-import { MockApmPluginStorybook } from '../../../../context/apm_plugin/mock_apm_plugin_storybook';
-import { mockApmApiCallResponse } from '../../../../services/rest/call_apm_api_spy';
+import { FETCH_STATUS } from '../../../../../hooks/use_fetcher';
+import { ApmServicesTable } from './apm_services_table';
+import { ServiceHealthStatus } from '../../../../../../common/service_health_status';
+import { ServiceInventoryFieldName } from '../../../../../../common/service_inventory';
+import type { ApmPluginContextValue } from '../../../../../context/apm_plugin/apm_plugin_context';
+import { MockApmPluginStorybook } from '../../../../../context/apm_plugin/mock_apm_plugin_storybook';
+import { mockApmApiCallResponse } from '../../../../../services/rest/call_apm_api_spy';
 import { items, overflowItems } from './__fixtures__/service_api_mock_data';
 
-type Args = ComponentProps<typeof ServiceList>;
+type Args = ComponentProps<typeof ApmServicesTable>;
 
 const coreMock = {
   http: {
@@ -29,7 +29,7 @@ const coreMock = {
 
 const stories: Meta<Args> = {
   title: 'app/ServiceInventory/ServiceList',
-  component: ServiceList,
+  component: ApmServicesTable,
   decorators: [
     (StoryComponent) => {
       mockApmApiCallResponse('GET /internal/apm/fallback_to_transactions', () => ({
@@ -49,7 +49,7 @@ const stories: Meta<Args> = {
 export default stories;
 
 export const ServiceListWithItems: Story<Args> = (args) => {
-  return <ServiceList {...args} />;
+  return <ApmServicesTable {...args} />;
 };
 ServiceListWithItems.args = {
   status: FETCH_STATUS.SUCCESS,
@@ -62,7 +62,7 @@ ServiceListWithItems.args = {
 };
 
 export const ServiceListEmptyState: Story<Args> = (args) => {
-  return <ServiceList {...args} />;
+  return <ApmServicesTable {...args} />;
 };
 ServiceListEmptyState.args = {
   status: FETCH_STATUS.SUCCESS,
@@ -75,7 +75,7 @@ ServiceListEmptyState.args = {
 };
 
 export const WithHealthWarnings: Story<Args> = (args) => {
-  return <ServiceList {...args} />;
+  return <ApmServicesTable {...args} />;
 };
 WithHealthWarnings.args = {
   status: FETCH_STATUS.SUCCESS,
@@ -88,7 +88,7 @@ WithHealthWarnings.args = {
 };
 
 export const ServiceListWithOverflowBucket: Story<Args> = (args) => {
-  return <ServiceList {...args} />;
+  return <ApmServicesTable {...args} />;
 };
 
 ServiceListWithOverflowBucket.args = {
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.test.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.test.tsx
similarity index 96%
rename from x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.test.tsx
rename to x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.test.tsx
index 9405d3868477b..ccf028aa25478 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/service_list/service_list.test.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/apm_signal_inventory/service_list/service_list.test.tsx
@@ -8,11 +8,11 @@
 import { composeStories } from '@storybook/testing-react';
 import { render, screen } from '@testing-library/react';
 import React from 'react';
-import { getServiceColumns } from '.';
-import { ENVIRONMENT_ALL } from '../../../../../common/environment_filter_values';
-import { Breakpoints } from '../../../../hooks/use_breakpoints';
-import { apmRouter } from '../../../routing/apm_route_config';
-import * as timeSeriesColor from '../../../shared/charts/helper/get_timeseries_color';
+import { getServiceColumns } from './apm_services_table';
+import { ENVIRONMENT_ALL } from '../../../../../../common/environment_filter_values';
+import { Breakpoints } from '../../../../../hooks/use_breakpoints';
+import { apmRouter } from '../../../../routing/apm_route_config';
+import * as timeSeriesColor from '../../../../shared/charts/helper/get_timeseries_color';
 import * as stories from './service_list.stories';
 
 const { ServiceListEmptyState, ServiceListWithItems } = composeStories(stories);
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/index.tsx
index f483b42649375..d00dc0a6e2d6a 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/index.tsx
@@ -4,335 +4,25 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
-import { usePerformanceContext } from '@kbn/ebt-tools';
-import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import React, { useCallback, useEffect, useMemo, useState } from 'react';
-import { v4 as uuidv4 } from 'uuid';
-import { apmEnableServiceInventoryTableSearchBar } from '@kbn/observability-plugin/common';
-import { useEditableSettings } from '@kbn/observability-shared-plugin/public';
-import { ApmDocumentType } from '../../../../common/document_type';
-import { ServiceInventoryFieldName, ServiceListItem } from '../../../../common/service_inventory';
-import { useAnomalyDetectionJobsContext } from '../../../context/anomaly_detection_jobs/use_anomaly_detection_jobs_context';
+import React from 'react';
+import { isEmpty } from 'lodash';
+import { apmEnableMultiSignal } from '@kbn/observability-plugin/common';
 import { useApmPluginContext } from '../../../context/apm_plugin/use_apm_plugin_context';
+import { ApmServiceInventory } from './apm_signal_inventory';
+import { MultiSignalInventory } from './multi_signal_inventory';
 import { useApmParams } from '../../../hooks/use_apm_params';
-import { useStateDebounced } from '../../../hooks/use_debounce';
-import { FETCH_STATUS, isFailure, isPending } from '../../../hooks/use_fetcher';
-import { useLocalStorage } from '../../../hooks/use_local_storage';
-import { usePreferredDataSourceAndBucketSize } from '../../../hooks/use_preferred_data_source_and_bucket_size';
-import { useProgressiveFetcher } from '../../../hooks/use_progressive_fetcher';
-import { useTimeRange } from '../../../hooks/use_time_range';
-import { APIReturnType } from '../../../services/rest/create_call_apm_api';
-import { SortFunction } from '../../shared/managed_table';
-import { MLCallout, shouldDisplayMlCallout } from '../../shared/ml_callout';
-import { SearchBar } from '../../shared/search_bar/search_bar';
-import { isTimeComparison } from '../../shared/time_comparison/get_comparison_options';
-import { ServiceList } from './service_list';
-import { orderServiceItems } from './service_list/order_service_items';
-
-type MainStatisticsApiResponse = APIReturnType<'GET /internal/apm/services'>;
-
-const INITIAL_PAGE_SIZE = 25;
-const INITIAL_DATA: MainStatisticsApiResponse & { requestId: string } = {
-  requestId: '',
-  items: [],
-  serviceOverflowCount: 0,
-  maxCountExceeded: false,
-};
-
-function useServicesMainStatisticsFetcher(searchQuery: string | undefined) {
-  const {
-    query: {
-      rangeFrom,
-      rangeTo,
-      environment,
-      kuery,
-      serviceGroup,
-      page = 0,
-      pageSize = INITIAL_PAGE_SIZE,
-      sortDirection,
-      sortField,
-    },
-  } = useApmParams('/services');
-
-  const { start, end } = useTimeRange({ rangeFrom, rangeTo });
-
-  const preferred = usePreferredDataSourceAndBucketSize({
-    start,
-    end,
-    kuery,
-    type: ApmDocumentType.ServiceTransactionMetric,
-    numBuckets: 20,
-  });
-
-  const shouldUseDurationSummary = !!preferred?.source?.hasDurationSummaryField;
-
-  const { data = INITIAL_DATA, status } = useProgressiveFetcher(
-    (callApmApi) => {
-      if (preferred) {
-        return callApmApi('GET /internal/apm/services', {
-          params: {
-            query: {
-              environment,
-              kuery,
-              start,
-              end,
-              serviceGroup,
-              useDurationSummary: shouldUseDurationSummary,
-              documentType: preferred.source.documentType,
-              rollupInterval: preferred.source.rollupInterval,
-              searchQuery,
-            },
-          },
-        }).then((mainStatisticsData) => {
-          return {
-            requestId: uuidv4(),
-            ...mainStatisticsData,
-          };
-        });
-      }
-    },
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-    [
-      environment,
-      kuery,
-      start,
-      end,
-      serviceGroup,
-      preferred,
-      searchQuery,
-      // not used, but needed to update the requestId to call the details statistics API when table options are updated
-      page,
-      pageSize,
-      sortField,
-      sortDirection,
-    ]
-  );
 
-  return { mainStatisticsData: data, mainStatisticsStatus: status };
-}
+export const ServiceInventory = () => {
+  const { core } = useApmPluginContext();
+  const isMultiSignalEnabled = core.uiSettings.get<boolean>(apmEnableMultiSignal, false);
 
-function useServicesDetailedStatisticsFetcher({
-  mainStatisticsFetch,
-  renderedItems,
-}: {
-  mainStatisticsFetch: ReturnType<typeof useServicesMainStatisticsFetcher>;
-  renderedItems: ServiceListItem[];
-}) {
   const {
-    query: { rangeFrom, rangeTo, environment, kuery, offset, comparisonEnabled },
+    query: { serviceGroup },
   } = useApmParams('/services');
 
-  const { start, end } = useTimeRange({ rangeFrom, rangeTo });
-
-  const dataSourceOptions = usePreferredDataSourceAndBucketSize({
-    start,
-    end,
-    kuery,
-    type: ApmDocumentType.ServiceTransactionMetric,
-    numBuckets: 20,
-  });
-
-  const { mainStatisticsData, mainStatisticsStatus } = mainStatisticsFetch;
-
-  const comparisonFetch = useProgressiveFetcher(
-    (callApmApi) => {
-      const serviceNames = renderedItems.map(({ serviceName }) => serviceName);
-
-      if (
-        start &&
-        end &&
-        serviceNames.length > 0 &&
-        mainStatisticsStatus === FETCH_STATUS.SUCCESS &&
-        dataSourceOptions
-      ) {
-        return callApmApi('POST /internal/apm/services/detailed_statistics', {
-          params: {
-            query: {
-              environment,
-              kuery,
-              start,
-              end,
-              offset: comparisonEnabled && isTimeComparison(offset) ? offset : undefined,
-              documentType: dataSourceOptions.source.documentType,
-              rollupInterval: dataSourceOptions.source.rollupInterval,
-              bucketSizeInSeconds: dataSourceOptions.bucketSizeInSeconds,
-            },
-            body: {
-              // Service name is sorted to guarantee the same order every time this API is called so the result can be cached.
-              serviceNames: JSON.stringify(serviceNames.sort()),
-            },
-          },
-        });
-      }
-    },
-    // only fetches detailed statistics when requestId is invalidated by main statistics api call or offset is changed
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-    [mainStatisticsData.requestId, renderedItems, offset, comparisonEnabled],
-    { preservePreviousData: false }
-  );
-
-  return { comparisonFetch };
-}
-
-export function ServiceInventory() {
-  const [debouncedSearchQuery, setDebouncedSearchQuery] = useStateDebounced('');
-  const { onPageReady } = usePerformanceContext();
-
-  const [renderedItems, setRenderedItems] = useState<ServiceListItem[]>([]);
-
-  const mainStatisticsFetch = useServicesMainStatisticsFetcher(debouncedSearchQuery);
-  const { mainStatisticsData, mainStatisticsStatus } = mainStatisticsFetch;
-
-  const displayHealthStatus = mainStatisticsData.items.some((item) => 'healthStatus' in item);
-
-  const serviceOverflowCount = mainStatisticsData?.serviceOverflowCount ?? 0;
-
-  const displayAlerts = mainStatisticsData.items.some(
-    (item) => ServiceInventoryFieldName.AlertsCount in item
+  return isMultiSignalEnabled && isEmpty(serviceGroup) ? (
+    <MultiSignalInventory />
+  ) : (
+    <ApmServiceInventory />
   );
-
-  const tiebreakerField = ServiceInventoryFieldName.Throughput;
-
-  const initialSortField = displayHealthStatus
-    ? ServiceInventoryFieldName.HealthStatus
-    : tiebreakerField;
-
-  const initialSortDirection = 'desc';
-
-  const { comparisonFetch } = useServicesDetailedStatisticsFetcher({
-    mainStatisticsFetch,
-    renderedItems,
-  });
-
-  const { anomalyDetectionSetupState } = useAnomalyDetectionJobsContext();
-
-  const [userHasDismissedCallout, setUserHasDismissedCallout] = useLocalStorage(
-    `apm.userHasDismissedServiceInventoryMlCallout.${anomalyDetectionSetupState}`,
-    false
-  );
-
-  const displayMlCallout =
-    !userHasDismissedCallout && shouldDisplayMlCallout(anomalyDetectionSetupState);
-
-  const noItemsMessage = useMemo(() => {
-    return (
-      <EuiEmptyPrompt
-        title={
-          <div>
-            {i18n.translate('xpack.apm.servicesTable.notFoundLabel', {
-              defaultMessage: 'No services found',
-            })}
-          </div>
-        }
-        titleSize="s"
-      />
-    );
-  }, []);
-
-  const mlCallout = (
-    <EuiFlexItem>
-      <MLCallout
-        isOnSettingsPage={false}
-        anomalyDetectionSetupState={anomalyDetectionSetupState}
-        onDismiss={() => setUserHasDismissedCallout(true)}
-      />
-    </EuiFlexItem>
-  );
-
-  const sortFn: SortFunction<ServiceListItem> = useCallback(
-    (itemsToSort, sortField, sortDirection) => {
-      return orderServiceItems({
-        items: itemsToSort,
-        primarySortField: sortField,
-        sortDirection,
-        tiebreakerField,
-      });
-    },
-    [tiebreakerField]
-  );
-
-  const setScreenContext = useApmPluginContext().observabilityAIAssistant?.service.setScreenContext;
-
-  useEffect(() => {
-    if (!setScreenContext) {
-      return;
-    }
-
-    if (isFailure(mainStatisticsStatus)) {
-      return setScreenContext({
-        screenDescription: 'The services have failed to load',
-      });
-    }
-
-    if (isPending(mainStatisticsStatus)) {
-      return setScreenContext({
-        screenDescription: 'The services are still loading',
-      });
-    }
-
-    return setScreenContext({
-      data: [
-        {
-          name: 'services',
-          description: 'The list of services that the user is looking at',
-          value: mainStatisticsData.items,
-        },
-      ],
-    });
-  }, [mainStatisticsStatus, mainStatisticsData.items, setScreenContext]);
-
-  useEffect(() => {
-    if (
-      mainStatisticsStatus === FETCH_STATUS.SUCCESS &&
-      comparisonFetch.status === FETCH_STATUS.SUCCESS
-    ) {
-      onPageReady();
-    }
-  }, [mainStatisticsStatus, comparisonFetch.status, onPageReady]);
-
-  const { fields, isSaving, saveSingleSetting } = useEditableSettings([
-    apmEnableServiceInventoryTableSearchBar,
-  ]);
-
-  const settingsField = fields[apmEnableServiceInventoryTableSearchBar];
-  const isTableSearchBarEnabled =
-    Boolean(settingsField?.savedValue ?? settingsField?.defaultValue) ?? false;
-
-  return (
-    <>
-      {/* keep this div as we're collecting telemetry to track the usage of the table fast search vs KQL bar */}
-      <div data-fastSearch={isTableSearchBarEnabled ? 'enabled' : 'disabled'}>
-        <SearchBar showTimeComparison />
-      </div>
-      <EuiFlexGroup direction="column" gutterSize="m">
-        {displayMlCallout && mlCallout}
-        <EuiFlexItem>
-          <ServiceList
-            status={mainStatisticsStatus}
-            items={mainStatisticsData.items}
-            comparisonDataLoading={comparisonFetch.status === FETCH_STATUS.LOADING}
-            displayHealthStatus={displayHealthStatus}
-            displayAlerts={displayAlerts}
-            initialSortField={initialSortField}
-            initialSortDirection={initialSortDirection}
-            sortFn={sortFn}
-            comparisonData={comparisonFetch?.data}
-            noItemsMessage={noItemsMessage}
-            initialPageSize={INITIAL_PAGE_SIZE}
-            serviceOverflowCount={serviceOverflowCount}
-            onChangeSearchQuery={setDebouncedSearchQuery}
-            maxCountExceeded={mainStatisticsData?.maxCountExceeded ?? false}
-            onChangeRenderedItems={setRenderedItems}
-            isTableSearchBarEnabled={isTableSearchBarEnabled}
-            isSavingSetting={isSaving}
-            onChangeTableSearchBarVisibility={() => {
-              saveSingleSetting(apmEnableServiceInventoryTableSearchBar, !isTableSearchBarEnabled);
-            }}
-          />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-    </>
-  );
-}
+};
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/index.tsx
new file mode 100644
index 0000000000000..af2282ea19219
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/index.tsx
@@ -0,0 +1,125 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EuiFlexItem, EuiFlexGroup } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import React from 'react';
+import { v4 as uuidv4 } from 'uuid';
+import { APIReturnType } from '../../../../services/rest/create_call_apm_api';
+import { useApmParams } from '../../../../hooks/use_apm_params';
+import { useFetcher } from '../../../../hooks/use_fetcher';
+import { useTimeRange } from '../../../../hooks/use_time_range';
+import { EmptyMessage } from '../../../shared/empty_message';
+import { SearchBar } from '../../../shared/search_bar/search_bar';
+import {
+  getItemsFilteredBySearchQuery,
+  TableSearchBar,
+} from '../../../shared/table_search_bar/table_search_bar';
+import {
+  MultiSignalServicesTable,
+  ServiceInventoryFieldName,
+} from './table/multi_signal_services_table';
+
+type MainStatisticsApiResponse = APIReturnType<'GET /internal/apm/entities/services'>;
+
+const INITIAL_PAGE_SIZE = 25;
+const INITIAL_SORT_DIRECTION = 'desc';
+
+const INITIAL_DATA: MainStatisticsApiResponse & { requestId: string } = {
+  services: [],
+  requestId: '',
+};
+
+function useServicesEntitiesMainStatisticsFetcher() {
+  const {
+    query: {
+      rangeFrom,
+      rangeTo,
+      environment,
+      kuery,
+      page = 0,
+      pageSize = INITIAL_PAGE_SIZE,
+      sortDirection,
+      sortField,
+    },
+  } = useApmParams('/services');
+
+  const { start, end } = useTimeRange({ rangeFrom, rangeTo });
+
+  const { data = INITIAL_DATA, status } = useFetcher(
+    (callApmApi) => {
+      return callApmApi('GET /internal/apm/entities/services', {
+        params: {
+          query: {
+            environment,
+            kuery,
+            start,
+            end,
+          },
+        },
+      }).then((mainStatisticsData) => {
+        return {
+          requestId: uuidv4(),
+          ...mainStatisticsData,
+        };
+      });
+    },
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [environment, kuery, start, end, page, pageSize, sortField, sortDirection]
+  );
+
+  return { mainStatisticsData: data, mainStatisticsStatus: status };
+}
+
+export const MultiSignalInventory = () => {
+  const [searchQuery, setSearchQuery] = React.useState('');
+  const { mainStatisticsData, mainStatisticsStatus } = useServicesEntitiesMainStatisticsFetcher();
+
+  const initialSortField = ServiceInventoryFieldName.Throughput;
+
+  const filteredData = getItemsFilteredBySearchQuery({
+    items: mainStatisticsData.services,
+    searchQuery,
+    fieldsToSearch: [ServiceInventoryFieldName.ServiceName],
+  });
+
+  return (
+    <>
+      <EuiFlexGroup gutterSize="m">
+        <EuiFlexItem grow>
+          <TableSearchBar
+            placeholder={i18n.translate('xpack.apm.servicesTable.filterServicesPlaceholder', {
+              defaultMessage: 'Search services by name',
+            })}
+            searchQuery={searchQuery}
+            onChangeSearchQuery={setSearchQuery}
+          />
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <SearchBar showQueryInput={false} />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiFlexGroup direction="column" gutterSize="m">
+        <EuiFlexItem>
+          <MultiSignalServicesTable
+            status={mainStatisticsStatus}
+            data={filteredData}
+            initialSortField={initialSortField}
+            initialPageSize={INITIAL_PAGE_SIZE}
+            initialSortDirection={INITIAL_SORT_DIRECTION}
+            noItemsMessage={
+              <EmptyMessage
+                heading={i18n.translate('xpack.apm.servicesTable.notFoundLabel', {
+                  defaultMessage: 'No services found',
+                })}
+              />
+            }
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+};
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/get_service_columns.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/get_service_columns.tsx
new file mode 100644
index 0000000000000..349fc043c6f16
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/get_service_columns.tsx
@@ -0,0 +1,186 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFlexGroup, EuiFlexItem, RIGHT_ALIGNMENT } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { TypeOf } from '@kbn/typed-react-router-config';
+import React from 'react';
+import {
+  asDecimalOrInteger,
+  asMillisecondDuration,
+  asPercent,
+  asTransactionRate,
+} from '../../../../../../common/utils/formatters';
+import { Breakpoints } from '../../../../../hooks/use_breakpoints';
+import { unit } from '../../../../../utils/style';
+import { ApmRoutes } from '../../../../routing/apm_route_config';
+import {
+  getTimeSeriesColor,
+  ChartType,
+} from '../../../../shared/charts/helper/get_timeseries_color';
+import { EnvironmentBadge } from '../../../../shared/environment_badge';
+import { ServiceLink } from '../../../../shared/links/apm/service_link';
+import { ListMetric } from '../../../../shared/list_metric';
+import { ITableColumn } from '../../../../shared/managed_table';
+import { NotAvailableApmMetrics } from '../../../../shared/not_available_apm_metrics';
+import { TruncateWithTooltip } from '../../../../shared/truncate_with_tooltip';
+import { ServiceInventoryFieldName } from './multi_signal_services_table';
+import { EntityServiceListItem, SignalTypes } from '../../../../../../common/entities/types';
+export function getServiceColumns({
+  query,
+  breakpoints,
+  link,
+}: {
+  query: TypeOf<ApmRoutes, '/services'>['query'];
+  breakpoints: Breakpoints;
+  link: any;
+}): Array<ITableColumn<EntityServiceListItem>> {
+  return [
+    {
+      field: ServiceInventoryFieldName.ServiceName,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.nameColumnLabel', {
+        defaultMessage: 'Name',
+      }),
+      sortable: true,
+      render: (_, { serviceName, agentName }) => (
+        <TruncateWithTooltip
+          data-test-subj="apmServiceListAppLink"
+          text={serviceName}
+          content={
+            <EuiFlexGroup gutterSize="s" justifyContent="flexStart">
+              <EuiFlexItem grow={false}>
+                <ServiceLink serviceName={serviceName} agentName={agentName} query={query} />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          }
+        />
+      ),
+    },
+    {
+      field: ServiceInventoryFieldName.Environments,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.environmentColumnLabel', {
+        defaultMessage: 'Environment',
+      }),
+      sortable: true,
+      width: `${unit * 9}px`,
+      dataType: 'number',
+      render: (_, { environments }) => <EnvironmentBadge environments={environments} />,
+      align: RIGHT_ALIGNMENT,
+    },
+    {
+      field: ServiceInventoryFieldName.Latency,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.latencyAvgColumnLabel', {
+        defaultMessage: 'Latency (avg.)',
+      }),
+      sortable: true,
+      dataType: 'number',
+      align: RIGHT_ALIGNMENT,
+      render: (_, { metrics, signalTypes }) => {
+        const { currentPeriodColor } = getTimeSeriesColor(ChartType.LATENCY_AVG);
+
+        return !signalTypes.includes(SignalTypes.METRICS) ? (
+          <NotAvailableApmMetrics />
+        ) : (
+          <ListMetric
+            isLoading={false}
+            color={currentPeriodColor}
+            hideSeries
+            valueLabel={asMillisecondDuration(metrics.latency)}
+          />
+        );
+      },
+    },
+    {
+      field: ServiceInventoryFieldName.Throughput,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.throughputColumnLabel', {
+        defaultMessage: 'Throughput',
+      }),
+      sortable: true,
+      dataType: 'number',
+      align: RIGHT_ALIGNMENT,
+      render: (_, { metrics, signalTypes }) => {
+        const { currentPeriodColor } = getTimeSeriesColor(ChartType.THROUGHPUT);
+
+        return !signalTypes.includes(SignalTypes.METRICS) ? (
+          <NotAvailableApmMetrics />
+        ) : (
+          <ListMetric
+            isLoading={false}
+            color={currentPeriodColor}
+            hideSeries
+            valueLabel={asTransactionRate(metrics.throughput)}
+          />
+        );
+      },
+    },
+    {
+      field: ServiceInventoryFieldName.FailedTransactionRate,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.transactionErrorRate', {
+        defaultMessage: 'Failed transaction rate',
+      }),
+      sortable: true,
+      dataType: 'number',
+      align: RIGHT_ALIGNMENT,
+      render: (_, { metrics, signalTypes }) => {
+        const { currentPeriodColor } = getTimeSeriesColor(ChartType.FAILED_TRANSACTION_RATE);
+
+        return !signalTypes.includes(SignalTypes.METRICS) ? (
+          <NotAvailableApmMetrics />
+        ) : (
+          <ListMetric
+            isLoading={false}
+            color={currentPeriodColor}
+            hideSeries
+            valueLabel={asPercent(metrics.failedTransactionRate, 1)}
+          />
+        );
+      },
+    },
+    {
+      field: ServiceInventoryFieldName.LogRatePerMinute,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.logRatePerMinute', {
+        defaultMessage: 'Log rate (per min.)',
+      }),
+      sortable: true,
+      dataType: 'number',
+      align: RIGHT_ALIGNMENT,
+      render: (_, { metrics }) => {
+        const { currentPeriodColor } = getTimeSeriesColor(ChartType.LOG_RATE);
+
+        return (
+          <ListMetric
+            isLoading={false}
+            color={currentPeriodColor}
+            hideSeries
+            valueLabel={asDecimalOrInteger(metrics.logRatePerMinute)}
+          />
+        );
+      },
+    },
+    {
+      field: ServiceInventoryFieldName.LogErrorRate,
+      name: i18n.translate('xpack.apm.multiSignal.servicesTable.logErrorRate', {
+        defaultMessage: 'Log error rate',
+      }),
+      sortable: true,
+      dataType: 'number',
+      align: RIGHT_ALIGNMENT,
+      render: (_, { metrics }) => {
+        const { currentPeriodColor } = getTimeSeriesColor(ChartType.LOG_ERROR_RATE);
+
+        return (
+          <ListMetric
+            isLoading={false}
+            color={currentPeriodColor}
+            hideSeries
+            valueLabel={asPercent(metrics.logErrorRate, 1)}
+          />
+        );
+      },
+    },
+  ];
+}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/multi_signal_services_table.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/multi_signal_services_table.tsx
new file mode 100644
index 0000000000000..deffe7a1de5ba
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_inventory/multi_signal_inventory/table/multi_signal_services_table.tsx
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import { omit } from 'lodash';
+import React, { useMemo } from 'react';
+import { useApmParams } from '../../../../../hooks/use_apm_params';
+import { useApmRouter } from '../../../../../hooks/use_apm_router';
+import { useBreakpoints } from '../../../../../hooks/use_breakpoints';
+import { FETCH_STATUS, isFailure, isPending } from '../../../../../hooks/use_fetcher';
+import { APIReturnType } from '../../../../../services/rest/create_call_apm_api';
+import { ManagedTable } from '../../../../shared/managed_table';
+import { getServiceColumns } from './get_service_columns';
+
+type MainStatisticsApiResponse = APIReturnType<'GET /internal/apm/entities/services'>;
+
+export enum ServiceInventoryFieldName {
+  ServiceName = 'serviceName',
+  Environments = 'environments',
+  Throughput = 'metrics.throughput',
+  Latency = 'metrics.latency',
+  FailedTransactionRate = 'metrics.failedTransactionRate',
+  LogRatePerMinute = 'metrics.logRatePerMinute',
+  LogErrorRate = 'metrics.logErrorRate',
+}
+
+interface Props {
+  status: FETCH_STATUS;
+  initialSortField: ServiceInventoryFieldName;
+  initialPageSize: number;
+  initialSortDirection: 'asc' | 'desc';
+  noItemsMessage: React.ReactNode;
+  data: MainStatisticsApiResponse['services'];
+}
+
+export function MultiSignalServicesTable({
+  status,
+  data,
+  initialSortField,
+  initialPageSize,
+  initialSortDirection,
+  noItemsMessage,
+}: Props) {
+  const breakpoints = useBreakpoints();
+  const { query } = useApmParams('/services');
+  const { link } = useApmRouter();
+
+  const serviceColumns = useMemo(() => {
+    return getServiceColumns({
+      // removes pagination and sort instructions from the query so it won't be passed down to next route
+      query: omit(query, 'page', 'pageSize', 'sortDirection', 'sortField'),
+      breakpoints,
+      link,
+    });
+  }, [query, link, breakpoints]);
+
+  return (
+    <EuiFlexGroup gutterSize="xs" direction="column" responsive={false}>
+      <EuiFlexItem>
+        <ManagedTable
+          isLoading={isPending(status)}
+          error={isFailure(status)}
+          columns={serviceColumns}
+          items={data}
+          noItemsMessage={noItemsMessage}
+          initialSortField={initialSortField}
+          initialSortDirection={initialSortDirection}
+          initialPageSize={initialPageSize}
+        />
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx
index b2abed890ee35..a66f77909072d 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx
@@ -54,11 +54,15 @@ function getContentsComponent(
     return ResourceContents;
   }
 
-  if (isTraceExplorerEnabled && selectedElementData.source && selectedElementData.target) {
+  if (isTraceExplorerEnabled && selectedElementData.sourceData && selectedElementData.targetData) {
     return EdgeContents;
   }
 
-  return DependencyContents;
+  if (selectedElementData.label) {
+    return DependencyContents;
+  }
+
+  return null;
 }
 
 export interface ContentsProps {
@@ -100,7 +104,6 @@ export function Popover({ focusedServiceName, environment, kuery, start, end }:
   const x = box ? box.x1 + box.w / 2 : -10000;
   const y = box ? box.y1 + box.h / 2 : -10000;
 
-  const isOpen = !!selectedElement;
   const triggerStyle: CSSProperties = {
     background: 'transparent',
     height: renderedHeight,
@@ -177,6 +180,8 @@ export function Popover({ focusedServiceName, environment, kuery, start, end }:
 
   const ContentsComponent = getContentsComponent(selectedElementData, isTraceExplorerEnabled);
 
+  const isOpen = !!selectedElement && !!ContentsComponent;
+
   return (
     <EuiPopover
       anchorPosition={'upCenter'}
@@ -205,14 +210,16 @@ export function Popover({ focusedServiceName, environment, kuery, start, end }:
           </EuiTitle>
           <EuiHorizontalRule margin="xs" />
         </EuiFlexItem>
-        <ContentsComponent
-          onFocusClick={onFocusClick}
-          elementData={selectedElementData}
-          environment={environment}
-          kuery={kuery}
-          start={start}
-          end={end}
-        />
+        {ContentsComponent && (
+          <ContentsComponent
+            onFocusClick={onFocusClick}
+            elementData={selectedElementData}
+            environment={environment}
+            kuery={kuery}
+            start={start}
+            end={end}
+          />
+        )}
       </EuiFlexGroup>
     </EuiPopover>
   );
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx
index 296f66a51e98b..2ccf0d64b41a1 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx
@@ -8,7 +8,7 @@ import { Meta, Story } from '@storybook/react';
 import React, { ComponentProps } from 'react';
 import { CoreStart } from '@kbn/core/public';
 import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public';
-import { ApiKey } from '@kbn/security-plugin/common/model';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import type { ApmPluginContextValue } from '../../../../context/apm_plugin/apm_plugin_context';
 import { MockApmPluginContextWrapper } from '../../../../context/apm_plugin/mock_apm_plugin_context';
 import { AgentKeysTable } from './agent_keys_table';
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx
index 3fe05455307d0..142ffbd905637 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx
@@ -8,7 +8,7 @@
 import React, { useState } from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiInMemoryTable, EuiBasicTableColumn, EuiInMemoryTableProps } from '@elastic/eui';
-import { ApiKey } from '@kbn/security-plugin/common/model';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import { TimestampTooltip } from '../../../shared/timestamp_tooltip';
 import { ConfirmDeleteModal } from './confirm_delete_modal';
 
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx
index 5974acdcb35e2..da7f39d5ad7d7 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx
@@ -8,7 +8,7 @@
 import React, { useState } from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiConfirmModal } from '@elastic/eui';
-import { ApiKey } from '@kbn/security-plugin/common/model';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context';
 import { callApmApi } from '../../../../services/rest/create_call_apm_api';
 
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx
index 005bc9f33d9f1..960e4cac31663 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx
@@ -17,7 +17,7 @@ import {
   EuiButton,
   EuiLoadingSpinner,
 } from '@elastic/eui';
-import { ApiKey } from '@kbn/security-plugin/common/model';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import { useFetcher, FETCH_STATUS } from '../../../../hooks/use_fetcher';
 import { PermissionDenied } from './prompts/permission_denied';
 import { ApiKeysNotEnabled } from './prompts/api_keys_not_enabled';
diff --git a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/service_group_template.tsx b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/service_group_template.tsx
index 5c5e243047abe..b34de178192d2 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/service_group_template.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/service_group_template.tsx
@@ -12,6 +12,7 @@ import {
   EuiSkeletonTitle,
   EuiIcon,
 } from '@elastic/eui';
+import { apmEnableMultiSignal } from '@kbn/observability-plugin/common';
 import React from 'react';
 import { i18n } from '@kbn/i18n';
 import type { KibanaPageTemplateProps } from '@kbn/shared-ux-page-kibana-template';
@@ -20,6 +21,8 @@ import { useApmRouter } from '../../../hooks/use_apm_router';
 import { useAnyOfApmParams } from '../../../hooks/use_apm_params';
 import { ApmMainTemplate } from './apm_main_template';
 import { useBreadcrumb } from '../../../context/breadcrumbs/use_breadcrumb';
+import { useApmPluginContext } from '../../../context/apm_plugin/use_apm_plugin_context';
+import { TechnicalPreviewBadge } from '../../shared/technical_preview_badge';
 
 export function ServiceGroupTemplate({
   pageTitle,
@@ -149,13 +152,26 @@ type ServiceGroupContextTab = NonNullable<EuiPageHeaderProps['tabs']>[0] & {
 function useTabs(selectedTab: ServiceGroupContextTab['key']) {
   const router = useApmRouter();
   const { query } = useAnyOfApmParams('/services', '/service-map');
+  const { core } = useApmPluginContext();
+  const isMultiSignalEnabled = core.uiSettings.get<boolean>(apmEnableMultiSignal, false);
 
   const tabs: ServiceGroupContextTab[] = [
     {
       key: 'service-inventory',
-      label: i18n.translate('xpack.apm.serviceGroup.serviceInventory', {
-        defaultMessage: 'Inventory',
-      }),
+      label: (
+        <EuiFlexGroup justifyContent="flexStart" alignItems="baseline" gutterSize="s">
+          <EuiFlexItem grow={false}>
+            {i18n.translate('xpack.apm.serviceGroup.serviceInventory', {
+              defaultMessage: 'Inventory',
+            })}
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            {isMultiSignalEnabled && (
+              <TechnicalPreviewBadge icon="beaker" style={{ verticalAlign: 'middle' }} />
+            )}
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      ),
       href: router.link('/services', { query }),
     },
     {
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/charts/helper/get_timeseries_color.ts b/x-pack/plugins/observability_solution/apm/public/components/shared/charts/helper/get_timeseries_color.ts
index 0ab27b607f099..10a36374ce837 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/shared/charts/helper/get_timeseries_color.ts
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/charts/helper/get_timeseries_color.ts
@@ -18,6 +18,8 @@ export enum ChartType {
   SESSIONS,
   HTTP_REQUESTS,
   ERROR_OCCURRENCES,
+  LOG_ERROR_RATE,
+  LOG_RATE,
 }
 
 const palette = euiPaletteColorBlind({ rotations: 2 });
@@ -66,6 +68,14 @@ const timeSeriesColorMap: Record<
     currentPeriodColor: palette[3],
     previousPeriodColor: palette[13],
   },
+  [ChartType.LOG_RATE]: {
+    currentPeriodColor: palette[6],
+    previousPeriodColor: palette[16],
+  },
+  [ChartType.LOG_ERROR_RATE]: {
+    currentPeriodColor: palette[3],
+    previousPeriodColor: palette[13],
+  },
 };
 
 export function getTimeSeriesColor(chartType: ChartType) {
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/dependencies_table/get_span_metric_columns.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/dependencies_table/get_span_metric_columns.tsx
index 85625aaebfaf9..567b635f1eb42 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/shared/dependencies_table/get_span_metric_columns.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/dependencies_table/get_span_metric_columns.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 import React from 'react';
-import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiToolTip, RIGHT_ALIGNMENT } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiIconTip, RIGHT_ALIGNMENT } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { ChartType, getTimeSeriesColor } from '../charts/helper/get_timeseries_color';
 import { ListMetric } from '../list_metric';
@@ -107,20 +107,22 @@ export function getSpanMetricColumns({
     {
       field: 'failureRate',
       name: (
-        <EuiToolTip
-          content={i18n.translate('xpack.apm.dependenciesTable.columnErrorRateTip', {
-            defaultMessage:
-              "The percentage of failed transactions for the selected service. HTTP server transactions with a 4xx status code (client error) aren't considered failures because the caller, not the server, caused the failure.",
+        <>
+          {i18n.translate('xpack.apm.dependenciesTable.columnErrorRate', {
+            defaultMessage: 'Failed transaction rate',
           })}
-        >
-          <>
-            {i18n.translate('xpack.apm.dependenciesTable.columnErrorRate', {
-              defaultMessage: 'Failed transaction rate',
+          &nbsp;
+          <EuiIconTip
+            size="s"
+            color="subdued"
+            type="questionInCircle"
+            content={i18n.translate('xpack.apm.dependenciesTable.columnErrorRateTip', {
+              defaultMessage:
+                "The percentage of failed transactions for the selected service. HTTP server transactions with a 4xx status code (client error) aren't considered failures because the caller, not the server, caused the failure.",
             })}
-            &nbsp;
-            <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignCenter" />
-          </>
-        </EuiToolTip>
+            className="eui-alignCenter"
+          />
+        </>
       ),
       align: RIGHT_ALIGNMENT,
       render: (_, { failureRate, currentStats, previousStats }) => {
@@ -146,20 +148,22 @@ export function getSpanMetricColumns({
     {
       field: 'impact',
       name: (
-        <EuiToolTip
-          content={i18n.translate('xpack.apm.dependenciesTable.columnImpactTip', {
-            defaultMessage:
-              'The most used and slowest endpoints in your service. Calculated by multiplying latency by throughput.',
+        <>
+          {i18n.translate('xpack.apm.dependenciesTable.columnImpact', {
+            defaultMessage: 'Impact',
           })}
-        >
-          <>
-            {i18n.translate('xpack.apm.dependenciesTable.columnImpact', {
-              defaultMessage: 'Impact',
+          &nbsp;
+          <EuiIconTip
+            size="s"
+            color="subdued"
+            type="questionInCircle"
+            className="eui-alignCenter"
+            content={i18n.translate('xpack.apm.dependenciesTable.columnImpactTip', {
+              defaultMessage:
+                'The most used and slowest endpoints in your service. Calculated by multiplying latency by throughput.',
             })}
-            &nbsp;
-            <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignCenter" />
-          </>
-        </EuiToolTip>
+          />
+        </>
       ),
       align: RIGHT_ALIGNMENT,
       render: (_, { impact, previousStats }) => {
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/environment_badge/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/environment_badge/index.tsx
index 781c80015b5c5..6863d76908a0f 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/shared/environment_badge/index.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/environment_badge/index.tsx
@@ -8,18 +8,22 @@
 import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { ItemsBadge } from '../item_badge';
+import { NotAvailableEnvironment } from '../not_available_environment';
 
 interface Props {
   environments: string[];
 }
+
 export function EnvironmentBadge({ environments = [] }: Props) {
-  return (
+  return environments && environments.length > 0 ? (
     <ItemsBadge
-      items={environments ?? []}
+      items={environments}
       multipleItemsMessage={i18n.translate('xpack.apm.servicesTable.environmentCount', {
         values: { environmentCount: environments.length },
         defaultMessage: '{environmentCount, plural, one {1 environment} other {# environments}}',
       })}
     />
+  ) : (
+    <NotAvailableEnvironment />
   );
 }
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_apm_metrics.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_apm_metrics.tsx
new file mode 100644
index 0000000000000..03253fa4282d4
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_apm_metrics.tsx
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiButton } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { PopoverBadge } from './popover_badge';
+import { useApmPluginContext } from '../../context/apm_plugin/use_apm_plugin_context';
+
+export const NotAvailableApmMetrics = () => {
+  const { core } = useApmPluginContext();
+  return (
+    <PopoverBadge
+      title={i18n.translate('xpack.apm.servicesTable.notAvailableApmMetrics.title', {
+        defaultMessage: 'Want to see more?',
+      })}
+      content={i18n.translate('xpack.apm.servicesTable.notAvailableApmMetrics.content', {
+        defaultMessage:
+          'Understand key metrics like transaction latency, throughput and error rate by instrumenting your service with APM.',
+      })}
+      footer={
+        <EuiButton
+          data-test-subj="apmServicesNotAvailableMetricsButton"
+          href={core.http.basePath.prepend('/app/apm/tutorial')}
+        >
+          {i18n.translate('xpack.apm.servicesTable.notAvailableApmMetrics.footer', {
+            defaultMessage: 'Add APM',
+          })}
+        </EuiButton>
+      }
+    />
+  );
+};
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_environment.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_environment.tsx
new file mode 100644
index 0000000000000..aecc9f2586e71
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/not_available_environment.tsx
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiCode, EuiLink } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { PopoverBadge } from './popover_badge';
+
+export const NotAvailableEnvironment = () => {
+  return (
+    <PopoverBadge
+      title={i18n.translate('xpack.apm.servicesTable.notAvailableEnv.title', {
+        defaultMessage: 'No environment detected.',
+      })}
+      content={
+        <FormattedMessage
+          id="xpack.apm.servicesTable.notAvailableEnv.content"
+          defaultMessage="Declare your service environment by adding {field} to your logs."
+          values={{
+            field: <EuiCode>service.environment</EuiCode>,
+          }}
+        />
+      }
+      footer={
+        <EuiLink
+          data-test-subj="apmServicesNotAvailableEnvironmentLink"
+          href="https://demo.elastic.co/app/observabilityOnboarding/customLogs/?category=logs"
+          external
+        >
+          {i18n.translate('xpack.apm.servicesTable.notAvailableEnv.footer', {
+            defaultMessage: 'See documentation',
+          })}
+        </EuiLink>
+      }
+    />
+  );
+};
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/popover_badge/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/popover_badge/index.tsx
new file mode 100644
index 0000000000000..b20121b673893
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/popover_badge/index.tsx
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useState } from 'react';
+import {
+  EuiPopover,
+  EuiPopoverTitle,
+  EuiPopoverFooter,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiText,
+  EuiBadge,
+} from '@elastic/eui';
+import { NOT_AVAILABLE_LABEL, CLICK_ARIAL_LABEL } from '../../../../common/i18n';
+
+interface PopoverBadgeProps {
+  title: React.ReactNode;
+  iconType?: React.ReactNode;
+  footer?: React.ReactNode;
+  badgeLabel?: React.ReactNode;
+  content: React.ReactNode;
+}
+
+export function PopoverBadge({
+  title,
+  badgeLabel = NOT_AVAILABLE_LABEL,
+  content,
+  footer,
+}: PopoverBadgeProps) {
+  const [isPopoverOpen, setIsPopoverOpen] = useState(false);
+  return (
+    <EuiFlexGroup justifyContent="flexEnd">
+      <EuiFlexItem grow={false}>
+        <EuiPopover
+          button={
+            <EuiBadge
+              iconType="iInCircle"
+              iconOnClick={() => setIsPopoverOpen(!isPopoverOpen)}
+              onClick={() => setIsPopoverOpen(!isPopoverOpen)}
+              iconOnClickAriaLabel={CLICK_ARIAL_LABEL}
+              onClickAriaLabel={CLICK_ARIAL_LABEL}
+              iconSide="left"
+              color="hollow"
+            >
+              {badgeLabel}
+            </EuiBadge>
+          }
+          isOpen={isPopoverOpen}
+          closePopover={() => setIsPopoverOpen(false)}
+          anchorPosition="upCenter"
+        >
+          <EuiPopoverTitle>{title}</EuiPopoverTitle>
+          <div style={{ width: '300px' }}>
+            <EuiText size="s">
+              <p>{content}</p>
+            </EuiText>
+          </div>
+          {footer && <EuiPopoverFooter>{footer}</EuiPopoverFooter>}
+        </EuiPopover>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/transactions_table/get_columns.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/transactions_table/get_columns.tsx
index d4acaa3a1961c..3c34af7e999c5 100644
--- a/x-pack/plugins/observability_solution/apm/public/components/shared/transactions_table/get_columns.tsx
+++ b/x-pack/plugins/observability_solution/apm/public/components/shared/transactions_table/get_columns.tsx
@@ -9,8 +9,8 @@ import {
   EuiBadge,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiIcon,
   EuiToolTip,
+  EuiIconTip,
   RIGHT_ALIGNMENT,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
@@ -204,20 +204,25 @@ export function getColumns({
       field: 'errorRate',
       sortable: true,
       name: (
-        <EuiToolTip
-          content={i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnErrorRateTip', {
-            defaultMessage:
-              "The percentage of failed transactions for the selected service. HTTP server transactions with a 4xx status code (client error) aren't considered failures because the caller, not the server, caused the failure.",
+        <>
+          {i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnErrorRate', {
+            defaultMessage: 'Failed transaction rate',
           })}
-        >
-          <>
-            {i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnErrorRate', {
-              defaultMessage: 'Failed transaction rate',
-            })}
-            &nbsp;
-            <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignCenter" />
-          </>
-        </EuiToolTip>
+          &nbsp;
+          <EuiIconTip
+            size="s"
+            color="subdued"
+            type="questionInCircle"
+            className="eui-alignCenter"
+            content={i18n.translate(
+              'xpack.apm.serviceOverview.transactionsTableColumnErrorRateTip',
+              {
+                defaultMessage:
+                  "The percentage of failed transactions for the selected service. HTTP server transactions with a 4xx status code (client error) aren't considered failures because the caller, not the server, caused the failure.",
+              }
+            )}
+          />
+        </>
       ),
       align: RIGHT_ALIGNMENT,
       render: (_, { errorRate, name }) => {
@@ -246,20 +251,22 @@ export function getColumns({
       field: 'impact',
       sortable: true,
       name: (
-        <EuiToolTip
-          content={i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnImpactTip', {
-            defaultMessage:
-              'The most used and slowest endpoints in your service. Calculated by multiplying latency by throughput.',
+        <>
+          {i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnImpact', {
+            defaultMessage: 'Impact',
           })}
-        >
-          <>
-            {i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnImpact', {
-              defaultMessage: 'Impact',
+          &nbsp;
+          <EuiIconTip
+            size="s"
+            color="subdued"
+            type="questionInCircle"
+            className="eui-alignCenter"
+            content={i18n.translate('xpack.apm.serviceOverview.transactionsTableColumnImpactTip', {
+              defaultMessage:
+                'The most used and slowest endpoints in your service. Calculated by multiplying latency by throughput.',
             })}
-            &nbsp;
-            <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignCenter" />
-          </>
-        </EuiToolTip>
+          />
+        </>
       ),
       align: RIGHT_ALIGNMENT,
       render: (_, { name }) => {
diff --git a/x-pack/plugins/observability_solution/apm/server/lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients.ts b/x-pack/plugins/observability_solution/apm/server/lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients.ts
index 2b77f08f10269..f7838cd36fbe2 100644
--- a/x-pack/plugins/observability_solution/apm/server/lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients.ts
+++ b/x-pack/plugins/observability_solution/apm/server/lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients.ts
@@ -10,7 +10,7 @@ import { ElasticsearchClient } from '@kbn/core/server';
 import { unwrapEsResponse } from '@kbn/observability-plugin/common/utils/unwrap_es_response';
 import { withApmSpan } from '../../../../utils/with_apm_span';
 
-const ASSETS_INDEX_NAME = 'assets';
+const ENTITIES_INDEX_NAME = '.entities-observability.latest-*';
 
 export function cancelEsRequestOnAbort<T extends Promise<any>>(
   promise: T,
@@ -24,14 +24,14 @@ export function cancelEsRequestOnAbort<T extends Promise<any>>(
   return promise.finally(() => subscription.unsubscribe()) as T;
 }
 
-export interface AssetsESClient {
+export interface EntitiesESClient {
   search<TDocument = unknown, TSearchRequest extends ESSearchRequest = ESSearchRequest>(
     operationName: string,
     searchRequest: TSearchRequest
   ): Promise<InferSearchResponseOf<TDocument, TSearchRequest>>;
 }
 
-export async function createAssetsESClient({
+export async function createEntitiesESClient({
   request,
   esClient,
 }: {
@@ -48,7 +48,7 @@ export async function createAssetsESClient({
       const promise = withApmSpan(operationName, () => {
         return cancelEsRequestOnAbort(
           esClient.search(
-            { ...searchRequest, index: [ASSETS_INDEX_NAME] },
+            { ...searchRequest, index: [ENTITIES_INDEX_NAME] },
             {
               signal: controller.signal,
               meta: true,
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts
index b10f82f69aede..120b520a73edc 100644
--- a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts
+++ b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ApiKey } from '@kbn/security-plugin/common/model';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import { ApmPluginRequestHandlerContext } from '../typings';
 
 export interface AgentKeysResponse {
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts
index 8fee2cba47dc6..8b1fe99b6d272 100644
--- a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts
+++ b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts
@@ -44,7 +44,7 @@ import { suggestionsRouteRepository } from '../suggestions/route';
 import { timeRangeMetadataRoute } from '../time_range_metadata/route';
 import { traceRouteRepository } from '../traces/route';
 import { transactionRouteRepository } from '../transactions/route';
-import { servicesAssetsRoutesRepository } from '../assets/services/routes';
+import { servicesEntitiesRoutesRepository } from '../entities/services/routes';
 
 function getTypedGlobalApmServerRouteRepository() {
   const repository = {
@@ -56,7 +56,7 @@ function getTypedGlobalApmServerRouteRepository() {
     ...observabilityOverviewRouteRepository,
     ...serviceMapRouteRepository,
     ...serviceRouteRepository,
-    ...servicesAssetsRoutesRepository,
+    ...servicesEntitiesRoutesRepository,
     ...serviceGroupRouteRepository,
     ...suggestionsRouteRepository,
     ...traceRouteRepository,
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/get_assets.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/get_assets.ts
deleted file mode 100644
index 0848b014eee0c..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/get_assets.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import { termQuery, kqlQuery } from '@kbn/observability-plugin/server';
-import { ASSET_TYPE, FIRST_SEEN, LAST_SEEN } from '../../../common/es_fields/assets';
-import { AssetsESClient } from '../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
-
-type AssetType = 'service';
-
-export function assetsRangeQuery(start: number, end: number): QueryDslQueryContainer[] {
-  return [
-    {
-      range: {
-        [FIRST_SEEN]: {
-          gte: start,
-        },
-      },
-    },
-    {
-      range: {
-        [LAST_SEEN]: {
-          lte: end,
-        },
-      },
-    },
-  ];
-}
-
-export async function getAssets({
-  assetsESClient,
-  start,
-  end,
-  kuery,
-  assetType,
-  size,
-}: {
-  assetsESClient: AssetsESClient;
-  start: number;
-  end: number;
-  kuery: string;
-  assetType: AssetType;
-  size: number;
-}) {
-  const response = await assetsESClient.search(`get_${assetType}_from_assets`, {
-    body: {
-      size,
-      track_total_hits: false,
-      query: {
-        bool: {
-          filter: [
-            ...termQuery(ASSET_TYPE, assetType),
-            ...kqlQuery(kuery),
-            ...assetsRangeQuery(start, end),
-          ],
-        },
-      },
-    },
-  });
-
-  return response;
-}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_service_assets.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_service_assets.ts
deleted file mode 100644
index 524a20e07e00c..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_service_assets.ts
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import { errors } from '@elastic/elasticsearch';
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
-import { LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/server';
-import { WrappedElasticsearchClientError } from '@kbn/observability-plugin/server';
-import { ApmServiceTransactionDocumentType } from '../../../../common/document_type';
-import { RollupInterval } from '../../../../common/rollup';
-import { APMEventClient } from '../../../lib/helpers/create_es_client/create_apm_event_client';
-import { AssetsESClient } from '../../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
-import { withApmSpan } from '../../../utils/with_apm_span';
-import { getAssets } from '../get_assets';
-import { getServiceNamesPerSignalType } from '../utils/get_service_names_per_signal_type';
-import { getServicesTransactionStats } from './get_services_transaction_stats';
-import { ServiceAssetDocument } from './types';
-
-export const MAX_NUMBER_OF_SERVICES = 1_000;
-
-export async function getServiceAssets({
-  assetsESClient,
-  start,
-  end,
-  kuery,
-  logger,
-  apmEventClient,
-  logsDataAccessStart,
-  esClient,
-  documentType,
-  rollupInterval,
-  useDurationSummary,
-}: {
-  assetsESClient: AssetsESClient;
-  start: number;
-  end: number;
-  kuery: string;
-  logger: Logger;
-  apmEventClient: APMEventClient;
-  logsDataAccessStart: LogsDataAccessPluginStart;
-  esClient: ElasticsearchClient;
-  documentType: ApmServiceTransactionDocumentType;
-  rollupInterval: RollupInterval;
-  useDurationSummary: boolean;
-}) {
-  return withApmSpan('get_service_assets', async () => {
-    try {
-      const response = await getAssets({
-        assetsESClient,
-        start,
-        end,
-        kuery,
-        size: MAX_NUMBER_OF_SERVICES,
-        assetType: 'service',
-      });
-
-      const services = response.hits.hits.map((hit) => {
-        const serviceAsset = hit._source as ServiceAssetDocument;
-
-        return {
-          asset: {
-            signalTypes: serviceAsset.asset.signalTypes,
-            identifyingMetadata: serviceAsset.asset.identifying_metadata,
-          },
-          service: {
-            name: serviceAsset.service.name,
-            environment: serviceAsset.service.environment,
-          },
-        };
-      });
-
-      const { logsServiceNames, tracesServiceNames } = getServiceNamesPerSignalType(services);
-
-      const [traceMetrics = {}, logsMetrics = {}] = await Promise.all([
-        tracesServiceNames.length
-          ? getServicesTransactionStats({
-              apmEventClient,
-              start,
-              end,
-              kuery,
-              serviceNames: tracesServiceNames,
-              documentType,
-              rollupInterval,
-              useDurationSummary,
-            })
-          : undefined,
-        logsServiceNames.length
-          ? logsDataAccessStart.services.getLogsRatesService({
-              esClient,
-              identifyingMetadata: 'service.name',
-              timeFrom: start,
-              timeTo: end,
-              serviceNames: logsServiceNames,
-            })
-          : undefined,
-      ]);
-
-      return services.map((item) => {
-        const serviceTraceMetrics = traceMetrics[item.service.name];
-        const serviceLogsMetrics = logsMetrics[item.service.name];
-        return {
-          ...item,
-          metrics: { ...serviceTraceMetrics, ...serviceLogsMetrics },
-        };
-      });
-    } catch (error) {
-      // If the index does not exist, handle it gracefully
-      if (
-        error instanceof WrappedElasticsearchClientError &&
-        error.originalError instanceof errors.ResponseError
-      ) {
-        const type = error.originalError.body.error.type;
-
-        if (type === 'index_not_found_exception') {
-          logger.error(`Asset index does not exist. Unable to fetch services.`);
-          return [];
-        }
-      }
-
-      throw error;
-    }
-  });
-}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_services_transaction_stats.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_services_transaction_stats.ts
deleted file mode 100644
index a4d8a45551de2..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/get_services_transaction_stats.ts
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { kqlQuery, rangeQuery } from '@kbn/observability-plugin/server';
-import { ApmServiceTransactionDocumentType } from '../../../../common/document_type';
-import { SERVICE_NAME, TRANSACTION_TYPE } from '../../../../common/es_fields/apm';
-import { RollupInterval } from '../../../../common/rollup';
-import { isDefaultTransactionType } from '../../../../common/transaction_types';
-import { maybe } from '../../../../common/utils/maybe';
-import { calculateThroughputWithRange } from '../../../lib/helpers/calculate_throughput';
-import { APMEventClient } from '../../../lib/helpers/create_es_client/create_apm_event_client';
-import { getDurationFieldForTransactions } from '../../../lib/helpers/transactions';
-import {
-  calculateFailedTransactionRate,
-  getOutcomeAggregation,
-} from '../../../lib/helpers/transaction_error_rate';
-import { MAX_NUMBER_OF_SERVICES } from './get_service_assets';
-
-export interface TraceMetrics {
-  latency: number | null;
-  throughput: number | null;
-  transactionErrorRate: number | null;
-}
-
-interface AssetServicesMetricsMap {
-  [serviceName: string]: TraceMetrics;
-}
-
-export async function getServicesTransactionStats({
-  apmEventClient,
-  start,
-  end,
-  kuery,
-  serviceNames,
-  documentType,
-  rollupInterval,
-  useDurationSummary,
-}: {
-  apmEventClient: APMEventClient;
-  start: number;
-  end: number;
-  kuery: string;
-  serviceNames: string[];
-  documentType: ApmServiceTransactionDocumentType;
-  rollupInterval: RollupInterval;
-  useDurationSummary: boolean;
-}): Promise<AssetServicesMetricsMap> {
-  const response = await apmEventClient.search('get_services_transaction_stats', {
-    apm: {
-      sources: [{ documentType, rollupInterval }],
-    },
-    body: {
-      track_total_hits: false,
-      size: 0,
-      query: {
-        bool: {
-          filter: [
-            ...rangeQuery(start, end),
-            ...kqlQuery(kuery),
-            { terms: { [SERVICE_NAME]: serviceNames } },
-          ],
-        },
-      },
-      aggs: {
-        services: {
-          terms: {
-            field: SERVICE_NAME,
-            size: MAX_NUMBER_OF_SERVICES,
-          },
-          aggs: {
-            transactionType: {
-              terms: {
-                field: TRANSACTION_TYPE,
-              },
-              aggs: {
-                avg_duration: {
-                  avg: {
-                    field: getDurationFieldForTransactions(documentType, useDurationSummary),
-                  },
-                },
-                ...getOutcomeAggregation(documentType),
-              },
-            },
-          },
-        },
-      },
-    },
-  });
-
-  return (
-    response.aggregations?.services.buckets.reduce<AssetServicesMetricsMap>((acc, bucket) => {
-      const serviceName = bucket.key as string;
-      const topTransactionTypeBucket = maybe(
-        bucket.transactionType.buckets.find(({ key }) => isDefaultTransactionType(key as string)) ??
-          bucket.transactionType.buckets[0]
-      );
-
-      return {
-        ...acc,
-        [serviceName]: {
-          latency: topTransactionTypeBucket?.avg_duration.value || null,
-          throughput: topTransactionTypeBucket
-            ? calculateThroughputWithRange({
-                start,
-                end,
-                value: topTransactionTypeBucket.doc_count,
-              })
-            : null,
-          transactionErrorRate: topTransactionTypeBucket
-            ? calculateFailedTransactionRate(topTransactionTypeBucket)
-            : null,
-        },
-      };
-    }, {}) || {}
-  );
-}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/routes.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/services/routes.ts
deleted file mode 100644
index ff79cd80e1f47..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/routes.ts
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import * as t from 'io-ts';
-import { toBooleanRt } from '@kbn/io-ts-utils';
-import { createAssetsESClient } from '../../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
-import { getApmEventClient } from '../../../lib/helpers/get_apm_event_client';
-import { createApmServerRoute } from '../../apm_routes/create_apm_server_route';
-import { kueryRt, rangeRt, serviceTransactionDataSourceRt } from '../../default_api_types';
-import { getServiceAssets } from './get_service_assets';
-import { AssetServicesResponse } from './types';
-
-const servicesAssetsRoute = createApmServerRoute({
-  endpoint: 'GET /internal/apm/assets/services',
-  params: t.type({
-    query: t.intersection([
-      kueryRt,
-      rangeRt,
-      serviceTransactionDataSourceRt,
-      t.type({ useDurationSummary: toBooleanRt }),
-    ]),
-  }),
-  options: { tags: ['access:apm'] },
-  async handler(resources): Promise<AssetServicesResponse> {
-    const { context, params, request, plugins } = resources;
-    const [coreContext, apmEventClient, logsDataAccessStart] = await Promise.all([
-      context.core,
-      getApmEventClient(resources),
-      plugins.logsDataAccess.start(),
-    ]);
-
-    const assetsESClient = await createAssetsESClient({
-      request,
-      esClient: coreContext.elasticsearch.client.asCurrentUser,
-    });
-
-    const { start, end, kuery, documentType, rollupInterval, useDurationSummary } = params.query;
-
-    const services = await getServiceAssets({
-      assetsESClient,
-      start,
-      end,
-      kuery,
-      logger: resources.logger,
-      apmEventClient,
-      logsDataAccessStart,
-      esClient: coreContext.elasticsearch.client.asCurrentUser,
-      documentType,
-      rollupInterval,
-      useDurationSummary,
-    });
-
-    return { services };
-  },
-});
-
-export const servicesAssetsRoutesRepository = {
-  ...servicesAssetsRoute,
-};
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/types.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/services/types.ts
deleted file mode 100644
index e63c12f27a172..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/services/types.ts
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { LogsRatesMetrics } from '@kbn/logs-data-access-plugin/server';
-import { TraceMetrics } from './get_services_transaction_stats';
-
-export enum SignalType {
-  ASSET_TRACES = 'asset.traces',
-  ASSET_LOGS = 'asset.logs',
-}
-
-interface ServiceItem {
-  environment?: string;
-  name: string;
-}
-
-type SignalTypes = Record<SignalType, boolean | undefined>;
-
-interface AssetItem {
-  signalTypes: SignalTypes;
-  identifyingMetadata: string[];
-}
-
-export interface ServiceAssetDocument {
-  asset: {
-    signalTypes: SignalTypes;
-    identifying_metadata: string[];
-  };
-  service: ServiceItem;
-}
-
-export interface AssetService {
-  asset: AssetItem;
-  service: ServiceItem;
-}
-
-export interface AssetServicesResponse {
-  services: Array<AssetService & { metrics: TraceMetrics & LogsRatesMetrics }>;
-}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.test.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.test.ts
deleted file mode 100644
index 89c67769bf47a..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.test.ts
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { AssetService } from '../services/types';
-import { getServiceNamesPerSignalType } from './get_service_names_per_signal_type';
-
-describe('getServiceNamesPerSignalType', () => {
-  it('returns empty arrays when serviceAssets is empty', () => {
-    const serviceAssets: AssetService[] = [];
-    const result = getServiceNamesPerSignalType(serviceAssets);
-    expect(result).toEqual({ tracesServiceNames: [], logsServiceNames: [] });
-  });
-
-  it('returns service names for assets with traces signal types', () => {
-    const serviceAssets: AssetService[] = [
-      {
-        asset: {
-          signalTypes: { 'asset.traces': true, 'asset.logs': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service1' },
-      },
-      {
-        asset: {
-          signalTypes: { 'asset.traces': false, 'asset.logs': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service2' },
-      },
-    ];
-    const result = getServiceNamesPerSignalType(serviceAssets);
-    expect(result).toEqual({ tracesServiceNames: ['Service1'], logsServiceNames: [] });
-  });
-
-  it('returns service names for assets with logs signal types', () => {
-    const serviceAssets: AssetService[] = [
-      {
-        asset: {
-          signalTypes: { 'asset.logs': true, 'asset.traces': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service1' },
-      },
-      {
-        asset: {
-          signalTypes: { 'asset.logs': false, 'asset.traces': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service2' },
-      },
-    ];
-    const result = getServiceNamesPerSignalType(serviceAssets);
-    expect(result).toEqual({ tracesServiceNames: [], logsServiceNames: ['Service1'] });
-  });
-
-  it('returns empty arrays when there are no assets with signal types', () => {
-    const serviceAssets: AssetService[] = [
-      {
-        asset: {
-          signalTypes: { 'asset.logs': false, 'asset.traces': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service1' },
-      },
-      {
-        asset: {
-          signalTypes: { 'asset.logs': false, 'asset.traces': false },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service2' },
-      },
-    ];
-    const result = getServiceNamesPerSignalType(serviceAssets);
-    expect(result).toEqual({ tracesServiceNames: [], logsServiceNames: [] });
-  });
-
-  it('returns service names for assets with logs and traces signal types', () => {
-    const serviceAssets: AssetService[] = [
-      {
-        asset: {
-          signalTypes: { 'asset.logs': true, 'asset.traces': true },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service1' },
-      },
-      {
-        asset: {
-          signalTypes: { 'asset.logs': true, 'asset.traces': true },
-          identifyingMetadata: [],
-        },
-        service: { name: 'Service2' },
-      },
-    ];
-    const result = getServiceNamesPerSignalType(serviceAssets);
-    expect(result).toEqual({
-      tracesServiceNames: ['Service1', 'Service2'],
-      logsServiceNames: ['Service1', 'Service2'],
-    });
-  });
-});
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.ts b/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.ts
deleted file mode 100644
index 94efeb96a3c1b..0000000000000
--- a/x-pack/plugins/observability_solution/apm/server/routes/assets/utils/get_service_names_per_signal_type.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { AssetService, SignalType } from '../services/types';
-
-export function getServiceNamesPerSignalType(serviceAssets: AssetService[]) {
-  const tracesServiceNames = serviceAssets
-    .filter(({ asset }) => asset.signalTypes[SignalType.ASSET_TRACES])
-    .map(({ service }) => service.name);
-
-  const logsServiceNames = serviceAssets
-    .filter(({ asset }) => asset.signalTypes[SignalType.ASSET_LOGS])
-    .map(({ service }) => service.name);
-
-  return { tracesServiceNames, logsServiceNames };
-}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/get_entities.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/get_entities.ts
new file mode 100644
index 0000000000000..b129a544d9fe3
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/get_entities.ts
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import { kqlQuery } from '@kbn/observability-plugin/server';
+import { AGENT_NAME, DATA_STEAM_TYPE } from '../../../common/es_fields/apm';
+import {
+  ENTITY_ENVIRONMENT,
+  FIRST_SEEN,
+  LAST_SEEN,
+  ENTITY,
+} from '../../../common/es_fields/entities';
+import { environmentQuery } from '../../../common/utils/environment_query';
+import { EntitiesESClient } from '../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
+import { EntitiesRaw, ServiceEntities } from './types';
+
+export function entitiesRangeQuery(start: number, end: number): QueryDslQueryContainer[] {
+  return [
+    {
+      range: {
+        [FIRST_SEEN]: {
+          gte: start,
+        },
+      },
+    },
+    {
+      range: {
+        [LAST_SEEN]: {
+          lte: end,
+        },
+      },
+    },
+  ];
+}
+
+export async function getEntities({
+  entitiesESClient,
+  start,
+  end,
+  environment,
+  kuery,
+  size,
+}: {
+  entitiesESClient: EntitiesESClient;
+  start: number;
+  end: number;
+  environment: string;
+  kuery: string;
+  size: number;
+}) {
+  const entities = (
+    await entitiesESClient.search(`get_entities`, {
+      body: {
+        size,
+        track_total_hits: false,
+        _source: [AGENT_NAME, ENTITY, DATA_STEAM_TYPE],
+        query: {
+          bool: {
+            filter: [
+              ...kqlQuery(kuery),
+              ...environmentQuery(environment, ENTITY_ENVIRONMENT),
+              ...entitiesRangeQuery(start, end),
+            ],
+          },
+        },
+      },
+    })
+  ).hits.hits.map((hit) => hit._source as EntitiesRaw);
+
+  return entities.map((entity): ServiceEntities => {
+    return {
+      serviceName: entity.entity.identityFields.service.name,
+      agentName: entity.agent.name[0],
+      signalTypes: entity.data_stream.type,
+      entity: entity.entity,
+    };
+  });
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/services/get_service_entities.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/services/get_service_entities.ts
new file mode 100644
index 0000000000000..0f90afb214cbf
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/services/get_service_entities.ts
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { errors } from '@elastic/elasticsearch';
+import { Logger } from '@kbn/core/server';
+import { WrappedElasticsearchClientError } from '@kbn/observability-plugin/server';
+import { EntitiesESClient } from '../../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
+import { withApmSpan } from '../../../utils/with_apm_span';
+import { getEntities } from '../get_entities';
+import { calculateAvgMetrics } from '../utils/calculate_avg_metrics';
+import { mergeEntities } from '../utils/merge_entities';
+
+export const MAX_NUMBER_OF_SERVICES = 1_000;
+
+export async function getServiceEntities({
+  entitiesESClient,
+  start,
+  end,
+  kuery,
+  environment,
+  logger,
+}: {
+  entitiesESClient: EntitiesESClient;
+  start: number;
+  end: number;
+  kuery: string;
+  environment: string;
+  logger: Logger;
+}) {
+  return withApmSpan('get_service_entities', async () => {
+    try {
+      const entities = await getEntities({
+        entitiesESClient,
+        start,
+        end,
+        kuery,
+        environment,
+        size: MAX_NUMBER_OF_SERVICES,
+      });
+
+      return calculateAvgMetrics(mergeEntities({ entities }));
+    } catch (error) {
+      // If the index does not exist, handle it gracefully
+      if (
+        error instanceof WrappedElasticsearchClientError &&
+        error.originalError instanceof errors.ResponseError
+      ) {
+        const type = error.originalError.body.error.type;
+
+        if (type === 'index_not_found_exception') {
+          logger.error(`Entities index does not exist. Unable to fetch services.`);
+          return [];
+        }
+      }
+
+      throw error;
+    }
+  });
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/services/routes.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/services/routes.ts
new file mode 100644
index 0000000000000..c4a68c8c8a21e
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/services/routes.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import * as t from 'io-ts';
+import { EntityServiceListItem } from '../../../../common/entities/types';
+import { createEntitiesESClient } from '../../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
+import { getApmEventClient } from '../../../lib/helpers/get_apm_event_client';
+import { createApmServerRoute } from '../../apm_routes/create_apm_server_route';
+import { environmentRt, kueryRt, rangeRt } from '../../default_api_types';
+import { getServiceEntities } from './get_service_entities';
+
+export interface EntityServicesResponse {
+  services: EntityServiceListItem[];
+}
+
+const servicesEntitiesRoute = createApmServerRoute({
+  endpoint: 'GET /internal/apm/entities/services',
+  params: t.type({
+    query: t.intersection([environmentRt, kueryRt, rangeRt]),
+  }),
+  options: { tags: ['access:apm'] },
+  async handler(resources): Promise<EntityServicesResponse> {
+    const { context, params, request, plugins } = resources;
+    const [coreContext] = await Promise.all([
+      context.core,
+      getApmEventClient(resources),
+      plugins.logsDataAccess.start(),
+    ]);
+
+    const entitiesESClient = await createEntitiesESClient({
+      request,
+      esClient: coreContext.elasticsearch.client.asCurrentUser,
+    });
+
+    const { start, end, kuery, environment } = params.query;
+
+    const services = await getServiceEntities({
+      entitiesESClient,
+      start,
+      end,
+      kuery,
+      environment,
+      logger: resources.logger,
+    });
+
+    return { services };
+  },
+});
+
+export const servicesEntitiesRoutesRepository = {
+  ...servicesEntitiesRoute,
+};
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/types.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/types.ts
new file mode 100644
index 0000000000000..f55be3bb7ffb3
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/types.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { AgentName } from '../../../typings/es_schemas/ui/fields/agent';
+import { SignalTypes, EntityMetrics } from '../../../common/entities/types';
+
+export interface Entity {
+  id: string;
+  latestTimestamp: string;
+  identityFields: {
+    service: {
+      name: string;
+      environment?: string | null;
+    };
+  };
+  metrics: EntityMetrics;
+}
+
+export interface TraceMetrics {
+  latency: number | null;
+  throughput: number | null;
+  failedTransactionRate: number | null;
+}
+
+export interface ServiceEntities {
+  serviceName: string;
+  agentName: AgentName;
+  signalTypes: string[];
+  entity: Entity;
+}
+
+export interface EntitiesRaw {
+  agent: {
+    name: AgentName[];
+  };
+  data_stream: {
+    type: string[];
+  };
+  entity: Entity;
+}
+
+export interface MergedServiceEntities {
+  serviceName: string;
+  agentName: AgentName;
+  signalTypes: SignalTypes[];
+  environments: string[];
+  metrics: EntityMetrics[];
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.test.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.test.ts
new file mode 100644
index 0000000000000..14a156aef3663
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.test.ts
@@ -0,0 +1,180 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EntityMetrics, SignalTypes } from '../../../../common/entities/types';
+import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent';
+import { calculateAvgMetrics, mergeMetrics } from './calculate_avg_metrics';
+
+describe('calculateAverageMetrics', () => {
+  it('calculates average metrics', () => {
+    const entities = [
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [SignalTypes.METRICS, SignalTypes.LOGS],
+        environments: [],
+        latestTimestamp: '2024-03-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 5,
+            latency: 5,
+            logErrorRate: 5,
+            logRatePerMinute: 5,
+            throughput: 5,
+          },
+          {
+            failedTransactionRate: 10,
+            latency: 10,
+            logErrorRate: 10,
+            logRatePerMinute: 10,
+            throughput: 10,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+      {
+        agentName: 'java' as AgentName,
+        signalTypes: [SignalTypes.METRICS],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 15,
+            latency: 15,
+            logErrorRate: 15,
+            logRatePerMinute: 15,
+            throughput: 15,
+          },
+          {
+            failedTransactionRate: 5,
+            latency: 5,
+            logErrorRate: 5,
+            logRatePerMinute: 5,
+            throughput: 5,
+          },
+        ],
+        serviceName: 'service-2',
+      },
+    ];
+
+    const result = calculateAvgMetrics(entities);
+
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs',
+        signalTypes: [SignalTypes.METRICS, SignalTypes.LOGS],
+        environments: [],
+        latestTimestamp: '2024-03-05T10:34:40.810Z',
+        metrics: {
+          failedTransactionRate: 7.5,
+          latency: 7.5,
+          logErrorRate: 7.5,
+          logRatePerMinute: 7.5,
+          throughput: 7.5,
+        },
+        serviceName: 'service-1',
+      },
+      {
+        agentName: 'java' as AgentName,
+        signalTypes: [SignalTypes.METRICS],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: {
+          failedTransactionRate: 10,
+          latency: 10,
+          logErrorRate: 10,
+          logRatePerMinute: 10,
+          throughput: 10,
+        },
+        serviceName: 'service-2',
+      },
+    ]);
+  });
+  it('calculates average metrics with null', () => {
+    const entities = [
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [SignalTypes.METRICS],
+        environments: ['env-service-1', 'env-service-2'],
+        latestTimestamp: '2024-03-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 5,
+            latency: null,
+            logErrorRate: 5,
+            logRatePerMinute: 5,
+            throughput: 5,
+          },
+          {
+            failedTransactionRate: 10,
+            latency: null,
+            logErrorRate: 10,
+            logRatePerMinute: 10,
+            throughput: 10,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ];
+
+    const result = calculateAvgMetrics(entities);
+
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs',
+        signalTypes: [SignalTypes.METRICS],
+        environments: ['env-service-1', 'env-service-2'],
+        latestTimestamp: '2024-03-05T10:34:40.810Z',
+        metrics: {
+          failedTransactionRate: 7.5,
+          logErrorRate: 7.5,
+          logRatePerMinute: 7.5,
+          throughput: 7.5,
+        },
+        serviceName: 'service-1',
+      },
+    ]);
+  });
+});
+
+describe('mergeMetrics', () => {
+  it('merges metrics correctly', () => {
+    const metrics = [
+      {
+        failedTransactionRate: 5,
+        latency: 5,
+        logErrorRate: 5,
+        logRatePerMinute: 5,
+        throughput: 5,
+      },
+      {
+        failedTransactionRate: 10,
+        latency: 10,
+        logErrorRate: 10,
+        logRatePerMinute: 10,
+        throughput: 10,
+      },
+    ];
+
+    const result = mergeMetrics(metrics);
+
+    expect(result).toEqual({
+      failedTransactionRate: [5, 10],
+      latency: [5, 10],
+      logErrorRate: [5, 10],
+      logRatePerMinute: [5, 10],
+      throughput: [5, 10],
+    });
+  });
+
+  it('handles empty metrics array', () => {
+    const metrics: EntityMetrics[] = [];
+
+    const result = mergeMetrics(metrics);
+
+    expect(result).toEqual({});
+  });
+});
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.ts
new file mode 100644
index 0000000000000..f477786786645
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/calculate_avg_metrics.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { mapValues } from 'lodash';
+import { EntityMetrics } from '../../../../common/entities/types';
+import { MergedServiceEntities } from '../types';
+
+export function calculateAvgMetrics(entities: MergedServiceEntities[]) {
+  return entities.map((entity) => {
+    const transformedMetrics = mergeMetrics(entity.metrics);
+    const averages = mapValues(transformedMetrics, (values: number[]) => {
+      const sum = values.reduce((acc: number, val: number) => acc + (val !== null ? val : 0), 0);
+      return sum / values.length;
+    });
+
+    return {
+      ...entity,
+      metrics: averages,
+    };
+  });
+}
+type MetricsKey = keyof EntityMetrics;
+
+export function mergeMetrics(metrics: EntityMetrics[]) {
+  return metrics.reduce((acc, metric) => {
+    for (const key in metric) {
+      if (metric.hasOwnProperty(key)) {
+        const metricsKey = key as MetricsKey;
+
+        const value = metric[metricsKey];
+        if (value) {
+          if (!acc[metricsKey]) {
+            acc[metricsKey] = [];
+          }
+          acc[metricsKey].push(value);
+        }
+      }
+    }
+    return acc;
+  }, {} as { [key in MetricsKey]: number[] });
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.test.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.test.ts
new file mode 100644
index 0000000000000..88566aa1d379c
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.test.ts
@@ -0,0 +1,471 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { mergeEntities } from './merge_entities';
+import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent';
+
+describe('mergeEntities', () => {
+  it('modifies one service', () => {
+    const entities = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName as AgentName,
+        signalTypes: ['metrics', 'logs'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: 'test' } },
+          id: 'service-1:test',
+        },
+      },
+    ];
+    const result = mergeEntities({ entities });
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs' as AgentName as AgentName,
+        signalTypes: ['metrics', 'logs'],
+        environments: ['test'],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+  });
+
+  it('joins two service with the same name ', () => {
+    const entities = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName as AgentName,
+        signalTypes: ['foo'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+
+          identityFields: { service: { name: 'apm-only-1', environment: 'env-service-1' } },
+          id: 'service-1:env-service-1',
+        },
+      },
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName as AgentName,
+        signalTypes: ['bar'],
+        entity: {
+          latestTimestamp: '2024-03-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 10,
+            logErrorRate: 10,
+            throughput: 10,
+            failedTransactionRate: 10,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: 'env-service-2' } },
+          id: 'apm-only-1:synthtrace-env-2',
+        },
+      },
+      {
+        serviceName: 'service-2',
+        agentName: 'java' as AgentName,
+        signalTypes: ['baz'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 15,
+            logErrorRate: 15,
+            throughput: 15,
+            failedTransactionRate: 15,
+            latency: 15,
+          },
+          identityFields: { service: { name: 'service-2', environment: 'env-service-3' } },
+          id: 'service-2:env-service-3',
+        },
+      },
+      {
+        serviceName: 'service-2',
+        agentName: 'java' as AgentName,
+        signalTypes: ['baz'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 5,
+            logErrorRate: 5,
+            throughput: 5,
+            failedTransactionRate: 5,
+            latency: 5,
+          },
+          identityFields: { service: { name: 'service-2', environment: 'env-service-4' } },
+          id: 'service-2:env-service-3',
+        },
+      },
+    ];
+
+    const result = mergeEntities({ entities });
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: ['foo', 'bar'],
+        environments: ['env-service-1', 'env-service-2'],
+        latestTimestamp: '2024-03-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+          {
+            failedTransactionRate: 10,
+            latency: 10,
+            logErrorRate: 10,
+            logRatePerMinute: 10,
+            throughput: 10,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+      {
+        agentName: 'java' as AgentName,
+        signalTypes: ['baz'],
+        environments: ['env-service-3', 'env-service-4'],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 15,
+            latency: 15,
+            logErrorRate: 15,
+            logRatePerMinute: 15,
+            throughput: 15,
+          },
+          {
+            failedTransactionRate: 5,
+            latency: 5,
+            logErrorRate: 5,
+            logRatePerMinute: 5,
+            throughput: 5,
+          },
+        ],
+        serviceName: 'service-2',
+      },
+    ]);
+  });
+  it('handles duplicate environments and data streams', () => {
+    const entities = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: ['metrics', 'logs'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 5,
+            logErrorRate: 5,
+            throughput: 5,
+            failedTransactionRate: 5,
+            latency: 5,
+          },
+          identityFields: { service: { name: 'service-1', environment: 'test' } },
+          id: 'service-1:test',
+        },
+      },
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: ['metrics', 'logs'],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 10,
+            logErrorRate: 10,
+            throughput: 10,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: 'test' } },
+          id: 'service-1:test',
+        },
+      },
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: ['foo'],
+        entity: {
+          latestTimestamp: '2024-23-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 0.333,
+            logErrorRate: 0.333,
+            throughput: 0.333,
+            failedTransactionRate: 0.333,
+            latency: 0.333,
+          },
+          identityFields: { service: { name: 'service-1', environment: 'prod' } },
+          id: 'service-1:prod',
+        },
+      },
+    ];
+    const result = mergeEntities({ entities });
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: ['metrics', 'logs', 'foo'],
+        environments: ['test', 'prod'],
+        latestTimestamp: '2024-23-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 5,
+            latency: 5,
+            logErrorRate: 5,
+            logRatePerMinute: 5,
+            throughput: 5,
+          },
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: 10,
+            logRatePerMinute: 10,
+            throughput: 10,
+          },
+          {
+            failedTransactionRate: 0.333,
+            latency: 0.333,
+            logErrorRate: 0.333,
+            logRatePerMinute: 0.333,
+            throughput: 0.333,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+  });
+  it('handles null environment', () => {
+    const entity = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: null } },
+          id: 'service-1:test',
+        },
+      },
+    ];
+    const entityResult = mergeEntities({ entities: entity });
+    expect(entityResult).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+
+    const entities = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: null } },
+          id: 'service-1:test',
+        },
+      },
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1', environment: null } },
+          id: 'service-1:test',
+        },
+      },
+    ];
+    const result = mergeEntities({ entities });
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+          {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+  });
+
+  it('handles undefined environment', () => {
+    const entity = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1' } },
+          id: 'service-1:test',
+        },
+      },
+    ];
+    const entityResult = mergeEntities({ entities: entity });
+    expect(entityResult).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+
+    const entities = [
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1' } },
+          id: 'service-1:test',
+        },
+      },
+      {
+        serviceName: 'service-1',
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        entity: {
+          latestTimestamp: '2024-06-05T10:34:40.810Z',
+          metrics: {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+          identityFields: { service: { name: 'service-1' } },
+          id: 'service-1:test',
+        },
+      },
+    ];
+    const result = mergeEntities({ entities });
+    expect(result).toEqual([
+      {
+        agentName: 'nodejs' as AgentName,
+        signalTypes: [],
+        environments: [],
+        latestTimestamp: '2024-06-05T10:34:40.810Z',
+        metrics: [
+          {
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+            logErrorRate: null,
+            logRatePerMinute: 1,
+            throughput: 0,
+          },
+          {
+            logRatePerMinute: 1,
+            logErrorRate: null,
+            throughput: 0,
+            failedTransactionRate: 0.3333333333333333,
+            latency: 10,
+          },
+        ],
+        serviceName: 'service-1',
+      },
+    ]);
+  });
+});
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.ts b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.ts
new file mode 100644
index 0000000000000..dd32a57776192
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/entities/utils/merge_entities.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { compact, uniq } from 'lodash';
+import { MergedServiceEntities, ServiceEntities } from '../types';
+
+export function mergeEntities({
+  entities,
+}: {
+  entities: ServiceEntities[];
+}): MergedServiceEntities[] {
+  const mergedEntities = entities.reduce((map, current) => {
+    const key = current.serviceName;
+    if (map.has(key)) {
+      const existingEntity = map.get(key);
+      map.set(key, mergeFunc(current, existingEntity));
+    } else {
+      map.set(key, mergeFunc(current));
+    }
+    return map;
+  }, new Map());
+
+  return [...mergedEntities.values()];
+}
+
+function mergeFunc(entity: ServiceEntities, existingEntity?: MergedServiceEntities) {
+  if (!existingEntity) {
+    return {
+      serviceName: entity.serviceName,
+      agentName: entity.agentName,
+      signalTypes: entity.signalTypes,
+      environments: compact([entity.entity.identityFields.service?.environment]),
+      latestTimestamp: entity.entity.latestTimestamp,
+      metrics: [entity.entity.metrics],
+    };
+  }
+  return {
+    serviceName: entity.serviceName,
+    agentName: entity.agentName,
+    signalTypes: uniq(compact([...(existingEntity?.signalTypes ?? []), ...entity.signalTypes])),
+    environments: uniq(
+      compact([...existingEntity?.environments, entity.entity.identityFields?.service?.environment])
+    ),
+    latestTimestamp: entity.entity.latestTimestamp,
+    metrics: [...existingEntity?.metrics, entity.entity.metrics],
+  };
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/historical_data/has_historical_entities_data.ts b/x-pack/plugins/observability_solution/apm/server/routes/historical_data/has_historical_entities_data.ts
new file mode 100644
index 0000000000000..a56389b087073
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/server/routes/historical_data/has_historical_entities_data.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EntitiesESClient } from '../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
+
+export async function hasEntitiesData(entitiesESClient: EntitiesESClient) {
+  const params = {
+    body: {
+      terminate_after: 1,
+      track_total_hits: true,
+      size: 0,
+    },
+  };
+
+  const resp = await entitiesESClient.search('has_historical_entities_data', params);
+  return resp.hits.total.value > 0;
+}
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/historical_data/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/historical_data/route.ts
index 204af4bb05b03..97f8f8c253033 100644
--- a/x-pack/plugins/observability_solution/apm/server/routes/historical_data/route.ts
+++ b/x-pack/plugins/observability_solution/apm/server/routes/historical_data/route.ts
@@ -5,15 +5,38 @@
  * 2.0.
  */
 
+import { apmEnableMultiSignal } from '@kbn/observability-plugin/common';
+import { createEntitiesESClient } from '../../lib/helpers/create_es_client/create_assets_es_client/create_assets_es_clients';
 import { getApmEventClient } from '../../lib/helpers/get_apm_event_client';
 import { createApmServerRoute } from '../apm_routes/create_apm_server_route';
 import { hasHistoricalAgentData } from './has_historical_agent_data';
+import { hasEntitiesData } from './has_historical_entities_data';
 
 const hasDataRoute = createApmServerRoute({
   endpoint: 'GET /internal/apm/has_data',
   options: { tags: ['access:apm'] },
   handler: async (resources): Promise<{ hasData: boolean }> => {
-    const apmEventClient = await getApmEventClient(resources);
+    const { context, request } = resources;
+    const coreContext = await context.core;
+
+    const {
+      uiSettings: { client: uiSettingsClient },
+    } = coreContext;
+
+    const [apmEventClient, entitiesESClient, isApmEnableMultiSignal] = await Promise.all([
+      getApmEventClient(resources),
+      createEntitiesESClient({
+        request,
+        esClient: coreContext.elasticsearch.client.asCurrentUser,
+      }),
+      uiSettingsClient.get<boolean>(apmEnableMultiSignal),
+    ]);
+
+    if (isApmEnableMultiSignal) {
+      const hasData = await hasEntitiesData(entitiesESClient);
+      return { hasData };
+    }
+
     const hasData = await hasHistoricalAgentData(apmEventClient);
     return { hasData };
   },
diff --git a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts
index 08bc47c44822a..1b3787e285eef 100644
--- a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts
+++ b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts
@@ -130,7 +130,7 @@ const deleteAgentConfigurationRoute = createApmServerRoute({
     logger.info(`Deleting config ${service.name}/${service.environment} (${exactConfig.id})`);
 
     const deleteConfigurationResult = await deleteConfiguration({
-      configurationId: exactConfig.id,
+      configurationId: exactConfig.id!,
       internalESClient,
     });
 
@@ -266,7 +266,7 @@ const agentConfigurationSearchRoute = createApmServerRoute({
 
     if (willMarkAsApplied) {
       await markAppliedByAgent({
-        id: configuration._id,
+        id: configuration._id!,
         body: configuration._source,
         internalESClient,
       });
diff --git a/x-pack/plugins/observability_solution/apm/tsconfig.json b/x-pack/plugins/observability_solution/apm/tsconfig.json
index c763acff6ea85..375283b72f6b6 100644
--- a/x-pack/plugins/observability_solution/apm/tsconfig.json
+++ b/x-pack/plugins/observability_solution/apm/tsconfig.json
@@ -120,7 +120,10 @@
     "@kbn/presentation-publishing",
     "@kbn/react-kibana-context-render",
     "@kbn/react-kibana-context-theme",
-    "@kbn/test-jest-helpers"
+    "@kbn/test-jest-helpers",
+    "@kbn/security-plugin-types-common"
   ],
-  "exclude": ["target/**/*"]
+  "exclude": [
+    "target/**/*"
+  ]
 }
diff --git a/x-pack/plugins/observability_solution/asset_manager/README.md b/x-pack/plugins/observability_solution/asset_manager/README.md
deleted file mode 100644
index d73bfbb53b087..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Asset Manager Plugin
-
-This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more.
-
-## Documentation
-
-### User Docs
-
-For those interested in making use of the APIs provided by this plugin, see [our API docs](./docs/api.md).
-
-### Developer Docs
-
-For those working on this plugin directly and developing it, please see [our development docs](./docs/development.md).
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/config.ts b/x-pack/plugins/observability_solution/asset_manager/common/config.ts
deleted file mode 100644
index 22d1c2ace4578..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/common/config.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { schema, TypeOf } from '@kbn/config-schema';
-
-export const INDEX_DEFAULTS = {
-  logs: 'filebeat-*,logs-*',
-};
-
-export const configSchema = schema.object({
-  alphaEnabled: schema.maybe(schema.boolean()),
-  // Designate where various types of data live.
-  // NOTE: this should be handled in a centralized way for observability, so
-  // that when a user configures these differently from the known defaults,
-  // that value is propagated everywhere. For now, we duplicate the value here.
-  sourceIndices: schema.object(
-    {
-      logs: schema.string({ defaultValue: INDEX_DEFAULTS.logs }),
-    },
-    { defaultValue: INDEX_DEFAULTS }
-  ),
-});
-
-export type AssetManagerConfig = TypeOf<typeof configSchema>;
-
-/**
- * The following map is passed to the server plugin setup under the
- * exposeToBrowser: option, and controls which of the above config
- * keys are allow-listed to be available in the browser config.
- *
- * NOTE: anything exposed here will be visible in the UI dev tools,
- * and therefore MUST NOT be anything that is sensitive information!
- */
-export const exposeToBrowserConfig = {
-  alphaEnabled: true,
-} as const;
-
-type ValidKeys = keyof {
-  [K in keyof typeof exposeToBrowserConfig as typeof exposeToBrowserConfig[K] extends true
-    ? K
-    : never]: true;
-};
-
-export type AssetManagerPublicConfig = Pick<AssetManagerConfig, ValidKeys>;
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts b/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts
deleted file mode 100644
index 6bbde84cc668b..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-export const ASSET_MANAGER_API_BASE = '/api/asset-manager';
-
-function base(path: string) {
-  return `${ASSET_MANAGER_API_BASE}${path}`;
-}
-
-export const GET_ASSETS = base('/assets');
-export const GET_RELATED_ASSETS = base('/assets/related');
-export const GET_ASSETS_DIFF = base('/assets/diff');
-
-export const GET_HOSTS = base('/assets/hosts');
-export const GET_SERVICES = base('/assets/services');
-export const GET_CONTAINERS = base('/assets/containers');
-export const GET_PODS = base('/assets/pods');
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts b/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts
deleted file mode 100644
index 40d9749378d42..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import * as rt from 'io-ts';
-import {
-  dateRt,
-  inRangeFromStringRt,
-  datemathStringRt,
-  createLiteralValueFromUndefinedRT,
-} from '@kbn/io-ts-utils';
-
-export const assetTypeRT = rt.keyof({
-  'k8s.pod': null,
-  'k8s.cluster': null,
-  'k8s.node': null,
-});
-
-export type AssetType = rt.TypeOf<typeof assetTypeRT>;
-
-export const assetKindRT = rt.keyof({
-  cluster: null,
-  host: null,
-  pod: null,
-  container: null,
-  service: null,
-});
-
-export type AssetKind = rt.TypeOf<typeof assetKindRT>;
-
-export const assetStatusRT = rt.keyof({
-  CREATING: null,
-  ACTIVE: null,
-  DELETING: null,
-  FAILED: null,
-  UPDATING: null,
-  PENDING: null,
-  UNKNOWN: null,
-});
-
-export type AssetStatus = rt.TypeOf<typeof assetStatusRT>;
-
-// https://github.com/gcanti/io-ts/blob/master/index.md#union-of-string-literals
-export const cloudProviderNameRT = rt.keyof({
-  aws: null,
-  gcp: null,
-  azure: null,
-  other: null,
-  unknown: null,
-  none: null,
-});
-
-export type CloudProviderName = rt.TypeOf<typeof cloudProviderNameRT>;
-
-const withTimestampRT = rt.type({
-  '@timestamp': rt.string,
-});
-
-export type WithTimestamp = rt.TypeOf<typeof withTimestampRT>;
-
-export const ECSDocumentRT = rt.intersection([
-  withTimestampRT,
-  rt.partial({
-    'kubernetes.namespace': rt.string,
-    'kubernetes.pod.name': rt.string,
-    'kubernetes.pod.uid': rt.string,
-    'kubernetes.pod.start_time': rt.string,
-    'kubernetes.node.name': rt.string,
-    'kubernetes.node.start_time': rt.string,
-    'orchestrator.api_version': rt.string,
-    'orchestrator.namespace': rt.string,
-    'orchestrator.organization': rt.string,
-    'orchestrator.type': rt.string,
-    'orchestrator.cluster.id': rt.string,
-    'orchestrator.cluster.name': rt.string,
-    'orchestrator.cluster.url': rt.string,
-    'orchestrator.cluster.version': rt.string,
-    'cloud.provider': cloudProviderNameRT,
-    'cloud.instance.id': rt.string,
-    'cloud.region': rt.string,
-    'cloud.service.name': rt.string,
-    'service.environment': rt.string,
-  }),
-]);
-
-export type ECSDocument = rt.TypeOf<typeof ECSDocumentRT>;
-
-export const assetRT = rt.intersection([
-  ECSDocumentRT,
-  rt.type({
-    'asset.ean': rt.string,
-    'asset.id': rt.string,
-    'asset.kind': assetKindRT,
-  }),
-  // mixed required and optional require separate hashes combined via intersection
-  // https://github.com/gcanti/io-ts/blob/master/index.md#mixing-required-and-optional-props
-  rt.partial({
-    'asset.collection_version': rt.string,
-    'asset.name': rt.string,
-    'asset.type': assetTypeRT,
-    'asset.status': assetStatusRT,
-    'asset.parents': rt.union([rt.string, rt.array(rt.string)]),
-    'asset.children': rt.union([rt.string, rt.array(rt.string)]),
-    'asset.references': rt.union([rt.string, rt.array(rt.string)]),
-    'asset.namespace': rt.string,
-  }),
-]);
-
-export type Asset = rt.TypeOf<typeof assetRT>;
-
-export type AssetWithoutTimestamp = Omit<Asset, '@timestamp'>;
-
-export interface K8sPod extends WithTimestamp {
-  id: string;
-  name?: string;
-  ean: string;
-  node?: string;
-  cloud?: {
-    provider?: CloudProviderName;
-    region?: string;
-  };
-}
-
-export interface K8sNodeMetricBucket {
-  timestamp: number;
-  date?: string;
-  averageMemoryAvailable: number | null;
-  averageMemoryUsage: number | null;
-  maxMemoryUsage: number | null;
-  averageCpuCoreNs: number | null;
-  maxCpuCoreNs: number | null;
-}
-
-export interface K8sNodeLog {
-  timestamp: number;
-  message: string;
-}
-
-export interface K8sNode extends WithTimestamp {
-  id: string;
-  name?: string;
-  ean: string;
-  pods?: K8sPod[];
-  cluster?: K8sCluster;
-  cloud?: {
-    provider?: CloudProviderName;
-    region?: string;
-  };
-  metrics?: K8sNodeMetricBucket[];
-  logs?: K8sNodeLog[];
-}
-
-export interface K8sCluster extends WithTimestamp {
-  name?: string;
-  nodes?: K8sNode[];
-  ean: string;
-  status?: AssetStatus;
-  version?: string;
-  cloud?: {
-    provider?: CloudProviderName;
-    region?: string;
-  };
-}
-
-export const assetFiltersSingleKindRT = rt.exact(
-  rt.partial({
-    type: rt.union([assetTypeRT, rt.array(assetTypeRT)]),
-    ean: rt.union([rt.string, rt.array(rt.string)]),
-    id: rt.string,
-    parentEan: rt.string,
-    ['cloud.provider']: rt.string,
-    ['cloud.region']: rt.string,
-    ['orchestrator.cluster.name']: rt.string,
-  })
-);
-
-export type SingleKindAssetFilters = rt.TypeOf<typeof assetFiltersSingleKindRT>;
-
-const supportedKindRT = rt.union([rt.literal('host'), rt.literal('service')]);
-export const assetFiltersRT = rt.intersection([
-  assetFiltersSingleKindRT,
-  rt.partial({ kind: rt.union([supportedKindRT, rt.array(supportedKindRT)]) }),
-]);
-
-export type AssetFilters = rt.TypeOf<typeof assetFiltersRT>;
-
-export const relationRT = rt.union([
-  rt.literal('ancestors'),
-  rt.literal('descendants'),
-  rt.literal('references'),
-]);
-
-export type Relation = rt.TypeOf<typeof relationRT>;
-export type RelationField = keyof Pick<
-  Asset,
-  'asset.children' | 'asset.parents' | 'asset.references'
->;
-
-export const sizeRT = rt.union([
-  inRangeFromStringRt(1, 100),
-  createLiteralValueFromUndefinedRT(10),
-]);
-export const assetDateRT = rt.union([dateRt, datemathStringRt]);
-
-/**
- * Hosts
- */
-export const getHostAssetsQueryOptionsRT = rt.intersection([
-  rt.strict({ from: assetDateRT }),
-  rt.partial({
-    to: assetDateRT,
-    size: sizeRT,
-    stringFilters: rt.string,
-    filters: assetFiltersSingleKindRT,
-  }),
-]);
-export type GetHostAssetsQueryOptions = rt.TypeOf<typeof getHostAssetsQueryOptionsRT>;
-export const getHostAssetsResponseRT = rt.type({
-  hosts: rt.array(assetRT),
-});
-export type GetHostAssetsResponse = rt.TypeOf<typeof getHostAssetsResponseRT>;
-
-/**
- * Containers
- */
-export const getContainerAssetsQueryOptionsRT = rt.intersection([
-  rt.strict({ from: assetDateRT }),
-  rt.partial({
-    to: assetDateRT,
-    size: sizeRT,
-    stringFilters: rt.string,
-    filters: assetFiltersSingleKindRT,
-  }),
-]);
-export type GetContainerAssetsQueryOptions = rt.TypeOf<typeof getContainerAssetsQueryOptionsRT>;
-export const getContainerAssetsResponseRT = rt.type({
-  containers: rt.array(assetRT),
-});
-export type GetContainerAssetsResponse = rt.TypeOf<typeof getContainerAssetsResponseRT>;
-
-/**
- * Services
- */
-export const getServiceAssetsQueryOptionsRT = rt.intersection([
-  rt.strict({ from: assetDateRT }),
-  rt.partial({
-    from: assetDateRT,
-    to: assetDateRT,
-    size: sizeRT,
-    stringFilters: rt.string,
-    filters: assetFiltersSingleKindRT,
-  }),
-]);
-
-export type GetServiceAssetsQueryOptions = rt.TypeOf<typeof getServiceAssetsQueryOptionsRT>;
-export const getServiceAssetsResponseRT = rt.type({
-  services: rt.array(assetRT),
-});
-export type GetServiceAssetsResponse = rt.TypeOf<typeof getServiceAssetsResponseRT>;
-
-/**
- * Pods
- */
-export const getPodAssetsQueryOptionsRT = rt.intersection([
-  rt.strict({ from: assetDateRT }),
-  rt.partial({
-    to: assetDateRT,
-    size: sizeRT,
-    stringFilters: rt.string,
-    filters: assetFiltersSingleKindRT,
-  }),
-]);
-export type GetPodAssetsQueryOptions = rt.TypeOf<typeof getPodAssetsQueryOptionsRT>;
-export const getPodAssetsResponseRT = rt.type({
-  pods: rt.array(assetRT),
-});
-export type GetPodAssetsResponse = rt.TypeOf<typeof getPodAssetsResponseRT>;
-
-/**
- * Assets
- */
-export const getAssetsQueryOptionsRT = rt.intersection([
-  rt.strict({ from: assetDateRT }),
-  rt.partial({
-    to: assetDateRT,
-    size: sizeRT,
-    stringFilters: rt.string,
-    filters: assetFiltersRT,
-  }),
-]);
-export type GetAssetsQueryOptions = rt.TypeOf<typeof getAssetsQueryOptionsRT>;
-export const getAssetsResponseRT = rt.type({
-  assets: rt.array(assetRT),
-});
-export type GetAssetsResponse = rt.TypeOf<typeof getAssetsResponseRT>;
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts b/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts
deleted file mode 100644
index e779a8a15ae31..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { AssetFilters, SingleKindAssetFilters } from './types_api';
-
-export interface SharedAssetsOptionsPublic<F = AssetFilters> {
-  from: string;
-  to?: string;
-  filters?: F;
-  stringFilters?: string;
-}
-
-// Methods that return only a single "kind" of asset should not accept
-// a filter of "kind" to filter by asset kinds
-
-export type GetHostsOptionsPublic = SharedAssetsOptionsPublic<SingleKindAssetFilters>;
-export type GetContainersOptionsPublic = SharedAssetsOptionsPublic<SingleKindAssetFilters>;
-export type GetPodsOptionsPublic = SharedAssetsOptionsPublic<SingleKindAssetFilters>;
-export type GetServicesOptionsPublic = SharedAssetsOptionsPublic<SingleKindAssetFilters>;
-export type GetAssetsOptionsPublic = SharedAssetsOptionsPublic<AssetFilters>;
diff --git a/x-pack/plugins/observability_solution/asset_manager/docs/api.md b/x-pack/plugins/observability_solution/asset_manager/docs/api.md
deleted file mode 100644
index 219b73cd69bcd..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/docs/api.md
+++ /dev/null
@@ -1,368 +0,0 @@
-# Asset Manager API Documentation
-
-## Plugin configuration
-
-This plugin is NOT fully enabled by default, even though it's always enabled
-by Kibana's definition of "enabled". However, without the following configuration,
-it will bail before it sets up any routes or returns anything from its
-start, setup, or stop hooks.
-
-To fully enable the plugin, set the following config values in your kibana.yml file:
-
-```yaml
-xpack.assetManager:
-  alphaEnabled: true
-```
-
-## Depending on an asset client in your packages
-
-If you're creating a shared UI component or tool that needs to access asset data, you
-can create that code in a stateless Kibana package that can itself be imported into
-any Kibana plugin without any dependency restrictions. To gain access to the asset data,
-this component or tool can require the appropriate asset client to be passed in.
-
-TODO: need to move main client types to a package so that they can be depended on by
-other packages that require an injected asset client. Then we can list that package name
-here and explain how to use those types in a package.
-
-## Client APIs
-
-This plugin provides asset clients for Kibana server and public usage. The differences between these
-two clients are described below in their sections, while the methods for both APIs are described
-in the Client Methods section.
-
-These clients are set up in the following way. For a given "methodA":
-
-```
-publicMethodA(...options: MethodAPublicOptions)
-  -> browser client calls corresponding REST API method with MethodAPublicOptions
-  -> REST API handler calls corresponding serverMethodA
-  -> serverMethodA requires MethodAPublicOptions & AssetClientDependencies, and it also
-      injects some internal dependencies from the plugin's config on your behalf
-```
-
-The public and server clients are both accessible to plugin dependants, but the REST API is NOT.
-
-### Required dependency setup
-
-To use either client, you must first add "assetManager" to your `"requiredDependencies"` array
-in your plugin's kibana.jsonc file.
-
-TECH PREVIEW NOTE: While this plugin is in "tech preview", in both the server and public clients,
-the provided plugin dependencies can be undefined for this plugin if the proper configuration
-has not been set (see above). For that reason, the types will force you to guard against this
-undefined scenario. Once the tech preview gating is removed, this will no longer be the case.
-
-### Server client usage
-
-In your plugin's `setup` method, you can gain access to the client from the injected `plugins` map.
-Make sure you import the `AssetManagerServerPluginSetup` type from the plugin's server
-directory and add it to your own SetupPlugins type, as seen below.
-
-```ts
-import { AssetManagerServerPluginSetup } from '@kbn/assetManager-plugin/server';
-
-interface MyPluginSetupDeps {
-  assetManager: AssetManagerServerPluginSetup;
-}
-
-class MyPlugin {
-  setup(core: CoreSetup, plugins: MyPluginSetupDeps) {
-    // assetClient is found on plugins.assetManager.assetClient
-    setupRoutes(router, plugins);
-  }
-}
-```
-
-To use the server client in your server routes, you can use something like this:
-
-```ts
-export function setupRoutes(router: IRouter, plugins: MyPluginDeps) {
-  router.get<unknown, MyRouteOptions, unknown>(
-    {
-      path: '/my/path',
-      validate: {},
-    },
-    async (context, req, res) => {
-      // handle route
-      // optionally, use asset client
-      // NOTE: see below for important info on required server client args
-      const hosts = await plugins.assetManager.assetClient.getHosts();
-    }
-  );
-}
-```
-
-#### Required parameters for server client methods
-
-All methods called via the server client require some core Kibana clients to be passed in,
-so that they are pulled from the request context and properly scoped. If the asset manager
-plugin provided these clients internally, they would not be scoped to the user that made
-the API request, so they are required arguments for every server client method.
-
-_Note: These required arguments are referred to as `AssetClientDependencies`, which can be
-seen in the [the server types file](../server/types.ts)._
-
-For example:
-
-```ts
-router.get<unknown, MyRouteOptions, unknown>(
-  {
-    path: '/my/path',
-    validate: {},
-  },
-  async (context, req, res) => {
-    // to use server asset client, you must get the following clients
-    // from the request context and pass them to the client method
-    // alongside whatever "public" arguments that method defines
-    const coreContext = await context.core;
-    const hostsOptions: PublicGetHostsOptions = {}; // these will be different for each method
-
-    const hosts = await plugins.assetManager.assetClient.getHosts({
-      ...hostsOptions,
-      elasticsearchClient: coreContext.elasticsearch.client.asCurrentUser,
-      savedObjectsClient: coreContext.savedObjects.client,
-    });
-  }
-);
-```
-
-### Public client usage
-
-You should grab the public client in the same way as the server one, via the plugin dependencies
-in your `setup` lifecycle.
-
-```ts
-import { AssetManagerPublicPluginStart } from '@kbn/assetManager-plugin/public';
-
-interface MyPluginStartDeps {
-  assetManager: AssetManagerPublicPluginStart;
-}
-
-class MyPlugin {
-  setup(core: CoreSetup) {
-    core.application.register({
-      id: 'my-other-plugin',
-      title: '',
-      appRoute: '/app/my-other-plugin',
-      mount: async (params: AppMountParameters) => {
-        // mount callback should not use setup dependencies, get start dependencies instead
-        // so the pluginStart map passed to your renderApp method will be the start deps,
-        // not the setup deps -- the same asset client is provided to both setup and start in public
-        const [coreStart, , pluginStart] = await core.getStartServices();
-        // assetClient is found on pluginStart.assetManager.assetClient
-        return renderApp(coreStart, pluginStart, params);
-      },
-    });
-  }
-}
-```
-
-All methods in the public client only require their public options (seen below), and don't require
-the "AssetClientDependencies" that are required for the server client versions of the same methods.
-This is because the public client will use the asset manager's internal REST API under the hood, where
-it will be able to pull the properly-scoped client dependencies off of that request context for you.
-
-### Client methods
-
-TODO: Link to a centralized asset document example that each response can reference?
-
-#### getHosts
-
-Get a list of host assets found within a specified time range.
-
-| Parameter | Type            | Required? | Description                                                                                                                                                                                        |
-| :-------- | :-------------- | :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| from      | datetime string | yes       | ISO date string representing the START of the time range being queried                                                                                                                             |
-| to        | datetime string | yes       | ISO date string representing the END of the time range being queried                                                                                                                               |
-| filters   | object          | no        | key/value pairs filtering the assets returned. See [supported filters](https://github.com/main/kibana/blob/main/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts#L168-L178) |
-
-**Example**
-
-```js
-getHosts({
-  from: '2023-12-04T09:42:00.000Z',
-  to: '2023-12-04T09:44:00.000Z',
-  filters: {
-    'cloud.provider': 'gcp',
-  },
-});
-```
-
-**Response**
-
-```json
-{
-  "hosts": [
-    {
-      "@timestamp": "2023-12-04T09:42:52.538Z",
-      "asset.kind": "host",
-      "asset.id": "gcp-host-2zze1241",
-      "asset.name": "gcp-host-2zze1241",
-      "asset.ean": "host:gcp-host-2zze1241",
-      "cloud.provider": "gcp",
-      "cloud.instance.id": "235111598995020799",
-      "cloud.service.name": "GCE",
-      "cloud.region": "us-central1",
-      "asset.children": ["pod:3ca933f5-effa-47f6-b991-fa1b528cc2e4"]
-    }
-  ]
-}
-```
-
-#### getServices
-
-Get a list of service assets found within a specified time range.
-
-| Parameter | Type            | Required? | Description                                                                                                                                                                                        |
-| :-------- | :-------------- | :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| from      | datetime string | yes       | ISO date string representing the START of the time range being queried                                                                                                                             |
-| to        | datetime string | yes       | ISO date string representing the END of the time range being queried                                                                                                                               |
-| filters   | object          | no        | key/value pairs filtering the assets returned. See [supported filters](https://github.com/main/kibana/blob/main/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts#L168-L178) |
-
-**Example**
-
-```js
-getServices({
-  from: '2023-12-04T09:42:00.000Z',
-  to: '2023-12-04T09:44:00.000Z',
-});
-```
-
-**Response**
-
-```json
-{
-  "services": [
-    {
-      "@timestamp": "2023-12-03T09:44:00.000Z",
-      "asset.kind": "service",
-      "asset.id": "adservice",
-      "asset.ean": "service:adservice",
-      "asset.parents": [
-        "container:50041db622002301a71b15e3c8468aa2b0cdb716b2ebd3091e20975580a397ae"
-      ]
-    }
-  ]
-}
-```
-
-#### getContainers
-
-Get a list of container assets found within a specified time range.
-
-| Parameter | Type            | Required? | Description                                                                                                                                                                                        |
-| :-------- | :-------------- | :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| from      | datetime string | yes       | ISO date string representing the START of the time range being queried                                                                                                                             |
-| to        | datetime string | yes       | ISO date string representing the END of the time range being queried                                                                                                                               |
-| filters   | object          | no        | key/value pairs filtering the assets returned. See [supported filters](https://github.com/main/kibana/blob/main/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts#L168-L178) |
-
-**Example**
-
-```js
-getContainers({
-  from: '2023-12-04T09:42:00.000Z',
-  to: '2023-12-04T09:44:00.000Z',
-});
-```
-
-**Response**
-
-```json
-{
-  "containers": [
-    {
-      "@timestamp": "2023-12-03T09:42:11.427Z",
-      "asset.kind": "container",
-      "asset.id": "040744a58fdbdf9a7d628c4e71842301ccc3ed54a1efa8ff47747af251e5896c",
-      "asset.ean": "container:040744a58fdbdf9a7d628c4e71842301ccc3ed54a1efa8ff47747af251e5896c",
-      "asset.parents": ["pod:928db0ae-2b63-48f3-8725-a8ddc490d69e"],
-      "asset.references": ["host:gcp-host-2zze1241"]
-    }
-  ]
-}
-```
-
-#### getPods
-
-Get a list of pod assets found within a specified time range.
-
-| Parameter | Type            | Required? | Description                                                                                                                                                                                        |
-| :-------- | :-------------- | :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| from      | datetime string | yes       | ISO date string representing the START of the time range being queried                                                                                                                             |
-| to        | datetime string | yes       | ISO date string representing the END of the time range being queried                                                                                                                               |
-| filters   | object          | no        | key/value pairs filtering the assets returned. See [supported filters](https://github.com/main/kibana/blob/main/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts#L168-L178) |
-
-**Example**
-
-```js
-getPods({
-  from: '2023-12-04T09:42:00.000Z',
-  to: '2023-12-04T09:44:00.000Z',
-});
-```
-
-**Response**
-
-```json
-{
-  "pods": [
-    {
-      "@timestamp": "2023-12-03T09:42:14.680Z",
-      "asset.kind": "pod",
-      "asset.id": "00b2bad4-b878-4647-aa00-d8b24c9216f1",
-      "asset.ean": "pod:00b2bad4-b878-4647-aa00-d8b24c9216f1",
-      "asset.parents": ["host:gcp-host-2zze1241"],
-      "cloud.provider": "gcp"
-    }
-  ]
-}
-```
-
-#### getAssets
-
-Get a list of service assets found within a specified time range, sorted by timestamp desc.
-
-| Parameter | Type            | Required? | Description                                                                                                                                                                                        |
-| :-------- | :-------------- | :-------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| from      | datetime string | yes       | ISO date string representing the START of the time range being queried                                                                                                                             |
-| to        | datetime string | yes       | ISO date string representing the END of the time range being queried                                                                                                                               |
-| filters   | object          | no        | key/value pairs filtering the assets returned. See [supported filters](https://github.com/main/kibana/blob/main/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts#L168-L178) |
-
-**Example**
-
-```js
-getAssets({
-  from: '2023-12-04T09:42:00.000Z',
-  to: '2023-12-04T09:44:00.000Z',
-});
-```
-
-**Response**
-
-```json
-{
-  "assets": [
-    {
-      "@timestamp": "2023-12-03T09:44:00.000Z",
-      "asset.kind": "service",
-      "asset.id": "adservice",
-      "asset.ean": "service:adservice",
-      "asset.parents": [
-        "container:50041db622002301a71b15e3c8468aa2b0cdb716b2ebd3091e20975580a397ae"
-      ]
-    },
-    {
-      "@timestamp": "2023-12-04T09:42:52.538Z",
-      "asset.kind": "host",
-      "asset.id": "gcp-host-2zze1241",
-      "asset.name": "gcp-host-2zze1241",
-      "asset.ean": "host:gcp-host-2zze1241",
-      "cloud.provider": "gcp",
-      "cloud.instance.id": "235111598995020799",
-      "cloud.region": "us-central1",
-      "asset.children": ["pod:3ca933f5-effa-47f6-b991-fa1b528cc2e4"]
-    }
-  ]
-}
-```
diff --git a/x-pack/plugins/observability_solution/asset_manager/docs/development.md b/x-pack/plugins/observability_solution/asset_manager/docs/development.md
deleted file mode 100644
index a98e8e46a8ce4..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/docs/development.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# Asset Manager Plugin Development
-
-These docs contain information you might need if you are developing this plugin in Kibana. If you are interested in the APIs this plugin exposes, please see [./api.md](our API docs) instead.
-
-## Running Tests
-
-There are integration tests for the endpoints implemented thus far as well as for
-the sample data tests. There is also a small set of tests meant to ensure that the
-plugin is not doing anything without the proper config value in place to enable
-the plugin fully. For more on enabling the plugin, see [the docs page](./docs/index.md).
-
-The "not enabled" tests are run by default in CI. To run them manually, do the following:
-
-```shell
-$ node scripts/functional_tests_server --config x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts
-$ node scripts/functional_test_runner --config=x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts
-```
-
-The "enabled" tests are NOT run by CI yet, to prevent blocking Kibana development for a
-test failure in this alpha, tech preview plugin. They will be moved into the right place
-to make them run for CI before the plugin is enabled by default. To run them manually:
-
-```shell
-$ node scripts/functional_tests_server --config x-pack/test/api_integration/apis/asset_manager/config.ts
-$ node scripts/functional_test_runner --config=x-pack/test/api_integration/apis/asset_manager/config.ts
-```
-
-## Using Sample Data
-
-This plugin comes with a full "working set" of sample asset documents, meant
-to provide enough data in the correct schema format so that all of the API
-endpoints return expected values.
-
-To create the sample data, follow [the instructions in the REST API docs](./docs/index.md#sample-data).
diff --git a/x-pack/plugins/observability_solution/asset_manager/docs/rest_deprecated.md b/x-pack/plugins/observability_solution/asset_manager/docs/rest_deprecated.md
deleted file mode 100644
index 43a5f74a0d058..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/docs/rest_deprecated.md
+++ /dev/null
@@ -1,1358 +0,0 @@
-## Deprecated REST API docs
-
-These docs are not being currently maintained because they pertain to an internal REST API. Please see [our docs for our API clients](./api.md) instead.
-
-### Shared Types
-
-The following types are used in the API docs described below.
-
-```ts
-type ISOString = string; // ISO date time string
-type DateMathString = string; // see https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math
-type RangeDate = ISOString | DateMathString;
-type AssetType = 'k8s.pod' | 'k8s.cluster' | 'k8s.node'; // etc.
-type AssetEan = string; // of format "{AssetType}:{id string}", e.g. "k8s.pod:my-pod-id-123xyz"
-type ESQueryString = string; // Lucene query string, encoded
-
-interface Asset extends ECSDocument {
-  lastSeen: Date;
-  'asset.type': AssetType;
-  'asset.id': string;
-  'asset.name'?: string;
-  'asset.ean': AssetEan;
-  'asset.parents'?: AssetEan[];
-  'asset.children'?: AssetEan[];
-  'asset.references'?: AssetEan[];
-  distance?: number; // used when assets are returned via relationship to another asset
-}
-```
-
-### REST API
-
-The following REST endpoints are available at the base URL of `{kibana_url}:{port}/{base_path}/api/asset-manager`
-
-**Note: Unless otherwise specified, query parameters that accept an _array_ type of values do so by specifying the
-query parameter key multiple times, e.g. `?type=k8s.pod&type=k8s.node`**
-
-#### GET /assets
-
-Returns a list of assets present within a given time range. Can be limited by asset type OR EAN (Elastic Asset Name).
-
-##### Request
-
-| Option | Type        | Required? | Default   | Description                                                      |
-| :----- | :---------- | :-------- | :-------- | :--------------------------------------------------------------- |
-| from   | RangeDate   | No        | "now-24h" | Starting point for date range to search for assets within        |
-| to     | RangeDate   | No        | "now"     | End point for date range to search for assets                    |
-| type   | AssetType[] | No        | all       | Specify one or more types to restrict the query                  |
-| ean    | AssetEan[]  | No        | all       | Specify one or more EANs (specific assets) to restrict the query |
-| size   | number      | No        | all       | Limit the amount of assets returned                              |
-
-_Notes:_
-
-- User cannot specify both type and ean at the same time.
-- For array types such as `type` and `ean`, user should specify the query parameter multiple times, e.g. `type=k8s.pod&type=k8s.node`
-
-##### Responses
-
-<details>
-
-<summary>Invalid request with type and ean both specified</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets?from=2023-03-25T17:44:44.000Z&type=k8s.pod&ean=k8s.pod:123
-
-{
-  "statusCode": 400,
-  "error": "Bad Request",
-  "message": "Filters "type" and "ean" are mutually exclusive but found both."
-}
-```
-
-</details>
-
-<details>
-
-<summary>All assets JSON response</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets?from=2023-03-25T17:44:44.000Z&to=2023-03-25T18:44:44.000Z
-
-{
-  "results": [
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-001",
-      "asset.name": "Cluster 001 (AWS EKS)",
-      "asset.ean": "k8s.cluster:cluster-001",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-002",
-      "asset.name": "Cluster 002 (Azure AKS)",
-      "asset.ean": "k8s.cluster:cluster-002",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 002 (Azure AKS)",
-      "orchestrator.cluster.id": "cluster-002",
-      "cloud.provider": "azure",
-      "cloud.region": "eu-west",
-      "cloud.service.name": "aks"
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-101",
-      "asset.name": "k8s-node-101-aws",
-      "asset.ean": "k8s.node:node-101",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-102",
-      "asset.name": "k8s-node-102-aws",
-      "asset.ean": "k8s.node:node-102",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-103",
-      "asset.name": "k8s-node-103-aws",
-      "asset.ean": "k8s.node:node-103",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200xrg1",
-      "asset.name": "k8s-pod-200xrg1-aws",
-      "asset.ean": "k8s.pod:pod-200xrg1",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200dfp2",
-      "asset.name": "k8s-pod-200dfp2-aws",
-      "asset.ean": "k8s.pod:pod-200dfp2",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wwc3",
-      "asset.name": "k8s-pod-200wwc3-aws",
-      "asset.ean": "k8s.pod:pod-200wwc3",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200naq4",
-      "asset.name": "k8s-pod-200naq4-aws",
-      "asset.ean": "k8s.pod:pod-200naq4",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Assets by type JSON response</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets?from=2023-03-25T17:44:44.000Z&to=2023-03-25T18:44:44.000Z&type=k8s.pod
-
-{
-  "results": [
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200xrg1",
-      "asset.name": "k8s-pod-200xrg1-aws",
-      "asset.ean": "k8s.pod:pod-200xrg1",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200dfp2",
-      "asset.name": "k8s-pod-200dfp2-aws",
-      "asset.ean": "k8s.pod:pod-200dfp2",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wwc3",
-      "asset.name": "k8s-pod-200wwc3-aws",
-      "asset.ean": "k8s.pod:pod-200wwc3",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200naq4",
-      "asset.name": "k8s-pod-200naq4-aws",
-      "asset.ean": "k8s.pod:pod-200naq4",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Assets by EAN JSON response</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets?from=2023-03-25T17:44:44.000Z&to=2023-03-25T18:44:44.000Z&ean=k8s.node:node-101&ean=k8s.pod:pod-6r1z
-
-{
-  "results": [
-    {
-      "@timestamp": "2023-03-25T18:35:38.369Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-101",
-      "asset.name": "k8s-node-101-aws",
-      "asset.ean": "k8s.node:node-101",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    }
-  ]
-}
-```
-
-</details>
-
-<a name="sample-data" id="sample-data"></a>
-
-### GET /assets/diff
-
-Returns assets found in the two time ranges, split by what occurs in only either or in both.
-
-#### Request
-
-| Option | Type        | Required? | Default | Description                                                        |
-| :----- | :---------- | :-------- | :------ | :----------------------------------------------------------------- |
-| aFrom  | RangeDate   | Yes       | N/A     | Starting point for baseline date range to search for assets within |
-| aTo    | RangeDate   | Yes       | N/A     | End point for baseline date range to search for assets within      |
-| bFrom  | RangeDate   | Yes       | N/A     | Starting point for comparison date range                           |
-| bTo    | RangeDate   | Yes       | N/A     | End point for comparison date range                                |
-| type   | AssetType[] | No        | all     | Restrict results to one or more asset.type value                   |
-
-#### Responses
-
-<details>
-
-<summary>Request where comparison range is missing assets that are found in the baseline range</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/diff?aFrom=2022-02-07T00:00:00.000Z&aTo=2022-02-07T01:30:00.000Z&bFrom=2022-02-07T01:00:00.000Z&bTo=2022-02-07T02:00:00.000Z
-
-{
-  "onlyInA": [
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200xrg1",
-      "asset.name": "k8s-pod-200xrg1-aws",
-      "asset.ean": "k8s.pod:pod-200xrg1",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200dfp2",
-      "asset.name": "k8s-pod-200dfp2-aws",
-      "asset.ean": "k8s.pod:pod-200dfp2",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    }
-  ],
-  "onlyInB": [],
-  "inBoth": [
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-001",
-      "asset.name": "Cluster 001 (AWS EKS)",
-      "asset.ean": "k8s.cluster:cluster-001",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-002",
-      "asset.name": "Cluster 002 (Azure AKS)",
-      "asset.ean": "k8s.cluster:cluster-002",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 002 (Azure AKS)",
-      "orchestrator.cluster.id": "cluster-002",
-      "cloud.provider": "azure",
-      "cloud.region": "eu-west",
-      "cloud.service.name": "aks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-101",
-      "asset.name": "k8s-node-101-aws",
-      "asset.ean": "k8s.node:node-101",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-102",
-      "asset.name": "k8s-node-102-aws",
-      "asset.ean": "k8s.node:node-102",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-103",
-      "asset.name": "k8s-node-103-aws",
-      "asset.ean": "k8s.node:node-103",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request where baseline range is missing assets that are found in the comparison range</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/diff?aFrom=2022-02-07T01:00:00.000Z&aTo=2022-02-07T01:30:00.000Z&bFrom=2022-02-07T01:00:00.000Z&bTo=2022-02-07T03:00:00.000Z
-
-{
-  "onlyInA": [],
-  "onlyInB": [
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wwc3",
-      "asset.name": "k8s-pod-200wwc3-aws",
-      "asset.ean": "k8s.pod:pod-200wwc3",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200naq4",
-      "asset.name": "k8s-pod-200naq4-aws",
-      "asset.ean": "k8s.pod:pod-200naq4",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    }
-  ],
-  "inBoth": [
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-001",
-      "asset.name": "Cluster 001 (AWS EKS)",
-      "asset.ean": "k8s.cluster:cluster-001",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-002",
-      "asset.name": "Cluster 002 (Azure AKS)",
-      "asset.ean": "k8s.cluster:cluster-002",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 002 (Azure AKS)",
-      "orchestrator.cluster.id": "cluster-002",
-      "cloud.provider": "azure",
-      "cloud.region": "eu-west",
-      "cloud.service.name": "aks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-101",
-      "asset.name": "k8s-node-101-aws",
-      "asset.ean": "k8s.node:node-101",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-102",
-      "asset.name": "k8s-node-102-aws",
-      "asset.ean": "k8s.node:node-102",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-103",
-      "asset.name": "k8s-node-103-aws",
-      "asset.ean": "k8s.node:node-103",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request where each range is missing assets found in the other range</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/diff?aFrom=2022-02-07T00:00:00.000Z&aTo=2022-02-07T01:30:00.000Z&bFrom=2022-02-07T01:00:00.000Z&bTo=2022-02-07T03:00:00.000Z
-
-{
-  "onlyInA": [
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200xrg1",
-      "asset.name": "k8s-pod-200xrg1-aws",
-      "asset.ean": "k8s.pod:pod-200xrg1",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200dfp2",
-      "asset.name": "k8s-pod-200dfp2-aws",
-      "asset.ean": "k8s.pod:pod-200dfp2",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    }
-  ],
-  "onlyInB": [
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wwc3",
-      "asset.name": "k8s-pod-200wwc3-aws",
-      "asset.ean": "k8s.pod:pod-200wwc3",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200naq4",
-      "asset.name": "k8s-pod-200naq4-aws",
-      "asset.ean": "k8s.pod:pod-200naq4",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    }
-  ],
-  "inBoth": [
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-001",
-      "asset.name": "Cluster 001 (AWS EKS)",
-      "asset.ean": "k8s.cluster:cluster-001",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.cluster",
-      "asset.id": "cluster-002",
-      "asset.name": "Cluster 002 (Azure AKS)",
-      "asset.ean": "k8s.cluster:cluster-002",
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 002 (Azure AKS)",
-      "orchestrator.cluster.id": "cluster-002",
-      "cloud.provider": "azure",
-      "cloud.region": "eu-west",
-      "cloud.service.name": "aks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-101",
-      "asset.name": "k8s-node-101-aws",
-      "asset.ean": "k8s.node:node-101",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-102",
-      "asset.name": "k8s-node-102-aws",
-      "asset.ean": "k8s.node:node-102",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.node",
-      "asset.id": "node-103",
-      "asset.name": "k8s-node-103-aws",
-      "asset.ean": "k8s.node:node-103",
-      "asset.parents": [
-        "k8s.cluster:cluster-001"
-      ],
-      "orchestrator.type": "kubernetes",
-      "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-      "orchestrator.cluster.id": "cluster-001",
-      "cloud.provider": "aws",
-      "cloud.region": "us-east-1",
-      "cloud.service.name": "eks"
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request where each range is missing assets found in the other range, but restricted by type</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/diff?aFrom=2022-02-07T00:00:00.000Z&aTo=2022-02-07T01:30:00.000Z&bFrom=2022-02-07T01:00:00.000Z&bTo=2022-02-07T03:00:00.000Z&type=k8s.pod
-
-{
-  "onlyInA": [
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200xrg1",
-      "asset.name": "k8s-pod-200xrg1-aws",
-      "asset.ean": "k8s.pod:pod-200xrg1",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T00:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200dfp2",
-      "asset.name": "k8s-pod-200dfp2-aws",
-      "asset.ean": "k8s.pod:pod-200dfp2",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    }
-  ],
-  "onlyInB": [
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wwc3",
-      "asset.name": "k8s-pod-200wwc3-aws",
-      "asset.ean": "k8s.pod:pod-200wwc3",
-      "asset.parents": [
-        "k8s.node:node-101"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T03:00:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200naq4",
-      "asset.name": "k8s-pod-200naq4-aws",
-      "asset.ean": "k8s.pod:pod-200naq4",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    }
-  ],
-  "inBoth": [
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ohr5",
-      "asset.name": "k8s-pod-200ohr5-aws",
-      "asset.ean": "k8s.pod:pod-200ohr5",
-      "asset.parents": [
-        "k8s.node:node-102"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200yyx6",
-      "asset.name": "k8s-pod-200yyx6-aws",
-      "asset.ean": "k8s.pod:pod-200yyx6",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200psd7",
-      "asset.name": "k8s-pod-200psd7-aws",
-      "asset.ean": "k8s.pod:pod-200psd7",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200wmc8",
-      "asset.name": "k8s-pod-200wmc8-aws",
-      "asset.ean": "k8s.pod:pod-200wmc8",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    },
-    {
-      "@timestamp": "2022-02-07T01:30:00.000Z",
-      "asset.type": "k8s.pod",
-      "asset.id": "pod-200ugg9",
-      "asset.name": "k8s-pod-200ugg9-aws",
-      "asset.ean": "k8s.pod:pod-200ugg9",
-      "asset.parents": [
-        "k8s.node:node-103"
-      ]
-    }
-  ]
-}
-```
-
-</details>
-
-#### GET /assets/related
-
-Returns assets related to the provided ean. The relation can be one of ancestors, descendants or references.
-
-#### Request
-
-| Option      | Type         | Required? | Default | Description                                                                                       |
-| :---------- | :----------- | :-------- | :------ | :------------------------------------------------------------------------------------------------ | ----------- | ----------- |
-| relation    | string       | Yes       | N/A     | The type of related assets we're looking for. One of (ancestors                                   | descendants | references) |
-| from        | RangeDate    | Yes       | N/A     | Starting point for date range to search for assets within                                         |
-| to          | RangeDate    | No        | "now"   | End point for date range to search for assets                                                     |
-| ean         | AssetEan     | Yes       | N/A     | Single Elastic Asset Name representing the asset for which the related assets are being requested |
-| type        | AssetType[]  | No        | all     | Restrict results to one or more asset.type value                                                  |
-| maxDistance | number (1-5) | No        | 1       | Maximum number of "hops" to search away from specified asset                                      |
-
-#### Responses
-
-<details>
-
-<summary>Request looking for ancestors</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/related?ean=k8s.node:node-101&relation=ancestors&maxDistance=1&from=2023-04-18T13:10:13.111Z&to=2023-04-18T15:10:13.111Z
-{
-    "results": {
-        "primary": {
-            "@timestamp": "2023-04-18T14:10:13.111Z",
-            "asset.type": "k8s.node",
-            "asset.id": "node-101",
-            "asset.name": "k8s-node-101-aws",
-            "asset.ean": "k8s.node:node-101",
-            "asset.parents": [
-                "k8s.cluster:cluster-001"
-            ],
-            "orchestrator.type": "kubernetes",
-            "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-            "orchestrator.cluster.id": "cluster-001",
-            "cloud.provider": "aws",
-            "cloud.region": "us-east-1",
-            "cloud.service.name": "eks"
-        },
-        "ancestors": [
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.cluster",
-                "asset.id": "cluster-001",
-                "asset.name": "Cluster 001 (AWS EKS)",
-                "asset.ean": "k8s.cluster:cluster-001",
-                "orchestrator.type": "kubernetes",
-                "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-                "orchestrator.cluster.id": "cluster-001",
-                "cloud.provider": "aws",
-                "cloud.region": "us-east-1",
-                "cloud.service.name": "eks",
-                "distance": 1
-            }
-        ]
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request looking for descendants</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/related?ean=k8s.cluster:cluster-001&relation=descendants&maxDistance=1&from=2023-04-18T13:10:13.111Z&to=2023-04-18T15:10:13.111Z
-
-{
-    "results": {
-        "primary": {
-            "@timestamp": "2023-04-18T14:10:13.111Z",
-            "asset.type": "k8s.cluster",
-            "asset.id": "cluster-001",
-            "asset.name": "Cluster 001 (AWS EKS)",
-            "asset.ean": "k8s.cluster:cluster-001",
-            "orchestrator.type": "kubernetes",
-            "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-            "orchestrator.cluster.id": "cluster-001",
-            "cloud.provider": "aws",
-            "cloud.region": "us-east-1",
-            "cloud.service.name": "eks"
-        },
-        "descendants": [
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.node",
-                "asset.id": "node-101",
-                "asset.name": "k8s-node-101-aws",
-                "asset.ean": "k8s.node:node-101",
-                "asset.parents": [
-                    "k8s.cluster:cluster-001"
-                ],
-                "orchestrator.type": "kubernetes",
-                "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-                "orchestrator.cluster.id": "cluster-001",
-                "cloud.provider": "aws",
-                "cloud.region": "us-east-1",
-                "cloud.service.name": "eks",
-                "distance": 1
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.node",
-                "asset.id": "node-102",
-                "asset.name": "k8s-node-102-aws",
-                "asset.ean": "k8s.node:node-102",
-                "asset.parents": [
-                    "k8s.cluster:cluster-001"
-                ],
-                "orchestrator.type": "kubernetes",
-                "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-                "orchestrator.cluster.id": "cluster-001",
-                "cloud.provider": "aws",
-                "cloud.region": "us-east-1",
-                "cloud.service.name": "eks",
-                "distance": 1
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.node",
-                "asset.id": "node-103",
-                "asset.name": "k8s-node-103-aws",
-                "asset.ean": "k8s.node:node-103",
-                "asset.parents": [
-                    "k8s.cluster:cluster-001"
-                ],
-                "orchestrator.type": "kubernetes",
-                "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-                "orchestrator.cluster.id": "cluster-001",
-                "cloud.provider": "aws",
-                "cloud.region": "us-east-1",
-                "cloud.service.name": "eks",
-                "distance": 1
-            }
-        ]
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request looking for references</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/related?ean=k8s.pod:pod-200xrg1&relation=references&maxDistance=1&from=2023-04-18T13:10:13.111Z&to=2023-04-18T15:10:13.111Z
-
-{
-    "results": {
-        "primary": {
-            "@timestamp": "2023-04-18T14:10:13.111Z",
-            "asset.type": "k8s.pod",
-            "asset.id": "pod-200xrg1",
-            "asset.name": "k8s-pod-200xrg1-aws",
-            "asset.ean": "k8s.pod:pod-200xrg1",
-            "asset.parents": [
-                "k8s.node:node-101"
-            ],
-            "asset.references": [
-                "k8s.cluster:cluster-001"
-            ]
-        },
-        "references": [
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.cluster",
-                "asset.id": "cluster-001",
-                "asset.name": "Cluster 001 (AWS EKS)",
-                "asset.ean": "k8s.cluster:cluster-001",
-                "orchestrator.type": "kubernetes",
-                "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-                "orchestrator.cluster.id": "cluster-001",
-                "cloud.provider": "aws",
-                "cloud.region": "us-east-1",
-                "cloud.service.name": "eks",
-                "distance": 1
-            }
-        ]
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Request with type filter and non-default maxDistance</summary>
-
-```curl
-GET kbn:/api/asset-manager/assets/related?ean=k8s.cluster:cluster-001&relation=descendants&maxDistance=2&from=2023-04-18T13:10:13.111Z&to=2023-04-18T15:10:13.111Z&type=k8s.pod
-
-{
-    "results": {
-        "primary": {
-            "@timestamp": "2023-04-18T14:10:13.111Z",
-            "asset.type": "k8s.cluster",
-            "asset.id": "cluster-001",
-            "asset.name": "Cluster 001 (AWS EKS)",
-            "asset.ean": "k8s.cluster:cluster-001",
-            "orchestrator.type": "kubernetes",
-            "orchestrator.cluster.name": "Cluster 001 (AWS EKS)",
-            "orchestrator.cluster.id": "cluster-001",
-            "cloud.provider": "aws",
-            "cloud.region": "us-east-1",
-            "cloud.service.name": "eks"
-        },
-        "descendants": [
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200xrg1",
-                "asset.name": "k8s-pod-200xrg1-aws",
-                "asset.ean": "k8s.pod:pod-200xrg1",
-                "asset.parents": [
-                    "k8s.node:node-101"
-                ],
-                "asset.references": [
-                    "k8s.cluster:cluster-001"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200dfp2",
-                "asset.name": "k8s-pod-200dfp2-aws",
-                "asset.ean": "k8s.pod:pod-200dfp2",
-                "asset.parents": [
-                    "k8s.node:node-101"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200wwc3",
-                "asset.name": "k8s-pod-200wwc3-aws",
-                "asset.ean": "k8s.pod:pod-200wwc3",
-                "asset.parents": [
-                    "k8s.node:node-101"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200naq4",
-                "asset.name": "k8s-pod-200naq4-aws",
-                "asset.ean": "k8s.pod:pod-200naq4",
-                "asset.parents": [
-                    "k8s.node:node-102"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200ohr5",
-                "asset.name": "k8s-pod-200ohr5-aws",
-                "asset.ean": "k8s.pod:pod-200ohr5",
-                "asset.parents": [
-                    "k8s.node:node-102"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200yyx6",
-                "asset.name": "k8s-pod-200yyx6-aws",
-                "asset.ean": "k8s.pod:pod-200yyx6",
-                "asset.parents": [
-                    "k8s.node:node-103"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200psd7",
-                "asset.name": "k8s-pod-200psd7-aws",
-                "asset.ean": "k8s.pod:pod-200psd7",
-                "asset.parents": [
-                    "k8s.node:node-103"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200wmc8",
-                "asset.name": "k8s-pod-200wmc8-aws",
-                "asset.ean": "k8s.pod:pod-200wmc8",
-                "asset.parents": [
-                    "k8s.node:node-103"
-                ],
-                "distance": 2
-            },
-            {
-                "@timestamp": "2023-04-18T14:10:13.111Z",
-                "asset.type": "k8s.pod",
-                "asset.id": "pod-200ugg9",
-                "asset.name": "k8s-pod-200ugg9-aws",
-                "asset.ean": "k8s.pod:pod-200ugg9",
-                "asset.parents": [
-                    "k8s.node:node-103"
-                ],
-                "distance": 2
-            }
-        ]
-    }
-}
-```
-
-</details>
-
-#### GET /assets/sample
-
-Returns the list of pre-defined sample asset documents that would be indexed
-when using the associated POST request.
-
-#### POST /assets/sample
-
-Indexes a batch of the pre-defined sample documents (which can be inspected before
-index by using the associated GET request).
-
-##### Request
-
-| Option       | Type       | Required? | Default | Description                                                 |
-| :----------- | :--------- | :-------- | :------ | :---------------------------------------------------------- |
-| baseDateTime | RangeDate  | No        | "now"   | Used as the timestamp for each asset document in this batch |
-| exludeEans   | AssetEan[] | No        | []      | List of string EAN values to exclude from this batch        |
diff --git a/x-pack/plugins/observability_solution/asset_manager/docs/schema/index.md b/x-pack/plugins/observability_solution/asset_manager/docs/schema/index.md
deleted file mode 100644
index 476a4964e24e1..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/docs/schema/index.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Asset Schema
-
-Last update: 2023-06-14
-
-_Note: This is a living document and should only be relied on by developers of asset collectors and the developers who are building the Asset API. Users of the Asset API should ONLY rely on the Asset API documentation itself, without worrying about this schema._
-
-## Fields
-
-### **asset.ean** (required, string)
-
-The EAN (Elastic Asset Name) is the URN-style unique identifier for an individual asset. It is currently constructed by concatenating the asset's "kind" value and its "local ID" with a `:`, i.e. `{asset.kind}:{asset.id}`.
-
-### **asset.id** (required, string)
-
-This is the local identifier for this individual asset. Assets should be _reasonably unique_ and _widely available_ wherever the asset may be found. More discussion on these requirements [in this discussion issue](https://github.com/elastic/assetbeat/issues/226).
-
-### **asset.kind** (required, AssetKind)
-
-One of a small set of valid AssetKind values representing the high-level categorizations of assets.
-
-#### Valid AssetKind values
-
-**host**
-
-TBA: description of the "host" kind
-
-**container**
-
-TBA: description of the "container" kind
-
-**service**
-
-TBA: description of the "service" kind
-
-### **asset.type** (optional, AssetType)
-
-One of a set of AssetType values aligned with this asset's dataset, usually in line with how this asset was collected. This value is usually not useful for end users, but can be useful for grouping things by how they were collected.
-
-### **asset.name** (optional, string)
-
-Optional, human-friendly name for this asset.
-
-### **asset.parents** (optional, AssetEan[])
-
-A list of EAN values corresponding to this asset's direct parents.
-
-### **asset.children** (optional, AssetEan[])
-
-A list of EAN values corresponding to this asset's direct children.
-
-### **asset.references** (optional, AssetEan[])
-
-A list of EAN values corresponding to any other assets this asset is related to, which are not direct parents or children.
diff --git a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts b/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts
deleted file mode 100644
index 649bcfcb83dc3..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { HttpSetupMock } from '@kbn/core-http-browser-mocks';
-import { coreMock } from '@kbn/core/public/mocks';
-import { PublicAssetsClient } from './public_assets_client';
-import * as routePaths from '../../common/constants_routes';
-
-describe('Public assets client', () => {
-  let http: HttpSetupMock = coreMock.createSetup().http;
-
-  beforeEach(() => {
-    http = coreMock.createSetup().http;
-  });
-
-  describe('class instantiation', () => {
-    it('should successfully instantiate', () => {
-      new PublicAssetsClient(http);
-    });
-  });
-
-  describe('getHosts', () => {
-    it('should call the REST API', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getHosts({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledTimes(1);
-    });
-
-    it('should include specified "from" and "to" parameters in http.get query', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getHosts({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledWith(routePaths.GET_HOSTS, {
-        query: { from: 'x', to: 'y' },
-      });
-    });
-
-    it('should include provided filters, but in string form', async () => {
-      const client = new PublicAssetsClient(http);
-      const filters = { id: '*id-1*' };
-      await client.getHosts({ from: 'x', filters });
-      expect(http.get).toBeCalledWith(routePaths.GET_HOSTS, {
-        query: {
-          from: 'x',
-          stringFilters: JSON.stringify(filters),
-        },
-      });
-    });
-
-    it('should return the direct results of http.get', async () => {
-      const client = new PublicAssetsClient(http);
-      http.get.mockResolvedValueOnce('my hosts');
-      const result = await client.getHosts({ from: 'x', to: 'y' });
-      expect(result).toBe('my hosts');
-    });
-  });
-
-  describe('getContainers', () => {
-    it('should call the REST API', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getContainers({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledTimes(1);
-    });
-
-    it('should include specified "from" and "to" parameters in http.get query', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getContainers({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledWith(routePaths.GET_CONTAINERS, {
-        query: { from: 'x', to: 'y' },
-      });
-    });
-
-    it('should include provided filters, but in string form', async () => {
-      const client = new PublicAssetsClient(http);
-      const filters = { id: '*id-1*' };
-      await client.getContainers({ from: 'x', filters });
-      expect(http.get).toBeCalledWith(routePaths.GET_CONTAINERS, {
-        query: {
-          from: 'x',
-          stringFilters: JSON.stringify(filters),
-        },
-      });
-    });
-
-    it('should return the direct results of http.get', async () => {
-      const client = new PublicAssetsClient(http);
-      http.get.mockResolvedValueOnce('my hosts');
-      const result = await client.getContainers({ from: 'x', to: 'y' });
-      expect(result).toBe('my hosts');
-    });
-  });
-
-  describe('getServices', () => {
-    it('should call the REST API', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getServices({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledTimes(1);
-    });
-
-    it('should include specified "from" and "to" parameters in http.get query', async () => {
-      const client = new PublicAssetsClient(http);
-      await client.getServices({ from: 'x', to: 'y' });
-      expect(http.get).toBeCalledWith(routePaths.GET_SERVICES, {
-        query: { from: 'x', to: 'y' },
-      });
-    });
-
-    it('should include provided filters, but in string form', async () => {
-      const client = new PublicAssetsClient(http);
-      const filters = { id: '*id-1*', parentEan: 'container:123' };
-      await client.getServices({ from: 'x', filters });
-      expect(http.get).toBeCalledWith(routePaths.GET_SERVICES, {
-        query: {
-          from: 'x',
-          stringFilters: JSON.stringify(filters),
-        },
-      });
-    });
-
-    it('should return the direct results of http.get', async () => {
-      const client = new PublicAssetsClient(http);
-      http.get.mockResolvedValueOnce('my services');
-      const result = await client.getServices({ from: 'x', to: 'y' });
-      expect(result).toBe('my services');
-    });
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts b/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts
deleted file mode 100644
index 130e723da34a6..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { HttpStart } from '@kbn/core/public';
-import {
-  GetContainersOptionsPublic,
-  GetHostsOptionsPublic,
-  GetServicesOptionsPublic,
-  GetPodsOptionsPublic,
-  GetAssetsOptionsPublic,
-} from '../../common/types_client';
-import {
-  GetContainerAssetsResponse,
-  GetHostAssetsResponse,
-  GetServiceAssetsResponse,
-  GetPodAssetsResponse,
-  GetAssetsResponse,
-} from '../../common/types_api';
-import {
-  GET_CONTAINERS,
-  GET_HOSTS,
-  GET_SERVICES,
-  GET_PODS,
-  GET_ASSETS,
-} from '../../common/constants_routes';
-import { IPublicAssetsClient } from '../types';
-
-export class PublicAssetsClient implements IPublicAssetsClient {
-  constructor(private readonly http: HttpStart) {}
-
-  async getHosts(options: GetHostsOptionsPublic) {
-    const { filters, ...otherOptions } = options;
-    const results = await this.http.get<GetHostAssetsResponse>(GET_HOSTS, {
-      query: {
-        stringFilters: JSON.stringify(filters),
-        ...otherOptions,
-      },
-    });
-
-    return results;
-  }
-
-  async getContainers(options: GetContainersOptionsPublic) {
-    const { filters, ...otherOptions } = options;
-    const results = await this.http.get<GetContainerAssetsResponse>(GET_CONTAINERS, {
-      query: {
-        stringFilters: JSON.stringify(filters),
-        ...otherOptions,
-      },
-    });
-
-    return results;
-  }
-
-  async getServices(options: GetServicesOptionsPublic) {
-    const { filters, ...otherOptions } = options;
-    const results = await this.http.get<GetServiceAssetsResponse>(GET_SERVICES, {
-      query: {
-        stringFilters: JSON.stringify(filters),
-        ...otherOptions,
-      },
-    });
-
-    return results;
-  }
-
-  async getPods(options: GetPodsOptionsPublic) {
-    const { filters, ...otherOptions } = options;
-    const results = await this.http.get<GetPodAssetsResponse>(GET_PODS, {
-      query: {
-        stringFilters: JSON.stringify(filters),
-        ...otherOptions,
-      },
-    });
-
-    return results;
-  }
-
-  async getAssets(options: GetAssetsOptionsPublic) {
-    const { filters, ...otherOptions } = options;
-    const results = await this.http.get<GetAssetsResponse>(GET_ASSETS, {
-      query: {
-        stringFilters: JSON.stringify(filters),
-        ...otherOptions,
-      },
-    });
-
-    return results;
-  }
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/public/plugin.ts b/x-pack/plugins/observability_solution/asset_manager/public/plugin.ts
deleted file mode 100644
index 620c2060b83e9..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/public/plugin.ts
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { CoreSetup, CoreStart, PluginInitializerContext } from '@kbn/core/public';
-import { Logger } from '@kbn/logging';
-
-import { AssetManagerPluginClass } from './types';
-import { PublicAssetsClient } from './lib/public_assets_client';
-import type { AssetManagerPublicConfig } from '../common/config';
-
-export class Plugin implements AssetManagerPluginClass {
-  public config: AssetManagerPublicConfig;
-  public logger: Logger;
-
-  constructor(context: PluginInitializerContext<{}>) {
-    this.config = context.config.get();
-    this.logger = context.logger.get();
-  }
-
-  setup(core: CoreSetup) {
-    // Check for config value and bail out if not "alpha-enabled"
-    if (!this.config.alphaEnabled) {
-      this.logger.debug('Public is NOT enabled');
-      return;
-    }
-
-    this.logger.debug('Public is enabled');
-
-    const publicAssetsClient = new PublicAssetsClient(core.http);
-    return {
-      publicAssetsClient,
-    };
-  }
-
-  start(core: CoreStart) {
-    // Check for config value and bail out if not "alpha-enabled"
-    if (!this.config.alphaEnabled) {
-      return;
-    }
-
-    const publicAssetsClient = new PublicAssetsClient(core.http);
-    return {
-      publicAssetsClient,
-    };
-  }
-
-  stop() {}
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/public/types.ts b/x-pack/plugins/observability_solution/asset_manager/public/types.ts
deleted file mode 100644
index 67f0053cfdd56..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/public/types.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import type { Plugin as PluginClass } from '@kbn/core/public';
-import { GetHostsOptionsPublic } from '../common/types_client';
-import { GetHostAssetsResponse } from '../common/types_api';
-export interface AssetManagerPublicPluginSetup {
-  publicAssetsClient: IPublicAssetsClient;
-}
-
-export interface AssetManagerPublicPluginStart {
-  publicAssetsClient: IPublicAssetsClient;
-}
-
-export type AssetManagerPluginClass = PluginClass<
-  AssetManagerPublicPluginSetup | undefined,
-  AssetManagerPublicPluginStart | undefined
->;
-
-export interface IPublicAssetsClient {
-  getHosts: (options: GetHostsOptionsPublic) => Promise<GetHostAssetsResponse>;
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/index.ts
deleted file mode 100644
index 86e5e855a74c9..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/index.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { PluginInitializerContext } from '@kbn/core-plugins-server';
-import { AssetManagerConfig } from '../common/config';
-import { AssetManagerServerPluginSetup, AssetManagerServerPluginStart, config } from './plugin';
-import type { WriteSamplesPostBody } from './routes/sample_assets';
-
-export type {
-  AssetManagerConfig,
-  WriteSamplesPostBody,
-  AssetManagerServerPluginSetup,
-  AssetManagerServerPluginStart,
-};
-export { config };
-
-export const plugin = async (context: PluginInitializerContext<AssetManagerConfig>) => {
-  const { AssetManagerServerPlugin } = await import('./plugin');
-  return new AssetManagerServerPlugin(context);
-};
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts
deleted file mode 100644
index 8a7aad907a368..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
-import { GetApmIndicesMethod } from '../../asset_client_types';
-import { getContainers } from './get_containers';
-import {
-  createGetApmIndicesMock,
-  expectToThrowValidationErrorWithStatusCode,
-} from '../../../test_utils';
-import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server';
-import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
-
-function createBaseOptions({
-  getApmIndicesMock,
-  metricsDataClientMock,
-}: {
-  getApmIndicesMock: GetApmIndicesMethod;
-  metricsDataClientMock: MetricsDataClient;
-}) {
-  return {
-    sourceIndices: {
-      logs: 'my-logs*',
-    },
-    getApmIndices: getApmIndicesMock,
-    metricsClient: metricsDataClientMock,
-  };
-}
-
-describe('getContainers', () => {
-  let getApmIndicesMock = createGetApmIndicesMock();
-  let metricsDataClientMock = MetricsDataClientMock.create();
-  let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-  let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-  let soClientMock = savedObjectsClientMock.create();
-
-  function resetMocks() {
-    getApmIndicesMock = createGetApmIndicesMock();
-    metricsDataClientMock = MetricsDataClientMock.create();
-    baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-    esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-    soClientMock = savedObjectsClientMock.create();
-  }
-
-  beforeEach(() => {
-    resetMocks();
-
-    // ES returns no results, just enough structure to not blow up
-    esClientMock.search.mockResolvedValueOnce({
-      took: 1,
-      timed_out: false,
-      _shards: {
-        failed: 0,
-        successful: 1,
-        total: 1,
-      },
-      hits: {
-        hits: [],
-      },
-    });
-  });
-
-  it('should query Elasticsearch correctly', async () => {
-    await getContainers({
-      ...baseOptions,
-      from: 'now-5d',
-      to: 'now-3d',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-    });
-
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1);
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({
-      savedObjectsClient: soClientMock,
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.filter).toEqual([
-      {
-        range: {
-          '@timestamp': {
-            gte: 'now-5d',
-            lte: 'now-3d',
-          },
-        },
-      },
-    ]);
-
-    expect(bool?.must).toEqual([
-      {
-        exists: {
-          field: 'container.id',
-        },
-      },
-    ]);
-
-    expect(bool?.should).toEqual([
-      { exists: { field: 'kubernetes.container.id' } },
-      { exists: { field: 'kubernetes.pod.uid' } },
-      { exists: { field: 'kubernetes.node.name' } },
-      { exists: { field: 'host.hostname' } },
-    ]);
-  });
-
-  it('should correctly include an EAN filter as a container ID term query', async () => {
-    const mockContainerId = '123abc';
-
-    await getContainers({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `container:${mockContainerId}`,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'container.id',
-          },
-        },
-        {
-          term: {
-            'container.id': mockContainerId,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should not query ES and return empty if filtering on non-container EAN', async () => {
-    const mockId = 'some-id-123';
-
-    const result = await getContainers({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `pod:${mockId}`,
-      },
-    });
-
-    expect(esClientMock.search).toHaveBeenCalledTimes(0);
-    expect(result).toEqual({ containers: [] });
-  });
-
-  it('should throw an error when an invalid EAN is provided', async () => {
-    try {
-      await getContainers({
-        ...baseOptions,
-        from: 'now-1h',
-        elasticsearchClient: esClientMock,
-        savedObjectsClient: soClientMock,
-        filters: {
-          ean: `invalid`,
-        },
-      });
-    } catch (error) {
-      const hasMessage = 'message' in error;
-      expect(hasMessage).toEqual(true);
-      expect(error.message).toEqual('invalid is not a valid EAN');
-    }
-
-    try {
-      await getContainers({
-        ...baseOptions,
-        from: 'now-1h',
-        elasticsearchClient: esClientMock,
-        savedObjectsClient: soClientMock,
-        filters: {
-          ean: `invalid:toomany:colons`,
-        },
-      });
-    } catch (error) {
-      const hasMessage = 'message' in error;
-      expect(hasMessage).toEqual(true);
-      expect(error.message).toEqual('invalid:toomany:colons is not a valid EAN');
-    }
-  });
-
-  it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => {
-    const mockIdPattern = '*partial-id*';
-
-    await getContainers({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockIdPattern,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'container.id',
-          },
-        },
-        {
-          wildcard: {
-            'container.id': mockIdPattern,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term ID filter when an ID filter is provided without asterisks included', async () => {
-    const mockId = 'full-id';
-
-    await getContainers({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockId,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'container.id',
-          },
-        },
-        {
-          term: {
-            'container.id': mockId,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term filter for cloud filters', async () => {
-    const mockCloudProvider = 'gcp';
-    const mockCloudRegion = 'us-central-1';
-
-    await getContainers({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        'cloud.provider': mockCloudProvider,
-        'cloud.region': mockCloudRegion,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'container.id',
-          },
-        },
-        {
-          term: {
-            'cloud.provider': mockCloudProvider,
-          },
-        },
-        {
-          term: {
-            'cloud.region': mockCloudRegion,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should reject with 400 for invalid "from" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getContainers({
-          ...baseOptions,
-          from: 'now-1zz',
-          to: 'now-3d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 for invalid "to" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getContainers({
-          ...baseOptions,
-          from: 'now-5d',
-          to: 'now-3fe',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is a date that is after "to"', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getContainers({
-          ...baseOptions,
-          from: 'now',
-          to: 'now-5d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is in the future', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getContainers({
-          ...baseOptions,
-          from: 'now+1d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts
deleted file mode 100644
index c3c11bc375a84..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import { Asset } from '../../../../common/types_api';
-import { GetContainersOptionsPublic } from '../../../../common/types_client';
-import {
-  AssetClientDependencies,
-  AssetClientOptionsWithInjectedValues,
-} from '../../asset_client_types';
-import { parseEan } from '../../parse_ean';
-import { collectContainers } from '../../collectors';
-import { validateStringDateRange } from '../../validators/validate_date_range';
-
-export type GetContainersOptions = GetContainersOptionsPublic & AssetClientDependencies;
-export type GetContainersOptionsInjected =
-  AssetClientOptionsWithInjectedValues<GetContainersOptions>;
-
-export async function getContainers(
-  options: GetContainersOptionsInjected
-): Promise<{ containers: Asset[] }> {
-  validateStringDateRange(options.from, options.to);
-
-  const metricsIndices = await options.metricsClient.getMetricIndices({
-    savedObjectsClient: options.savedObjectsClient,
-  });
-
-  const filters: QueryDslQueryContainer[] = [];
-
-  if (options.filters?.ean) {
-    const ean = Array.isArray(options.filters.ean) ? options.filters.ean[0] : options.filters.ean;
-    const { kind, id } = parseEan(ean);
-
-    // if EAN filter isn't targeting a container asset, we don't need to do this query
-    if (kind !== 'container') {
-      return {
-        containers: [],
-      };
-    }
-
-    filters.push({
-      term: {
-        'container.id': id,
-      },
-    });
-  }
-
-  if (options.filters?.id) {
-    const fn = options.filters.id.includes('*') ? 'wildcard' : 'term';
-    filters.push({
-      [fn]: {
-        'container.id': options.filters.id,
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.provider']) {
-    filters.push({
-      term: {
-        'cloud.provider': options.filters['cloud.provider'],
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.region']) {
-    filters.push({
-      term: {
-        'cloud.region': options.filters['cloud.region'],
-      },
-    });
-  }
-
-  const { assets } = await collectContainers({
-    client: options.elasticsearchClient,
-    from: options.from,
-    to: options.to || 'now',
-    filters,
-    sourceIndices: {
-      metrics: metricsIndices,
-      logs: options.sourceIndices.logs,
-    },
-  });
-
-  return {
-    containers: assets,
-  };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts
deleted file mode 100644
index 1f7d1e7007bb5..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
-import { GetApmIndicesMethod } from '../../asset_client_types';
-import { getHosts } from './get_hosts';
-import {
-  createGetApmIndicesMock,
-  expectToThrowValidationErrorWithStatusCode,
-} from '../../../test_utils';
-import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server';
-import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
-
-function createBaseOptions({
-  getApmIndicesMock,
-  metricsDataClientMock,
-}: {
-  getApmIndicesMock: GetApmIndicesMethod;
-  metricsDataClientMock: MetricsDataClient;
-}) {
-  return {
-    sourceIndices: {
-      logs: 'my-logs*',
-    },
-    getApmIndices: getApmIndicesMock,
-    metricsClient: metricsDataClientMock,
-  };
-}
-
-describe('getHosts', () => {
-  let getApmIndicesMock = createGetApmIndicesMock();
-  let metricsDataClientMock = MetricsDataClientMock.create();
-  let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-  let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-  let soClientMock = savedObjectsClientMock.create();
-
-  function resetMocks() {
-    getApmIndicesMock = createGetApmIndicesMock();
-    metricsDataClientMock = MetricsDataClientMock.create();
-    baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-    esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-    soClientMock = savedObjectsClientMock.create();
-  }
-
-  beforeEach(() => {
-    resetMocks();
-
-    // ES returns no results, just enough structure to not blow up
-    esClientMock.search.mockResolvedValueOnce({
-      took: 1,
-      timed_out: false,
-      _shards: {
-        failed: 0,
-        successful: 1,
-        total: 1,
-      },
-      hits: {
-        hits: [],
-      },
-    });
-  });
-
-  it('should query Elasticsearch correctly', async () => {
-    await getHosts({
-      ...baseOptions,
-      from: 'now-5d',
-      to: 'now-3d',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-    });
-
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1);
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({
-      savedObjectsClient: soClientMock,
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.filter).toEqual([
-      {
-        range: {
-          '@timestamp': {
-            gte: 'now-5d',
-            lte: 'now-3d',
-          },
-        },
-      },
-    ]);
-
-    expect(bool?.must).toEqual([
-      {
-        exists: {
-          field: 'host.hostname',
-        },
-      },
-    ]);
-
-    expect(bool?.should).toEqual([
-      { exists: { field: 'kubernetes.node.name' } },
-      { exists: { field: 'kubernetes.pod.uid' } },
-      { exists: { field: 'container.id' } },
-      { exists: { field: 'cloud.provider' } },
-    ]);
-  });
-
-  it('should correctly include an EAN filter as a hostname term query', async () => {
-    const mockHostName = 'some-hostname-123';
-
-    await getHosts({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `host:${mockHostName}`,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'host.hostname',
-          },
-        },
-        {
-          terms: {
-            'host.hostname': [mockHostName],
-          },
-        },
-      ])
-    );
-  });
-
-  it('should not query ES and return empty if filtering on non-host EAN', async () => {
-    const mockId = 'some-id-123';
-
-    const result = await getHosts({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `container:${mockId}`,
-      },
-    });
-
-    expect(esClientMock.search).toHaveBeenCalledTimes(0);
-    expect(result).toEqual({ hosts: [] });
-  });
-
-  it('should throw an error when an invalid EAN is provided', async () => {
-    try {
-      await getHosts({
-        ...baseOptions,
-        from: 'now-1h',
-        elasticsearchClient: esClientMock,
-        savedObjectsClient: soClientMock,
-        filters: {
-          ean: `invalid`,
-        },
-      });
-    } catch (error) {
-      const hasMessage = 'message' in error;
-      expect(hasMessage).toEqual(true);
-      expect(error.message).toEqual('invalid is not a valid EAN');
-    }
-
-    try {
-      await getHosts({
-        ...baseOptions,
-        from: 'now-1h',
-        elasticsearchClient: esClientMock,
-        savedObjectsClient: soClientMock,
-        filters: {
-          ean: `invalid:toomany:colons`,
-        },
-      });
-    } catch (error) {
-      const hasMessage = 'message' in error;
-      expect(hasMessage).toEqual(true);
-      expect(error.message).toEqual('invalid:toomany:colons is not a valid EAN');
-    }
-  });
-
-  it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => {
-    const mockIdPattern = '*partial-id*';
-
-    await getHosts({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockIdPattern,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'host.hostname',
-          },
-        },
-        {
-          wildcard: {
-            'host.hostname': mockIdPattern,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term ID filter when an ID filter is provided without asterisks included', async () => {
-    const mockId = 'full-id';
-
-    await getHosts({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockId,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'host.hostname',
-          },
-        },
-        {
-          term: {
-            'host.hostname': mockId,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term filter for cloud filters', async () => {
-    const mockCloudProvider = 'gcp';
-    const mockCloudRegion = 'us-central-1';
-
-    await getHosts({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        'cloud.provider': mockCloudProvider,
-        'cloud.region': mockCloudRegion,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'host.hostname',
-          },
-        },
-        {
-          term: {
-            'cloud.provider': mockCloudProvider,
-          },
-        },
-        {
-          term: {
-            'cloud.region': mockCloudRegion,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should reject with 400 for invalid "from" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getHosts({
-          ...baseOptions,
-          from: 'now-1zz',
-          to: 'now-3d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 for invalid "to" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getHosts({
-          ...baseOptions,
-          from: 'now-5d',
-          to: 'now-3fe',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is a date that is after "to"', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getHosts({
-          ...baseOptions,
-          from: 'now',
-          to: 'now-5d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is in the future', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getHosts({
-          ...baseOptions,
-          from: 'now+1d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts
deleted file mode 100644
index 8252c57da3b0f..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import { Asset } from '../../../../common/types_api';
-import { collectHosts } from '../../collectors/hosts';
-import { GetHostsOptionsPublic } from '../../../../common/types_client';
-import {
-  AssetClientDependencies,
-  AssetClientOptionsWithInjectedValues,
-} from '../../asset_client_types';
-import { parseEan } from '../../parse_ean';
-import { validateStringDateRange } from '../../validators/validate_date_range';
-
-export type GetHostsOptions = GetHostsOptionsPublic & AssetClientDependencies;
-export type GetHostsOptionsInjected = AssetClientOptionsWithInjectedValues<GetHostsOptions>;
-
-export async function getHosts(options: GetHostsOptionsInjected): Promise<{ hosts: Asset[] }> {
-  validateStringDateRange(options.from, options.to);
-
-  const metricsIndices = await options.metricsClient.getMetricIndices({
-    savedObjectsClient: options.savedObjectsClient,
-  });
-
-  const filters: QueryDslQueryContainer[] = [];
-
-  if (options.filters?.ean) {
-    const eans = Array.isArray(options.filters.ean) ? options.filters.ean : [options.filters.ean];
-    const hostnames = eans
-      .map(parseEan)
-      .filter(({ kind }) => kind === 'host')
-      .map(({ id }) => id);
-
-    // if EAN filter isn't targeting a host asset, we don't need to do this query
-    if (hostnames.length === 0) {
-      return {
-        hosts: [],
-      };
-    }
-
-    filters.push({
-      terms: {
-        'host.hostname': hostnames,
-      },
-    });
-  }
-
-  if (options.filters?.id) {
-    const fn = options.filters.id.includes('*') ? 'wildcard' : 'term';
-    filters.push({
-      [fn]: {
-        'host.hostname': options.filters.id,
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.provider']) {
-    filters.push({
-      term: {
-        'cloud.provider': options.filters['cloud.provider'],
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.region']) {
-    filters.push({
-      term: {
-        'cloud.region': options.filters['cloud.region'],
-      },
-    });
-  }
-
-  const { assets } = await collectHosts({
-    client: options.elasticsearchClient,
-    from: options.from,
-    to: options.to || 'now',
-    filters,
-    sourceIndices: {
-      metrics: metricsIndices,
-      logs: options.sourceIndices.logs,
-    },
-  });
-
-  return {
-    hosts: assets,
-  };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts
deleted file mode 100644
index 94d367963588c..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
-import { GetApmIndicesMethod } from '../../asset_client_types';
-import { getPods } from './get_pods';
-import {
-  createGetApmIndicesMock,
-  expectToThrowValidationErrorWithStatusCode,
-} from '../../../test_utils';
-import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server';
-import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
-
-function createBaseOptions({
-  getApmIndicesMock,
-  metricsDataClientMock,
-}: {
-  getApmIndicesMock: GetApmIndicesMethod;
-  metricsDataClientMock: MetricsDataClient;
-}) {
-  return {
-    sourceIndices: {
-      logs: 'my-logs*',
-    },
-    getApmIndices: getApmIndicesMock,
-    metricsClient: metricsDataClientMock,
-  };
-}
-
-describe('getPods', () => {
-  let getApmIndicesMock = createGetApmIndicesMock();
-  let metricsDataClientMock = MetricsDataClientMock.create();
-  let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-  let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-  let soClientMock = savedObjectsClientMock.create();
-
-  function resetMocks() {
-    getApmIndicesMock = createGetApmIndicesMock();
-    metricsDataClientMock = MetricsDataClientMock.create();
-    baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock });
-    esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-    soClientMock = savedObjectsClientMock.create();
-  }
-
-  beforeEach(() => {
-    resetMocks();
-
-    // ES returns no results, just enough structure to not blow up
-    esClientMock.search.mockResolvedValueOnce({
-      took: 1,
-      timed_out: false,
-      _shards: {
-        failed: 0,
-        successful: 1,
-        total: 1,
-      },
-      hits: {
-        hits: [],
-      },
-    });
-  });
-
-  it('should query Elasticsearch correctly', async () => {
-    await getPods({
-      ...baseOptions,
-      from: 'now-5d',
-      to: 'now-3d',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-    });
-
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1);
-    expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({
-      savedObjectsClient: soClientMock,
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.filter).toEqual([
-      {
-        range: {
-          '@timestamp': {
-            gte: 'now-5d',
-            lte: 'now-3d',
-          },
-        },
-      },
-    ]);
-
-    expect(bool?.must).toEqual([
-      {
-        exists: {
-          field: 'kubernetes.pod.uid',
-        },
-      },
-      {
-        exists: {
-          field: 'kubernetes.node.name',
-        },
-      },
-    ]);
-  });
-
-  it('should correctly include an EAN filter as a pod ID term query', async () => {
-    const mockPodId = '123abc';
-
-    await getPods({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `pod:${mockPodId}`,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'kubernetes.pod.uid',
-          },
-        },
-        {
-          exists: {
-            field: 'kubernetes.node.name',
-          },
-        },
-        {
-          term: {
-            'kubernetes.pod.uid': mockPodId,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should not query ES and return empty if filtering on non-pod EAN', async () => {
-    const mockId = 'some-id-123';
-
-    const result = await getPods({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        ean: `container:${mockId}`,
-      },
-    });
-
-    expect(esClientMock.search).toHaveBeenCalledTimes(0);
-    expect(result).toEqual({ pods: [] });
-  });
-
-  it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => {
-    const mockIdPattern = '*partial-id*';
-
-    await getPods({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockIdPattern,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'kubernetes.pod.uid',
-          },
-        },
-        {
-          exists: {
-            field: 'kubernetes.node.name',
-          },
-        },
-        {
-          wildcard: {
-            'kubernetes.pod.uid': mockIdPattern,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term ID filter when an ID filter is provided without asterisks included', async () => {
-    const mockId = 'full-id';
-
-    await getPods({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        id: mockId,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'kubernetes.pod.uid',
-          },
-        },
-        {
-          exists: {
-            field: 'kubernetes.node.name',
-          },
-        },
-        {
-          term: {
-            'kubernetes.pod.uid': mockId,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should include a term filter for cloud filters', async () => {
-    const mockCloudProvider = 'gcp';
-    const mockCloudRegion = 'us-central-1';
-
-    await getPods({
-      ...baseOptions,
-      from: 'now-1h',
-      elasticsearchClient: esClientMock,
-      savedObjectsClient: soClientMock,
-      filters: {
-        'cloud.provider': mockCloudProvider,
-        'cloud.region': mockCloudRegion,
-      },
-    });
-
-    const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-    const { bool } = dsl?.query || {};
-    expect(bool).toBeDefined();
-
-    expect(bool?.must).toEqual(
-      expect.arrayContaining([
-        {
-          exists: {
-            field: 'kubernetes.pod.uid',
-          },
-        },
-        {
-          exists: {
-            field: 'kubernetes.node.name',
-          },
-        },
-        {
-          term: {
-            'cloud.provider': mockCloudProvider,
-          },
-        },
-        {
-          term: {
-            'cloud.region': mockCloudRegion,
-          },
-        },
-      ])
-    );
-  });
-
-  it('should reject with 400 for invalid "from" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getPods({
-          ...baseOptions,
-          from: 'now-1zz',
-          to: 'now-3d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 for invalid "to" date', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getPods({
-          ...baseOptions,
-          from: 'now-5d',
-          to: 'now-3fe',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is a date that is after "to"', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getPods({
-          ...baseOptions,
-          from: 'now',
-          to: 'now-5d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-
-  it('should reject with 400 when "from" is in the future', () => {
-    return expectToThrowValidationErrorWithStatusCode(
-      () =>
-        getPods({
-          ...baseOptions,
-          from: 'now+1d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        }),
-      { statusCode: 400 }
-    );
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts
deleted file mode 100644
index db2bc11ae2315..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import { Asset } from '../../../../common/types_api';
-import { GetPodsOptionsPublic } from '../../../../common/types_client';
-import {
-  AssetClientDependencies,
-  AssetClientOptionsWithInjectedValues,
-} from '../../asset_client_types';
-import { parseEan } from '../../parse_ean';
-import { collectPods } from '../../collectors/pods';
-import { validateStringDateRange } from '../../validators/validate_date_range';
-
-export type GetPodsOptions = GetPodsOptionsPublic & AssetClientDependencies;
-export type GetPodsOptionsInjected = AssetClientOptionsWithInjectedValues<GetPodsOptions>;
-
-export async function getPods(options: GetPodsOptionsInjected): Promise<{ pods: Asset[] }> {
-  validateStringDateRange(options.from, options.to);
-
-  const metricsIndices = await options.metricsClient.getMetricIndices({
-    savedObjectsClient: options.savedObjectsClient,
-  });
-
-  const filters: QueryDslQueryContainer[] = [];
-
-  if (options.filters?.ean) {
-    const ean = Array.isArray(options.filters.ean) ? options.filters.ean[0] : options.filters.ean;
-    const { kind, id } = parseEan(ean);
-
-    // if EAN filter isn't targeting a pod asset, we don't need to do this query
-    if (kind !== 'pod') {
-      return {
-        pods: [],
-      };
-    }
-
-    filters.push({
-      term: {
-        'kubernetes.pod.uid': id,
-      },
-    });
-  }
-
-  if (options.filters?.id) {
-    const fn = options.filters.id.includes('*') ? 'wildcard' : 'term';
-    filters.push({
-      [fn]: {
-        'kubernetes.pod.uid': options.filters.id,
-      },
-    });
-  }
-
-  if (options.filters?.['orchestrator.cluster.name']) {
-    filters.push({
-      term: {
-        'orchestrator.cluster.name': options.filters['orchestrator.cluster.name'],
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.provider']) {
-    filters.push({
-      term: {
-        'cloud.provider': options.filters['cloud.provider'],
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.region']) {
-    filters.push({
-      term: {
-        'cloud.region': options.filters['cloud.region'],
-      },
-    });
-  }
-
-  const { assets } = await collectPods({
-    client: options.elasticsearchClient,
-    from: options.from,
-    to: options.to || 'now',
-    filters,
-    sourceIndices: {
-      metrics: metricsIndices,
-      logs: options.sourceIndices.logs,
-    },
-  });
-
-  return {
-    pods: assets,
-  };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts
deleted file mode 100644
index b5a68028efcdb..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import { Asset } from '../../../../common/types_api';
-import { collectServices } from '../../collectors/services';
-import { parseEan } from '../../parse_ean';
-import { GetServicesOptionsPublic } from '../../../../common/types_client';
-import {
-  AssetClientDependencies,
-  AssetClientOptionsWithInjectedValues,
-} from '../../asset_client_types';
-import { validateStringDateRange } from '../../validators/validate_date_range';
-
-export type GetServicesOptions = GetServicesOptionsPublic & AssetClientDependencies;
-export type GetServicesOptionsInjected = AssetClientOptionsWithInjectedValues<GetServicesOptions>;
-
-export async function getServices(
-  options: GetServicesOptionsInjected
-): Promise<{ services: Asset[] }> {
-  validateStringDateRange(options.from, options.to);
-
-  const filters: QueryDslQueryContainer[] = [];
-
-  if (options.filters?.ean) {
-    const eans = Array.isArray(options.filters.ean) ? options.filters.ean : [options.filters.ean];
-    const services = eans
-      .map(parseEan)
-      .filter(({ kind }) => kind === 'service')
-      .map(({ id }) => id);
-
-    if (services.length === 0) {
-      return {
-        services: [],
-      };
-    }
-
-    filters.push({
-      terms: {
-        'service.name': services,
-      },
-    });
-  }
-
-  if (options.filters?.parentEan) {
-    const { kind, id } = parseEan(options.filters?.parentEan);
-
-    if (kind === 'host') {
-      filters.push({
-        bool: {
-          should: [{ term: { 'host.name': id } }, { term: { 'host.hostname': id } }],
-          minimum_should_match: 1,
-        },
-      });
-    }
-
-    if (kind === 'container') {
-      filters.push({
-        bool: {
-          should: [{ term: { 'container.id': id } }],
-          minimum_should_match: 1,
-        },
-      });
-    }
-  }
-
-  if (options.filters?.id) {
-    const fn = options.filters.id.includes('*') ? 'wildcard' : 'term';
-    filters.push({
-      [fn]: {
-        'service.name': options.filters.id,
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.provider']) {
-    filters.push({
-      term: {
-        'cloud.provider': options.filters['cloud.provider'],
-      },
-    });
-  }
-
-  if (options.filters?.['cloud.region']) {
-    filters.push({
-      term: {
-        'cloud.region': options.filters['cloud.region'],
-      },
-    });
-  }
-
-  const apmIndices = await options.getApmIndices(options.savedObjectsClient);
-  const { assets } = await collectServices({
-    client: options.elasticsearchClient,
-    from: options.from,
-    to: options.to || 'now',
-    sourceIndices: {
-      apm: apmIndices,
-    },
-    filters,
-  });
-
-  return { services: assets };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts
deleted file mode 100644
index 9ed5fb536251c..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  ElasticsearchClientMock,
-  elasticsearchClientMock,
-} from '@kbn/core-elasticsearch-client-server-mocks';
-import { AssetClient } from './asset_client';
-import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server';
-import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
-import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
-import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
-import { AssetsValidationError } from './validators/validation_error';
-import { GetApmIndicesMethod } from './asset_client_types';
-import { createGetApmIndicesMock, expectToThrowValidationErrorWithStatusCode } from '../test_utils';
-
-function createAssetClient(
-  metricsDataClient: MetricsDataClient,
-  getApmIndicesMock: jest.Mocked<GetApmIndicesMethod>
-) {
-  return new AssetClient({
-    sourceIndices: {
-      logs: 'my-logs*',
-    },
-    getApmIndices: getApmIndicesMock,
-    metricsClient: metricsDataClient,
-  });
-}
-
-describe('Server assets client', () => {
-  let metricsDataClientMock: MetricsDataClient = MetricsDataClientMock.create();
-  let getApmIndicesMock: jest.Mocked<GetApmIndicesMethod> = createGetApmIndicesMock();
-  let esClientMock: ElasticsearchClientMock =
-    elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-  let soClientMock: jest.Mocked<SavedObjectsClientContract>;
-
-  beforeEach(() => {
-    // Reset mocks
-    esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
-    soClientMock = savedObjectsClientMock.create();
-    metricsDataClientMock = MetricsDataClientMock.create();
-    getApmIndicesMock = createGetApmIndicesMock();
-
-    // ES returns no results, just enough structure to not blow up
-    esClientMock.search.mockResolvedValueOnce({
-      took: 1,
-      timed_out: false,
-      _shards: {
-        failed: 0,
-        successful: 1,
-        total: 1,
-      },
-      hits: {
-        hits: [],
-      },
-    });
-  });
-
-  describe('class instantiation', () => {
-    it('should successfully instantiate', () => {
-      createAssetClient(metricsDataClientMock, getApmIndicesMock);
-    });
-  });
-
-  // TODO: Move this block to the get_services accessor folder
-  describe('getServices', () => {
-    it('should query Elasticsearch correctly', async () => {
-      const client = createAssetClient(metricsDataClientMock, getApmIndicesMock);
-
-      await client.getServices({
-        from: 'now-5d',
-        to: 'now-3d',
-        elasticsearchClient: esClientMock,
-        savedObjectsClient: soClientMock,
-      });
-
-      expect(getApmIndicesMock).toHaveBeenCalledTimes(1);
-      expect(getApmIndicesMock).toHaveBeenCalledWith(soClientMock);
-
-      const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined;
-      const { bool } = dsl?.query || {};
-      expect(bool).toBeDefined();
-
-      expect(bool?.filter).toEqual([
-        {
-          range: {
-            '@timestamp': {
-              gte: 'now-5d',
-              lte: 'now-3d',
-            },
-          },
-        },
-      ]);
-
-      expect(bool?.must).toEqual([
-        {
-          exists: {
-            field: 'service.name',
-          },
-        },
-      ]);
-
-      expect(bool?.should).toBeUndefined();
-    });
-
-    it('should reject with 400 for invalid "from" date', () => {
-      const client = createAssetClient(metricsDataClientMock, getApmIndicesMock);
-
-      return expect(() =>
-        client.getServices({
-          from: 'now-1zz',
-          to: 'now-3d',
-          elasticsearchClient: esClientMock,
-          savedObjectsClient: soClientMock,
-        })
-      ).rejects.toThrow(AssetsValidationError);
-    });
-
-    it('should reject with 400 for invalid "to" date', () => {
-      const client = createAssetClient(metricsDataClientMock, getApmIndicesMock);
-
-      return expectToThrowValidationErrorWithStatusCode(
-        () =>
-          client.getServices({
-            from: 'now-5d',
-            to: 'now-3fe',
-            elasticsearchClient: esClientMock,
-            savedObjectsClient: soClientMock,
-          }),
-        { statusCode: 400 }
-      );
-    });
-
-    it('should reject with 400 when "from" is a date that is after "to"', () => {
-      const client = createAssetClient(metricsDataClientMock, getApmIndicesMock);
-
-      return expectToThrowValidationErrorWithStatusCode(
-        () =>
-          client.getServices({
-            from: 'now',
-            to: 'now-5d',
-            elasticsearchClient: esClientMock,
-            savedObjectsClient: soClientMock,
-          }),
-        { statusCode: 400 }
-      );
-    });
-
-    it('should reject with 400 when "from" is in the future', () => {
-      const client = createAssetClient(metricsDataClientMock, getApmIndicesMock);
-
-      return expectToThrowValidationErrorWithStatusCode(
-        () =>
-          client.getServices({
-            from: 'now+1d',
-            elasticsearchClient: esClientMock,
-            savedObjectsClient: soClientMock,
-          }),
-        { statusCode: 400 }
-      );
-    });
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts
deleted file mode 100644
index 9de64a9e6c000..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { orderBy } from 'lodash';
-import { Asset } from '../../common/types_api';
-import { GetAssetsOptionsPublic } from '../../common/types_client';
-import { getContainers, GetContainersOptions } from './accessors/containers/get_containers';
-import { getHosts, GetHostsOptions } from './accessors/hosts/get_hosts';
-import { getServices, GetServicesOptions } from './accessors/services/get_services';
-import { getPods, GetPodsOptions } from './accessors/pods/get_pods';
-import { AssetClientBaseOptions, AssetClientOptionsWithInjectedValues } from './asset_client_types';
-import { AssetClientDependencies } from './asset_client_types';
-
-type GetAssetsOptions = GetAssetsOptionsPublic & AssetClientDependencies;
-
-export class AssetClient {
-  constructor(private baseOptions: AssetClientBaseOptions) {}
-
-  injectOptions<T extends object = {}>(options: T): AssetClientOptionsWithInjectedValues<T> {
-    return {
-      ...options,
-      ...this.baseOptions,
-    };
-  }
-
-  async getHosts(options: GetHostsOptions): Promise<{ hosts: Asset[] }> {
-    const withInjected = this.injectOptions(options);
-    return await getHosts(withInjected);
-  }
-
-  async getServices(options: GetServicesOptions): Promise<{ services: Asset[] }> {
-    const withInjected = this.injectOptions(options);
-    return await getServices(withInjected);
-  }
-
-  async getContainers(options: GetContainersOptions): Promise<{ containers: Asset[] }> {
-    const withInjected = this.injectOptions(options);
-    return await getContainers(withInjected);
-  }
-
-  async getPods(options: GetPodsOptions): Promise<{ pods: Asset[] }> {
-    const withInjected = this.injectOptions(options);
-    return await getPods(withInjected);
-  }
-
-  async getAssets(options: GetAssetsOptions): Promise<{ assets: Asset[] }> {
-    const withInjected = this.injectOptions(options);
-    const { hosts } = await getHosts(withInjected);
-    const { services } = await getServices(withInjected);
-    return { assets: orderBy(hosts.concat(services), ['@timestamp'], ['desc']) };
-  }
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts
deleted file mode 100644
index a15886ce3a00a..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { APMDataAccessConfig } from '@kbn/apm-data-access-plugin/server';
-import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
-import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
-import { MetricsDataClient } from '@kbn/metrics-data-access-plugin/server';
-import { AssetManagerConfig } from '../../common/config';
-
-export type GetApmIndicesMethod = (
-  soClient: SavedObjectsClientContract
-) => Promise<APMDataAccessConfig['indices']>;
-export interface AssetClientDependencies {
-  elasticsearchClient: ElasticsearchClient;
-  savedObjectsClient: SavedObjectsClientContract;
-}
-
-export interface AssetClientBaseOptions {
-  sourceIndices: AssetManagerConfig['sourceIndices'];
-  getApmIndices: GetApmIndicesMethod;
-  metricsClient: MetricsDataClient;
-}
-
-export type AssetClientOptionsWithInjectedValues<T extends object> = T & AssetClientBaseOptions;
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts
deleted file mode 100644
index 2012e05912487..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { estypes } from '@elastic/elasticsearch';
-import { Asset } from '../../../common/types_api';
-import { CollectorOptions, QUERY_MAX_SIZE } from '.';
-import { extractFieldValue } from '../utils';
-
-export async function collectContainers({
-  client,
-  from,
-  to,
-  sourceIndices,
-  filters = [],
-  afterKey,
-}: CollectorOptions) {
-  if (!sourceIndices?.metrics || !sourceIndices?.logs) {
-    throw new Error('missing required metrics/logs indices');
-  }
-
-  const musts = [...filters, { exists: { field: 'container.id' } }];
-
-  const { metrics, logs } = sourceIndices;
-  const dsl: estypes.SearchRequest = {
-    index: [metrics, logs],
-    size: QUERY_MAX_SIZE,
-    collapse: {
-      field: 'container.id',
-    },
-    sort: [{ 'container.id': 'asc' }],
-    _source: false,
-    fields: [
-      '@timestamp',
-      'kubernetes.*',
-      'cloud.provider',
-      'orchestrator.cluster.name',
-      'host.name',
-      'host.hostname',
-    ],
-    query: {
-      bool: {
-        filter: [
-          {
-            range: {
-              '@timestamp': {
-                gte: from,
-                lte: to,
-              },
-            },
-          },
-        ],
-        must: musts,
-        should: [
-          { exists: { field: 'kubernetes.container.id' } },
-          { exists: { field: 'kubernetes.pod.uid' } },
-          { exists: { field: 'kubernetes.node.name' } },
-          { exists: { field: 'host.hostname' } },
-        ],
-      },
-    },
-  };
-
-  if (afterKey) {
-    dsl.search_after = afterKey;
-  }
-
-  const esResponse = await client.search(dsl);
-
-  const assets = esResponse.hits.hits.reduce<Asset[]>((acc: Asset[], hit: any) => {
-    const { fields = {} } = hit;
-    const containerId = extractFieldValue(fields['container.id']);
-    const podUid = extractFieldValue(fields['kubernetes.pod.uid']);
-    const nodeName = extractFieldValue(fields['kubernetes.node.name']);
-
-    const parentEan = podUid ? `pod:${podUid}` : `host:${fields['host.hostname']}`;
-
-    const container: Asset = {
-      '@timestamp': extractFieldValue(fields['@timestamp']),
-      'asset.kind': 'container',
-      'asset.id': containerId,
-      'asset.ean': `container:${containerId}`,
-      'asset.parents': [parentEan],
-    };
-
-    if (nodeName) {
-      container['asset.references'] = [`host:${nodeName}`];
-    }
-
-    acc.push(container);
-
-    return acc;
-  }, []);
-
-  const hitsLen = esResponse.hits.hits.length;
-  const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined;
-  return { assets, afterKey: next };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts
deleted file mode 100644
index b624373010f10..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { estypes } from '@elastic/elasticsearch';
-import { Asset } from '../../../common/types_api';
-import { CollectorOptions, QUERY_MAX_SIZE } from '.';
-import { extractFieldValue } from '../utils';
-
-export async function collectHosts({
-  client,
-  from,
-  to,
-  sourceIndices,
-  afterKey,
-  filters = [],
-}: CollectorOptions) {
-  if (!sourceIndices?.metrics || !sourceIndices?.logs) {
-    throw new Error('missing required metrics/logs indices');
-  }
-
-  const { metrics, logs } = sourceIndices;
-
-  const musts = [...filters, { exists: { field: 'host.hostname' } }];
-  const dsl: estypes.SearchRequest = {
-    index: [metrics, logs],
-    size: QUERY_MAX_SIZE,
-    collapse: { field: 'host.hostname' },
-    sort: [{ 'host.hostname': 'asc' }],
-    _source: false,
-    fields: [
-      '@timestamp',
-      'cloud.*',
-      'container.*',
-      'host.hostname',
-      'kubernetes.*',
-      'orchestrator.cluster.name',
-    ],
-    query: {
-      bool: {
-        filter: [
-          {
-            range: {
-              '@timestamp': {
-                gte: from,
-                lte: to,
-              },
-            },
-          },
-        ],
-        must: musts,
-        should: [
-          { exists: { field: 'kubernetes.node.name' } },
-          { exists: { field: 'kubernetes.pod.uid' } },
-          { exists: { field: 'container.id' } },
-          { exists: { field: 'cloud.provider' } },
-        ],
-      },
-    },
-  };
-
-  if (afterKey) {
-    dsl.search_after = afterKey;
-  }
-
-  const esResponse = await client.search(dsl);
-
-  const assets = esResponse.hits.hits.reduce<Asset[]>((acc: Asset[], hit: any) => {
-    const { fields = {} } = hit;
-    const hostName = extractFieldValue(fields['host.hostname']);
-    const k8sNode = extractFieldValue(fields['kubernetes.node.name']);
-    const k8sPod = extractFieldValue(fields['kubernetes.pod.uid']);
-
-    const hostEan = `host:${k8sNode || hostName}`;
-
-    const host: Asset = {
-      '@timestamp': extractFieldValue(fields['@timestamp']),
-      'asset.kind': 'host',
-      'asset.id': k8sNode || hostName,
-      'asset.name': k8sNode || hostName,
-      'asset.ean': hostEan,
-    };
-
-    if (fields['cloud.provider']) {
-      host['cloud.provider'] = extractFieldValue(fields['cloud.provider']);
-    }
-
-    if (fields['cloud.instance.id']) {
-      host['cloud.instance.id'] = extractFieldValue(fields['cloud.instance.id']);
-    }
-
-    if (fields['cloud.service.name']) {
-      host['cloud.service.name'] = extractFieldValue(fields['cloud.service.name']);
-    }
-
-    if (fields['cloud.region']) {
-      host['cloud.region'] = extractFieldValue(fields['cloud.region']);
-    }
-
-    if (fields['orchestrator.cluster.name']) {
-      host['orchestrator.cluster.name'] = extractFieldValue(fields['orchestrator.cluster.name']);
-    }
-
-    if (k8sPod) {
-      host['asset.children'] = [`pod:${k8sPod}`];
-    }
-
-    acc.push(host);
-
-    return acc;
-  }, []);
-
-  const hitsLen = esResponse.hits.hits.length;
-  const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined;
-  return { assets, afterKey: next };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts
deleted file mode 100644
index f1d79e749cd97..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { estypes } from '@elastic/elasticsearch';
-import type { APMIndices } from '@kbn/apm-data-access-plugin/server';
-import { ElasticsearchClient } from '@kbn/core/server';
-import { Asset } from '../../../common/types_api';
-
-export const QUERY_MAX_SIZE = 10000;
-
-export type Collector = (opts: CollectorOptions) => Promise<CollectorResult>;
-
-export interface CollectorOptions {
-  client: ElasticsearchClient;
-  from: string;
-  to: string;
-  sourceIndices?: {
-    apm?: APMIndices;
-    metrics?: string;
-    logs?: string;
-  };
-  afterKey?: estypes.SortResults;
-  filters?: estypes.QueryDslQueryContainer[];
-}
-
-export interface CollectorResult {
-  assets: Asset[];
-  afterKey?: estypes.SortResults;
-}
-
-export { collectContainers } from './containers';
-export { collectHosts } from './hosts';
-export { collectPods } from './pods';
-export { collectServices } from './services';
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts
deleted file mode 100644
index e78fa106452ca..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { estypes } from '@elastic/elasticsearch';
-import { Asset } from '../../../common/types_api';
-import { CollectorOptions, QUERY_MAX_SIZE } from '.';
-import { extractFieldValue } from '../utils';
-
-export async function collectPods({
-  client,
-  from,
-  to,
-  sourceIndices,
-  filters = [],
-  afterKey,
-}: CollectorOptions) {
-  if (!sourceIndices?.metrics || !sourceIndices?.logs) {
-    throw new Error('missing required metrics/logs indices');
-  }
-
-  const musts = [
-    ...filters,
-    { exists: { field: 'kubernetes.pod.uid' } },
-    { exists: { field: 'kubernetes.node.name' } },
-  ];
-
-  const { metrics, logs } = sourceIndices;
-  const dsl: estypes.SearchRequest = {
-    index: [metrics, logs],
-    size: QUERY_MAX_SIZE,
-    collapse: {
-      field: 'kubernetes.pod.uid',
-    },
-    sort: [{ 'kubernetes.pod.uid': 'asc' }],
-    _source: false,
-    fields: [
-      '@timestamp',
-      'kubernetes.*',
-      'cloud.provider',
-      'orchestrator.cluster.name',
-      'host.name',
-      'host.hostname',
-    ],
-    query: {
-      bool: {
-        filter: [
-          {
-            range: {
-              '@timestamp': {
-                gte: from,
-                lte: to,
-              },
-            },
-          },
-        ],
-        must: musts,
-      },
-    },
-  };
-
-  if (afterKey) {
-    dsl.search_after = afterKey;
-  }
-
-  const esResponse = await client.search(dsl);
-
-  const assets = esResponse.hits.hits.reduce<Asset[]>((acc: Asset[], hit: any) => {
-    const { fields = {} } = hit;
-    const podUid = extractFieldValue(fields['kubernetes.pod.uid']);
-    const nodeName = extractFieldValue(fields['kubernetes.node.name']);
-    const clusterName = extractFieldValue(fields['orchestrator.cluster.name']);
-
-    const pod: Asset = {
-      '@timestamp': extractFieldValue(fields['@timestamp']),
-      'asset.kind': 'pod',
-      'asset.id': podUid,
-      'asset.ean': `pod:${podUid}`,
-      'asset.parents': [`host:${nodeName}`],
-    };
-
-    if (fields['cloud.provider']) {
-      pod['cloud.provider'] = extractFieldValue(fields['cloud.provider']);
-    }
-
-    if (clusterName) {
-      pod['orchestrator.cluster.name'] = clusterName;
-    }
-
-    acc.push(pod);
-
-    return acc;
-  }, []);
-
-  const hitsLen = esResponse.hits.hits.length;
-  const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined;
-  return { assets, afterKey: next };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts
deleted file mode 100644
index 4c49f75d13594..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { estypes } from '@elastic/elasticsearch';
-import { debug } from '../../../common/debug_log';
-import { Asset } from '../../../common/types_api';
-import { CollectorOptions, QUERY_MAX_SIZE } from '.';
-
-export async function collectServices({
-  client,
-  from,
-  to,
-  sourceIndices,
-  afterKey,
-  filters = [],
-}: CollectorOptions) {
-  if (!sourceIndices?.apm) {
-    throw new Error('missing required apm indices');
-  }
-
-  const { transaction, error, metric } = sourceIndices.apm;
-  const musts: estypes.QueryDslQueryContainer[] = [
-    ...filters,
-    {
-      exists: {
-        field: 'service.name',
-      },
-    },
-  ];
-
-  const dsl: estypes.SearchRequest = {
-    index: [transaction, error, metric],
-    size: 0,
-    _source: false,
-    query: {
-      bool: {
-        filter: [
-          {
-            range: {
-              '@timestamp': {
-                gte: from,
-                lte: to,
-              },
-            },
-          },
-        ],
-        must: musts,
-      },
-    },
-    aggs: {
-      services: {
-        composite: {
-          size: QUERY_MAX_SIZE,
-          sources: [
-            {
-              serviceName: {
-                terms: {
-                  field: 'service.name',
-                },
-              },
-            },
-            {
-              serviceEnvironment: {
-                terms: {
-                  field: 'service.environment',
-                  missing_bucket: true,
-                },
-              },
-            },
-          ],
-        },
-        aggs: {
-          last_seen: {
-            max: { field: '@timestamp' },
-          },
-          container_and_hosts: {
-            multi_terms: {
-              terms: [
-                {
-                  field: 'host.hostname',
-                },
-                {
-                  field: 'container.id',
-                },
-              ],
-            },
-          },
-        },
-      },
-    },
-  };
-
-  if (afterKey) {
-    dsl.aggs!.services!.composite!.after = afterKey;
-  }
-
-  debug(dsl);
-
-  const esResponse = await client.search(dsl);
-
-  const { after_key: nextKey, buckets = [] } = (esResponse.aggregations?.services || {}) as any;
-  const assets = buckets.reduce((acc: Asset[], bucket: any) => {
-    const {
-      key: { serviceName, serviceEnvironment },
-      container_and_hosts: containerHosts,
-      last_seen: lastSeen,
-    } = bucket;
-
-    if (!serviceName) {
-      return acc;
-    }
-
-    const service: Asset = {
-      '@timestamp': lastSeen.value_as_string,
-      'asset.kind': 'service',
-      'asset.id': serviceName,
-      'asset.ean': `service:${serviceName}`,
-      'asset.references': [],
-      'asset.parents': [],
-    };
-
-    if (serviceEnvironment) {
-      service['service.environment'] = serviceEnvironment;
-    }
-
-    containerHosts.buckets?.forEach((containerBucket: any) => {
-      const [hostname, containerId] = containerBucket.key;
-      if (hostname) {
-        (service['asset.references'] as string[]).push(`host:${hostname}`);
-      }
-
-      if (containerId) {
-        (service['asset.parents'] as string[]).push(`container:${containerId}`);
-      }
-    });
-
-    acc.push(service);
-
-    return acc;
-  }, []);
-
-  return { assets, afterKey: buckets.length === QUERY_MAX_SIZE ? nextKey : undefined };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts
deleted file mode 100644
index b364e63ff9a1f..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  ClusterPutComponentTemplateRequest,
-  IndicesGetIndexTemplateResponse,
-  IndicesPutIndexTemplateRequest,
-} from '@elastic/elasticsearch/lib/api/types';
-import { ElasticsearchClient, Logger } from '@kbn/core/server';
-import { ASSETS_INDEX_PREFIX } from '../constants';
-
-function templateExists(
-  template: IndicesPutIndexTemplateRequest,
-  existing: IndicesGetIndexTemplateResponse | null
-) {
-  if (existing === null) {
-    return false;
-  }
-
-  if (existing.index_templates.length === 0) {
-    return false;
-  }
-
-  const checkPatterns = Array.isArray(template.index_patterns)
-    ? template.index_patterns
-    : [template.index_patterns];
-
-  return existing.index_templates.some((t) => {
-    const { priority: existingPriority = 0 } = t.index_template;
-    const { priority: incomingPriority = 0 } = template;
-    if (existingPriority !== incomingPriority) {
-      return false;
-    }
-
-    const existingPatterns = Array.isArray(t.index_template.index_patterns)
-      ? t.index_template.index_patterns
-      : [t.index_template.index_patterns];
-
-    if (checkPatterns.every((p) => p && existingPatterns.includes(p))) {
-      return true;
-    }
-
-    return false;
-  });
-}
-
-interface TemplateManagementOptions {
-  esClient: ElasticsearchClient;
-  template: IndicesPutIndexTemplateRequest;
-  logger: Logger;
-}
-
-interface ComponentManagementOptions {
-  esClient: ElasticsearchClient;
-  component: ClusterPutComponentTemplateRequest;
-  logger: Logger;
-}
-
-export async function maybeCreateTemplate({
-  esClient,
-  template,
-  logger,
-}: TemplateManagementOptions) {
-  const pattern = ASSETS_INDEX_PREFIX + '*';
-  template.index_patterns = [pattern];
-  let existing: IndicesGetIndexTemplateResponse | null = null;
-  try {
-    existing = await esClient.indices.getIndexTemplate({ name: template.name });
-  } catch (error: any) {
-    if (error?.name !== 'ResponseError' || error?.statusCode !== 404) {
-      logger.warn(`Asset manager index template lookup failed: ${error.message}`);
-    }
-  }
-  try {
-    if (!templateExists(template, existing)) {
-      await esClient.indices.putIndexTemplate(template);
-    }
-  } catch (error: any) {
-    logger.error(`Asset manager index template creation failed: ${error.message}`);
-    return;
-  }
-
-  logger.info(
-    `Asset manager index template is up to date (use debug logging to see what was installed)`
-  );
-  logger.debug(`Asset manager index template: ${JSON.stringify(template)}`);
-}
-
-export async function upsertTemplate({ esClient, template, logger }: TemplateManagementOptions) {
-  try {
-    await esClient.indices.putIndexTemplate(template);
-  } catch (error: any) {
-    logger.error(`Error updating asset manager index template: ${error.message}`);
-    return;
-  }
-
-  logger.info(
-    `Asset manager index template is up to date (use debug logging to see what was installed)`
-  );
-  logger.debug(`Asset manager index template: ${JSON.stringify(template)}`);
-}
-
-export async function upsertComponent({ esClient, component, logger }: ComponentManagementOptions) {
-  try {
-    await esClient.cluster.putComponentTemplate(component);
-  } catch (error: any) {
-    logger.error(`Error updating asset manager component template: ${error.message}`);
-    return;
-  }
-
-  logger.info(
-    `Asset manager component template is up to date (use debug logging to see what was installed)`
-  );
-  logger.debug(`Asset manager component template: ${JSON.stringify(component)}`);
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts
deleted file mode 100644
index b7dc5e592dabd..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { parseEan } from './parse_ean';
-
-describe('parseEan function', () => {
-  it('should parse a valid EAN and return the kind and id as separate values', () => {
-    const ean = 'host:some-id-123';
-    const { kind, id } = parseEan(ean);
-    expect(kind).toBe('host');
-    expect(id).toBe('some-id-123');
-  });
-
-  it('should throw an error when the provided EAN does not have enough segments', () => {
-    expect(() => parseEan('invalid-ean')).toThrowError('not a valid EAN');
-    expect(() => parseEan('invalid-ean:')).toThrowError('not a valid EAN');
-    expect(() => parseEan(':invalid-ean')).toThrowError('not a valid EAN');
-  });
-
-  it('should throw an error when the provided EAN has too many segments', () => {
-    const ean = 'host:invalid:segments';
-    expect(() => parseEan(ean)).toThrowError('not a valid EAN');
-  });
-
-  it('should throw an error when the provided EAN includes an unsupported "kind" value', () => {
-    const ean = 'unsupported_kind:some-id-123';
-    expect(() => parseEan(ean)).toThrowError('not a valid EAN');
-  });
-});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts
deleted file mode 100644
index 6be17f40de005..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { assetKindRT } from '../../common/types_api';
-
-export function parseEan(ean: string) {
-  const [kind, id, ...rest] = ean.split(':');
-
-  if (!assetKindRT.is(kind) || !kind || !id || rest.length > 0) {
-    throw new Error(`${ean} is not a valid EAN`);
-  }
-
-  return { kind, id };
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts
deleted file mode 100644
index 2e9fbc2bcd5be..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { Asset, AssetWithoutTimestamp } from '../../common/types_api';
-
-// Provide a list of asset EAN values to remove, to simulate disappearing or
-// appearing assets over time.
-export function getSampleAssetDocs({
-  baseDateTime = new Date(),
-  excludeEans = [],
-}: {
-  baseDateTime?: Date;
-  excludeEans?: string[];
-}): Asset[] {
-  const timestamp = baseDateTime.toISOString();
-  return sampleAssets
-    .filter((asset) => !excludeEans.includes(asset['asset.ean']))
-    .map((asset) => {
-      return {
-        '@timestamp': timestamp,
-        ...asset,
-      };
-    });
-}
-
-const sampleK8sClusters: AssetWithoutTimestamp[] = [
-  {
-    'asset.type': 'k8s.cluster',
-    'asset.kind': 'cluster',
-    'asset.id': 'cluster-001',
-    'asset.name': 'Cluster 001 (AWS EKS)',
-    'asset.ean': 'cluster:cluster-001',
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)',
-    'orchestrator.cluster.id': 'cluster-001',
-    'cloud.provider': 'aws',
-    'cloud.region': 'us-east-1',
-    'cloud.service.name': 'eks',
-  },
-  {
-    'asset.type': 'k8s.cluster',
-    'asset.kind': 'cluster',
-    'asset.id': 'cluster-002',
-    'asset.name': 'Cluster 002 (Azure AKS)',
-    'asset.ean': 'cluster:cluster-002',
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 002 (Azure AKS)',
-    'orchestrator.cluster.id': 'cluster-002',
-    'cloud.provider': 'azure',
-    'cloud.region': 'eu-west',
-    'cloud.service.name': 'aks',
-  },
-];
-
-const sampleK8sNodes: AssetWithoutTimestamp[] = [
-  {
-    'asset.type': 'k8s.node',
-    'asset.kind': 'host',
-    'asset.id': 'node-101',
-    'asset.name': 'k8s-node-101-aws',
-    'asset.ean': 'host:node-101',
-    'asset.parents': ['cluster:cluster-001'],
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)',
-    'orchestrator.cluster.id': 'cluster-001',
-    'cloud.provider': 'aws',
-    'cloud.region': 'us-east-1',
-    'cloud.service.name': 'eks',
-  },
-  {
-    'asset.type': 'k8s.node',
-    'asset.kind': 'host',
-    'asset.id': 'node-102',
-    'asset.name': 'k8s-node-102-aws',
-    'asset.ean': 'host:node-102',
-    'asset.parents': ['cluster:cluster-001'],
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)',
-    'orchestrator.cluster.id': 'cluster-001',
-    'cloud.provider': 'aws',
-    'cloud.region': 'us-east-1',
-    'cloud.service.name': 'eks',
-  },
-  {
-    'asset.type': 'k8s.node',
-    'asset.kind': 'host',
-    'asset.id': 'node-103',
-    'asset.name': 'k8s-node-103-aws',
-    'asset.ean': 'host:node-103',
-    'asset.parents': ['cluster:cluster-001'],
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)',
-    'orchestrator.cluster.id': 'cluster-001',
-    'cloud.provider': 'aws',
-    'cloud.region': 'us-east-1',
-    'cloud.service.name': 'eks',
-  },
-];
-
-const sampleK8sPods: AssetWithoutTimestamp[] = [
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200xrg1',
-    'asset.name': 'k8s-pod-200xrg1-aws',
-    'asset.ean': 'pod:pod-200xrg1',
-    'asset.parents': ['host:node-101'],
-    'asset.references': ['cluster:cluster-001'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200dfp2',
-    'asset.name': 'k8s-pod-200dfp2-aws',
-    'asset.ean': 'pod:pod-200dfp2',
-    'asset.parents': ['host:node-101'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200wwc3',
-    'asset.name': 'k8s-pod-200wwc3-aws',
-    'asset.ean': 'pod:pod-200wwc3',
-    'asset.parents': ['host:node-101'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200naq4',
-    'asset.name': 'k8s-pod-200naq4-aws',
-    'asset.ean': 'pod:pod-200naq4',
-    'asset.parents': ['host:node-102'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200ohr5',
-    'asset.name': 'k8s-pod-200ohr5-aws',
-    'asset.ean': 'pod:pod-200ohr5',
-    'asset.parents': ['host:node-102'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200yyx6',
-    'asset.name': 'k8s-pod-200yyx6-aws',
-    'asset.ean': 'pod:pod-200yyx6',
-    'asset.parents': ['host:node-103'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200psd7',
-    'asset.name': 'k8s-pod-200psd7-aws',
-    'asset.ean': 'pod:pod-200psd7',
-    'asset.parents': ['host:node-103'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200wmc8',
-    'asset.name': 'k8s-pod-200wmc8-aws',
-    'asset.ean': 'pod:pod-200wmc8',
-    'asset.parents': ['host:node-103'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-200ugg9',
-    'asset.name': 'k8s-pod-200ugg9-aws',
-    'asset.ean': 'pod:pod-200ugg9',
-    'asset.parents': ['host:node-103'],
-  },
-];
-
-const sampleCircularReferences: AssetWithoutTimestamp[] = [
-  {
-    'asset.type': 'k8s.node',
-    'asset.kind': 'host',
-    'asset.id': 'node-203',
-    'asset.name': 'k8s-node-203-aws',
-    'asset.ean': 'host:node-203',
-    'orchestrator.type': 'kubernetes',
-    'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)',
-    'orchestrator.cluster.id': 'cluster-001',
-    'cloud.provider': 'aws',
-    'cloud.region': 'us-east-1',
-    'cloud.service.name': 'eks',
-    'asset.references': ['pod:pod-203ugg9', 'pod:pod-203ugg5'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-203ugg5',
-    'asset.name': 'k8s-pod-203ugg5-aws',
-    'asset.ean': 'pod:pod-203ugg5',
-    'asset.references': ['host:node-203'],
-  },
-  {
-    'asset.type': 'k8s.pod',
-    'asset.kind': 'pod',
-    'asset.id': 'pod-203ugg9',
-    'asset.name': 'k8s-pod-203ugg9-aws',
-    'asset.ean': 'pod:pod-203ugg9',
-    'asset.references': ['host:node-203'],
-  },
-];
-
-export const sampleAssets: AssetWithoutTimestamp[] = [
-  ...sampleK8sClusters,
-  ...sampleK8sNodes,
-  ...sampleK8sPods,
-  ...sampleCircularReferences,
-];
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts
deleted file mode 100644
index 72b79bc366b6d..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { BulkRequest } from '@elastic/elasticsearch/lib/api/types';
-import { debug } from '../../common/debug_log';
-import { Asset } from '../../common/types_api';
-import { ASSETS_INDEX_PREFIX } from '../constants';
-import { ElasticsearchAccessorOptions } from '../types';
-
-interface WriteAssetsOptions extends ElasticsearchAccessorOptions {
-  assetDocs: Asset[];
-  namespace?: string;
-  refresh?: boolean | 'wait_for';
-}
-
-export async function writeAssets({
-  elasticsearchClient,
-  assetDocs,
-  namespace = 'default',
-  refresh = false,
-}: WriteAssetsOptions) {
-  const dsl: BulkRequest<Asset> = {
-    refresh,
-    operations: assetDocs.flatMap((asset) => [
-      { create: { _index: `${ASSETS_INDEX_PREFIX}-${asset['asset.type']}-${namespace}` } },
-      asset,
-    ]),
-  };
-
-  debug('Performing Write Asset Query', '\n\n', JSON.stringify(dsl, null, 2));
-
-  return await elasticsearchClient.bulk<{}>(dsl);
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts
deleted file mode 100644
index 05c6d7264465b..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createRouteValidationFunction } from '@kbn/io-ts-utils';
-import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
-import {
-  GetContainerAssetsQueryOptions,
-  getContainerAssetsQueryOptionsRT,
-} from '../../../common/types_api';
-import { debug } from '../../../common/debug_log';
-import { SetupRouteOptions } from '../types';
-import * as routePaths from '../../../common/constants_routes';
-import { getClientsFromContext, validateStringAssetFilters } from '../utils';
-import { AssetsValidationError } from '../../lib/validators/validation_error';
-
-export function containersRoutes<T extends RequestHandlerContext>({
-  router,
-  assetClient,
-}: SetupRouteOptions<T>) {
-  const validate = createRouteValidationFunction(getContainerAssetsQueryOptionsRT);
-  router.get<unknown, GetContainerAssetsQueryOptions, unknown>(
-    {
-      path: routePaths.GET_CONTAINERS,
-      validate: {
-        query: (q, res) => {
-          const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res);
-          if (invalidResponse) {
-            return invalidResponse;
-          }
-          if (validatedFilters) {
-            q.filters = validatedFilters;
-          }
-          return validate(q, res);
-        },
-      },
-    },
-    async (context, req, res) => {
-      const { from = 'now-24h', to = 'now', filters } = req.query || {};
-      const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context);
-
-      try {
-        const response = await assetClient.getContainers({
-          from,
-          to,
-          filters, // safe due to route validation, are there better ways to do this?
-          elasticsearchClient,
-          savedObjectsClient,
-        });
-
-        return res.ok({ body: response });
-      } catch (error: unknown) {
-        debug('Error while looking up CONTAINER asset records', error);
-
-        if (error instanceof AssetsValidationError) {
-          return res.customError({
-            statusCode: error.statusCode,
-            body: {
-              message: `Error while looking up container asset records - ${error.message}`,
-            },
-          });
-        }
-        return res.customError({
-          statusCode: 500,
-          body: { message: 'Error while looking up container asset records - ' + `${error}` },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts
deleted file mode 100644
index f38d33d2b65f3..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createRouteValidationFunction } from '@kbn/io-ts-utils';
-import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
-import { GetHostAssetsQueryOptions, getHostAssetsQueryOptionsRT } from '../../../common/types_api';
-import { debug } from '../../../common/debug_log';
-import { SetupRouteOptions } from '../types';
-import * as routePaths from '../../../common/constants_routes';
-import { getClientsFromContext, validateStringAssetFilters } from '../utils';
-import { AssetsValidationError } from '../../lib/validators/validation_error';
-
-export function hostsRoutes<T extends RequestHandlerContext>({
-  router,
-  assetClient,
-}: SetupRouteOptions<T>) {
-  const validate = createRouteValidationFunction(getHostAssetsQueryOptionsRT);
-  router.get<unknown, GetHostAssetsQueryOptions, unknown>(
-    {
-      path: routePaths.GET_HOSTS,
-      validate: {
-        query: (q, res) => {
-          const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res);
-          if (invalidResponse) {
-            return invalidResponse;
-          }
-          if (validatedFilters) {
-            q.filters = validatedFilters;
-          }
-          return validate(q, res);
-        },
-      },
-    },
-    async (context, req, res) => {
-      const { from = 'now-24h', to = 'now', filters } = req.query || {};
-      const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context);
-
-      try {
-        const response = await assetClient.getHosts({
-          from,
-          to,
-          filters, // safe due to route validation, are there better ways to do this?
-          elasticsearchClient,
-          savedObjectsClient,
-        });
-
-        return res.ok({ body: response });
-      } catch (error: unknown) {
-        debug('Error while looking up HOST asset records', error);
-
-        if (error instanceof AssetsValidationError) {
-          return res.customError({
-            statusCode: error.statusCode,
-            body: {
-              message: `Error while looking up host asset records - ${error.message}`,
-            },
-          });
-        }
-        return res.customError({
-          statusCode: 500,
-          body: { message: 'Error while looking up host asset records - ' + `${error}` },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts
deleted file mode 100644
index 421e6a39baf37..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createRouteValidationFunction } from '@kbn/io-ts-utils';
-import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
-import { GetAssetsQueryOptions, getAssetsQueryOptionsRT } from '../../../common/types_api';
-import { debug } from '../../../common/debug_log';
-import { SetupRouteOptions } from '../types';
-import * as routePaths from '../../../common/constants_routes';
-import { getClientsFromContext, validateStringAssetFilters } from '../utils';
-import { AssetsValidationError } from '../../lib/validators/validation_error';
-
-export function assetsRoutes<T extends RequestHandlerContext>({
-  router,
-  assetClient,
-}: SetupRouteOptions<T>) {
-  const validate = createRouteValidationFunction(getAssetsQueryOptionsRT);
-  router.get<unknown, GetAssetsQueryOptions, unknown>(
-    {
-      path: routePaths.GET_ASSETS,
-      validate: {
-        query: (q, res) => {
-          const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res);
-          if (invalidResponse) {
-            return invalidResponse;
-          }
-          if (validatedFilters) {
-            q.filters = validatedFilters;
-          }
-          return validate(q, res);
-        },
-      },
-    },
-    async (context, req, res) => {
-      const { from = 'now-24h', to = 'now', filters } = req.query || {};
-      const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context);
-
-      try {
-        const response = await assetClient.getAssets({
-          from,
-          to,
-          filters,
-          elasticsearchClient,
-          savedObjectsClient,
-        });
-
-        return res.ok({ body: response });
-      } catch (error: unknown) {
-        debug('Error while looking up asset records', error);
-
-        if (error instanceof AssetsValidationError) {
-          return res.customError({
-            statusCode: error.statusCode,
-            body: {
-              message: `Error while looking up asset records - ${error.message}`,
-            },
-          });
-        }
-        return res.customError({
-          statusCode: 500,
-          body: { message: 'Error while looking up asset records - ' + `${error}` },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts
deleted file mode 100644
index beed936bd5b40..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createRouteValidationFunction } from '@kbn/io-ts-utils';
-import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
-import { GetPodAssetsQueryOptions, getPodAssetsQueryOptionsRT } from '../../../common/types_api';
-import { debug } from '../../../common/debug_log';
-import { SetupRouteOptions } from '../types';
-import * as routePaths from '../../../common/constants_routes';
-import { getClientsFromContext, validateStringAssetFilters } from '../utils';
-import { AssetsValidationError } from '../../lib/validators/validation_error';
-
-export function podsRoutes<T extends RequestHandlerContext>({
-  router,
-  assetClient,
-}: SetupRouteOptions<T>) {
-  const validate = createRouteValidationFunction(getPodAssetsQueryOptionsRT);
-  router.get<unknown, GetPodAssetsQueryOptions, unknown>(
-    {
-      path: routePaths.GET_PODS,
-      validate: {
-        query: (q, res) => {
-          const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res);
-          if (invalidResponse) {
-            return invalidResponse;
-          }
-          if (validatedFilters) {
-            q.filters = validatedFilters;
-          }
-          return validate(q, res);
-        },
-      },
-    },
-    async (context, req, res) => {
-      const { from = 'now-24h', to = 'now', filters } = req.query || {};
-      const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context);
-
-      try {
-        const response = await assetClient.getPods({
-          from,
-          to,
-          filters,
-          elasticsearchClient,
-          savedObjectsClient,
-        });
-
-        return res.ok({ body: response });
-      } catch (error: unknown) {
-        debug('Error while looking up POD asset records', error);
-
-        if (error instanceof AssetsValidationError) {
-          return res.customError({
-            statusCode: error.statusCode,
-            body: {
-              message: `Error while looking up pod asset records - ${error.message}`,
-            },
-          });
-        }
-        return res.customError({
-          statusCode: 500,
-          body: { message: 'Error while looking up pod asset records - ' + `${error}` },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts
deleted file mode 100644
index 3a025ae5b57f9..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createRouteValidationFunction } from '@kbn/io-ts-utils';
-import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server';
-import {
-  GetServiceAssetsQueryOptions,
-  getServiceAssetsQueryOptionsRT,
-} from '../../../common/types_api';
-import { debug } from '../../../common/debug_log';
-import { SetupRouteOptions } from '../types';
-import * as routePaths from '../../../common/constants_routes';
-import { getClientsFromContext, validateStringAssetFilters } from '../utils';
-import { AssetsValidationError } from '../../lib/validators/validation_error';
-
-export function servicesRoutes<T extends RequestHandlerContext>({
-  router,
-  assetClient,
-}: SetupRouteOptions<T>) {
-  const validate = createRouteValidationFunction(getServiceAssetsQueryOptionsRT);
-  // GET /assets/services
-  router.get<unknown, GetServiceAssetsQueryOptions, unknown>(
-    {
-      path: routePaths.GET_SERVICES,
-      validate: {
-        query: (q, res) => {
-          const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res);
-          if (invalidResponse) {
-            return invalidResponse;
-          }
-          if (validatedFilters) {
-            q.filters = validatedFilters;
-          }
-          return validate(q, res);
-        },
-      },
-    },
-    async (context, req, res) => {
-      const { from = 'now-24h', to = 'now', filters } = req.query || {};
-      const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context);
-      try {
-        const response = await assetClient.getServices({
-          from,
-          to,
-          filters,
-          elasticsearchClient,
-          savedObjectsClient,
-        });
-
-        return res.ok({ body: response });
-      } catch (error: unknown) {
-        debug('Error while looking up SERVICE asset records', error);
-
-        if (error instanceof AssetsValidationError) {
-          return res.customError({
-            statusCode: error.statusCode,
-            body: {
-              message: `Error while looking up service asset records - ${error.message}`,
-            },
-          });
-        }
-
-        return res.customError({
-          statusCode: 500,
-          body: { message: 'Error while looking up service asset records - ' + `${error}` },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts
deleted file mode 100644
index 09d49c35bcef3..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { RequestHandlerContext } from '@kbn/core/server';
-import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
-import { stringifyZodError } from '@kbn/zod-helpers';
-import { SetupRouteOptions } from '../types';
-import { saveEntityDefinition } from '../../lib/entities/save_entity_definition';
-import {
-  createAndInstallHistoryIngestPipeline,
-  createAndInstallLatestIngestPipeline,
-} from '../../lib/entities/create_and_install_ingest_pipeline';
-import { EntityIdConflict } from '../../lib/entities/errors/entity_id_conflict_error';
-import { EntitySecurityException } from '../../lib/entities/errors/entity_security_exception';
-import { InvalidTransformError } from '../../lib/entities/errors/invalid_transform_error';
-import { startTransform } from '../../lib/entities/start_transform';
-import { deleteEntityDefinition } from '../../lib/entities/delete_entity_definition';
-import {
-  deleteHistoryIngestPipeline,
-  deleteLatestIngestPipeline,
-} from '../../lib/entities/delete_ingest_pipeline';
-import {
-  stopAndDeleteHistoryTransform,
-  stopAndDeleteLatestTransform,
-} from '../../lib/entities/stop_and_delete_transform';
-import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
-import {
-  createAndInstallHistoryTransform,
-  createAndInstallLatestTransform,
-} from '../../lib/entities/create_and_install_transform';
-
-export function createEntityDefinitionRoute<T extends RequestHandlerContext>({
-  router,
-  logger,
-  spaces,
-}: SetupRouteOptions<T>) {
-  router.post<unknown, unknown, EntityDefinition>(
-    {
-      path: `${ENTITY_INTERNAL_API_PREFIX}/definition`,
-      validate: {
-        body: (body, res) => {
-          try {
-            return res.ok(entityDefinitionSchema.parse(body));
-          } catch (e) {
-            return res.badRequest(stringifyZodError(e));
-          }
-        },
-      },
-    },
-    async (context, req, res) => {
-      const installState = {
-        ingestPipelines: {
-          history: false,
-          latest: false,
-        },
-        transforms: {
-          history: false,
-          latest: false,
-        },
-        definition: false,
-      };
-      const core = await context.core;
-      const soClient = core.savedObjects.client;
-      const esClient = core.elasticsearch.client.asCurrentUser;
-      const spaceId = spaces?.spacesService.getSpaceId(req) ?? 'default';
-      try {
-        const definition = await saveEntityDefinition(soClient, req.body);
-        installState.definition = true;
-
-        // install ingest pipelines
-        await createAndInstallHistoryIngestPipeline(esClient, definition, logger, spaceId);
-        installState.ingestPipelines.history = true;
-        await createAndInstallLatestIngestPipeline(esClient, definition, logger, spaceId);
-        installState.ingestPipelines.latest = true;
-
-        // install transfroms
-        await createAndInstallHistoryTransform(esClient, definition, logger);
-        installState.transforms.history = true;
-        await createAndInstallLatestTransform(esClient, definition, logger);
-        installState.transforms.latest = true;
-
-        await startTransform(esClient, definition, logger);
-
-        return res.ok({ body: definition });
-      } catch (e) {
-        // Clean up anything that was successful.
-        if (installState.definition) {
-          await deleteEntityDefinition(soClient, req.body, logger);
-        }
-
-        if (installState.ingestPipelines.history) {
-          await deleteHistoryIngestPipeline(esClient, req.body, logger);
-        }
-        if (installState.ingestPipelines.latest) {
-          await deleteLatestIngestPipeline(esClient, req.body, logger);
-        }
-
-        if (installState.transforms.history) {
-          await stopAndDeleteHistoryTransform(esClient, req.body, logger);
-        }
-        if (installState.transforms.latest) {
-          await stopAndDeleteLatestTransform(esClient, req.body, logger);
-        }
-
-        if (e instanceof EntityIdConflict) {
-          return res.conflict({ body: e });
-        }
-        if (e instanceof EntitySecurityException || e instanceof InvalidTransformError) {
-          return res.customError({ body: e, statusCode: 400 });
-        }
-        return res.customError({ body: e, statusCode: 500 });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts
deleted file mode 100644
index 447051bbb2730..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { schema } from '@kbn/config-schema';
-import { RequestHandlerContext } from '@kbn/core/server';
-import { ASSET_MANAGER_API_BASE } from '../../common/constants_routes';
-import { getSampleAssetDocs, sampleAssets } from '../lib/sample_assets';
-import { writeAssets } from '../lib/write_assets';
-import { SetupRouteOptions } from './types';
-import { getClientsFromContext } from './utils';
-
-export type WriteSamplesPostBody = {
-  baseDateTime?: string | number;
-  excludeEans?: string[];
-  refresh?: boolean | 'wait_for';
-} | null;
-
-export function sampleAssetsRoutes<T extends RequestHandlerContext>({
-  router,
-}: SetupRouteOptions<T>) {
-  const SAMPLE_ASSETS_API_PATH = `${ASSET_MANAGER_API_BASE}/assets/sample`;
-
-  // GET sample assets
-  router.get<unknown, unknown, unknown>(
-    {
-      path: SAMPLE_ASSETS_API_PATH,
-      validate: {},
-    },
-    async (context, req, res) => {
-      return res.ok({ body: { results: sampleAssets } });
-    }
-  );
-
-  // POST sample assets
-  router.post<unknown, unknown, WriteSamplesPostBody>(
-    {
-      path: SAMPLE_ASSETS_API_PATH,
-      validate: {
-        body: schema.nullable(
-          schema.object({
-            baseDateTime: schema.maybe(
-              schema.oneOf<string, number>([schema.string(), schema.number()])
-            ),
-            excludeEans: schema.maybe(schema.arrayOf(schema.string())),
-            refresh: schema.maybe(schema.oneOf([schema.boolean(), schema.literal('wait_for')])),
-          })
-        ),
-      },
-    },
-    async (context, req, res) => {
-      const { baseDateTime, excludeEans, refresh } = req.body || {};
-      const parsed = baseDateTime === undefined ? undefined : new Date(baseDateTime);
-      if (parsed?.toString() === 'Invalid Date') {
-        return res.customError({
-          statusCode: 400,
-          body: {
-            message: `${baseDateTime} is not a valid date time value`,
-          },
-        });
-      }
-      const { elasticsearchClient } = await getClientsFromContext(context);
-      const assetDocs = getSampleAssetDocs({ baseDateTime: parsed, excludeEans });
-
-      try {
-        const response = await writeAssets({
-          elasticsearchClient,
-          assetDocs,
-          namespace: 'sample_data',
-          refresh,
-        });
-
-        if (response.errors) {
-          return res.customError({
-            statusCode: 500,
-            body: {
-              message: JSON.stringify(response.errors),
-            },
-          });
-        }
-
-        return res.ok({ body: response });
-      } catch (error: any) {
-        return res.customError({
-          statusCode: 500,
-          body: {
-            message: error.message || 'unknown error occurred while creating sample assets',
-          },
-        });
-      }
-    }
-  );
-
-  // DELETE all sample assets
-  router.delete(
-    {
-      path: SAMPLE_ASSETS_API_PATH,
-      validate: {},
-    },
-    async (context, req, res) => {
-      const { elasticsearchClient } = await getClientsFromContext(context);
-
-      const sampleDataStreams = await elasticsearchClient.indices.getDataStream({
-        name: 'assets-*-sample_data',
-        expand_wildcards: 'all',
-      });
-
-      const deletedDataStreams: string[] = [];
-      let errorWhileDeleting: string | null = null;
-      const dataStreamsToDelete = sampleDataStreams.data_streams.map((ds) => ds.name);
-
-      for (let i = 0; i < dataStreamsToDelete.length; i++) {
-        const dsName = dataStreamsToDelete[i];
-        try {
-          await elasticsearchClient.indices.deleteDataStream({ name: dsName });
-          deletedDataStreams.push(dsName);
-        } catch (error: any) {
-          errorWhileDeleting =
-            typeof error.message === 'string'
-              ? error.message
-              : `Unknown error occurred while deleting sample data streams, at data stream name: ${dsName}`;
-          break;
-        }
-      }
-
-      if (!errorWhileDeleting && deletedDataStreams.length === dataStreamsToDelete.length) {
-        return res.ok({ body: { deleted: deletedDataStreams } });
-      } else {
-        return res.custom({
-          statusCode: 500,
-          body: {
-            message: ['Not all found data streams were deleted', errorWhileDeleting].join(' - '),
-            deleted: deletedDataStreams,
-            matching: dataStreamsToDelete,
-          },
-        });
-      }
-    }
-  );
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts
deleted file mode 100644
index 3eb2a855e4854..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  RequestHandlerContext,
-  RouteValidationError,
-  RouteValidationResultFactory,
-} from '@kbn/core/server';
-import { AssetFilters, assetFiltersSingleKindRT } from '../../common/types_api';
-
-export async function getClientsFromContext<T extends RequestHandlerContext>(context: T) {
-  const coreContext = await context.core;
-
-  return {
-    coreContext,
-    elasticsearchClient: coreContext.elasticsearch.client.asCurrentUser,
-    savedObjectsClient: coreContext.savedObjects.client,
-  };
-}
-
-type ValidateStringAssetFiltersReturn =
-  | [{ error: RouteValidationError }]
-  | [null, AssetFilters | undefined];
-
-export function validateStringAssetFilters(
-  q: any,
-  res: RouteValidationResultFactory
-): ValidateStringAssetFiltersReturn {
-  if (typeof q.stringFilters === 'string') {
-    try {
-      const parsedFilters = JSON.parse(q.stringFilters);
-      if (assetFiltersSingleKindRT.is(parsedFilters)) {
-        return [null, parsedFilters];
-      } else {
-        return [res.badRequest(new Error(`Invalid asset filters - ${q.filters}`))];
-      }
-    } catch (err: any) {
-      return [res.badRequest(err)];
-    }
-  }
-  return [null, undefined];
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts b/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts
deleted file mode 100644
index b99ecc4559187..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { IndicesPutIndexTemplateRequest } from '@elastic/elasticsearch/lib/api/types';
-import { ASSETS_INDEX_PREFIX } from '../constants';
-
-export const assetsIndexTemplateConfig: IndicesPutIndexTemplateRequest = {
-  name: 'assets',
-  priority: 100,
-  data_stream: {},
-  index_patterns: [`${ASSETS_INDEX_PREFIX}*`],
-  template: {
-    settings: {},
-    mappings: {
-      dynamic_templates: [
-        {
-          strings_as_keywords: {
-            mapping: {
-              ignore_above: 1024,
-              type: 'keyword',
-            },
-            match_mapping_type: 'string',
-          },
-        },
-      ],
-      properties: {
-        '@timestamp': {
-          type: 'date',
-        },
-        asset: {
-          type: 'object',
-          // subobjects appears to not exist in the types, but is a valid ES mapping option
-          // see: https://www.elastic.co/guide/en/elasticsearch/reference/master/subobjects.html
-          // @ts-ignore
-          subobjects: false,
-        },
-      },
-    },
-  },
-};
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts b/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts
deleted file mode 100644
index 8e07f201b1599..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-// Helper function allows test to verify error was thrown,
-// verify error is of the right class type, and error has
-
-import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
-import { GetApmIndicesMethod } from './lib/asset_client_types';
-import { AssetsValidationError } from './lib/validators/validation_error';
-
-// the expected metadata such as statusCode on it
-export function expectToThrowValidationErrorWithStatusCode(
-  testFn: () => Promise<any>,
-  expectedError: Partial<AssetsValidationError> = {}
-) {
-  return expect(async () => {
-    try {
-      return await testFn();
-    } catch (error: any) {
-      if (error instanceof AssetsValidationError) {
-        if (expectedError.statusCode) {
-          expect(error.statusCode).toEqual(expectedError.statusCode);
-        }
-        if (expectedError.message) {
-          expect(error.message).toEqual(expect.stringContaining(expectedError.message));
-        }
-      }
-      throw error;
-    }
-  }).rejects.toThrow(AssetsValidationError);
-}
-
-export function createGetApmIndicesMock(): jest.Mocked<GetApmIndicesMethod> {
-  return jest.fn(async (client: SavedObjectsClientContract) => ({
-    transaction: 'apm-mock-transaction-indices',
-    span: 'apm-mock-span-indices',
-    error: 'apm-mock-error-indices',
-    metric: 'apm-mock-metric-indices',
-    onboarding: 'apm-mock-onboarding-indices',
-    sourcemap: 'apm-mock-sourcemap-indices',
-  }));
-}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/types.ts b/x-pack/plugins/observability_solution/asset_manager/server/types.ts
deleted file mode 100644
index 5a5764ba81111..0000000000000
--- a/x-pack/plugins/observability_solution/asset_manager/server/types.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { ElasticsearchClient } from '@kbn/core/server';
-import {
-  ApmDataAccessPluginSetup,
-  ApmDataAccessPluginStart,
-} from '@kbn/apm-data-access-plugin/server';
-import { MetricsDataPluginSetup } from '@kbn/metrics-data-access-plugin/server';
-import { SpacesPluginSetup } from '@kbn/spaces-plugin/server';
-
-export interface ElasticsearchAccessorOptions {
-  elasticsearchClient: ElasticsearchClient;
-}
-
-export interface AssetManagerPluginSetupDependencies {
-  apmDataAccess: ApmDataAccessPluginSetup;
-  metricsDataAccess: MetricsDataPluginSetup;
-  spaces?: SpacesPluginSetup;
-}
-export interface AssetManagerPluginStartDependencies {
-  apmDataAccess: ApmDataAccessPluginStart;
-}
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/dataset_quality.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/dataset_quality.tsx
index 44d72802bc868..2a06fddf9f64d 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/dataset_quality.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/dataset_quality.tsx
@@ -8,6 +8,7 @@ import React, { useMemo } from 'react';
 import { CoreStart } from '@kbn/core/public';
 import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { dynamic } from '@kbn/shared-ux-utility';
+import { PerformanceContextProvider } from '@kbn/ebt-tools';
 import { DatasetQualityContext, DatasetQualityContextValue } from './context';
 import { useKibanaContextForPluginProvider } from '../../utils';
 import { DatasetQualityStartDeps } from '../../types';
@@ -41,13 +42,15 @@ export const createDatasetQuality = ({
     );
 
     return (
-      <DatasetQualityContext.Provider value={datasetQualityProviderValue}>
-        <SummaryPanelProvider>
-          <KibanaContextProviderForPlugin>
-            <DatasetQuality />
-          </KibanaContextProviderForPlugin>
-        </SummaryPanelProvider>
-      </DatasetQualityContext.Provider>
+      <PerformanceContextProvider>
+        <DatasetQualityContext.Provider value={datasetQualityProviderValue}>
+          <SummaryPanelProvider>
+            <KibanaContextProviderForPlugin>
+              <DatasetQuality />
+            </KibanaContextProviderForPlugin>
+          </SummaryPanelProvider>
+        </DatasetQualityContext.Provider>
+      </PerformanceContextProvider>
     );
   };
 };
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx
index 0bba8f2b98b37..9ff2982098498 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx
@@ -10,7 +10,7 @@ import { EuiEmptyPrompt, EuiCode } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
-import { DEFAULT_DATASET_TYPE, DEFAULT_LOGS_DATA_VIEW } from '../../../../common/constants';
+import { DEFAULT_LOGS_DATA_VIEW } from '../../../../common/constants';
 import { useEmptyState } from '../../../hooks/use_empty_state';
 
 // Allow for lazy loading
@@ -36,7 +36,7 @@ export default function EmptyStateWrapper({ children }: { children: React.ReactN
               id="xpack.datasetQuality.emptyState.noPrivileges.message"
               defaultMessage="You don't have the required privileges to view logs data. Make sure you have sufficient privileges to view {datasetPattern}."
               values={{
-                datasetPattern: <EuiCode>{`${DEFAULT_DATASET_TYPE}-*`}</EuiCode>,
+                datasetPattern: <EuiCode>{DEFAULT_LOGS_DATA_VIEW}</EuiCode>,
               }}
             />
             {/* TODO: Learn more link to docs */}
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx
index b217b8972e4b2..da0e2e0c74626 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx
@@ -10,6 +10,7 @@ import { EuiBetaBadge, EuiLink, EuiPageHeader, EuiCode } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 
+import { DEFAULT_LOGS_DATA_VIEW } from '../../../common/constants';
 import { useKibanaContextForPlugin } from '../../utils';
 import { datasetQualityAppTitle } from '../../../common/translations';
 
@@ -39,7 +40,7 @@ export default function Header() {
           id="xpack.datasetQuality.appDescription"
           defaultMessage="Monitor the data set quality for {logsPattern} data streams that follow the {ecsNamingSchemeLink}."
           values={{
-            logsPattern: <EuiCode>logs-*</EuiCode>,
+            logsPattern: <EuiCode>{DEFAULT_LOGS_DATA_VIEW}</EuiCode>,
             ecsNamingSchemeLink: (
               <EuiLink
                 data-test-subj="datasetQualityAppDescriptionEcsNamingSchemeLink"
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_quality_indicators.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_quality_indicators.tsx
index 7bb4acc8d450d..836580565b2d8 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_quality_indicators.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_quality_indicators.tsx
@@ -19,6 +19,7 @@ import {
   EuiIconTip,
   EuiSkeletonTitle,
 } from '@elastic/eui';
+import { usePerformanceContext } from '@kbn/ebt-tools';
 import { InfoIndicators } from '../../../../common/types';
 import { useSummaryPanelContext } from '../../../hooks';
 import {
@@ -31,11 +32,16 @@ import {
 import { mapPercentagesToQualityCounts } from '../../quality_indicator';
 
 export function DatasetsQualityIndicators() {
+  const { onPageReady } = usePerformanceContext();
   const { datasetsQuality, isDatasetsQualityLoading, datasetsActivity } = useSummaryPanelContext();
   const qualityCounts = mapPercentagesToQualityCounts(datasetsQuality.percentages);
   const datasetsWithoutIgnoredField =
     datasetsActivity.total > 0 ? datasetsActivity.total - datasetsQuality.percentages.length : 0;
 
+  if (!isDatasetsQualityLoading) {
+    onPageReady();
+  }
+
   return (
     <EuiPanel hasBorder>
       <EuiFlexGroup direction="column" gutterSize="s">
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/flyout/fields_list.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/flyout/fields_list.tsx
index 4d5d561977fc5..1861d23b69a45 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/flyout/fields_list.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/flyout/fields_list.tsx
@@ -22,13 +22,15 @@ export function FieldsList({
   title,
   fields,
   actionsMenu: ActionsMenu,
+  dataTestSubj = `datasetQualityFlyoutFieldsList-${title.toLowerCase().split(' ').join('_')}`,
 }: {
   title: string;
   fields: Array<{ fieldTitle: string; fieldValue: ReactNode; isLoading: boolean }>;
   actionsMenu?: ReactNode;
+  dataTestSubj?: string;
 }) {
   return (
-    <EuiPanel hasBorder grow={false}>
+    <EuiPanel hasBorder grow={false} data-test-subj={dataTestSubj}>
       <EuiFlexGroup justifyContent="spaceBetween">
         <EuiTitle size="s">
           <span>{title}</span>
diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts
index fd15cbd884de6..52804c5d9369c 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts
@@ -61,6 +61,7 @@ export async function getDataStreamDetails({
         await getDataStreamsStats({
           esClient,
           dataStreams: [dataStream],
+          sizeStatsAvailable,
         })
       ).items[0]?.lastActivity
     : undefined;
diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts
index b2820c559c174..346946d8bed5c 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts
@@ -6,6 +6,7 @@
  */
 
 import type { ElasticsearchClient } from '@kbn/core/server';
+import { DEFAULT_DATASET_TYPE } from '../../../../common/constants';
 import { streamPartsToIndexPattern } from '../../../../common/utils';
 import { DataStreamType } from '../../../../common/types';
 import { dataStreamService, datasetQualityPrivileges } from '../../../services';
@@ -16,11 +17,11 @@ export async function getDataStreams(options: {
   datasetQuery?: string;
   uncategorisedOnly: boolean;
 }) {
-  const { esClient, type, datasetQuery, uncategorisedOnly } = options;
+  const { esClient, type = DEFAULT_DATASET_TYPE, datasetQuery, uncategorisedOnly } = options;
 
   const datasetName = streamPartsToIndexPattern({
-    typePattern: type ?? '*',
-    datasetPattern: datasetQuery ? `*${datasetQuery}*` : '*',
+    typePattern: type,
+    datasetPattern: datasetQuery ? `*${datasetQuery}*` : '*-*',
   });
 
   const datasetUserPrivileges = await datasetQualityPrivileges.getDatasetPrivileges(
diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_degraded_docs.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_degraded_docs.ts
index fa876d047abd7..454fdb7e1a8b8 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_degraded_docs.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_degraded_docs.ts
@@ -76,7 +76,7 @@ export async function getDegradedDocsPaginated(options: {
     },
   });
 
-  const response = await datasetQualityESClient.msearch({ index: `${type}-*` }, [
+  const response = await datasetQualityESClient.msearch({ index: `${type}-*-*` }, [
     // degraded docs per dataset
     {
       size: 0,
diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_non_aggregatable_data_streams.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_non_aggregatable_data_streams.ts
index a776bed1fbdde..b59999d0c3c2e 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_non_aggregatable_data_streams.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_non_aggregatable_data_streams.ts
@@ -29,7 +29,7 @@ export async function getNonAggregatableDataStreams({
   const datasetQualityESClient = createDatasetQualityESClient(esClient);
 
   const response = await datasetQualityESClient.fieldCaps({
-    index: dataStream ?? `${type}-*`,
+    index: dataStream ?? `${type}-*-*`,
     fields: [_IGNORED],
     index_filter: {
       ...rangeQuery(start, end)[0],
diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/services/privileges.ts b/x-pack/plugins/observability_solution/dataset_quality/server/services/privileges.ts
index d091ff849fdde..4c58de2a80ef4 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/server/services/privileges.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/server/services/privileges.ts
@@ -71,7 +71,7 @@ class DatasetQualityPrivileges {
   public async canReadDataset(
     esClient: ElasticsearchClient,
     type = DEFAULT_DATASET_TYPE,
-    datasetQuery = '*',
+    datasetQuery = '*-*',
     space = '*'
   ): Promise<boolean> {
     const datasetName = streamPartsToIndexPattern({
@@ -91,7 +91,7 @@ class DatasetQualityPrivileges {
   public async throwIfCannotReadDataset(
     esClient: ElasticsearchClient,
     type = DEFAULT_DATASET_TYPE,
-    datasetQuery = '*',
+    datasetQuery = '*-*',
     space = '*'
   ): Promise<void> {
     if (!(await this.canReadDataset(esClient, type, datasetQuery, space))) {
diff --git a/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json b/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
index 564a1e4216847..8fcb39724d19e 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
+++ b/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
@@ -49,7 +49,8 @@
     "@kbn/metrics-data-access-plugin",
     "@kbn/calculate-auto",
     "@kbn/discover-plugin",
-    "@kbn/shared-ux-prompt-no-data-views-types"
+    "@kbn/shared-ux-prompt-no-data-views-types",
+    "@kbn/ebt-tools"
   ],
   "exclude": [
     "target/**/*"
diff --git a/x-pack/plugins/observability_solution/entity_manager/README.md b/x-pack/plugins/observability_solution/entity_manager/README.md
new file mode 100644
index 0000000000000..325bea1b583e8
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/README.md
@@ -0,0 +1,3 @@
+# Entity Manager Plugin
+
+This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more.
\ No newline at end of file
diff --git a/x-pack/plugins/observability_solution/entity_manager/common/config.ts b/x-pack/plugins/observability_solution/entity_manager/common/config.ts
new file mode 100644
index 0000000000000..5c1edfa618626
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/common/config.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema, TypeOf } from '@kbn/config-schema';
+
+export const configSchema = schema.object({});
+
+export type EntityManagerConfig = TypeOf<typeof configSchema>;
+
+/**
+ * The following map is passed to the server plugin setup under the
+ * exposeToBrowser: option, and controls which of the above config
+ * keys are allow-listed to be available in the browser config.
+ *
+ * NOTE: anything exposed here will be visible in the UI dev tools,
+ * and therefore MUST NOT be anything that is sensitive information!
+ */
+export const exposeToBrowserConfig = {} as const;
+
+type ValidKeys = keyof {
+  [K in keyof typeof exposeToBrowserConfig as typeof exposeToBrowserConfig[K] extends true
+    ? K
+    : never]: true;
+};
+
+export type EntityManagerPublicConfig = Pick<EntityManagerConfig, ValidKeys>;
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/constants_entities.ts b/x-pack/plugins/observability_solution/entity_manager/common/constants_entities.ts
similarity index 87%
rename from x-pack/plugins/observability_solution/asset_manager/common/constants_entities.ts
rename to x-pack/plugins/observability_solution/entity_manager/common/constants_entities.ts
index 153b9f4e2ae33..d03084ed875ef 100644
--- a/x-pack/plugins/observability_solution/asset_manager/common/constants_entities.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/common/constants_entities.ts
@@ -16,4 +16,6 @@ export const ENTITY_DEFAULT_HISTORY_SYNC_DELAY = '60s';
 export const ENTITY_DEFAULT_LATEST_FREQUENCY = '30s';
 export const ENTITY_DEFAULT_LATEST_SYNC_DELAY = '1s';
 export const ENTITY_DEFAULT_METADATA_LIMIT = 1000;
+export const ENTITY_API_PREFIX = '/api/entities';
 export const ENTITY_INTERNAL_API_PREFIX = '/internal/api/entities';
+export const MANAGED_ENTITY_ENABLEMENT_ROUTE = `${ENTITY_INTERNAL_API_PREFIX}/managed/enablement`;
diff --git a/x-pack/plugins/observability_solution/asset_manager/common/debug_log.ts b/x-pack/plugins/observability_solution/entity_manager/common/debug_log.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/common/debug_log.ts
rename to x-pack/plugins/observability_solution/entity_manager/common/debug_log.ts
diff --git a/x-pack/plugins/observability_solution/entity_manager/common/errors.ts b/x-pack/plugins/observability_solution/entity_manager/common/errors.ts
new file mode 100644
index 0000000000000..ebf5670db2aaf
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/common/errors.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ERROR_API_KEY_NOT_FOUND = 'api_key_not_found';
+export const ERROR_API_KEY_NOT_VALID = 'api_key_not_valid';
+export const ERROR_USER_NOT_AUTHORIZED = 'user_not_authorized';
+export const ERROR_API_KEY_SERVICE_DISABLED = 'api_key_service_disabled';
diff --git a/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts b/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts
new file mode 100644
index 0000000000000..90540ab06a243
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as rt from 'io-ts';
+
+/**
+ * Managed entities enablement
+ */
+export const managedEntityEnabledResponseRT = rt.type({
+  enabled: rt.boolean,
+  reason: rt.string,
+});
+export type ManagedEntityEnabledResponse = rt.TypeOf<typeof managedEntityEnabledResponseRT>;
+
+export const managedEntityResponseBase = rt.type({
+  success: rt.boolean,
+  reason: rt.string,
+  message: rt.string,
+});
+export type EnableManagedEntityResponse = rt.TypeOf<typeof managedEntityResponseBase>;
+export type DisableManagedEntityResponse = rt.TypeOf<typeof managedEntityResponseBase>;
diff --git a/x-pack/plugins/observability_solution/entity_manager/docs/entity_definitions.md b/x-pack/plugins/observability_solution/entity_manager/docs/entity_definitions.md
new file mode 100644
index 0000000000000..932b3b1de8f15
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/docs/entity_definitions.md
@@ -0,0 +1,7 @@
+### Entity Definitions
+
+Entity definitions are a core concept of the entity model. They define the way to locate, aggregate and extract a specific type of entity documents from source indices. Definitions are stored as Kibana saved objects and serve as the input to build ingested pipelines and transforms that will actually collect and store the data.
+
+#### Builtin Definitions
+
+Entity discovery is an aggregation of _builtin_ definitions (stored in [builtin directory](../server/lib/entities/built_in)) that Elastic defines and maintains. Because we want to provide updates to existing definitions but also install new ones with future releases, we need a way to perform these actions automatically on behalf of users. To achieve that we ask for an initial _enablement_ step that creates an API key stored as an encrypted saved object. The API key is generated through a REST endpoint and is created with the credentials of the user calling that endpoint. The key requires specific privileges to install/kickoff the transforms (see privileges [here](../server/lib/auth/privileges.ts)). Once a valid key is stored, any actions performed on builtin definitions are made through that key.
\ No newline at end of file
diff --git a/x-pack/plugins/observability_solution/asset_manager/jest.config.js b/x-pack/plugins/observability_solution/entity_manager/jest.config.js
similarity index 68%
rename from x-pack/plugins/observability_solution/asset_manager/jest.config.js
rename to x-pack/plugins/observability_solution/entity_manager/jest.config.js
index 3f091dd5109b3..29fb7c37260fb 100644
--- a/x-pack/plugins/observability_solution/asset_manager/jest.config.js
+++ b/x-pack/plugins/observability_solution/entity_manager/jest.config.js
@@ -8,11 +8,11 @@
 module.exports = {
   preset: '@kbn/test',
   rootDir: '../../../..',
-  roots: ['<rootDir>/x-pack/plugins/observability_solution/asset_manager'],
+  roots: ['<rootDir>/x-pack/plugins/observability_solution/entity_manager'],
   coverageDirectory:
-    '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/observability_solution/asset_manager',
+    '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/observability_solution/entity_manager',
   coverageReporters: ['text', 'html'],
   collectCoverageFrom: [
-    '<rootDir>/x-pack/plugins/observability_solution/asset_manager/{common,public,server}/**/*.{js,ts,tsx}',
+    '<rootDir>/x-pack/plugins/observability_solution/entity_manager/{common,public,server}/**/*.{js,ts,tsx}',
   ],
 };
diff --git a/x-pack/plugins/observability_solution/asset_manager/kibana.jsonc b/x-pack/plugins/observability_solution/entity_manager/kibana.jsonc
similarity index 55%
rename from x-pack/plugins/observability_solution/asset_manager/kibana.jsonc
rename to x-pack/plugins/observability_solution/entity_manager/kibana.jsonc
index 86c6db40359de..b13c51630469e 100644
--- a/x-pack/plugins/observability_solution/asset_manager/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/entity_manager/kibana.jsonc
@@ -1,20 +1,20 @@
 {
   "type": "plugin",
-  "id": "@kbn/assetManager-plugin",
+  "id": "@kbn/entityManager-plugin",
   "owner": "@elastic/obs-knowledge-team",
-  "description": "Asset manager plugin for entity assets (inventory, topology, etc)",
+  "description": "Entity manager plugin for entity assets (inventory, topology, etc)",
   "plugin": {
-    "id": "assetManager",
+    "id": "entityManager",
     "configPath": [
       "xpack",
-      "assetManager"
+      "entityManager"
     ],
     "optionalPlugins": [
       "spaces"
     ],
     "requiredPlugins": [
-      "apmDataAccess",
-      "metricsDataAccess"
+      "security",
+      "encryptedSavedObjects",
     ],
     "browser": true,
     "server": true,
diff --git a/x-pack/plugins/observability_solution/asset_manager/public/index.ts b/x-pack/plugins/observability_solution/entity_manager/public/index.ts
similarity index 61%
rename from x-pack/plugins/observability_solution/asset_manager/public/index.ts
rename to x-pack/plugins/observability_solution/entity_manager/public/index.ts
index 7837c00909430..e17edb959595d 100644
--- a/x-pack/plugins/observability_solution/asset_manager/public/index.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/public/index.ts
@@ -7,14 +7,14 @@
 
 import { PluginInitializer, PluginInitializerContext } from '@kbn/core/public';
 import { Plugin } from './plugin';
-import { AssetManagerPublicPluginSetup, AssetManagerPublicPluginStart } from './types';
+import { EntityManagerPublicPluginSetup, EntityManagerPublicPluginStart } from './types';
 
 export const plugin: PluginInitializer<
-  AssetManagerPublicPluginSetup | undefined,
-  AssetManagerPublicPluginStart | undefined
+  EntityManagerPublicPluginSetup | undefined,
+  EntityManagerPublicPluginStart | undefined
 > = (context: PluginInitializerContext) => {
   return new Plugin(context);
 };
 
-export type { AssetManagerPublicPluginSetup, AssetManagerPublicPluginStart };
-export type AssetManagerAppId = 'assetManager';
+export type { EntityManagerPublicPluginSetup, EntityManagerPublicPluginStart };
+export type EntityManagerAppId = 'entityManager';
diff --git a/x-pack/plugins/observability_solution/entity_manager/public/lib/entity_client.ts b/x-pack/plugins/observability_solution/entity_manager/public/lib/entity_client.ts
new file mode 100644
index 0000000000000..357062ee6f524
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/public/lib/entity_client.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { HttpStart } from '@kbn/core/public';
+import { IEntityClient } from '../types';
+import { MANAGED_ENTITY_ENABLEMENT_ROUTE } from '../../common/constants_entities';
+import {
+  ManagedEntityEnabledResponse,
+  EnableManagedEntityResponse,
+  DisableManagedEntityResponse,
+} from '../../common/types_api';
+
+export class EntityClient implements IEntityClient {
+  constructor(private readonly http: HttpStart) {}
+
+  async isManagedEntityDiscoveryEnabled(): Promise<ManagedEntityEnabledResponse> {
+    return await this.http.get(MANAGED_ENTITY_ENABLEMENT_ROUTE);
+  }
+
+  async enableManagedEntityDiscovery(): Promise<EnableManagedEntityResponse> {
+    return await this.http.put(MANAGED_ENTITY_ENABLEMENT_ROUTE);
+  }
+
+  async disableManagedEntityDiscovery(): Promise<DisableManagedEntityResponse> {
+    return await this.http.delete(MANAGED_ENTITY_ENABLEMENT_ROUTE);
+  }
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/public/plugin.ts b/x-pack/plugins/observability_solution/entity_manager/public/plugin.ts
new file mode 100644
index 0000000000000..0de83b4252b62
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/public/plugin.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreSetup, CoreStart, PluginInitializerContext } from '@kbn/core/public';
+import { Logger } from '@kbn/logging';
+
+import { EntityManagerPluginClass } from './types';
+import type { EntityManagerPublicConfig } from '../common/config';
+import { EntityClient } from './lib/entity_client';
+
+export class Plugin implements EntityManagerPluginClass {
+  public config: EntityManagerPublicConfig;
+  public logger: Logger;
+
+  constructor(context: PluginInitializerContext<{}>) {
+    this.config = context.config.get();
+    this.logger = context.logger.get();
+  }
+
+  setup(core: CoreSetup) {
+    const entityClient = new EntityClient(core.http);
+    return {
+      entityClient,
+    };
+  }
+
+  start(core: CoreStart) {
+    const entityClient = new EntityClient(core.http);
+    return {
+      entityClient,
+    };
+  }
+
+  stop() {}
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/public/types.ts b/x-pack/plugins/observability_solution/entity_manager/public/types.ts
new file mode 100644
index 0000000000000..5c7ab11058d4d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/public/types.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { Plugin as PluginClass } from '@kbn/core/public';
+import {
+  DisableManagedEntityResponse,
+  EnableManagedEntityResponse,
+  ManagedEntityEnabledResponse,
+} from '../common/types_api';
+
+export interface EntityManagerPublicPluginSetup {
+  entityClient: IEntityClient;
+}
+
+export interface EntityManagerPublicPluginStart {
+  entityClient: IEntityClient;
+}
+
+export type EntityManagerPluginClass = PluginClass<
+  EntityManagerPublicPluginSetup | undefined,
+  EntityManagerPublicPluginStart | undefined
+>;
+
+export interface IEntityClient {
+  isManagedEntityDiscoveryEnabled: () => Promise<ManagedEntityEnabledResponse>;
+  enableManagedEntityDiscovery: () => Promise<EnableManagedEntityResponse>;
+  disableManagedEntityDiscovery: () => Promise<DisableManagedEntityResponse>;
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/index.ts
new file mode 100644
index 0000000000000..172b22b588f58
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/index.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PluginInitializerContext } from '@kbn/core-plugins-server';
+import { EntityManagerConfig } from '../common/config';
+import { EntityManagerServerPluginSetup, EntityManagerServerPluginStart, config } from './plugin';
+
+export type { EntityManagerConfig, EntityManagerServerPluginSetup, EntityManagerServerPluginStart };
+export { config };
+
+export const plugin = async (context: PluginInitializerContext<EntityManagerConfig>) => {
+  const { EntityManagerServerPlugin } = await import('./plugin');
+  return new EntityManagerServerPlugin(context);
+};
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts
new file mode 100644
index 0000000000000..5d48ff6e36f0d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { KibanaRequest } from '@kbn/core-http-server';
+import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
+import { EntityManagerServerSetup } from '../../../types';
+import { canRunEntityDiscovery, requiredRunTimePrivileges } from '../privileges';
+
+export interface EntityDiscoveryAPIKey {
+  id: string;
+  name: string;
+  apiKey: string;
+}
+
+export const checkIfAPIKeysAreEnabled = async (
+  server: EntityManagerServerSetup
+): Promise<boolean> => {
+  return await server.security.authc.apiKeys.areAPIKeysEnabled();
+};
+
+export const checkIfEntityDiscoveryAPIKeyIsValid = async (
+  server: EntityManagerServerSetup,
+  apiKey: EntityDiscoveryAPIKey
+): Promise<boolean> => {
+  server.logger.debug('validating API key against authentication service');
+
+  const isValid = await server.security.authc.apiKeys.validate({
+    id: apiKey.id,
+    api_key: apiKey.apiKey,
+  });
+
+  if (!isValid) return false;
+
+  // this fake kibana request is how you get an API key-scoped client...
+  const esClient = server.core.elasticsearch.client.asScoped(
+    getFakeKibanaRequest({
+      id: apiKey.id,
+      api_key: apiKey.apiKey,
+    })
+  ).asCurrentUser;
+
+  server.logger.debug('validating API key has runtime privileges for entity discovery');
+
+  return canRunEntityDiscovery(esClient);
+};
+
+export const generateEntityDiscoveryAPIKey = async (
+  server: EntityManagerServerSetup,
+  req: KibanaRequest
+): Promise<EntityDiscoveryAPIKey | undefined> => {
+  const apiKey = await server.security.authc.apiKeys.grantAsInternalUser(req, {
+    name: 'Entity discovery API key',
+    role_descriptors: {
+      entity_discovery_admin: requiredRunTimePrivileges,
+    },
+    metadata: {
+      description:
+        'API key used to manage the transforms and ingest pipelines created by the entity discovery framework',
+    },
+  });
+
+  if (apiKey !== null) {
+    return {
+      id: apiKey.id,
+      name: apiKey.name,
+      apiKey: apiKey.api_key,
+    };
+  }
+};
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts
new file mode 100644
index 0000000000000..5bd5004f1b9bc
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SavedObjectsErrorHelpers, SavedObjectsClientContract } from '@kbn/core/server';
+import { EntityDiscoveryApiKeyType } from '../../../saved_objects';
+import { EntityManagerServerSetup } from '../../../types';
+import { EntityDiscoveryAPIKey } from './api_key';
+
+const ENTITY_DISCOVERY_API_KEY_SO_ID = '19540C97-E35C-485B-8566-FB86EC8455E4';
+
+const getEncryptedSOClient = (server: EntityManagerServerSetup) => {
+  return server.encryptedSavedObjects.getClient({
+    includedHiddenTypes: [EntityDiscoveryApiKeyType.name],
+  });
+};
+
+export const readEntityDiscoveryAPIKey = async (server: EntityManagerServerSetup) => {
+  try {
+    const soClient = getEncryptedSOClient(server);
+    const obj = await soClient.getDecryptedAsInternalUser<EntityDiscoveryAPIKey>(
+      EntityDiscoveryApiKeyType.name,
+      ENTITY_DISCOVERY_API_KEY_SO_ID
+    );
+    return obj?.attributes;
+  } catch (err) {
+    if (SavedObjectsErrorHelpers.isNotFoundError(err)) {
+      return undefined;
+    }
+    throw err;
+  }
+};
+
+export const saveEntityDiscoveryAPIKey = async (
+  soClient: SavedObjectsClientContract,
+  apiKey: EntityDiscoveryAPIKey
+) => {
+  await soClient.create(EntityDiscoveryApiKeyType.name, apiKey, {
+    id: ENTITY_DISCOVERY_API_KEY_SO_ID,
+    overwrite: true,
+  });
+};
+
+export const deleteEntityDiscoveryAPIKey = async (soClient: SavedObjectsClientContract) => {
+  await soClient.delete(EntityDiscoveryApiKeyType.name, ENTITY_DISCOVERY_API_KEY_SO_ID);
+};
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/index.ts
new file mode 100644
index 0000000000000..967a7371ac100
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/index.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  checkIfAPIKeysAreEnabled,
+  checkIfEntityDiscoveryAPIKeyIsValid,
+  generateEntityDiscoveryAPIKey,
+} from './api_key/api_key';
+import {
+  readEntityDiscoveryAPIKey,
+  saveEntityDiscoveryAPIKey,
+  deleteEntityDiscoveryAPIKey,
+} from './api_key/saved_object';
+import { canEnableEntityDiscovery, canRunEntityDiscovery } from './privileges';
+
+export {
+  readEntityDiscoveryAPIKey,
+  saveEntityDiscoveryAPIKey,
+  deleteEntityDiscoveryAPIKey,
+  checkIfAPIKeysAreEnabled,
+  checkIfEntityDiscoveryAPIKeyIsValid,
+  canEnableEntityDiscovery,
+  canRunEntityDiscovery,
+  generateEntityDiscoveryAPIKey,
+};
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/privileges.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/privileges.ts
new file mode 100644
index 0000000000000..453e0935e4fb4
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/privileges.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core/server';
+import { ENTITY_BASE_PREFIX } from '../../../common/constants_entities';
+import { BUILT_IN_ALLOWED_INDICES } from '../entities/built_in/constants';
+
+export const requiredRunTimePrivileges = {
+  // all of
+  index: [
+    {
+      names: [`${ENTITY_BASE_PREFIX}*`],
+      privileges: ['create_index', 'index', 'create_doc', 'auto_configure', 'read'],
+    },
+    {
+      names: [...BUILT_IN_ALLOWED_INDICES, `${ENTITY_BASE_PREFIX}*`],
+      privileges: ['read', 'view_index_metadata'],
+    },
+  ],
+  cluster: ['manage_transform', 'monitor_transform', 'manage_ingest_pipelines', 'monitor'],
+  application: [
+    {
+      application: 'kibana-.kibana',
+      privileges: ['saved_object:entity-definition/*'],
+      resources: ['*'],
+    },
+  ],
+};
+
+export const requiredEnablementPrivileges = {
+  // any one of
+  cluster: ['manage_security', 'manage_api_key', 'manage_own_api_key'],
+};
+
+export const canRunEntityDiscovery = async (client: ElasticsearchClient) => {
+  const { has_all_requested: hasAllRequested } = await client.security.hasPrivileges({
+    body: {
+      cluster: requiredRunTimePrivileges.cluster,
+      index: requiredRunTimePrivileges.index,
+      application: requiredRunTimePrivileges.application,
+    },
+  });
+
+  return hasAllRequested;
+};
+
+export const canEnableEntityDiscovery = async (client: ElasticsearchClient) => {
+  const [canRun, { cluster: grantedClusterPrivileges }] = await Promise.all([
+    canRunEntityDiscovery(client),
+    client.security.hasPrivileges({
+      body: {
+        cluster: requiredEnablementPrivileges.cluster,
+      },
+    }),
+  ]);
+
+  return (
+    canRun && requiredEnablementPrivileges.cluster.some((k) => grantedClusterPrivileges[k] === true)
+  );
+};
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/constants.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/constants.ts
new file mode 100644
index 0000000000000..f32362255ab7a
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/constants.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const BUILT_IN_ID_PREFIX = 'builtin_';
+export const BUILT_IN_ALLOWED_INDICES = [
+  'apm-*',
+  'logs-*',
+  'metrics-*',
+  'filebeat*',
+  'metricbeat*',
+];
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/index.ts
new file mode 100644
index 0000000000000..b5764ba62eb91
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EntityDefinition } from '@kbn/entities-schema';
+import { builtInServicesEntityDefinition } from './services';
+
+export { BUILT_IN_ID_PREFIX } from './constants';
+
+export const builtInDefinitions: EntityDefinition[] = [builtInServicesEntityDefinition];
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/services.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/services.ts
new file mode 100644
index 0000000000000..916fef586e4d5
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/services.ts
@@ -0,0 +1,68 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
+import { BUILT_IN_ID_PREFIX } from './constants';
+
+export const builtInServicesEntityDefinition: EntityDefinition = entityDefinitionSchema.parse({
+  id: `${BUILT_IN_ID_PREFIX}services`,
+  name: 'Services from logs',
+  type: 'service',
+  managed: true,
+  indexPatterns: ['logs-*', 'filebeat*'],
+  history: {
+    timestampField: '@timestamp',
+    interval: '1m',
+  },
+  latest: {
+    lookback: '5m',
+  },
+  identityFields: ['service.name', { field: 'service.environment', optional: true }],
+  displayNameTemplate: '{{service.name}}{{#service.environment}}:{{.}}{{/service.environment}}',
+  metadata: [
+    'data_stream.type',
+    'service.instance.id',
+    'service.namespace',
+    'service.version',
+    'service.runtime.name',
+    'service.runtime.version',
+    'service.node.name',
+    'service.language.name',
+    'agent.name',
+    'cloud.provider',
+    'cloud.instance.id',
+    'cloud.availability_zone',
+    'cloud.instance.name',
+    'cloud.machine.type',
+    'host.name',
+    'container.id',
+  ],
+  metrics: [
+    {
+      name: 'logRate',
+      equation: 'A / 5',
+      metrics: [
+        {
+          name: 'A',
+          aggregation: 'doc_count',
+          filter: 'log.level: *',
+        },
+      ],
+    },
+    {
+      name: 'errorRate',
+      equation: 'A / 5',
+      metrics: [
+        {
+          name: 'A',
+          aggregation: 'doc_count',
+          filter: 'log.level: "ERROR"',
+        },
+      ],
+    },
+  ],
+});
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_ingest_pipeline.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_ingest_pipeline.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_ingest_pipeline.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_ingest_pipeline.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_transform.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_transform.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_transform.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_entity_definition.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_entity_definition.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_entity_definition.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_index.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_index.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_index.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_ingest_pipeline.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_ingest_pipeline.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_ingest_pipeline.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_ingest_pipeline.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_id_conflict_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_id_conflict_error.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_id_conflict_error.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_id_conflict_error.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_not_found.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_not_found.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_not_found.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_not_found.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_security_exception.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_security_exception.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_security_exception.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_security_exception.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/invalid_transform_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/invalid_transform_error.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/invalid_transform_error.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/invalid_transform_error.ts
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/find_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/find_entity_definition.ts
new file mode 100644
index 0000000000000..8351142333f9b
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/find_entity_definition.ts
@@ -0,0 +1,83 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { compact } from 'lodash';
+import { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
+import { EntityDefinition } from '@kbn/entities-schema';
+import { SO_ENTITY_DEFINITION_TYPE } from '../../saved_objects';
+import { generateHistoryIngestPipelineId } from './ingest_pipeline/generate_history_ingest_pipeline_id';
+import { generateLatestIngestPipelineId } from './ingest_pipeline/generate_latest_ingest_pipeline_id';
+import { generateHistoryTransformId } from './transform/generate_history_transform_id';
+import { generateLatestTransformId } from './transform/generate_latest_transform_id';
+import { BUILT_IN_ID_PREFIX } from './built_in';
+
+export async function findEntityDefinitions({
+  soClient,
+  esClient,
+  builtIn,
+  id,
+  page = 1,
+  perPage = 10,
+}: {
+  soClient: SavedObjectsClientContract;
+  esClient: ElasticsearchClient;
+  builtIn?: boolean;
+  id?: string;
+  page?: number;
+  perPage?: number;
+}): Promise<Array<EntityDefinition & { state: { installed: boolean; running: boolean } }>> {
+  const filter = compact([
+    typeof builtIn === 'boolean'
+      ? `${SO_ENTITY_DEFINITION_TYPE}.attributes.id:(${BUILT_IN_ID_PREFIX}*)`
+      : undefined,
+    id ? `${SO_ENTITY_DEFINITION_TYPE}.attributes.id:(${id})` : undefined,
+  ]).join(' AND ');
+  const response = await soClient.find<EntityDefinition>({
+    type: SO_ENTITY_DEFINITION_TYPE,
+    filter,
+    page,
+    perPage,
+  });
+
+  return Promise.all(
+    response.saved_objects.map(async ({ attributes }) => {
+      const state = await getEntityDefinitionState(esClient, attributes);
+      return { ...attributes, state };
+    })
+  );
+}
+
+async function getEntityDefinitionState(
+  esClient: ElasticsearchClient,
+  definition: EntityDefinition
+) {
+  const historyIngestPipelineId = generateHistoryIngestPipelineId(definition);
+  const latestIngestPipelineId = generateLatestIngestPipelineId(definition);
+  const [ingestPipelines, transforms] = await Promise.all([
+    esClient.ingest.getPipeline({
+      id: `${historyIngestPipelineId},${latestIngestPipelineId}`,
+    }),
+    esClient.transform.getTransformStats({
+      transform_id: [generateHistoryTransformId(definition), generateLatestTransformId(definition)],
+    }),
+  ]);
+
+  const ingestPipelinesInstalled = !!(
+    ingestPipelines[historyIngestPipelineId] && ingestPipelines[latestIngestPipelineId]
+  );
+  const transformsInstalled = transforms.count === 2;
+  const transformsRunning =
+    transformsInstalled &&
+    transforms.transforms.every(
+      (transform) => transform.state === 'started' || transform.state === 'indexing'
+    );
+
+  return {
+    installed: ingestPipelinesInstalled && transformsInstalled,
+    running: transformsRunning,
+  };
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts
similarity index 95%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts
index 3e07c6860a30a..d284e0a2b1a68 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts
@@ -17,7 +17,7 @@ export const entityDefinition = entityDefinitionSchema.parse({
   },
   identityFields: ['log.logger', { field: 'event.category', optional: true }],
   displayNameTemplate: '{{log.logger}}{{#event.category}}:{{.}}{{/event.category}}',
-  metadata: ['tags', 'host.name'],
+  metadata: ['tags', 'host.name', 'host.os.name'],
   metrics: [
     {
       name: 'logRate',
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/generate_index_name.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/generate_index_name.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/generate_index_name.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/generate_index_name.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/retry.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/retry.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/retry.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/retry.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap
similarity index 90%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap
index 8783bab7b5589..f5d7c7e3683b4 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap
@@ -83,9 +83,14 @@ Array [
   ctx[\\"tags\\"] = ctx.entity.metadata.tags.keySet();
 }
 if (ctx.entity?.metadata?.host?.name != null) {
-  ctx[\\"host\\"] = new HashMap();
+ if(ctx.host == null)  ctx[\\"host\\"] = new HashMap();
   ctx[\\"host\\"][\\"name\\"] = ctx.entity.metadata.host.name.keySet();
 }
+if (ctx.entity?.metadata?.host?.os?.name != null) {
+ if(ctx.host == null)  ctx[\\"host\\"] = new HashMap();
+ if(ctx.host.os == null)  ctx[\\"host\\"][\\"os\\"] = new HashMap();
+  ctx[\\"host\\"][\\"os\\"][\\"name\\"] = ctx.entity.metadata.host.os.name.keySet();
+}
 ",
     },
   },
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap
similarity index 76%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap
index 3b6cee7db59f7..bd31c8563be44 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap
@@ -26,9 +26,14 @@ Array [
   ctx[\\"tags\\"] = ctx.entity.metadata.tags.data.keySet();
 }
 if (ctx.entity?.metadata?.host?.name.data != null) {
-  ctx[\\"host\\"] = new HashMap();
+ if(ctx.host == null)  ctx[\\"host\\"] = new HashMap();
   ctx[\\"host\\"][\\"name\\"] = ctx.entity.metadata.host.name.data.keySet();
 }
+if (ctx.entity?.metadata?.host?.os?.name.data != null) {
+ if(ctx.host == null)  ctx[\\"host\\"] = new HashMap();
+ if(ctx.host.os == null)  ctx[\\"host\\"][\\"os\\"] = new HashMap();
+  ctx[\\"host\\"][\\"os\\"][\\"name\\"] = ctx.entity.metadata.host.os.name.data.keySet();
+}
 ",
     },
   },
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts
similarity index 94%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts
index 198f129c94db5..dcfa23d398813 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts
@@ -14,7 +14,7 @@ function createIdTemplate(definition: EntityDefinition) {
   }, definition.displayNameTemplate);
 }
 
-function mapDesitnationToPainless(destination: string, source: string) {
+function mapDestinationToPainless(destination: string, source: string) {
   const fieldParts = destination.split('.');
   return fieldParts.reduce((acc, _part, currentIndex, parts) => {
     if (currentIndex + 1 === parts.length) {
@@ -22,7 +22,7 @@ function mapDesitnationToPainless(destination: string, source: string) {
         .map((s) => `["${s}"]`)
         .join('')} = ctx.entity.metadata.${source}.keySet();`;
     }
-    return `${acc}\n  ctx${parts
+    return `${acc}\n if(ctx.${parts.slice(0, currentIndex + 1).join('.')} == null)  ctx${parts
       .slice(0, currentIndex + 1)
       .map((s) => `["${s}"]`)
       .join('')} = new HashMap();`;
@@ -39,7 +39,7 @@ function createMetadataPainlessScript(definition: EntityDefinition) {
     return `${script}if (ctx.entity?.metadata?.${source.replaceAll(
       '.',
       '?.'
-    )} != null) {${mapDesitnationToPainless(destination, source)}\n}\n`;
+    )} != null) {${mapDestinationToPainless(destination, source)}\n}\n`;
   }, '');
 }
 
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts
similarity index 90%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts
index e84d1674b571b..992f4e14c8d16 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts
@@ -8,7 +8,7 @@
 import { EntityDefinition } from '@kbn/entities-schema';
 import { generateLatestIndexName } from '../helpers/generate_index_name';
 
-function mapDesitnationToPainless(destination: string, source: string) {
+function mapDestinationToPainless(destination: string, source: string) {
   const fieldParts = destination.split('.');
   return fieldParts.reduce((acc, _part, currentIndex, parts) => {
     if (currentIndex + 1 === parts.length) {
@@ -16,7 +16,7 @@ function mapDesitnationToPainless(destination: string, source: string) {
         .map((s) => `["${s}"]`)
         .join('')} = ctx.entity.metadata.${source}.data.keySet();`;
     }
-    return `${acc}\n  ctx${parts
+    return `${acc}\n if(ctx.${parts.slice(0, currentIndex + 1).join('.')} == null)  ctx${parts
       .slice(0, currentIndex + 1)
       .map((s) => `["${s}"]`)
       .join('')} = new HashMap();`;
@@ -33,7 +33,7 @@ function createMetadataPainlessScript(definition: EntityDefinition) {
     return `${script}if (ctx.entity?.metadata?.${source.replaceAll(
       '.',
       '?.'
-    )}.data != null) {${mapDesitnationToPainless(destination, source)}\n}\n`;
+    )}.data != null) {${mapDestinationToPainless(destination, source)}\n}\n`;
   }, '');
 }
 
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.test.ts
new file mode 100644
index 0000000000000..02de8754e6afc
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.test.ts
@@ -0,0 +1,210 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { EntityDefinition } from '@kbn/entities-schema';
+import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { installBuiltInEntityDefinitions } from './install_entity_definition';
+import { builtInServicesEntityDefinition } from './built_in/services';
+import { SO_ENTITY_DEFINITION_TYPE } from '../../saved_objects';
+import { generateHistoryIngestPipelineId } from './ingest_pipeline/generate_history_ingest_pipeline_id';
+import { generateLatestIngestPipelineId } from './ingest_pipeline/generate_latest_ingest_pipeline_id';
+import { generateHistoryTransform } from './transform/generate_history_transform';
+import { generateLatestTransform } from './transform/generate_latest_transform';
+import { generateHistoryTransformId } from './transform/generate_history_transform_id';
+import { generateLatestTransformId } from './transform/generate_latest_transform_id';
+
+const assertHasCreatedDefinition = (
+  definition: EntityDefinition,
+  soClient: SavedObjectsClientContract,
+  esClient: ElasticsearchClient
+) => {
+  expect(soClient.create).toBeCalledTimes(1);
+  expect(soClient.create).toBeCalledWith(SO_ENTITY_DEFINITION_TYPE, definition, {
+    id: definition.id,
+    overwrite: true,
+  });
+
+  expect(esClient.ingest.putPipeline).toBeCalledTimes(2);
+  expect(esClient.ingest.putPipeline).toBeCalledWith({
+    id: generateHistoryIngestPipelineId(builtInServicesEntityDefinition),
+    processors: expect.anything(),
+  });
+  expect(esClient.ingest.putPipeline).toBeCalledWith({
+    id: generateLatestIngestPipelineId(builtInServicesEntityDefinition),
+    processors: expect.anything(),
+  });
+
+  expect(esClient.transform.putTransform).toBeCalledTimes(2);
+  expect(esClient.transform.putTransform).toBeCalledWith(
+    generateHistoryTransform(builtInServicesEntityDefinition)
+  );
+  expect(esClient.transform.putTransform).toBeCalledWith(
+    generateLatestTransform(builtInServicesEntityDefinition)
+  );
+};
+
+const assertHasStartedTransform = (definition: EntityDefinition, esClient: ElasticsearchClient) => {
+  expect(esClient.transform.startTransform).toBeCalledTimes(2);
+  expect(esClient.transform.startTransform).toBeCalledWith(
+    {
+      transform_id: generateHistoryTransformId(builtInServicesEntityDefinition),
+    },
+    expect.anything()
+  );
+  expect(esClient.transform.startTransform).toBeCalledWith(
+    {
+      transform_id: generateLatestTransformId(builtInServicesEntityDefinition),
+    },
+    expect.anything()
+  );
+};
+
+const assertHasUninstalledDefinition = (
+  definition: EntityDefinition,
+  soClient: SavedObjectsClientContract,
+  esClient: ElasticsearchClient
+) => {
+  expect(esClient.transform.stopTransform).toBeCalledTimes(2);
+  expect(esClient.transform.stopTransform).toBeCalledWith(
+    expect.objectContaining({
+      transform_id: generateHistoryTransformId(definition),
+    }),
+    expect.anything()
+  );
+  expect(esClient.transform.deleteTransform).toBeCalledWith(
+    expect.objectContaining({
+      transform_id: generateHistoryTransformId(definition),
+    }),
+    expect.anything()
+  );
+  expect(esClient.transform.stopTransform).toBeCalledWith(
+    expect.objectContaining({
+      transform_id: generateLatestTransformId(definition),
+    }),
+    expect.anything()
+  );
+  expect(esClient.transform.deleteTransform).toBeCalledWith(
+    expect.objectContaining({
+      transform_id: generateLatestTransformId(definition),
+    }),
+    expect.anything()
+  );
+
+  expect(esClient.transform.deleteTransform).toBeCalledTimes(2);
+  expect(esClient.ingest.deletePipeline).toBeCalledTimes(2);
+  expect(soClient.delete).toBeCalledTimes(1);
+};
+
+describe('install_entity_definition', () => {
+  describe('installBuiltInEntityDefinitions', () => {
+    it('should install and start definition when not found', async () => {
+      const builtInDefinitions = [builtInServicesEntityDefinition];
+      const esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
+      const soClient = savedObjectsClientMock.create();
+      soClient.find.mockResolvedValue({ saved_objects: [], total: 0, page: 1, per_page: 10 });
+
+      await installBuiltInEntityDefinitions({
+        esClient,
+        soClient,
+        builtInDefinitions,
+        logger: loggerMock.create(),
+        spaceId: 'default',
+      });
+
+      assertHasCreatedDefinition(builtInServicesEntityDefinition, soClient, esClient);
+      assertHasStartedTransform(builtInServicesEntityDefinition, esClient);
+    });
+
+    it('should reinstall when partial state found', async () => {
+      const builtInDefinitions = [builtInServicesEntityDefinition];
+      const esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
+      // mock partially installed definition
+      esClient.ingest.getPipeline.mockResolvedValue({});
+      esClient.transform.getTransformStats.mockResolvedValue({ transforms: [], count: 0 });
+      const soClient = savedObjectsClientMock.create();
+      const definitionSOResult = {
+        saved_objects: [
+          {
+            id: builtInServicesEntityDefinition.id,
+            type: 'entity-definition',
+            references: [],
+            score: 0,
+            attributes: builtInServicesEntityDefinition,
+          },
+        ],
+        total: 1,
+        page: 1,
+        per_page: 10,
+      };
+      soClient.find
+        .mockResolvedValueOnce(definitionSOResult)
+        .mockResolvedValueOnce(definitionSOResult)
+        .mockResolvedValueOnce({
+          saved_objects: [],
+          total: 0,
+          page: 1,
+          per_page: 10,
+        });
+
+      await installBuiltInEntityDefinitions({
+        esClient,
+        soClient,
+        builtInDefinitions,
+        logger: loggerMock.create(),
+        spaceId: 'default',
+      });
+
+      assertHasUninstalledDefinition(builtInServicesEntityDefinition, soClient, esClient);
+      assertHasCreatedDefinition(builtInServicesEntityDefinition, soClient, esClient);
+      assertHasStartedTransform(builtInServicesEntityDefinition, esClient);
+    });
+
+    it('should start a stopped definition', async () => {
+      const builtInDefinitions = [builtInServicesEntityDefinition];
+      const esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
+      // mock installed but stopped definition
+      esClient.ingest.getPipeline.mockResolvedValue({
+        [generateHistoryIngestPipelineId(builtInServicesEntityDefinition)]: {},
+        [generateLatestIngestPipelineId(builtInServicesEntityDefinition)]: {},
+      });
+      esClient.transform.getTransformStats.mockResolvedValue({
+        // @ts-expect-error
+        transforms: [{ state: 'stopped' }, { state: 'stopped' }],
+        count: 2,
+      });
+      const soClient = savedObjectsClientMock.create();
+      soClient.find.mockResolvedValue({
+        saved_objects: [
+          {
+            id: builtInServicesEntityDefinition.id,
+            type: 'entity-definition',
+            references: [],
+            score: 0,
+            attributes: builtInServicesEntityDefinition,
+          },
+        ],
+        total: 1,
+        page: 1,
+        per_page: 10,
+      });
+      await installBuiltInEntityDefinitions({
+        esClient,
+        soClient,
+        builtInDefinitions,
+        logger: loggerMock.create(),
+        spaceId: 'default',
+      });
+
+      expect(soClient.create).toHaveBeenCalledTimes(0);
+      assertHasStartedTransform(builtInServicesEntityDefinition, esClient);
+    });
+  });
+});
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.ts
new file mode 100644
index 0000000000000..630833ef16d59
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.ts
@@ -0,0 +1,161 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
+import { EntityDefinition } from '@kbn/entities-schema';
+import { Logger } from '@kbn/logging';
+import {
+  createAndInstallHistoryIngestPipeline,
+  createAndInstallLatestIngestPipeline,
+} from './create_and_install_ingest_pipeline';
+import {
+  createAndInstallHistoryTransform,
+  createAndInstallLatestTransform,
+} from './create_and_install_transform';
+import { deleteEntityDefinition } from './delete_entity_definition';
+import { deleteHistoryIngestPipeline, deleteLatestIngestPipeline } from './delete_ingest_pipeline';
+import { findEntityDefinitions } from './find_entity_definition';
+import { saveEntityDefinition } from './save_entity_definition';
+import { startTransform } from './start_transform';
+import {
+  stopAndDeleteHistoryTransform,
+  stopAndDeleteLatestTransform,
+} from './stop_and_delete_transform';
+import { uninstallEntityDefinition } from './uninstall_entity_definition';
+
+export interface InstallDefinitionParams {
+  esClient: ElasticsearchClient;
+  soClient: SavedObjectsClientContract;
+  definition: EntityDefinition;
+  logger: Logger;
+  spaceId: string;
+}
+
+export async function installEntityDefinition({
+  esClient,
+  soClient,
+  definition,
+  logger,
+  spaceId,
+}: InstallDefinitionParams): Promise<EntityDefinition> {
+  const installState = {
+    ingestPipelines: {
+      history: false,
+      latest: false,
+    },
+    transforms: {
+      history: false,
+      latest: false,
+    },
+    definition: false,
+  };
+
+  try {
+    logger.debug(`Installing definition ${JSON.stringify(definition)}`);
+    const entityDefinition = await saveEntityDefinition(soClient, definition);
+    installState.definition = true;
+
+    // install ingest pipelines
+    logger.debug(`Installing ingest pipelines for definition ${definition.id}`);
+    await createAndInstallHistoryIngestPipeline(esClient, entityDefinition, logger, spaceId);
+    installState.ingestPipelines.history = true;
+    await createAndInstallLatestIngestPipeline(esClient, entityDefinition, logger, spaceId);
+    installState.ingestPipelines.latest = true;
+
+    // install transforms
+    logger.debug(`Installing transforms for definition ${definition.id}`);
+    await createAndInstallHistoryTransform(esClient, entityDefinition, logger);
+    installState.transforms.history = true;
+    await createAndInstallLatestTransform(esClient, entityDefinition, logger);
+    installState.transforms.latest = true;
+
+    return entityDefinition;
+  } catch (e) {
+    logger.error(`Failed to install entity definition ${definition.id}`, e);
+    // Clean up anything that was successful.
+    if (installState.definition) {
+      await deleteEntityDefinition(soClient, definition, logger);
+    }
+
+    if (installState.ingestPipelines.history) {
+      await deleteHistoryIngestPipeline(esClient, definition, logger);
+    }
+    if (installState.ingestPipelines.latest) {
+      await deleteLatestIngestPipeline(esClient, definition, logger);
+    }
+
+    if (installState.transforms.history) {
+      await stopAndDeleteHistoryTransform(esClient, definition, logger);
+    }
+
+    if (installState.transforms.latest) {
+      await stopAndDeleteLatestTransform(esClient, definition, logger);
+    }
+
+    throw e;
+  }
+}
+
+export async function installBuiltInEntityDefinitions({
+  esClient,
+  soClient,
+  logger,
+  builtInDefinitions,
+  spaceId,
+}: Omit<InstallDefinitionParams, 'definition'> & {
+  builtInDefinitions: EntityDefinition[];
+}): Promise<EntityDefinition[]> {
+  if (builtInDefinitions.length === 0) return [];
+
+  logger.debug(`Starting installation of ${builtInDefinitions.length} built-in definitions`);
+  const installPromises = builtInDefinitions.map(async (builtInDefinition) => {
+    const definitions = await findEntityDefinitions({
+      esClient,
+      soClient,
+      id: builtInDefinition.id,
+    });
+
+    if (definitions.length === 0) {
+      return await installAndStartDefinition({
+        definition: builtInDefinition,
+        esClient,
+        soClient,
+        logger,
+        spaceId,
+      });
+    }
+
+    const definition = definitions[0];
+    // verify current installation
+    if (!definition.state.installed) {
+      logger.debug(`Detected partial installation of definition [${definition.id}], reinstalling`);
+      await uninstallEntityDefinition({ esClient, soClient, logger, definition });
+      return await installAndStartDefinition({
+        definition: builtInDefinition,
+        esClient,
+        soClient,
+        logger,
+        spaceId,
+      });
+    }
+
+    if (!definition.state.running) {
+      logger.debug(`Starting transforms for definition [${definition.id}]`);
+      await startTransform(esClient, definition, logger);
+    }
+    return definition;
+  });
+
+  return await Promise.all(installPromises);
+}
+
+async function installAndStartDefinition(params: InstallDefinitionParams) {
+  const definition = await installEntityDefinition(params);
+  await startTransform(params.esClient, definition, params.logger);
+  return definition;
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/read_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/read_entity_definition.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/read_entity_definition.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/read_entity_definition.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/save_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/save_entity_definition.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/save_entity_definition.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/save_entity_definition.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/start_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/start_transform.ts
similarity index 98%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/start_transform.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/start_transform.ts
index 03d199c09adf8..0ded4adf39436 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/start_transform.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/start_transform.ts
@@ -30,7 +30,7 @@ export async function startTransform(
       { logger }
     );
   } catch (err) {
-    logger.error(`Cannot start entity transforms [${definition.id}]`);
+    logger.error(`Cannot start entity transforms [${definition.id}]: ${err}`);
     throw err;
   }
 }
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/stop_and_delete_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/stop_and_delete_transform.ts
similarity index 96%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/stop_and_delete_transform.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/stop_and_delete_transform.ts
index 2088a3dbaaeb0..23d05d3f736e0 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/stop_and_delete_transform.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/stop_and_delete_transform.ts
@@ -22,7 +22,7 @@ export async function stopAndDeleteHistoryTransform(
       () =>
         esClient.transform.stopTransform(
           { transform_id: historyTransformId, wait_for_completion: true, force: true },
-          { ignore: [409] }
+          { ignore: [409, 404] }
         ),
       { logger }
     );
@@ -39,6 +39,7 @@ export async function stopAndDeleteHistoryTransform(
     throw e;
   }
 }
+
 export async function stopAndDeleteLatestTransform(
   esClient: ElasticsearchClient,
   definition: EntityDefinition,
@@ -50,7 +51,7 @@ export async function stopAndDeleteLatestTransform(
       () =>
         esClient.transform.stopTransform(
           { transform_id: latestTransformId, wait_for_completion: true, force: true },
-          { ignore: [409] }
+          { ignore: [409, 404] }
         ),
       { logger }
     );
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap
similarity index 95%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap
index 96cc7bd24afe6..e32b30a757add 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap
@@ -49,6 +49,12 @@ Object {
           "size": 1000,
         },
       },
+      "entity.metadata.host.os.name": Object {
+        "terms": Object {
+          "field": "host.os.name",
+          "size": 1000,
+        },
+      },
       "entity.metadata.tags": Object {
         "terms": Object {
           "field": "tags",
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap
similarity index 87%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap
index ee0954add4091..959c45f20d601 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap
@@ -4,7 +4,7 @@ exports[`generateLatestTransform(definition) should generate a valid latest tran
 Object {
   "defer_validation": true,
   "dest": Object {
-    "index": ".entities-observability.latest-v1.noop",
+    "index": ".entities-observability.latest-v1.admin-console-services",
     "pipeline": ".entities-observability.latest-v1.admin-console-services",
   },
   "frequency": "30s",
@@ -65,6 +65,23 @@ Object {
           },
         },
       },
+      "entity.metadata.host.os.name": Object {
+        "aggs": Object {
+          "data": Object {
+            "terms": Object {
+              "field": "host.os.name",
+              "size": 1000,
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "event.ingested": Object {
+              "gte": "now-1m",
+            },
+          },
+        },
+      },
       "entity.metadata.tags": Object {
         "aggs": Object {
           "data": Object {
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.test.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.test.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform_id.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform_id.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform_id.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.test.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.test.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.ts
similarity index 94%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.ts
index 425699aaef58d..d7781edc3a1c7 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.ts
@@ -10,12 +10,11 @@ import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/typ
 import {
   ENTITY_DEFAULT_LATEST_FREQUENCY,
   ENTITY_DEFAULT_LATEST_SYNC_DELAY,
-  ENTITY_LATEST_BASE_PREFIX,
 } from '../../../../common/constants_entities';
 import { generateLatestMetadataAggregations } from './generate_metadata_aggregations';
 import { generateLatestIngestPipelineId } from '../ingest_pipeline/generate_latest_ingest_pipeline_id';
 import { generateLatestTransformId } from './generate_latest_transform_id';
-import { generateHistoryIndexName } from '../helpers/generate_index_name';
+import { generateHistoryIndexName, generateLatestIndexName } from '../helpers/generate_index_name';
 import { generateLatestMetricAggregations } from './generate_metric_aggregations';
 
 export function generateLatestTransform(
@@ -28,7 +27,7 @@ export function generateLatestTransform(
       index: `${generateHistoryIndexName(definition)}.*`,
     },
     dest: {
-      index: `${ENTITY_LATEST_BASE_PREFIX}.noop`,
+      index: generateLatestIndexName(definition),
       pipeline: generateLatestIngestPipelineId(definition),
     },
     frequency: definition.latest?.settings?.frequency ?? ENTITY_DEFAULT_LATEST_FREQUENCY,
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform_id.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform_id.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform_id.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metadata_aggregations.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metadata_aggregations.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metadata_aggregations.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metadata_aggregations.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metric_aggregations.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metric_aggregations.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metric_aggregations.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metric_aggregations.ts
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/uninstall_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/uninstall_entity_definition.ts
new file mode 100644
index 0000000000000..2d5b4bee83a6d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/uninstall_entity_definition.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
+import { EntityDefinition } from '@kbn/entities-schema';
+import { Logger } from '@kbn/logging';
+import { deleteEntityDefinition } from './delete_entity_definition';
+import { deleteHistoryIngestPipeline, deleteLatestIngestPipeline } from './delete_ingest_pipeline';
+import { findEntityDefinitions } from './find_entity_definition';
+import {
+  stopAndDeleteHistoryTransform,
+  stopAndDeleteLatestTransform,
+} from './stop_and_delete_transform';
+
+export async function uninstallEntityDefinition({
+  definition,
+  esClient,
+  soClient,
+  logger,
+}: {
+  definition: EntityDefinition;
+  esClient: ElasticsearchClient;
+  soClient: SavedObjectsClientContract;
+  logger: Logger;
+}) {
+  await stopAndDeleteHistoryTransform(esClient, definition, logger);
+  await stopAndDeleteLatestTransform(esClient, definition, logger);
+  await deleteHistoryIngestPipeline(esClient, definition, logger);
+  await deleteLatestIngestPipeline(esClient, definition, logger);
+  await deleteEntityDefinition(soClient, definition, logger);
+}
+
+export async function uninstallBuiltInEntityDefinitions({
+  esClient,
+  soClient,
+  logger,
+}: {
+  esClient: ElasticsearchClient;
+  soClient: SavedObjectsClientContract;
+  logger: Logger;
+}): Promise<EntityDefinition[]> {
+  const definitions = await findEntityDefinitions({
+    soClient,
+    esClient,
+    builtIn: true,
+  });
+
+  await Promise.all(
+    definitions.map(async (definition) => {
+      await uninstallEntityDefinition({ definition, esClient, soClient, logger });
+    })
+  );
+
+  return definitions;
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/errors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/errors.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/errors.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/errors.ts
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts
new file mode 100644
index 0000000000000..f3591d82e0d25
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts
@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ClusterPutComponentTemplateRequest,
+  IndicesPutIndexTemplateRequest,
+} from '@elastic/elasticsearch/lib/api/types';
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+
+interface TemplateManagementOptions {
+  esClient: ElasticsearchClient;
+  template: IndicesPutIndexTemplateRequest;
+  logger: Logger;
+}
+
+interface ComponentManagementOptions {
+  esClient: ElasticsearchClient;
+  component: ClusterPutComponentTemplateRequest;
+  logger: Logger;
+}
+
+export async function upsertTemplate({ esClient, template, logger }: TemplateManagementOptions) {
+  try {
+    await esClient.indices.putIndexTemplate(template);
+  } catch (error: any) {
+    logger.error(`Error updating entity manager index template: ${error.message}`);
+    return;
+  }
+
+  logger.info(
+    `Entity manager index template is up to date (use debug logging to see what was installed)`
+  );
+  logger.debug(`Entity manager index template: ${JSON.stringify(template)}`);
+}
+
+export async function upsertComponent({ esClient, component, logger }: ComponentManagementOptions) {
+  try {
+    await esClient.cluster.putComponentTemplate(component);
+  } catch (error: any) {
+    logger.error(`Error updating entity manager component template: ${error.message}`);
+    return;
+  }
+
+  logger.info(
+    `Entity manager component template is up to date (use debug logging to see what was installed)`
+  );
+  logger.debug(`Entity manager component template: ${JSON.stringify(component)}`);
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/utils.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/utils.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/utils.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/utils.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validate_date_range.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validate_date_range.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validate_date_range.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validate_date_range.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validation_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validation_error.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validation_error.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validation_error.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/plugin.ts b/x-pack/plugins/observability_solution/entity_manager/server/plugin.ts
similarity index 52%
rename from x-pack/plugins/observability_solution/asset_manager/server/plugin.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/plugin.ts
index ed60497a1cf65..e71f5b36bb468 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/plugin.ts
@@ -14,88 +14,83 @@ import {
   PluginConfigDescriptor,
   Logger,
 } from '@kbn/core/server';
-
 import { upsertComponent, upsertTemplate } from './lib/manage_index_templates';
 import { setupRoutes } from './routes';
-import { assetsIndexTemplateConfig } from './templates/assets_template';
-import { AssetClient } from './lib/asset_client';
-import { AssetManagerPluginSetupDependencies, AssetManagerPluginStartDependencies } from './types';
-import { AssetManagerConfig, configSchema, exposeToBrowserConfig } from '../common/config';
+import {
+  EntityManagerPluginSetupDependencies,
+  EntityManagerPluginStartDependencies,
+  EntityManagerServerSetup,
+} from './types';
+import { EntityManagerConfig, configSchema, exposeToBrowserConfig } from '../common/config';
 import { entitiesBaseComponentTemplateConfig } from './templates/components/base';
 import { entitiesEventComponentTemplateConfig } from './templates/components/event';
 import { entitiesIndexTemplateConfig } from './templates/entities_template';
-import { entityDefinition } from './saved_objects';
+import { entityDefinition, EntityDiscoveryApiKeyType } from './saved_objects';
 import { entitiesEntityComponentTemplateConfig } from './templates/components/entity';
 
-export type AssetManagerServerPluginSetup = ReturnType<AssetManagerServerPlugin['setup']>;
-export type AssetManagerServerPluginStart = ReturnType<AssetManagerServerPlugin['start']>;
+export type EntityManagerServerPluginSetup = ReturnType<EntityManagerServerPlugin['setup']>;
+export type EntityManagerServerPluginStart = ReturnType<EntityManagerServerPlugin['start']>;
 
-export const config: PluginConfigDescriptor<AssetManagerConfig> = {
+export const config: PluginConfigDescriptor<EntityManagerConfig> = {
   schema: configSchema,
   exposeToBrowser: exposeToBrowserConfig,
 };
 
-export class AssetManagerServerPlugin
+export class EntityManagerServerPlugin
   implements
     Plugin<
-      AssetManagerServerPluginSetup,
-      AssetManagerServerPluginStart,
-      AssetManagerPluginSetupDependencies,
-      AssetManagerPluginStartDependencies
+      EntityManagerServerPluginSetup,
+      EntityManagerServerPluginStart,
+      EntityManagerPluginSetupDependencies,
+      EntityManagerPluginStartDependencies
     >
 {
-  public config: AssetManagerConfig;
+  public config: EntityManagerConfig;
   public logger: Logger;
+  public server?: EntityManagerServerSetup;
 
-  constructor(context: PluginInitializerContext<AssetManagerConfig>) {
+  constructor(context: PluginInitializerContext<EntityManagerConfig>) {
     this.config = context.config.get();
     this.logger = context.logger.get();
   }
 
-  public setup(core: CoreSetup, plugins: AssetManagerPluginSetupDependencies) {
-    // Check for config value and bail out if not "alpha-enabled"
-    if (!this.config.alphaEnabled) {
-      this.logger.info('Server is NOT enabled');
-      return;
-    }
-
-    this.logger.info('Server is enabled');
-
+  public setup(core: CoreSetup, plugins: EntityManagerPluginSetupDependencies) {
     core.savedObjects.registerType(entityDefinition);
-
-    const assetClient = new AssetClient({
-      sourceIndices: this.config.sourceIndices,
-      getApmIndices: plugins.apmDataAccess.getApmIndices,
-      metricsClient: plugins.metricsDataAccess.client,
+    core.savedObjects.registerType(EntityDiscoveryApiKeyType);
+    plugins.encryptedSavedObjects.registerType({
+      type: EntityDiscoveryApiKeyType.name,
+      attributesToEncrypt: new Set(['apiKey']),
+      attributesToIncludeInAAD: new Set(['id', 'name']),
     });
 
     const router = core.http.createRouter();
+
+    this.server = {
+      config: this.config,
+      logger: this.logger,
+    } as EntityManagerServerSetup;
+
     setupRoutes<RequestHandlerContext>({
       router,
-      assetClient,
       logger: this.logger,
       spaces: plugins.spaces,
+      server: this.server,
     });
 
-    return {
-      assetClient,
-    };
+    return {};
   }
 
-  public start(core: CoreStart) {
-    // Check for config value and bail out if not "alpha-enabled"
-    if (!this.config.alphaEnabled) {
-      return;
+  public start(core: CoreStart, plugins: EntityManagerPluginStartDependencies) {
+    if (this.server) {
+      this.server.core = core;
+      this.server.isServerless = core.elasticsearch.getCapabilities().serverless;
+      this.server.security = plugins.security;
+      this.server.encryptedSavedObjects = plugins.encryptedSavedObjects;
     }
 
     const esClient = core.elasticsearch.client.asInternalUser;
-    upsertTemplate({
-      esClient,
-      template: assetsIndexTemplateConfig,
-      logger: this.logger,
-    }).catch(() => {}); // it shouldn't reject, but just in case
 
-    // Install entities compoent templates and index template
+    // Install entities component templates and index template
     Promise.all([
       upsertComponent({
         esClient,
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts
new file mode 100644
index 0000000000000..97f621daf750d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RequestHandlerContext } from '@kbn/core/server';
+import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
+import { SetupRouteOptions } from '../types';
+import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import { ManagedEntityEnabledResponse } from '../../../common/types_api';
+import { checkIfEntityDiscoveryAPIKeyIsValid, readEntityDiscoveryAPIKey } from '../../lib/auth';
+import { ERROR_API_KEY_NOT_FOUND, ERROR_API_KEY_NOT_VALID } from '../../../common/errors';
+import { findEntityDefinitions } from '../../lib/entities/find_entity_definition';
+import { builtInDefinitions } from '../../lib/entities/built_in';
+
+export function checkEntityDiscoveryEnabledRoute<T extends RequestHandlerContext>({
+  router,
+  server,
+}: SetupRouteOptions<T>) {
+  router.get<unknown, unknown, ManagedEntityEnabledResponse>(
+    {
+      path: `${ENTITY_INTERNAL_API_PREFIX}/managed/enablement`,
+      validate: false,
+    },
+    async (context, req, res) => {
+      server.logger.debug('reading entity discovery API key from saved object');
+      const apiKey = await readEntityDiscoveryAPIKey(server);
+
+      if (apiKey === undefined) {
+        return res.ok({ body: { enabled: false, reason: ERROR_API_KEY_NOT_FOUND } });
+      }
+
+      server.logger.debug('validating existing entity discovery API key');
+      const isValid = await checkIfEntityDiscoveryAPIKeyIsValid(server, apiKey);
+
+      if (!isValid) {
+        return res.ok({ body: { enabled: false, reason: ERROR_API_KEY_NOT_VALID } });
+      }
+
+      const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
+      const soClient = server.core.savedObjects.getScopedClient(fakeRequest);
+      const esClient = server.core.elasticsearch.client.asScoped(fakeRequest).asCurrentUser;
+
+      const entityDiscoveryEnabled = await Promise.all(
+        builtInDefinitions.map(async (builtInDefinition) => {
+          const [definition] = await findEntityDefinitions({
+            esClient,
+            soClient,
+            id: builtInDefinition.id,
+          });
+
+          return definition && definition.state.installed && definition.state.running;
+        })
+      ).then((results) => results.every(Boolean));
+
+      return res.ok({ body: { enabled: entityDiscoveryEnabled } });
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts
new file mode 100644
index 0000000000000..e1312d0dff08f
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RequestHandlerContext } from '@kbn/core/server';
+import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
+import { SetupRouteOptions } from '../types';
+import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import {
+  checkIfEntityDiscoveryAPIKeyIsValid,
+  deleteEntityDiscoveryAPIKey,
+  readEntityDiscoveryAPIKey,
+} from '../../lib/auth';
+import { ERROR_API_KEY_NOT_FOUND, ERROR_API_KEY_NOT_VALID } from '../../../common/errors';
+import { uninstallBuiltInEntityDefinitions } from '../../lib/entities/uninstall_entity_definition';
+import { DisableManagedEntityResponse } from '../../../common/types_api';
+
+export function disableEntityDiscoveryRoute<T extends RequestHandlerContext>({
+  router,
+  server,
+  logger,
+}: SetupRouteOptions<T>) {
+  router.delete<unknown, unknown, DisableManagedEntityResponse>(
+    {
+      path: `${ENTITY_INTERNAL_API_PREFIX}/managed/enablement`,
+      validate: false,
+    },
+    async (context, req, res) => {
+      server.logger.debug('reading entity discovery API key from saved object');
+      const apiKey = await readEntityDiscoveryAPIKey(server);
+
+      if (apiKey === undefined) {
+        return res.ok({ body: { success: false, reason: ERROR_API_KEY_NOT_FOUND } });
+      }
+
+      server.logger.debug('validating existing entity discovery API key');
+      const isValid = await checkIfEntityDiscoveryAPIKeyIsValid(server, apiKey);
+
+      if (!isValid) {
+        return res.ok({ body: { success: false, reason: ERROR_API_KEY_NOT_VALID } });
+      }
+
+      const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
+      const soClient = server.core.savedObjects.getScopedClient(fakeRequest);
+      const esClient = server.core.elasticsearch.client.asScoped(fakeRequest).asCurrentUser;
+
+      await uninstallBuiltInEntityDefinitions({ soClient, esClient, logger });
+
+      await deleteEntityDiscoveryAPIKey((await context.core).savedObjects.client);
+      await server.security.authc.apiKeys.invalidateAsInternalUser({
+        ids: [apiKey.id],
+      });
+
+      return res.ok();
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts
new file mode 100644
index 0000000000000..82f682fc82a61
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts
@@ -0,0 +1,103 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RequestHandlerContext } from '@kbn/core/server';
+import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
+import { SetupRouteOptions } from '../types';
+import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import { EnableManagedEntityResponse } from '../../../common/types_api';
+import {
+  canEnableEntityDiscovery,
+  checkIfAPIKeysAreEnabled,
+  checkIfEntityDiscoveryAPIKeyIsValid,
+  deleteEntityDiscoveryAPIKey,
+  generateEntityDiscoveryAPIKey,
+  readEntityDiscoveryAPIKey,
+  saveEntityDiscoveryAPIKey,
+} from '../../lib/auth';
+import { builtInDefinitions } from '../../lib/entities/built_in';
+import { installBuiltInEntityDefinitions } from '../../lib/entities/install_entity_definition';
+import { EntityDiscoveryApiKeyType } from '../../saved_objects';
+import { ERROR_API_KEY_SERVICE_DISABLED, ERROR_USER_NOT_AUTHORIZED } from '../../../common/errors';
+
+export function enableEntityDiscoveryRoute<T extends RequestHandlerContext>({
+  router,
+  server,
+  logger,
+}: SetupRouteOptions<T>) {
+  router.put<unknown, unknown, EnableManagedEntityResponse>(
+    {
+      path: `${ENTITY_INTERNAL_API_PREFIX}/managed/enablement`,
+      validate: false,
+    },
+    async (context, req, res) => {
+      const apiKeysEnabled = await checkIfAPIKeysAreEnabled(server);
+      if (!apiKeysEnabled) {
+        return res.ok({
+          body: {
+            success: false,
+            reason: ERROR_API_KEY_SERVICE_DISABLED,
+            message:
+              'API key service is not enabled; try configuring `xpack.security.authc.api_key.enabled` in your elasticsearch config',
+          },
+        });
+      }
+
+      const esClient = (await context.core).elasticsearch.client.asCurrentUser;
+      const canEnable = await canEnableEntityDiscovery(esClient);
+      if (!canEnable) {
+        return res.ok({
+          body: {
+            success: false,
+            reason: ERROR_USER_NOT_AUTHORIZED,
+            message:
+              'Current Kibana user does not have the required permissions to enable entity discovery',
+          },
+        });
+      }
+
+      const soClient = (await context.core).savedObjects.getClient({
+        includedHiddenTypes: [EntityDiscoveryApiKeyType.name],
+      });
+
+      const existingApiKey = await readEntityDiscoveryAPIKey(server);
+
+      if (existingApiKey !== undefined) {
+        const isValid = await checkIfEntityDiscoveryAPIKeyIsValid(server, existingApiKey);
+
+        if (!isValid) {
+          await deleteEntityDiscoveryAPIKey(soClient);
+          await server.security.authc.apiKeys.invalidateAsInternalUser({
+            ids: [existingApiKey.id],
+          });
+        }
+      }
+
+      const apiKey = await generateEntityDiscoveryAPIKey(server, req);
+
+      if (apiKey === undefined) {
+        throw new Error('could not generate entity discovery API key');
+      }
+
+      await saveEntityDiscoveryAPIKey(soClient, apiKey);
+
+      const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
+      const scopedSoClient = server.core.savedObjects.getScopedClient(fakeRequest);
+      const scopedEsClient = server.core.elasticsearch.client.asScoped(fakeRequest).asCurrentUser;
+
+      await installBuiltInEntityDefinitions({
+        logger,
+        builtInDefinitions,
+        spaceId: 'default',
+        esClient: scopedEsClient,
+        soClient: scopedSoClient,
+      });
+
+      return res.ok({ body: { success: true } });
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts
new file mode 100644
index 0000000000000..40004aa85c415
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RequestHandlerContext } from '@kbn/core/server';
+import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
+import { stringifyZodError } from '@kbn/zod-helpers';
+import { SetupRouteOptions } from '../types';
+import { EntityIdConflict } from '../../lib/entities/errors/entity_id_conflict_error';
+import { EntitySecurityException } from '../../lib/entities/errors/entity_security_exception';
+import { InvalidTransformError } from '../../lib/entities/errors/invalid_transform_error';
+import { startTransform } from '../../lib/entities/start_transform';
+import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import { installEntityDefinition } from '../../lib/entities/install_entity_definition';
+
+export function createEntityDefinitionRoute<T extends RequestHandlerContext>({
+  router,
+  server,
+  spaces,
+}: SetupRouteOptions<T>) {
+  router.post<unknown, unknown, EntityDefinition>(
+    {
+      path: `${ENTITY_INTERNAL_API_PREFIX}/definition`,
+      validate: {
+        body: (body, res) => {
+          try {
+            return res.ok(entityDefinitionSchema.parse(body));
+          } catch (e) {
+            return res.badRequest(stringifyZodError(e));
+          }
+        },
+      },
+    },
+    async (context, req, res) => {
+      const { logger } = server;
+      const core = await context.core;
+      const soClient = core.savedObjects.client;
+      const esClient = core.elasticsearch.client.asCurrentUser;
+      const spaceId = spaces?.spacesService.getSpaceId(req) ?? 'default';
+      try {
+        const definition = await installEntityDefinition({
+          soClient,
+          esClient,
+          spaceId,
+          logger,
+          definition: req.body,
+        });
+
+        await startTransform(esClient, definition, logger);
+
+        return res.ok({ body: definition });
+      } catch (e) {
+        if (e instanceof EntityIdConflict) {
+          return res.conflict({ body: e });
+        }
+        if (e instanceof EntitySecurityException || e instanceof InvalidTransformError) {
+          return res.customError({ body: e, statusCode: 400 });
+        }
+        return res.customError({ body: e, statusCode: 500 });
+      }
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts
similarity index 72%
rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts
index 7c9044d24cd82..c18d688572891 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts
@@ -11,21 +11,13 @@ import { SetupRouteOptions } from '../types';
 import { EntitySecurityException } from '../../lib/entities/errors/entity_security_exception';
 import { InvalidTransformError } from '../../lib/entities/errors/invalid_transform_error';
 import { readEntityDefinition } from '../../lib/entities/read_entity_definition';
-import {
-  stopAndDeleteHistoryTransform,
-  stopAndDeleteLatestTransform,
-} from '../../lib/entities/stop_and_delete_transform';
-import {
-  deleteHistoryIngestPipeline,
-  deleteLatestIngestPipeline,
-} from '../../lib/entities/delete_ingest_pipeline';
-import { deleteEntityDefinition } from '../../lib/entities/delete_entity_definition';
 import { EntityDefinitionNotFound } from '../../lib/entities/errors/entity_not_found';
 import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import { uninstallEntityDefinition } from '../../lib/entities/uninstall_entity_definition';
 
 export function deleteEntityDefinitionRoute<T extends RequestHandlerContext>({
   router,
-  logger,
+  server,
 }: SetupRouteOptions<T>) {
   router.delete<{ id: string }, unknown, unknown>(
     {
@@ -38,15 +30,12 @@ export function deleteEntityDefinitionRoute<T extends RequestHandlerContext>({
     },
     async (context, req, res) => {
       try {
+        const { logger } = server;
         const soClient = (await context.core).savedObjects.client;
         const esClient = (await context.core).elasticsearch.client.asCurrentUser;
 
         const definition = await readEntityDefinition(soClient, req.params.id, logger);
-        await stopAndDeleteHistoryTransform(esClient, definition, logger);
-        await stopAndDeleteLatestTransform(esClient, definition, logger);
-        await deleteHistoryIngestPipeline(esClient, definition, logger);
-        await deleteLatestIngestPipeline(esClient, definition, logger);
-        await deleteEntityDefinition(soClient, definition, logger);
+        await uninstallEntityDefinition({ definition, soClient, esClient, logger });
 
         return res.ok({ body: { acknowledged: true } });
       } catch (e) {
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts
new file mode 100644
index 0000000000000..f299b40b8ead2
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RequestHandlerContext } from '@kbn/core/server';
+import { schema } from '@kbn/config-schema';
+import { SetupRouteOptions } from '../types';
+import { ENTITY_INTERNAL_API_PREFIX } from '../../../common/constants_entities';
+import { findEntityDefinitions } from '../../lib/entities/find_entity_definition';
+
+export function getEntityDefinitionRoute<T extends RequestHandlerContext>({
+  router,
+}: SetupRouteOptions<T>) {
+  router.get<unknown, { page?: number; perPage?: number }, unknown>(
+    {
+      path: `${ENTITY_INTERNAL_API_PREFIX}/definition`,
+      validate: {
+        query: schema.object({
+          page: schema.maybe(schema.number()),
+          perPage: schema.maybe(schema.number()),
+        }),
+      },
+    },
+    async (context, req, res) => {
+      try {
+        const esClient = (await context.core).elasticsearch.client.asCurrentUser;
+        const soClient = (await context.core).savedObjects.client;
+        const definitions = await findEntityDefinitions({
+          esClient,
+          soClient,
+          page: req.query.page ?? 1,
+          perPage: req.query.perPage ?? 10,
+        });
+        return res.ok({ body: definitions });
+      } catch (e) {
+        return res.customError({ body: e, statusCode: 500 });
+      }
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts
similarity index 63%
rename from x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts
index 759255b0eb5b1..1ee71ebd197df 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts
@@ -8,25 +8,21 @@
 import { RequestHandlerContext } from '@kbn/core/server';
 import { SetupRouteOptions } from './types';
 import { pingRoute } from './ping';
-import { sampleAssetsRoutes } from './sample_assets';
-import { assetsRoutes } from './assets';
-import { hostsRoutes } from './assets/hosts';
-import { servicesRoutes } from './assets/services';
-import { containersRoutes } from './assets/containers';
-import { podsRoutes } from './assets/pods';
 import { createEntityDefinitionRoute } from './entities/create';
 import { deleteEntityDefinitionRoute } from './entities/delete';
 import { resetEntityDefinitionRoute } from './entities/reset';
+import { getEntityDefinitionRoute } from './entities/get';
+import { checkEntityDiscoveryEnabledRoute } from './enablement/check';
+import { enableEntityDiscoveryRoute } from './enablement/enable';
+import { disableEntityDiscoveryRoute } from './enablement/disable';
 
 export function setupRoutes<T extends RequestHandlerContext>(dependencies: SetupRouteOptions<T>) {
   pingRoute<T>(dependencies);
-  sampleAssetsRoutes<T>(dependencies);
-  assetsRoutes<T>(dependencies);
-  hostsRoutes<T>(dependencies);
-  servicesRoutes<T>(dependencies);
-  containersRoutes<T>(dependencies);
-  podsRoutes<T>(dependencies);
   createEntityDefinitionRoute<T>(dependencies);
   deleteEntityDefinitionRoute<T>(dependencies);
   resetEntityDefinitionRoute<T>(dependencies);
+  getEntityDefinitionRoute<T>(dependencies);
+  checkEntityDiscoveryEnabledRoute<T>(dependencies);
+  enableEntityDiscoveryRoute<T>(dependencies);
+  disableEntityDiscoveryRoute<T>(dependencies);
 }
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts
similarity index 79%
rename from x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts
index 3d7a20b5fd476..c5f6f65a49a52 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts
@@ -6,18 +6,18 @@
  */
 
 import { RequestHandlerContextBase } from '@kbn/core-http-server';
-import { ASSET_MANAGER_API_BASE } from '../../common/constants_routes';
+import { ENTITY_API_PREFIX } from '../../common/constants_entities';
 import { SetupRouteOptions } from './types';
 
 export function pingRoute<T extends RequestHandlerContextBase>({ router }: SetupRouteOptions<T>) {
   router.get(
     {
-      path: `${ASSET_MANAGER_API_BASE}/ping`,
+      path: `${ENTITY_API_PREFIX}/ping`,
       validate: false,
     },
     async (_context, _req, res) => {
       return res.ok({
-        body: { message: 'Asset Manager OK' },
+        body: { message: 'Entity Manager OK' },
         headers: { 'content-type': 'application/json' },
       });
     }
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts
similarity index 86%
rename from x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts
index b184cba6f9866..e5c11777a57de 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts
@@ -8,11 +8,11 @@
 import { IRouter, RequestHandlerContextBase } from '@kbn/core-http-server';
 import { Logger } from '@kbn/core/server';
 import { SpacesPluginSetup } from '@kbn/spaces-plugin/server';
-import { AssetClient } from '../lib/asset_client';
+import { EntityManagerServerSetup } from '../types';
 
 export interface SetupRouteOptions<T extends RequestHandlerContextBase> {
   router: IRouter<T>;
-  assetClient: AssetClient;
+  server: EntityManagerServerSetup;
   logger: Logger;
   spaces?: SpacesPluginSetup;
 }
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_definition.ts
similarity index 87%
rename from x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_definition.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_definition.ts
index 392be5a0722be..5ddba63b7ad07 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_definition.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_definition.ts
@@ -27,13 +27,14 @@ export const entityDefinition: SavedObjectsType = {
       metadata: { type: 'object' },
       metrics: { type: 'object' },
       staticFields: { type: 'object' },
+      managed: { type: 'boolean' },
     },
   },
   management: {
     displayName: 'Entity Definition',
     importableAndExportable: false,
-    getTitle(sloSavedObject: SavedObject<EntityDefinition>) {
-      return `EntityDefinition: [${sloSavedObject.attributes.name}]`;
+    getTitle(savedObject: SavedObject<EntityDefinition>) {
+      return `EntityDefinition: [${savedObject.attributes.name}]`;
     },
   },
 };
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_discovery_api_key.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_discovery_api_key.ts
new file mode 100644
index 0000000000000..bed5a5ca73673
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_discovery_api_key.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SavedObjectsType } from '@kbn/core/server';
+
+const SO_ENTITY_DISCOVERY_API_KEY_TYPE = 'entity-discovery-api-key';
+
+export const EntityDiscoveryApiKeyType: SavedObjectsType = {
+  name: SO_ENTITY_DISCOVERY_API_KEY_TYPE,
+  hidden: false,
+  namespaceType: 'multiple-isolated',
+  mappings: {
+    dynamic: false,
+    properties: {
+      apiKey: { type: 'binary' },
+    },
+  },
+  management: {
+    importableAndExportable: false,
+    displayName: 'Entity discovery API key',
+  },
+};
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/index.ts
similarity index 82%
rename from x-pack/plugins/observability_solution/asset_manager/server/saved_objects/index.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/saved_objects/index.ts
index 6145b05438bb2..fd88e2e16e4a2 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/index.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/index.ts
@@ -6,3 +6,4 @@
  */
 
 export { entityDefinition, SO_ENTITY_DEFINITION_TYPE } from './entity_definition';
+export { EntityDiscoveryApiKeyType } from './entity_discovery_api_key';
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/base.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/base.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/base.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/base.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/entity.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/entity.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/entity.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/entity.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/event.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/event.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/event.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/event.ts
diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts
similarity index 83%
rename from x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts
rename to x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts
index f7d66a0b2a731..d728edcf01418 100644
--- a/x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts
+++ b/x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts
@@ -41,10 +41,8 @@ export const entitiesIndexTemplateConfig: IndicesPutIndexTemplateRequest = {
         {
           entity_metrics: {
             mapping: {
-              // @ts-expect-error this should work per: https://www.elastic.co/guide/en/elasticsearch/reference/current/dynamic-templates.html#match-mapping-type
               type: '{dynamic_type}',
             },
-            // @ts-expect-error this should work per: https://www.elastic.co/guide/en/elasticsearch/reference/current/dynamic-templates.html#match-mapping-type
             match_mapping_type: ['long', 'double'],
             path_match: 'entity.metrics.*',
           },
diff --git a/x-pack/plugins/observability_solution/entity_manager/server/types.ts b/x-pack/plugins/observability_solution/entity_manager/server/types.ts
new file mode 100644
index 0000000000000..505f44eccf3ff
--- /dev/null
+++ b/x-pack/plugins/observability_solution/entity_manager/server/types.ts
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreStart, ElasticsearchClient, Logger } from '@kbn/core/server';
+import { SecurityPluginStart } from '@kbn/security-plugin/server';
+import {
+  EncryptedSavedObjectsPluginSetup,
+  EncryptedSavedObjectsPluginStart,
+} from '@kbn/encrypted-saved-objects-plugin/server';
+import { SpacesPluginSetup } from '@kbn/spaces-plugin/server';
+import { EntityManagerConfig } from '../common/config';
+
+export interface EntityManagerServerSetup {
+  core: CoreStart;
+  config: EntityManagerConfig;
+  logger: Logger;
+  security: SecurityPluginStart;
+  encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
+  isServerless: boolean;
+}
+
+export interface ElasticsearchAccessorOptions {
+  elasticsearchClient: ElasticsearchClient;
+}
+
+export interface EntityManagerPluginSetupDependencies {
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup;
+  spaces?: SpacesPluginSetup;
+}
+
+export interface EntityManagerPluginStartDependencies {
+  security: SecurityPluginStart;
+  encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
+}
diff --git a/x-pack/plugins/observability_solution/asset_manager/tsconfig.json b/x-pack/plugins/observability_solution/entity_manager/tsconfig.json
similarity index 76%
rename from x-pack/plugins/observability_solution/asset_manager/tsconfig.json
rename to x-pack/plugins/observability_solution/entity_manager/tsconfig.json
index 82d7632a48b3a..176494e26e600 100644
--- a/x-pack/plugins/observability_solution/asset_manager/tsconfig.json
+++ b/x-pack/plugins/observability_solution/entity_manager/tsconfig.json
@@ -17,19 +17,17 @@
     "@kbn/config-schema",
     "@kbn/core-http-server",
     "@kbn/core-elasticsearch-client-server-mocks",
-    "@kbn/io-ts-utils",
-    "@kbn/core-http-request-handler-context-server",
     "@kbn/datemath",
-    "@kbn/apm-data-access-plugin",
-    "@kbn/core-http-browser-mocks",
     "@kbn/logging",
-    "@kbn/metrics-data-access-plugin",
     "@kbn/core-elasticsearch-server",
     "@kbn/core-saved-objects-api-server",
     "@kbn/core-saved-objects-api-server-mocks",
     "@kbn/entities-schema",
     "@kbn/es-query",
     "@kbn/zod-helpers",
-    "@kbn/spaces-plugin"
+    "@kbn/security-plugin",
+    "@kbn/encrypted-saved-objects-plugin",
+    "@kbn/spaces-plugin",
+    "@kbn/logging-mocks",
   ]
 }
diff --git a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
index ed06d786124f3..a0079568803b6 100644
--- a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
+++ b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
@@ -18,6 +18,8 @@ import {
 import { ViewMode } from '@kbn/embeddable-plugin/common';
 import { observabilityFeatureId } from '@kbn/observability-shared-plugin/public';
 import styled from 'styled-components';
+import { AnalyticsServiceSetup } from '@kbn/core-analytics-browser';
+import { useEBTTelemetry } from '../hooks/use_ebt_telemetry';
 import { AllSeries } from '../../../..';
 import { AppDataType, ReportViewType } from '../types';
 import { OperationTypeComponent } from '../series_editor/columns/operation_type_select';
@@ -61,6 +63,7 @@ export interface ExploratoryEmbeddableComponentProps extends ExploratoryEmbeddab
   lens: LensPublicStart;
   dataViewState: DataViewState;
   lensFormulaHelper?: FormulaPublicApi;
+  analytics?: AnalyticsServiceSetup;
 }
 
 // eslint-disable-next-line import/no-default-export
@@ -88,6 +91,7 @@ export default function Embeddable(props: ExploratoryEmbeddableComponentProps) {
     lineHeight = 32,
     searchSessionId,
     onLoad,
+    analytics,
   } = props;
   const LensComponent = lens?.EmbeddableComponent;
   const LensSaveModalComponent = lens?.SaveModalComponent;
@@ -103,6 +107,15 @@ export default function Embeddable(props: ExploratoryEmbeddableComponentProps) {
 
   const timeRange = customTimeRange ?? series?.time;
 
+  const { reportEvent } = useEBTTelemetry({
+    analytics,
+    queryName: series
+      ? `${series.dataType}_${series.name}`
+      : typeof title === 'string'
+      ? title
+      : 'Exp View embeddable query',
+  });
+
   const actions = useActions({
     withActions,
     attributes,
@@ -198,7 +211,10 @@ export default function Embeddable(props: ExploratoryEmbeddableComponentProps) {
         extraActions={actions}
         viewMode={ViewMode.VIEW}
         searchSessionId={searchSessionId}
-        onLoad={onLoad}
+        onLoad={(loading, inspectorAdapters) => {
+          reportEvent(inspectorAdapters);
+          onLoad?.(loading);
+        }}
       />
       {isSaveOpen && attributesJSON && (
         <LensSaveModalComponent
diff --git a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/index.tsx b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/index.tsx
index 8fe530c0b5bdf..f67c48bb4e0c2 100644
--- a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/index.tsx
+++ b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/index.tsx
@@ -8,7 +8,7 @@
 import React, { useCallback, useMemo, useState, useEffect } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner } from '@elastic/eui';
 import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
-import type { CoreStart } from '@kbn/core/public';
+import type { AnalyticsServiceSetup, CoreStart } from '@kbn/core/public';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import { EuiErrorBoundary } from '@elastic/eui';
 import styled from 'styled-components';
@@ -31,7 +31,8 @@ function ExploratoryViewEmbeddable(props: ExploratoryEmbeddableComponentProps) {
 }
 
 export function getExploratoryViewEmbeddable(
-  services: CoreStart & ExploratoryViewPublicPluginsStart
+  services: CoreStart & ExploratoryViewPublicPluginsStart,
+  analytics?: AnalyticsServiceSetup
 ) {
   const { lens, dataViews: dataViewsService, theme } = services;
 
@@ -141,6 +142,7 @@ export function getExploratoryViewEmbeddable(
                 lensFormulaHelper={lensHelper?.formula}
                 searchSessionId={services.data.search.session.getSessionId()}
                 onLoad={onLensLoaded}
+                analytics={analytics}
               />
             </Wrapper>
           </KibanaContextProvider>
diff --git a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/hooks/use_ebt_telemetry.ts b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/hooks/use_ebt_telemetry.ts
new file mode 100644
index 0000000000000..639b6332ab612
--- /dev/null
+++ b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/hooks/use_ebt_telemetry.ts
@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DefaultInspectorAdapters } from '@kbn/expressions-plugin/common';
+import { reportPerformanceMetricEvent } from '@kbn/ebt-tools';
+import { AnalyticsServiceSetup } from '@kbn/core-analytics-browser';
+
+export const useEBTTelemetry = ({
+  analytics,
+  queryName,
+}: {
+  analytics?: AnalyticsServiceSetup;
+  queryName?: string;
+}) => {
+  const reportEvent = (inspectorAdapters?: Partial<DefaultInspectorAdapters>) => {
+    if (inspectorAdapters) {
+      const { requests } = inspectorAdapters;
+      if (requests && analytics) {
+        const listReq = requests.getRequests();
+
+        if (listReq.length > 0) {
+          // find the highest query time, since a lens chart can contains more than on query, it doesn't make sense to
+          // report all of them , only the query with highest latency needs to be reported
+          const duration = listReq.reduce((acc, req) => {
+            const queryTime = Number(req.stats?.queryTime.value.split('ms')?.[0]);
+            return queryTime > acc ? queryTime : acc;
+          }, 0);
+
+          if (duration) {
+            reportPerformanceMetricEvent(analytics, {
+              eventName: 'exploratory_view_query_time',
+              duration,
+              meta:
+                (queryName && {
+                  queryName,
+                }) ||
+                undefined,
+            });
+          }
+        }
+      }
+    }
+  };
+
+  return {
+    reportEvent,
+  };
+};
diff --git a/x-pack/plugins/observability_solution/exploratory_view/public/plugin.ts b/x-pack/plugins/observability_solution/exploratory_view/public/plugin.ts
index 182884d42a51a..a1101e0fb4e4a 100644
--- a/x-pack/plugins/observability_solution/exploratory_view/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/exploratory_view/public/plugin.ts
@@ -9,6 +9,7 @@ import { i18n } from '@kbn/i18n';
 import { BehaviorSubject } from 'rxjs';
 import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
 import {
+  AnalyticsServiceSetup,
   AppMountParameters,
   AppUpdater,
   CoreSetup,
@@ -85,6 +86,8 @@ export class Plugin
 {
   private readonly appUpdater$ = new BehaviorSubject<AppUpdater>(() => ({}));
 
+  private analyticsService?: AnalyticsServiceSetup;
+
   constructor(private readonly initContext: PluginInitializerContext) {}
 
   public setup(
@@ -129,6 +132,8 @@ export class Plugin
       ],
     });
 
+    this.analyticsService = core.analytics;
+
     return {
       register: registerDataHandler,
     };
@@ -138,7 +143,10 @@ export class Plugin
     return {
       createExploratoryViewUrl,
       getAppDataView: getAppDataView(pluginsStart.dataViews),
-      ExploratoryViewEmbeddable: getExploratoryViewEmbeddable({ ...coreStart, ...pluginsStart }),
+      ExploratoryViewEmbeddable: getExploratoryViewEmbeddable(
+        { ...coreStart, ...pluginsStart },
+        this.analyticsService
+      ),
     };
   }
 }
diff --git a/x-pack/plugins/observability_solution/exploratory_view/tsconfig.json b/x-pack/plugins/observability_solution/exploratory_view/tsconfig.json
index 87002a070158a..3aca08a23f4ef 100644
--- a/x-pack/plugins/observability_solution/exploratory_view/tsconfig.json
+++ b/x-pack/plugins/observability_solution/exploratory_view/tsconfig.json
@@ -41,7 +41,10 @@
     "@kbn/observability-ai-assistant-plugin",
     "@kbn/shared-ux-link-redirect-app",
     "@kbn/react-kibana-context-render",
-    "@kbn/react-kibana-mount"
+    "@kbn/react-kibana-mount",
+    "@kbn/core-analytics-browser",
+    "@kbn/expressions-plugin",
+    "@kbn/ebt-tools"
   ],
   "exclude": ["target/**/*"]
 }
diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/__snapshots__/alert_details_app_section.test.tsx.snap b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/__snapshots__/alert_details_app_section.test.tsx.snap
index 72381f6e62d63..af8a5b3d8e0a9 100644
--- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/__snapshots__/alert_details_app_section.test.tsx.snap
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/__snapshots__/alert_details_app_section.test.tsx.snap
@@ -3,37 +3,61 @@
 exports[`AlertDetailsAppSection should render annotations 1`] = `
 Array [
   Object {
+    "additionalFilters": undefined,
     "annotations": Array [
-      <AlertAnnotation
-        alertStart={1678716383695}
-        color="#BD271E"
-        dateFormat="YYYY-MM-DD HH:mm"
-        id="alert_start_annotation"
-      />,
-      <AlertActiveTimeRangeAnnotation
-        alertStart={1678716383695}
-        color="#BD271E"
-        id="alert_time_range_annotation"
-      />,
+      Object {
+        "color": "#BD271E",
+        "icon": "alert",
+        "id": "metric_threshold_alert_start_annotation",
+        "key": Object {
+          "timestamp": "2023-03-28T13:40:00.000Z",
+          "type": "point_in_time",
+        },
+        "label": "Alert",
+        "type": "manual",
+      },
+      Object {
+        "color": "#F04E9833",
+        "id": "metric_threshold_active_alert_range_annotation",
+        "key": Object {
+          "endTimestamp": "2024-06-13T07:00:33.381Z",
+          "timestamp": "2023-03-28T13:40:00.000Z",
+          "type": "range",
+        },
+        "label": "Active alert",
+        "type": "manual",
+      },
     ],
-    "chartType": "line",
-    "expression": Object {
-      "aggType": "count",
+    "chartOptions": Object {
+      "seriesType": "bar_stacked",
+    },
+    "dataView": "index",
+    "groupBy": Array [
+      "host.hostname",
+    ],
+    "metricExpression": Object {
       "comparator": ">",
+      "metrics": Array [
+        Object {
+          "aggType": "count",
+          "field": "",
+          "name": "A",
+        },
+      ],
       "threshold": Array [
         2000,
       ],
       "timeSize": 15,
       "timeUnit": "m",
+      "warningComparator": undefined,
+      "warningThreshold": undefined,
+    },
+    "searchConfiguration": Object {
+      "query": Object {
+        "language": "",
+        "query": "",
+      },
     },
-    "filterQuery": undefined,
-    "groupBy": Array [
-      "host.hostname",
-    ],
-    "groupInstance": Array [
-      "host-1",
-    ],
-    "hideTitle": true,
     "timeRange": Object {
       "from": "2023-03-28T10:43:13.802Z",
       "to": "2023-03-29T13:14:09.581Z",
diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx
index eaf077684cf4d..5f8b99629eeb8 100644
--- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx
@@ -16,15 +16,35 @@ import {
   buildMetricThresholdRule,
 } from '../mocks/metric_threshold_rule';
 import { AlertDetailsAppSection } from './alert_details_app_section';
-import { ExpressionChart } from './expression_chart';
+import { RuleConditionChart } from '@kbn/observability-plugin/public';
+import { lensPluginMock } from '@kbn/lens-plugin/public/mocks';
 
 const mockedChartStartContract = chartPluginMock.createStartContract();
+const mockedLensStartContract = lensPluginMock.createStartContract();
+
+Date.now = jest.fn(() => new Date('2024-06-13T07:00:33.381Z').getTime());
+
+jest.mock('../../../containers/metrics_source', () => ({
+  useMetricsDataViewContext: () => ({
+    metricsView: { dataViewReference: 'index' },
+  }),
+  withSourceProvider:
+    <ComponentProps extends {}>(Component: React.FC<ComponentProps>) =>
+    () => {
+      return function ComponentWithSourceProvider(props: ComponentProps) {
+        return <div />;
+      };
+    },
+}));
 
 jest.mock('@kbn/observability-alert-details', () => ({
   AlertAnnotation: () => {},
   AlertActiveTimeRangeAnnotation: () => {},
 }));
-
+jest.mock('@kbn/observability-alert-details', () => ({
+  AlertAnnotation: () => {},
+  AlertActiveTimeRangeAnnotation: () => {},
+}));
 jest.mock('@kbn/observability-get-padded-alert-time-range-util', () => ({
   getPaddedAlertTimeRange: () => ({
     from: '2023-03-28T10:43:13.802Z',
@@ -32,8 +52,9 @@ jest.mock('@kbn/observability-get-padded-alert-time-range-util', () => ({
   }),
 }));
 
-jest.mock('./expression_chart', () => ({
-  ExpressionChart: jest.fn(() => <div data-test-subj="ExpressionChart" />),
+jest.mock('@kbn/observability-plugin/public', () => ({
+  RuleConditionChart: jest.fn(() => <div data-test-subj="RuleConditionChart" />),
+  getGroupFilters: jest.fn(),
 }));
 
 jest.mock('../../../hooks/use_kibana', () => ({
@@ -41,6 +62,7 @@ jest.mock('../../../hooks/use_kibana', () => ({
     services: {
       ...mockCoreMock.createStart(),
       charts: mockedChartStartContract,
+      lens: mockedLensStartContract,
     },
   }),
 }));
@@ -74,11 +96,11 @@ describe('AlertDetailsAppSection', () => {
   });
 
   it('should render annotations', async () => {
-    const mockedExpressionChart = jest.fn(() => <div data-test-subj="ExpressionChart" />);
-    (ExpressionChart as jest.Mock).mockImplementation(mockedExpressionChart);
+    const mockedRuleConditionChart = jest.fn(() => <div data-test-subj="RuleConditionChart" />);
+    (RuleConditionChart as jest.Mock).mockImplementation(mockedRuleConditionChart);
     renderComponent();
 
-    expect(mockedExpressionChart).toHaveBeenCalledTimes(3);
-    expect(mockedExpressionChart.mock.calls[0]).toMatchSnapshot();
+    expect(mockedRuleConditionChart).toHaveBeenCalledTimes(3);
+    expect(mockedRuleConditionChart.mock.calls[0]).toMatchSnapshot();
   });
 });
diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx
index bee0035f210c1..78d908d85ad8c 100644
--- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx
@@ -15,29 +15,32 @@ import {
   EuiPanel,
   EuiSpacer,
   EuiTitle,
+  transparentize,
   useEuiTheme,
 } from '@elastic/eui';
-import { AlertSummaryField, TopAlert } from '@kbn/observability-plugin/public';
+import chroma from 'chroma-js';
+
+import { AlertSummaryField, RuleConditionChart, TopAlert } from '@kbn/observability-plugin/public';
 import { ALERT_END, ALERT_START, ALERT_EVALUATION_VALUES, ALERT_GROUP } from '@kbn/rule-data-utils';
-import { Rule } from '@kbn/alerting-plugin/common';
-import { AlertAnnotation, AlertActiveTimeRangeAnnotation } from '@kbn/observability-alert-details';
+import { Rule, RuleTypeParams } from '@kbn/alerting-plugin/common';
 import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util';
+import type {
+  EventAnnotationConfig,
+  PointInTimeEventAnnotationConfig,
+  RangeEventAnnotationConfig,
+} from '@kbn/event-annotation-common';
+
+import { getGroupFilters } from '@kbn/observability-plugin/public';
+import type { GenericAggType } from '@kbn/observability-plugin/public';
 import { metricValueFormatter } from '../../../../common/alerting/metrics/metric_value_formatter';
 import { Threshold } from '../../common/components/threshold';
-import { withSourceProvider } from '../../../containers/metrics_source';
+import { useMetricsDataViewContext, withSourceProvider } from '../../../containers/metrics_source';
 import { generateUniqueKey } from '../lib/generate_unique_key';
-import { MetricsExplorerChartType } from '../../../pages/metrics/metrics_explorer/hooks/use_metrics_explorer_options';
 import { useKibanaContextForPlugin } from '../../../hooks/use_kibana';
-import { MetricThresholdRuleTypeParams } from '..';
-import { ExpressionChart } from './expression_chart';
+import { AlertParams } from '../types';
 
 // TODO Use a generic props for app sections https://github.com/elastic/kibana/issues/152690
-export type MetricThresholdRule = Rule<
-  MetricThresholdRuleTypeParams & {
-    filterQueryText?: string;
-    groupBy?: string | string[];
-  }
->;
+export type MetricThresholdRule = Rule<RuleTypeParams & AlertParams>;
 
 interface Group {
   field: string;
@@ -51,41 +54,49 @@ interface MetricThresholdAlertField {
 
 export type MetricThresholdAlert = TopAlert<MetricThresholdAlertField>;
 
-const DEFAULT_DATE_FORMAT = 'YYYY-MM-DD HH:mm';
-const ALERT_START_ANNOTATION_ID = 'alert_start_annotation';
-const ALERT_TIME_RANGE_ANNOTATION_ID = 'alert_time_range_annotation';
-
 interface AppSectionProps {
   alert: MetricThresholdAlert;
   rule: MetricThresholdRule;
   setAlertSummaryFields: React.Dispatch<React.SetStateAction<AlertSummaryField[] | undefined>>;
 }
 
-export function AlertDetailsAppSection({ alert, rule }: AppSectionProps) {
-  const { uiSettings, charts } = useKibanaContextForPlugin().services;
+export function AlertDetailsAppSection({ alert, rule, setAlertSummaryFields }: AppSectionProps) {
+  const { charts } = useKibanaContextForPlugin().services;
   const { euiTheme } = useEuiTheme();
-  const groupInstance = alert.fields[ALERT_GROUP]?.map((group: Group) => group.value);
-
+  const groups = alert.fields[ALERT_GROUP];
+  const { metricsView } = useMetricsDataViewContext();
   const chartProps = {
     baseTheme: charts.theme.useChartsBaseTheme(),
   };
-  const alertEnd = alert.fields[ALERT_END] ? moment(alert.fields[ALERT_END]).valueOf() : undefined;
-  const annotations = [
-    <AlertAnnotation
-      alertStart={alert.start}
-      color={euiTheme.colors.danger}
-      dateFormat={uiSettings.get('dateFormat') || DEFAULT_DATE_FORMAT}
-      id={ALERT_START_ANNOTATION_ID}
-      key={ALERT_START_ANNOTATION_ID}
-    />,
-    <AlertActiveTimeRangeAnnotation
-      alertStart={alert.start}
-      alertEnd={alertEnd}
-      color={euiTheme.colors.danger}
-      id={ALERT_TIME_RANGE_ANNOTATION_ID}
-      key={ALERT_TIME_RANGE_ANNOTATION_ID}
-    />,
-  ];
+  const alertEnd = alert.fields[ALERT_END];
+  const alertStart = alert.fields[ALERT_START];
+
+  const alertStartAnnotation: PointInTimeEventAnnotationConfig = {
+    label: 'Alert',
+    type: 'manual',
+    key: {
+      type: 'point_in_time',
+      timestamp: alertStart!,
+    },
+    color: euiTheme.colors.danger,
+    icon: 'alert',
+    id: 'metric_threshold_alert_start_annotation',
+  };
+
+  const alertRangeAnnotation: RangeEventAnnotationConfig = {
+    label: `${alertEnd ? 'Alert duration' : 'Active alert'}`,
+    type: 'manual',
+    key: {
+      type: 'range',
+      timestamp: alertStart!,
+      endTimestamp: alertEnd ?? moment().toISOString(),
+    },
+    color: chroma(transparentize('#F04E981A', 0.2)).hex().toUpperCase(),
+    id: `metric_threshold_${alertEnd ? 'recovered' : 'active'}_alert_range_annotation`,
+  };
+
+  const annotations: EventAnnotationConfig[] = [];
+  annotations.push(alertStartAnnotation, alertRangeAnnotation);
 
   return !!rule.params.criteria ? (
     <EuiFlexGroup direction="column" data-test-subj="metricThresholdAppSection">
@@ -94,10 +105,25 @@ export function AlertDetailsAppSection({ alert, rule }: AppSectionProps) {
           alert.fields[ALERT_START]!,
           alert.fields[ALERT_END],
           {
-            size: criterion.timeSize,
-            unit: criterion.timeUnit,
+            size: criterion.timeSize!,
+            unit: criterion.timeUnit!,
           }
         );
+        let metricExpression = [
+          {
+            aggType: criterion.aggType as GenericAggType,
+            name: String.fromCharCode('A'.charCodeAt(0) + index),
+            field: criterion.metric || '',
+          },
+        ];
+        if (criterion.customMetrics) {
+          metricExpression = criterion.customMetrics.map((metric) => ({
+            name: metric.name,
+            aggType: metric.aggType as GenericAggType,
+            field: metric.field || '',
+            filter: metric.filter,
+          }));
+        }
         return (
           <EuiFlexItem key={generateUniqueKey(criterion)}>
             <EuiPanel hasBorder hasShadow={false}>
@@ -135,16 +161,30 @@ export function AlertDetailsAppSection({ alert, rule }: AppSectionProps) {
                   />
                 </EuiFlexItem>
                 <EuiFlexItem grow={5}>
-                  <ExpressionChart
-                    annotations={annotations}
-                    chartType={MetricsExplorerChartType.line}
-                    expression={criterion}
-                    filterQuery={rule.params.filterQueryText}
-                    groupBy={rule.params.groupBy}
-                    groupInstance={groupInstance}
-                    hideTitle
-                    timeRange={timeRange}
-                  />
+                  {metricsView && (
+                    <RuleConditionChart
+                      additionalFilters={getGroupFilters(groups)}
+                      metricExpression={{
+                        metrics: metricExpression,
+                        threshold: criterion.threshold,
+                        comparator: criterion.comparator,
+                        timeSize: criterion.timeSize,
+                        timeUnit: criterion.timeUnit,
+                        warningComparator: criterion.warningComparator,
+                        warningThreshold: criterion.warningThreshold,
+                      }}
+                      chartOptions={{
+                        // For alert details page, the series type needs to be changed to 'bar_stacked'
+                        // due to https://github.com/elastic/elastic-charts/issues/2323
+                        seriesType: 'bar_stacked',
+                      }}
+                      searchConfiguration={{ query: { query: '', language: '' } }}
+                      timeRange={timeRange}
+                      dataView={metricsView.dataViewReference}
+                      groupBy={rule.params.groupBy}
+                      annotations={annotations}
+                    />
+                  )}
                 </EuiFlexItem>
               </EuiFlexGroup>
             </EuiPanel>
diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/expression.tsx b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/expression.tsx
index 191c6ed8cd847..9eaf5e2bd7b45 100644
--- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/expression.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/expression.tsx
@@ -28,6 +28,7 @@ import {
 } from '@kbn/triggers-actions-ui-plugin/public';
 import { TimeUnitChar } from '@kbn/observability-plugin/common/utils/formatters/duration';
 import { COMPARATORS } from '@kbn/alerting-comparators';
+import { GenericAggType, RuleConditionChart } from '@kbn/observability-plugin/public';
 import { Aggregators, QUERY_INVALID } from '../../../../common/alerting/metrics';
 import {
   useMetricsDataViewContext,
@@ -40,7 +41,6 @@ import { MetricsExplorerKueryBar } from '../../../pages/metrics/metrics_explorer
 import { MetricsExplorerOptions } from '../../../pages/metrics/metrics_explorer/hooks/use_metrics_explorer_options';
 import { convertKueryToElasticSearchQuery } from '../../../utils/kuery';
 import { AlertContextMeta, AlertParams, MetricExpression } from '../types';
-import { ExpressionChart } from './expression_chart';
 import { ExpressionRow } from './expression_row';
 const FILTER_TYPING_DEBOUNCE_MS = 500;
 
@@ -69,7 +69,6 @@ export const Expressions: React.FC<Props> = (props) => {
   const { docLinks } = useKibanaContextForPlugin().services;
   const { source } = useSourceContext();
   const { metricsView } = useMetricsDataViewContext();
-
   const [timeSize, setTimeSize] = useState<number | undefined>(1);
   const [timeUnit, setTimeUnit] = useState<TimeUnitChar | undefined>('m');
 
@@ -304,8 +303,24 @@ export const Expressions: React.FC<Props> = (props) => {
         </h4>
       </EuiText>
       <EuiSpacer size="xs" />
-      {ruleParams.criteria &&
+      {metricsView &&
         ruleParams.criteria.map((e, idx) => {
+          let metricExpression = [
+            {
+              aggType: e.aggType as GenericAggType,
+              // RuleConditionChart uses A,B,C etc in its parser to identify multiple conditions
+              name: String.fromCharCode('A'.charCodeAt(0) + idx),
+              field: e.metric || '',
+            },
+          ];
+          if (e.customMetrics) {
+            metricExpression = e.customMetrics.map((metric) => ({
+              name: metric.name,
+              aggType: metric.aggType as GenericAggType,
+              field: metric.field || '',
+              filter: metric.filter,
+            }));
+          }
           return (
             <ExpressionRow
               canDelete={(ruleParams.criteria && ruleParams.criteria.length > 1) || false}
@@ -317,9 +332,26 @@ export const Expressions: React.FC<Props> = (props) => {
               errors={(errors[idx] as IErrorObject) || emptyError}
               expression={e || {}}
             >
-              <ExpressionChart
-                expression={e}
-                filterQuery={ruleParams.filterQueryText}
+              <RuleConditionChart
+                metricExpression={{
+                  metrics: metricExpression,
+                  threshold: e.threshold,
+                  comparator: e.comparator,
+                  timeSize,
+                  timeUnit,
+                  warningComparator: e.warningComparator,
+                  warningThreshold: e.warningThreshold,
+                }}
+                searchConfiguration={{
+                  index: metricsView.dataViewReference.id,
+                  query: {
+                    query: ruleParams.filterQueryText || '',
+                    language: 'kuery',
+                  },
+                }}
+                timeRange={{ from: `now-${(timeSize ?? 1) * 20}${timeUnit}`, to: 'now' }}
+                error={(errors[idx] as IErrorObject) || emptyError}
+                dataView={metricsView.dataViewReference}
                 groupBy={ruleParams.groupBy}
               />
             </ExpressionRow>
diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/mocks/metric_threshold_rule.ts b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/mocks/metric_threshold_rule.ts
index 0ef6478ff12d7..f7ec9022b4cad 100644
--- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/mocks/metric_threshold_rule.ts
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/mocks/metric_threshold_rule.ts
@@ -87,6 +87,7 @@ export const buildMetricThresholdRule = (
       filterQuery:
         '{"bool":{"filter":[{"bool":{"should":[{"term":{"host.hostname":{"value":"Users-System.local"}}}],"minimum_should_match":1}},{"bool":{"should":[{"term":{"service.type":{"value":"system"}}}],"minimum_should_match":1}}]}}',
       groupBy: ['host.hostname'],
+      sourceId: 'sourceId',
     },
     monitoring: {
       run: {
diff --git a/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx b/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx
index 64bc20134a446..9e6d74c5f4cbd 100644
--- a/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx
@@ -12,6 +12,7 @@ import ReactDOM from 'react-dom';
 import { Router, Routes, Route } from '@kbn/shared-ux-router';
 import { AppMountParameters } from '@kbn/core/public';
 import { Storage } from '@kbn/kibana-utils-plugin/public';
+import { AllDatasetsLocatorParams, ALL_DATASETS_LOCATOR_ID } from '@kbn/deeplinks-observability';
 import { LinkToLogsPage } from '../pages/link_to/link_to_logs';
 import { LogsPage } from '../pages/logs';
 import { InfraClientStartDeps, InfraClientStartExports } from '../types';
@@ -73,6 +74,15 @@ const LogsApp: React.FC<{
             toastsService={core.notifications.toasts}
           >
             <Routes>
+              <Route
+                path="/"
+                exact
+                render={() =>
+                  plugins.share.url.locators
+                    .get<AllDatasetsLocatorParams>(ALL_DATASETS_LOCATOR_ID)
+                    ?.navigate({})
+                }
+              />
               <Route path="/link-to" component={LinkToLogsPage} />
               {uiCapabilities?.logs?.show && <Route path="/" component={LogsPage} />}
             </Routes>
diff --git a/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx
new file mode 100644
index 0000000000000..71ae9698ea3b9
--- /dev/null
+++ b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx
@@ -0,0 +1,76 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiCallOut } from '@elastic/eui';
+import React from 'react';
+import { i18n } from '@kbn/i18n';
+import { EuiButton } from '@elastic/eui';
+import { AllDatasetsLocatorParams, ALL_DATASETS_LOCATOR_ID } from '@kbn/deeplinks-observability';
+import { getRouterLinkProps } from '@kbn/router-utils';
+import useLocalStorage from 'react-use/lib/useLocalStorage';
+
+import { euiThemeVars } from '@kbn/ui-theme';
+import { css } from '@emotion/css';
+import { SharePublicStart } from '@kbn/share-plugin/public/plugin';
+import { useKibanaContextForPlugin } from '../hooks/use_kibana';
+
+const DISMISSAL_STORAGE_KEY = 'log_stream_deprecation_callout_dismissed';
+
+export const LogsDeprecationCallout = () => {
+  const {
+    services: { share },
+  } = useKibanaContextForPlugin();
+
+  const [isDismissed, setDismissed] = useLocalStorage(DISMISSAL_STORAGE_KEY, false);
+
+  if (isDismissed) {
+    return null;
+  }
+
+  return (
+    <EuiCallOut
+      title={i18n.translate('xpack.infra.logsDeprecationCallout.euiCallOut.discoverANewLogLabel', {
+        defaultMessage: "There's a new, better way to explore your logs!",
+      })}
+      color="warning"
+      iconType="iInCircle"
+      heading="h2"
+      onDismiss={() => setDismissed(true)}
+      className={calloutStyle}
+    >
+      <p>
+        {i18n.translate('xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel', {
+          defaultMessage:
+            'The new Logs Explorer makes viewing and inspecting your logs easier with more features, better performance, and more intuitive navigation. We recommend switching to Logs Explorer, as it will replace Logs Stream in a future version.',
+        })}
+      </p>
+      <EuiButton
+        fill
+        data-test-subj="infraLogsDeprecationCalloutTryLogsExplorerButton"
+        color="warning"
+        {...getLogsExplorerLinkProps(share)}
+      >
+        {i18n.translate('xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel', {
+          defaultMessage: 'Try Logs Explorer',
+        })}
+      </EuiButton>
+    </EuiCallOut>
+  );
+};
+
+const getLogsExplorerLinkProps = (share: SharePublicStart) => {
+  const locator = share.url.locators.get<AllDatasetsLocatorParams>(ALL_DATASETS_LOCATOR_ID)!;
+
+  return getRouterLinkProps({
+    href: locator.getRedirectUrl({}),
+    onClick: () => locator.navigate({}),
+  });
+};
+
+const calloutStyle = css`
+  margin-bottom: ${euiThemeVars.euiSizeL};
+`;
diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx
index 53ffdb4236b23..d64b4866a4671 100644
--- a/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx
@@ -107,7 +107,6 @@ export const LogsPageContent: React.FunctionComponent = () => {
         )}
         <RedirectWithQueryParams from={'/analysis'} to={anomaliesTab.pathname} exact />
         <RedirectWithQueryParams from={'/log-rate'} to={anomaliesTab.pathname} exact />
-        <RedirectWithQueryParams from={'/'} to={streamTab.pathname} exact />
         <Route
           render={() => (
             <NotFoundPage
diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/stream/page_logs_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/stream/page_logs_content.tsx
index 9841553ce9860..7184b0c9ecf37 100644
--- a/x-pack/plugins/observability_solution/infra/public/pages/logs/stream/page_logs_content.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/stream/page_logs_content.tsx
@@ -24,6 +24,7 @@ import { useSelector } from '@xstate/react';
 import stringify from 'json-stable-stringify';
 import React, { useCallback, useEffect, useMemo } from 'react';
 import usePrevious from 'react-use/lib/usePrevious';
+import { LogsDeprecationCallout } from '../../../components/logs_deprecation_callout';
 import { TimeKey } from '../../../../common/time';
 import { AutoSizer } from '../../../components/auto_sizer';
 import { LogMinimap } from '../../../components/logging/log_minimap';
@@ -228,6 +229,7 @@ export const StreamPageLogsContent = React.memo<{
 
   return (
     <>
+      <LogsDeprecationCallout />
       <WithLogTextviewUrlState />
       <WithFlyoutOptionsUrlState />
       <LogsToolbar />
diff --git a/x-pack/plugins/observability_solution/infra/public/plugin.ts b/x-pack/plugins/observability_solution/infra/public/plugin.ts
index 20f819b7eb34d..f323d7adb6297 100644
--- a/x-pack/plugins/observability_solution/infra/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/infra/public/plugin.ts
@@ -21,7 +21,8 @@ import { BehaviorSubject, combineLatest, from } from 'rxjs';
 import { map } from 'rxjs';
 import type { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import { apiCanAddNewPanel } from '@kbn/presentation-containers';
-import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public';
+import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
+import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public';
 import type { InfraPublicConfig } from '../common/plugin_config_types';
 import { createInventoryMetricRuleType } from './alerting/inventory';
 import { createLogThresholdRuleType } from './alerting/log_threshold';
@@ -400,6 +401,8 @@ export class Plugin implements InfraClientPluginClass {
 
     plugins.uiActions.registerAction<EmbeddableApiContext>({
       id: ADD_LOG_STREAM_ACTION_ID,
+      grouping: [COMMON_EMBEDDABLE_GROUPING.legacy],
+      order: 30,
       getDisplayName: () =>
         i18n.translate('xpack.infra.logStreamEmbeddable.displayName', {
           defaultMessage: 'Log stream',
@@ -427,7 +430,7 @@ export class Plugin implements InfraClientPluginClass {
         );
       },
     });
-    plugins.uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_LOG_STREAM_ACTION_ID);
+    plugins.uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_LOG_STREAM_ACTION_ID);
 
     const startContract: InfraClientStartExports = {
       inventoryViews,
diff --git a/x-pack/plugins/observability_solution/infra/public/register_feature.ts b/x-pack/plugins/observability_solution/infra/public/register_feature.ts
index 968dc72f217e6..9615a2545d542 100644
--- a/x-pack/plugins/observability_solution/infra/public/register_feature.ts
+++ b/x-pack/plugins/observability_solution/infra/public/register_feature.ts
@@ -25,7 +25,7 @@ export const registerFeatures = (homePlugin: HomePublicPluginSetup) => {
   });
 
   homePlugin.featureCatalogue.register({
-    id: 'logs',
+    id: 'observability-logs-explorer',
     title: i18n.translate('xpack.infra.registerFeatures.logsTitle', {
       defaultMessage: 'Logs',
     }),
@@ -34,7 +34,7 @@ export const registerFeatures = (homePlugin: HomePublicPluginSetup) => {
         'Stream logs in real time or scroll through historical views in a console-like experience.',
     }),
     icon: 'logsApp',
-    path: `/app/logs`,
+    path: `/app/observability-logs-explorer`,
     showOnHomePage: false,
     category: 'data',
   });
diff --git a/x-pack/plugins/observability_solution/infra/server/lib/host_details/process_list_chart.ts b/x-pack/plugins/observability_solution/infra/server/lib/host_details/process_list_chart.ts
index befe8fc017ad4..95b51d07072c3 100644
--- a/x-pack/plugins/observability_solution/infra/server/lib/host_details/process_list_chart.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/host_details/process_list_chart.ts
@@ -19,6 +19,8 @@ export const getProcessListChart = async (
   search: ESSearchClient,
   { hostTerm, indexPattern, to, command }: ProcessListAPIChartRequest
 ) => {
+  const from = to - 60 * 15 * 1000; // 15 minutes
+
   const body = {
     size: 0,
     query: {
@@ -27,7 +29,7 @@ export const getProcessListChart = async (
           {
             range: {
               [TIMESTAMP_FIELD]: {
-                gte: to - 60 * 1000, // 1 minute
+                gte: from,
                 lte: to,
                 format: 'epoch_millis',
               },
@@ -64,7 +66,7 @@ export const getProcessListChart = async (
                   field: TIMESTAMP_FIELD,
                   fixed_interval: '1m',
                   extended_bounds: {
-                    min: to - 60 * 15 * 1000, // 15 minutes,
+                    min: from,
                     max: to,
                   },
                 },
diff --git a/x-pack/plugins/observability_solution/infra/tsconfig.json b/x-pack/plugins/observability_solution/infra/tsconfig.json
index d1d1f0542da0a..f23c9f7b30c34 100644
--- a/x-pack/plugins/observability_solution/infra/tsconfig.json
+++ b/x-pack/plugins/observability_solution/infra/tsconfig.json
@@ -63,7 +63,6 @@
     "@kbn/shared-ux-router",
     "@kbn/shared-ux-link-redirect-app",
     "@kbn/discover-plugin",
-    "@kbn/observability-alert-details",
     "@kbn/observability-shared-plugin",
     "@kbn/observability-ai-assistant-plugin",
     "@kbn/ui-theme",
@@ -105,7 +104,8 @@
     "@kbn/react-kibana-context-theme",
     "@kbn/presentation-publishing",
     "@kbn/presentation-containers",
-    "@kbn/deeplinks-observability"
+    "@kbn/deeplinks-observability",
+    "@kbn/event-annotation-common"
   ],
   "exclude": [
     "target/**/*"
diff --git a/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc b/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc
index 54c4dbe5d8684..b19d2ad0b4e07 100644
--- a/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc
@@ -12,21 +12,16 @@
       "logsExplorer"
     ],
     "requiredPlugins": [
-      "controls",
       "data",
       "dataViews",
       "discover",
-      "embeddable",
       "fieldFormats",
-      "fleet",
-      "kibanaReact",
-      "kibanaUtils",
       "navigation",
       "share",
       "unifiedSearch",
     ],
     "optionalPlugins": [],
-    "requiredBundles": [],
+    "requiredBundles": ["controls","embeddable","fleet", "kibanaReact", "kibanaUtils"],
     "extraPublicDirs": [
       "common",
     ]
diff --git a/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx b/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx
index 6ffd91e5c9e2f..6b3cf49c0e63c 100644
--- a/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx
+++ b/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx
@@ -46,6 +46,10 @@ const ControlGroupContainer = euiStyled.div`
   display: none;
 }
 
+[data-test-subj='controls-group-wrapper'] {
+  min-height: 32px;
+}
+
 [data-test-subj='optionsListControl__sortingOptionsButton'] {
   display: none;
 }
diff --git a/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts b/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
index e4eed9b61d349..a6ce92ad25126 100644
--- a/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
+++ b/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
@@ -225,7 +225,7 @@ function mapHitsToLogEntryDocuments(hits: SortedSearchHit[], fields: string[]):
     );
 
     return {
-      id: hit._id,
+      id: hit._id!,
       index: hit._index,
       cursor: { time: hit.sort[0], tiebreaker: hit.sort[1] },
       fields: logFields,
diff --git a/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts b/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts
index 67437421e4bad..e993c919c3368 100644
--- a/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts
+++ b/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts
@@ -7,7 +7,7 @@
 
 import { Filter } from '@kbn/es-query';
 import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import { Group } from '../../typings';
+import type { Group } from '../../typings';
 
 /*
  * groupFieldName
diff --git a/x-pack/plugins/observability_solution/observability/common/index.ts b/x-pack/plugins/observability_solution/observability/common/index.ts
index eb8049f2182e2..c8247e0d55dc0 100644
--- a/x-pack/plugins/observability_solution/observability/common/index.ts
+++ b/x-pack/plugins/observability_solution/observability/common/index.ts
@@ -38,6 +38,7 @@ export {
   enableAwsLambdaMetrics,
   enableAgentExplorerView,
   apmEnableTableSearchBar,
+  apmEnableMultiSignal,
   apmAWSLambdaPriceFactor,
   apmAWSLambdaRequestCostPerMillion,
   apmEnableServiceMetrics,
diff --git a/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx b/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx
index 5b01eb93b788b..c1148cb7d38df 100644
--- a/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx
@@ -74,14 +74,13 @@ describe('renderApp', () => {
     theme$: themeServiceMock.createTheme$(),
   } as unknown as AppMountParameters;
 
-  const config = {
+  const config: ConfigSchema = {
     unsafe: {
       alertDetails: {
-        metrics: { enabled: false },
         uptime: { enabled: false },
       },
     },
-  } as ConfigSchema;
+  };
 
   it('renders', async () => {
     expect(() => {
diff --git a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/containers/use_alert_search_bar_state_container.tsx b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/containers/use_alert_search_bar_state_container.tsx
index 46709a242669f..5237ab1f17c2a 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/containers/use_alert_search_bar_state_container.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/containers/use_alert_search_bar_state_container.tsx
@@ -123,16 +123,15 @@ function useUrlStateSyncEffect(
       replace
     );
 
-    start();
-
-    syncUrlStateWithInitialContainerState(
+    initializeUrlAndStateContainer(
       timefilterService,
       stateContainer,
       urlStateStorage,
-      urlStorageKey,
-      replace
+      urlStorageKey
     );
 
+    start();
+
     return stop;
   }, [stateContainer, history, timefilterService, urlStorageKey, replace]);
 }
@@ -162,43 +161,33 @@ function setupUrlStateSync(
   });
 }
 
-function syncUrlStateWithInitialContainerState(
+function initializeUrlAndStateContainer(
   timefilterService: TimefilterContract,
   stateContainer: AlertSearchBarStateContainer,
   urlStateStorage: IKbnUrlStateStorage,
-  urlStorageKey: string,
-  replace: boolean = true
+  urlStorageKey: string
 ) {
   const urlState = alertSearchBarState.decode(
     urlStateStorage.get<Partial<AlertSearchBarContainerState>>(urlStorageKey)
   );
+  const validUrlState = isRight(urlState) ? pipe(urlState).right : {};
+  const timeFilterTime = timefilterService.getTime();
+  const timeFilterState = timefilterService.isTimeTouched()
+    ? {
+        rangeFrom: timeFilterTime.from,
+        rangeTo: timeFilterTime.to,
+      }
+    : {};
 
-  if (isRight(urlState)) {
-    const newState = {
-      ...defaultState,
-      ...pipe(urlState).right,
-    };
+  const currentState = {
+    ...defaultState,
+    ...timeFilterState,
+    ...validUrlState,
+  };
 
-    stateContainer.set(newState);
-    urlStateStorage.set(urlStorageKey, stateContainer.get(), {
-      replace: true,
-    });
-    return;
-  } else if (timefilterService.isTimeTouched()) {
-    const { from, to } = timefilterService.getTime();
-    const newState = {
-      ...defaultState,
-      rangeFrom: from,
-      rangeTo: to,
-    };
-    stateContainer.set(newState);
-  } else {
-    // Reset the state container when no URL state or timefilter range is set to avoid accidentally
-    // re-using state set on a previous visit to the page in the same session
-    stateContainer.set(defaultState);
-  }
-
-  urlStateStorage.set(urlStorageKey, stateContainer.get(), {
-    replace,
+  stateContainer.set(currentState);
+  urlStateStorage.set(urlStorageKey, currentState, {
+    replace: true,
   });
+  urlStateStorage.kbnUrlControls.flush();
 }
diff --git a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx
index 3cd1c1e88c353..433765c27adb2 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx
@@ -7,7 +7,7 @@
 
 import React, { lazy, Suspense } from 'react';
 import { EuiLoadingSpinner } from '@elastic/eui';
-import { ObservabilityAlertSearchBarProps } from './types';
+import type { ObservabilityAlertSearchBarProps } from './types';
 
 const ObservabilityAlertSearchBarLazy = lazy(() => import('./alert_search_bar'));
 
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx
index 35104fd199d3a..a98a519a1606a 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx
@@ -18,7 +18,7 @@ import {
   buildCustomThresholdRule,
 } from '../../mocks/custom_threshold_rule';
 import { CustomThresholdAlertFields } from '../../types';
-import { RuleConditionChart } from '../rule_condition_chart/rule_condition_chart';
+import { RuleConditionChart } from '../../../rule_condition_chart/rule_condition_chart';
 import { CustomThresholdAlert } from '../types';
 import AlertDetailsAppSection from './alert_details_app_section';
 
@@ -47,7 +47,7 @@ jest.mock('@kbn/observability-get-padded-alert-time-range-util', () => ({
   }),
 }));
 
-jest.mock('../rule_condition_chart/rule_condition_chart', () => ({
+jest.mock('../../../rule_condition_chart/rule_condition_chart', () => ({
   RuleConditionChart: jest.fn(() => <div data-test-subj="RuleConditionChart" />),
 }));
 
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx
index 3a065d6e06f3e..83aa8cf2a35d3 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx
@@ -31,16 +31,16 @@ import type {
 import moment from 'moment';
 import { LOGS_EXPLORER_LOCATOR_ID, LogsExplorerLocatorParams } from '@kbn/deeplinks-observability';
 import { TimeRange } from '@kbn/es-query';
+import { getGroupFilters } from '../../../../../common/custom_threshold_rule/helpers/get_group';
 import { useLicense } from '../../../../hooks/use_license';
 import { useKibana } from '../../../../utils/kibana_react';
-import { getGroupFilters } from '../../../../../common/custom_threshold_rule/helpers/get_group';
 import { metricValueFormatter } from '../../../../../common/custom_threshold_rule/metric_value_formatter';
 import { AlertSummaryField } from '../../../..';
 import { AlertParams } from '../../types';
 import { Threshold } from '../custom_threshold';
 import { CustomThresholdRule, CustomThresholdAlert } from '../types';
 import { LogRateAnalysis } from './log_rate_analysis';
-import { RuleConditionChart } from '../rule_condition_chart/rule_condition_chart';
+import { RuleConditionChart } from '../../../rule_condition_chart/rule_condition_chart';
 import { getViewInAppUrl } from '../../../../../common/custom_threshold_rule/get_view_in_app_url';
 import { SearchConfigurationWithExtractedReferenceType } from '../../../../../common/custom_threshold_rule/types';
 import { generateChartTitleAndTooltip } from './helpers/generate_chart_title_and_tooltip';
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.test.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.test.tsx
index 02c428ccf3698..62580b3a89f82 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.test.tsx
@@ -21,7 +21,7 @@ import Expressions from './custom_threshold_rule_expression';
 import { AlertParams, CustomThresholdPrefillOptions } from './types';
 
 jest.mock('../../utils/kibana_react');
-jest.mock('./components/rule_condition_chart/rule_condition_chart', () => ({
+jest.mock('../rule_condition_chart/rule_condition_chart', () => ({
   RuleConditionChart: jest.fn(() => <div data-test-subj="RuleConditionChart" />),
 }));
 
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.tsx
index fab9568b080a9..0db9c2f048e11 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/custom_threshold_rule_expression.tsx
@@ -42,7 +42,7 @@ import { TimeUnitChar } from '../../../common/utils/formatters/duration';
 import { AlertContextMeta, AlertParams, MetricExpression } from './types';
 import { ExpressionRow } from './components/expression_row';
 import { MetricsExplorerFields, GroupBy } from './components/group_by';
-import { RuleConditionChart as PreviewChart } from './components/rule_condition_chart/rule_condition_chart';
+import { RuleConditionChart as PreviewChart } from '../rule_condition_chart/rule_condition_chart';
 import { getSearchConfiguration } from './helpers/get_search_configuration';
 
 const FILTER_TYPING_DEBOUNCE_MS = 500;
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.test.ts b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.test.ts
similarity index 98%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.test.ts
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.test.ts
index 4211907b5d4a0..044b57c64da28 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.test.ts
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.test.ts
@@ -7,7 +7,7 @@
 import {
   Aggregators,
   CustomThresholdExpressionMetric,
-} from '../../../../../common/custom_threshold_rule/types';
+} from '../../../common/custom_threshold_rule/types';
 import { getBufferThreshold, getLensOperationFromRuleMetric, lensFieldFormatter } from './helpers';
 const useCases = [
   [
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.ts b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.ts
similarity index 85%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.ts
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.ts
index 1875af6ceb93e..7cedf19d0b660 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/helpers.ts
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/helpers.ts
@@ -5,12 +5,10 @@
  * 2.0.
  */
 
-import {
-  Aggregators,
-  CustomThresholdExpressionMetric,
-} from '../../../../../common/custom_threshold_rule/types';
+import { Aggregators } from '../../../common/custom_threshold_rule/types';
+import { GenericMetric } from './rule_condition_chart';
 
-export const getLensOperationFromRuleMetric = (metric: CustomThresholdExpressionMetric): string => {
+export const getLensOperationFromRuleMetric = (metric: GenericMetric): string => {
   const { aggType, field, filter } = metric;
   let operation: string = aggType;
   const operationArgs: string[] = [];
@@ -56,7 +54,7 @@ export const LensFieldFormat = {
 } as const;
 
 export const lensFieldFormatter = (
-  metrics: CustomThresholdExpressionMetric[]
+  metrics: GenericMetric[]
 ): typeof LensFieldFormat[keyof typeof LensFieldFormat] => {
   if (metrics.length < 1 || !metrics[0].field) return LensFieldFormat.NUMBER;
   const firstMetricField = metrics[0].field;
@@ -65,5 +63,5 @@ export const lensFieldFormatter = (
   return LensFieldFormat.NUMBER;
 };
 
-export const isRate = (metrics: CustomThresholdExpressionMetric[]): boolean =>
+export const isRate = (metrics: GenericMetric[]): boolean =>
   Boolean(metrics.length > 0 && metrics[0].aggType === Aggregators.RATE);
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx
new file mode 100644
index 0000000000000..2b8a79401de70
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { lazy, Suspense } from 'react';
+import type { RuleConditionChartProps } from './rule_condition_chart';
+
+const RuleConditionChartLazy = lazy(() => import('./rule_condition_chart'));
+
+export function RuleConditionChart(props: RuleConditionChartProps) {
+  return (
+    <Suspense fallback={null}>
+      <RuleConditionChartLazy {...props} />
+    </Suspense>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/painless_tinymath_parser.test.ts b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/painless_tinymath_parser.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/painless_tinymath_parser.test.ts
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/painless_tinymath_parser.test.ts
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/painless_tinymath_parser.ts b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/painless_tinymath_parser.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/painless_tinymath_parser.ts
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/painless_tinymath_parser.ts
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.test.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.test.tsx
similarity index 78%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.test.tsx
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.test.tsx
index d164e6670b4a7..ac0624265be0b 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.test.tsx
@@ -13,13 +13,12 @@ import { COMPARATORS } from '@kbn/alerting-comparators';
 import {
   Aggregators,
   CustomThresholdSearchSourceFields,
-} from '../../../../../common/custom_threshold_rule/types';
-import { useKibana } from '../../../../utils/kibana_react';
-import { kibanaStartMock } from '../../../../utils/kibana_react.mock';
-import { MetricExpression } from '../../types';
-import { RuleConditionChart } from './rule_condition_chart';
+} from '../../../common/custom_threshold_rule/types';
+import { useKibana } from '../../utils/kibana_react';
+import { kibanaStartMock } from '../../utils/kibana_react.mock';
+import { RuleConditionChart, RuleConditionChartExpressions } from './rule_condition_chart';
 
-jest.mock('../../../../utils/kibana_react');
+jest.mock('../../utils/kibana_react');
 
 const useKibanaMock = useKibana as jest.Mock;
 
@@ -34,7 +33,7 @@ describe('Rule condition chart', () => {
     jest.clearAllMocks();
     mockKibana();
   });
-  async function setup(expression: MetricExpression, dataView?: DataView) {
+  async function setup(expression: RuleConditionChartExpressions, dataView?: DataView) {
     const wrapper = mountWithIntl(
       <RuleConditionChart
         metricExpression={expression}
@@ -58,7 +57,7 @@ describe('Rule condition chart', () => {
   }
 
   it('should display no data message', async () => {
-    const expression: MetricExpression = {
+    const expression: RuleConditionChartExpressions = {
       metrics: [
         {
           name: 'A',
@@ -67,7 +66,6 @@ describe('Rule condition chart', () => {
       ],
       timeSize: 1,
       timeUnit: 'm',
-      sourceId: 'default',
       threshold: [1],
       comparator: COMPARATORS.GREATER_THAN_OR_EQUALS,
     };
diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
similarity index 70%
rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.tsx
rename to x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
index 1e326e3fa5f6d..407637520dda7 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/rule_condition_chart/rule_condition_chart.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
@@ -26,10 +26,12 @@ import { i18n } from '@kbn/i18n';
 import { TimeRange } from '@kbn/es-query';
 import { EventAnnotationConfig } from '@kbn/event-annotation-common';
 import { COMPARATORS } from '@kbn/alerting-comparators';
-import { EventsAsUnit } from '../../../../../common/constants';
-import { CustomThresholdSearchSourceFields } from '../../../../../common/custom_threshold_rule/types';
-import { useKibana } from '../../../../utils/kibana_react';
-import { MetricExpression } from '../../types';
+import { SerializedSearchSourceFields } from '@kbn/data-plugin/common';
+import { TimeUnitChar } from '../../../common';
+import { LEGACY_COMPARATORS } from '../../../common/utils/convert_legacy_outside_comparator';
+import { EventsAsUnit } from '../../../common/constants';
+import { Aggregators } from '../../../common/custom_threshold_rule/types';
+import { useKibana } from '../../utils/kibana_react';
 import { AggMap, PainlessTinyMathParser } from './painless_tinymath_parser';
 import {
   lensFieldFormatter,
@@ -38,15 +40,38 @@ import {
   isRate,
   LensFieldFormat,
 } from './helpers';
-
 interface ChartOptions {
   seriesType?: SeriesType;
   interval?: string;
 }
 
-interface RuleConditionChartProps {
-  metricExpression: MetricExpression;
-  searchConfiguration: CustomThresholdSearchSourceFields;
+interface GenericSearchSourceFields extends SerializedSearchSourceFields {
+  query?: Query;
+  filter?: Array<Pick<Filter, 'meta' | 'query'>>;
+}
+
+export type GenericAggType = Aggregators | 'custom';
+
+export interface GenericMetric {
+  aggType: GenericAggType;
+  name: string;
+  field?: string;
+  filter?: string;
+}
+
+export interface RuleConditionChartExpressions {
+  metrics: GenericMetric[];
+  threshold: number[];
+  comparator: COMPARATORS | LEGACY_COMPARATORS;
+  warningThreshold?: number[];
+  warningComparator?: COMPARATORS | LEGACY_COMPARATORS;
+  timeSize?: number;
+  timeUnit?: TimeUnitChar;
+  equation?: string;
+}
+export interface RuleConditionChartProps {
+  metricExpression: RuleConditionChartExpressions;
+  searchConfiguration: GenericSearchSourceFields;
   dataView?: DataView;
   groupBy?: string | string[];
   error?: IErrorObject;
@@ -76,11 +101,22 @@ export function RuleConditionChart({
     services: { lens },
   } = useKibana();
   const { euiTheme } = useEuiTheme();
-  const { metrics, timeSize, timeUnit, threshold, comparator, equation } = metricExpression;
+  const {
+    metrics,
+    timeSize,
+    timeUnit,
+    threshold,
+    comparator,
+    equation,
+    warningComparator,
+    warningThreshold,
+  } = metricExpression;
   const [attributes, setAttributes] = useState<LensAttributes>();
   const [aggMap, setAggMap] = useState<AggMap>();
   const [formula, setFormula] = useState<string>('');
   const [thresholdReferenceLine, setThresholdReferenceLine] = useState<XYReferenceLinesLayer[]>();
+  const [warningThresholdReferenceLine, setWarningThresholdReferenceLine] =
+    useState<XYReferenceLinesLayer[]>();
   const [alertAnnotation, setAlertAnnotation] = useState<XYByValueAnnotationsLayer>();
   const [chartLoading, setChartLoading] = useState<boolean>(false);
   const filters = [...(searchConfiguration.filter || []), ...additionalFilters];
@@ -98,13 +134,13 @@ export function RuleConditionChart({
         const paragraphElements = errorDiv.querySelectorAll('p');
         if (!paragraphElements || paragraphElements.length < 2) return;
         paragraphElements[0].innerText = i18n.translate(
-          'xpack.observability.customThreshold.rule..charts.error_equation.title',
+          'xpack.observability.ruleCondition.chart.error_equation.title',
           {
             defaultMessage: 'An error occurred while rendering the chart',
           }
         );
         paragraphElements[1].innerText = i18n.translate(
-          'xpack.observability.customThreshold.rule..charts.error_equation.description',
+          'xpack.observability.ruleCondition.chart.error_equation.description',
           {
             defaultMessage: 'Check the rule equation.',
           }
@@ -113,6 +149,77 @@ export function RuleConditionChart({
     });
   }, [chartLoading, attributes]);
 
+  // Build the warning threshold reference line
+  useEffect(() => {
+    if (!warningThreshold) {
+      if (warningThresholdReferenceLine?.length) {
+        setWarningThresholdReferenceLine([]);
+      }
+      return;
+    }
+    const refLayers = [];
+    if (
+      warningComparator === COMPARATORS.NOT_BETWEEN ||
+      (warningComparator === COMPARATORS.BETWEEN && warningThreshold.length === 2)
+    ) {
+      const refLineStart = new XYReferenceLinesLayer({
+        data: [
+          {
+            value: (warningThreshold[0] || 0).toString(),
+            color: euiTheme.colors.warning,
+            fill: warningComparator === COMPARATORS.NOT_BETWEEN ? 'below' : 'none',
+          },
+        ],
+      });
+      const refLineEnd = new XYReferenceLinesLayer({
+        data: [
+          {
+            value: (warningThreshold[1] || 0).toString(),
+            color: euiTheme.colors.warning,
+            fill: warningComparator === COMPARATORS.NOT_BETWEEN ? 'above' : 'none',
+          },
+        ],
+      });
+
+      refLayers.push(refLineStart, refLineEnd);
+    } else {
+      let fill: FillStyle = 'above';
+      if (
+        warningComparator === COMPARATORS.LESS_THAN ||
+        warningComparator === COMPARATORS.LESS_THAN_OR_EQUALS
+      ) {
+        fill = 'below';
+      }
+      const warningThresholdRefLine = new XYReferenceLinesLayer({
+        data: [
+          {
+            value: (warningThreshold[0] || 0).toString(),
+            color: euiTheme.colors.warning,
+            fill,
+          },
+        ],
+      });
+      // A transparent line to add extra buffer at the top of threshold
+      const bufferRefLine = new XYReferenceLinesLayer({
+        data: [
+          {
+            value: getBufferThreshold(warningThreshold[0]),
+            color: 'transparent',
+            fill,
+          },
+        ],
+      });
+      refLayers.push(warningThresholdRefLine, bufferRefLine);
+    }
+    setWarningThresholdReferenceLine(refLayers);
+  }, [
+    warningThreshold,
+    warningComparator,
+    euiTheme.colors.warning,
+    metrics,
+    warningThresholdReferenceLine?.length,
+  ]);
+
   // Build the threshold reference line
   useEffect(() => {
     if (!threshold) return;
@@ -225,7 +332,7 @@ export function RuleConditionChart({
     const baseLayer = {
       type: 'formula',
       value: formula,
-      label: 'Custom Threshold',
+      label: formula,
       groupBy,
       format: {
         id: formatId,
@@ -272,6 +379,9 @@ export function RuleConditionChart({
     const layers: Array<XYDataLayer | XYReferenceLinesLayer | XYByValueAnnotationsLayer> = [
       xyDataLayer,
     ];
+    if (warningThresholdReferenceLine) {
+      layers.push(...warningThresholdReferenceLine);
+    }
     if (thresholdReferenceLine) {
       layers.push(...thresholdReferenceLine);
     }
@@ -311,13 +421,14 @@ export function RuleConditionChart({
     timeSize,
     timeUnit,
     seriesType,
+    warningThresholdReferenceLine,
   ]);
 
   if (
     !dataView ||
     !attributes ||
     error?.equation ||
-    Object.keys(error?.metrics || {}).length !== 0 ||
+    Object.keys(error?.metrics || error?.metric || {}).length !== 0 ||
     !timeSize ||
     !timeRange
   ) {
@@ -329,7 +440,7 @@ export function RuleConditionChart({
           data-test-subj="thresholdRuleNoChartData"
           body={
             <FormattedMessage
-              id="xpack.observability.customThreshold.rule..charts.noData.title"
+              id="xpack.observability.customThreshold.rule.charts.noData.title"
               defaultMessage="No chart data available, check the rule {errorSourceField}"
               values={{
                 errorSourceField:
@@ -345,12 +456,11 @@ export function RuleConditionChart({
       </div>
     );
   }
-
   return (
     <div>
       <lens.EmbeddableComponent
         onLoad={setChartLoading}
-        id="customThresholdPreviewChart"
+        id="ruleConditionChart"
         style={{ height: 180 }}
         timeRange={timeRange}
         attributes={attributes}
@@ -361,3 +471,6 @@ export function RuleConditionChart({
     </div>
   );
 }
+
+// eslint-disable-next-line import/no-default-export
+export default RuleConditionChart;
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx
index e8545276c572a..61e56b6175838 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx
@@ -21,7 +21,7 @@ function composeStateUpdaters<State, Props>(...updaters: Array<StateUpdater<Stat
     updaters.reduce((currentState, updater) => updater(currentState, props) || currentState, state);
 }
 
-interface AutocompleteFieldProps {
+export interface AutocompleteFieldProps {
   isLoadingSuggestions: boolean;
   isValid: boolean;
   loadSuggestions: (value: string, cursorPosition: number, maxCount?: number) => void;
@@ -330,3 +330,6 @@ const withUnfocused = (state: AutocompleteFieldState) => ({
   ...state,
   isFocused: false,
 });
+
+// eslint-disable-next-line import/no-default-export
+export default AutocompleteField;
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx
new file mode 100644
index 0000000000000..a7ed90f1a9f4d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { lazy, Suspense } from 'react';
+import type { WithKueryAutocompletionLifecycleProps } from './with_kuery_autocompletion';
+import type { AutocompleteFieldProps } from './autocomplete_field';
+import type { RuleFlyoutKueryBarProps } from './kuery_bar';
+
+const RuleFlyoutKueryBarLazy = lazy(() => import('./kuery_bar'));
+
+export function RuleFlyoutKueryBar(props: RuleFlyoutKueryBarProps) {
+  return (
+    <Suspense fallback={null}>
+      <RuleFlyoutKueryBarLazy {...props} />
+    </Suspense>
+  );
+}
+
+const AutocompleteFieldLazy = lazy(() => import('./autocomplete_field/autocomplete_field'));
+
+export function AutocompleteField(props: AutocompleteFieldProps) {
+  return (
+    <Suspense fallback={null}>
+      <AutocompleteFieldLazy {...props} />
+    </Suspense>
+  );
+}
+
+const WithKueryAutocompletionLazy = lazy(() => import('./with_kuery_autocompletion'));
+
+export function WithKueryAutocompletion(props: WithKueryAutocompletionLifecycleProps) {
+  return (
+    <Suspense fallback={null}>
+      <WithKueryAutocompletionLazy {...props} />
+    </Suspense>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx
index 26115ec331021..1e8359da2aab6 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx
@@ -22,7 +22,7 @@ type LoadSuggestionsFn = (
 ) => void;
 export type CurryLoadSuggestionsType = (loadSuggestions: LoadSuggestionsFn) => LoadSuggestionsFn;
 
-interface Props {
+export interface RuleFlyoutKueryBarProps {
   derivedIndexPattern: DataViewBase;
   onSubmit: (query: string) => void;
   onChange?: (query: string) => void;
@@ -49,7 +49,7 @@ export function RuleFlyoutKueryBar({
   placeholder,
   curryLoadSuggestions = defaultCurryLoadSuggestions,
   compressed,
-}: Props) {
+}: RuleFlyoutKueryBarProps) {
   const [draftQuery, setDraftQuery] = useState<string>(value || '');
   const [isValid, setValidation] = useState<boolean>(true);
 
@@ -100,3 +100,6 @@ const defaultCurryLoadSuggestions: CurryLoadSuggestionsType =
   (loadSuggestions) =>
   (...args) =>
     loadSuggestions(...args);
+
+// eslint-disable-next-line import/no-default-export
+export default RuleFlyoutKueryBar;
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx
index 2325434a08234..0d43abc758acb 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx
@@ -16,7 +16,7 @@ import type { DataView } from '@kbn/data-views-plugin/public';
 import { QuerySuggestion } from '@kbn/unified-search-plugin/public';
 import { InfraClientStartDeps, RendererFunction } from '../custom_threshold/types';
 
-interface WithKueryAutocompletionLifecycleProps {
+export interface WithKueryAutocompletionLifecycleProps {
   kibana: KibanaReactContextValue<InfraClientStartDeps & KibanaServices>;
   children: RendererFunction<{
     isLoadingSuggestions: boolean;
@@ -111,3 +111,6 @@ class WithKueryAutocompletionComponent extends React.Component<
 export const WithKueryAutocompletion = withKibana<WithKueryAutocompletionLifecycleProps>(
   WithKueryAutocompletionComponent
 );
+
+// eslint-disable-next-line import/no-default-export
+export default WithKueryAutocompletion;
diff --git a/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts b/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts
index ce1a5ed10a8e0..b9254a979a53c 100644
--- a/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts
+++ b/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts
@@ -63,7 +63,7 @@ const getAlertsGroupedById = (
   return data.hits.hits.reduce(
     (acc, { _id, _index, _source }) => ({
       ...acc,
-      [_id]: {
+      [_id!]: {
         _id,
         _index,
         ..._source,
diff --git a/x-pack/plugins/observability_solution/observability/public/index.ts b/x-pack/plugins/observability_solution/observability/public/index.ts
index d655b872ca3e5..27b715a6d8f7e 100644
--- a/x-pack/plugins/observability_solution/observability/public/index.ts
+++ b/x-pack/plugins/observability_solution/observability/public/index.ts
@@ -57,14 +57,14 @@ export {
 export type { RulesParams } from './locators/rules';
 export { getCoreVitalsComponent } from './pages/overview/components/sections/ux/core_web_vitals/get_core_web_vitals_lazy';
 export { ObservabilityAlertSearchBar } from './components/alert_search_bar/get_alert_search_bar_lazy';
-export { DatePicker } from './pages/overview/components/date_picker/date_picker';
+export { DatePicker } from './pages/overview/components/date_picker';
 
 export const LazyAlertsFlyout = lazy(() => import('./components/alerts_flyout/alerts_flyout'));
 
 export * from './typings';
 import { TopAlert } from './typings/alerts';
-import { AlertSummary } from './pages/alert_details/components/alert_summary';
-import { AlertSummaryField } from './pages/alert_details/components/alert_summary';
+import { AlertSummary } from './pages/alert_details/components';
+import type { AlertSummaryField } from './pages/alert_details/components/alert_summary';
 export type { TopAlert, AlertSummary, AlertSummaryField };
 
 export { observabilityFeatureId, observabilityAppId } from '../common';
@@ -73,8 +73,6 @@ export { useFetchDataViews } from './hooks/use_fetch_data_views';
 export { useTimeBuckets } from './hooks/use_time_buckets';
 export { createUseRulesLink } from './hooks/create_use_rules_link';
 export { useSummaryTimeRange } from './hooks/use_summary_time_range';
-export { useGetFilteredRuleTypes } from './hooks/use_get_filtered_rule_types';
-export { useCreateRule } from './hooks/use_create_rule';
 
 export { getApmTraceUrl } from './utils/get_apm_trace_url';
 export { buildEsQuery } from './utils/build_es_query';
@@ -94,8 +92,12 @@ export { calculateTimeRangeBucketSize } from './pages/overview/helpers/calculate
 export type { render } from './utils/test_helper';
 
 export { convertTo } from '../common/utils/formatters/duration';
-export { getElasticsearchQueryOrThrow } from '../common/utils/parse_kuery';
 export { formatAlertEvaluationValue } from './utils/format_alert_evaluation_value';
-export { WithKueryAutocompletion } from './components/rule_kql_filter/with_kuery_autocompletion';
-export { AutocompleteField } from './components/rule_kql_filter/autocomplete_field';
-export { RuleFlyoutKueryBar } from './components/rule_kql_filter/kuery_bar';
+export {
+  RuleFlyoutKueryBar,
+  AutocompleteField,
+  WithKueryAutocompletion,
+} from './components/rule_kql_filter';
+export { RuleConditionChart } from './components/rule_condition_chart';
+export { getGroupFilters } from '../common/custom_threshold_rule/helpers/get_group';
+export type { GenericAggType } from './components/rule_condition_chart/rule_condition_chart';
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx
index 466e68267424d..4706bed7f5635 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx
@@ -96,7 +96,6 @@ const params = {
 const config: Subset<ConfigSchema> = {
   unsafe: {
     alertDetails: {
-      metrics: { enabled: true },
       uptime: { enabled: true },
     },
   },
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx
index 82c22626aab85..7738b27089a57 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx
@@ -28,7 +28,7 @@ export interface AlertSummaryField {
   label: ReactNode | string;
   value: ReactNode | string | number;
 }
-interface AlertSummaryProps {
+export interface AlertSummaryProps {
   alert: TopAlert;
   alertSummaryFields?: AlertSummaryField[];
 }
@@ -110,3 +110,6 @@ export function AlertSummary({ alert, alertSummaryFields }: AlertSummaryProps) {
     </div>
   );
 }
+
+// eslint-disable-next-line import/no-default-export
+export default AlertSummary;
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx
new file mode 100644
index 0000000000000..8af473faab59d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { lazy, Suspense } from 'react';
+import type { AlertSummaryProps } from './alert_summary';
+
+const AlertSummaryLazy = lazy(() => import('./alert_summary'));
+
+export function AlertSummary(props: AlertSummaryProps) {
+  return (
+    <Suspense fallback={null}>
+      <AlertSummaryLazy {...props} />
+    </Suspense>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx
index c9f43ee75bf0c..91ba564df7216 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx
@@ -23,16 +23,11 @@ import {
   ALERT_DURATION,
   ALERT_FLAPPING,
   ALERT_RULE_CATEGORY,
-  ALERT_RULE_TYPE_ID,
   TIMESTAMP,
 } from '@kbn/rule-data-utils';
 import { css } from '@emotion/react';
 import { asDuration } from '../../../../common/utils/formatters';
 import { TopAlert } from '../../../typings/alerts';
-import { ExperimentalBadge } from '../../../components/experimental_badge';
-import { METRIC_THRESHOLD_ALERT_TYPE_ID } from '../alert_details';
-import { isAlertDetailsEnabledPerApp } from '../../../utils/is_alert_details_enabled';
-import { usePluginContext } from '../../../hooks/use_plugin_context';
 
 export interface PageTitleProps {
   alert: TopAlert | null;
@@ -52,19 +47,13 @@ export function pageTitleContent(ruleCategory: string) {
 
 export function PageTitle({ alert, alertStatus, dataTestSubj }: PageTitleProps) {
   const { euiTheme } = useEuiTheme();
-  const { config } = usePluginContext();
 
   if (!alert) return <EuiLoadingSpinner />;
 
-  const showExperimentalBadge = alert.fields[ALERT_RULE_TYPE_ID] === METRIC_THRESHOLD_ALERT_TYPE_ID;
-
   return (
     <div data-test-subj={dataTestSubj}>
       <EuiFlexGroup direction="row" alignItems="center" gutterSize="s">
         {pageTitleContent(alert.fields[ALERT_RULE_CATEGORY])}
-        {isAlertDetailsEnabledPerApp(alert, config) && showExperimentalBadge && (
-          <ExperimentalBadge />
-        )}
       </EuiFlexGroup>
       <EuiSpacer size="l" />
       <EuiFlexGroup direction="row" alignItems="center" gutterSize="xl">
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx
index 248deae214328..a5067c2968bb5 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx
@@ -68,7 +68,6 @@ jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({
     unsafe: {
       alertDetails: {
         apm: { enabled: false },
-        metrics: { enabled: false },
         uptime: { enabled: false },
       },
     },
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx
index 71f7a3db59ee7..da814c916ea15 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx
@@ -63,14 +63,13 @@ jest.mock('@kbn/triggers-actions-ui-plugin/public/common/lib/kibana/kibana_react
   })),
 }));
 
-const config = {
+const config: ConfigSchema = {
   unsafe: {
     alertDetails: {
-      metrics: { enabled: false },
       uptime: { enabled: false },
     },
   },
-} as ConfigSchema;
+};
 
 const getFormatterMock = jest.fn();
 const createRuleTypeRegistryMock = () => ({
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx
index e3bb21a460067..56ec220cbb940 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx
@@ -16,17 +16,7 @@ export interface TimePickerQuickRange {
   display: string;
 }
 
-export interface TimePickerRefreshInterval {
-  pause: boolean;
-  value: number;
-}
-
-export interface TimePickerTimeDefaults {
-  from: string;
-  to: string;
-}
-
-interface DatePickerProps {
+export interface DatePickerProps {
   rangeFrom?: string;
   rangeTo?: string;
   refreshPaused?: boolean;
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx
new file mode 100644
index 0000000000000..033de0beff657
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { lazy, Suspense } from 'react';
+import type { DatePickerProps } from './date_picker';
+
+const DatePickerLazy = lazy(() => import('./date_picker'));
+
+export function DatePicker(props: DatePickerProps) {
+  return (
+    <Suspense fallback={null}>
+      <DatePickerLazy {...props} />
+    </Suspense>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx
index 4c033be971e68..683d6bd4d9107 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx
@@ -49,14 +49,13 @@ describe('APMSection', () => {
       from: '2020-10-08T06:00:00.000Z',
       to: '2020-10-08T07:00:00.000Z',
     });
-    const config = {
+    const config: ConfigSchema = {
       unsafe: {
         alertDetails: {
-          metrics: { enabled: false },
           uptime: { enabled: false },
         },
       },
-    } as ConfigSchema;
+    };
 
     jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({
       appMountParameters: {} as AppMountParameters,
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx
index a1023f33f4313..4a9c44151e03c 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx
@@ -81,7 +81,6 @@ const withCore = makeDecorator({
     const config: ConfigSchema = {
       unsafe: {
         alertDetails: {
-          metrics: { enabled: false },
           uptime: { enabled: false },
           observability: { enabled: false },
         },
diff --git a/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx
index 785bbf73c1e99..d8dfec4098f66 100644
--- a/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx
@@ -58,7 +58,6 @@ jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({
     unsafe: {
       alertDetails: {
         apm: { enabled: false },
-        metrics: { enabled: false },
         uptime: { enabled: false },
         observability: { enabled: false },
       },
diff --git a/x-pack/plugins/observability_solution/observability/public/plugin.ts b/x-pack/plugins/observability_solution/observability/public/plugin.ts
index ae2fb27aef374..da32d0ab37146 100644
--- a/x-pack/plugins/observability_solution/observability/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/observability/public/plugin.ts
@@ -90,9 +90,6 @@ import { registerObservabilityRuleTypes } from './rules/register_observability_r
 export interface ConfigSchema {
   unsafe: {
     alertDetails: {
-      metrics: {
-        enabled: boolean;
-      };
       logs?: {
         enabled: boolean;
       };
diff --git a/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts b/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts
index 4a2f8cfc3ba8c..30a6c6eda7149 100644
--- a/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts
+++ b/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ObservabilityRuleTypeRegistry } from './create_observability_rule_type_registry';
+import type { ObservabilityRuleTypeRegistry } from './create_observability_rule_type_registry';
 
 const createRuleTypeRegistryMock = () => ({
   getFormatter: () => () => 'a reason',
diff --git a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts
index 101e10a314451..8819bdb71aa14 100644
--- a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts
+++ b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts
@@ -28,14 +28,13 @@ import { ConfigSchema } from '../plugin';
 import { isAlertDetailsEnabledPerApp } from './is_alert_details_enabled';
 import type { TopAlert } from '../typings/alerts';
 
-const defaultConfig = {
+const defaultConfig: ConfigSchema = {
   unsafe: {
     alertDetails: {
-      metrics: { enabled: false },
       uptime: { enabled: false },
     },
   },
-} as ConfigSchema;
+};
 describe('isAlertDetailsEnabled', () => {
   describe('Logs alert', () => {
     const logsAlert = {
@@ -63,14 +62,13 @@ describe('isAlertDetailsEnabled', () => {
       lastUpdated: 1630588131750,
     } as unknown as TopAlert;
     it('returns TRUE when rule type is logs.alert.document.count', () => {
-      const updatedConfig = {
+      const updatedConfig: ConfigSchema = {
         unsafe: {
           alertDetails: {
-            metrics: { enabled: false },
             uptime: { enabled: false },
           },
         },
-      } as ConfigSchema;
+      };
       expect(isAlertDetailsEnabledPerApp(logsAlert, updatedConfig)).toBeTruthy();
     });
   });
@@ -104,14 +102,13 @@ describe('isAlertDetailsEnabled', () => {
     });
 
     it('returns TRUE when rule type is apm.transaction_duration', () => {
-      const updatedConfig = {
+      const updatedConfig: ConfigSchema = {
         unsafe: {
           alertDetails: {
-            metrics: { enabled: false },
             uptime: { enabled: false },
           },
         },
-      } as ConfigSchema;
+      };
       const apmTransactionDurationAlert = {
         ...APMAlert,
         fields: { ...APMAlert.fields, [ALERT_RULE_TYPE_ID]: 'apm.transaction_duration' },
@@ -129,7 +126,7 @@ describe('isAlertDetailsEnabled', () => {
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_RULE_UUID]: 'db2ab7c0-0bec-11ec-9ae2-5b10ca924404',
         [ALERT_START]: '2021-09-02T12:54:09.674Z',
-        [ALERT_RULE_TYPE_ID]: 'metrics.alert.inventory.threshold',
+        [ALERT_RULE_TYPE_ID]: 'metrics.alert.threshold',
         [EVENT_ACTION]: 'active',
         [ALERT_EVALUATION_VALUE]: 1957,
         [ALERT_INSTANCE_ID]: '*',
@@ -144,20 +141,8 @@ describe('isAlertDetailsEnabled', () => {
       start: 1630587249674,
       lastUpdated: 1630588131750,
     } as unknown as TopAlert;
-    it('returns FALSE when metrics: { enabled: false }', () => {
-      expect(isAlertDetailsEnabledPerApp(metricsAlert, defaultConfig)).toBeFalsy();
-    });
-
-    it('returns TRUE when metrics: { enabled: true }', () => {
-      const updatedConfig = {
-        unsafe: {
-          alertDetails: {
-            metrics: { enabled: true },
-            uptime: { enabled: false },
-          },
-        },
-      } as ConfigSchema;
-      expect(isAlertDetailsEnabledPerApp(metricsAlert, updatedConfig)).toBeTruthy();
+    it('returns TRUE when rule type is metrics.alert.threshold', () => {
+      expect(isAlertDetailsEnabledPerApp(metricsAlert, defaultConfig)).toBeTruthy();
     });
   });
   describe('Uptime alert', () => {
@@ -231,25 +216,23 @@ describe('isAlertDetailsEnabled', () => {
     });
 
     it('returns FALSE when no alert provided', () => {
-      const updatedConfig = {
+      const updatedConfig: ConfigSchema = {
         unsafe: {
           alertDetails: {
-            metrics: { enabled: true },
             uptime: { enabled: true },
           },
         },
-      } as ConfigSchema;
+      };
       expect(isAlertDetailsEnabledPerApp(null, updatedConfig)).toBeFalsy();
     });
     it('returns FALSE when a none-listed rule type is checked', () => {
-      const updatedConfig = {
+      const updatedConfig: ConfigSchema = {
         unsafe: {
           alertDetails: {
-            metrics: { enabled: true },
             uptime: { enabled: true },
           },
         },
-      } as ConfigSchema;
+      };
       const noneListedRuleType = {
         reason: 'reason message',
         fields: {
diff --git a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts
index 3126afc7b5f9d..2775548df21df 100644
--- a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts
+++ b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts
@@ -9,6 +9,7 @@ import { ALERT_RULE_TYPE_ID } from '@kbn/rule-data-utils';
 import {
   ApmRuleType,
   LOG_THRESHOLD_ALERT_TYPE_ID,
+  METRIC_THRESHOLD_ALERT_TYPE_ID,
   OBSERVABILITY_THRESHOLD_RULE_TYPE_ID,
   SLO_BURN_RATE_RULE_TYPE_ID,
 } from '@kbn/rule-data-utils';
@@ -18,14 +19,17 @@ import type { TopAlert } from '../typings/alerts';
 const ALLOWED_RULE_TYPES = [
   ApmRuleType.TransactionDuration,
   LOG_THRESHOLD_ALERT_TYPE_ID,
+  METRIC_THRESHOLD_ALERT_TYPE_ID,
   OBSERVABILITY_THRESHOLD_RULE_TYPE_ID,
   SLO_BURN_RATE_RULE_TYPE_ID,
 ];
 
 const isUnsafeAlertDetailsFlag = (
   subject: string
-): subject is keyof Omit<ConfigSchema['unsafe']['alertDetails'], 'logs' | 'observability'> =>
-  ['uptime', 'metrics'].includes(subject);
+): subject is keyof Omit<
+  ConfigSchema['unsafe']['alertDetails'],
+  'logs' | 'observability' | 'metrics'
+> => ['uptime'].includes(subject);
 
 // We are mapping the ruleTypeId from the feature flag with the ruleTypeId from the alert
 // to know whether the feature flag is enabled or not.
diff --git a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx
index b8b4fe5ad142a..593c2eafa920e 100644
--- a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx
@@ -28,7 +28,6 @@ export function KibanaReactStorybookDecorator(Story: ComponentType) {
   const config: ConfigSchema = {
     unsafe: {
       alertDetails: {
-        metrics: { enabled: false },
         uptime: { enabled: false },
         observability: { enabled: false },
       },
diff --git a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts
index 209e0ce4b2382..4797a76f0e535 100644
--- a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts
+++ b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts
@@ -8,7 +8,7 @@
 import { CoreStart } from '@kbn/core/public';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
 import { Storage } from '@kbn/kibana-utils-plugin/public';
-import { ObservabilityPublicPluginsStart } from '../plugin';
+import type { ObservabilityPublicPluginsStart } from '../plugin';
 
 export type StartServices<AdditionalServices extends object = {}> = CoreStart &
   ObservabilityPublicPluginsStart &
diff --git a/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx b/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx
index 35ab846a79fcf..dca5d29851469 100644
--- a/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx
@@ -32,7 +32,6 @@ export const data = dataPluginMock.createStartContract();
 const defaultConfig: ConfigSchema = {
   unsafe: {
     alertDetails: {
-      metrics: { enabled: false },
       uptime: { enabled: false },
     },
   },
diff --git a/x-pack/plugins/observability_solution/observability/server/index.ts b/x-pack/plugins/observability_solution/observability/server/index.ts
index 6486731fcd90c..55df44f257501 100644
--- a/x-pack/plugins/observability_solution/observability/server/index.ts
+++ b/x-pack/plugins/observability_solution/observability/server/index.ts
@@ -84,6 +84,7 @@ export const config: PluginConfigDescriptor = {
   deprecations: ({ unused }) => [
     unused('unsafe.thresholdRule.enabled', { level: 'warning' }),
     unused('unsafe.alertDetails.logs.enabled', { level: 'warning' }),
+    unused('unsafe.alertDetails.metrics.enabled', { level: 'warning' }),
     unused('unsafe.alertDetails.observability.enabled', { level: 'warning' }),
   ],
 };
diff --git a/x-pack/plugins/observability_solution/observability/tsconfig.json b/x-pack/plugins/observability_solution/observability/tsconfig.json
index 84ef4bc7eee11..da98c7fc6494b 100644
--- a/x-pack/plugins/observability_solution/observability/tsconfig.json
+++ b/x-pack/plugins/observability_solution/observability/tsconfig.json
@@ -52,7 +52,6 @@
     "@kbn/logging",
     "@kbn/share-plugin",
     "@kbn/core-notifications-browser",
-    "@kbn/slo-schema",
     "@kbn/guided-onboarding",
     "@kbn/charts-plugin",
     "@kbn/securitysolution-ecs",
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx
index 7e54d7671237c..97f2e0a71a0c6 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx
@@ -60,7 +60,7 @@ export function InsightBase({
   return (
     <EuiPanel hasBorder hasShadow={false}>
       <EuiAccordion
-        id="obsAiAssistantInsight"
+        id="obsAiAssistantInsightContainer"
         arrowProps={{ css: { alignSelf: 'flex-start' } }}
         buttonContent={
           <EuiFlexGroup wrap responsive={false} gutterSize="m" data-test-subj={dataTestSubj}>
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts
index 61a8b6adf3ed3..8c255b885fd4c 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts
@@ -38,9 +38,8 @@ export function registerElasticsearchFunction({
       },
     },
     async ({ arguments: { method, path, body } }) => {
-      const response = await (
-        await resources.context.core
-      ).elasticsearch.client.asCurrentUser.transport.request({
+      const esClient = (await resources.context.core).elasticsearch.client;
+      const response = await esClient.asCurrentUser.transport.request({
         method,
         path,
         body,
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts
index 557f09784c7f9..74d786bb6727d 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts
@@ -33,7 +33,7 @@ export async function getRelevantFieldNames({
   messages: Message[];
   chat: FunctionCallChatFunction;
   signal: AbortSignal;
-}): Promise<{ fields: string[] }> {
+}): Promise<{ fields: string[]; stats: { analyzed: number; total: number } }> {
   const dataViewsService = await dataViews.dataViewsServiceFactory(savedObjectsClient, esClient);
 
   const hasAnyHitsResponse = await esClient.search({
@@ -89,8 +89,13 @@ export async function getRelevantFieldNames({
 
   const shortIdTable = new ShortIdTable();
 
+  const MAX_CHUNKS = 5;
+  const FIELD_NAMES_PER_CHUNK = 250;
+
+  const fieldNamesToAnalyze = fieldNames.slice(0, MAX_CHUNKS * FIELD_NAMES_PER_CHUNK);
+
   const relevantFields = await Promise.all(
-    chunk(fieldNames, 250).map(async (fieldsInChunk) => {
+    chunk(fieldNamesToAnalyze, FIELD_NAMES_PER_CHUNK).map(async (fieldsInChunk) => {
       const chunkResponse$ = (
         await chat('get_relevant_dataset_names', {
           signal,
@@ -165,5 +170,8 @@ export async function getRelevantFieldNames({
     })
   );
 
-  return { fields: relevantFields.flat() };
+  return {
+    fields: relevantFields.flat(),
+    stats: { analyzed: fieldNamesToAnalyze.length, total: fieldNames.length },
+  };
 }
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts
index bac7963cecbdf..57cac3a4e0c0f 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts
@@ -41,14 +41,14 @@ export function registerGetDatasetInfoFunction({
     async ({ arguments: { index }, messages, chat }, signal) => {
       const coreContext = await resources.context.core;
 
-      const esClient = coreContext.elasticsearch.client.asCurrentUser;
+      const esClient = coreContext.elasticsearch.client;
       const savedObjectsClient = coreContext.savedObjects.client;
 
       let indices: string[] = [];
 
       try {
-        const body = await esClient.indices.resolveIndex({
-          name: index === '' ? '*' : index,
+        const body = await esClient.asCurrentUser.indices.resolveIndex({
+          name: index === '' ? '*' : index.split(','),
           expand_wildcards: 'open',
         });
         indices = [
@@ -81,17 +81,17 @@ export function registerGetDatasetInfoFunction({
       const relevantFieldNames = await getRelevantFieldNames({
         index,
         messages,
-        esClient,
+        esClient: esClient.asCurrentUser,
         dataViews: await resources.plugins.dataViews.start(),
         savedObjectsClient,
         signal,
         chat,
       });
-
       return {
         content: {
           indices: [index],
           fields: relevantFieldNames.fields,
+          stats: relevantFieldNames.stats,
         },
       };
     }
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts
index dacd52648a6b8..139955742ef6e 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts
@@ -153,7 +153,7 @@ export class ObservabilityAIAssistantClient {
     }
 
     await this.dependencies.esClient.asInternalUser.delete({
-      id: conversation._id,
+      id: conversation._id!,
       index: conversation._index,
       refresh: true,
     });
@@ -634,7 +634,7 @@ export class ObservabilityAIAssistantClient {
     );
 
     await this.dependencies.esClient.asInternalUser.update({
-      id: persistedConversation._id,
+      id: persistedConversation._id!,
       index: persistedConversation._index,
       doc: updatedConversation,
       refresh: true,
@@ -663,7 +663,7 @@ export class ObservabilityAIAssistantClient {
     );
 
     await this.dependencies.esClient.asInternalUser.update({
-      id: document._id,
+      id: document._id!,
       index: document._index,
       doc: { conversation: { title } },
       refresh: true,
@@ -706,7 +706,7 @@ export class ObservabilityAIAssistantClient {
       user: this.dependencies.user,
       queries,
       categories,
-      asCurrentUser: this.dependencies.esClient.asCurrentUser,
+      esClient: this.dependencies.esClient,
       uiSettingsClient: this.dependencies.uiSettingsClient,
     });
   };
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts
index 318cf83b54373..34f3667d1cb7b 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts
@@ -140,15 +140,14 @@ export class ObservabilityAIAssistantService {
 
       const elserModelId = await this.getModelId();
 
-      const esClient = coreStart.elasticsearch.client.asInternalUser;
-
-      await esClient.cluster.putComponentTemplate({
+      const esClient = coreStart.elasticsearch.client;
+      await esClient.asInternalUser.cluster.putComponentTemplate({
         create: false,
         name: this.resourceNames.componentTemplate.conversations,
         template: conversationComponentTemplate,
       });
 
-      await esClient.indices.putIndexTemplate({
+      await esClient.asInternalUser.indices.putIndexTemplate({
         name: this.resourceNames.indexTemplate.conversations,
         composed_of: [this.resourceNames.componentTemplate.conversations],
         create: false,
@@ -170,7 +169,7 @@ export class ObservabilityAIAssistantService {
       const conversationAliasName = this.resourceNames.aliases.conversations;
 
       await createConcreteWriteIndex({
-        esClient,
+        esClient: esClient.asInternalUser,
         logger: this.logger,
         totalFieldsLimit: 10000,
         indexPatterns: {
@@ -183,13 +182,13 @@ export class ObservabilityAIAssistantService {
         dataStreamAdapter: getDataStreamAdapter({ useDataStreamForAlerts: false }),
       });
 
-      await esClient.cluster.putComponentTemplate({
+      await esClient.asInternalUser.cluster.putComponentTemplate({
         create: false,
         name: this.resourceNames.componentTemplate.kb,
         template: kbComponentTemplate,
       });
 
-      await esClient.ingest.putPipeline({
+      await esClient.asInternalUser.ingest.putPipeline({
         id: this.resourceNames.pipelines.kb,
         processors: [
           {
@@ -210,7 +209,7 @@ export class ObservabilityAIAssistantService {
         ],
       });
 
-      await esClient.indices.putIndexTemplate({
+      await esClient.asInternalUser.indices.putIndexTemplate({
         name: this.resourceNames.indexTemplate.kb,
         composed_of: [this.resourceNames.componentTemplate.kb],
         create: false,
@@ -227,7 +226,7 @@ export class ObservabilityAIAssistantService {
       const kbAliasName = this.resourceNames.aliases.kb;
 
       await createConcreteWriteIndex({
-        esClient,
+        esClient: esClient.asInternalUser,
         logger: this.logger,
         totalFieldsLimit: 10000,
         indexPatterns: {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts
index 67cf8bcd000a9..45330f9da2f2b 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts
@@ -11,18 +11,18 @@ import type { Logger } from '@kbn/logging';
 import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
 import pLimit from 'p-limit';
 import pRetry from 'p-retry';
-import { isEmpty, map, orderBy } from 'lodash';
+import { map, orderBy } from 'lodash';
 import { encode } from 'gpt-tokenizer';
 import { MlTrainedModelDeploymentNodesStats } from '@elastic/elasticsearch/lib/api/types';
-import { aiAssistantSearchConnectorIndexPattern } from '../../../common';
 import { INDEX_QUEUED_DOCUMENTS_TASK_ID, INDEX_QUEUED_DOCUMENTS_TASK_TYPE } from '..';
 import { KnowledgeBaseEntry, KnowledgeBaseEntryRole, UserInstruction } from '../../../common/types';
 import type { ObservabilityAIAssistantResourceNames } from '../types';
 import { getAccessQuery } from '../util/get_access_query';
 import { getCategoryQuery } from '../util/get_category_query';
+import { recallFromConnectors } from './recall_from_connectors';
 
 interface Dependencies {
-  esClient: ElasticsearchClient;
+  esClient: { asInternalUser: ElasticsearchClient };
   resources: ObservabilityAIAssistantResourceNames;
   logger: Logger;
   taskManagerStart: TaskManagerStartContract;
@@ -85,7 +85,7 @@ export class KnowledgeBaseService {
 
     const installModel = async () => {
       this.dependencies.logger.info('Installing ELSER model');
-      await this.dependencies.esClient.ml.putTrainedModel(
+      await this.dependencies.esClient.asInternalUser.ml.putTrainedModel(
         {
           model_id: elserModelId,
           input: {
@@ -99,7 +99,7 @@ export class KnowledgeBaseService {
     };
 
     const getIsModelInstalled = async () => {
-      const getResponse = await this.dependencies.esClient.ml.getTrainedModels({
+      const getResponse = await this.dependencies.esClient.asInternalUser.ml.getTrainedModels({
         model_id: elserModelId,
         include: 'definition_status',
       });
@@ -130,7 +130,7 @@ export class KnowledgeBaseService {
     }, retryOptions);
 
     try {
-      await this.dependencies.esClient.ml.startTrainedModelDeployment({
+      await this.dependencies.esClient.asInternalUser.ml.startTrainedModelDeployment({
         model_id: elserModelId,
         wait_for: 'fully_allocated',
       });
@@ -143,7 +143,7 @@ export class KnowledgeBaseService {
     }
 
     await pRetry(async () => {
-      const response = await this.dependencies.esClient.ml.getTrainedModelsStats({
+      const response = await this.dependencies.esClient.asInternalUser.ml.getTrainedModelsStats({
         model_id: elserModelId,
       });
 
@@ -193,7 +193,7 @@ export class KnowledgeBaseService {
 
   private async processOperation(operation: KnowledgeBaseEntryOperation) {
     if (operation.type === KnowledgeBaseEntryOperationType.Delete) {
-      await this.dependencies.esClient.deleteByQuery({
+      await this.dependencies.esClient.asInternalUser.deleteByQuery({
         index: this.dependencies.resources.aliases.kb,
         query: {
           bool: {
@@ -274,7 +274,7 @@ export class KnowledgeBaseService {
     const elserModelId = await this.dependencies.getModelId();
 
     try {
-      const modelStats = await this.dependencies.esClient.ml.getTrainedModelsStats({
+      const modelStats = await this.dependencies.esClient.asInternalUser.ml.getTrainedModelsStats({
         model_id: elserModelId,
       });
       const elserModelStats = modelStats.trained_model_stats[0];
@@ -330,7 +330,7 @@ export class KnowledgeBaseService {
       },
     };
 
-    const response = await this.dependencies.esClient.search<
+    const response = await this.dependencies.esClient.asInternalUser.search<
       Pick<KnowledgeBaseEntry, 'text' | 'is_correction' | 'labels'>
     >({
       index: [this.dependencies.resources.aliases.kb],
@@ -344,139 +344,23 @@ export class KnowledgeBaseService {
     return response.hits.hits.map((hit) => ({
       ...hit._source!,
       score: hit._score!,
-      id: hit._id,
+      id: hit._id!,
     }));
   }
 
-  private async getConnectorIndices(
-    client: ElasticsearchClient,
-    uiSettingsClient: IUiSettingsClient
-  ) {
-    // improve performance by running this in parallel with the `uiSettingsClient` request
-    const responsePromise = client.transport.request({
-      method: 'GET',
-      path: '_connector',
-      querystring: {
-        filter_path: 'results.index_name',
-      },
-    });
-
-    const customSearchConnectorIndex = await uiSettingsClient.get<string>(
-      aiAssistantSearchConnectorIndexPattern
-    );
-
-    if (customSearchConnectorIndex) {
-      return customSearchConnectorIndex.split(',');
-    }
-
-    const response = (await responsePromise) as { results?: Array<{ index_name: string }> };
-    const connectorIndices = response.results?.map((result) => result.index_name);
-
-    // preserve backwards compatibility with 8.14 (may not be needed in the future)
-    if (isEmpty(connectorIndices)) {
-      return ['search-*'];
-    }
-
-    return connectorIndices;
-  }
-
-  private async recallFromConnectors({
-    queries,
-    asCurrentUser,
-    uiSettingsClient,
-    modelId,
-  }: {
-    queries: Array<{ text: string; boost?: number }>;
-    asCurrentUser: ElasticsearchClient;
-    uiSettingsClient: IUiSettingsClient;
-    modelId: string;
-  }): Promise<RecalledEntry[]> {
-    const ML_INFERENCE_PREFIX = 'ml.inference.';
-
-    const connectorIndices = await this.getConnectorIndices(asCurrentUser, uiSettingsClient);
-
-    const fieldCaps = await asCurrentUser.fieldCaps({
-      index: connectorIndices,
-      fields: `${ML_INFERENCE_PREFIX}*`,
-      allow_no_indices: true,
-      types: ['sparse_vector'],
-      filters: '-metadata,-parent',
-    });
-
-    const fieldsWithVectors = Object.keys(fieldCaps.fields).map((field) =>
-      field.replace('_expanded.predicted_value', '').replace(ML_INFERENCE_PREFIX, '')
-    );
-
-    if (!fieldsWithVectors.length) {
-      return [];
-    }
-
-    const esQueries = fieldsWithVectors.flatMap((field) => {
-      const vectorField = `${ML_INFERENCE_PREFIX}${field}_expanded.predicted_value`;
-      const modelField = `${ML_INFERENCE_PREFIX}${field}_expanded.model_id`;
-
-      return queries.map(({ text, boost = 1 }) => {
-        return {
-          bool: {
-            should: [
-              {
-                text_expansion: {
-                  [vectorField]: {
-                    model_text: text,
-                    model_id: modelId,
-                    boost,
-                  },
-                },
-              },
-            ],
-            filter: [
-              {
-                term: {
-                  [modelField]: modelId,
-                },
-              },
-            ],
-          },
-        };
-      });
-    });
-
-    const response = await asCurrentUser.search<unknown>({
-      index: connectorIndices,
-      query: {
-        bool: {
-          should: esQueries,
-        },
-      },
-      size: 20,
-      _source: {
-        exclude: ['_*', 'ml*'],
-      },
-    });
-
-    const results = response.hits.hits.map((hit) => ({
-      text: JSON.stringify(hit._source),
-      score: hit._score!,
-      is_correction: false,
-      id: hit._id,
-    }));
-
-    return results;
-  }
-
   recall = async ({
     user,
     queries,
     categories,
     namespace,
-    asCurrentUser,
+    esClient,
     uiSettingsClient,
   }: {
     queries: Array<{ text: string; boost?: number }>;
     categories?: string[];
     user?: { name: string };
     namespace: string;
-    asCurrentUser: ElasticsearchClient;
+    esClient: { asCurrentUser: ElasticsearchClient };
     uiSettingsClient: IUiSettingsClient;
   }): Promise<{
     entries: RecalledEntry[];
@@ -499,8 +383,8 @@ export class KnowledgeBaseService {
         }
         throw error;
       }),
-      this.recallFromConnectors({
-        asCurrentUser,
+      recallFromConnectors({
+        esClient,
         uiSettingsClient,
         queries,
         modelId,
@@ -546,7 +430,7 @@ export class KnowledgeBaseService {
     user?: { name: string }
   ): Promise<UserInstruction[]> => {
     try {
-      const response = await this.dependencies.esClient.search<KnowledgeBaseEntry>({
+      const response = await this.dependencies.esClient.asInternalUser.search<KnowledgeBaseEntry>({
         index: this.dependencies.resources.aliases.kb,
         query: {
           bool: {
@@ -590,7 +474,7 @@ export class KnowledgeBaseService {
     sortDirection?: 'asc' | 'desc';
   }): Promise<{ entries: KnowledgeBaseEntry[] }> => {
     try {
-      const response = await this.dependencies.esClient.search<KnowledgeBaseEntry>({
+      const response = await this.dependencies.esClient.asInternalUser.search<KnowledgeBaseEntry>({
         index: this.dependencies.resources.aliases.kb,
         ...(query
           ? {
@@ -631,7 +515,7 @@ export class KnowledgeBaseService {
           ...hit._source!,
           role: hit._source!.role ?? KnowledgeBaseEntryRole.UserEntry,
           score: hit._score,
-          id: hit._id,
+          id: hit._id!,
         })),
       };
     } catch (error) {
@@ -652,7 +536,7 @@ export class KnowledgeBaseService {
     namespace?: string;
   }): Promise<void> => {
     try {
-      await this.dependencies.esClient.index({
+      await this.dependencies.esClient.asInternalUser.index({
         index: this.dependencies.resources.aliases.kb,
         id,
         document: {
@@ -694,7 +578,7 @@ export class KnowledgeBaseService {
 
   deleteEntry = async ({ id }: { id: string }): Promise<void> => {
     try {
-      await this.dependencies.esClient.delete({
+      await this.dependencies.esClient.asInternalUser.delete({
         index: this.dependencies.resources.aliases.kb,
         id,
         refresh: 'wait_for',
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts
new file mode 100644
index 0000000000000..34c8a6208d655
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts
@@ -0,0 +1,128 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { IUiSettingsClient } from '@kbn/core-ui-settings-server';
+import { isEmpty } from 'lodash';
+import { RecalledEntry } from '.';
+import { aiAssistantSearchConnectorIndexPattern } from '../../../common';
+
+export async function recallFromConnectors({
+  queries,
+  esClient,
+  uiSettingsClient,
+  modelId,
+}: {
+  queries: Array<{ text: string; boost?: number }>;
+  esClient: { asCurrentUser: ElasticsearchClient };
+  uiSettingsClient: IUiSettingsClient;
+  modelId: string;
+}): Promise<RecalledEntry[]> {
+  const ML_INFERENCE_PREFIX = 'ml.inference.';
+
+  const connectorIndices = await getConnectorIndices(esClient, uiSettingsClient);
+
+  const fieldCaps = await esClient.asCurrentUser.fieldCaps({
+    index: connectorIndices,
+    fields: `${ML_INFERENCE_PREFIX}*`,
+    allow_no_indices: true,
+    types: ['sparse_vector'],
+    filters: '-metadata,-parent',
+  });
+
+  const fieldsWithVectors = Object.keys(fieldCaps.fields).map((field) =>
+    field.replace('_expanded.predicted_value', '').replace(ML_INFERENCE_PREFIX, '')
+  );
+
+  if (!fieldsWithVectors.length) {
+    return [];
+  }
+
+  const esQueries = fieldsWithVectors.flatMap((field) => {
+    const vectorField = `${ML_INFERENCE_PREFIX}${field}_expanded.predicted_value`;
+    const modelField = `${ML_INFERENCE_PREFIX}${field}_expanded.model_id`;
+
+    return queries.map(({ text, boost = 1 }) => {
+      return {
+        bool: {
+          should: [
+            {
+              text_expansion: {
+                [vectorField]: {
+                  model_text: text,
+                  model_id: modelId,
+                  boost,
+                },
+              },
+            },
+          ],
+          filter: [
+            {
+              term: {
+                [modelField]: modelId,
+              },
+            },
+          ],
+        },
+      };
+    });
+  });
+
+  const response = await esClient.asCurrentUser.search<unknown>({
+    index: connectorIndices,
+    query: {
+      bool: {
+        should: esQueries,
+      },
+    },
+    size: 20,
+    _source: {
+      exclude: ['_*', 'ml*'],
+    },
+  });
+
+  const results = response.hits.hits.map((hit) => ({
+    text: JSON.stringify(hit._source),
+    score: hit._score!,
+    is_correction: false,
+    id: hit._id!,
+  }));
+
+  return results;
+}
+
+async function getConnectorIndices(
+  esClient: { asCurrentUser: ElasticsearchClient },
+  uiSettingsClient: IUiSettingsClient
+) {
+  // improve performance by running this in parallel with the `uiSettingsClient` request
+  const responsePromise = esClient.asCurrentUser.transport.request({
+    method: 'GET',
+    path: '_connector',
+    querystring: {
+      filter_path: 'results.index_name',
+    },
+  });
+
+  const customSearchConnectorIndex = await uiSettingsClient.get<string>(
+    aiAssistantSearchConnectorIndexPattern
+  );
+
+  if (customSearchConnectorIndex) {
+    return customSearchConnectorIndex.split(',');
+  }
+
+  const response = (await responsePromise) as { results?: Array<{ index_name: string }> };
+  const connectorIndices = response.results?.map((result) => result.index_name);
+
+  // preserve backwards compatibility with 8.14 (may not be needed in the future)
+  if (isEmpty(connectorIndices)) {
+    return ['search-*'];
+  }
+
+  return connectorIndices;
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts
index 820aee7d6c137..3c11e91769cd8 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts
@@ -6,6 +6,7 @@
  */
 
 import { errors } from '@elastic/elasticsearch';
+import { isAxiosError } from 'axios';
 import { createFunctionResponseMessage } from '../../../common/utils/create_function_response_message';
 
 export function createServerSideFunctionResponseError({
@@ -19,15 +20,18 @@ export function createServerSideFunctionResponseError({
 }) {
   const isElasticsearchError = error instanceof errors.ElasticsearchClientError;
 
-  const sanitizedError: Record<string, unknown> = JSON.parse(
-    'toJSON' in error && typeof error.toJSON === 'function' ? error.toJSON() : JSON.stringify(error)
-  );
+  const sanitizedError: Record<string, unknown> = JSON.parse(JSON.stringify(error));
 
   if (isElasticsearchError) {
     // remove meta key which is huge and noisy
     delete sanitizedError.meta;
+  } else if (isAxiosError(error)) {
+    sanitizedError.response = { message: error.response?.data?.message };
+    delete sanitizedError.config;
   }
 
+  delete sanitizedError.stack;
+
   return createFunctionResponseMessage({
     name,
     content: {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts
index eb494ec80bb50..a9826a180c969 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts
@@ -6,7 +6,7 @@
  */
 
 import { repeat } from 'lodash';
-import { identity, Observable, OperatorFunction } from 'rxjs';
+import { Observable, OperatorFunction } from 'rxjs';
 import {
   BufferFlushEvent,
   StreamingChatResponseEventType,
@@ -22,10 +22,6 @@ import {
 export function flushBuffer<T extends StreamingChatResponseEventWithoutError | TokenCountEvent>(
   isCloud: boolean
 ): OperatorFunction<T, T | BufferFlushEvent> {
-  if (!isCloud) {
-    return identity;
-  }
-
   return (source: Observable<T>) =>
     new Observable<T | BufferFlushEvent>((subscriber) => {
       const cloudProxyBufferSize = 4096;
@@ -41,7 +37,15 @@ export function flushBuffer<T extends StreamingChatResponseEventWithoutError | T
         }
       };
 
-      const intervalId = setInterval(flushBufferIfNeeded, 250);
+      const keepAlive = () => {
+        subscriber.next({
+          data: '0',
+          type: StreamingChatResponseEventType.BufferFlush,
+        });
+      };
+
+      const flushIntervalId = isCloud ? setInterval(flushBufferIfNeeded, 250) : undefined;
+      const keepAliveIntervalId = setInterval(keepAlive, 30_000);
 
       source.subscribe({
         next: (value) => {
@@ -52,11 +56,13 @@ export function flushBuffer<T extends StreamingChatResponseEventWithoutError | T
           subscriber.next(value);
         },
         error: (error) => {
-          clearInterval(intervalId);
+          clearInterval(flushIntervalId);
+          clearInterval(keepAliveIntervalId);
           subscriber.error(error);
         },
         complete: () => {
-          clearInterval(intervalId);
+          clearInterval(flushIntervalId);
+          clearInterval(keepAliveIntervalId);
           subscriber.complete();
         },
       });
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json
index aa26acbb6154a..4626a3716759a 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json
@@ -38,6 +38,8 @@
     "@kbn/features-plugin",
     "@kbn/cloud-plugin",
     "@kbn/serverless",
+    "@kbn/core-elasticsearch-server",
+    "@kbn/core-ui-settings-server",
   ],
   "exclude": ["target/**/*"]
 }
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts
index 4aabd3566b994..37699876f6165 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts
@@ -184,8 +184,7 @@ describe('ES|QL query generation', () => {
           'Assume my metrics data is in `metrics-*`. I want to see what a query would look like that gets the average CPU per service, limit it to the top 10 results, in 1m buckets, and only include the last 15m.',
         expected: `FROM .ds-metrics-apm*
         | WHERE @timestamp >= NOW() - 15 minutes
-        | EVAL bucket = DATE_TRUNC(1 minute, @timestamp)
-        | STATS avg_cpu = AVG(system.cpu.total.norm.pct) BY bucket, service.name
+        | STATS avg_cpu = AVG(system.cpu.total.norm.pct) BY BUCKET(@timestamp, 1m), service.name
         | SORT avg_cpu DESC
         | LIMIT 10`,
         execute: false,
@@ -310,9 +309,8 @@ describe('ES|QL query generation', () => {
         question: `i have logs in logs-apm*. Using ESQL, show me the error rate as a percetage of the error logs (identified as processor.event containing the value error) vs the total logs per day for the last 7 days `,
         expected: `FROM logs-apm*
         | WHERE @timestamp >= NOW() - 7 days
-        | EVAL day = DATE_TRUNC(1 day, @timestamp)
         | EVAL error = CASE(processor.event == "error", 1, 0)
-        | STATS total_logs = COUNT(*), total_errors = SUM(is_error) BY day
+        | STATS total_logs = COUNT(*), total_errors = SUM(is_error) BY BUCKET(@timestamp, 1 day)
         | EVAL error_rate = total_errors / total_logs * 100
         | SORT day ASC`,
         execute: true,
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts
index ad8e0f6cfd664..13c5855d67cac 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts
@@ -94,6 +94,11 @@ describe('correctCommonEsqlMistakes', () => {
       'FROM logs-*\n| KEEP date, whatever, @timestamp\n| EVAL my_truncated_date_field = DATE_TRUNC(1 year, date)\n| SORT @timestamp, my_truncated_date_field DESC'
     );
 
+    expectQuery(
+      `FROM logs-*\n| STATS COUNT(*) BY BUCKET(@timestamp, 1m)\n| SORT \`BUCKET(@timestamp, 1m)\` DESC`,
+      `FROM logs-*\n| STATS COUNT(*) BY BUCKET(@timestamp, 1m)\n| SORT \`BUCKET(@timestamp, 1m)\` DESC`
+    );
+
     expectQuery(
       `FROM logs-* | KEEP date, whatever | RENAME whatever AS forever | SORT forever DESC`,
       `FROM logs-*\n| KEEP date, whatever\n| RENAME whatever AS forever\n| SORT forever DESC`
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts
index 73f2d31b4b35b..b4d365ad11084 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts
@@ -191,7 +191,7 @@ function escapeExpressionsInSort(sortCommand: string) {
 
       if (sortOrder) sortOrder = ` ${sortOrder}`;
 
-      if (!column.match(/^`?[a-zA-Z0-9_\.@]+`?$/)) {
+      if (!column.match(/^`.*?`$/) && !column.match(/^[a-zA-Z0-9_\.@]+$/)) {
         column = `\`${column}\``;
       }
 
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt
index 66fed29cea823..010975157a7b4 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt
@@ -33,7 +33,6 @@ FROM sample_data
 ```esql
 FROM sample_data
 | EVAL error = CASE(message LIKE "*error*", 1, 0)
-| EVAL hour = DATE_TRUNC(1 hour, @timestamp)
-| STATS error_rate = AVG(error) BY hour
+| STATS error_rate = AVG(error) BY BUCKET(@timestamp, 1 hour)
 | SORT hour
-```
\ No newline at end of file
+```
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt
index e76b78c7e1cb4..dac9e93b7ea14 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt
@@ -92,7 +92,7 @@ FROM logs
 
 ```esql
 FROM logs
-| STATS COUNT(*) BY timestamp = DATE_TRUNC(1h, @timestamp)
+| STATS COUNT(*) BY timestamp = BUCKET(@timestamp, 1h)
 | WHERE timestamp >= NOW() - 24h
 ```
 
@@ -100,7 +100,7 @@ FROM logs
 
 ```esql
 FROM logs
-| STATS AVG(response_time) BY minute = DATE_TRUNC(1m, @timestamp)
+| STATS AVG(response_time) BY minute = BUCKET(@timestamp, 1m)
 | WHERE @timestamp >= NOW() - 1h
 ```
 
@@ -108,7 +108,7 @@ FROM logs
 
 ```esql
 FROM logs
-| STATS COUNT(*) BY week = DATE_TRUNC(1w, @timestamp)
+| STATS COUNT(*) BY week = BUCKET(@timestamp, 1w)
 | WHERE @timestamp >= NOW() - 1y
 ```
 
@@ -116,6 +116,6 @@ FROM logs
 
 ```esql
 FROM logs
-| STATS MAX(response_time) BY second = DATE_TRUNC(1s, @timestamp)
+| STATS MAX(response_time) BY second = BUCKET(@timestamp, 1s)
 | WHERE @timestamp >= NOW() - 1m
 ```
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts b/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
index 078939b52ee16..f89c6eb47e6c4 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
@@ -61,6 +61,6 @@ export const createSLoLabel = i18n.translate('xpack.observabilityLogsExplorer.cr
 export const datasetQualityLinkTitle = i18n.translate(
   'xpack.observabilityLogsExplorer.datasetQualityLinkTitle',
   {
-    defaultMessage: 'Datasets',
+    defaultMessage: 'Data sets',
   }
 );
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/kibana.jsonc b/x-pack/plugins/observability_solution/observability_logs_explorer/kibana.jsonc
index c153124e5bd68..f123bbc9795b3 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/kibana.jsonc
@@ -19,7 +19,8 @@
       "observabilityShared",
       "slo",
       "share",
-      "kibanaUtils"
+      "kibanaUtils",
+      "dataQuality"
     ],
     "optionalPlugins": [
       "serverless",
@@ -35,7 +36,7 @@
       "triggersActionsUi"
     ],
     "extraPublicDirs": [
-      "common",
+      "common"
     ]
   }
 }
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx b/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
index 5d94c88251445..fb96bdbfc65f1 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
@@ -27,6 +27,7 @@ import { ConnectedDiscoverLink } from './discover_link';
 import { FeedbackLink } from './feedback_link';
 import { ConnectedOnboardingLink } from './onboarding_link';
 import { AlertsPopover } from './alerts_popover';
+import { ConnectedDatasetQualityLink } from './dataset_quality_link';
 
 export const LogsExplorerTopNavMenu = () => {
   const {
@@ -70,6 +71,8 @@ const ProjectTopNav = () => {
           <EuiHeaderLinks gutterSize="xs">
             <ConnectedDiscoverLink />
             <VerticalRule />
+            <ConnectedDatasetQualityLink />
+            <VerticalRule />
             <FeedbackLink />
             <VerticalRule />
             <AlertsPopover />
@@ -145,6 +148,8 @@ const ClassicTopNav = () => {
           <EuiHeaderLinks gutterSize="xs">
             <ConnectedDiscoverLink />
             <VerticalRule />
+            <ConnectedDatasetQualityLink />
+            <VerticalRule />
             <AlertsPopover />
             <VerticalRule />
             <ConnectedOnboardingLink />
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts
index 7e0b829e67305..b4707350948f0 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts
@@ -261,7 +261,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => {
           });
 
           it('shows a success callout when elastic agent status is healthy', () => {
-            cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+            cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+              agentId: 'test-agent-id',
+            });
             cy.getByTestSubj('obltOnboardingStepStatus-complete')
               .contains('Connected to the Elastic Agent')
               .should('exist');
@@ -299,7 +301,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => {
         cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+          agentId: 'test-agent-id',
+        });
       });
 
       it('shows loading callout when config is being downloaded to the host', () => {
@@ -340,7 +344,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => {
         cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+          agentId: 'test-agent-id',
+        });
       });
 
       it('shows loading callout when config is being downloaded to the host', () => {
@@ -424,7 +430,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => {
           cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
           cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
           cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-          cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+          cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+            agentId: 'test-agent-id',
+          });
           cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete');
         });
 
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts
index 811d073855350..bd0af6f595b34 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts
@@ -291,7 +291,9 @@ describe('[Logs onboarding] System logs', () => {
           });
 
           it('shows a success callout when elastic agent status is healthy', () => {
-            cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+            cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+              agentId: 'test-agent-id',
+            });
             cy.getByTestSubj('obltOnboardingStepStatus-complete')
               .contains('Connected to the Elastic Agent')
               .should('exist');
@@ -330,7 +332,9 @@ describe('[Logs onboarding] System logs', () => {
         cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+          agentId: 'test-agent-id',
+        });
       });
 
       it('shows loading callout when config is being downloaded to the host', () => {
@@ -371,7 +375,9 @@ describe('[Logs onboarding] System logs', () => {
         cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
         cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+        cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+          agentId: 'test-agent-id',
+        });
       });
 
       it('shows loading callout when config is being downloaded to the host', () => {
@@ -456,7 +462,9 @@ describe('[Logs onboarding] System logs', () => {
           cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete');
           cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete');
           cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete');
-          cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete');
+          cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', {
+            agentId: 'test-agent-id',
+          });
           cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete');
         });
 
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts
index ebf44ed802b39..4b63eaf207d72 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts
@@ -24,6 +24,10 @@ export type InstallationStepStatus =
   | 'danger'
   | 'current';
 
+export interface ElasticAgentStepPayload {
+  agentId: string;
+}
+
 Cypress.Commands.add('loginAsViewerUser', () => {
   return cy.loginAs({
     username: ObservabilityOnboardingUsername.viewerUser,
@@ -151,7 +155,12 @@ Cypress.Commands.add('deleteIntegration', (integrationName: string) => {
 
 Cypress.Commands.add(
   'updateInstallationStepStatus',
-  (onboardingId: string, step: InstallationStep, status: InstallationStepStatus) => {
+  (
+    onboardingId: string,
+    step: InstallationStep,
+    status: InstallationStepStatus,
+    payload: ElasticAgentStepPayload | undefined
+  ) => {
     const kibanaUrl = Cypress.env('KIBANA_URL');
 
     cy.log(onboardingId, step, status);
@@ -166,6 +175,7 @@ Cypress.Commands.add(
       auth: { user: 'editor', pass: 'changeme' },
       body: {
         status,
+        payload,
       },
     });
   }
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts
index dbc28bb442bb9..7bb3549a60e7c 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts
@@ -22,7 +22,8 @@ declare namespace Cypress {
     updateInstallationStepStatus(
       onboardingId: string,
       step: InstallationStep,
-      status: InstallationStepStatus
+      status: InstallationStepStatus,
+      payload?: ElasticAgentStepPayload
     ): void;
   }
 }
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc b/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc
index 35d206123943b..79eb387c2486c 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc
@@ -1,22 +1,37 @@
 {
   "type": "plugin",
   "id": "@kbn/observability-onboarding-plugin",
-  "owner": ["@elastic/obs-ux-logs-team", "@elastic/obs-ux-onboarding-team"],
+  "owner": [
+    "@elastic/obs-ux-logs-team",
+    "@elastic/obs-ux-onboarding-team"
+  ],
   "plugin": {
     "id": "observabilityOnboarding",
     "server": true,
     "browser": true,
-    "configPath": ["xpack", "observability_onboarding"],
+    "configPath": [
+      "xpack",
+      "observability_onboarding"
+    ],
     "requiredPlugins": [
       "data",
       "observability",
       "observabilityShared",
       "discover",
       "share",
-      "fleet"
+      "fleet",
+      "security"
+    ],
+    "optionalPlugins": [
+      "cloud",
+      "cloudExperiments",
+      "usageCollection"
+    ],
+    "requiredBundles": [
+      "kibanaReact"
     ],
-    "optionalPlugins": ["cloud", "cloudExperiments", "usageCollection"],
-    "requiredBundles": ["kibanaReact"],
-    "extraPublicDirs": ["common"]
+    "extraPublicDirs": [
+      "common"
+    ]
   }
-}
+}
\ No newline at end of file
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx
index 2b928b37f471b..835233b424c6f 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx
@@ -22,6 +22,7 @@ import { ObservabilityOnboardingHeaderActionMenu } from './shared/header_action_
 import {
   ObservabilityOnboardingPluginSetupDeps,
   ObservabilityOnboardingPluginStartDeps,
+  ObservabilityOnboardingContextValue,
 } from '../plugin';
 import { ObservabilityOnboardingFlow } from './observability_onboarding_flow';
 
@@ -40,14 +41,13 @@ export const breadcrumbsApp = {
 export function ObservabilityOnboardingAppRoot({
   appMountParameters,
   core,
-  deps,
-  corePlugins: { observability, data },
+  corePlugins,
   config,
 }: {
   appMountParameters: AppMountParameters;
 } & RenderAppProps) {
   const { history, setHeaderActionMenu, theme$ } = appMountParameters;
-  const plugins = { ...deps };
+  const services: ObservabilityOnboardingContextValue = { ...core, ...corePlugins, config };
 
   const renderFeedbackLinkAsPortal = !config.serverless.enabled;
 
@@ -63,15 +63,7 @@ export function ObservabilityOnboardingAppRoot({
             application: core.application,
           }}
         >
-          <KibanaContextProvider
-            services={{
-              ...core,
-              ...plugins,
-              observability,
-              data,
-              config,
-            }}
-          >
+          <KibanaContextProvider services={services}>
             <KibanaThemeProvider
               theme={{ theme$ }}
               modify={{
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx
index 1abcb3a1320dc..4177e682d6e77 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/observability_onboarding_flow.tsx
@@ -17,6 +17,7 @@ import { OnboardingFlowForm } from './onboarding_flow_form/onboarding_flow_form'
 import { Header } from './header/header';
 import { SystemLogsPanel } from './quickstart_flows/system_logs';
 import { CustomLogsPanel } from './quickstart_flows/custom_logs';
+import { AutoDetectPanel } from './quickstart_flows/auto_detect';
 import { BackButton } from './shared/back_button';
 
 const queryClient = new QueryClient();
@@ -52,6 +53,10 @@ export function ObservabilityOnboardingFlow() {
         </EuiPageTemplate.Section>
         <EuiPageTemplate.Section paddingSize="xl" color="subdued" restrictWidth>
           <Routes>
+            <Route path="/auto-detect">
+              <BackButton />
+              <AutoDetectPanel />
+            </Route>
             <Route path="/systemLogs">
               <BackButton />
               <SystemLogsPanel />
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx
new file mode 100644
index 0000000000000..f9d1c7c4df608
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx
@@ -0,0 +1,239 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type FunctionComponent } from 'react';
+import { i18n } from '@kbn/i18n';
+import {
+  EuiPanel,
+  EuiSteps,
+  EuiCodeBlock,
+  EuiSpacer,
+  EuiSkeletonText,
+  EuiBadge,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiText,
+  EuiImage,
+  EuiSkeletonRectangle,
+  useGeneratedHtmlId,
+} from '@elastic/eui';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import {
+  type SingleDatasetLocatorParams,
+  SINGLE_DATASET_LOCATOR_ID,
+} from '@kbn/deeplinks-observability/locators';
+import { type DashboardLocatorParams } from '@kbn/dashboard-plugin/public';
+import { DASHBOARD_APP_LOCATOR } from '@kbn/deeplinks-analytics';
+import { getAutoDetectCommand } from './get_auto_detect_command';
+import { useOnboardingFlow } from './use_onboarding_flow';
+import { ProgressIndicator } from '../shared/progress_indicator';
+import { AccordionWithIcon } from '../shared/accordion_with_icon';
+import { type ObservabilityOnboardingContextValue } from '../../../plugin';
+import { EmptyPrompt } from '../shared/empty_prompt';
+import { CopyToClipboardButton } from '../shared/copy_to_clipboard_button';
+import { LocatorButtonEmpty } from '../shared/locator_button_empty';
+
+export const AutoDetectPanel: FunctionComponent = () => {
+  const {
+    services: { http },
+  } = useKibana<ObservabilityOnboardingContextValue>();
+  const { status, data, error, refetch, installedIntegrations } = useOnboardingFlow();
+  const command = data ? getAutoDetectCommand(data) : undefined;
+  const accordionId = useGeneratedHtmlId({ prefix: 'accordion' });
+
+  if (error) {
+    return <EmptyPrompt error={error} onRetryClick={refetch} />;
+  }
+
+  const registryIntegrations = installedIntegrations.filter(
+    (integration) => integration.installSource === 'registry'
+  );
+  const customIntegrations = installedIntegrations.filter(
+    (integration) => integration.installSource === 'custom'
+  );
+
+  return (
+    <EuiPanel hasBorder paddingSize="xl">
+      <EuiSteps
+        steps={[
+          {
+            title: i18n.translate(
+              'xpack.observability_onboarding.autoDetectPanel.runTheCommandOnLabel',
+              { defaultMessage: 'Run the command on your host' }
+            ),
+            status: status === 'notStarted' ? 'current' : 'complete',
+            children: command ? (
+              <>
+                <EuiText>
+                  <p>
+                    {i18n.translate(
+                      'xpack.observability_onboarding.autoDetectPanel.p.wellScanYourHostLabel',
+                      {
+                        defaultMessage: "We'll scan your host for logs and metrics, including:",
+                      }
+                    )}
+                  </p>
+                </EuiText>
+                <EuiSpacer size="s" />
+                <EuiFlexGroup gutterSize="s">
+                  {['Apache', 'Docker', 'Nginx', 'System', 'Custom .log files'].map((item) => (
+                    <EuiFlexItem key={item} grow={false}>
+                      <EuiBadge color="hollow">{item}</EuiBadge>
+                    </EuiFlexItem>
+                  ))}
+                </EuiFlexGroup>
+                <EuiSpacer />
+                {/* Bash syntax highlighting only highlights a few random numbers (badly) so it looks less messy to go with plain text */}
+                <EuiCodeBlock paddingSize="m" language="text">
+                  {command}
+                </EuiCodeBlock>
+                <EuiSpacer />
+                <CopyToClipboardButton textToCopy={command} fill={status === 'notStarted'} />
+              </>
+            ) : (
+              <EuiSkeletonText lines={6} />
+            ),
+          },
+          {
+            title: i18n.translate(
+              'xpack.observability_onboarding.autoDetectPanel.visualizeYourDataLabel',
+              { defaultMessage: 'Visualize your data' }
+            ),
+            status:
+              status === 'dataReceived'
+                ? 'complete'
+                : status === 'awaitingData' || status === 'inProgress'
+                ? 'current'
+                : 'incomplete',
+            children: (
+              <>
+                {status === 'dataReceived' ? (
+                  <ProgressIndicator
+                    iconType="cheer"
+                    title={i18n.translate(
+                      'xpack.observability_onboarding.autoDetectPanel.yourDataIsReadyToExploreLabel',
+                      { defaultMessage: 'Your data is ready to explore!' }
+                    )}
+                    isLoading={false}
+                  />
+                ) : status === 'awaitingData' ? (
+                  <ProgressIndicator
+                    title={i18n.translate(
+                      'xpack.observability_onboarding.autoDetectPanel.installingElasticAgentFlexItemLabel',
+                      { defaultMessage: 'Waiting for data to arrive...' }
+                    )}
+                  />
+                ) : status === 'inProgress' ? (
+                  <ProgressIndicator
+                    title={i18n.translate(
+                      'xpack.observability_onboarding.autoDetectPanel.lookingForLogFilesFlexItemLabel',
+                      { defaultMessage: 'Waiting for installation to complete...' }
+                    )}
+                  />
+                ) : null}
+                {(status === 'awaitingData' || status === 'dataReceived') &&
+                installedIntegrations.length > 0 ? (
+                  <>
+                    <EuiSpacer />
+                    {registryIntegrations.map((integration) => (
+                      <AccordionWithIcon
+                        key={integration.pkgName}
+                        id={`${accordionId}_${integration.pkgName}`}
+                        iconType="desktop"
+                        title={i18n.translate(
+                          'xpack.observability_onboarding.autoDetectPanel.h3.getStartedWithNginxLabel',
+                          {
+                            defaultMessage: 'Get started with {title} logs',
+                            values: { title: integration.title },
+                          }
+                        )}
+                        isDisabled={status !== 'dataReceived'}
+                        initialIsOpen
+                      >
+                        <EuiFlexGroup responsive={false}>
+                          <EuiFlexItem grow={false}>
+                            {status === 'dataReceived' ? (
+                              <EuiImage
+                                src={http.staticAssets.getPluginAssetHref('charts_screen.svg')}
+                                width={162}
+                                height={117}
+                                alt=""
+                                hasShadow
+                              />
+                            ) : (
+                              <EuiSkeletonRectangle width={162} height={117} />
+                            )}
+                          </EuiFlexItem>
+                          <EuiFlexItem>
+                            <ul>
+                              {integration.kibanaAssets
+                                .filter((asset) => asset.type === 'dashboard')
+                                .map((dashboard) => (
+                                  <li key={dashboard.id}>
+                                    <LocatorButtonEmpty<DashboardLocatorParams>
+                                      locator={DASHBOARD_APP_LOCATOR}
+                                      params={{ dashboardId: dashboard.id }}
+                                      target="_blank"
+                                      iconType="dashboardApp"
+                                      isDisabled={status !== 'dataReceived'}
+                                      flush="left"
+                                      size="s"
+                                    >
+                                      {dashboard.attributes.title}
+                                    </LocatorButtonEmpty>
+                                  </li>
+                                ))}
+                            </ul>
+                          </EuiFlexItem>
+                        </EuiFlexGroup>
+                      </AccordionWithIcon>
+                    ))}
+                    {customIntegrations.length > 0 && (
+                      <AccordionWithIcon
+                        id={`${accordionId}_custom`}
+                        iconType="documents"
+                        title={i18n.translate(
+                          'xpack.observability_onboarding.autoDetectPanel.h3.getStartedWithlogLabel',
+                          { defaultMessage: 'Get started with custom .log files' }
+                        )}
+                        isDisabled={status !== 'dataReceived'}
+                        initialIsOpen
+                      >
+                        <ul>
+                          {customIntegrations.map((integration) =>
+                            integration.dataStreams.map((datastream) => (
+                              <li key={`${integration.pkgName}/${datastream.dataset}`}>
+                                <LocatorButtonEmpty<SingleDatasetLocatorParams>
+                                  locator={SINGLE_DATASET_LOCATOR_ID}
+                                  params={{
+                                    integration: integration.pkgName,
+                                    dataset: datastream.dataset,
+                                  }}
+                                  target="_blank"
+                                  iconType="document"
+                                  isDisabled={status !== 'dataReceived'}
+                                  flush="left"
+                                  size="s"
+                                >
+                                  {integration.pkgName}
+                                </LocatorButtonEmpty>
+                              </li>
+                            ))
+                          )}
+                        </ul>
+                      </AccordionWithIcon>
+                    )}
+                  </>
+                ) : null}
+              </>
+            ),
+          },
+        ]}
+      />
+    </EuiPanel>
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx
new file mode 100644
index 0000000000000..d9e695b8c10f0
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { flatten, zip } from 'lodash';
+import { useOnboardingFlow } from './use_onboarding_flow';
+
+export function getAutoDetectCommand(
+  options: NonNullable<ReturnType<typeof useOnboardingFlow>['data']>
+) {
+  const scriptName = 'auto_detect.sh';
+  return oneLine`
+    curl ${options.scriptDownloadUrl} -so ${scriptName} &&
+    sudo bash ${scriptName}
+      --id=${options.onboardingFlow.id}
+      --kibana-url=${options.kibanaUrl}
+      --install-key=${options.installApiKey}
+      --ingest-key=${options.ingestApiKey}
+      --ea-version=${options.elasticAgentVersion}
+  `;
+}
+function oneLine(parts: TemplateStringsArray, ...args: string[]) {
+  const str = flatten(zip(parts, args)).join('');
+  return str.replace(/\s+/g, ' ').trim();
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx
new file mode 100644
index 0000000000000..aa2ab268f33ad
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InstallIntegrationsStepPayload } from '../../../../server/routes/types';
+import type { ObservabilityOnboardingFlow } from '../../../../server/saved_objects/observability_onboarding_status';
+import type { InstalledIntegration } from '../../../../server/routes/types';
+
+export function getInstalledIntegrations(
+  data: Pick<ObservabilityOnboardingFlow, 'progress'> | undefined
+): InstalledIntegration[] {
+  return (data?.progress['install-integrations']?.payload as InstallIntegrationsStepPayload) ?? [];
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx
new file mode 100644
index 0000000000000..bb6e58143e7dd
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ObservabilityOnboardingFlow } from '../../../../server/saved_objects/observability_onboarding_status';
+
+export type ObservabilityOnboardingFlowStatus =
+  | 'notStarted'
+  | 'inProgress'
+  | 'awaitingData'
+  | 'dataReceived';
+
+/**
+ * Returns the current status of the onboarding flow:
+ *
+ * - `notStarted`: No progress has been made.
+ * - `inProgress`: The user is running the installation command on the host.
+ * - `awaitingData`: The installation has completed and we are waiting for data to be ingested.
+ * - `dataReceived`: Data has been ingested - The Agent is up and running.
+ */
+export function getOnboardingStatus(
+  data: Pick<ObservabilityOnboardingFlow, 'progress'> | undefined
+): ObservabilityOnboardingFlowStatus {
+  if (!data) {
+    return 'notStarted';
+  }
+  return data.progress['logs-ingest']?.status === 'complete'
+    ? 'dataReceived'
+    : data.progress['logs-ingest']?.status === 'loading'
+    ? 'awaitingData'
+    : Object.values(data.progress).some((step) => step.status !== 'incomplete')
+    ? 'inProgress'
+    : 'notStarted';
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx
new file mode 100644
index 0000000000000..16dab0dabdfea
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { AutoDetectPanel } from './auto_detect_panel';
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx
new file mode 100644
index 0000000000000..50f5636dd84b5
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import useInterval from 'react-use/lib/useInterval';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import useAsync from 'react-use/lib/useAsync';
+import { type AssetSOObject, type GetBulkAssetsResponse } from '@kbn/fleet-plugin/common';
+import { FETCH_STATUS, useFetcher } from '../../../hooks/use_fetcher';
+import { getOnboardingStatus } from './get_onboarding_status';
+import { getInstalledIntegrations } from './get_installed_integrations';
+import { type ObservabilityOnboardingContextValue } from '../../../plugin';
+
+export function useOnboardingFlow() {
+  const {
+    services: { fleet },
+  } = useKibana<ObservabilityOnboardingContextValue>();
+
+  // Create onboarding session
+  const { data, error, refetch } = useFetcher(
+    (callApi) =>
+      callApi('POST /internal/observability_onboarding/flow', {
+        params: {
+          body: {
+            name: 'auto-detect',
+          },
+        },
+      }),
+    [],
+    { showToastOnError: false }
+  );
+
+  const onboardingId = data?.onboardingFlow.id;
+
+  // Fetch onboarding progress
+  const {
+    data: progressData,
+    status: progressStatus,
+    refetch: refetchProgress,
+  } = useFetcher(
+    (callApi) => {
+      if (onboardingId) {
+        return callApi('GET /internal/observability_onboarding/flow/{onboardingId}/progress', {
+          params: { path: { onboardingId } },
+        });
+      }
+    },
+    [onboardingId]
+  );
+
+  const status = getOnboardingStatus(progressData);
+  const installedIntegrations = getInstalledIntegrations(progressData);
+
+  // Fetch metadata for installed Kibana assets
+  const assetsState = useAsync(async () => {
+    if (installedIntegrations.length === 0) {
+      return [];
+    }
+    const assetsMetadata = await fleet.hooks.epm.getBulkAssets({
+      assetIds: installedIntegrations
+        .map((integration) => integration.kibanaAssets)
+        .flat() as AssetSOObject[],
+    });
+    return installedIntegrations.map((integration) => {
+      return {
+        ...integration,
+        // Enrich installed Kibana assets with metadata from Fleet API (e.g. title, description, etc.)
+        kibanaAssets: integration.kibanaAssets.reduce<GetBulkAssetsResponse['items']>(
+          (acc, asset) => {
+            const assetWithMetadata = assetsMetadata.data?.items.find(({ id }) => id === asset.id);
+            if (assetWithMetadata) {
+              acc.push(assetWithMetadata);
+            }
+            return acc;
+          },
+          []
+        ),
+      };
+    });
+  }, [installedIntegrations.length]); // eslint-disable-line react-hooks/exhaustive-deps
+
+  useInterval(
+    refetchProgress,
+    progressStatus === FETCH_STATUS.SUCCESS && status !== 'dataReceived' ? 3000 : null
+  );
+
+  return {
+    data,
+    error,
+    refetch,
+    status,
+    installedIntegrations: assetsState.value ?? [],
+  };
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx
new file mode 100644
index 0000000000000..9301ddb9a78a4
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type FunctionComponent } from 'react';
+import {
+  EuiAccordion,
+  EuiIcon,
+  EuiTitle,
+  EuiFlexGroup,
+  EuiFlexItem,
+  type EuiAccordionProps,
+} from '@elastic/eui';
+
+interface AccordionWithIconProps
+  extends Omit<EuiAccordionProps, 'buttonContent' | 'buttonProps' | 'borders' | 'paddingSize'> {
+  title: string;
+  iconType: string;
+}
+export const AccordionWithIcon: FunctionComponent<AccordionWithIconProps> = ({
+  title,
+  iconType,
+  children,
+  ...rest
+}) => {
+  return (
+    <EuiAccordion
+      {...rest}
+      buttonContent={
+        <EuiFlexGroup gutterSize="s" alignItems="center" responsive={false} css={{ marginLeft: 8 }}>
+          <EuiFlexItem grow={false}>
+            <EuiIcon type={iconType} size="l" />
+          </EuiFlexItem>
+          <EuiFlexItem>
+            <EuiTitle size="xs" css={rest.isDisabled ? { color: 'inherit' } : undefined}>
+              <h3>{title}</h3>
+            </EuiTitle>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      }
+      buttonProps={{ paddingSize: 'l' }}
+      borders="horizontal"
+      paddingSize="none"
+    >
+      <div css={{ paddingLeft: 36, paddingBottom: 24 }}>{children}</div>
+    </EuiAccordion>
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx
new file mode 100644
index 0000000000000..770efa96b0fcc
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type FunctionComponent } from 'react';
+import { i18n } from '@kbn/i18n';
+import { EuiCopy, EuiButton, type EuiButtonProps } from '@elastic/eui';
+
+interface CopyToClipboardButtonProps extends Omit<EuiButtonProps, 'onClick'> {
+  textToCopy: string;
+}
+
+export const CopyToClipboardButton: FunctionComponent<CopyToClipboardButtonProps> = ({
+  textToCopy,
+  children,
+  ...rest
+}) => {
+  return (
+    <EuiCopy textToCopy={textToCopy}>
+      {(copyToClipboard) => (
+        <EuiButton
+          data-test-subj="observabilityOnboardingCopyToClipboardButton"
+          iconType="copyClipboard"
+          onClick={copyToClipboard}
+          {...rest}
+        >
+          {children ??
+            i18n.translate(
+              'xpack.observability_onboarding.copyToClipboardButton.copyToClipboardButtonLabel',
+              { defaultMessage: 'Copy to clipboard' }
+            )}
+        </EuiButton>
+      )}
+    </EuiCopy>
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx
new file mode 100644
index 0000000000000..75d72e1ff0e5d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type FunctionComponent } from 'react';
+import { i18n } from '@kbn/i18n';
+import { EuiButton, EuiEmptyPrompt } from '@elastic/eui';
+import type { IHttpFetchError, ResponseErrorBody } from '@kbn/core-http-browser';
+
+interface EmptyPromptProps {
+  error: IHttpFetchError<ResponseErrorBody>;
+  onRetryClick(): void;
+}
+export const EmptyPrompt: FunctionComponent<EmptyPromptProps> = ({ error, onRetryClick }) => {
+  if (error.response?.status === 403) {
+    return (
+      <EuiEmptyPrompt
+        color="plain"
+        iconType="lock"
+        title={
+          <h2>
+            {i18n.translate(
+              'xpack.observability_onboarding.autoDetectPanel.h2.contactYourAdministratorForLabel',
+              { defaultMessage: 'Contact your administrator for access' }
+            )}
+          </h2>
+        }
+        body={
+          <p>
+            {i18n.translate(
+              'xpack.observability_onboarding.autoDetectPanel.p.toInstallIntegrationsAndLabel',
+              {
+                defaultMessage:
+                  'To install integrations and ingest data, you need additional privileges.',
+              }
+            )}
+          </p>
+        }
+      />
+    );
+  }
+
+  return (
+    <EuiEmptyPrompt
+      color="danger"
+      iconType="error"
+      title={
+        <h2>
+          {i18n.translate(
+            'xpack.observability_onboarding.autoDetectPanel.h2.unableToInitiateDataLabel',
+            { defaultMessage: 'Unable to load content' }
+          )}
+        </h2>
+      }
+      body={
+        <p>
+          {i18n.translate(
+            'xpack.observability_onboarding.autoDetectPanel.p.thereWasAProblemLabel',
+            {
+              defaultMessage:
+                'There was a problem loading the application. Retry or contact your administrator for help.',
+            }
+          )}
+        </p>
+      }
+      actions={
+        <EuiButton
+          color="danger"
+          iconType="refresh"
+          fill
+          data-test-subj="observabilityOnboardingAutoDetectPanelGoBackButton"
+          onClick={onRetryClick}
+        >
+          {i18n.translate(
+            'xpack.observability_onboarding.autoDetectPanel.backToSelectionButtonLabel',
+            { defaultMessage: 'Retry' }
+          )}
+        </EuiButton>
+      }
+    />
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx
new file mode 100644
index 0000000000000..73fe406c46e6e
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type AnchorHTMLAttributes } from 'react';
+import { EuiButtonEmpty, type EuiButtonEmptyProps } from '@elastic/eui';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import type { SerializableRecord } from '@kbn/utility-types';
+import { type LocatorPublic } from '@kbn/share-plugin/common';
+import { type ObservabilityOnboardingContextValue } from '../../../plugin';
+
+type EuiButtonEmptyPropsForAnchor = Extract<
+  EuiButtonEmptyProps,
+  AnchorHTMLAttributes<HTMLAnchorElement>
+>;
+
+export interface LocatorButtonEmptyProps<Params extends SerializableRecord>
+  extends Omit<EuiButtonEmptyPropsForAnchor, 'href'> {
+  locator: string | LocatorPublic<Params>;
+  params: Params;
+}
+
+/**
+ * Same as `EuiButtonEmpty` but uses locators to navigate instead of URLs.
+ *
+ * Accepts the following props instead of an `href`:
+ * - `locator`: Either the URL locator public contract or the ID of the locator if previously registered.
+ * - `params`: The params to pass to the locator.
+ *
+ * Get type safety for `params` by passing the correct type to the generic component.
+ *
+ * Example 1:
+ *
+ * ```ts
+ * <LocatorButtonEmpty locator={dashboardStart.locator} params={{ dashboardId: 'abc' }}>
+ *   View dashboard
+ * </LocatorButtonEmpty>
+ * ```
+ *
+ * Example 2:
+ *
+ * ```ts
+ * import { type SingleDatasetLocatorParams, SINGLE_DATASET_LOCATOR_ID } from '@kbn/deeplinks-observability/locators';
+ *
+ * <LocatorButtonEmpty<SingleDatasetLocatorParams>
+ *   locator={SINGLE_DATASET_LOCATOR_ID}
+ *   params={{
+ *     integration: 'system',
+ *     dataset: 'system.syslog',
+ *   }}
+ * >
+ *   View in Logs Explorer
+ * </LocatorButtonEmpty>
+ * ```
+ */
+export const LocatorButtonEmpty = <Params extends SerializableRecord>({
+  locator,
+  params,
+  ...rest
+}: LocatorButtonEmptyProps<Params>) => {
+  const {
+    services: { share },
+  } = useKibana<ObservabilityOnboardingContextValue>();
+
+  const locatorObj =
+    typeof locator === 'string' ? share.url.locators.get<Params>(locator) : locator;
+
+  return (
+    <EuiButtonEmpty
+      data-test-subj="observabilityOnboardingLocatorButtonEmptyButton"
+      href={locatorObj?.useUrl(params)}
+      {...rest}
+    />
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx
new file mode 100644
index 0000000000000..337ab8172e971
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type FunctionComponent } from 'react';
+import {
+  EuiIcon,
+  EuiFlexGroup,
+  EuiFlexItem,
+  type EuiCallOutProps,
+  EuiCallOut,
+  EuiLoadingSpinner,
+} from '@elastic/eui';
+
+interface ProgressIndicatorProps extends EuiCallOutProps {
+  iconType?: string;
+  isLoading?: boolean;
+}
+export const ProgressIndicator: FunctionComponent<ProgressIndicatorProps> = ({
+  iconType,
+  isLoading = true,
+  title,
+  color = isLoading ? 'primary' : 'success',
+  ...rest
+}) => {
+  return (
+    <EuiCallOut
+      title={
+        <EuiFlexGroup gutterSize="s" alignItems="center" responsive={false}>
+          {isLoading ? (
+            <EuiFlexItem grow={false}>
+              <EuiLoadingSpinner size={rest.size} />
+            </EuiFlexItem>
+          ) : iconType ? (
+            <EuiFlexItem grow={false}>
+              <EuiIcon type={iconType} color={color} size={rest.size} />
+            </EuiFlexItem>
+          ) : null}
+          <EuiFlexItem>{title}</EuiFlexItem>
+        </EuiFlexGroup>
+      }
+      color={color}
+      {...rest}
+    />
+  );
+};
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh
index 718107050335f..e946fb6653542 100755
--- a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh
@@ -87,9 +87,9 @@ selected_unknown_log_file_pattern_array=()
 excluded_options_string=""
 selected_unknown_log_file_pattern_tsv_string=""
 custom_log_file_path_list_tsv_string=""
-install_integrations_api_body_string=""
 elastic_agent_artifact_name=""
 elastic_agent_config_path="/opt/Elastic/Agent/elastic-agent.yml"
+elastic_agent_tmp_config_path="/tmp/elastic-agent-config-template.yml"
 
 OS="$(uname)"
 ARCH="$(uname -m)"
@@ -130,14 +130,16 @@ update_step_progress() {
     --header "x-elastic-internal-origin: Kibana" \
     --data "$data" \
     --output /dev/null \
-    --no-progress-meter
+    --no-progress-meter \
+    --fail
 }
 
 download_elastic_agent() {
   local download_url="https://artifacts.elastic.co/downloads/beats/elastic-agent/${elastic_agent_artifact_name}.tar.gz"
-  curl -L -O $download_url --fail
+  curl -L -O $download_url --silent --fail
 
   if [ "$?" -eq 0 ]; then
+    printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent downloaded to $(pwd)/$elastic_agent_artifact_name.tar.gz"
     update_step_progress "ea-download" "complete"
   else
     update_step_progress "ea-download" "danger" "Failed to download Elastic Agent, see script output for error."
@@ -149,6 +151,7 @@ extract_elastic_agent() {
   tar -xzf "${elastic_agent_artifact_name}.tar.gz"
 
   if [ "$?" -eq 0 ]; then
+    printf "\e[1;32m✓\e[0m %s\n" "Archive extracted"
     update_step_progress "ea-extract" "complete"
   else
     update_step_progress "ea-extract" "danger" "Failed to extract Elastic Agent, see script output for error."
@@ -157,9 +160,10 @@ extract_elastic_agent() {
 }
 
 install_elastic_agent() {
-  "./${elastic_agent_artifact_name}/elastic-agent" install -f
+  "./${elastic_agent_artifact_name}/elastic-agent" install -f -n > /dev/null
 
   if [ "$?" -eq 0 ]; then
+    printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent installed to $(dirname $elastic_agent_config_path)"
     update_step_progress "ea-install" "complete"
   else
     update_step_progress "ea-install" "danger" "Failed to install Elastic Agent, see script output for error."
@@ -170,17 +174,14 @@ install_elastic_agent() {
 wait_for_elastic_agent_status() {
   local MAX_RETRIES=10
   local i=0
-  echo -n "."
   elastic-agent status > /dev/null 2>&1
   local ELASTIC_AGENT_STATUS_EXIT_CODE="$?"
   while [ "$ELASTIC_AGENT_STATUS_EXIT_CODE" -ne 0 ] && [ $i -le $MAX_RETRIES ]; do
     sleep 1
-    echo -n "."
     elastic-agent status > /dev/null 2>&1
     ELASTIC_AGENT_STATUS_EXIT_CODE="$?"
     ((i++))
   done
-  echo ""
 
   if [ "$ELASTIC_AGENT_STATUS_EXIT_CODE" -ne 0 ]; then
     update_step_progress "ea-status" "warning" "Unable to determine agent status"
@@ -214,11 +215,11 @@ backup_elastic_agent_config() {
     confirmation_reply="${confirmation_reply:-Y}"
 
     if [[ "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then
-      local backup_path="${elastic_agent_config_path%.yml}.$(date +%s).yml" # e.g. /opt/Elastic/Agent/elastic-agent.1712267614.yml
+      local backup_path="$(pwd)/$(basename "${elastic_agent_config_path%.yml}.$(date +%s).yml")" # e.g. /opt/Elastic/Agent/elastic-agent.1712267614.yml
       cp $elastic_agent_config_path $backup_path
 
       if [ "$?" -eq 0 ]; then
-        printf "\n\e[1;32m✓\e[0m \e[1m%s\e[0m\n" "Backup saved to $backup_path"
+        printf "\n\e[1;32m✓\e[0m %s\n" "Backup saved to $backup_path"
       else
         update_step_progress "ea-config" "warning" "Failed to backup existing configuration"
         fail "Failed to backup existing config file - Try manually creating a backup or delete your existing config file before re-running this script"
@@ -229,31 +230,56 @@ backup_elastic_agent_config() {
   fi
 }
 
-download_elastic_agent_config() {
-  local decoded_ingest_api_key=$(echo "$ingest_api_key_encoded" | base64 -d)
-  local tmp_path="/tmp/elastic-agent-config-template.yml"
+install_integrations() {
+  local install_integrations_api_body_string=""
+
+  for item in "${selected_known_integrations_array[@]}"; do
+    install_integrations_api_body_string+="$item\tregistry\n"
+  done
+
+  for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do
+    local integration_name=$(generate_custom_integration_name "$item")
 
-  update_step_progress "ea-config" "loading"
+    install_integrations_api_body_string+="$integration_name\tcustom\t$item\n"
+  done
 
   curl --request POST \
-    -o $tmp_path \
+    -o $elastic_agent_tmp_config_path \
     --url "$kibana_api_endpoint/internal/observability_onboarding/flow/$onboarding_flow_id/integrations/install" \
     --header "Authorization: ApiKey $install_api_key_encoded" \
     --header "Content-Type: text/tab-separated-values" \
+    --header "kbn-xsrf: true" \
+    --header "x-elastic-internal-origin: Kibana" \
     --data "$(echo -e "$install_integrations_api_body_string")" \
-    --no-progress-meter
+    --no-progress-meter \
+    --fail
 
-  if [ "$?" -ne 0 ]; then
-    update_step_progress "ea-config" "warning" "Failed to install integrations."
-    fail "Failed to install integrations."
+  if [ "$?" -eq 0 ]; then
+    printf "\n\e[1;32m✓\e[0m %s\n" "Integrations installed"
+  else
+    update_step_progress "ea-config" "warning" "Failed to install integrations"
+    fail "Failed to install integrations"
   fi
+}
 
-  sed "s/'\${API_KEY}'/$decoded_ingest_api_key/g" $tmp_path > $elastic_agent_config_path
+apply_elastic_agent_config() {
+  local decoded_ingest_api_key=$(echo "$ingest_api_key_encoded" | base64 -d)
+
+  sed "s/'\${API_KEY}'/$decoded_ingest_api_key/g" $elastic_agent_tmp_config_path > $elastic_agent_config_path
+  if [ "$?" -eq 0 ]; then
+    printf "\e[1;32m✓\e[0m %s\n" "Config written to $elastic_agent_config_path"
+    update_step_progress "ea-config" "complete"
+  else
+    update_step_progress "ea-config" "warning" "Failed to configure Elastic Agent"
+    fail "Failed to configure Elastic Agent"
+  fi
 }
 
 read_open_log_file_list() {
   local exclude_patterns=(
     "^\/Users\/.+?\/Library\/Application Support"
+    "^\/Users\/.+?\/Library\/Group Containers"
+    "^\/Users\/.+?\/Library\/Containers"
     "^\/Users\/.+?\/Library\/Caches"
     "^\/private"
     # Excluding all patterns that correspond to known integrations
@@ -269,7 +295,7 @@ read_open_log_file_list() {
     "^\/var\/log\/secure"
   )
 
-  local list=$(lsof -Fn | grep "\.log$" | awk '/^n/ {print substr($0, 2)}' | sort | uniq)
+  local list=$(lsof -Fn / | grep "^n.*\.log$" | cut -c2- | sort -u)
 
   # Filtering by the exclude patterns
   while IFS= read -r line; do
@@ -385,12 +411,12 @@ function select_list() {
     fi
   done
 
-  printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Ingest all detected logs?" "[Y/n] (default: Yes): "
+  printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with detected logs?" "[Y/n] (default: Yes): "
   read confirmation_reply
   confirmation_reply="${confirmation_reply:-Y}"
 
   if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then
-    printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Exclude logs by listing their index numbers" "(e.g. 1, 2, 3): "
+    printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "Exclude logs by listing their index numbers" "(e.g. 1, 2, 3). Press Enter to skip."
     read exclude_index_list_string
 
     IFS=', ' read -r -a exclude_index_list_array <<< "$exclude_index_list_string"
@@ -417,6 +443,33 @@ function select_list() {
         fi
       fi
     done
+
+    if [[ -n "$excluded_options_string" ]]; then
+      echo -e "\nThese logs will not be ingested:"
+      echo -e "$excluded_options_string"
+    fi
+
+    printf "\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "List any additional logs you'd like to ingest" "(e.g. /path1/*.log, /path2/*.log). Press Enter to skip."
+    read custom_log_file_path_list_string
+
+    IFS=', ' read -r -a custom_log_file_path_list_array <<< "$custom_log_file_path_list_string"
+
+    echo -e "\nYou've selected these logs for ingestion:"
+    for item in "${selected_known_integrations_array[@]}"; do
+      printf "\e[32m•\e[0m %s\n" "$(known_integration_title "${item}")"
+    done
+    for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do
+      printf "\e[32m•\e[0m %s\n" "$item"
+    done
+
+    printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with selected logs?" "[Y/n] (default: Yes): "
+    read confirmation_reply
+    confirmation_reply="${confirmation_reply:-Y}"
+
+    if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then
+      echo -e "Rerun the script again to select different logs."
+      exit 1
+    fi
   else
     selected_known_integrations_array=("${known_integrations_options[@]}")
     selected_unknown_log_file_pattern_array=("${unknown_logs_options[@]}")
@@ -450,70 +503,26 @@ generate_custom_integration_name() {
     echo "$name"
 }
 
-build_install_integrations_api_body_string() {
-  for item in "${selected_known_integrations_array[@]}"; do
-    install_integrations_api_body_string+="$item\tregistry\n"
-  done
-
-  for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do
-    local integration_name=$(generate_custom_integration_name "$item")
-
-    install_integrations_api_body_string+="$integration_name\tcustom\t$item\n"
-  done
-}
-
-echo "Looking for log files..."
+printf "\e[1m%s\e[0m\n" "Looking for log files..."
+update_step_progress "logs-detect" "loading"
 detect_known_integrations
 read_open_log_file_list
 build_unknown_log_file_patterns
-
+update_step_progress "logs-detect" "complete"
 echo -e "\nWe found these logs on your system:"
 select_list
 
-if [[ -n "$excluded_options_string" ]]; then
-  echo -e "\nThese logs will not be ingested:"
-  echo -e "$excluded_options_string"
-fi
-
-
-printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "Add paths to any custom logs we've missed" "(e.g. /path1/*.log, /path2/*.log). Press Enter to skip."
-read custom_log_file_path_list_string
-
-IFS=', ' read -r -a custom_log_file_path_list_array <<< "$custom_log_file_path_list_string"
-
-echo -e "\nYou've selected these logs to ingest:"
-for item in "${selected_known_integrations_array[@]}"; do
-  printf "• %s\n" "$(known_integration_title "${item}")"
-done
-for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do
-  printf "• %s\n" "$item"
-done
-
-
-printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with selected logs?" "[Y/n] (default: Yes): "
-read confirmation_reply
-confirmation_reply="${confirmation_reply:-Y}"
-
-if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then
-  echo -e "Rerun the script again to select different logs."
-  exit 1
-fi
-
-build_install_integrations_api_body_string
-
 backup_elastic_agent_config
 
-echo -e "\nDownloading Elastic Agent...\n"
+printf "\n\e[1m%s\e[0m\n" "Installing Elastic Agent..."
+install_integrations
 download_elastic_agent
 extract_elastic_agent
-
-echo -e "\nInstalling Elastic Agent...\n"
 install_elastic_agent
+apply_elastic_agent_config
+
+printf "\n\e[1m%s\e[0m\n" "Waiting for healthy status..."
 wait_for_elastic_agent_status
 ensure_elastic_agent_healthy
 
-echo -e "\nInstalling integrations...\n"
-download_elastic_agent_config
-
-update_step_progress "ea-config" "complete"
 printf "\n\e[32m%s\e[0m\n" "🎉 Elastic Agent is configured and running. You can now go back to Kibana and check for incoming logs."
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg
new file mode 100644
index 0000000000000..925d71c174061
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg
@@ -0,0 +1,128 @@
+<svg width="162" height="117" viewBox="0 0 162 117" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_6_66533)">
+<rect width="162" height="117" rx="3.6" fill="#F7F8FC"/>
+<g filter="url(#filter0_dddd_6_66533)">
+<rect width="135" height="99" transform="translate(27 18)" fill="white"/>
+<rect x="37.6387" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="52.9395" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="68.2383" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="83.5391" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="98.8379" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="114.139" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="129.439" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="144.738" y="105.891" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="37.6387" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="52.9395" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="68.2383" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="83.5391" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="98.8379" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="114.139" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="129.439" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="144.738" y="62.6907" width="6.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<path d="M38.25 48.0639L55.243 33.6119L63.8969 40.9717L70.9773 34.95L86.3969 48.0639L113.302 25.1815L134.386 43.1127L140.995 37.4925L150.75 45.7891" stroke="#F1F4FA" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M38.25 40.8918L49.677 50.6101L59.4945 42.2606L67.8635 49.3782L85.8892 34.048L109.87 54.4427L117.112 48.2832L127.252 56.9065C135.138 50.2907 150.878 37.0319 150.749 36.9224" stroke="#F1F4FA" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M150.75 78.5426L129.091 100.201L115.847 86.9567L109.458 93.3452L94.6558 78.5426L75.3345 97.8639L69.4134 91.9429L63.4924 97.8639L46.8199 81.1915L38.25 89.7614" stroke="#F1F4FA" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M150.75 74.079L131.455 93.3736L124.92 86.8383L116.829 94.9296L104.225 82.3259L93.1774 93.3736L72.3268 72.5229L49.9201 94.9296L46.0301 91.0395L38.25 98.8196" stroke="#F1F4FA" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<mask id="mask0_6_66533" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="37" y="18" width="115" height="99">
+<rect x="37.1875" y="18" width="114.75" height="99" fill="#D9D9D9"/>
+</mask>
+<g mask="url(#mask0_6_66533)">
+<path d="M38.25 48.0639L55.243 33.6119L63.8969 40.9717L70.9773 34.95L86.3969 48.0639L113.302 25.1815L134.386 43.1127L140.995 37.4925L150.75 45.7891" stroke="#6092C0" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M150.75 78.5426L129.091 100.201L115.847 86.9567L109.458 93.3452L94.6558 78.5426L75.3345 97.8639L69.4134 91.9429L63.4924 97.8639L46.8199 81.1915L38.25 89.7614" stroke="#6092C0" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<mask id="mask1_6_66533" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="27" y="18" width="125" height="99">
+<rect x="27" y="18" width="124.489" height="99" fill="#D9D9D9"/>
+</mask>
+<g mask="url(#mask1_6_66533)">
+<path d="M38.25 40.8918L49.677 50.6101L59.4945 42.2606L67.8635 49.3782L85.8892 34.048L109.87 54.4427L117.112 48.2832L127.252 56.9065C135.138 50.2907 150.878 37.0319 150.749 36.9224" stroke="#D36086" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M150.75 74.0781L131.455 93.3727L124.92 86.8374L116.829 94.9287L104.225 82.325L93.1774 93.3727L72.3268 72.5221L49.9201 94.9287L46.0301 91.0387L38.25 98.8188" stroke="#D36086" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+</g>
+<rect x="3.15039" y="27" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="31.05" width="5.4" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="35.1" width="14.85" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="39.15" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="43.2" width="15.75" height="1.8" rx="0.9" fill="#98A2B3"/>
+<rect x="3.15039" y="47.25" width="10.8" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="51.3" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="55.35" width="7.2" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="59.4" width="12.15" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="21.15" width="16.65" height="2.7" rx="1.35" fill="#98A2B3"/>
+<g filter="url(#filter1_ddd_6_66533)">
+<rect width="162" height="9" transform="translate(0 9)" fill="white"/>
+<path d="M26.0996 11.25H35.0996C35.5967 11.25 35.9996 11.6529 35.9996 12.15V14.85C35.9996 15.3471 35.5967 15.75 35.0996 15.75H26.0996V11.25Z" fill="#69707D" fill-opacity="0.2"/>
+<path d="M15.75 12.15C15.75 11.6529 16.1529 11.25 16.65 11.25H25.65V15.75H16.65C16.1529 15.75 15.75 15.3471 15.75 14.85V12.15Z" fill="#006DE4" fill-opacity="0.2"/>
+<rect x="9" y="11.25" width="4.5" height="4.5" rx="0.9" fill="#00BFB3"/>
+<rect x="2.25" y="11.25" width="4.5" height="4.5" rx="0.9" fill="#D3DAE6"/>
+</g>
+<rect width="162" height="9" fill="#26282F"/>
+<circle cx="157.501" cy="4.50005" r="2.7" fill="#0077CC"/>
+<circle cx="150.3" cy="4.50005" r="2.7" fill="#69707D"/>
+<rect x="62.0996" y="1.80005" width="38.25" height="5.4" rx="1.35" fill="#69707D"/>
+<rect x="9.45117" y="3.15002" width="13.05" height="2.7" rx="1.35" fill="#69707D"/>
+<g clip-path="url(#clip1_6_66533)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M7.00841 4.01557C7.13416 4.19573 7.20134 4.41027 7.20079 4.62999C7.1997 4.85059 7.13129 5.0656 7.0047 5.24626C6.87836 5.42659 6.6998 5.56387 6.49305 5.63962C6.55327 5.80507 6.55834 5.98557 6.50748 6.15414C6.45662 6.32271 6.35258 6.47029 6.2109 6.57483C6.06931 6.67888 5.89766 6.73396 5.72197 6.7317C5.54627 6.72945 5.37609 6.66999 5.23721 6.56234C5.04992 6.82498 4.78399 7.02129 4.47784 7.12293C4.17197 7.22442 3.84172 7.22578 3.53503 7.12681C3.22807 7.02759 2.9606 6.83334 2.77127 6.57213C2.58151 6.31046 2.47948 5.99542 2.47984 5.67218C2.4798 5.57453 2.48883 5.47708 2.50684 5.38109C2.29947 5.30677 2.12028 5.16992 1.99401 4.98942C1.86746 4.80852 1.79997 4.5929 1.80079 4.37214C1.80193 4.15152 1.8704 3.93651 1.99704 3.75586C2.12355 3.57552 2.3023 3.43829 2.5092 3.36267C2.44812 3.19714 2.44238 3.01626 2.49282 2.84718C2.54327 2.67809 2.64719 2.52993 2.78899 2.42493C2.93066 2.32037 3.1026 2.26495 3.27866 2.26708C3.45472 2.26921 3.62527 2.32879 3.76436 2.43674C3.96714 2.15359 4.26072 1.94838 4.5963 1.85523C4.93162 1.76233 5.28866 1.78728 5.60779 1.92594C5.92731 2.06487 6.18972 2.30888 6.35147 2.61747C6.51354 2.92651 6.56551 3.28154 6.49879 3.62407C6.70499 3.69885 6.88301 3.8356 7.00841 4.01557ZM3.92366 4.1266L5.10525 4.66846L6.29764 3.62002C6.31491 3.53351 6.3235 3.44549 6.32329 3.35727C6.32341 3.07175 6.23236 2.79365 6.06341 2.56347C5.89487 2.33371 5.65711 2.16403 5.38504 2.07933C5.11323 1.99485 4.82147 1.99994 4.55276 2.09384C4.28368 2.18791 4.05184 2.36576 3.89126 2.60127L3.69315 3.63369L3.92383 4.12644L3.92366 4.1266ZM2.70073 5.38227C2.66339 5.56605 2.66492 5.75562 2.70523 5.93877C2.74554 6.12193 2.82373 6.29462 2.93479 6.44574C3.10426 6.67621 3.34323 6.84621 3.61654 6.93072C3.88952 7.01503 4.18238 7.00929 4.45185 6.91435C4.72173 6.81922 4.95395 6.64 5.11436 6.40304L5.31113 5.37333L5.04872 4.86961L3.86241 4.32775L2.70056 5.3821L2.70073 5.38227ZM3.50314 3.52197L2.69314 3.3301L2.69348 3.32977C2.64661 3.19965 2.64283 3.05792 2.6827 2.92549C2.72257 2.79306 2.80397 2.67697 2.91488 2.59435C3.02579 2.51215 3.16036 2.4681 3.29842 2.4688C3.43647 2.4695 3.57058 2.51491 3.68066 2.59824L3.50314 3.52197ZM2.62294 3.52366C2.44766 3.58172 2.29467 3.69267 2.18503 3.84125C2.07512 3.99007 2.01383 4.1692 2.00954 4.35417C2.00525 4.53913 2.05817 4.72091 2.16107 4.87467C2.26384 5.02823 2.41149 5.14636 2.58379 5.21217L3.71998 4.18263L3.51158 3.73544L2.62294 3.52366ZM5.7087 6.53551C5.56905 6.53527 5.43342 6.48868 5.32311 6.40304L5.4981 5.48268L6.3081 5.67252C6.34348 5.76944 6.35504 5.87345 6.34179 5.97577C6.32855 6.07809 6.29089 6.17573 6.232 6.26045C6.17341 6.34509 6.09523 6.41431 6.00411 6.4622C5.91299 6.5101 5.81164 6.53525 5.7087 6.53551ZM5.48764 5.27005L6.37864 5.47897C6.55661 5.41875 6.71131 5.3044 6.8211 5.15193C6.93113 4.99921 6.99088 4.81602 6.99204 4.62779C6.992 4.4464 6.93692 4.26929 6.83409 4.11985C6.73144 3.97061 6.58575 3.85618 6.41644 3.7918L5.25139 4.81612L5.48764 5.27005Z" fill="white"/>
+<path d="M3.92387 4.12664L5.10546 4.6685L6.29785 3.62006C6.31512 3.53355 6.32371 3.44553 6.3235 3.35731C6.32362 3.07179 6.23257 2.79368 6.06362 2.56351C5.89507 2.33375 5.65732 2.16407 5.38525 2.07937C5.11343 1.99489 4.82167 1.99998 4.55297 2.09388C4.28389 2.18795 4.05205 2.3658 3.89147 2.60131L3.69336 3.63372L3.92404 4.12647L3.92387 4.12664Z" fill="#FEC514"/>
+<path d="M2.70075 5.38228C2.6634 5.56606 2.66493 5.75562 2.70524 5.93878C2.74555 6.12193 2.82375 6.29462 2.9348 6.44574C3.10427 6.67622 3.34324 6.84622 3.61655 6.93073C3.88953 7.01503 4.18239 7.0093 4.45186 6.91436C4.72174 6.81923 4.95396 6.64 5.11438 6.40305L5.31114 5.37333L5.04873 4.86962L3.86242 4.32776L2.70058 5.38211L2.70075 5.38228Z" fill="#00BFB3"/>
+<path d="M2.6921 3.33006L3.5021 3.52193L3.67963 2.59819C3.56955 2.51487 3.43543 2.46946 3.29738 2.46876C3.15932 2.46806 3.02476 2.51211 2.91384 2.59431C2.80293 2.67693 2.72153 2.79302 2.68166 2.92545C2.6418 3.05787 2.64557 3.19961 2.69244 3.32972" fill="#F04E98"/>
+<path d="M2.62341 3.52368C2.44812 3.58174 2.29514 3.6927 2.1855 3.84127C2.07558 3.99009 2.0143 4.16923 2.01001 4.35419C2.00572 4.53916 2.05864 4.72093 2.16154 4.87469C2.26431 5.02826 2.41196 5.14638 2.58426 5.21219L3.72045 4.18265L3.51204 3.73546L2.62341 3.52368V3.52368Z" fill="#1BA9F5"/>
+<path d="M5.32422 6.40303C5.43454 6.48866 5.57016 6.53526 5.70981 6.5355C5.81275 6.53524 5.9141 6.51009 6.00522 6.46219C6.09634 6.4143 6.17452 6.34508 6.23311 6.26043C6.292 6.17572 6.32966 6.07808 6.3429 5.97576C6.35615 5.87344 6.34459 5.76943 6.30921 5.67251L5.49921 5.48267L5.32422 6.40303Z" fill="#93C90E"/>
+<path d="M5.4882 5.27012L6.3792 5.47903C6.55718 5.41881 6.71188 5.30447 6.82167 5.152C6.9317 4.99928 6.99145 4.81608 6.99261 4.62786C6.99256 4.44646 6.93749 4.26935 6.83466 4.11992C6.732 3.97068 6.58632 3.85625 6.417 3.79187L5.25195 4.81618L5.4882 5.27012V5.27012Z" fill="#0077CC"/>
+</g>
+</g>
+<defs>
+<filter id="filter0_dddd_6_66533" x="20.7" y="15.615" width="147.6" height="114.435" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect1_dropShadow_6_66533"/>
+<feOffset dy="6.75"/>
+<feGaussianBlur stdDeviation="3.375"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.04 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_6_66533"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect2_dropShadow_6_66533"/>
+<feOffset dy="2.565"/>
+<feGaussianBlur stdDeviation="2.7"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow_6_66533" result="effect2_dropShadow_6_66533"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect3_dropShadow_6_66533"/>
+<feOffset dy="1.17"/>
+<feGaussianBlur stdDeviation="1.8"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.06 0"/>
+<feBlend mode="normal" in2="effect2_dropShadow_6_66533" result="effect3_dropShadow_6_66533"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect4_dropShadow_6_66533"/>
+<feOffset dy="0.405"/>
+<feGaussianBlur stdDeviation="0.9"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.08 0"/>
+<feBlend mode="normal" in2="effect3_dropShadow_6_66533" result="effect4_dropShadow_6_66533"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect4_dropShadow_6_66533" result="shape"/>
+</filter>
+<filter id="filter1_ddd_6_66533" x="-4.5" y="6.525" width="171" height="18" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="2.025"/>
+<feGaussianBlur stdDeviation="2.25"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_6_66533"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="0.855"/>
+<feGaussianBlur stdDeviation="0.9"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow_6_66533" result="effect2_dropShadow_6_66533"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="0.315"/>
+<feGaussianBlur stdDeviation="0.315"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.07 0"/>
+<feBlend mode="normal" in2="effect2_dropShadow_6_66533" result="effect3_dropShadow_6_66533"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect3_dropShadow_6_66533" result="shape"/>
+</filter>
+<clipPath id="clip0_6_66533">
+<rect width="162" height="117" rx="3.6" fill="white"/>
+</clipPath>
+<clipPath id="clip1_6_66533">
+<rect width="5.4" height="5.4" fill="white" transform="translate(1.80078 1.80005)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg
new file mode 100644
index 0000000000000..7501d44620a94
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg
@@ -0,0 +1,116 @@
+<svg width="162" height="117" viewBox="0 0 162 117" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_6_66599)">
+<rect width="162" height="117" rx="3.6" fill="#F7F8FC"/>
+<g clip-path="url(#clip1_6_66599)" filter="url(#filter0_dddd_6_66599)">
+<rect width="135" height="99" transform="translate(27 18)" fill="white"/>
+<rect x="37.7988" y="27" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="39.6" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="52.2" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="64.8" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="77.4" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="90" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<rect x="37.7988" y="102.6" width="113.4" height="5.4" rx="1.35" fill="#F1F4FA"/>
+<mask id="mask0_6_66599" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="27" y="18" width="135" height="99">
+<rect x="27" y="18" width="135" height="99" fill="#D9D9D9"/>
+</mask>
+<g mask="url(#mask0_6_66599)">
+<rect x="37.7988" y="27" width="113.4" height="5.4" rx="1.35" fill="#6092C0"/>
+<rect x="37.7988" y="39.6" width="99.675" height="5.4" rx="1.35" fill="#6092C0"/>
+<rect x="63.8984" y="52.2" width="81.675" height="5.4" rx="1.35" fill="#54B399"/>
+<rect x="80.7734" y="64.8" width="49.05" height="5.4" rx="1.35" fill="#54B399"/>
+<rect x="93.373" y="77.4" width="31.5" height="5.4" rx="1.35" fill="#9170B8"/>
+<rect x="99.7871" y="90" width="18.675" height="5.4" rx="1.35" fill="#9170B8"/>
+<rect x="105.299" y="102.6" width="8.1" height="5.4" rx="1.35" fill="#D36086"/>
+</g>
+</g>
+<rect x="3.15039" y="27" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="31.05" width="5.4" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="35.1" width="14.85" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="39.15" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="43.2" width="15.75" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="47.25" width="10.8" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="51.3" width="13.5" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="55.35" width="7.2" height="1.8" rx="0.9" fill="#98A2B3"/>
+<rect x="3.15039" y="59.4" width="12.15" height="1.8" rx="0.9" fill="#D3DAE6"/>
+<rect x="3.15039" y="21.15" width="16.65" height="2.7" rx="1.35" fill="#98A2B3"/>
+<g filter="url(#filter1_ddd_6_66599)">
+<rect width="162" height="9" transform="translate(0 9)" fill="white"/>
+<path d="M26.0996 11.25H35.0996C35.5967 11.25 35.9996 11.6529 35.9996 12.15V14.85C35.9996 15.3471 35.5967 15.75 35.0996 15.75H26.0996V11.25Z" fill="#69707D" fill-opacity="0.2"/>
+<path d="M15.75 12.15C15.75 11.6529 16.1529 11.25 16.65 11.25H25.65V15.75H16.65C16.1529 15.75 15.75 15.3471 15.75 14.85V12.15Z" fill="#006DE4" fill-opacity="0.2"/>
+<rect x="9" y="11.25" width="4.5" height="4.5" rx="0.9" fill="#00BFB3"/>
+<rect x="2.25" y="11.25" width="4.5" height="4.5" rx="0.9" fill="#D3DAE6"/>
+</g>
+<rect width="162" height="9" fill="#26282F"/>
+<circle cx="157.501" cy="4.50005" r="2.7" fill="#0077CC"/>
+<circle cx="150.3" cy="4.50005" r="2.7" fill="#69707D"/>
+<rect x="62.0996" y="1.80005" width="38.25" height="5.4" rx="1.35" fill="#69707D"/>
+<rect x="9.44922" y="3.15015" width="13.05" height="2.7" rx="1.35" fill="#69707D"/>
+<g clip-path="url(#clip2_6_66599)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M7.00646 4.01569C7.13221 4.19586 7.19938 4.4104 7.19883 4.63011C7.19775 4.85071 7.12934 5.06572 7.00275 5.24638C6.87641 5.42671 6.69784 5.564 6.4911 5.63974C6.55132 5.80519 6.55638 5.98569 6.50553 6.15426C6.45467 6.32283 6.35063 6.47041 6.20895 6.57495C6.06736 6.67901 5.89571 6.73408 5.72001 6.73183C5.54431 6.72957 5.37414 6.67012 5.23526 6.56246C5.04797 6.8251 4.78204 7.02142 4.47589 7.12305C4.17002 7.22454 3.83977 7.2259 3.53308 7.12693C3.22611 7.02771 2.95864 6.83346 2.76932 6.57225C2.57955 6.31058 2.47753 5.99554 2.47789 5.67231C2.47784 5.57465 2.48688 5.4772 2.50489 5.38121C2.29752 5.30689 2.11833 5.17004 1.99205 4.98954C1.86551 4.80864 1.79802 4.59303 1.79884 4.37226C1.79998 4.15164 1.86845 3.93663 1.99509 3.75598C2.1216 3.57564 2.30034 3.43841 2.50725 3.36279C2.44617 3.19726 2.44042 3.01638 2.49087 2.8473C2.54132 2.67822 2.64524 2.53006 2.78704 2.42505C2.92871 2.3205 3.10065 2.26507 3.27671 2.2672C3.45277 2.26934 3.62331 2.32891 3.76241 2.43686C3.96519 2.15372 4.25877 1.94851 4.59435 1.85535C4.92966 1.76245 5.28671 1.78741 5.60584 1.92606C5.92536 2.06499 6.18777 2.309 6.34952 2.61759C6.51159 2.92663 6.56355 3.28167 6.49684 3.62419C6.70304 3.69897 6.88106 3.83573 7.00646 4.01569ZM3.92171 4.12673L5.1033 4.66858L6.29569 3.62014C6.31296 3.53363 6.32155 3.44561 6.32134 3.35739C6.32146 3.07187 6.23041 2.79377 6.06146 2.56359C5.89291 2.33384 5.65516 2.16415 5.38309 2.07945C5.11127 1.99498 4.81951 2.00006 4.55081 2.09396C4.28173 2.18804 4.04989 2.36588 3.88931 2.60139L3.6912 3.63381L3.92188 4.12656L3.92171 4.12673ZM2.69878 5.38239C2.66143 5.56618 2.66296 5.75574 2.70327 5.93889C2.74358 6.12205 2.82178 6.29474 2.93284 6.44586C3.10231 6.67633 3.34128 6.84633 3.61459 6.93084C3.88757 7.01515 4.18043 7.00941 4.4499 6.91448C4.71977 6.81935 4.952 6.64012 5.11241 6.40316L5.30917 5.37345L5.04677 4.86973L3.86045 4.32788L2.69861 5.38223L2.69878 5.38239ZM3.50118 3.52209L2.69119 3.33023L2.69152 3.32989C2.64466 3.19977 2.64088 3.05804 2.68075 2.92561C2.72061 2.79319 2.80201 2.67709 2.91292 2.59448C3.02384 2.51227 3.15841 2.46822 3.29646 2.46892C3.43452 2.46962 3.56863 2.51504 3.67871 2.59836L3.50118 3.52209ZM2.62099 3.52378C2.4457 3.58185 2.29272 3.6928 2.18308 3.84137C2.07316 3.9902 2.01187 4.16933 2.00759 4.35429C2.0033 4.53926 2.05622 4.72103 2.15912 4.87479C2.26189 5.02836 2.40954 5.14648 2.58184 5.21229L3.71803 4.18275L3.50962 3.73556L2.62099 3.52378ZM5.70675 6.53563C5.56709 6.53539 5.43147 6.4888 5.32115 6.40316L5.49615 5.4828L6.30615 5.67264C6.34153 5.76956 6.35308 5.87357 6.33984 5.97589C6.32659 6.07822 6.28894 6.17585 6.23004 6.26057C6.17146 6.34521 6.09327 6.41443 6.00215 6.46233C5.91104 6.51022 5.80969 6.53537 5.70675 6.53563ZM5.48568 5.27018L6.37668 5.47909C6.55466 5.41887 6.70936 5.30452 6.81915 5.15205C6.92918 4.99933 6.98893 4.81614 6.99009 4.62791C6.99005 4.44652 6.93497 4.26941 6.83214 4.11998C6.72948 3.97073 6.5838 3.85631 6.41448 3.79193L5.24943 4.81624L5.48568 5.27018Z" fill="white"/>
+<path d="M3.92192 4.12677L5.10351 4.66862L6.29589 3.62018C6.31317 3.53367 6.32176 3.44565 6.32154 3.35743C6.32166 3.07191 6.23062 2.79381 6.06167 2.56363C5.89312 2.33388 5.65536 2.16419 5.38329 2.07949C5.11148 1.99501 4.81972 2.0001 4.55102 2.094C4.28194 2.18808 4.0501 2.36592 3.88952 2.60143L3.69141 3.63385L3.92209 4.1266L3.92192 4.12677Z" fill="#FEC514"/>
+<path d="M2.69879 5.3824C2.66145 5.56618 2.66298 5.75574 2.70329 5.9389C2.7436 6.12205 2.82179 6.29474 2.93285 6.44586C3.10232 6.67634 3.34129 6.84634 3.6146 6.93085C3.88758 7.01516 4.18044 7.00942 4.44991 6.91448C4.71979 6.81935 4.95201 6.64013 5.11242 6.40317L5.30919 5.37346L5.04678 4.86974L3.86047 4.32788L2.69862 5.38223L2.69879 5.3824Z" fill="#00BFB3"/>
+<path d="M2.69015 3.33018L3.50015 3.52205L3.67767 2.59831C3.56759 2.51499 3.43348 2.46958 3.29543 2.46888C3.15737 2.46818 3.0228 2.51223 2.91189 2.59443C2.80098 2.67705 2.71958 2.79314 2.67971 2.92557C2.63984 3.05799 2.64362 3.19973 2.69049 3.32984" fill="#F04E98"/>
+<path d="M2.62145 3.5238C2.44617 3.58187 2.29319 3.69282 2.18355 3.84139C2.07363 3.99022 2.01234 4.16935 2.00805 4.35431C2.00377 4.53928 2.05669 4.72106 2.15959 4.87482C2.26235 5.02838 2.41001 5.1465 2.5823 5.21232L3.7185 4.18277L3.51009 3.73558L2.62145 3.5238V3.5238Z" fill="#1BA9F5"/>
+<path d="M5.32227 6.40315C5.43258 6.48878 5.56821 6.53538 5.70786 6.53562C5.8108 6.53536 5.91215 6.51021 6.00327 6.46231C6.09438 6.41442 6.17257 6.3452 6.23115 6.26056C6.29005 6.17584 6.3277 6.0782 6.34095 5.97588C6.35419 5.87356 6.34264 5.76955 6.30726 5.67263L5.49726 5.48279L5.32227 6.40315Z" fill="#93C90E"/>
+<path d="M5.48625 5.27024L6.37725 5.47915C6.55522 5.41894 6.70993 5.30459 6.81971 5.15212C6.92975 4.9994 6.98949 4.81621 6.99066 4.62798C6.99061 4.44659 6.93554 4.26947 6.83271 4.12004C6.73005 3.9708 6.58436 3.85637 6.41505 3.79199L5.25 4.8163L5.48625 5.27024V5.27024Z" fill="#0077CC"/>
+</g>
+</g>
+<defs>
+<filter id="filter0_dddd_6_66599" x="20.7" y="15.615" width="147.6" height="114.435" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect1_dropShadow_6_66599"/>
+<feOffset dy="6.75"/>
+<feGaussianBlur stdDeviation="3.375"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.04 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_6_66599"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect2_dropShadow_6_66599"/>
+<feOffset dy="2.565"/>
+<feGaussianBlur stdDeviation="2.7"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow_6_66599" result="effect2_dropShadow_6_66599"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect3_dropShadow_6_66599"/>
+<feOffset dy="1.17"/>
+<feGaussianBlur stdDeviation="1.8"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.06 0"/>
+<feBlend mode="normal" in2="effect2_dropShadow_6_66599" result="effect3_dropShadow_6_66599"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feMorphology radius="0.45" operator="erode" in="SourceAlpha" result="effect4_dropShadow_6_66599"/>
+<feOffset dy="0.405"/>
+<feGaussianBlur stdDeviation="0.9"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.08 0"/>
+<feBlend mode="normal" in2="effect3_dropShadow_6_66599" result="effect4_dropShadow_6_66599"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect4_dropShadow_6_66599" result="shape"/>
+</filter>
+<filter id="filter1_ddd_6_66599" x="-4.5" y="6.525" width="171" height="18" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="2.025"/>
+<feGaussianBlur stdDeviation="2.25"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_6_66599"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="0.855"/>
+<feGaussianBlur stdDeviation="0.9"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow_6_66599" result="effect2_dropShadow_6_66599"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="0.315"/>
+<feGaussianBlur stdDeviation="0.315"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.07 0"/>
+<feBlend mode="normal" in2="effect2_dropShadow_6_66599" result="effect3_dropShadow_6_66599"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect3_dropShadow_6_66599" result="shape"/>
+</filter>
+<clipPath id="clip0_6_66599">
+<rect width="162" height="117" rx="3.6" fill="white"/>
+</clipPath>
+<clipPath id="clip1_6_66599">
+<rect width="135" height="99" fill="white" transform="translate(27 18)"/>
+</clipPath>
+<clipPath id="clip2_6_66599">
+<rect width="5.4" height="5.4" fill="white" transform="translate(1.79883 1.80017)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts b/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts
index 8afe3b29c30e0..be73b77bd336e 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts
@@ -10,7 +10,10 @@ import {
   ObservabilityPublicStart,
 } from '@kbn/observability-plugin/public';
 import {
-  HttpStart,
+  ObservabilitySharedPluginSetup,
+  ObservabilitySharedPluginStart,
+} from '@kbn/observability-shared-plugin/public';
+import {
   AppMountParameters,
   CoreSetup,
   CoreStart,
@@ -20,7 +23,12 @@ import {
 } from '@kbn/core/public';
 import type { CloudExperimentsPluginStart } from '@kbn/cloud-experiments-plugin/common';
 import { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
-import { SharePluginSetup } from '@kbn/share-plugin/public';
+import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/public';
+import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
+import { DiscoverSetup, DiscoverStart } from '@kbn/discover-plugin/public';
+import { FleetSetup, FleetStart } from '@kbn/fleet-plugin/public';
+import { CloudSetup, CloudStart } from '@kbn/cloud-plugin/public';
+import { UsageCollectionSetup, UsageCollectionStart } from '@kbn/usage-collection-plugin/public';
 import type { ObservabilityOnboardingConfig } from '../server';
 import { PLUGIN_ID } from '../common';
 import { ObservabilityOnboardingLocatorDefinition } from './locators/onboarding_locator/locator_definition';
@@ -34,23 +42,30 @@ export type ObservabilityOnboardingPluginStart = void;
 export interface ObservabilityOnboardingPluginSetupDeps {
   data: DataPublicPluginSetup;
   observability: ObservabilityPublicSetup;
+  observabilityShared: ObservabilitySharedPluginSetup;
+  discover: DiscoverSetup;
   share: SharePluginSetup;
+  fleet: FleetSetup;
+  security: SecurityPluginSetup;
+  cloud?: CloudSetup;
+  usageCollection?: UsageCollectionSetup;
 }
 
 export interface ObservabilityOnboardingPluginStartDeps {
-  cloudExperiments?: CloudExperimentsPluginStart;
-  http: HttpStart;
   data: DataPublicPluginStart;
   observability: ObservabilityPublicStart;
+  observabilityShared: ObservabilitySharedPluginStart;
+  discover: DiscoverStart;
+  share: SharePluginStart;
+  fleet: FleetStart;
+  security: SecurityPluginStart;
+  cloud?: CloudStart;
+  usageCollection?: UsageCollectionStart;
+  cloudExperiments?: CloudExperimentsPluginStart;
 }
 
-export interface ObservabilityOnboardingPluginContextValue {
-  core: CoreStart;
-  plugins: ObservabilityOnboardingPluginSetupDeps;
-  data: DataPublicPluginStart;
-  observability: ObservabilityPublicStart;
-  config: ConfigSchema;
-}
+export type ObservabilityOnboardingContextValue = CoreStart &
+  ObservabilityOnboardingPluginStartDeps & { config: ConfigSchema };
 
 export class ObservabilityOnboardingPlugin
   implements Plugin<ObservabilityOnboardingPluginSetup, ObservabilityOnboardingPluginStart>
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts
new file mode 100644
index 0000000000000..c9dd959e6bb75
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FleetStartContract } from '@kbn/fleet-plugin/server';
+
+export function getAgentVersion(fleetStart: FleetStartContract, kibanaVersion: string) {
+  // If undefined, we will follow fleet's strategy to select latest available version:
+  // for serverless we will use the latest published version, for statefull we will use
+  // current Kibana version. If false, irrespective of fleet flags and logic, we are
+  // explicitly deciding to not append the current version.
+  const includeCurrentVersion = kibanaVersion.endsWith('-SNAPSHOT') ? false : undefined;
+
+  const agentClient = fleetStart.agentService.asInternalUser;
+  return agentClient.getLatestAgentAvailableVersion(includeCurrentVersion);
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts
index fc79d7e37cebb..15185521563a1 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts
@@ -5,10 +5,19 @@
  * 2.0.
  */
 
-import { CoreStart } from '@kbn/core/server';
+import { CoreSetup } from '@kbn/core/server';
+import { CloudSetup } from '@kbn/cloud-plugin/server';
 import { EsLegacyConfigService } from '../services/es_legacy_config_service';
 
-export function getFallbackKibanaUrl({ http }: CoreStart) {
+export function getKibanaUrl(coreSetup: CoreSetup, cloudSetup?: CloudSetup) {
+  return (
+    coreSetup.http.basePath.publicBaseUrl ?? // priority given to server.publicBaseUrl
+    cloudSetup?.kibanaUrl ?? // then cloud id
+    getFallbackKibanaUrl(coreSetup) // falls back to local network binding
+  );
+}
+
+export function getFallbackKibanaUrl({ http }: CoreSetup) {
   const basePath = http.basePath;
   const { protocol, hostname, port } = http.getServerInfo();
   return `${protocol}://${hostname}:${port}${basePath
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts
index bedd1de0a80da..7816843bca3dc 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts
@@ -7,52 +7,24 @@
 
 import { ElasticsearchClient } from '@kbn/core/server';
 import { termQuery } from '@kbn/observability-plugin/server';
+import type { estypes } from '@elastic/elasticsearch';
 import { AGENT_ID } from '../../../common/es_fields';
-import {
-  LogFilesState,
-  ObservabilityOnboardingType,
-  SystemLogsState,
-} from '../../saved_objects/observability_onboarding_status';
-import { ElasticAgentStepPayload } from '../types';
-
-export async function getHasLogs({
-  type,
-  state,
-  esClient,
-  payload,
-}: {
-  type: ObservabilityOnboardingType;
-  state?: LogFilesState | SystemLogsState;
-  esClient: ElasticsearchClient;
-  payload?: ElasticAgentStepPayload;
-}) {
-  if (!state) {
-    return false;
-  }
 
+export async function getHasLogs(esClient: ElasticsearchClient, agentId: string) {
   try {
-    const { namespace } = state;
-    const index =
-      type === 'logFiles'
-        ? `logs-${(state as LogFilesState).datasetName}-${namespace}`
-        : [`logs-system.syslog-${namespace}`, `logs-system.auth-${namespace}`];
-
-    const agentId = payload?.agentId;
-
-    const { hits } = await esClient.search({
-      index,
+    const result = await esClient.search({
+      index: ['logs-*', 'metrics-*'],
       ignore_unavailable: true,
+      size: 0,
       terminate_after: 1,
-      body: {
-        query: {
-          bool: {
-            filter: [...termQuery(AGENT_ID, agentId)],
-          },
+      query: {
+        bool: {
+          filter: termQuery(AGENT_ID, agentId),
         },
       },
     });
-    const total = hits.total as { value: number };
-    return total.value > 0;
+    const { value } = result.hits.total as estypes.SearchTotalHits;
+    return value > 0;
   } catch (error) {
     if (error.statusCode === 404) {
       return false;
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
index b43edf76ce0a5..c58a5ef257fbb 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
@@ -12,15 +12,20 @@ import {
   FleetUnauthorizedError,
   type PackageClient,
 } from '@kbn/fleet-plugin/server';
-import type { TemplateAgentPolicyInput } from '@kbn/fleet-plugin/common';
 import { dump } from 'js-yaml';
+import { PackageDataStreamTypes } from '@kbn/fleet-plugin/common/types';
 import { getObservabilityOnboardingFlow, saveObservabilityOnboardingFlow } from '../../lib/state';
+import type { SavedObservabilityOnboardingFlow } from '../../saved_objects/observability_onboarding_status';
 import { ObservabilityOnboardingFlow } from '../../saved_objects/observability_onboarding_status';
 import { createObservabilityOnboardingServerRoute } from '../create_observability_onboarding_server_route';
 import { getHasLogs } from './get_has_logs';
-
+import { getKibanaUrl } from '../../lib/get_fallback_urls';
+import { hasLogMonitoringPrivileges } from '../logs/api_key/has_log_monitoring_privileges';
+import { createShipperApiKey } from '../logs/api_key/create_shipper_api_key';
+import { createInstallApiKey } from '../logs/api_key/create_install_api_key';
+import { getAgentVersion } from '../../lib/get_agent_version';
 import { getFallbackESUrl } from '../../lib/get_fallback_urls';
-import { ElasticAgentStepPayload, Integration, StepProgressPayloadRT } from '../types';
+import { ElasticAgentStepPayload, InstalledIntegration, StepProgressPayloadRT } from '../types';
 
 const updateOnboardingFlowRoute = createObservabilityOnboardingServerRoute({
   endpoint: 'PUT /internal/observability_onboarding/flow/{onboardingId}',
@@ -129,9 +134,7 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({
       onboardingId: t.string,
     }),
   }),
-  async handler(resources): Promise<{
-    progress: Record<string, { status: string; message?: string }>;
-  }> {
+  async handler(resources): Promise<Pick<SavedObservabilityOnboardingFlow, 'progress'>> {
     const {
       params: {
         path: { onboardingId },
@@ -154,21 +157,11 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({
 
     const esClient = coreStart.elasticsearch.client.asScoped(request).asCurrentUser;
 
-    const type = savedObservabilityOnboardingState.type;
-
     if (progress['ea-status']?.status === 'complete') {
+      const { agentId } = progress['ea-status']?.payload as ElasticAgentStepPayload;
       try {
-        const hasLogs = await getHasLogs({
-          type,
-          state: savedObservabilityOnboardingState.state,
-          esClient,
-          payload: progress['ea-status']?.payload as ElasticAgentStepPayload,
-        });
-        if (hasLogs) {
-          progress['logs-ingest'] = { status: 'complete' };
-        } else {
-          progress['logs-ingest'] = { status: 'loading' };
-        }
+        const hasLogs = await getHasLogs(esClient, agentId);
+        progress['logs-ingest'] = { status: hasLogs ? 'complete' : 'loading' };
       } catch (error) {
         progress['logs-ingest'] = { status: 'warning', message: error.message };
       }
@@ -180,6 +173,88 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({
   },
 });
 
+/**
+ * This endpoint starts a new onboarding flow and creates two API keys:
+ * 1. A short-lived API key with privileges to install integrations.
+ * 2. An API key with privileges to ingest log and metric data used to configure Elastic Agent.
+ *
+ * It also returns all required information to download the onboarding script and install the
+ * Elastic agent.
+ *
+ * If the user does not have all necessary privileges a 403 Forbidden response is returned.
+ *
+ * This endpoint differs from the existing `POST /internal/observability_onboarding/logs/flow`
+ * endpoint in that it caters for the auto-detect flow where integrations are detected and installed
+ * on the host system, rather than in the Kiabana UI.
+ */
+const createFlowRoute = createObservabilityOnboardingServerRoute({
+  endpoint: 'POST /internal/observability_onboarding/flow',
+  options: { tags: [] },
+  params: t.type({
+    body: t.type({
+      name: t.string,
+    }),
+  }),
+  async handler(resources) {
+    const {
+      context,
+      params: {
+        body: { name },
+      },
+      core,
+      request,
+      plugins,
+      kibanaVersion,
+    } = resources;
+    const coreStart = await core.start();
+    const {
+      elasticsearch: { client },
+    } = await context.core;
+    const savedObjectsClient = coreStart.savedObjects.getScopedClient(request);
+
+    const hasPrivileges = await hasLogMonitoringPrivileges(client.asCurrentUser);
+    if (!hasPrivileges) {
+      throw Boom.forbidden('Unauthorized to create log indices');
+    }
+
+    const fleetPluginStart = await plugins.fleet.start();
+    const securityPluginStart = await plugins.security.start();
+
+    const [onboardingFlow, ingestApiKey, installApiKey, elasticAgentVersion] = await Promise.all([
+      saveObservabilityOnboardingFlow({
+        savedObjectsClient,
+        observabilityOnboardingState: {
+          type: 'autoDetect',
+          state: undefined,
+          progress: {},
+        },
+      }),
+      createShipperApiKey(client.asCurrentUser, name),
+      securityPluginStart.authc.apiKeys.create(request, createInstallApiKey(name)),
+      getAgentVersion(fleetPluginStart, kibanaVersion),
+    ]);
+
+    if (!installApiKey) {
+      throw Boom.notFound('License does not allow API key creation.');
+    }
+
+    const kibanaUrl = getKibanaUrl(core.setup, plugins.cloud?.setup);
+    const scriptDownloadUrl = new URL(
+      core.setup.http.staticAssets.getPluginAssetHref('auto_detect.sh'),
+      kibanaUrl
+    ).toString();
+
+    return {
+      onboardingFlow,
+      ingestApiKey: ingestApiKey.encoded,
+      installApiKey: installApiKey.encoded,
+      elasticAgentVersion,
+      kibanaUrl,
+      scriptDownloadUrl,
+    };
+  },
+});
+
 /**
  * This endpoints installs the requested integrations and returns the corresponding config file for Elastic Agent.
  *
@@ -239,9 +314,12 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({
       });
     }
 
-    let agentPolicyInputs: TemplateAgentPolicyInput[] = [];
+    let installedIntegrations: InstalledIntegration[] = [];
     try {
-      agentPolicyInputs = await ensureInstalledIntegrations(integrationsToInstall, packageClient);
+      installedIntegrations = await ensureInstalledIntegrations(
+        integrationsToInstall,
+        packageClient
+      );
     } catch (error) {
       if (error instanceof FleetUnauthorizedError) {
         return response.forbidden({
@@ -262,10 +340,10 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({
           ...savedObservabilityOnboardingState.progress,
           'install-integrations': {
             status: 'complete',
-            payload: integrationsToInstall,
+            payload: installedIntegrations,
           },
         },
-      } as ObservabilityOnboardingFlow,
+      },
     });
 
     const elasticsearchUrl = plugins.cloud?.setup?.elasticsearchUrl
@@ -278,55 +356,89 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({
       },
       body: generateAgentConfig({
         esHost: elasticsearchUrl,
-        inputs: agentPolicyInputs,
+        inputs: installedIntegrations.map(({ inputs }) => inputs).flat(),
       }),
     });
   },
 });
 
+export interface RegistryIntegrationToInstall {
+  pkgName: string;
+  installSource: 'registry';
+}
+export interface CustomIntegrationToInstall {
+  pkgName: string;
+  installSource: 'custom';
+  logFilePaths: string[];
+}
+export type IntegrationToInstall = RegistryIntegrationToInstall | CustomIntegrationToInstall;
+
 async function ensureInstalledIntegrations(
-  integrationsToInstall: Integration[],
+  integrationsToInstall: IntegrationToInstall[],
   packageClient: PackageClient
-) {
-  const agentPolicyInputs: TemplateAgentPolicyInput[] = [];
-  for (const integration of integrationsToInstall) {
-    const { pkgName, installSource } = integration;
-    if (installSource === 'registry') {
-      const pkg = await packageClient.ensureInstalledPackage({ pkgName });
-      const inputs = await packageClient.getAgentPolicyInputs(pkg.name, pkg.version);
-      agentPolicyInputs.push(...inputs.filter((input) => input.type !== 'httpjson'));
-    } else if (installSource === 'custom') {
-      const input: TemplateAgentPolicyInput = {
-        id: `filestream-${pkgName}`,
-        type: 'filestream',
-        streams: [
+): Promise<InstalledIntegration[]> {
+  return Promise.all(
+    integrationsToInstall.map(async (integration) => {
+      const { pkgName, installSource } = integration;
+
+      if (installSource === 'registry') {
+        const pkg = await packageClient.ensureInstalledPackage({ pkgName });
+        const inputs = await packageClient.getAgentPolicyInputs(pkg.name, pkg.version);
+        const { packageInfo } = await packageClient.getPackage(pkg.name, pkg.version);
+
+        return {
+          installSource,
+          pkgName: pkg.name,
+          pkgVersion: pkg.version,
+          title: packageInfo.title,
+          inputs: inputs.filter((input) => input.type !== 'httpjson'),
+          dataStreams:
+            packageInfo.data_streams?.map(({ type, dataset }) => ({ type, dataset })) ?? [],
+          kibanaAssets: pkg.installed_kibana,
+        };
+      }
+
+      const dataStream = {
+        type: 'logs',
+        dataset: pkgName,
+      };
+      const installed: InstalledIntegration = {
+        installSource,
+        pkgName,
+        pkgVersion: '1.0.0', // Custom integrations are always installed as version `1.0.0`
+        title: pkgName,
+        inputs: [
           {
             id: `filestream-${pkgName}`,
-            data_stream: {
-              type: 'logs',
-              dataset: pkgName,
-            },
-            paths: integration.logFilePaths,
+            type: 'filestream',
+            streams: [
+              {
+                id: `filestream-${pkgName}`,
+                data_stream: dataStream,
+                paths: integration.logFilePaths,
+              },
+            ],
           },
         ],
+        dataStreams: [dataStream],
+        kibanaAssets: [],
       };
       try {
         await packageClient.installCustomIntegration({
           pkgName,
-          datasets: [{ name: pkgName, type: 'logs' }],
+          datasets: [{ name: dataStream.dataset, type: dataStream.type as PackageDataStreamTypes }],
         });
-        agentPolicyInputs.push(input);
+        return installed;
       } catch (error) {
         // If the error is a naming collision, we can assume the integration is already installed and treat this step as successful
         if (error instanceof NamingCollisionError) {
-          agentPolicyInputs.push(input);
+          return installed;
         } else {
           throw error;
         }
       }
-    }
-  }
-  return agentPolicyInputs;
+    })
+  );
 }
 
 /**
@@ -347,48 +459,46 @@ async function ensureInstalledIntegrations(
 function parseIntegrationsTSV(tsv: string) {
   return Object.values(
     tsv
+      .trim()
       .split('\n')
       .map((line) => line.split('\t', 3))
-      .reduce<Record<string, Integration>>((acc, [pkgName, installSource, logFilePath]) => {
-        const key = `${pkgName}-${installSource}`;
-        if (installSource === 'registry') {
-          if (logFilePath) {
-            throw new Error(`Integration '${pkgName}' does not support a file path`);
-          }
-          acc[key] = {
-            pkgName,
-            installSource,
-          };
-          return acc;
-        } else if (installSource === 'custom') {
-          if (!logFilePath) {
-            throw new Error(`Missing file path for integration: ${pkgName}`);
-          }
-          // Append file path if integration is already in the list
-          const existing = acc[key];
-          if (existing && existing.installSource === 'custom') {
-            existing.logFilePaths.push(logFilePath);
+      .reduce<Record<string, IntegrationToInstall>>(
+        (acc, [pkgName, installSource, logFilePath]) => {
+          const key = `${pkgName}-${installSource}`;
+          if (installSource === 'registry') {
+            if (logFilePath) {
+              throw new Error(`Integration '${pkgName}' does not support a file path`);
+            }
+            acc[key] = {
+              pkgName,
+              installSource,
+            };
+            return acc;
+          } else if (installSource === 'custom') {
+            if (!logFilePath) {
+              throw new Error(`Missing file path for integration: ${pkgName}`);
+            }
+            // Append file path if integration is already in the list
+            const existing = acc[key];
+            if (existing && existing.installSource === 'custom') {
+              existing.logFilePaths.push(logFilePath);
+              return acc;
+            }
+            acc[key] = {
+              pkgName,
+              installSource,
+              logFilePaths: [logFilePath],
+            };
             return acc;
           }
-          acc[key] = {
-            pkgName,
-            installSource,
-            logFilePaths: [logFilePath],
-          };
-          return acc;
-        }
-        throw new Error(`Invalid install source: ${installSource}`);
-      }, {})
+          throw new Error(`Invalid install source: ${installSource}`);
+        },
+        {}
+      )
   );
 }
 
-const generateAgentConfig = ({
-  esHost,
-  inputs = [],
-}: {
-  esHost: string[];
-  inputs: TemplateAgentPolicyInput[];
-}) => {
+const generateAgentConfig = ({ esHost, inputs = [] }: { esHost: string[]; inputs: unknown[] }) => {
   return dump({
     outputs: {
       default: {
@@ -402,6 +512,7 @@ const generateAgentConfig = ({
 };
 
 export const flowRouteRepository = {
+  ...createFlowRoute,
   ...updateOnboardingFlowRoute,
   ...stepProgressUpdateRoute,
   ...getProgressRoute,
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts
new file mode 100644
index 0000000000000..d97dd6ac6580c
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ALL_SPACES_ID } from '@kbn/spaces-plugin/common/constants';
+import type { CreateAPIKeyParams } from '@kbn/security-plugin/server';
+
+/**
+ * Creates a short lived API key with the necessary permissions to install integrations
+ */
+export function createInstallApiKey(name: string): CreateAPIKeyParams {
+  return {
+    name: `onboarding_install_${name}`,
+    expiration: '1h', // This API key is only used for initial setup and should be short lived
+    metadata: {
+      managed: true,
+      application: 'logs',
+    },
+    kibana_role_descriptors: {
+      can_install_integrations: {
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+        },
+        kibana: [
+          {
+            feature: {
+              fleet: ['all'],
+              fleetv2: ['all'], // TODO: Remove this once #183020 is resolved
+            },
+            spaces: [ALL_SPACES_ID],
+          },
+        ],
+      },
+    },
+  };
+}
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts
index 80814aa308abc..70a3bf344fee6 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts
@@ -13,7 +13,10 @@ export function createShipperApiKey(esClient: ElasticsearchClient, name: string)
   return esClient.security.createApiKey({
     body: {
       name: `standalone_agent_logs_onboarding_${name}`,
-      metadata: { application: 'logs' },
+      metadata: {
+        managed: true,
+        application: 'logs',
+      },
       role_descriptors: {
         standalone_agent: {
           cluster,
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts
index b46b1508ed21b..4f7c1360dc082 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts
@@ -7,7 +7,8 @@
 
 import * as t from 'io-ts';
 import { createObservabilityOnboardingServerRoute } from '../create_observability_onboarding_server_route';
-import { getFallbackKibanaUrl } from '../../lib/get_fallback_urls';
+import { getKibanaUrl } from '../../lib/get_fallback_urls';
+import { getAgentVersion } from '../../lib/get_agent_version';
 import { hasLogMonitoringPrivileges } from './api_key/has_log_monitoring_privileges';
 import { saveObservabilityOnboardingFlow } from '../../lib/state';
 import { createShipperApiKey } from './api_key/create_shipper_api_key';
@@ -39,27 +40,12 @@ const installShipperSetupRoute = createObservabilityOnboardingServerRoute({
     elasticAgentVersion: string;
   }> {
     const { core, plugins, kibanaVersion } = resources;
-    const coreStart = await core.start();
 
     const fleetPluginStart = await plugins.fleet.start();
-    const agentClient = fleetPluginStart.agentService.asInternalUser;
-
-    // If undefined, we will follow fleet's strategy to select latest available version:
-    // for serverless we will use the latest published version, for statefull we will use
-    // current Kibana version. If false, irrespective of fleet flags and logic, we are
-    // explicitly deciding to not append the current version.
-    const includeCurrentVersion = kibanaVersion.endsWith('-SNAPSHOT') ? false : undefined;
-
-    const elasticAgentVersion = await agentClient.getLatestAgentAvailableVersion(
-      includeCurrentVersion
-    );
-
-    const kibanaUrl =
-      core.setup.http.basePath.publicBaseUrl ?? // priority given to server.publicBaseUrl
-      plugins.cloud?.setup?.kibanaUrl ?? // then cloud id
-      getFallbackKibanaUrl(coreStart); // falls back to local network binding
+    const elasticAgentVersion = await getAgentVersion(fleetPluginStart, kibanaVersion);
+    const kibanaUrl = getKibanaUrl(core.setup, plugins.cloud?.setup);
     const scriptDownloadUrl = new URL(
-      coreStart.http.staticAssets.getPluginAssetHref('standalone_agent_setup.sh'),
+      core.setup.http.staticAssets.getPluginAssetHref('standalone_agent_setup.sh'),
       kibanaUrl
     ).toString();
 
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts
index e9ab6b14dab54..de2e7ce65fd2d 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts
@@ -52,19 +52,27 @@ export interface ObservabilityOnboardingRouteCreateOptions {
   };
 }
 
-export const IntegrationRT = t.union([
-  t.type({
-    pkgName: t.string,
-    installSource: t.literal('registry'),
-  }),
-  t.type({
-    pkgName: t.string,
-    installSource: t.literal('custom'),
-    logFilePaths: t.array(t.string),
-  }),
-]);
+export const IntegrationRT = t.type({
+  installSource: t.union([t.literal('registry'), t.literal('custom')]),
+  pkgName: t.string,
+  pkgVersion: t.string,
+  title: t.string,
+  inputs: t.array(t.unknown),
+  dataStreams: t.array(
+    t.type({
+      type: t.string,
+      dataset: t.string,
+    })
+  ),
+  kibanaAssets: t.array(
+    t.type({
+      type: t.string,
+      id: t.string,
+    })
+  ),
+});
 
-export type Integration = t.TypeOf<typeof IntegrationRT>;
+export type InstalledIntegration = t.TypeOf<typeof IntegrationRT>;
 
 export const ElasticAgentStepPayloadRT = t.type({
   agentId: t.string,
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts
index 297f7f33a9d64..a7ef942d7ea0a 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts
@@ -23,7 +23,7 @@ export interface SystemLogsState {
   namespace: string;
 }
 
-export type ObservabilityOnboardingType = 'logFiles' | 'systemLogs';
+export type ObservabilityOnboardingType = 'logFiles' | 'systemLogs' | 'autoDetect';
 
 type ObservabilityOnboardingFlowState = LogFilesState | SystemLogsState | undefined;
 
@@ -64,8 +64,21 @@ const ElasticAgentStepPayloadSchema = schema.object({
 export const InstallIntegrationsStepPayloadSchema = schema.arrayOf(
   schema.object({
     pkgName: schema.string(),
-    installSource: schema.string(),
-    logFilePaths: schema.maybe(schema.arrayOf(schema.string())),
+    pkgVersion: schema.string(),
+    installSource: schema.oneOf([schema.literal('registry'), schema.literal('custom')]),
+    inputs: schema.arrayOf(schema.any()),
+    dataStreams: schema.arrayOf(
+      schema.object({
+        type: schema.string(),
+        dataset: schema.string(),
+      })
+    ),
+    kibanaAssets: schema.arrayOf(
+      schema.object({
+        type: schema.string(),
+        id: schema.string(),
+      })
+    ),
   })
 );
 
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts
index 1c3cbbf26937c..8eee0943d3590 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts
@@ -12,6 +12,7 @@ import {
   PluginStart as DataPluginStart,
 } from '@kbn/data-plugin/server';
 import { FleetSetupContract, FleetStartContract } from '@kbn/fleet-plugin/server';
+import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server';
 import { ObservabilityPluginSetup } from '@kbn/observability-plugin/server';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 
@@ -21,6 +22,7 @@ export interface ObservabilityOnboardingPluginSetupDependencies {
   cloud: CloudSetup;
   usageCollection: UsageCollectionSetup;
   fleet: FleetSetupContract;
+  security: SecurityPluginSetup;
 }
 
 export interface ObservabilityOnboardingPluginStartDependencies {
@@ -29,6 +31,7 @@ export interface ObservabilityOnboardingPluginStartDependencies {
   cloud: CloudStart;
   usageCollection: undefined;
   fleet: FleetStartContract;
+  security: SecurityPluginStart;
 }
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json b/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json
index 947a1230afd16..5833bba22a6e4 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json
+++ b/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json
@@ -38,7 +38,14 @@
     "@kbn/home-sample-data-tab",
     "@kbn/react-kibana-context-render",
     "@kbn/react-kibana-context-theme",
-    "@kbn/ebt"
+    "@kbn/discover-plugin",
+    "@kbn/utility-types",
+    "@kbn/spaces-plugin",
+    "@kbn/ebt",
+    "@kbn/dashboard-plugin",
+    "@kbn/deeplinks-analytics"
   ],
-  "exclude": ["target/**/*"]
+  "exclude": [
+    "target/**/*"
+  ]
 }
diff --git a/x-pack/plugins/observability_solution/slo/common/constants.ts b/x-pack/plugins/observability_solution/slo/common/constants.ts
index a70a5fe082730..37558bda23732 100644
--- a/x-pack/plugins/observability_solution/slo/common/constants.ts
+++ b/x-pack/plugins/observability_solution/slo/common/constants.ts
@@ -15,6 +15,7 @@ export const ALERT_ACTION = {
   name: i18n.translate('xpack.slo.alerting.burnRate.alertAction', {
     defaultMessage: 'Critical',
   }),
+  severity: { level: 3 },
 };
 
 export const HIGH_PRIORITY_ACTION_ID = 'slo.burnRate.high';
@@ -23,6 +24,7 @@ export const HIGH_PRIORITY_ACTION = {
   name: i18n.translate('xpack.slo.alerting.burnRate.highPriorityAction', {
     defaultMessage: 'High',
   }),
+  severity: { level: 2 },
 };
 
 export const MEDIUM_PRIORITY_ACTION_ID = 'slo.burnRate.medium';
@@ -31,6 +33,7 @@ export const MEDIUM_PRIORITY_ACTION = {
   name: i18n.translate('xpack.slo.alerting.burnRate.mediumPriorityAction', {
     defaultMessage: 'Medium',
   }),
+  severity: { level: 1 },
 };
 
 export const LOW_PRIORITY_ACTION_ID = 'slo.burnRate.low';
@@ -39,6 +42,7 @@ export const LOW_PRIORITY_ACTION = {
   name: i18n.translate('xpack.slo.alerting.burnRate.lowPriorityAction', {
     defaultMessage: 'Low',
   }),
+  severity: { level: 0 },
 };
 
 export const SUPPRESSED_PRIORITY_ACTION_ID = 'slo.burnRate.suppressed';
diff --git a/x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts b/x-pack/plugins/observability_solution/slo/common/parse_kuery.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts
rename to x-pack/plugins/observability_solution/slo/common/parse_kuery.ts
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
index 90f3e26fa4ed8..c0fa8347e216b 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
@@ -35,7 +35,7 @@
   "paths": {
     "/s/{spaceId}/api/observability/slos": {
       "post": {
-        "summary": "Creates an SLO.",
+        "summary": "Create an SLO",
         "operationId": "createSloOp",
         "description": "You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -118,7 +118,7 @@
         ]
       },
       "get": {
-        "summary": "Retrieves a paginated list of SLOs",
+        "summary": "Get a paginated list of SLOs",
         "operationId": "findSlosOp",
         "description": "You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -256,7 +256,7 @@
     },
     "/s/{spaceId}/api/observability/slos/{sloId}": {
       "get": {
-        "summary": "Retrieves a SLO",
+        "summary": "Get an SLO",
         "operationId": "getSloOp",
         "description": "You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -336,7 +336,7 @@
         }
       },
       "put": {
-        "summary": "Updates an SLO",
+        "summary": "Update an SLO",
         "operationId": "updateSloOp",
         "description": "You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -417,7 +417,7 @@
         }
       },
       "delete": {
-        "summary": "Deletes an SLO",
+        "summary": "Delete an SLO",
         "operationId": "deleteSloOp",
         "description": "You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -483,7 +483,7 @@
     },
     "/s/{spaceId}/api/observability/slos/{sloId}/enable": {
       "post": {
-        "summary": "Enables an SLO",
+        "summary": "Enable an SLO",
         "operationId": "enableSloOp",
         "description": "You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -549,7 +549,7 @@
     },
     "/s/{spaceId}/api/observability/slos/{sloId}/disable": {
       "post": {
-        "summary": "Disables an SLO",
+        "summary": "Disable an SLO",
         "operationId": "disableSloOp",
         "description": "You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -615,7 +615,7 @@
     },
     "/s/{spaceId}/api/observability/slos/{sloId}/_reset": {
       "post": {
-        "summary": "Resets an SLO.",
+        "summary": "Reset an SLO",
         "operationId": "resetSloOp",
         "description": "You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -688,7 +688,7 @@
     },
     "/s/{spaceId}/internal/observability/slos/_historical_summary": {
       "post": {
-        "summary": "Retrieves the historical summary for a list of SLOs",
+        "summary": "Get a historical summary for SLOs",
         "operationId": "historicalSummaryOp",
         "description": "You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
@@ -856,9 +856,9 @@
     },
     "/s/{spaceId}/api/observability/slos/_delete_instances": {
       "post": {
-        "summary": "Batch delete rollup and summary data for the matching list of sloId and instanceId",
+        "summary": "Batch delete rollup and summary data",
         "operationId": "deleteSloInstancesOp",
-        "description": "You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
+        "description": "The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n",
         "tags": [
           "slo"
         ],
@@ -1066,6 +1066,9 @@
           },
           "value": {
             "type": "string"
+          },
+          "field": {
+            "type": "string"
           }
         }
       },
@@ -1107,6 +1110,56 @@
           }
         ]
       },
+      "kql_with_filters_good": {
+        "title": "KQL query for good events",
+        "description": "The KQL query used to define the good events.",
+        "oneOf": [
+          {
+            "description": "the KQL query to filter the documents with.",
+            "type": "string",
+            "example": "request.latency <= 150 and request.status_code : \"2xx\""
+          },
+          {
+            "type": "object",
+            "properties": {
+              "kqlQuery": {
+                "type": "string"
+              },
+              "filters": {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/filter"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "kql_with_filters_total": {
+        "title": "KQL query for all events",
+        "description": "The KQL query used to define all events.",
+        "oneOf": [
+          {
+            "description": "the KQL query to filter the documents with.",
+            "type": "string",
+            "example": "field.environment : \"production\" and service.name : \"my-service\""
+          },
+          {
+            "type": "object",
+            "properties": {
+              "kqlQuery": {
+                "type": "string"
+              },
+              "filters": {
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/filter"
+                }
+              }
+            }
+          }
+        ]
+      },
       "indicator_properties_custom_kql": {
         "title": "Custom Query",
         "required": [
@@ -1132,19 +1185,19 @@
                 "type": "string",
                 "example": "my-service-*"
               },
+              "dataViewId": {
+                "description": "The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.",
+                "type": "string",
+                "example": "03b80ab3-003d-498b-881c-3beedbaf1162"
+              },
               "filter": {
-                "description": "the KQL query to filter the documents with.",
                 "$ref": "#/components/schemas/kql_with_filters"
               },
               "good": {
-                "description": "the KQL query used to define the good events.",
-                "$ref": "#/components/schemas/kql_with_filters",
-                "example": "request.latency <= 150 and request.status_code : \"2xx\""
+                "$ref": "#/components/schemas/kql_with_filters_good"
               },
               "total": {
-                "description": "the KQL query used to define all events.",
-                "$ref": "#/components/schemas/kql_with_filters",
-                "example": ""
+                "$ref": "#/components/schemas/kql_with_filters_total"
               },
               "timestampField": {
                 "description": "The timestamp field used in the source indice.\n",
@@ -1251,6 +1304,11 @@
                 "type": "string",
                 "example": "my-service-*"
               },
+              "dataViewId": {
+                "description": "The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.",
+                "type": "string",
+                "example": "03b80ab3-003d-498b-881c-3beedbaf1162"
+              },
               "filter": {
                 "description": "the KQL query to filter the documents with.",
                 "type": "string",
@@ -1401,6 +1459,11 @@
                 "type": "string",
                 "example": "my-service-*"
               },
+              "dataViewId": {
+                "description": "The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.",
+                "type": "string",
+                "example": "03b80ab3-003d-498b-881c-3beedbaf1162"
+              },
               "filter": {
                 "description": "the KQL query to filter the documents with.",
                 "type": "string",
@@ -1633,6 +1696,11 @@
                 "type": "string",
                 "example": "my-service-*"
               },
+              "dataViewId": {
+                "description": "The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.",
+                "type": "string",
+                "example": "03b80ab3-003d-498b-881c-3beedbaf1162"
+              },
               "filter": {
                 "description": "the KQL query to filter the documents with.",
                 "type": "string",
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
index 6f826fb8f2e10..5aae7bbce3778 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
@@ -20,7 +20,7 @@ tags:
 paths:
   /s/{spaceId}/api/observability/slos:
     post:
-      summary: Creates an SLO.
+      summary: Create an SLO
       operationId: createSloOp
       description: |
         You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -69,7 +69,7 @@ paths:
       servers:
         - url: https://localhost:5601
     get:
-      summary: Retrieves a paginated list of SLOs
+      summary: Get a paginated list of SLOs
       operationId: findSlosOp
       description: |
         You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -159,7 +159,7 @@ paths:
                 $ref: '#/components/schemas/404_response'
   /s/{spaceId}/api/observability/slos/{sloId}:
     get:
-      summary: Retrieves a SLO
+      summary: Get an SLO
       operationId: getSloOp
       description: |
         You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -207,7 +207,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/404_response'
     put:
-      summary: Updates an SLO
+      summary: Update an SLO
       operationId: updateSloOp
       description: |
         You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -255,7 +255,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/404_response'
     delete:
-      summary: Deletes an SLO
+      summary: Delete an SLO
       operationId: deleteSloOp
       description: |
         You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -294,7 +294,7 @@ paths:
                 $ref: '#/components/schemas/404_response'
   /s/{spaceId}/api/observability/slos/{sloId}/enable:
     post:
-      summary: Enables an SLO
+      summary: Enable an SLO
       operationId: enableSloOp
       description: |
         You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -333,7 +333,7 @@ paths:
                 $ref: '#/components/schemas/404_response'
   /s/{spaceId}/api/observability/slos/{sloId}/disable:
     post:
-      summary: Disables an SLO
+      summary: Disable an SLO
       operationId: disableSloOp
       description: |
         You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -372,7 +372,7 @@ paths:
                 $ref: '#/components/schemas/404_response'
   /s/{spaceId}/api/observability/slos/{sloId}/_reset:
     post:
-      summary: Resets an SLO.
+      summary: Reset an SLO
       operationId: resetSloOp
       description: |
         You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -415,7 +415,7 @@ paths:
                 $ref: '#/components/schemas/404_response'
   /s/{spaceId}/internal/observability/slos/_historical_summary:
     post:
-      summary: Retrieves the historical summary for a list of SLOs
+      summary: Get a historical summary for SLOs
       operationId: historicalSummaryOp
       description: |
         You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
@@ -519,10 +519,10 @@ paths:
                 $ref: '#/components/schemas/403_response'
   /s/{spaceId}/api/observability/slos/_delete_instances:
     post:
-      summary: Batch delete rollup and summary data for the matching list of sloId and instanceId
+      summary: Batch delete rollup and summary data
       operationId: deleteSloInstancesOp
       description: |
-        You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
+        The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       tags:
         - slo
       parameters:
@@ -667,6 +667,8 @@ components:
           type: object
         value:
           type: string
+        field:
+          type: string
     filter:
       title: Filter
       description: Defines properties for a filter
@@ -691,6 +693,36 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/filter'
+    kql_with_filters_good:
+      title: KQL query for good events
+      description: The KQL query used to define the good events.
+      oneOf:
+        - description: the KQL query to filter the documents with.
+          type: string
+          example: 'request.latency <= 150 and request.status_code : "2xx"'
+        - type: object
+          properties:
+            kqlQuery:
+              type: string
+            filters:
+              type: array
+              items:
+                $ref: '#/components/schemas/filter'
+    kql_with_filters_total:
+      title: KQL query for all events
+      description: The KQL query used to define all events.
+      oneOf:
+        - description: the KQL query to filter the documents with.
+          type: string
+          example: 'field.environment : "production" and service.name : "my-service"'
+        - type: object
+          properties:
+            kqlQuery:
+              type: string
+            filters:
+              type: array
+              items:
+                $ref: '#/components/schemas/filter'
     indicator_properties_custom_kql:
       title: Custom Query
       required:
@@ -713,17 +745,16 @@ components:
               description: The index or index pattern to use
               type: string
               example: my-service-*
+            dataViewId:
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
             filter:
-              description: the KQL query to filter the documents with.
               $ref: '#/components/schemas/kql_with_filters'
             good:
-              description: the KQL query used to define the good events.
-              $ref: '#/components/schemas/kql_with_filters'
-              example: 'request.latency <= 150 and request.status_code : "2xx"'
+              $ref: '#/components/schemas/kql_with_filters_good'
             total:
-              description: the KQL query used to define all events.
-              $ref: '#/components/schemas/kql_with_filters'
-              example: ''
+              $ref: '#/components/schemas/kql_with_filters_total'
             timestampField:
               description: |
                 The timestamp field used in the source indice.
@@ -807,6 +838,10 @@ components:
               description: The index or index pattern to use
               type: string
               example: my-service-*
+            dataViewId:
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
             filter:
               description: the KQL query to filter the documents with.
               type: string
@@ -924,6 +959,10 @@ components:
               description: The index or index pattern to use
               type: string
               example: my-service-*
+            dataViewId:
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
             filter:
               description: the KQL query to filter the documents with.
               type: string
@@ -1107,6 +1146,10 @@ components:
               description: The index or index pattern to use
               type: string
               example: my-service-*
+            dataViewId:
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
+              type: string
+              example: 03b80ab3-003d-498b-881c-3beedbaf1162
             filter:
               description: the KQL query to filter the documents with.
               type: string
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_kql.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_kql.yaml
index 8f6b9accbfaff..8bcfaee4fcd1e 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_kql.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_kql.yaml
@@ -23,18 +23,13 @@ properties:
         description: The kibana data view id to use, primarily used to include data view runtime mappings.
                      Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
         type: string
-        example: 03b80ab3-003d-498b-881c-3beedbaf1162
+        example: '03b80ab3-003d-498b-881c-3beedbaf1162'
       filter:
-        description: the KQL query to filter the documents with.
         $ref: "kql_with_filters.yaml"
       good:
-        description: the KQL query used to define the good events.
-        $ref: "kql_with_filters.yaml"
-        example: 'request.latency <= 150 and request.status_code : "2xx"'
+        $ref: "kql_with_filters_good.yaml"
       total:
-        description: the KQL query used to define all events.
-        $ref: "kql_with_filters.yaml"
-        example: ''
+        $ref: "kql_with_filters_total.yaml"
       timestampField:
         description: >
           The timestamp field used in the source indice.
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_metric.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_metric.yaml
index 1d9a0ed827913..4084cf6feb763 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_metric.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_custom_metric.yaml
@@ -23,7 +23,7 @@ properties:
         description: The kibana data view id to use, primarily used to include data view runtime mappings.
           Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
         type: string
-        example: 03b80ab3-003d-498b-881c-3beedbaf1162
+        example: '03b80ab3-003d-498b-881c-3beedbaf1162'
       filter:
         description: the KQL query to filter the documents with.
         type: string
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_histogram.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_histogram.yaml
index 9dbaa87e838a5..3af531f80e5c6 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_histogram.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_histogram.yaml
@@ -23,7 +23,7 @@ properties:
         description: The kibana data view id to use, primarily used to include data view runtime mappings.
           Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
         type: string
-        example: 03b80ab3-003d-498b-881c-3beedbaf1162
+        example: '03b80ab3-003d-498b-881c-3beedbaf1162'
       filter:
         description: the KQL query to filter the documents with.
         type: string
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_timeslice_metric.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_timeslice_metric.yaml
index 43d399c733e02..8102ec0a312e6 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_timeslice_metric.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/indicator_properties_timeslice_metric.yaml
@@ -22,7 +22,7 @@ properties:
         description: The kibana data view id to use, primarily used to include data view runtime mappings.
           Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
         type: string
-        example: 03b80ab3-003d-498b-881c-3beedbaf1162
+        example: '03b80ab3-003d-498b-881c-3beedbaf1162'
       filter:
         description: the KQL query to filter the documents with.
         type: string
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_good.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_good.yaml
new file mode 100644
index 0000000000000..a8b97fcf669db
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_good.yaml
@@ -0,0 +1,14 @@
+title: KQL query for good events
+description: The KQL query used to define the good events.
+oneOf:
+  - description: the KQL query to filter the documents with.
+    type: string
+    example: 'request.latency <= 150 and request.status_code : "2xx"'
+  - type: object
+    properties:
+      kqlQuery:
+        type: string
+      filters:
+        type: array
+        items:
+          $ref: "filter.yaml"
\ No newline at end of file
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_total.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_total.yaml
new file mode 100644
index 0000000000000..ff0ebfca3274f
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/components/schemas/kql_with_filters_total.yaml
@@ -0,0 +1,14 @@
+title: KQL query for all events
+description: The KQL query used to define all events.
+oneOf:
+  - description: the KQL query to filter the documents with.
+    type: string
+    example: 'field.environment : "production" and service.name : "my-service"'
+  - type: object
+    properties:
+      kqlQuery:
+        type: string
+      filters:
+        type: array
+        items:
+          $ref: "filter.yaml"
\ No newline at end of file
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos.yaml
index 0b6cd584ed3f3..ed489df00d800 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos.yaml
@@ -1,5 +1,5 @@
 post:
-  summary: Creates an SLO.
+  summary: Create an SLO
   operationId: createSloOp
   description: >
     You must have `all` privileges for the **SLOs** feature in the
@@ -50,7 +50,7 @@ post:
     - url: https://localhost:5601
 
 get:
-  summary: Retrieves a paginated list of SLOs
+  summary: Get a paginated list of SLOs
   operationId: findSlosOp
   description: >
     You must have the `read` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_delete_instances.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_delete_instances.yaml
index e9775576695a2..3ae6388f09d59 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_delete_instances.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_delete_instances.yaml
@@ -1,7 +1,8 @@
 post:
-  summary: Batch delete rollup and summary data for the matching list of sloId and instanceId
+  summary: Batch delete rollup and summary data
   operationId: deleteSloInstancesOp
   description: >
+    The deletion occurs for the specified list of `sloId` and `instanceId`.
     You must have `all` privileges for the **SLOs** feature in the
     **Observability** section of the Kibana feature privileges.
   tags:
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_historical_summary.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_historical_summary.yaml
index a1394e1f28379..5e08a347c43df 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_historical_summary.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@_historical_summary.yaml
@@ -1,5 +1,5 @@
 post:
-  summary: Retrieves the historical summary for a list of SLOs
+  summary: Get a historical summary for SLOs
   operationId: historicalSummaryOp
   description: >
     You must have the `read` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}.yaml
index 76d8f0eb640da..a2e3d646b68fd 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}.yaml
@@ -1,5 +1,5 @@
 get:
-  summary: Retrieves a SLO
+  summary: Get an SLO
   operationId: getSloOp
   description: >
     You must have the `read` privileges for the **SLOs** feature in the
@@ -49,7 +49,7 @@ get:
             $ref: '../components/schemas/404_response.yaml'
 
 put:
-  summary: Updates an SLO
+  summary: Update an SLO
   operationId: updateSloOp
   description: >
     You must have the `write` privileges for the **SLOs** feature in the
@@ -99,7 +99,7 @@ put:
             $ref: '../components/schemas/404_response.yaml'
 
 delete:
-  summary: Deletes an SLO
+  summary: Delete an SLO
   operationId: deleteSloOp
   description: >
     You must have the `write` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
index 6739d3df78328..e805c1117f5c1 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
@@ -1,5 +1,5 @@
 post:
-  summary: Resets an SLO.
+  summary: Reset an SLO
   operationId: resetSloOp
   description: >
     You must have the `write` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
index 2e756641b428c..704e2f8d24359 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
@@ -1,5 +1,5 @@
 post:
-  summary: Disables an SLO
+  summary: Disable an SLO
   operationId: disableSloOp
   description: >
     You must have the `write` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@enable.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@enable.yaml
index 2ff3b9de58388..6a0c575954c8d 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@enable.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@enable.yaml
@@ -1,5 +1,5 @@
 post:
-  summary: Enables an SLO
+  summary: Enable an SLO
   operationId: enableSloOp
   description: >
     You must have the `write` privileges for the **SLOs** feature in the
diff --git a/x-pack/plugins/observability_solution/slo/public/application.tsx b/x-pack/plugins/observability_solution/slo/public/application.tsx
index aedfba1b1eada..de8851d2dd67c 100644
--- a/x-pack/plugins/observability_solution/slo/public/application.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/application.tsx
@@ -5,28 +5,27 @@
  * 2.0.
  */
 
-import React from 'react';
-import ReactDOM from 'react-dom';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-import { KibanaThemeProvider } from '@kbn/react-kibana-context-theme';
 import { AppMountParameters, APP_WRAPPER_CLASS, CoreStart } from '@kbn/core/public';
+import { PerformanceContextProvider } from '@kbn/ebt-tools';
+import { i18n } from '@kbn/i18n';
+import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { Storage } from '@kbn/kibana-utils-plugin/public';
+import { ObservabilityRuleTypeRegistry } from '@kbn/observability-plugin/public';
 import type { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { Router, Routes, Route } from '@kbn/shared-ux-router';
 import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render';
-import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
+import { KibanaThemeProvider } from '@kbn/react-kibana-context-theme';
 import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app';
+import { Route, Router, Routes } from '@kbn/shared-ux-router';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/public';
-import { Storage } from '@kbn/kibana-utils-plugin/public';
-import { ObservabilityRuleTypeRegistry } from '@kbn/observability-plugin/public';
-
-import { i18n } from '@kbn/i18n';
-import { usePluginContext } from './hooks/use_plugin_context';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import React from 'react';
+import ReactDOM from 'react-dom';
+import { ExperimentalFeatures } from '../common/config';
 import { PluginContext } from './context/plugin_context';
-
-import { SloPublicPluginsStart } from './types';
+import { usePluginContext } from './hooks/use_plugin_context';
 import { getRoutes } from './routes/routes';
-import { ExperimentalFeatures } from '../common/config';
+import { SloPublicPluginsStart } from './types';
 
 function App() {
   const { isServerless } = usePluginContext();
@@ -140,9 +139,11 @@ export const renderApp = ({
                         coreStart={core}
                         data-test-subj="observabilityMainContainer"
                       >
-                        <QueryClientProvider client={queryClient}>
-                          <App />
-                        </QueryClientProvider>
+                        <PerformanceContextProvider>
+                          <QueryClientProvider client={queryClient}>
+                            <App />
+                          </QueryClientProvider>
+                        </PerformanceContextProvider>
                       </RedirectAppLinks>
                     </EuiThemeProvider>
                   </Router>
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/components/slo_alerts_table.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/components/slo_alerts_table.tsx
index c53f7c7c73d20..157c636ff131e 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/components/slo_alerts_table.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/components/slo_alerts_table.tsx
@@ -98,6 +98,7 @@ export function SloAlertsTable({
 }: Props) {
   const {
     triggersActionsUi: { alertsTableConfigurationRegistry, getAlertsStateTable: AlertsStateTable },
+    observability: { observabilityRuleTypeRegistry },
   } = deps;
   return (
     <AlertsStateTable
@@ -115,6 +116,7 @@ export function SloAlertsTable({
         }
       }}
       lastReloadRequestTime={lastReloadRequestTime}
+      cellContext={{ observabilityRuleTypeRegistry }}
     />
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
index b70e1d8e4c40a..24c29a20f1e6f 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
@@ -21,8 +21,10 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { createBrowserHistory } from 'history';
 import { Storage } from '@kbn/kibana-utils-plugin/public';
+import type { StartServicesAccessor } from '@kbn/core-lifecycle-browser';
 import { SLO_ALERTS_EMBEDDABLE_ID } from './constants';
-import { SloEmbeddableDeps, SloAlertsEmbeddableState, SloAlertsApi } from './types';
+import { SloAlertsEmbeddableState, SloAlertsApi } from './types';
+import { SloPublicPluginsStart, SloPublicStart } from '../../../types';
 import { SloAlertsWrapper } from './slo_alerts_wrapper';
 const history = createBrowserHistory();
 const queryClient = new QueryClient();
@@ -32,7 +34,10 @@ export const getAlertsPanelTitle = () =>
     defaultMessage: 'SLO Alerts',
   });
 
-export function getAlertsEmbeddableFactory(deps: SloEmbeddableDeps, kibanaVersion: string) {
+export function getAlertsEmbeddableFactory(
+  getStartServices: StartServicesAccessor<SloPublicPluginsStart, SloPublicStart>,
+  kibanaVersion: string
+) {
   const factory: ReactEmbeddableFactory<
     SloAlertsEmbeddableState,
     SloAlertsEmbeddableState,
@@ -43,6 +48,23 @@ export function getAlertsEmbeddableFactory(deps: SloEmbeddableDeps, kibanaVersio
       return state.rawState as SloAlertsEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
+      const [coreStart, pluginStart] = await getStartServices();
+      const deps = { ...coreStart, ...pluginStart };
+      async function onEdit() {
+        try {
+          const { openSloConfiguration } = await import('./slo_alerts_open_configuration');
+
+          const result = await openSloConfiguration(
+            coreStart,
+            pluginStart,
+            api.getSloAlertsConfig()
+          );
+          api.updateSloAlertsConfig(result);
+        } catch (e) {
+          return Promise.reject();
+        }
+      }
+
       const { titlesApi, titleComparators, serializeTitles } = initializeTitles(state);
       const defaultTitle$ = new BehaviorSubject<string | undefined>(getAlertsPanelTitle());
       const slos$ = new BehaviorSubject(state.slos);
@@ -52,6 +74,14 @@ export function getAlertsEmbeddableFactory(deps: SloEmbeddableDeps, kibanaVersio
         {
           ...titlesApi,
           defaultPanelTitle: defaultTitle$,
+          getTypeDisplayName: () =>
+            i18n.translate('xpack.slo.editSloAlertswEmbeddable.typeDisplayName', {
+              defaultMessage: 'configuration',
+            }),
+          isEditingEnabled: () => true,
+          onEdit: async () => {
+            onEdit();
+          },
           serializeState: () => {
             return {
               rawState: {
@@ -116,7 +146,7 @@ export function getAlertsEmbeddableFactory(deps: SloEmbeddableDeps, kibanaVersio
                 <Router history={history}>
                   <QueryClientProvider client={queryClient}>
                     <SloAlertsWrapper
-                      embeddable={api}
+                      onEdit={onEdit}
                       deps={deps}
                       slos={slos}
                       timeRange={fetchContext.timeRange ?? { from: 'now-15m/m', to: 'now' }}
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
index 69529270b23b0..655ad9e3d35ab 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
@@ -21,7 +21,7 @@ export async function openSloConfiguration(
   const queryClient = new QueryClient();
   return new Promise(async (resolve, reject) => {
     try {
-      const modalSession = overlays.openModal(
+      const flyoutSession = overlays.openFlyout(
         toMountPoint(
           <KibanaContextProvider
             services={{
@@ -33,11 +33,11 @@ export async function openSloConfiguration(
               <SloConfiguration
                 initialInput={initialState}
                 onCreate={(update: EmbeddableSloProps) => {
-                  modalSession.close();
+                  flyoutSession.close();
                   resolve(update);
                 }}
                 onCancel={() => {
-                  modalSession.close();
+                  flyoutSession.close();
                   reject();
                 }}
               />
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_wrapper.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_wrapper.tsx
index 9a56bcf0ae0bd..d6c58315cc1ad 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_wrapper.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_wrapper.tsx
@@ -9,8 +9,6 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { EuiFlexGroup, EuiFlexItem, EuiLink } from '@elastic/eui';
 import type { TimeRange } from '@kbn/es-query';
-import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public';
-import { ActionExecutionContext } from '@kbn/ui-actions-plugin/public';
 import { Subject } from 'rxjs';
 import styled from 'styled-components';
 import { observabilityPaths } from '@kbn/observability-plugin/common';
@@ -19,26 +17,25 @@ import { SloIncludedCount } from './components/slo_included_count';
 import { SloAlertsSummary } from './components/slo_alerts_summary';
 import { SloAlertsTable } from './components/slo_alerts_table';
 import type { SloItem, SloEmbeddableDeps } from './types';
-import { EDIT_SLO_ALERTS_ACTION } from '../../../ui_actions/edit_slo_alerts_panel';
 
 interface Props {
   deps: SloEmbeddableDeps;
   slos: SloItem[];
   timeRange: TimeRange;
-  embeddable: any;
   onRenderComplete?: () => void;
   reloadSubject: Subject<FetchContext>;
   showAllGroupByInstances?: boolean;
+  onEdit: () => void;
 }
 
 export function SloAlertsWrapper({
-  embeddable,
   slos,
   deps,
   timeRange: initialTimeRange,
   onRenderComplete,
   reloadSubject,
   showAllGroupByInstances,
+  onEdit,
 }: Props) {
   const {
     application: { navigateToUrl },
@@ -102,11 +99,7 @@ export function SloAlertsWrapper({
         <EuiFlexItem grow={false}>
           <EuiLink
             onClick={() => {
-              const trigger = deps.uiActions.getTrigger(CONTEXT_MENU_TRIGGER);
-              deps.uiActions.getAction(EDIT_SLO_ALERTS_ACTION).execute({
-                trigger,
-                embeddable,
-              } as ActionExecutionContext);
+              onEdit();
             }}
             data-test-subj="o11ySloAlertsWrapperSlOsIncludedLink"
           >
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_configuration.tsx
index be6692ed7c61a..979162aee40b2 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_configuration.tsx
@@ -7,11 +7,11 @@
 
 import React, { useState } from 'react';
 import {
-  EuiModal,
-  EuiModalHeader,
-  EuiModalHeaderTitle,
-  EuiModalBody,
-  EuiModalFooter,
+  EuiFlyout,
+  EuiFlyoutHeader,
+  EuiFlyoutBody,
+  EuiFlyoutFooter,
+  EuiTitle,
   EuiButton,
   EuiButtonEmpty,
   EuiFlexGroup,
@@ -45,20 +45,22 @@ export function SloConfiguration({ initialInput, onCreate, onCancel }: SloConfig
   const hasGroupBy = selectedSlos?.some((slo) => slo.instanceId !== ALL_VALUE);
 
   return (
-    <EuiModal
+    <EuiFlyout
       onClose={onCancel}
       css={`
         min-width: 550px;
       `}
     >
-      <EuiModalHeader>
-        <EuiModalHeaderTitle>
-          {i18n.translate('xpack.slo.sloEmbeddable.config.sloSelector.headerTitle', {
-            defaultMessage: 'SLO configuration',
-          })}{' '}
-        </EuiModalHeaderTitle>
-      </EuiModalHeader>
-      <EuiModalBody>
+      <EuiFlyoutHeader>
+        <EuiTitle>
+          <h2>
+            {i18n.translate('xpack.slo.sloEmbeddable.config.sloSelector.headerTitle', {
+              defaultMessage: 'Alerts configuration',
+            })}
+          </h2>
+        </EuiTitle>
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
         <EuiFlexGroup>
           <EuiFlexItem grow>
             <SloSelector
@@ -95,27 +97,29 @@ export function SloConfiguration({ initialInput, onCreate, onCancel }: SloConfig
             />
           </>
         )}
-      </EuiModalBody>
-      <EuiModalFooter>
-        <EuiButtonEmpty onClick={onCancel} data-test-subj="sloCancelButton">
-          <FormattedMessage
-            id="xpack.slo.Embeddable.config.cancelButtonLabel"
-            defaultMessage="Cancel"
-          />
-        </EuiButtonEmpty>
+      </EuiFlyoutBody>
+      <EuiFlyoutFooter>
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiButtonEmpty onClick={onCancel} data-test-subj="sloCancelButton">
+            <FormattedMessage
+              id="xpack.slo.Embeddable.config.cancelButtonLabel"
+              defaultMessage="Cancel"
+            />
+          </EuiButtonEmpty>
 
-        <EuiButton
-          data-test-subj="sloConfirmButton"
-          isDisabled={!selectedSlos || selectedSlos.length === 0 || hasError}
-          onClick={onConfirmClick}
-          fill
-        >
-          <FormattedMessage
-            id="xpack.slo.embeddableSlo.config.confirmButtonLabel"
-            defaultMessage="Confirm configurations"
-          />
-        </EuiButton>
-      </EuiModalFooter>
-    </EuiModal>
+          <EuiButton
+            data-test-subj="sloConfirmButton"
+            isDisabled={!selectedSlos || selectedSlos.length === 0 || hasError}
+            onClick={onConfirmClick}
+            fill
+          >
+            <FormattedMessage
+              id="xpack.slo.embeddableSlo.config.confirmButtonLabel"
+              defaultMessage="Confirm configurations"
+            />
+          </EuiButton>
+        </EuiFlexGroup>
+      </EuiFlyoutFooter>
+    </EuiFlyout>
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_selector.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_selector.tsx
index 65f2c254c60b8..2a46e9404e52d 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_selector.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_selector.tsx
@@ -68,7 +68,14 @@ export function SloSelector({ initialSlos, onSelected, hasError, singleSelection
   );
 
   return (
-    <EuiFormRow fullWidth isInvalid={hasError} error={hasError ? SLO_REQUIRED : undefined}>
+    <EuiFormRow
+      fullWidth
+      isInvalid={hasError}
+      error={hasError ? SLO_REQUIRED : undefined}
+      label={i18n.translate('xpack.slo.embeddable.sloSelectorLabel', {
+        defaultMessage: 'SLO',
+      })}
+    >
       <EuiComboBox
         aria-label={i18n.translate('xpack.slo.sloEmbeddable.config.sloSelector.ariaLabel', {
           defaultMessage: 'SLO',
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/types.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/types.ts
index 8b660442ca7b6..d3cb4629584ff 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/types.ts
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/types.ts
@@ -24,7 +24,9 @@ import {
   PublishesWritablePanelTitle,
   PublishesPanelTitle,
   EmbeddableApiContext,
+  HasEditCapabilities,
 } from '@kbn/presentation-publishing';
+import { ObservabilityPublicStart } from '@kbn/observability-plugin/public';
 
 export interface SloItem {
   id: string;
@@ -45,7 +47,8 @@ export type SloAlertsEmbeddableState = SerializedTitles & EmbeddableSloProps;
 export type SloAlertsApi = DefaultEmbeddableApi<SloAlertsEmbeddableState> &
   PublishesWritablePanelTitle &
   PublishesPanelTitle &
-  HasSloAlertsConfig;
+  HasSloAlertsConfig &
+  HasEditCapabilities;
 
 export interface HasSloAlertsConfig {
   getSloAlertsConfig: () => EmbeddableSloProps;
@@ -69,6 +72,7 @@ export interface SloEmbeddableDeps {
   http: CoreStart['http'];
   i18n: CoreStart['i18n'];
   application: ApplicationStart;
+  observability: ObservabilityPublicStart;
   triggersActionsUi: TriggersAndActionsUIPublicPluginStart;
   data: DataPublicPluginStart;
   notifications: NotificationsStart;
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts
index 94cf6dd80fa5e..bfb65b58f3158 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts
@@ -4,11 +4,15 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { i18n } from '@kbn/i18n';
 
 export const COMMON_SLO_GROUPING = [
   {
     id: 'slos',
-    getDisplayName: () => 'SLOs',
+    getDisplayName: () =>
+      i18n.translate('xpack.slo.common.constants.grouping.legacy', {
+        defaultMessage: 'Observability',
+      }),
     getIconType: () => {
       return 'visGauge';
     },
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
index fbda743a951b2..6798b7b9c46a6 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
@@ -21,7 +21,7 @@ export async function openSloConfiguration(
   const queryClient = new QueryClient();
   return new Promise(async (resolve, reject) => {
     try {
-      const modalSession = overlays.openModal(
+      const flyoutSession = overlays.openFlyout(
         toMountPoint(
           <KibanaContextProvider
             services={{
@@ -32,11 +32,11 @@ export async function openSloConfiguration(
             <QueryClientProvider client={queryClient}>
               <SloConfiguration
                 onCreate={(update: EmbeddableSloProps) => {
-                  modalSession.close();
+                  flyoutSession.close();
                   resolve(update);
                 }}
                 onCancel={() => {
-                  modalSession.close();
+                  flyoutSession.close();
                   reject();
                 }}
               />
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/slo_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/slo_configuration.tsx
index d83b5b574b193..557551d390f14 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/slo_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/slo_configuration.tsx
@@ -7,11 +7,11 @@
 
 import React, { useState } from 'react';
 import {
-  EuiModal,
-  EuiModalHeader,
-  EuiModalHeaderTitle,
-  EuiModalBody,
-  EuiModalFooter,
+  EuiFlyout,
+  EuiFlyoutHeader,
+  EuiFlyoutBody,
+  EuiFlyoutFooter,
+  EuiTitle,
   EuiButton,
   EuiButtonEmpty,
   EuiFlexGroup,
@@ -37,15 +37,17 @@ export function SloConfiguration({ onCreate, onCancel }: SloConfigurationProps)
       sloInstanceId: selectedSlo?.sloInstanceId,
     });
   return (
-    <EuiModal onClose={onCancel} style={{ minWidth: 550 }}>
-      <EuiModalHeader>
-        <EuiModalHeaderTitle>
-          {i18n.translate('xpack.slo.sloEmbeddable.config.sloSelector.headerTitle', {
-            defaultMessage: 'SLO configuration',
-          })}
-        </EuiModalHeaderTitle>
-      </EuiModalHeader>
-      <EuiModalBody>
+    <EuiFlyout onClose={onCancel} style={{ minWidth: 550 }}>
+      <EuiFlyoutHeader>
+        <EuiTitle>
+          <h2>
+            {i18n.translate('xpack.slo.errorBudgetEmbeddable.config.sloSelector.headerTitle', {
+              defaultMessage: 'Error budget burn down configuration',
+            })}
+          </h2>
+        </EuiTitle>
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
         <EuiFlexGroup>
           <EuiFlexItem grow>
             <SloSelector
@@ -60,27 +62,29 @@ export function SloConfiguration({ onCreate, onCancel }: SloConfigurationProps)
             />
           </EuiFlexItem>
         </EuiFlexGroup>
-      </EuiModalBody>
-      <EuiModalFooter>
-        <EuiButtonEmpty onClick={onCancel} data-test-subj="sloCancelButton">
-          <FormattedMessage
-            id="xpack.slo.sloEmbeddable.config.cancelButtonLabel"
-            defaultMessage="Cancel"
-          />
-        </EuiButtonEmpty>
+      </EuiFlyoutBody>
+      <EuiFlyoutFooter>
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiButtonEmpty onClick={onCancel} data-test-subj="sloCancelButton">
+            <FormattedMessage
+              id="xpack.slo.sloEmbeddable.config.cancelButtonLabel"
+              defaultMessage="Cancel"
+            />
+          </EuiButtonEmpty>
 
-        <EuiButton
-          data-test-subj="sloConfirmButton"
-          isDisabled={!selectedSlo || hasError}
-          onClick={onConfirmClick}
-          fill
-        >
-          <FormattedMessage
-            id="xpack.slo.embeddableSlo.config.confirmButtonLabel"
-            defaultMessage="Confirm configurations"
-          />
-        </EuiButton>
-      </EuiModalFooter>
-    </EuiModal>
+          <EuiButton
+            data-test-subj="sloConfirmButton"
+            isDisabled={!selectedSlo || hasError}
+            onClick={onConfirmClick}
+            fill
+          >
+            <FormattedMessage
+              id="xpack.slo.embeddableSlo.config.confirmButtonLabel"
+              defaultMessage="Confirm configurations"
+            />
+          </EuiButton>
+        </EuiFlexGroup>
+      </EuiFlyoutFooter>
+    </EuiFlyout>
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/group_view.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/group_view.tsx
index 04e3543b02565..76221ecabe496 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/group_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/group_view.tsx
@@ -18,14 +18,14 @@ interface Props {
   groupBy: GroupByField;
   groups?: string[];
   kqlQuery?: string;
-  sloView: SLOView;
+  view: SLOView;
   sort?: SortField;
   filters?: Filter[];
   reloadSubject: Subject<boolean>;
 }
 
 export function GroupSloView({
-  sloView,
+  view,
   groupBy = 'status',
   groups = [],
   kqlQuery = '',
@@ -46,7 +46,7 @@ export function GroupSloView({
 
   return (
     <GroupView
-      sloView={sloView}
+      view={view}
       groupBy={groupBy}
       groupsFilter={groups}
       kqlQuery={combinedKqlQuery}
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/overview_mode_selector.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/overview_mode_selector.tsx
index 1db7ea9099ce1..2154210091083 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/overview_mode_selector.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/overview_mode_selector.tsx
@@ -6,8 +6,9 @@
  */
 
 import React from 'react';
+import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { EuiButtonGroup, type EuiButtonGroupOptionProps } from '@elastic/eui';
+import { EuiButtonGroup, EuiFormRow, type EuiButtonGroupOptionProps } from '@elastic/eui';
 import { OverviewMode } from './types';
 
 const overviewModeOptions: EuiButtonGroupOptionProps[] = [
@@ -38,13 +39,20 @@ export interface OverviewModeSelectorProps {
 
 export function OverviewModeSelector({ value, onChange }: OverviewModeSelectorProps) {
   return (
-    <EuiButtonGroup
-      data-test-subj="sloOverviewModeSelector"
-      isFullWidth
-      legend="This is a basic group"
-      options={overviewModeOptions}
-      idSelected={value}
-      onChange={onChange as (id: string) => void}
-    />
+    <EuiFormRow
+      fullWidth
+      label={i18n.translate('xpack.slo.overviewEmbeddable.viewTypeLabel', {
+        defaultMessage: 'View type',
+      })}
+    >
+      <EuiButtonGroup
+        data-test-subj="sloOverviewModeSelector"
+        isFullWidth
+        legend="This is a basic group"
+        options={overviewModeOptions}
+        idSelected={value}
+        onChange={onChange as (id: string) => void}
+      />
+    </EuiFormRow>
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_configuration.tsx
index 5f5d2ca91ac22..6e8a21eaf40aa 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_configuration.tsx
@@ -206,8 +206,8 @@ export function SloConfiguration({ initialInput, onCreate, onCancel }: SloConfig
           <EuiFlexItem>
             <EuiTitle>
               <h2>
-                {i18n.translate('xpack.slo.sloEmbeddable.config.sloSelector.headerTitle', {
-                  defaultMessage: 'SLO configuration',
+                {i18n.translate('xpack.slo.overviewEmbeddable.config.sloSelector.headerTitle', {
+                  defaultMessage: 'Overview configuration',
                 })}
               </h2>
             </EuiTitle>
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
index 861909b040e9a..7704bc5326310 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
@@ -8,7 +8,7 @@
 import { i18n } from '@kbn/i18n';
 import React, { useEffect } from 'react';
 import styled from 'styled-components';
-import { EuiFlexItem, EuiLink, EuiFlexGroup } from '@elastic/eui';
+import { EuiFlexItem, EuiFlexGroup } from '@elastic/eui';
 import { ReactEmbeddableFactory } from '@kbn/embeddable-plugin/public';
 import {
   initializeTitles,
@@ -16,26 +16,22 @@ import {
   fetch$,
 } from '@kbn/presentation-publishing';
 import { BehaviorSubject, Subject } from 'rxjs';
-import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public';
-import { ActionExecutionContext } from '@kbn/ui-actions-plugin/public';
+import type { StartServicesAccessor } from '@kbn/core-lifecycle-browser';
 import { SLO_OVERVIEW_EMBEDDABLE_ID } from './constants';
 import { SloCardChartList } from './slo_overview_grid';
 import { SloOverview } from './slo_overview';
 import { GroupSloView } from './group_view/group_view';
-import {
-  SloOverviewEmbeddableState,
-  SloEmbeddableDeps,
-  SloOverviewApi,
-  GroupSloCustomInput,
-} from './types';
-import { EDIT_SLO_OVERVIEW_ACTION } from '../../../ui_actions/edit_slo_overview_panel';
+import { SloOverviewEmbeddableState, SloOverviewApi, GroupSloCustomInput } from './types';
+import { SloPublicPluginsStart, SloPublicStart } from '../../../types';
 import { SloEmbeddableContext } from '../common/slo_embeddable_context';
 
 export const getOverviewPanelTitle = () =>
   i18n.translate('xpack.slo.sloEmbeddable.displayName', {
     defaultMessage: 'SLO Overview',
   });
-export const getOverviewEmbeddableFactory = (deps: SloEmbeddableDeps) => {
+export const getOverviewEmbeddableFactory = (
+  getStartServices: StartServicesAccessor<SloPublicPluginsStart, SloPublicStart>
+) => {
   const factory: ReactEmbeddableFactory<
     SloOverviewEmbeddableState,
     SloOverviewEmbeddableState,
@@ -46,6 +42,22 @@ export const getOverviewEmbeddableFactory = (deps: SloEmbeddableDeps) => {
       return state.rawState as SloOverviewEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
+      const [coreStart, pluginStart] = await getStartServices();
+      const deps = { ...coreStart, ...pluginStart };
+      async function onEdit() {
+        try {
+          const { openSloConfiguration } = await import('./slo_overview_open_configuration');
+
+          const result = await openSloConfiguration(
+            coreStart,
+            pluginStart,
+            api.getSloGroupOverviewConfig()
+          );
+          api.updateSloGroupOverviewConfig(result as GroupSloCustomInput);
+        } catch (e) {
+          return Promise.reject();
+        }
+      }
       const { titlesApi, titleComparators, serializeTitles } = initializeTitles(state);
       const defaultTitle$ = new BehaviorSubject<string | undefined>(getOverviewPanelTitle());
       const sloId$ = new BehaviorSubject(state.sloId);
@@ -60,6 +72,14 @@ export const getOverviewEmbeddableFactory = (deps: SloEmbeddableDeps) => {
         {
           ...titlesApi,
           defaultPanelTitle: defaultTitle$,
+          getTypeDisplayName: () =>
+            i18n.translate('xpack.slo.editSloOverviewEmbeddableTitle.typeDisplayName', {
+              defaultMessage: 'criteria',
+            }),
+          isEditingEnabled: () => api.getSloGroupOverviewConfig().overviewMode === 'groups',
+          onEdit: async () => {
+            onEdit();
+          },
           serializeState: () => {
             return {
               rawState: {
@@ -134,42 +154,22 @@ export const getOverviewEmbeddableFactory = (deps: SloEmbeddableDeps) => {
               const groups = groupFilters?.groups ?? [];
               return (
                 <Wrapper>
-                  <EuiFlexGroup
-                    data-test-subj="sloGroupOverviewPanel"
-                    data-shared-item=""
-                    justifyContent="flexEnd"
-                    wrap
-                    css={`
-                      margin-bottom: 20px;
-                    `}
-                  >
-                    <EuiFlexItem grow={false}>
-                      <EuiLink
-                        onClick={() => {
-                          const trigger = deps.uiActions.getTrigger(CONTEXT_MENU_TRIGGER);
-                          deps.uiActions.getAction(EDIT_SLO_OVERVIEW_ACTION).execute({
-                            trigger,
-                            embeddable: api,
-                          } as ActionExecutionContext);
-                        }}
-                        data-test-subj="o11ySloOverviewEditCriteriaLink"
-                      >
-                        {i18n.translate('xpack.slo.overviewEmbeddable.editCriteriaLabel', {
-                          defaultMessage: 'Edit criteria',
-                        })}
-                      </EuiLink>
+                  <EuiFlexGroup data-test-subj="sloGroupOverviewPanel" data-shared-item="">
+                    <EuiFlexItem
+                      css={`
+                        margin-top: 20px;
+                      `}
+                    >
+                      <GroupSloView
+                        view="cardView"
+                        groupBy={groupBy}
+                        groups={groups}
+                        kqlQuery={kqlQuery}
+                        filters={groupFilters?.filters}
+                        reloadSubject={reload$}
+                      />
                     </EuiFlexItem>
                   </EuiFlexGroup>
-                  <EuiFlexItem grow={false}>
-                    <GroupSloView
-                      sloView="cardView"
-                      groupBy={groupBy}
-                      groups={groups}
-                      kqlQuery={kqlQuery}
-                      filters={groupFilters?.filters}
-                      reloadSubject={reload$}
-                    />
-                  </EuiFlexItem>
                 </Wrapper>
               );
             } else {
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
index df2edd134423d..7d10a0ca76bfb 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
@@ -22,7 +22,7 @@ export async function openSloConfiguration(
   const queryClient = new QueryClient();
   return new Promise(async (resolve, reject) => {
     try {
-      const modalSession = overlays.openFlyout(
+      const flyoutSession = overlays.openFlyout(
         toMountPoint(
           <KibanaContextProvider
             services={{
@@ -34,11 +34,11 @@ export async function openSloConfiguration(
               <SloConfiguration
                 initialInput={initialState}
                 onCreate={(update: GroupSloCustomInput | SingleSloCustomInput) => {
-                  modalSession.close();
+                  flyoutSession.close();
                   resolve(update);
                 }}
                 onCancel={() => {
-                  modalSession.close();
+                  flyoutSession.close();
                   reject();
                 }}
               />
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
index 8773fba3e0998..c64faff1f110d 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
@@ -8,6 +8,7 @@ import {
   SerializedTitles,
   PublishesWritablePanelTitle,
   PublishesPanelTitle,
+  HasEditCapabilities,
 } from '@kbn/presentation-publishing';
 import type { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import { DefaultEmbeddableApi } from '@kbn/embeddable-plugin/public';
@@ -53,7 +54,8 @@ export type SloOverviewEmbeddableState = SerializedTitles &
 export type SloOverviewApi = DefaultEmbeddableApi<SloOverviewEmbeddableState> &
   PublishesWritablePanelTitle &
   PublishesPanelTitle &
-  HasSloGroupOverviewConfig;
+  HasSloGroupOverviewConfig &
+  HasEditCapabilities;
 
 export interface HasSloGroupOverviewConfig {
   getSloGroupOverviewConfig: () => GroupSloCustomInput;
diff --git a/x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts
similarity index 82%
rename from x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts
rename to x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts
index 7c30544105aaa..04376e5299be3 100644
--- a/x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts
@@ -9,7 +9,7 @@ import { useMutation } from '@tanstack/react-query';
 import { i18n } from '@kbn/i18n';
 import { BASE_ALERTING_API_PATH, RuleTypeParams } from '@kbn/alerting-plugin/common';
 import { v4 } from 'uuid';
-import {
+import type {
   CreateRuleRequestBody,
   CreateRuleResponse,
 } from '@kbn/alerting-plugin/common/routes/rule/apis/create';
@@ -41,7 +41,7 @@ export function useCreateRule<Params extends RuleTypeParams = never>() {
     {
       onError: (_err) => {
         toasts.addDanger(
-          i18n.translate('xpack.observability.rules.createRule.errorNotification.descriptionText', {
+          i18n.translate('xpack.slo.rules.createRule.errorNotification.descriptionText', {
             defaultMessage: 'Failed to create rule',
           })
         );
@@ -49,12 +49,9 @@ export function useCreateRule<Params extends RuleTypeParams = never>() {
 
       onSuccess: () => {
         toasts.addSuccess(
-          i18n.translate(
-            'xpack.observability.rules.createRule.successNotification.descriptionText',
-            {
-              defaultMessage: 'Rule created',
-            }
-          )
+          i18n.translate('xpack.slo.rules.createRule.successNotification.descriptionText', {
+            defaultMessage: 'Rule created',
+          })
         );
       },
     }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
index a5a193db672fb..6be95e67c0d89 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
@@ -9,7 +9,7 @@ import { debounce } from 'lodash';
 import { ALL_VALUE, QuerySchema } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
 import { lastValueFrom } from 'rxjs';
-import { getElasticsearchQueryOrThrow } from '@kbn/observability-plugin/public';
+import { getElasticsearchQueryOrThrow } from '../../common/parse_kuery';
 import { useKibana } from '../utils/kibana_react';
 
 export interface UseFetchGroupByCardinalityResponse {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
index 90db5efb27311..ed4f5dd89fb8f 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
@@ -19,6 +19,7 @@ export interface Props {
 export function SloDetailsAlerts({ slo }: Props) {
   const {
     triggersActionsUi: { alertsTableConfigurationRegistry, getAlertsStateTable: AlertsStateTable },
+    observability: { observabilityRuleTypeRegistry },
   } = useKibana().services;
 
   return (
@@ -42,6 +43,7 @@ export function SloDetailsAlerts({ slo }: Props) {
             }}
             showAlertStatusWithFlapping
             pageSize={100}
+            cellContext={{ observabilityRuleTypeRegistry }}
           />
         </EuiFlexItem>
       </EuiFlexGroup>
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
index 2309ed0b23db9..eb678b8ca7418 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
@@ -33,6 +33,7 @@ import { usePermissions } from '../../hooks/use_permissions';
 import { useKibana } from '../../utils/kibana_react';
 import { render } from '../../utils/test_helper';
 import { SloDetailsPage } from './slo_details';
+import { usePerformanceContext } from '@kbn/ebt-tools';
 
 jest.mock('react-router-dom', () => ({
   ...jest.requireActual('react-router-dom'),
@@ -49,9 +50,9 @@ jest.mock('../../hooks/use_fetch_historical_summary');
 jest.mock('../../hooks/use_delete_slo');
 jest.mock('../../hooks/use_create_data_view');
 jest.mock('../../hooks/use_delete_slo_instance');
+jest.mock('@kbn/ebt-tools');
 
 const useKibanaMock = useKibana as jest.Mock;
-
 const useLicenseMock = useLicense as jest.Mock;
 const usePermissionsMock = usePermissions as jest.Mock;
 const useFetchActiveAlertsMock = useFetchActiveAlerts as jest.Mock;
@@ -61,8 +62,10 @@ const useDeleteSloMock = useDeleteSlo as jest.Mock;
 const useCreateDataViewsMock = useCreateDataView as jest.Mock;
 const useDeleteSloInstanceMock = useDeleteSloInstance as jest.Mock;
 const TagsListMock = TagsList as jest.Mock;
-TagsListMock.mockReturnValue(<div>Tags list</div>);
+const usePerformanceContextMock = usePerformanceContext as jest.Mock;
 
+usePerformanceContextMock.mockReturnValue({ onPageReady: jest.fn() });
+TagsListMock.mockReturnValue(<div>Tags list</div>);
 const HeaderMenuPortalMock = HeaderMenuPortal as jest.Mock;
 HeaderMenuPortalMock.mockReturnValue(<div>Portal node</div>);
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
index 3da2e0f991109..26cdf62b4f7b4 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
@@ -8,6 +8,7 @@
 import { EuiLoadingSpinner, EuiSkeletonText } from '@elastic/eui';
 import type { ChromeBreadcrumb } from '@kbn/core-chrome-browser';
 import type { IBasePath } from '@kbn/core-http-browser';
+import { usePerformanceContext } from '@kbn/ebt-tools';
 import { i18n } from '@kbn/i18n';
 import { useBreadcrumbs } from '@kbn/observability-shared-plugin/public';
 import type { SLOWithSummaryResponse } from '@kbn/slo-schema';
@@ -34,6 +35,7 @@ import { useSloDetailsTabs } from './hooks/use_slo_details_tabs';
 import type { SloDetailsPathParams } from './types';
 
 export function SloDetailsPage() {
+  const { onPageReady } = usePerformanceContext();
   const {
     application: { navigateToUrl },
     http: { basePath },
@@ -78,6 +80,7 @@ export function SloDetailsPage() {
         Instance Id: ${slo.instanceId}
         Description: ${slo.description}
         Observed value: ${slo.summary.sliValue}
+        Error budget remaining: ${slo.summary.errorBudget.remaining}
         Status: ${slo.summary.status}
       `),
       data: [
@@ -96,6 +99,12 @@ export function SloDetailsPage() {
     }
   }, [hasRightLicense, permissions, navigateToUrl, basePath]);
 
+  useEffect(() => {
+    if (!isLoading && slo !== undefined) {
+      onPageReady();
+    }
+  }, [onPageReady, slo, isLoading]);
+
   useBreadcrumbs(getBreadcrumbs(basePath, slo));
 
   const isSloNotFound = !isLoading && slo === undefined;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx
index d1b17b6747fa1..dc58571f58685 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx
@@ -10,7 +10,7 @@ import { FieldPath, useFormContext } from 'react-hook-form';
 import { DataView } from '@kbn/data-views-plugin/common';
 import { TimeRange } from '@kbn/es-query';
 import { QuerySchema } from '@kbn/slo-schema';
-import { getElasticsearchQueryOrThrow } from '@kbn/observability-plugin/public';
+import { getElasticsearchQueryOrThrow } from '../../../../../common/parse_kuery';
 import { CreateSLOForm } from '../../types';
 
 export const useTableDocs = ({
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
index 267fd7f6d9851..f3f18c7f0b332 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
@@ -11,7 +11,7 @@ import type { GetSLOResponse } from '@kbn/slo-schema';
 import React, { useCallback, useMemo } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { InPortal } from 'react-reverse-portal';
-import { useCreateRule } from '@kbn/observability-plugin/public';
+import { useCreateRule } from '../../../hooks/use_create_rule';
 import { useKibana } from '../../../utils/kibana_react';
 import { sloEditFormFooterPortal } from '../shared_flyout/slo_add_form_flyout';
 import { paths } from '../../../../common/locators/paths';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
index 03838225d1618..cd20c06c9d491 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
@@ -8,7 +8,7 @@
 import { ILicense } from '@kbn/licensing-plugin/common/types';
 import { licensingMock } from '@kbn/licensing-plugin/public/mocks';
 import { observabilityAIAssistantPluginMock } from '@kbn/observability-ai-assistant-plugin/public/mock';
-import { useCreateRule, useFetchDataViews } from '@kbn/observability-plugin/public';
+import { useFetchDataViews } from '@kbn/observability-plugin/public';
 import { HeaderMenuPortal } from '@kbn/observability-shared-plugin/public';
 import { cleanup, fireEvent, waitFor } from '@testing-library/react';
 import { createBrowserHistory } from 'history';
@@ -23,6 +23,7 @@ import { useFetchApmSuggestions } from '../../hooks/use_fetch_apm_suggestions';
 import { useFetchIndices } from '../../hooks/use_fetch_indices';
 import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { usePermissions } from '../../hooks/use_permissions';
+import { useCreateRule } from '../../hooks/use_create_rule';
 import { useUpdateSlo } from '../../hooks/use_update_slo';
 import { useKibana } from '../../utils/kibana_react';
 import { kibanaStartMock } from '../../utils/kibana_react.mock';
@@ -44,6 +45,7 @@ jest.mock('../../hooks/use_create_slo');
 jest.mock('../../hooks/use_update_slo');
 jest.mock('../../hooks/use_fetch_apm_suggestions');
 jest.mock('../../hooks/use_permissions');
+jest.mock('../../hooks/use_create_rule');
 
 const mockUseKibanaReturnValue = kibanaStartMock.startContract();
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
index cee082338d78c..8342c9aa5976b 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
@@ -37,7 +37,7 @@ import { useGroupName } from './hooks/use_group_name';
 interface Props {
   group: string;
   kqlQuery?: string;
-  sloView: SLOView;
+  view: SLOView;
   sort?: SortField;
   direction?: SortDirection;
   groupBy: GroupByField;
@@ -48,7 +48,7 @@ interface Props {
 export function GroupListView({
   group,
   kqlQuery,
-  sloView,
+  view,
   sort,
   direction,
   groupBy,
@@ -203,7 +203,7 @@ export function GroupListView({
                   sloList={results}
                   loading={isLoading || isRefetching}
                   error={isError}
-                  sloView={sloView}
+                  view={view}
                 />
                 <EuiSpacer size="m" />
                 {total > 0 && total > itemsPerPage ? (
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.test.tsx
index 775659f6be580..c3be325bb10e3 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.test.tsx
@@ -50,7 +50,7 @@ describe('Group View', () => {
       refetch: jest.fn(),
     });
     const { queryByTestId, getByTestId } = render(
-      <GroupView groupBy="slo.tags" kqlQuery="" sloView="cardView" sort="status" direction="desc" />
+      <GroupView groupBy="slo.tags" kqlQuery="" view="cardView" sort="status" direction="desc" />
     );
 
     expect(queryByTestId('sloGroupView')).toBeNull();
@@ -71,7 +71,7 @@ describe('Group View', () => {
     });
 
     const { queryByTestId, getByTestId } = render(
-      <GroupView groupBy="slo.tags" kqlQuery="" sloView="cardView" sort="status" direction="desc" />
+      <GroupView groupBy="slo.tags" kqlQuery="" view="cardView" sort="status" direction="desc" />
     );
 
     expect(queryByTestId('sloGroupView')).toBeNull();
@@ -85,7 +85,7 @@ describe('Group View', () => {
     });
 
     const { queryByTestId, getByTestId } = render(
-      <GroupView groupBy="slo.tags" kqlQuery="" sloView="cardView" sort="status" direction="desc" />
+      <GroupView groupBy="slo.tags" kqlQuery="" view="cardView" sort="status" direction="desc" />
     );
     expect(queryByTestId('sloGroupView')).toBeNull();
     expect(getByTestId('sloGroupListLoading')).toBeInTheDocument();
@@ -170,13 +170,7 @@ describe('Group View', () => {
         refetch: jest.fn(),
       });
       const { queryAllByTestId, getByTestId } = render(
-        <GroupView
-          groupBy="slo.tags"
-          kqlQuery=""
-          sloView="cardView"
-          sort="status"
-          direction="desc"
-        />
+        <GroupView groupBy="slo.tags" kqlQuery="" view="cardView" sort="status" direction="desc" />
       );
       expect(getByTestId('sloGroupView')).toBeInTheDocument();
       expect(useFetchSloGroups).toHaveBeenCalled();
@@ -220,13 +214,7 @@ describe('Group View', () => {
       });
 
       const { queryAllByTestId } = render(
-        <GroupView
-          groupBy="slo.tags"
-          kqlQuery=""
-          sloView="cardView"
-          sort="status"
-          direction="desc"
-        />
+        <GroupView groupBy="slo.tags" kqlQuery="" view="cardView" sort="status" direction="desc" />
       );
       expect(useFetchSloGroups).toHaveBeenCalled();
       expect(useFetchSloGroups).toHaveBeenCalledWith({
@@ -242,7 +230,7 @@ describe('Group View', () => {
   describe('group by status', () => {
     it('should render slo groups grouped by status', async () => {
       const { getByTestId } = render(
-        <GroupView groupBy="status" kqlQuery="" sloView="cardView" sort="status" direction="desc" />
+        <GroupView groupBy="status" kqlQuery="" view="cardView" sort="status" direction="desc" />
       );
       expect(getByTestId('sloGroupView')).toBeInTheDocument();
       expect(useFetchSloGroups).toHaveBeenCalled();
@@ -261,7 +249,7 @@ describe('Group View', () => {
         <GroupView
           groupBy="slo.indicator.type"
           kqlQuery=""
-          sloView="cardView"
+          view="cardView"
           sort="status"
           direction="desc"
         />
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.tsx
index ffe7c1ede95b2..3cec6fef539e6 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_view.tsx
@@ -19,7 +19,7 @@ import { GroupListView } from './group_list_view';
 interface Props {
   groupBy: GroupByField;
   kqlQuery?: string;
-  sloView: SLOView;
+  view: SLOView;
   sort?: SortField;
   direction?: SortDirection;
   filters?: Filter[];
@@ -29,7 +29,7 @@ interface Props {
 
 export function GroupView({
   kqlQuery,
-  sloView,
+  view,
   sort,
   direction,
   groupBy,
@@ -83,7 +83,7 @@ export function GroupView({
           <GroupListView
             groupBy={result.groupBy}
             key={result.group}
-            sloView={sloView}
+            view={view}
             group={result.group}
             kqlQuery={kqlQuery}
             sort={sort}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
index 49e49f09169bf..0fad1e96975ea 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-import { EuiFlexGroup, EuiFlexItem, EuiTablePagination } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import { usePerformanceContext } from '@kbn/ebt-tools';
+import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { useIsMutating } from '@tanstack/react-query';
 import dedent from 'dedent';
 import { groupBy as _groupBy, mapValues } from 'lodash';
@@ -14,10 +16,11 @@ import { useFetchSloList } from '../../../hooks/use_fetch_slo_list';
 import { useKibana } from '../../../utils/kibana_react';
 import { useUrlSearchState } from '../hooks/use_url_search_state';
 import { GroupView } from './grouped_slos/group_view';
-import { SlosView } from './slos_view';
 import { ToggleSLOView } from './toggle_slo_view';
+import { UngroupedView } from './ungrouped_slos/ungrouped_view';
 
 export function SloList() {
+  const { onPageReady } = usePerformanceContext();
   const { observabilityAIAssistant } = useKibana().services;
   const { state, onStateChange } = useUrlSearchState();
   const { view, page, perPage, kqlQuery, filters, tagsFilter, statusFilter, groupBy } = state;
@@ -38,7 +41,6 @@ export function SloList() {
     sortDirection: state.sort.direction,
     lastRefresh: state.lastRefresh,
   });
-  const { results = [], total = 0 } = sloList ?? {};
 
   const isDeletingSlo = Boolean(useIsMutating(['deleteSlo']));
 
@@ -50,7 +52,7 @@ export function SloList() {
     const slosByStatus = mapValues(
       _groupBy(sloList.results, (result) => result.summary.status),
       (groupResults) => groupResults.map((result) => `- ${result.name}`).join('\n')
-    ) as Record<typeof results[number]['summary']['status'], string>;
+    ) as Record<SLOWithSummaryResponse['summary']['status'], string>;
 
     return observabilityAIAssistant.service.setScreenContext({
       screenDescription: dedent(`The user is looking at a list of SLOs.
@@ -78,12 +80,18 @@ export function SloList() {
     });
   }, [sloList, observabilityAIAssistant]);
 
+  useEffect(() => {
+    if (!isLoading && sloList !== undefined) {
+      onPageReady();
+    }
+  }, [isLoading, sloList, onPageReady]);
+
   return (
     <EuiFlexGroup direction="column" gutterSize="m" data-test-subj="sloList">
       <EuiFlexItem grow={false}>
         <ToggleSLOView
           sloList={sloList}
-          sloView={view}
+          view={view}
           onChangeView={(newView) => onStateChange({ view: newView })}
           onStateChange={onStateChange}
           state={state}
@@ -91,34 +99,16 @@ export function SloList() {
         />
       </EuiFlexItem>
       {groupBy === 'ungrouped' && (
-        <>
-          <SlosView
-            sloList={results}
-            loading={isLoading || isRefetching}
-            error={isError}
-            sloView={view}
-          />
-          {total > 0 && total > perPage ? (
-            <EuiFlexItem>
-              <EuiTablePagination
-                pageCount={Math.ceil(total / perPage)}
-                activePage={page}
-                onChangePage={(newPage) => {
-                  onStateChange({ page: newPage });
-                }}
-                itemsPerPage={perPage}
-                itemsPerPageOptions={[10, 25, 50, 100]}
-                onChangeItemsPerPage={(newPerPage) => {
-                  onStateChange({ perPage: newPerPage, page: 0 });
-                }}
-              />
-            </EuiFlexItem>
-          ) : null}
-        </>
+        <UngroupedView
+          sloList={sloList}
+          loading={isLoading || isRefetching}
+          error={isError}
+          view={view}
+        />
       )}
       {groupBy !== 'ungrouped' && (
         <GroupView
-          sloView={view}
+          view={view}
           groupBy={groupBy}
           kqlQuery={kqlQuery}
           sort={state.sort.by}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_view.tsx
index 3199627a71e66..eca4282508404 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_view.tsx
@@ -20,10 +20,10 @@ export interface Props {
   sloList: SLOWithSummaryResponse[];
   loading: boolean;
   error: boolean;
-  sloView: SLOView;
+  view: SLOView;
 }
 
-export function SlosView({ sloList, loading, error, sloView }: Props) {
+export function SlosView({ sloList, loading, error, view }: Props) {
   if (!loading && !error && sloList.length === 0) {
     return <SloListEmpty />;
   }
@@ -32,7 +32,7 @@ export function SlosView({ sloList, loading, error, sloView }: Props) {
     return <SloListError />;
   }
 
-  if (sloView === 'cardView') {
+  if (view === 'cardView') {
     return (
       <EuiFlexGroup direction="column">
         <EuiFlexItem>
@@ -45,7 +45,7 @@ export function SlosView({ sloList, loading, error, sloView }: Props) {
     );
   }
 
-  if (sloView === 'compactView') {
+  if (view === 'compactView') {
     return (
       <EuiFlexGroup direction="column">
         <EuiFlexItem>
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/toggle_slo_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/toggle_slo_view.tsx
index e545ca84beee7..a6a35912269a1 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/toggle_slo_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/toggle_slo_view.tsx
@@ -18,7 +18,7 @@ export type SLOView = 'cardView' | 'listView' | 'compactView';
 interface Props {
   onChangeView: (view: SLOView) => void;
   onStateChange: (newState: Partial<SearchState>) => void;
-  sloView: SLOView;
+  view: SLOView;
   state: SearchState;
   sloList?: FindSLOResponse;
   loading: boolean;
@@ -47,7 +47,7 @@ const toggleButtonsIcons = [
 ];
 
 export function ToggleSLOView({
-  sloView,
+  view,
   onChangeView,
   onStateChange,
   sloList,
@@ -95,7 +95,7 @@ export function ToggleSLOView({
             defaultMessage: 'SLO View',
           })}
           options={toggleButtonsIcons}
-          idSelected={sloView}
+          idSelected={view}
           onChange={(id) => onChangeView(id as SLOView)}
           isIconOnly
           isDisabled={loading}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/ungrouped_slos/ungrouped_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/ungrouped_slos/ungrouped_view.tsx
new file mode 100644
index 0000000000000..0374204b7e651
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/ungrouped_slos/ungrouped_view.tsx
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiFlexItem, EuiTablePagination } from '@elastic/eui';
+import { FindSLOResponse } from '@kbn/slo-schema';
+import React from 'react';
+import { useUrlSearchState } from '../../hooks/use_url_search_state';
+import { SlosView } from '../slos_view';
+import { SLOView } from '../toggle_slo_view';
+
+export interface Props {
+  sloList: FindSLOResponse | undefined;
+  loading: boolean;
+  error: boolean;
+  view: SLOView;
+}
+
+export function UngroupedView({ sloList, loading, error, view }: Props) {
+  const { state, onStateChange } = useUrlSearchState();
+  const { page, perPage } = state;
+  const { results = [], total = 0 } = sloList ?? {};
+
+  return (
+    <>
+      <SlosView sloList={results} loading={loading} error={error} view={view} />
+      {total > 0 && total > perPage ? (
+        <EuiFlexItem>
+          <EuiTablePagination
+            pageCount={Math.ceil(total / perPage)}
+            activePage={page}
+            onChangePage={(newPage) => {
+              onStateChange({ page: newPage });
+            }}
+            itemsPerPage={perPage}
+            itemsPerPageOptions={[10, 25, 50, 100]}
+            onChangeItemsPerPage={(newPerPage) => {
+              onStateChange({ perPage: newPerPage, page: 0 });
+            }}
+          />
+        </EuiFlexItem>
+      ) : null}
+    </>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
index 1510af2e6d194..f8db25d20c9f2 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
@@ -7,7 +7,9 @@
 
 import { waitForEuiPopoverOpen } from '@elastic/eui/lib/test/rtl';
 import { chartPluginMock } from '@kbn/charts-plugin/public/mocks';
+import { usePerformanceContext } from '@kbn/ebt-tools';
 import { observabilityAIAssistantPluginMock } from '@kbn/observability-ai-assistant-plugin/public/mock';
+import { HeaderMenuPortal, TagsList } from '@kbn/observability-shared-plugin/public';
 import { encode } from '@kbn/rison';
 import { act, fireEvent, screen, waitFor } from '@testing-library/react';
 import React from 'react';
@@ -15,19 +17,18 @@ import Router from 'react-router-dom';
 import { paths } from '../../../common/locators/paths';
 import { historicalSummaryData } from '../../data/slo/historical_summary_data';
 import { emptySloList, sloList } from '../../data/slo/slo';
-import { usePermissions } from '../../hooks/use_permissions';
+import { useCreateDataView } from '../../hooks/use_create_data_view';
 import { useCreateSlo } from '../../hooks/use_create_slo';
 import { useDeleteSlo } from '../../hooks/use_delete_slo';
 import { useDeleteSloInstance } from '../../hooks/use_delete_slo_instance';
 import { useFetchHistoricalSummary } from '../../hooks/use_fetch_historical_summary';
 import { useFetchSloList } from '../../hooks/use_fetch_slo_list';
 import { useLicense } from '../../hooks/use_license';
-import { HeaderMenuPortal, TagsList } from '@kbn/observability-shared-plugin/public';
+import { usePermissions } from '../../hooks/use_permissions';
 import { useKibana } from '../../utils/kibana_react';
 import { render } from '../../utils/test_helper';
-import { SlosPage } from './slos';
 import { useGetSettings } from '../slo_settings/use_get_settings';
-import { useCreateDataView } from '../../hooks/use_create_data_view';
+import { SlosPage } from './slos';
 
 jest.mock('react-router-dom', () => ({
   ...jest.requireActual('react-router-dom'),
@@ -46,6 +47,7 @@ jest.mock('../../hooks/use_fetch_historical_summary');
 jest.mock('../../hooks/use_permissions');
 jest.mock('../../hooks/use_capabilities');
 jest.mock('../../hooks/use_create_data_view');
+jest.mock('@kbn/ebt-tools');
 
 const useGetSettingsMock = useGetSettings as jest.Mock;
 const useKibanaMock = useKibana as jest.Mock;
@@ -58,9 +60,10 @@ const useFetchHistoricalSummaryMock = useFetchHistoricalSummary as jest.Mock;
 const usePermissionsMock = usePermissions as jest.Mock;
 const useCreateDataViewMock = useCreateDataView as jest.Mock;
 const TagsListMock = TagsList as jest.Mock;
+const usePerformanceContextMock = usePerformanceContext as jest.Mock;
 
+usePerformanceContextMock.mockReturnValue({ onPageReady: jest.fn() });
 TagsListMock.mockReturnValue(<div>Tags list</div>);
-
 const HeaderMenuPortalMock = HeaderMenuPortal as jest.Mock;
 HeaderMenuPortalMock.mockReturnValue(<div>Portal node</div>);
 
diff --git a/x-pack/plugins/observability_solution/slo/public/plugin.ts b/x-pack/plugins/observability_solution/slo/public/plugin.ts
index e387a7f85a7e3..5748a55c21489 100644
--- a/x-pack/plugins/observability_solution/slo/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/slo/public/plugin.ts
@@ -108,24 +108,21 @@ export class SloPlugin
         pluginsSetup.embeddable.registerReactEmbeddableFactory(
           SLO_OVERVIEW_EMBEDDABLE_ID,
           async () => {
-            const deps = { ...coreStart, ...pluginsStart };
             const { getOverviewEmbeddableFactory } = await import(
               './embeddable/slo/overview/slo_embeddable_factory'
             );
-            return getOverviewEmbeddableFactory(deps);
+            return getOverviewEmbeddableFactory(coreSetup.getStartServices);
           }
         );
 
         pluginsSetup.embeddable.registerReactEmbeddableFactory(
           SLO_ALERTS_EMBEDDABLE_ID,
           async () => {
-            const deps = { ...coreStart, ...pluginsStart };
-
             const { getAlertsEmbeddableFactory } = await import(
               './embeddable/slo/alerts/slo_alerts_embeddable_factory'
             );
 
-            return getAlertsEmbeddableFactory(deps, kibanaVersion);
+            return getAlertsEmbeddableFactory(coreSetup.getStartServices, kibanaVersion);
           }
         );
 
@@ -141,7 +138,8 @@ export class SloPlugin
         const registerAsyncSloUiActions = async () => {
           if (pluginsSetup.uiActions) {
             const { registerSloUiActions } = await import('./ui_actions');
-            registerSloUiActions(pluginsSetup.uiActions, coreSetup);
+
+            registerSloUiActions(coreSetup, pluginsSetup, pluginsStart);
           }
         };
         registerAsyncSloUiActions();
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
index b365881bf915a..63926aa24cd82 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
@@ -26,6 +26,7 @@ export function createAddAlertsPanelAction(
     id: ADD_SLO_ALERTS_ACTION_ID,
     grouping: COMMON_SLO_GROUPING,
     getIconType: () => 'alert',
+    order: 20,
     isCompatible: async ({ embeddable }) => {
       return apiIsPresentationContainer(embeddable);
     },
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
index c619252bc6eb8..8d311bfdce70b 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
@@ -24,6 +24,7 @@ export function createAddErrorBudgetPanelAction(
   return {
     id: ADD_SLO_ERROR_BUDGET_ACTION_ID,
     grouping: COMMON_SLO_GROUPING,
+    order: 10,
     getIconType: () => 'visLine',
     isCompatible: async ({ embeddable }) => {
       return apiIsPresentationContainer(embeddable);
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
index edb7b129927b0..49d2d269d4cdd 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
@@ -25,6 +25,7 @@ export function createOverviewPanelAction(
   return {
     id: ADD_SLO_OVERVIEW_ACTION_ID,
     grouping: COMMON_SLO_GROUPING,
+    order: 30,
     getIconType: () => 'visGauge',
     isCompatible: async ({ embeddable }) => {
       return apiIsPresentationContainer(embeddable);
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_alerts_panel.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_alerts_panel.tsx
deleted file mode 100644
index ce9b4d196ffb5..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_alerts_panel.tsx
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { i18n } from '@kbn/i18n';
-import { ViewMode } from '@kbn/embeddable-plugin/common';
-import type { CoreSetup } from '@kbn/core/public';
-import {
-  apiCanAccessViewMode,
-  apiHasType,
-  apiIsOfType,
-  EmbeddableApiContext,
-  getInheritedViewMode,
-  CanAccessViewMode,
-  HasType,
-} from '@kbn/presentation-publishing';
-import { type UiActionsActionDefinition } from '@kbn/ui-actions-plugin/public';
-import { SLO_ALERTS_EMBEDDABLE_ID } from '../embeddable/slo/alerts/constants';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
-import {
-  HasSloAlertsConfig,
-  SloAlertsEmbeddableActionContext,
-} from '../embeddable/slo/alerts/types';
-export const EDIT_SLO_ALERTS_ACTION = 'editSloAlertsPanelAction';
-type EditSloAlertsPanelApi = CanAccessViewMode & HasType & HasSloAlertsConfig;
-const isEditSloAlertsPanelApi = (api: unknown): api is EditSloAlertsPanelApi =>
-  Boolean(
-    apiHasType(api) &&
-      apiIsOfType(api, SLO_ALERTS_EMBEDDABLE_ID) &&
-      apiCanAccessViewMode(api) &&
-      getInheritedViewMode(api) === ViewMode.EDIT
-  );
-
-export function createEditSloAlertsPanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
-): UiActionsActionDefinition<SloAlertsEmbeddableActionContext> {
-  return {
-    id: EDIT_SLO_ALERTS_ACTION,
-    type: EDIT_SLO_ALERTS_ACTION,
-    getIconType(): string {
-      return 'pencil';
-    },
-    getDisplayName: () =>
-      i18n.translate('xpack.slo.actions.editSloAlertsEmbeddableTitle', {
-        defaultMessage: 'Edit configuration',
-      }),
-    async execute({ embeddable }) {
-      if (!embeddable) {
-        throw new Error('Not possible to execute an action without the embeddable context');
-      }
-
-      const [coreStart, pluginStart] = await getStartServices();
-
-      try {
-        const { openSloConfiguration } = await import(
-          '../embeddable/slo/alerts/slo_alerts_open_configuration'
-        );
-
-        const result = await openSloConfiguration(
-          coreStart,
-          pluginStart,
-          embeddable.getSloAlertsConfig()
-        );
-        embeddable.updateSloAlertsConfig(result);
-      } catch (e) {
-        return Promise.reject();
-      }
-    },
-    isCompatible: async ({ embeddable }: EmbeddableApiContext) =>
-      isEditSloAlertsPanelApi(embeddable),
-  };
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_overview_panel.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_overview_panel.tsx
deleted file mode 100644
index 55f5c9b6feb0d..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/edit_slo_overview_panel.tsx
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { i18n } from '@kbn/i18n';
-import { ViewMode } from '@kbn/embeddable-plugin/common';
-import type { CoreSetup } from '@kbn/core/public';
-import {
-  apiCanAccessViewMode,
-  apiHasType,
-  apiIsOfType,
-  EmbeddableApiContext,
-  getInheritedViewMode,
-  CanAccessViewMode,
-  HasType,
-} from '@kbn/presentation-publishing';
-import {
-  type UiActionsActionDefinition,
-  IncompatibleActionError,
-} from '@kbn/ui-actions-plugin/public';
-import { SLO_EMBEDDABLE } from '../embeddable/slo/constants';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
-import {
-  GroupSloCustomInput,
-  HasSloGroupOverviewConfig,
-  SloOverviewEmbeddableActionContext,
-  apiHasSloGroupOverviewConfig,
-} from '../embeddable/slo/overview/types';
-
-export const EDIT_SLO_OVERVIEW_ACTION = 'editSloOverviewPanelAction';
-type EditSloOverviewPanelApi = CanAccessViewMode & HasType & HasSloGroupOverviewConfig;
-const isEditSloOverviewPanelApi = (api: unknown): api is EditSloOverviewPanelApi =>
-  Boolean(
-    apiHasType(api) &&
-      apiIsOfType(api, SLO_EMBEDDABLE) &&
-      apiCanAccessViewMode(api) &&
-      getInheritedViewMode(api) === ViewMode.EDIT
-  );
-
-export function createEditSloOverviewPanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
-): UiActionsActionDefinition<SloOverviewEmbeddableActionContext> {
-  return {
-    id: EDIT_SLO_OVERVIEW_ACTION,
-    type: EDIT_SLO_OVERVIEW_ACTION,
-    getIconType(): string {
-      return 'pencil';
-    },
-    getDisplayName: () =>
-      i18n.translate('xpack.slo.actions.editSloOverviewEmbeddableTitle', {
-        defaultMessage: 'Edit criteria',
-      }),
-    async execute(context) {
-      const { embeddable } = context;
-      if (!apiHasSloGroupOverviewConfig(embeddable)) {
-        throw new IncompatibleActionError();
-      }
-
-      const [coreStart, pluginStart] = await getStartServices();
-
-      try {
-        const { openSloConfiguration } = await import(
-          '../embeddable/slo/overview/slo_overview_open_configuration'
-        );
-
-        const result = await openSloConfiguration(
-          coreStart,
-          pluginStart,
-          embeddable.getSloGroupOverviewConfig()
-        );
-        embeddable.updateSloGroupOverviewConfig(result as GroupSloCustomInput);
-      } catch (e) {
-        return Promise.reject();
-      }
-    },
-    isCompatible: async ({ embeddable }: EmbeddableApiContext) => {
-      return (
-        isEditSloOverviewPanelApi(embeddable) &&
-        embeddable.getSloGroupOverviewConfig().overviewMode === 'groups'
-      );
-    },
-  };
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
index 76862a3afe90d..95c1f19a8842a 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
@@ -5,31 +5,31 @@
  * 2.0.
  */
 
-import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public';
-import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public';
+import { ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
 import type { CoreSetup } from '@kbn/core/public';
-import { createEditSloAlertsPanelAction } from './edit_slo_alerts_panel';
-import { createEditSloOverviewPanelAction } from './edit_slo_overview_panel';
 import { createOverviewPanelAction } from './create_overview_panel_action';
 import { createAddErrorBudgetPanelAction } from './create_error_budget_action';
 import { createAddAlertsPanelAction } from './create_alerts_panel_action';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
+import { SloPublicPluginsStart, SloPublicStart, SloPublicPluginsSetup } from '..';
 
 export function registerSloUiActions(
-  uiActions: UiActionsSetup,
-  core: CoreSetup<SloPublicPluginsStart, SloPublicStart>
+  core: CoreSetup<SloPublicPluginsStart, SloPublicStart>,
+  pluginsSetup: SloPublicPluginsSetup,
+  pluginsStart: SloPublicPluginsStart
 ) {
+  const { uiActions } = pluginsSetup;
+  const { serverless, cloud } = pluginsStart;
+
   // Initialize actions
-  const editSloAlertsPanelAction = createEditSloAlertsPanelAction(core.getStartServices);
-  const editSloOverviewPanelAction = createEditSloOverviewPanelAction(core.getStartServices);
   const addOverviewPanelAction = createOverviewPanelAction(core.getStartServices);
   const addErrorBudgetPanelAction = createAddErrorBudgetPanelAction(core.getStartServices);
   const addAlertsPanelAction = createAddAlertsPanelAction(core.getStartServices);
 
   // Assign triggers
-  uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, editSloAlertsPanelAction);
-  uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, editSloOverviewPanelAction);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addOverviewPanelAction);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addErrorBudgetPanelAction);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addAlertsPanelAction);
+  // Only register these actions in stateful kibana, and the serverless observability project
+  if (Boolean((serverless && cloud?.serverless.projectType === 'observability') || !serverless)) {
+    uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addOverviewPanelAction);
+    uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addErrorBudgetPanelAction);
+    uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAlertsPanelAction);
+  }
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx b/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
index 5744a802f6aff..1fe6ece726610 100644
--- a/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
@@ -5,19 +5,18 @@
  * 2.0.
  */
 
-import React from 'react';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { render as testLibRender } from '@testing-library/react';
 import { AppMountParameters } from '@kbn/core/public';
 import { coreMock } from '@kbn/core/public/mocks';
+import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
+import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { createObservabilityRuleTypeRegistryMock } from '@kbn/observability-plugin/public';
 import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import translations from '@kbn/translations-plugin/translations/ja-JP.json';
-import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
-import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
-
-import { createObservabilityRuleTypeRegistryMock } from '@kbn/observability-plugin/public';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { render as testLibRender } from '@testing-library/react';
+import React from 'react';
 import { PluginContext } from '../context/plugin_context';
 
 const appMountParameters = { setHeaderActionMenu: () => {} } as unknown as AppMountParameters;
diff --git a/x-pack/plugins/observability_solution/slo/tsconfig.json b/x-pack/plugins/observability_solution/slo/tsconfig.json
index b3974d1e20c91..25d6c32b6d0db 100644
--- a/x-pack/plugins/observability_solution/slo/tsconfig.json
+++ b/x-pack/plugins/observability_solution/slo/tsconfig.json
@@ -96,6 +96,7 @@
     "@kbn/code-editor",
     "@kbn/react-kibana-context-render",
     "@kbn/core-application-browser",
-    "@kbn/core-theme-browser"
+    "@kbn/core-theme-browser",
+    "@kbn/ebt-tools"
   ]
 }
diff --git a/x-pack/plugins/observability_solution/synthetics/common/rules/uptime_rule_field_map.ts b/x-pack/plugins/observability_solution/synthetics/common/rules/synthetics_rule_field_map.ts
similarity index 75%
rename from x-pack/plugins/observability_solution/synthetics/common/rules/uptime_rule_field_map.ts
rename to x-pack/plugins/observability_solution/synthetics/common/rules/synthetics_rule_field_map.ts
index be097ed8d8268..97ed491b320c9 100644
--- a/x-pack/plugins/observability_solution/synthetics/common/rules/uptime_rule_field_map.ts
+++ b/x-pack/plugins/observability_solution/synthetics/common/rules/synthetics_rule_field_map.ts
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export const uptimeRuleFieldMap = {
+import { FieldMap } from '@kbn/alerts-as-data-utils';
+
+export const syntheticsRuleFieldMap: FieldMap = {
   // common fields
   'monitor.id': {
     type: 'keyword',
@@ -36,6 +38,27 @@ export const uptimeRuleFieldMap = {
     type: 'keyword',
     required: false,
   },
+  'monitor.tags': {
+    type: 'keyword',
+    array: true,
+    required: false,
+  },
+  configId: {
+    type: 'keyword',
+    required: false,
+  },
+  'host.name': {
+    type: 'keyword',
+    required: false,
+  },
+  'location.id': {
+    type: 'keyword',
+    required: false,
+  },
+  'location.name': {
+    type: 'keyword',
+    required: false,
+  },
   // tls alert fields
   'tls.server.x509.issuer.common_name': {
     type: 'keyword',
@@ -67,5 +90,3 @@ export const uptimeRuleFieldMap = {
     required: false,
   },
 } as const;
-
-export type UptimeRuleFieldMap = typeof uptimeRuleFieldMap;
diff --git a/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/monitor_types_project.ts b/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/monitor_types_project.ts
index 99082a43f09b3..0658d0964fe66 100644
--- a/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/monitor_types_project.ts
+++ b/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/monitor_types_project.ts
@@ -6,9 +6,23 @@
  */
 
 import * as t from 'io-ts';
+import { Either } from 'fp-ts/Either';
 import { AlertConfigsCodec } from './alert_config';
 import { ScreenshotOptionCodec } from './monitor_configs';
 
+const ProjectMonitorSchedule = new t.Type<string | number, string | number, unknown>(
+  'ProjectMonitorSchedule',
+  t.string.is,
+  (input, context): Either<t.Errors, string | number> => {
+    if (typeof input === 'number' || input === '10s' || input === '30s') {
+      return t.success(input);
+    } else {
+      return t.failure(input, context);
+    }
+  },
+  t.identity
+);
+
 export const ProjectMonitorThrottlingConfigCodec = t.union([
   t.interface({
     download: t.number,
@@ -23,7 +37,7 @@ export const ProjectMonitorCodec = t.intersection([
     type: t.string,
     id: t.string,
     name: t.string,
-    schedule: t.number,
+    schedule: ProjectMonitorSchedule,
   }),
   t.partial({
     content: t.string,
diff --git a/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/synthetics_overview_status.ts b/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/synthetics_overview_status.ts
index d6a40ff10a642..54238d01a915d 100644
--- a/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/synthetics_overview_status.ts
+++ b/x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/synthetics_overview_status.ts
@@ -26,6 +26,7 @@ export const OverviewPingCodec = t.intersection([
   }),
   t.partial({
     error: PingErrorType,
+    tags: t.array(t.string),
   }),
 ]);
 
diff --git a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/monitor_add_edit/fields/uploader.tsx b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/monitor_add_edit/fields/uploader.tsx
index e028e24504f03..9e9a4803a5795 100644
--- a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/monitor_add_edit/fields/uploader.tsx
+++ b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/monitor_add_edit/fields/uploader.tsx
@@ -10,6 +10,10 @@ import React, { useState, useRef } from 'react';
 import { i18n } from '@kbn/i18n';
 
 import { EuiFormRow, EuiFilePicker } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 
 interface Props {
   onUpload: ({ scriptText, fileName }: { scriptText: string; fileName: string }) => void;
@@ -18,7 +22,7 @@ interface Props {
 export function Uploader({ onUpload }: Props) {
   const fileReader = useRef<null | FileReader>(null);
   const [error, setError] = useState<string | null>(null);
-  const filePickerRef = useRef<EuiFilePicker>(null);
+  const filePickerRef = useRef<EuiFilePickerClass>(null);
 
   const handleFileRead = (fileName: string) => {
     const content = fileReader?.current?.result as string;
@@ -58,7 +62,7 @@ export function Uploader({ onUpload }: Props) {
       <EuiFilePicker
         id="syntheticsFleetScriptRecorderUploader"
         data-test-subj="syntheticsFleetScriptRecorderUploader"
-        ref={filePickerRef}
+        ref={filePickerRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
         initialPromptText={PROMPT_TEXT}
         onChange={handleFileChosen}
         display={'large'}
diff --git a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts
index cfa986a6426a3..4cc61d61688f4 100644
--- a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts
+++ b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts
@@ -70,7 +70,7 @@ export const useSimpleRunOnceMonitors = ({
 
     // Whenever a new found document is fetched, update lastUpdated
     const docsChecksum = docs
-      .map(({ _id }: { _id: string }) => _id)
+      .map(({ _id }: { _id?: string }) => _id!)
       .reduce((acc, cur) => acc + cur, '');
     if (docsChecksum !== lastUpdated.current.checksum) {
       // Mutating lastUpdated
diff --git a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx
index a3f07d6cfbc14..9ebcc12af8192 100644
--- a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx
+++ b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx
@@ -31,7 +31,7 @@ export function SimpleTestResults({ testRunId, expectPings, onDone }: Props) {
         );
         return summaryDocs.map((updatedDoc) => ({
           ...updatedDoc,
-          ...(prevById[updatedDoc.docId] ?? {}),
+          ...(prevById[updatedDoc.docId!] ?? {}),
         }));
       });
 
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.test.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.test.ts
index 2edcd37a95927..58227c38cfb54 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.test.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.test.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { alertsMock } from '@kbn/alerting-plugin/server/mocks';
 import { IBasePath } from '@kbn/core/server';
 import { updateState, setRecoveredAlertsContext } from './common';
 import { SyntheticsCommonState } from '../../common/runtime_types/alert_rules/common';
@@ -186,8 +185,6 @@ describe('updateState', () => {
 });
 
 describe('setRecoveredAlertsContext', () => {
-  const { alertFactory } = alertsMock.createRuleExecutorServices();
-  const { getRecoveredAlerts } = alertFactory.done();
   const alertUuid = 'alert-id';
   const location = 'US Central';
   const configId = '12345';
@@ -195,7 +192,6 @@ describe('setRecoveredAlertsContext', () => {
   const basePath = {
     publicBaseUrl: 'https://localhost:5601',
   } as IBasePath;
-  const getAlertUuid = () => alertUuid;
 
   const upConfigs = {
     [idWithLocation]: {
@@ -219,17 +215,26 @@ describe('setRecoveredAlertsContext', () => {
   };
 
   it('sets context correctly when monitor is deleted', () => {
-    const setContext = jest.fn();
-    getRecoveredAlerts.mockReturnValue([
-      {
-        getId: () => alertUuid,
-        getState: () => ({
-          idWithLocation,
-          monitorName: 'test-monitor',
-        }),
-        setContext,
-      },
-    ]);
+    const alertsClientMock = {
+      report: jest.fn(),
+      getAlertLimitValue: jest.fn().mockReturnValue(10),
+      setAlertLimitReached: jest.fn(),
+      getRecoveredAlerts: jest.fn().mockReturnValue([
+        {
+          alert: {
+            getId: () => alertUuid,
+            getState: () => ({
+              idWithLocation,
+              monitorName: 'test-monitor',
+            }),
+            setContext: jest.fn(),
+            getUuid: () => alertUuid,
+          },
+        },
+      ]),
+      setAlertData: jest.fn(),
+      isTrackedAlert: jest.fn(),
+    };
     const staleDownConfigs = {
       [idWithLocation]: {
         configId,
@@ -250,45 +255,56 @@ describe('setRecoveredAlertsContext', () => {
       },
     };
     setRecoveredAlertsContext({
-      alertFactory,
+      alertsClient: alertsClientMock,
       basePath,
-      getAlertUuid,
       spaceId: 'default',
       staleDownConfigs,
       upConfigs: {},
       dateFormat,
       tz: 'UTC',
     });
-    expect(setContext).toBeCalledWith({
-      checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
-      configId: '12345',
-      idWithLocation,
-      linkMessage: '',
-      alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
-      monitorName: 'test-monitor',
-      recoveryReason: 'the monitor has been deleted',
-      recoveryStatus: 'has been deleted',
-      monitorUrl: '(unavailable)',
-      monitorUrlLabel: 'URL',
-      reason:
-        'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
-      stateId: '123456',
-      status: 'recovered',
+    expect(alertsClientMock.setAlertData).toBeCalledWith({
+      id: 'alert-id',
+      context: {
+        checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
+        configId: '12345',
+        idWithLocation,
+        linkMessage: '',
+        alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
+        monitorName: 'test-monitor',
+        recoveryReason: 'the monitor has been deleted',
+        recoveryStatus: 'has been deleted',
+        monitorUrl: '(unavailable)',
+        monitorUrlLabel: 'URL',
+        reason:
+          'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
+        stateId: '123456',
+        status: 'recovered',
+      },
     });
   });
 
   it('sets context correctly when location is removed', () => {
-    const setContext = jest.fn();
-    getRecoveredAlerts.mockReturnValue([
-      {
-        getId: () => alertUuid,
-        getState: () => ({
-          idWithLocation,
-          monitorName: 'test-monitor',
-        }),
-        setContext,
-      },
-    ]);
+    const alertsClientMock = {
+      report: jest.fn(),
+      getAlertLimitValue: jest.fn().mockReturnValue(10),
+      setAlertLimitReached: jest.fn(),
+      getRecoveredAlerts: jest.fn().mockReturnValue([
+        {
+          alert: {
+            getId: () => alertUuid,
+            getState: () => ({
+              idWithLocation,
+              monitorName: 'test-monitor',
+            }),
+            setContext: jest.fn(),
+            getUuid: () => alertUuid,
+          },
+        },
+      ]),
+      setAlertData: jest.fn(),
+      isTrackedAlert: jest.fn(),
+    };
     const staleDownConfigs = {
       [idWithLocation]: {
         configId,
@@ -309,47 +325,58 @@ describe('setRecoveredAlertsContext', () => {
       },
     };
     setRecoveredAlertsContext({
-      alertFactory,
+      alertsClient: alertsClientMock,
       basePath,
-      getAlertUuid,
       spaceId: 'default',
       staleDownConfigs,
       upConfigs: {},
       dateFormat,
       tz: 'UTC',
     });
-    expect(setContext).toBeCalledWith({
-      configId: '12345',
-      checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
-      monitorUrl: '(unavailable)',
-      reason:
-        'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
-      idWithLocation,
-      linkMessage: '',
-      alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
-      monitorName: 'test-monitor',
-      recoveryReason: 'this location has been removed from the monitor',
-      recoveryStatus: 'has recovered',
-      stateId: '123456',
-      status: 'recovered',
-      monitorUrlLabel: 'URL',
+    expect(alertsClientMock.setAlertData).toBeCalledWith({
+      id: 'alert-id',
+      context: {
+        configId: '12345',
+        checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
+        monitorUrl: '(unavailable)',
+        reason:
+          'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
+        idWithLocation,
+        linkMessage: '',
+        alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
+        monitorName: 'test-monitor',
+        recoveryReason: 'this location has been removed from the monitor',
+        recoveryStatus: 'has recovered',
+        stateId: '123456',
+        status: 'recovered',
+        monitorUrlLabel: 'URL',
+      },
     });
   });
 
   it('sets context correctly when monitor is up', () => {
-    const setContext = jest.fn();
-    getRecoveredAlerts.mockReturnValue([
-      {
-        getId: () => alertUuid,
-        getState: () => ({
-          idWithLocation,
-          monitorName: 'test-monitor',
-          locationId: 'us_west',
-          configId: '12345-67891',
-        }),
-        setContext,
-      },
-    ]);
+    const alertsClientMock = {
+      report: jest.fn(),
+      getAlertLimitValue: jest.fn().mockReturnValue(10),
+      setAlertLimitReached: jest.fn(),
+      getRecoveredAlerts: jest.fn().mockReturnValue([
+        {
+          alert: {
+            getId: () => alertUuid,
+            getState: () => ({
+              idWithLocation,
+              monitorName: 'test-monitor',
+              locationId: 'us_west',
+              configId: '12345-67891',
+            }),
+            setContext: jest.fn(),
+            getUuid: () => alertUuid,
+          },
+        },
+      ]),
+      setAlertData: jest.fn(),
+      isTrackedAlert: jest.fn(),
+    };
     const staleDownConfigs = {
       [idWithLocation]: {
         configId,
@@ -370,33 +397,35 @@ describe('setRecoveredAlertsContext', () => {
       },
     };
     setRecoveredAlertsContext({
-      alertFactory,
+      alertsClient: alertsClientMock,
       basePath,
-      getAlertUuid,
       spaceId: 'default',
       staleDownConfigs,
       upConfigs,
       dateFormat,
       tz: 'UTC',
     });
-    expect(setContext).toBeCalledWith({
-      configId: '12345-67891',
-      idWithLocation,
-      alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
-      monitorName: 'test-monitor',
-      status: 'up',
-      recoveryReason:
-        'the monitor is now up again. It ran successfully at Feb 26, 2023 @ 00:00:00.000',
-      recoveryStatus: 'is now up',
-      locationId: 'us_west',
-      checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
-      linkMessage:
-        '- Link: https://localhost:5601/app/synthetics/monitor/12345-67891/errors/123456?locationId=us_west',
-      monitorUrl: '(unavailable)',
-      monitorUrlLabel: 'URL',
-      reason:
-        'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
-      stateId: null,
+    expect(alertsClientMock.setAlertData).toBeCalledWith({
+      id: 'alert-id',
+      context: {
+        configId: '12345-67891',
+        idWithLocation,
+        alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id',
+        monitorName: 'test-monitor',
+        status: 'up',
+        recoveryReason:
+          'the monitor is now up again. It ran successfully at Feb 26, 2023 @ 00:00:00.000',
+        recoveryStatus: 'is now up',
+        locationId: 'us_west',
+        checkedAt: 'Feb 26, 2023 @ 00:00:00.000',
+        linkMessage:
+          '- Link: https://localhost:5601/app/synthetics/monitor/12345-67891/errors/123456?locationId=us_west',
+        monitorUrl: '(unavailable)',
+        monitorUrlLabel: 'URL',
+        reason:
+          'Monitor "test-monitor" from Unnamed-location is recovered. Checked at February 25, 2023 7:00 PM.',
+        stateId: null,
+      },
     });
   });
 });
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts
index dc8bb9c25afe2..28a01845212d2 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts
@@ -8,14 +8,23 @@ import moment, { Moment } from 'moment';
 import { isRight } from 'fp-ts/lib/Either';
 import Mustache from 'mustache';
 import { IBasePath } from '@kbn/core/server';
-import { IRuleTypeAlerts, RuleExecutorServices } from '@kbn/alerting-plugin/server';
+import {
+  IRuleTypeAlerts,
+  ActionGroupIdsOf,
+  AlertInstanceContext as AlertContext,
+  AlertInstanceState as AlertState,
+} from '@kbn/alerting-plugin/server';
 import { addSpaceIdToPath } from '@kbn/spaces-plugin/common';
 import { i18n } from '@kbn/i18n';
 import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query';
-import { legacyExperimentalFieldMap } from '@kbn/alerts-as-data-utils';
+import { legacyExperimentalFieldMap, ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils';
+import { PublicAlertsClient } from '@kbn/alerting-plugin/server/alerts_client/types';
+import { syntheticsRuleFieldMap } from '../../common/rules/synthetics_rule_field_map';
 import { combineFiltersAndUserSearch, stringifyKueries } from '../../common/lib';
-import { SYNTHETICS_RULE_TYPES_ALERT_CONTEXT } from '../../common/constants/synthetics_alerts';
-import { uptimeRuleFieldMap } from '../../common/rules/uptime_rule_field_map';
+import {
+  MonitorStatusActionGroup,
+  SYNTHETICS_RULE_TYPES_ALERT_CONTEXT,
+} from '../../common/constants/synthetics_alerts';
 import {
   getUptimeIndexPattern,
   IndexPatternTitleAndFields,
@@ -26,7 +35,6 @@ import { getMonitorSummary } from './status_rule/message_utils';
 import {
   SyntheticsCommonState,
   SyntheticsCommonStateCodec,
-  SyntheticsMonitorStatusAlertState,
 } from '../../common/runtime_types/alert_rules/common';
 import { getSyntheticsErrorRouteFromMonitorId } from '../../common/utils/get_synthetics_monitor_url';
 import { ALERT_DETAILS_URL, RECOVERY_REASON } from './action_variables';
@@ -154,30 +162,33 @@ export const getErrorDuration = (startedAt: Moment, endsAt: Moment) => {
 };
 
 export const setRecoveredAlertsContext = ({
-  alertFactory,
+  alertsClient,
   basePath,
-  getAlertUuid,
   spaceId,
   staleDownConfigs,
   upConfigs,
   dateFormat,
   tz,
 }: {
-  alertFactory: RuleExecutorServices['alertFactory'];
+  alertsClient: PublicAlertsClient<
+    ObservabilityUptimeAlert,
+    AlertState,
+    AlertContext,
+    ActionGroupIdsOf<MonitorStatusActionGroup>
+  >;
   basePath?: IBasePath;
-  getAlertUuid?: (alertId: string) => string | null;
   spaceId?: string;
   staleDownConfigs: AlertOverviewStatus['staleDownConfigs'];
   upConfigs: AlertOverviewStatus['upConfigs'];
   dateFormat: string;
   tz: string;
 }) => {
-  const { getRecoveredAlerts } = alertFactory.done();
-  for (const alert of getRecoveredAlerts()) {
-    const recoveredAlertId = alert.getId();
-    const alertUuid = getAlertUuid?.(recoveredAlertId) || undefined;
+  const recoveredAlerts = alertsClient.getRecoveredAlerts() ?? [];
+  for (const recoveredAlert of recoveredAlerts) {
+    const recoveredAlertId = recoveredAlert.alert.getId();
+    const alertUuid = recoveredAlert.alert.getUuid();
 
-    const state = alert.getState() as SyntheticsCommonState & SyntheticsMonitorStatusAlertState;
+    const state = recoveredAlert.alert.getState();
 
     let recoveryReason = '';
     let recoveryStatus = i18n.translate(
@@ -279,7 +290,7 @@ export const setRecoveredAlertsContext = ({
       }
     }
 
-    alert.setContext({
+    const context = {
       ...state,
       ...(monitorSummary ? monitorSummary : {}),
       lastErrorMessage,
@@ -290,7 +301,8 @@ export const setRecoveredAlertsContext = ({
       ...(basePath && spaceId && alertUuid
         ? { [ALERT_DETAILS_URL]: getAlertDetailsUrl(basePath, spaceId, alertUuid) }
         : {}),
-    });
+    };
+    alertsClient.setAlertData({ id: recoveredAlertId, context });
   }
 };
 
@@ -340,10 +352,13 @@ export const generateFilterDSL = async (
   return toElasticsearchQuery(fromKueryExpression(combinedString ?? ''), await getIndexPattern());
 };
 
-export const uptimeRuleTypeFieldMap = { ...uptimeRuleFieldMap, ...legacyExperimentalFieldMap };
+export const syntheticsRuleTypeFieldMap = {
+  ...syntheticsRuleFieldMap,
+  ...legacyExperimentalFieldMap,
+};
 
-export const UptimeRuleTypeAlertDefinition: IRuleTypeAlerts = {
+export const SyntheticsRuleTypeAlertDefinition: IRuleTypeAlerts = {
   context: SYNTHETICS_RULE_TYPES_ALERT_CONTEXT,
-  mappings: { fieldMap: uptimeRuleTypeFieldMap },
+  mappings: { fieldMap: syntheticsRuleTypeFieldMap },
   useLegacyAlerts: true,
 };
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/message_utils.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/message_utils.ts
index f05309dbd8511..22b15b5cdefd0 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/message_utils.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/message_utils.ts
@@ -34,7 +34,9 @@ export const getMonitorAlertDocument = (monitorSummary: MonitorSummaryStatusRule
   [ALERT_REASON]: monitorSummary.reason,
   [STATE_ID]: monitorSummary.stateId,
   'location.id': monitorSummary.locationId,
+  'location.name': monitorSummary.locationName,
   configId: monitorSummary.configId,
+  'monitor.tags': monitorSummary.monitorTags ?? [],
 });
 
 export const getMonitorSummary = (
@@ -85,6 +87,7 @@ export const getMonitorSummary = (
       status: statusMessage,
       timestamp: monitorInfo['@timestamp'],
     }),
+    monitorTags: monitorInfo.tags,
   };
 };
 
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts
index 2117e26e37cf7..d042e8d323302 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts
@@ -8,9 +8,17 @@
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core/server';
 import { isEmpty } from 'lodash';
 import { ActionGroupIdsOf } from '@kbn/alerting-plugin/common';
-import { GetViewInAppRelativeUrlFnOpts } from '@kbn/alerting-plugin/server';
+import { PluginSetupContract } from '@kbn/alerting-plugin/server';
+import {
+  GetViewInAppRelativeUrlFnOpts,
+  AlertInstanceContext as AlertContext,
+  RuleExecutorOptions,
+  AlertsClientError,
+  IRuleTypeAlerts,
+} from '@kbn/alerting-plugin/server';
 import { observabilityPaths } from '@kbn/observability-plugin/common';
-import { createLifecycleRuleTypeFactory, IRuleDataClient } from '@kbn/rule-registry-plugin/server';
+import { ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils';
+import { syntheticsRuleFieldMap } from '../../../common/rules/synthetics_rule_field_map';
 import { SyntheticsPluginsSetupDependencies, SyntheticsServerSetup } from '../../types';
 import { DOWN_LABEL, getMonitorAlertDocument, getMonitorSummary } from './message_utils';
 import {
@@ -19,7 +27,7 @@ import {
 } from '../../../common/runtime_types/alert_rules/common';
 import { OverviewStatus } from '../../../common/runtime_types';
 import { StatusRuleExecutor } from './status_rule_executor';
-import { StatusRulePramsSchema } from '../../../common/rules/status_rule';
+import { StatusRulePramsSchema, StatusRuleParams } from '../../../common/rules/status_rule';
 import {
   MONITOR_STATUS,
   SYNTHETICS_ALERT_RULE_TYPES,
@@ -31,26 +39,32 @@ import {
   getViewInAppUrl,
   getRelativeViewInAppUrl,
   getFullViewInAppMessage,
-  UptimeRuleTypeAlertDefinition,
+  SyntheticsRuleTypeAlertDefinition,
 } from '../common';
 import { ALERT_DETAILS_URL, getActionVariables, VIEW_IN_APP_URL } from '../action_variables';
 import { STATUS_RULE_NAME } from '../translations';
 import { SyntheticsMonitorClient } from '../../synthetics_service/synthetics_monitor/synthetics_monitor_client';
 
-export type ActionGroupIds = ActionGroupIdsOf<typeof MONITOR_STATUS>;
+type MonitorStatusRuleTypeParams = StatusRuleParams;
+type MonitorStatusActionGroups = ActionGroupIdsOf<typeof MONITOR_STATUS>;
+type MonitorStatusRuleTypeState = SyntheticsCommonState;
+type MonitorStatusAlertState = SyntheticsMonitorStatusAlertState;
+type MonitorStatusAlertContext = AlertContext;
+type MonitorStatusAlert = ObservabilityUptimeAlert;
 
 export const registerSyntheticsStatusCheckRule = (
   server: SyntheticsServerSetup,
   plugins: SyntheticsPluginsSetupDependencies,
   syntheticsMonitorClient: SyntheticsMonitorClient,
-  ruleDataClient: IRuleDataClient
+  alerting: PluginSetupContract
 ) => {
-  const createLifecycleRuleType = createLifecycleRuleTypeFactory({
-    ruleDataClient,
-    logger: server.logger,
-  });
+  if (!alerting) {
+    throw new Error(
+      'Cannot register the synthetics monitor status rule type. The alerting plugin needs to be enabled.'
+    );
+  }
 
-  return createLifecycleRuleType({
+  alerting.registerType({
     id: SYNTHETICS_ALERT_RULE_TYPES.MONITOR_STATUS,
     category: DEFAULT_APP_CATEGORIES.observability.id,
     producer: 'uptime',
@@ -64,19 +78,22 @@ export const registerSyntheticsStatusCheckRule = (
     isExportable: true,
     minimumLicenseRequired: 'basic',
     doesSetRecoveryContext: true,
-    async executor({ state, params, services, spaceId, previousStartedAt }) {
-      const ruleState = state as SyntheticsCommonState;
-
+    executor: async (
+      options: RuleExecutorOptions<
+        MonitorStatusRuleTypeParams,
+        MonitorStatusRuleTypeState,
+        MonitorStatusAlertState,
+        MonitorStatusAlertContext,
+        MonitorStatusActionGroups,
+        MonitorStatusAlert
+      >
+    ) => {
+      const { state: ruleState, params, services, spaceId, previousStartedAt, startedAt } = options;
+      const { alertsClient, savedObjectsClient, scopedClusterClient, uiSettingsClient } = services;
+      if (!alertsClient) {
+        throw new AlertsClientError();
+      }
       const { basePath } = server;
-      const {
-        alertFactory,
-        getAlertUuid,
-        savedObjectsClient,
-        scopedClusterClient,
-        alertWithLifecycle,
-        uiSettingsClient,
-      } = services;
-
       const dateFormat = await uiSettingsClient.get('dateFormat');
       const timezone = await uiSettingsClient.get('dateFormat:tz');
       const tz = timezone === 'Browser' ? 'UTC' : timezone;
@@ -106,13 +123,11 @@ export const registerSyntheticsStatusCheckRule = (
           tz
         );
 
-        const alert = alertWithLifecycle({
+        const { uuid, start } = alertsClient.report({
           id: alertId,
-          fields: getMonitorAlertDocument(monitorSummary),
+          actionGroup: MONITOR_STATUS.id,
         });
-        const alertUuid = getAlertUuid(alertId);
-        const alertState = alert.getState() as SyntheticsMonitorStatusAlertState;
-        const errorStartedAt: string = alertState.errorStartedAt || ping['@timestamp'];
+        const errorStartedAt = start ?? startedAt.toISOString();
 
         let relativeViewInAppUrl = '';
         if (monitorSummary.stateId) {
@@ -123,31 +138,29 @@ export const registerSyntheticsStatusCheckRule = (
           });
         }
 
+        const payload = getMonitorAlertDocument(monitorSummary);
+
         const context = {
           ...monitorSummary,
+          idWithLocation,
           errorStartedAt,
           linkMessage: monitorSummary.stateId
             ? getFullViewInAppMessage(basePath, spaceId, relativeViewInAppUrl)
             : '',
           [VIEW_IN_APP_URL]: getViewInAppUrl(basePath, spaceId, relativeViewInAppUrl),
+          [ALERT_DETAILS_URL]: getAlertDetailsUrl(basePath, spaceId, uuid),
         };
 
-        alert.replaceState({
-          ...updateState(ruleState, true),
-          ...context,
-          idWithLocation,
-        });
-
-        alert.scheduleActions(MONITOR_STATUS.id, {
-          ...context,
-          [ALERT_DETAILS_URL]: getAlertDetailsUrl(basePath, spaceId, alertUuid),
+        alertsClient.setAlertData({
+          id: alertId,
+          payload,
+          context,
         });
       });
 
       setRecoveredAlertsContext({
-        alertFactory,
+        alertsClient,
         basePath,
-        getAlertUuid,
         spaceId,
         staleDownConfigs,
         upConfigs,
@@ -159,7 +172,11 @@ export const registerSyntheticsStatusCheckRule = (
         state: updateState(ruleState, !isEmpty(downConfigs), { downConfigs }),
       };
     },
-    alerts: UptimeRuleTypeAlertDefinition,
+    alerts: {
+      ...SyntheticsRuleTypeAlertDefinition,
+      shouldWrite: true,
+    } as IRuleTypeAlerts<MonitorStatusAlert>,
+    fieldsForAAD: Object.keys(syntheticsRuleFieldMap),
     getViewInAppRelativeUrl: ({ rule }: GetViewInAppRelativeUrlFnOpts<{}>) =>
       observabilityPaths.ruleDetails(rule.id),
   });
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/types.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/types.ts
index 9c8cc0b9a6e36..16f8318b04f2e 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/types.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/types.ts
@@ -20,4 +20,5 @@ export interface MonitorSummaryStatusRule {
   lastErrorMessage: string;
   stateId: string | null;
   monitorUrlLabel: string;
+  monitorTags?: string[];
 }
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts
index d4943685ee300..b251e950a5d4a 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts
@@ -19,6 +19,7 @@ import {
 } from '@kbn/observability-plugin/common';
 import { LocatorPublic } from '@kbn/share-plugin/common';
 import { schema } from '@kbn/config-schema';
+import { syntheticsRuleFieldMap } from '../../../common/rules/synthetics_rule_field_map';
 import { SyntheticsPluginsSetupDependencies, SyntheticsServerSetup } from '../../types';
 import { TlsTranslations } from '../../../common/rules/synthetics/translations';
 import {
@@ -35,7 +36,7 @@ import {
   SYNTHETICS_ALERT_RULE_TYPES,
   TLS_CERTIFICATE,
 } from '../../../common/constants/synthetics_alerts';
-import { generateAlertMessage, updateState, UptimeRuleTypeAlertDefinition } from '../common';
+import { generateAlertMessage, SyntheticsRuleTypeAlertDefinition, updateState } from '../common';
 import { ALERT_DETAILS_URL, getActionVariables } from '../action_variables';
 import { SyntheticsMonitorClient } from '../../synthetics_service/synthetics_monitor/synthetics_monitor_client';
 
@@ -152,7 +153,8 @@ export const registerSyntheticsTLSCheckRule = (
 
       return { state: updateState(ruleState, foundCerts) };
     },
-    alerts: UptimeRuleTypeAlertDefinition,
+    alerts: SyntheticsRuleTypeAlertDefinition,
+    fieldsForAAD: Object.keys(syntheticsRuleFieldMap),
     getViewInAppRelativeUrl: ({ rule }: GetViewInAppRelativeUrlFnOpts<{}>) =>
       observabilityPaths.ruleDetails(rule.id),
   });
diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/translations.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/translations.ts
index 21bbda2de813b..5dced6f8928e5 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/translations.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/translations.ts
@@ -52,6 +52,15 @@ export const commonMonitorStateI18: Array<{
       }
     ),
   },
+  {
+    name: 'monitorTags',
+    description: i18n.translate(
+      'xpack.synthetics.alertRules.monitorStatus.actionVariables.state.monitorTags',
+      {
+        defaultMessage: 'Tags associated with the monitor.',
+      }
+    ),
+  },
   {
     name: 'status',
     description: i18n.translate(
diff --git a/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts b/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts
index d90f694315015..d3f94a11cf2fa 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts
@@ -105,6 +105,6 @@ export const getLastSuccessfulCheck = async ({
   return {
     ...check,
     timestamp: check['@timestamp'],
-    docId: result.hits.hits[0]._id,
+    docId: result.hits.hits[0]._id!,
   };
 };
diff --git a/x-pack/plugins/observability_solution/synthetics/server/plugin.ts b/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
index 56d333780a3f0..01466504d22b4 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
@@ -30,7 +30,7 @@ import { UptimeConfig } from '../common/config';
 import { SyntheticsService } from './synthetics_service/synthetics_service';
 import { syntheticsServiceApiKey } from './saved_objects/service_api_key';
 import { SYNTHETICS_RULE_TYPES_ALERT_CONTEXT } from '../common/constants/synthetics_alerts';
-import { uptimeRuleTypeFieldMap } from './alert_rules/common';
+import { syntheticsRuleTypeFieldMap } from './alert_rules/common';
 
 export class Plugin implements PluginType {
   private savedObjectsClient?: SavedObjectsClientContract;
@@ -58,7 +58,7 @@ export class Plugin implements PluginType {
       componentTemplates: [
         {
           name: 'mappings',
-          mappings: mappingFromFieldMap(uptimeRuleTypeFieldMap, 'strict'),
+          mappings: mappingFromFieldMap(syntheticsRuleTypeFieldMap, 'strict'),
         },
       ],
     });
diff --git a/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts b/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts
index bc60f32046ed1..a5288a20dad74 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts
@@ -165,7 +165,7 @@ export const getJourneyDetails = async ({
 
     return {
       timestamp: journeySource['@timestamp'],
-      journey: { ...journeySource, _id: foundJourney._id },
+      journey: { ...journeySource, _id: foundJourney._id! },
       ...(summaryPing && 'state' in summaryPing && summaryPing.state
         ? {
             summary: {
diff --git a/x-pack/plugins/observability_solution/synthetics/server/queries/query_monitor_status.ts b/x-pack/plugins/observability_solution/synthetics/server/queries/query_monitor_status.ts
index ddea241f3a3df..fca44f0893afc 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/queries/query_monitor_status.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/queries/query_monitor_status.ts
@@ -30,6 +30,7 @@ const fields = [
   'agent',
   'url',
   'state',
+  'tags',
 ];
 
 export async function queryMonitorStatus(
diff --git a/x-pack/plugins/observability_solution/synthetics/server/server.ts b/x-pack/plugins/observability_solution/synthetics/server/server.ts
index 69a1aa79d2410..b394e4ffc6883 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/server.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/server.ts
@@ -138,18 +138,9 @@ export const initSyntheticsServer = (
     }
   });
 
-  const {
-    alerting: { registerType },
-  } = plugins;
+  const { alerting } = plugins;
 
-  const statusAlert = registerSyntheticsStatusCheckRule(
-    server,
-    plugins,
-    syntheticsMonitorClient,
-    ruleDataClient
-  );
-
-  registerType(statusAlert);
+  registerSyntheticsStatusCheckRule(server, plugins, syntheticsMonitorClient, alerting);
 
   const tlsRule = registerSyntheticsTLSCheckRule(
     server,
@@ -158,5 +149,5 @@ export const initSyntheticsServer = (
     ruleDataClient
   );
 
-  registerType(tlsRule);
+  alerting.registerType(tlsRule);
 };
diff --git a/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/normalizers/common_fields.ts b/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/normalizers/common_fields.ts
index 2c62f7df04ec9..fad8e096a483c 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/normalizers/common_fields.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/normalizers/common_fields.ts
@@ -75,10 +75,7 @@ export const getNormalizeCommonFields = ({
     [ConfigKey.JOURNEY_ID]: monitor.id || defaultFields[ConfigKey.JOURNEY_ID],
     [ConfigKey.MONITOR_SOURCE_TYPE]: SourceType.PROJECT,
     [ConfigKey.NAME]: monitor.name || '',
-    [ConfigKey.SCHEDULE]: {
-      number: `${monitor.schedule}`,
-      unit: ScheduleUnit.MINUTES,
-    },
+    [ConfigKey.SCHEDULE]: getMonitorSchedule(monitor.schedule, defaultFields[ConfigKey.SCHEDULE]),
     [ConfigKey.PROJECT_ID]: projectId,
     [ConfigKey.LOCATIONS]: monLocations,
     [ConfigKey.TAGS]: getOptionalListField(monitor.tags) || defaultFields[ConfigKey.TAGS],
@@ -145,8 +142,27 @@ export const getCustomHeartbeatId = (
   return `${monitor.id}-${projectId}-${namespace}`;
 };
 
-export const getMonitorSchedule = (schedule: number | string | MonitorFields['schedule']) => {
+export const getMonitorSchedule = (
+  schedule: number | string | MonitorFields['schedule'],
+  defaultValue?: MonitorFields['schedule']
+) => {
+  if (!schedule && defaultValue) {
+    return defaultValue;
+  }
   if (typeof schedule === 'number' || typeof schedule === 'string') {
+    if (typeof schedule === 'number') {
+      return {
+        number: `${schedule}`,
+        unit: ScheduleUnit.MINUTES,
+      };
+    }
+    if (schedule.includes('s')) {
+      return {
+        number: schedule.replace('s', ''),
+        unit: ScheduleUnit.SECONDS,
+      };
+    }
+
     return {
       number: `${schedule}`,
       unit: ScheduleUnit.MINUTES,
diff --git a/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/project_monitor_formatter.test.ts b/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/project_monitor_formatter.test.ts
index 8684f31f9cd56..ab77abac5afb6 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/project_monitor_formatter.test.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/project_monitor/project_monitor_formatter.test.ts
@@ -194,6 +194,40 @@ describe('ProjectMonitorFormatter', () => {
       updatedMonitors: [],
     });
   });
+  it('should return invalid schedule error', async () => {
+    const invalidMonitor = {
+      ...testMonitors[0],
+      schedule: '3m',
+    };
+    const pushMonitorFormatter = new ProjectMonitorFormatter({
+      projectId: 'test-project',
+      spaceId: 'default',
+      routeContext,
+      encryptedSavedObjectsClient,
+      monitors: [invalidMonitor],
+    });
+
+    pushMonitorFormatter.getProjectMonitorsForProject = jest.fn().mockResolvedValue([]);
+
+    await pushMonitorFormatter.configureAllProjectMonitors();
+
+    expect({
+      createdMonitors: pushMonitorFormatter.createdMonitors,
+      updatedMonitors: pushMonitorFormatter.updatedMonitors,
+      failedMonitors: pushMonitorFormatter.failedMonitors,
+    }).toStrictEqual({
+      createdMonitors: [],
+      failedMonitors: [
+        {
+          details: 'Invalid value "3m" supplied to "schedule"',
+          id: 'check if title is present 10 0',
+          payload: invalidMonitor,
+          reason: "Couldn't save or update monitor because of an invalid configuration.",
+        },
+      ],
+      updatedMonitors: [],
+    });
+  });
 
   it('catches errors from bulk edit method', async () => {
     soClient.bulkCreate.mockImplementation(async () => {
diff --git a/x-pack/plugins/observability_solution/uptime/common/rules/uptime_rule_field_map.ts b/x-pack/plugins/observability_solution/uptime/common/rules/uptime_rule_field_map.ts
index be097ed8d8268..ca6463416de6b 100644
--- a/x-pack/plugins/observability_solution/uptime/common/rules/uptime_rule_field_map.ts
+++ b/x-pack/plugins/observability_solution/uptime/common/rules/uptime_rule_field_map.ts
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export const uptimeRuleFieldMap = {
+import { FieldMap } from '@kbn/alerts-as-data-utils';
+
+export const uptimeRuleFieldMap: FieldMap = {
   // common fields
   'monitor.id': {
     type: 'keyword',
@@ -36,6 +38,27 @@ export const uptimeRuleFieldMap = {
     type: 'keyword',
     required: false,
   },
+  'monitor.tags': {
+    type: 'keyword',
+    array: true,
+    required: false,
+  },
+  configId: {
+    type: 'keyword',
+    required: false,
+  },
+  'host.name': {
+    type: 'keyword',
+    required: false,
+  },
+  'location.id': {
+    type: 'keyword',
+    required: false,
+  },
+  'location.name': {
+    type: 'keyword',
+    required: false,
+  },
   // tls alert fields
   'tls.server.x509.issuer.common_name': {
     type: 'keyword',
@@ -67,5 +90,3 @@ export const uptimeRuleFieldMap = {
     required: false,
   },
 } as const;
-
-export type UptimeRuleFieldMap = typeof uptimeRuleFieldMap;
diff --git a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/certificates/__snapshots__/cert_search.test.tsx.snap b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/certificates/__snapshots__/cert_search.test.tsx.snap
index 9a804c60fc48f..8bb42eaa7a5eb 100644
--- a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/certificates/__snapshots__/cert_search.test.tsx.snap
+++ b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/certificates/__snapshots__/cert_search.test.tsx.snap
@@ -13,6 +13,7 @@ exports[`CertificatesSearch renders expected elements for valid props 1`] = `
   >
     <div
       class="euiFormControlLayout__childrenWrapper"
+      style="--euiFormControlLeftIconsCount:1"
     >
       <div
         class="euiFormControlLayoutIcons euiFormControlLayoutIcons--left euiFormControlLayoutIcons--absolute"
@@ -29,7 +30,7 @@ exports[`CertificatesSearch renders expected elements for valid props 1`] = `
       </div>
       <input
         aria-label="Search certificates"
-        class="euiFieldSearch euiFieldSearch--fullWidth"
+        class="euiFieldSearch emotion-euiFieldSearch-fullWidth"
         data-test-subj="uptimeCertSearch"
         placeholder="Search certificates"
         type="search"
diff --git a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap
index 452d12596bda1..639557a2b9e1a 100644
--- a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap
+++ b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap
@@ -51,6 +51,7 @@ exports[`DonutChart component passes correct props without errors for valid prop
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -440,6 +441,7 @@ exports[`DonutChart component passes correct props without errors for valid prop
                 },
               },
               "isolatedPoint": Object {
+                "enabled": true,
                 "fill": "white",
                 "opacity": 1,
                 "radius": 2,
@@ -465,12 +467,15 @@ exports[`DonutChart component passes correct props without errors for valid prop
               "barBackground": "#EDF0F5",
               "border": "#EDF0F5",
               "emptyBackground": "transparent",
+              "iconAlign": "left",
               "minHeight": 64,
+              "minValueFontSize": 12,
               "nonFiniteText": "N/A",
-              "text": Object {
-                "darkColor": "#343741",
-                "lightColor": "#E0E5EE",
-              },
+              "textDarkColor": "#343741",
+              "textLightColor": "#E0E5EE",
+              "titlesTextAlign": "left",
+              "valueFontSize": "default",
+              "valuesTextAlign": "right",
             },
             "partition": Object {
               "circlePadding": 4,
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.test.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.test.ts
index 7d162b65b6484..13d959000c3a8 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.test.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.test.ts
@@ -538,10 +538,12 @@ describe('status check alert', () => {
               "latestErrorMessage": "error message 1",
               "monitorId": "first",
               "monitorName": "First",
+              "monitorTags": undefined,
               "monitorType": "myType",
               "monitorUrl": "localhost:8080",
               "observerHostname": undefined,
               "observerLocation": "harrisburg",
+              "observerName": undefined,
               "reason": "Monitor \\"First\\" from harrisburg failed 234 times in the last 14h. Alert when >= 4. Checked at July 6, 2020 9:14 PM.",
               "statusMessage": "failed 234 times in the last 14h. Alert when >= 4.",
               "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zmlyc3Q=?dateRangeEnd=now&dateRangeStart=7.7%20date&filters=%5B%5B%22observer.geo.name%22%2C%5B%22harrisburg%22%5D%5D%5D",
@@ -761,10 +763,12 @@ describe('status check alert', () => {
               "latestErrorMessage": "error message 1",
               "monitorId": "first",
               "monitorName": "First",
+              "monitorTags": undefined,
               "monitorType": "myType",
               "monitorUrl": "localhost:8080",
               "observerHostname": undefined,
               "observerLocation": "harrisburg",
+              "observerName": undefined,
               "reason": "Monitor \\"First\\" from harrisburg failed 234 times in the last 15 mins. Alert when >= 3. Checked at July 6, 2020 9:14 PM.",
               "statusMessage": "failed 234 times in the last 15 mins. Alert when >= 3.",
               "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zmlyc3Q=?dateRangeEnd=now&dateRangeStart=foo%20date%20string&filters=%5B%5B%22observer.geo.name%22%2C%5B%22harrisburg%22%5D%5D%5D",
@@ -971,88 +975,96 @@ describe('status check alert', () => {
 
       expect(alertsClient.setAlertData).toHaveBeenCalledTimes(4);
       expect(alertsClient.setAlertData.mock.calls).toMatchInlineSnapshot(`
-  Array [
-    Array [
-      Object {
-        "context": Object {
-          "alertDetailsUrl": "mockedAlertsLocator > getLocation",
-          "checkedAt": "July 6, 2020 9:14 PM",
-          "configId": undefined,
-          "latestErrorMessage": undefined,
-          "monitorId": "foo",
-          "monitorName": "Foo",
-          "monitorType": "myType",
-          "monitorUrl": "https://foo.com",
-          "observerHostname": undefined,
-          "observerLocation": "harrisburg",
-          "reason": "Monitor \\"Foo\\" from harrisburg 35 days availability is 99.28%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
-          "statusMessage": "35 days availability is 99.28%. Alert when < 99.34%.",
-          "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zm9v?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22harrisburg%22%5D%5D%5D",
-        },
-        "id": "foo_https_foo_com_foo-harrisburg",
-      },
-    ],
-    Array [
-      Object {
-        "context": Object {
-          "alertDetailsUrl": "mockedAlertsLocator > getLocation",
-          "checkedAt": "July 6, 2020 9:14 PM",
-          "configId": undefined,
-          "latestErrorMessage": undefined,
-          "monitorId": "foo",
-          "monitorName": "Foo",
-          "monitorType": "myType",
-          "monitorUrl": "https://foo.com",
-          "observerHostname": undefined,
-          "observerLocation": "fairbanks",
-          "reason": "Monitor \\"Foo\\" from fairbanks 35 days availability is 98.03%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
-          "statusMessage": "35 days availability is 98.03%. Alert when < 99.34%.",
-          "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zm9v?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
-        },
-        "id": "foo_https_foo_com_foo-fairbanks",
-      },
-    ],
-    Array [
-      Object {
-        "context": Object {
-          "alertDetailsUrl": "mockedAlertsLocator > getLocation",
-          "checkedAt": "July 6, 2020 9:14 PM",
-          "configId": undefined,
-          "latestErrorMessage": undefined,
-          "monitorId": "unreliable",
-          "monitorName": "Unreliable",
-          "monitorType": "myType",
-          "monitorUrl": "https://unreliable.co",
-          "observerHostname": undefined,
-          "observerLocation": "fairbanks",
-          "reason": "Monitor \\"Unreliable\\" from fairbanks 35 days availability is 90.92%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
-          "statusMessage": "35 days availability is 90.92%. Alert when < 99.34%.",
-          "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/dW5yZWxpYWJsZQ==?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
-        },
-        "id": "unreliable_https_unreliable_co_unreliable-fairbanks",
-      },
-    ],
-    Array [
-      Object {
-        "context": Object {
-          "alertDetailsUrl": "mockedAlertsLocator > getLocation",
-          "checkedAt": "July 6, 2020 9:14 PM",
-          "configId": undefined,
-          "latestErrorMessage": undefined,
-          "monitorId": "no-name",
-          "monitorName": "no-name",
-          "monitorType": "myType",
-          "monitorUrl": "https://no-name.co",
-          "observerHostname": undefined,
-          "observerLocation": "fairbanks",
-          "reason": "Monitor \\"no-name\\" from fairbanks 35 days availability is 90.92%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
-          "statusMessage": "35 days availability is 90.92%. Alert when < 99.34%.",
-          "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/bm8tbmFtZQ==?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
-        },
-        "id": "https_no_name_co_no-name-fairbanks",
-      },
-    ],
-  ]
+        Array [
+          Array [
+            Object {
+              "context": Object {
+                "alertDetailsUrl": "mockedAlertsLocator > getLocation",
+                "checkedAt": "July 6, 2020 9:14 PM",
+                "configId": undefined,
+                "latestErrorMessage": undefined,
+                "monitorId": "foo",
+                "monitorName": "Foo",
+                "monitorTags": undefined,
+                "monitorType": "myType",
+                "monitorUrl": "https://foo.com",
+                "observerHostname": undefined,
+                "observerLocation": "harrisburg",
+                "observerName": undefined,
+                "reason": "Monitor \\"Foo\\" from harrisburg 35 days availability is 99.28%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
+                "statusMessage": "35 days availability is 99.28%. Alert when < 99.34%.",
+                "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zm9v?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22harrisburg%22%5D%5D%5D",
+              },
+              "id": "foo_https_foo_com_foo-harrisburg",
+            },
+          ],
+          Array [
+            Object {
+              "context": Object {
+                "alertDetailsUrl": "mockedAlertsLocator > getLocation",
+                "checkedAt": "July 6, 2020 9:14 PM",
+                "configId": undefined,
+                "latestErrorMessage": undefined,
+                "monitorId": "foo",
+                "monitorName": "Foo",
+                "monitorTags": undefined,
+                "monitorType": "myType",
+                "monitorUrl": "https://foo.com",
+                "observerHostname": undefined,
+                "observerLocation": "fairbanks",
+                "observerName": undefined,
+                "reason": "Monitor \\"Foo\\" from fairbanks 35 days availability is 98.03%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
+                "statusMessage": "35 days availability is 98.03%. Alert when < 99.34%.",
+                "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/Zm9v?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
+              },
+              "id": "foo_https_foo_com_foo-fairbanks",
+            },
+          ],
+          Array [
+            Object {
+              "context": Object {
+                "alertDetailsUrl": "mockedAlertsLocator > getLocation",
+                "checkedAt": "July 6, 2020 9:14 PM",
+                "configId": undefined,
+                "latestErrorMessage": undefined,
+                "monitorId": "unreliable",
+                "monitorName": "Unreliable",
+                "monitorTags": undefined,
+                "monitorType": "myType",
+                "monitorUrl": "https://unreliable.co",
+                "observerHostname": undefined,
+                "observerLocation": "fairbanks",
+                "observerName": undefined,
+                "reason": "Monitor \\"Unreliable\\" from fairbanks 35 days availability is 90.92%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
+                "statusMessage": "35 days availability is 90.92%. Alert when < 99.34%.",
+                "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/dW5yZWxpYWJsZQ==?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
+              },
+              "id": "unreliable_https_unreliable_co_unreliable-fairbanks",
+            },
+          ],
+          Array [
+            Object {
+              "context": Object {
+                "alertDetailsUrl": "mockedAlertsLocator > getLocation",
+                "checkedAt": "July 6, 2020 9:14 PM",
+                "configId": undefined,
+                "latestErrorMessage": undefined,
+                "monitorId": "no-name",
+                "monitorName": "no-name",
+                "monitorTags": undefined,
+                "monitorType": "myType",
+                "monitorUrl": "https://no-name.co",
+                "observerHostname": undefined,
+                "observerLocation": "fairbanks",
+                "observerName": undefined,
+                "reason": "Monitor \\"no-name\\" from fairbanks 35 days availability is 90.92%. Alert when < 99.34%. Checked at July 6, 2020 9:14 PM.",
+                "statusMessage": "35 days availability is 90.92%. Alert when < 99.34%.",
+                "viewInAppUrl": "http://localhost:5601/hfe/app/uptime/monitor/bm8tbmFtZQ==?dateRangeEnd=now&dateRangeStart=availability%20test&filters=%5B%5B%22observer.geo.name%22%2C%5B%22fairbanks%22%5D%5D%5D",
+              },
+              "id": "https_no_name_co_no-name-fairbanks",
+            },
+          ],
+        ]
       `);
       expect(mockGetter).not.toHaveBeenCalled();
       expect(mockAvailability).toHaveBeenCalledTimes(1);
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.ts
index d9a7cd067d323..ea6edf35b6f12 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/status_check.ts
@@ -26,7 +26,8 @@ import {
 } from '@kbn/observability-plugin/common';
 import { LocatorPublic } from '@kbn/share-plugin/common';
 import { asyncForEach } from '@kbn/std';
-import { UptimeAlertTypeFactory } from './types';
+import { uptimeRuleFieldMap } from '../../../../common/rules/uptime_rule_field_map';
+import { MonitorSummary, UptimeAlertTypeFactory } from './types';
 import {
   StatusCheckFilters,
   Ping,
@@ -151,7 +152,7 @@ export const formatFilterString = async (
 export const getMonitorSummary = (
   monitorInfo: Ping & { '@timestamp'?: string },
   statusMessage: string
-) => {
+): MonitorSummary => {
   const monitorName = monitorInfo.monitor?.name ?? monitorInfo.monitor?.id;
   const observerLocation = monitorInfo.observer?.geo?.name ?? UNNAMED_LOCATION;
   const checkedAt = moment(monitorInfo['@timestamp'] ?? monitorInfo.timestamp).format('LLL');
@@ -159,13 +160,15 @@ export const getMonitorSummary = (
   const summary = {
     checkedAt,
     monitorUrl: monitorInfo.url?.full,
-    monitorId: monitorInfo.monitor?.id,
+    monitorId: monitorInfo.monitor.id,
     configId: monitorInfo.config_id,
-    monitorName: monitorInfo.monitor?.name ?? monitorInfo.monitor?.id,
-    monitorType: monitorInfo.monitor?.type,
+    monitorName: monitorInfo.monitor.name ?? monitorInfo.monitor.id,
+    monitorType: monitorInfo.monitor.type,
     latestErrorMessage: monitorInfo.error?.message,
     observerLocation: monitorInfo.observer?.geo?.name ?? UNNAMED_LOCATION,
+    observerName: monitorInfo.observer?.name,
     observerHostname: monitorInfo.agent?.name,
+    monitorTags: monitorInfo.tags,
   };
 
   return {
@@ -203,13 +206,15 @@ export const getReasonMessage = ({
   });
 };
 
-export const getMonitorAlertDocument = (monitorSummary: Record<string, string | undefined>) => ({
+export const getMonitorAlertDocument = (monitorSummary: MonitorSummary) => ({
   'monitor.id': monitorSummary.monitorId,
   configId: monitorSummary.configId,
   'monitor.type': monitorSummary.monitorType,
   'monitor.name': monitorSummary.monitorName,
+  'monitor.tags': monitorSummary.tags,
   'url.full': monitorSummary.monitorUrl,
   'observer.geo.name': monitorSummary.observerLocation,
+  'observer.name': monitorSummary.observerName,
   'error.message': monitorSummary.latestErrorMessage,
   'agent.name': monitorSummary.observerHostname,
   [ALERT_REASON]: monitorSummary.reason,
@@ -576,6 +581,7 @@ export const statusCheckAlertFactory: UptimeAlertTypeFactory<ActionGroupIds> = (
     return { state: updateState(state, downMonitorsByLocation.length > 0) };
   },
   alerts: UptimeRuleTypeAlertDefinition,
+  fieldsForAAD: Object.keys(uptimeRuleFieldMap),
   getViewInAppRelativeUrl: ({ rule }: GetViewInAppRelativeUrlFnOpts<{}>) =>
     observabilityPaths.ruleDetails(rule.id),
 });
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/tls.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/tls.ts
index 560ca9c854d78..bf0ba8596332f 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/tls.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/tls.ts
@@ -20,6 +20,7 @@ import { LocatorPublic } from '@kbn/share-plugin/common';
 import { ALERT_REASON, ALERT_UUID } from '@kbn/rule-data-utils';
 import { asyncForEach } from '@kbn/std';
 import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
+import { uptimeRuleFieldMap } from '../../../../common/rules/uptime_rule_field_map';
 import { formatFilterString } from './status_check';
 import { UptimeAlertTypeFactory } from './types';
 import {
@@ -259,6 +260,7 @@ export const tlsAlertFactory: UptimeAlertTypeFactory<ActionGroupIds> = (
     return { state: updateState(state, foundCerts) };
   },
   alerts: UptimeRuleTypeAlertDefinition,
+  fieldsForAAD: Object.keys(uptimeRuleFieldMap),
   getViewInAppRelativeUrl: ({ rule }: GetViewInAppRelativeUrlFnOpts<{}>) =>
     observabilityPaths.ruleDetails(rule.id),
 });
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/translations.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/translations.ts
index 86e071f20ea47..49fba189c34ea 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/translations.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/translations.ts
@@ -50,6 +50,15 @@ export const commonMonitorStateI18 = [
       }
     ),
   },
+  {
+    name: 'monitorTags',
+    description: i18n.translate(
+      'xpack.uptime.alertRules.monitorStatus.actionVariables.state.monitorTags',
+      {
+        defaultMessage: 'Tags associated with the monitor.',
+      }
+    ),
+  },
   {
     name: 'statusMessage',
     description: i18n.translate(
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/types.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/types.ts
index 2eaa7dbabb278..d7fa2ce3fa7d4 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/types.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/alerts/types.ts
@@ -51,3 +51,18 @@ export type LegacyUptimeRuleTypeFactory<TActionGroupIds extends string> = (
   RecoveredActionGroupId,
   DefaultAlert
 >;
+
+export interface MonitorSummary {
+  checkedAt: string;
+  monitorUrl?: string;
+  monitorId: string;
+  configId?: string;
+  monitorName: string;
+  monitorType: string;
+  latestErrorMessage?: string;
+  observerLocation: string;
+  observerName?: string;
+  observerHostname?: string;
+  tags?: string[];
+  reason: string;
+}
diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts
index 99a75c28bf566..2b11d46bca3fb 100644
--- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts
@@ -101,6 +101,6 @@ export const getLastSuccessfulCheck: UMElasticsearchQueryFn<
   return {
     ...check,
     timestamp: check['@timestamp'],
-    docId: result.hits.hits[0]._id,
+    docId: result.hits.hits[0]._id!,
   };
 };
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts
index f898886506fd0..6d41d0a50e250 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts
@@ -29,7 +29,8 @@ import {
   interceptCaseId,
 } from '../../tasks/integrations';
 
-describe('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, () => {
+// Failing: See https://github.com/elastic/kibana/issues/187182
+describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, () => {
   let ruleId: string;
   let packId: string;
   let packName: string;
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
index 45921be4cbc2e..3949ef8986124 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
@@ -22,7 +22,8 @@ import {
 } from '../../tasks/integrations';
 import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
 
-describe(
+// Failing: See https://github.com/elastic/kibana/issues/180852
+describe.skip(
   'Alert Event Details',
   {
     tags: ['@ess', '@serverless'],
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts
index f8241c52bda28..1e3e17e61b245 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts
@@ -16,7 +16,8 @@ import {
 import { OSQUERY_FLYOUT_BODY_EDITOR } from '../../screens/live_query';
 import { closeAlertsStepTourIfVisible } from '../../tasks/integrations';
 
-describe(
+// Failing: See https://github.com/elastic/kibana/issues/180851
+describe.skip(
   'Alert Event Details - dynamic params',
   {
     tags: ['@ess', '@serverless'],
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts
index ff23c462afd02..07ed4b815361e 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts
@@ -40,7 +40,8 @@ import { cleanupPack, cleanupAgentPolicy } from '../../tasks/api_fixtures';
 import { request } from '../../tasks/common';
 import { ServerlessRoleName } from '../../support/roles';
 
-describe('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => {
+// Failing: See https://github.com/elastic/kibana/issues/176543
+describe.skip('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => {
   const integration = 'Osquery Manager';
 
   describe(
diff --git a/x-pack/plugins/osquery/cypress/e2e/roles/alert_test.cy.ts b/x-pack/plugins/osquery/cypress/e2e/roles/alert_test.cy.ts
index 5ca5775247caf..1a63c4dde955d 100644
--- a/x-pack/plugins/osquery/cypress/e2e/roles/alert_test.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/roles/alert_test.cy.ts
@@ -11,7 +11,8 @@ import { loadRule, cleanupRule } from '../../tasks/api_fixtures';
 import { ServerlessRoleName } from '../../support/roles';
 import { closeAlertsStepTourIfVisible } from '../../tasks/integrations';
 
-describe('Alert Test', { tags: ['@ess'] }, () => {
+// Failing: See https://github.com/elastic/kibana/issues/180853
+describe.skip('Alert Test', { tags: ['@ess'] }, () => {
   let ruleName: string;
   let ruleId: string;
 
diff --git a/x-pack/plugins/osquery/public/fleet_integration/config_uploader.tsx b/x-pack/plugins/osquery/public/fleet_integration/config_uploader.tsx
index b93c475f1e04e..3d5b042769d8d 100644
--- a/x-pack/plugins/osquery/public/fleet_integration/config_uploader.tsx
+++ b/x-pack/plugins/osquery/public/fleet_integration/config_uploader.tsx
@@ -6,6 +6,10 @@
  */
 
 import { EuiLink, EuiFormRow, EuiFilePicker, EuiSpacer } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 import React, { useCallback, useState, useRef } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -31,7 +35,7 @@ interface ConfigUploaderProps {
 }
 
 const ConfigUploaderComponent: React.FC<ConfigUploaderProps> = ({ onChange }) => {
-  const filePickerRef = useRef<EuiFilePicker>(null);
+  const filePickerRef = useRef<EuiFilePickerClass>(null);
   const [isInvalid, setIsInvalid] = useState<string | null>(null);
   // @ts-expect-error update types
   let fileReader;
@@ -55,13 +59,11 @@ const ConfigUploaderComponent: React.FC<ConfigUploaderProps> = ({ onChange }) =>
       setIsInvalid(null);
     } catch (error) {
       setIsInvalid(error);
-      // @ts-expect-error update types
-      filePickerRef.current?.removeFiles(new Event('fake'));
+      filePickerRef.current?.removeFiles();
     }
 
     onChange(parsedContent);
-    // @ts-expect-error update types
-    filePickerRef.current?.removeFiles(new Event('fake'));
+    filePickerRef.current?.removeFiles();
   };
 
   // @ts-expect-error update types
@@ -115,7 +117,7 @@ const ConfigUploaderComponent: React.FC<ConfigUploaderProps> = ({ onChange }) =>
         error={<>{`${isInvalid}`}</>}
       >
         <EuiFilePicker
-          ref={filePickerRef}
+          ref={filePickerRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
           id="osquery_config_picker"
           initialPromptText={i18n.translate('xpack.osquery.configUploader.initialPromptTextLabel', {
             defaultMessage: 'Select or drag and drop osquery config file',
diff --git a/x-pack/plugins/osquery/public/packs/form/pack_uploader.tsx b/x-pack/plugins/osquery/public/packs/form/pack_uploader.tsx
index 8955b8dac88c1..b9f9c914ed24b 100644
--- a/x-pack/plugins/osquery/public/packs/form/pack_uploader.tsx
+++ b/x-pack/plugins/osquery/public/packs/form/pack_uploader.tsx
@@ -7,6 +7,10 @@
 
 import { kebabCase } from 'lodash';
 import { EuiLink, EuiFormRow, EuiFilePicker, EuiSpacer } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 import React, { useCallback, useState, useRef } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -30,7 +34,7 @@ interface OsqueryPackUploaderProps {
 
 const OsqueryPackUploaderComponent: React.FC<OsqueryPackUploaderProps> = ({ onChange }) => {
   const packName = useRef('');
-  const filePickerRef = useRef<EuiFilePicker>(null);
+  const filePickerRef = useRef<EuiFilePickerClass>(null);
   const [isInvalid, setIsInvalid] = useState<string | null>(null);
   // @ts-expect-error update types
   let fileReader;
@@ -59,8 +63,7 @@ const OsqueryPackUploaderComponent: React.FC<OsqueryPackUploaderProps> = ({ onCh
       setIsInvalid(null);
     } catch (error) {
       setIsInvalid(error);
-      // @ts-expect-error update types
-      filePickerRef.current?.removeFiles(new Event('fake'));
+      filePickerRef.current?.removeFiles();
     }
 
     if (!parsedContent?.queries) {
@@ -68,8 +71,7 @@ const OsqueryPackUploaderComponent: React.FC<OsqueryPackUploaderProps> = ({ onCh
     }
 
     onChange(parsedContent, packName.current);
-    // @ts-expect-error update types
-    filePickerRef.current?.removeFiles(new Event('fake'));
+    filePickerRef.current?.removeFiles();
   };
 
   // @ts-expect-error update types
@@ -104,8 +106,7 @@ const OsqueryPackUploaderComponent: React.FC<OsqueryPackUploaderProps> = ({ onCh
             },
           })
         );
-        // @ts-expect-error update types
-        filePickerRef.current?.removeFiles(new Event('fake'));
+        filePickerRef.current?.removeFiles();
 
         return;
       }
@@ -126,7 +127,7 @@ const OsqueryPackUploaderComponent: React.FC<OsqueryPackUploaderProps> = ({ onCh
         error={<>{`${isInvalid}`}</>}
       >
         <EuiFilePicker
-          ref={filePickerRef}
+          ref={filePickerRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
           id="osquery_pack_picker"
           initialPromptText={i18n.translate('xpack.osquery.packUploader.initialPromptTextLabel', {
             defaultMessage: 'Select or drag and drop osquery pack config file',
diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx
index 48a3e7f355a18..dfb0d5dad88a4 100644
--- a/x-pack/plugins/osquery/public/results/results_table.tsx
+++ b/x-pack/plugins/osquery/public/results/results_table.tsx
@@ -342,7 +342,8 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
             };
             const eventId = data[visibleRowIndex]?._id;
 
-            return <AddToTimelineButton field="_id" value={eventId} isIcon={true} />;
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            return <AddToTimelineButton field="_id" value={eventId!} isIcon={true} />;
           },
         },
       ];
diff --git a/x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts b/x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts
index 57800729d6435..690ea4206b84a 100644
--- a/x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts
+++ b/x-pack/plugins/osquery/server/routes/asset/update_assets_route.ts
@@ -42,9 +42,10 @@ export const updateAssetsRoute = (router: IRouter, osqueryContext: OsqueryAppCon
           },
         },
       },
-      async (context, request, response) => {
-        const savedObjectsClient = (await context.core).savedObjects.client;
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+      async (context, _request, response) => {
+        const coreContext = await context.core;
+        const savedObjectsClient = coreContext.savedObjects.client;
+        const currentUser = coreContext.security.authc.getCurrentUser()?.username;
 
         let installation;
 
diff --git a/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts b/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
index c93b58cf5af73..6372a48c89b6e 100644
--- a/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
@@ -42,7 +42,8 @@ export const createLiveQueryRoute = (router: IRouter, osqueryContext: OsqueryApp
       },
       async (context, request, response) => {
         const [coreStartServices] = await osqueryContext.getStartServices();
-        const soClient = (await context.core).savedObjects.client;
+        const coreContext = await context.core;
+        const soClient = coreContext.savedObjects.client;
 
         const {
           osquery: { writeLiveQueries, runSavedQueries },
@@ -106,7 +107,7 @@ export const createLiveQueryRoute = (router: IRouter, osqueryContext: OsqueryApp
         }
 
         try {
-          const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+          const currentUser = coreContext.security.authc.getCurrentUser()?.username;
           const { response: osqueryAction, fleetActionsCount } = await createActionHandler(
             osqueryContext,
             request.body,
diff --git a/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
index d69182762c8e2..31f9395d2174e 100644
--- a/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
@@ -64,7 +64,7 @@ export const createPackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
         const agentPolicyService = osqueryContext.service.getAgentPolicyService();
 
         const packagePolicyService = osqueryContext.service.getPackagePolicyService();
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+        const currentUser = coreContext.security.authc.getCurrentUser()?.username;
 
         // eslint-disable-next-line @typescript-eslint/naming-convention
         const { name, description, queries, enabled, policy_ids, shards = {} } = request.body;
diff --git a/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
index 5715806a19b5b..0109270f539d9 100644
--- a/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
+++ b/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
@@ -71,7 +71,7 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
         );
         const agentPolicyService = osqueryContext.service.getAgentPolicyService();
         const packagePolicyService = osqueryContext.service.getPackagePolicyService();
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+        const currentUser = coreContext.security.authc.getCurrentUser()?.username;
 
         // eslint-disable-next-line @typescript-eslint/naming-convention
         const { name, description, queries, enabled, policy_ids, shards = {} } = request.body;
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
index d59f1c5ba0f8d..1be4cb24a2ea3 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/create_saved_query_route.ts
@@ -55,7 +55,7 @@ export const createSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp
           ecs_mapping,
         } = request.body;
 
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+        const currentUser = coreContext.security.authc.getCurrentUser()?.username;
 
         const conflictingEntries = await savedObjectsClient.find<SavedQuerySavedObject>({
           type: savedQuerySavedObjectType,
diff --git a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
index f6bcad9d4bed4..4225f0f223cd3 100644
--- a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
+++ b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts
@@ -51,7 +51,7 @@ export const updateSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp
       async (context, request, response) => {
         const coreContext = await context.core;
         const savedObjectsClient = coreContext.savedObjects.client;
-        const currentUser = await osqueryContext.security.authc.getCurrentUser(request)?.username;
+        const currentUser = coreContext.security.authc.getCurrentUser()?.username;
 
         const {
           id,
diff --git a/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts b/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts
index 50fb15ef32829..1023ceb6b2b75 100644
--- a/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts
+++ b/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts
@@ -17,7 +17,7 @@ import { licensePreRoutingFactory } from '../../lib/license_pre_routing_factory'
 import { RouteDependencies } from '../../types';
 
 const bodyValidation = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   skipUnavailable: schema.boolean(),
   mode: schema.oneOf([schema.literal(PROXY_MODE), schema.literal(SNIFF_MODE)]),
   seeds: schema.nullable(schema.arrayOf(schema.string())),
diff --git a/x-pack/plugins/reporting/server/core.ts b/x-pack/plugins/reporting/server/core.ts
index 112b08e70df2a..b5f0f8b977eb6 100644
--- a/x-pack/plugins/reporting/server/core.ts
+++ b/x-pack/plugins/reporting/server/core.ts
@@ -8,7 +8,7 @@
 import * as Rx from 'rxjs';
 import { map, take } from 'rxjs';
 
-import {
+import type {
   AnalyticsServiceStart,
   CoreSetup,
   DocLinksServiceSetup,
@@ -19,6 +19,7 @@ import {
   PackageInfo,
   PluginInitializerContext,
   SavedObjectsServiceStart,
+  SecurityServiceStart,
   StatusServiceSetup,
   UiSettingsServiceStart,
 } from '@kbn/core/server';
@@ -38,7 +39,7 @@ import { PngExportType } from '@kbn/reporting-export-types-png';
 import type { ReportingConfigType } from '@kbn/reporting-server';
 import { ExportType } from '@kbn/reporting-server';
 import { ScreenshottingStart } from '@kbn/screenshotting-plugin/server';
-import type { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server';
+import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
 import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common';
 import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server';
 import type {
@@ -82,7 +83,7 @@ export interface ReportingInternalStart {
   licensing: LicensingPluginStart;
   logger: Logger;
   screenshotting?: ScreenshottingStart;
-  security?: SecurityPluginStart;
+  securityService: SecurityServiceStart;
   taskManager: TaskManagerStartContract;
 }
 
@@ -214,7 +215,7 @@ export class ReportingCore {
    */
   private getExportTypes(): ExportType[] {
     const { csv, pdf, png } = this.config.export_types;
-    const exportTypes = [];
+    const exportTypes: ExportType[] = [];
 
     if (csv.enabled) {
       // NOTE: CsvSearchSourceExportType should be deprecated and replaced with V2 in the UI: https://github.com/elastic/kibana/issues/151190
diff --git a/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts b/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts
index 598055cb175d1..46dea6d8b1190 100644
--- a/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts
+++ b/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts
@@ -241,8 +241,8 @@ export class ExecuteReportTask implements ReportingTask {
     eventTracker?.claimJob({ timeSinceCreation });
 
     const resp = await store.setReportClaimed(claimedReport, doc);
-    claimedReport._seq_no = resp._seq_no;
-    claimedReport._primary_term = resp._primary_term;
+    claimedReport._seq_no = resp._seq_no!;
+    claimedReport._primary_term = resp._primary_term!;
     return claimedReport;
   }
 
@@ -366,8 +366,8 @@ export class ExecuteReportTask implements ReportingTask {
     const resp = await store.setReportCompleted(report, doc);
 
     this.logger.info(`Saved ${report.jobtype} job ${docId}`);
-    report._seq_no = resp._seq_no;
-    report._primary_term = resp._primary_term;
+    report._seq_no = resp._seq_no!;
+    report._primary_term = resp._primary_term!;
 
     // event tracking of completed job
     const eventTracker = this.getEventTracker(report);
diff --git a/x-pack/plugins/reporting/server/plugin.ts b/x-pack/plugins/reporting/server/plugin.ts
index 3e68310f76cf4..51ba41adadac8 100644
--- a/x-pack/plugins/reporting/server/plugin.ts
+++ b/x-pack/plugins/reporting/server/plugin.ts
@@ -117,6 +117,7 @@ export class ReportingPlugin
         savedObjects,
         uiSettings,
         store,
+        securityService: core.security,
         ...plugins,
       });
 
diff --git a/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.test.ts b/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.test.ts
index a10718bf6376f..b66effef8961c 100644
--- a/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.test.ts
+++ b/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.test.ts
@@ -49,7 +49,7 @@ describe('authorized_user_pre_routing', function () {
 
     mockStartDeps = await createMockPluginStart(
       {
-        security: {
+        securityService: {
           authc: {
             getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
           },
@@ -97,7 +97,7 @@ describe('authorized_user_pre_routing', function () {
       security: { license: { isEnabled: () => true } },
     });
     mockStartDeps = await createMockPluginStart(
-      { security: { authc: { getCurrentUser: () => null } } },
+      { securityService: { authc: { getCurrentUser: () => null } } },
       mockReportingConfig
     );
     mockCore = await createMockReportingCore(mockReportingConfig, mockSetupDeps, mockStartDeps);
@@ -126,7 +126,7 @@ describe('authorized_user_pre_routing', function () {
     it(`should return with 403 when security is enabled but user doesn't have the allowed role`, async function () {
       mockStartDeps = await createMockPluginStart(
         {
-          security: {
+          securityService: {
             authc: {
               getCurrentUser: () => ({ id: '123', roles: ['peasant'], username: 'Tom Riddle' }),
             },
@@ -154,7 +154,7 @@ describe('authorized_user_pre_routing', function () {
     it('should return from handler when security is enabled and user has explicitly allowed role', async function () {
       mockStartDeps = await createMockPluginStart(
         {
-          security: {
+          securityService: {
             authc: {
               getCurrentUser: () => ({ username: 'friendlyuser', roles: ['reporting_user'] }),
             },
@@ -176,7 +176,7 @@ describe('authorized_user_pre_routing', function () {
     it('should return from handler when security is enabled and user has superuser role', async function () {
       mockStartDeps = await createMockPluginStart(
         {
-          security: {
+          securityService: {
             authc: { getCurrentUser: () => ({ username: 'friendlyuser', roles: ['superuser'] }) },
           },
         },
diff --git a/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.ts b/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.ts
index ee58d27d55ea0..c6d82894772fd 100644
--- a/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.ts
+++ b/x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.ts
@@ -30,15 +30,15 @@ export const authorizedUserPreRouting = <P, Q, B>(
   reporting: ReportingCore,
   handler: RequestHandlerUser<P, Q, B>
 ): RequestHandler<P, Q, B, ReportingRequestHandlerContext, RouteMethod> => {
-  const { logger, security, docLinks } = reporting.getPluginSetupDeps();
+  const { logger, security: securitySetup, docLinks } = reporting.getPluginSetupDeps(); // ReportingInternalSetup.security?: SecurityPluginSetup | undefined
 
   return async (context, req, res) => {
-    const { security: securityStart } = await reporting.getPluginStartDeps();
+    const { securityService } = await reporting.getPluginStartDeps();
     try {
       let user: ReportingRequestUser = false;
-      if (security && security.license.isEnabled()) {
-        // find the authenticated user, or null if security is not enabled
-        user = getUser(req, securityStart);
+      if (securitySetup && securitySetup.license.isEnabled()) {
+        // find the authenticated user, only if license is enabled
+        user = getUser(req, securityService);
         if (!user) {
           // security is enabled but the user is null
           return res.unauthorized({ body: `Sorry, you aren't authenticated` });
diff --git a/x-pack/plugins/reporting/server/routes/common/get_user.ts b/x-pack/plugins/reporting/server/routes/common/get_user.ts
index 589643781db19..8f074f52b0d39 100644
--- a/x-pack/plugins/reporting/server/routes/common/get_user.ts
+++ b/x-pack/plugins/reporting/server/routes/common/get_user.ts
@@ -5,9 +5,8 @@
  * 2.0.
  */
 
-import { KibanaRequest } from '@kbn/core/server';
-import { SecurityPluginStart } from '@kbn/security-plugin/server';
+import { KibanaRequest, SecurityServiceStart } from '@kbn/core/server';
 
-export function getUser(request: KibanaRequest, security?: SecurityPluginStart) {
-  return security?.authc.getCurrentUser(request) ?? false;
+export function getUser(request: KibanaRequest, securityService: SecurityServiceStart) {
+  return securityService.authc.getCurrentUser(request) ?? false;
 }
diff --git a/x-pack/plugins/reporting/server/routes/common/jobs/job_management_pre_routing.test.ts b/x-pack/plugins/reporting/server/routes/common/jobs/job_management_pre_routing.test.ts
index ce0f6b5697eed..cc06ef2e0826c 100644
--- a/x-pack/plugins/reporting/server/routes/common/jobs/job_management_pre_routing.test.ts
+++ b/x-pack/plugins/reporting/server/routes/common/jobs/job_management_pre_routing.test.ts
@@ -39,7 +39,7 @@ beforeEach(async () => {
 
   mockStartDeps = await createMockPluginStart(
     {
-      security: {
+      securityService: {
         authc: {
           getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
         },
diff --git a/x-pack/plugins/reporting/server/routes/internal/generate/integration_tests/generation_from_jobparams.test.ts b/x-pack/plugins/reporting/server/routes/internal/generate/integration_tests/generation_from_jobparams.test.ts
index d27c032a3ddbf..a2296ad67db2e 100644
--- a/x-pack/plugins/reporting/server/routes/internal/generate/integration_tests/generation_from_jobparams.test.ts
+++ b/x-pack/plugins/reporting/server/routes/internal/generate/integration_tests/generation_from_jobparams.test.ts
@@ -77,7 +77,7 @@ describe(`POST ${INTERNAL_ROUTES.GENERATE_PREFIX}`, () => {
           ...licensingMock.createStart(),
           license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
         },
-        security: {
+        securityService: {
           authc: {
             getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
           },
diff --git a/x-pack/plugins/reporting/server/routes/internal/management/integration_tests/jobs.test.ts b/x-pack/plugins/reporting/server/routes/internal/management/integration_tests/jobs.test.ts
index 2ab57d291dae7..1462b27a42126 100644
--- a/x-pack/plugins/reporting/server/routes/internal/management/integration_tests/jobs.test.ts
+++ b/x-pack/plugins/reporting/server/routes/internal/management/integration_tests/jobs.test.ts
@@ -98,7 +98,7 @@ describe(`Reporting Job Management Routes: Internal`, () => {
           ...licensingMock.createStart(),
           license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
         },
-        security: {
+        securityService: {
           authc: {
             getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
           },
@@ -175,7 +175,7 @@ describe(`Reporting Job Management Routes: Internal`, () => {
             ...licensingMock.createStart(),
             license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
           },
-          security: { authc: { getCurrentUser: () => undefined } },
+          securityService: { authc: { getCurrentUser: () => undefined } }, // security comes from core here
         },
         mockConfigSchema
       );
@@ -389,7 +389,7 @@ describe(`Reporting Job Management Routes: Internal`, () => {
             ...licensingMock.createStart(),
             license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
           },
-          security: {
+          securityService: {
             authc: {
               getCurrentUser: () => ({ id: '123', roles: ['peasant'], username: 'Tom Riddle' }),
             },
diff --git a/x-pack/plugins/reporting/server/routes/public/integration_tests/generation_from_jobparams.test.ts b/x-pack/plugins/reporting/server/routes/public/integration_tests/generation_from_jobparams.test.ts
index 4821df1ab48e5..471f1456c8b68 100644
--- a/x-pack/plugins/reporting/server/routes/public/integration_tests/generation_from_jobparams.test.ts
+++ b/x-pack/plugins/reporting/server/routes/public/integration_tests/generation_from_jobparams.test.ts
@@ -76,7 +76,7 @@ describe(`POST ${PUBLIC_ROUTES.GENERATE_PREFIX}`, () => {
           ...licensingMock.createStart(),
           license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
         },
-        security: {
+        securityService: {
           authc: {
             getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
           },
diff --git a/x-pack/plugins/reporting/server/routes/public/integration_tests/jobs.test.ts b/x-pack/plugins/reporting/server/routes/public/integration_tests/jobs.test.ts
index 4c0bc76640710..96776102ebb92 100644
--- a/x-pack/plugins/reporting/server/routes/public/integration_tests/jobs.test.ts
+++ b/x-pack/plugins/reporting/server/routes/public/integration_tests/jobs.test.ts
@@ -95,7 +95,7 @@ describe(`Reporting Job Management Routes: Public`, () => {
           ...licensingMock.createStart(),
           license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
         },
-        security: {
+        securityService: {
           authc: {
             getCurrentUser: () => ({ id: '123', roles: ['superuser'], username: 'Tom Riddle' }),
           },
@@ -165,7 +165,7 @@ describe(`Reporting Job Management Routes: Public`, () => {
             ...licensingMock.createStart(),
             license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
           },
-          security: { authc: { getCurrentUser: () => undefined } },
+          securityService: { authc: { getCurrentUser: () => undefined } },
         },
         mockConfigSchema
       );
diff --git a/x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts b/x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts
index 5f87427bf8251..c5c0185785f5e 100644
--- a/x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts
+++ b/x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts
@@ -31,7 +31,7 @@ import { securityMock } from '@kbn/security-plugin/server/mocks';
 import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
 import { ReportingCore } from '..';
 
-import { ReportingInternalSetup, ReportingInternalStart } from '../core';
+import type { ReportingInternalSetup, ReportingInternalStart } from '../core';
 import { ReportingStore } from '../lib';
 
 export const createMockPluginSetup = (
@@ -51,6 +51,7 @@ export const createMockPluginSetup = (
 };
 
 const coreSetupMock = coreMock.createSetup();
+const coreStartMock = coreMock.createStart();
 const logger = loggingSystemMock.createLogger();
 
 const createMockReportingStore = async (config: ReportingConfigType) => {
@@ -81,9 +82,10 @@ export const createMockPluginStart = async (
       ...licensingMock.createStart(),
       license$: new BehaviorSubject({ isAvailable: true, isActive: true, type: 'basic' }),
     },
+    securityService: coreStartMock.security, // we need authc from core.security start
     logger,
     screenshotting: createMockScreenshottingStart(),
-    ...startMock,
+    ...startMock, // allows to override with test instances
   };
 };
 
diff --git a/x-pack/plugins/reporting/server/types.ts b/x-pack/plugins/reporting/server/types.ts
index 2e8cf80d73a0e..0c744a513ebac 100644
--- a/x-pack/plugins/reporting/server/types.ts
+++ b/x-pack/plugins/reporting/server/types.ts
@@ -21,11 +21,7 @@ import type {
   PngScreenshotOptions as BasePngScreenshotOptions,
   ScreenshottingStart,
 } from '@kbn/screenshotting-plugin/server';
-import type {
-  AuthenticatedUser,
-  SecurityPluginSetup,
-  SecurityPluginStart,
-} from '@kbn/security-plugin/server';
+import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
 import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server';
 import type {
   TaskManagerSetupContract,
@@ -34,6 +30,7 @@ import type {
 import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 
 import { ExportTypesRegistry } from '@kbn/reporting-server/export_types_registry';
+import type { AuthenticatedUser } from '@kbn/core-security-common';
 
 /**
  * Plugin Setup Contract
@@ -70,7 +67,6 @@ export interface ReportingStartDeps {
   licensing: LicensingPluginStart;
   taskManager: TaskManagerStartContract;
   screenshotting?: ScreenshottingStart;
-  security?: SecurityPluginStart;
 }
 
 export type ReportingRequestHandlerContext = CustomRequestHandlerContext<{
diff --git a/x-pack/plugins/reporting/tsconfig.json b/x-pack/plugins/reporting/tsconfig.json
index b52c02a72bed1..68a7ded4ee1e8 100644
--- a/x-pack/plugins/reporting/tsconfig.json
+++ b/x-pack/plugins/reporting/tsconfig.json
@@ -50,6 +50,7 @@
     "@kbn/reporting-csv-share-panel",
     "@kbn/react-kibana-context-render",
     "@kbn/react-kibana-mount",
+    "@kbn/core-security-common",
   ],
   "exclude": [
     "target/**/*",
diff --git a/x-pack/plugins/rollup/public/crud_app/sections/components/deprecation_callout/deprecation_callout.tsx b/x-pack/plugins/rollup/public/crud_app/sections/components/deprecation_callout/deprecation_callout.tsx
index 4b36b9a086b69..877fd87cdf10c 100644
--- a/x-pack/plugins/rollup/public/crud_app/sections/components/deprecation_callout/deprecation_callout.tsx
+++ b/x-pack/plugins/rollup/public/crud_app/sections/components/deprecation_callout/deprecation_callout.tsx
@@ -11,10 +11,16 @@ import { i18n } from '@kbn/i18n';
 import React from 'react';
 import { documentationLinks } from '../../../services/documentation_links';
 
+interface DeprecationCalloutProps {
+  /** The prefix to be applied at the test subjects for the doc links.
+   * Used for clicks tracking in Fullstory. */
+  linksTestSubjPrefix: string;
+}
+
 /*
 A component for displaying a deprecation warning.
  */
-export const DeprecationCallout = () => {
+export const DeprecationCallout = ({ linksTestSubjPrefix }: DeprecationCalloutProps) => {
   return (
     <EuiCallOut
       title="Deprecated in 8.11.0"
@@ -30,6 +36,7 @@ export const DeprecationCallout = () => {
             <EuiLink
               href={documentationLinks.elasticsearch.rollupMigratingToDownsampling}
               target="_blank"
+              data-test-subj={`${linksTestSubjPrefix}-rollupDeprecationCalloutMigrationGuideLink`}
             >
               {i18n.translate('xpack.rollupJobs.deprecationCallout.migrationGuideLink', {
                 defaultMessage: 'migration guide',
@@ -37,7 +44,11 @@ export const DeprecationCallout = () => {
             </EuiLink>
           ),
           downsamplingLink: (
-            <EuiLink href={documentationLinks.fleet.datastreamsDownsampling} target="_blank">
+            <EuiLink
+              href={documentationLinks.fleet.datastreamsDownsampling}
+              target="_blank"
+              data-test-subj={`${linksTestSubjPrefix}-rollupDeprecationCalloutDownsamplingDocLink`}
+            >
               {i18n.translate('xpack.rollupJobs.deprecationCallout.downsamplingLink', {
                 defaultMessage: 'downsampling',
               })}
diff --git a/x-pack/plugins/rollup/public/crud_app/sections/job_create/job_create.js b/x-pack/plugins/rollup/public/crud_app/sections/job_create/job_create.js
index 4983fbb10ae8f..28ebe01d7de0c 100644
--- a/x-pack/plugins/rollup/public/crud_app/sections/job_create/job_create.js
+++ b/x-pack/plugins/rollup/public/crud_app/sections/job_create/job_create.js
@@ -557,7 +557,7 @@ export class JobCreateUi extends Component {
 
         <EuiSpacer size="l" />
 
-        <DeprecationCallout />
+        <DeprecationCallout linksTestSubjPrefix="createForm" />
 
         <EuiSpacer size="l" />
 
diff --git a/x-pack/plugins/rollup/public/crud_app/sections/job_list/deprecated_prompt.tsx b/x-pack/plugins/rollup/public/crud_app/sections/job_list/deprecated_prompt.tsx
index ecdae95e90813..138495d834a89 100644
--- a/x-pack/plugins/rollup/public/crud_app/sections/job_list/deprecated_prompt.tsx
+++ b/x-pack/plugins/rollup/public/crud_app/sections/job_list/deprecated_prompt.tsx
@@ -41,6 +41,7 @@ export const DeprecatedPrompt = () => {
             target="_blank"
             fill
             iconType="help"
+            data-test-subj="rollupDeprecatedPromptDocsLink"
           >
             <FormattedMessage
               id="xpack.rollupJobs.deprecatedPrompt.downsamplingDocsButtonLabel"
diff --git a/x-pack/plugins/rollup/public/crud_app/sections/job_list/job_list.js b/x-pack/plugins/rollup/public/crud_app/sections/job_list/job_list.js
index 7e03ade8b0221..37e1b40ceeef5 100644
--- a/x-pack/plugins/rollup/public/crud_app/sections/job_list/job_list.js
+++ b/x-pack/plugins/rollup/public/crud_app/sections/job_list/job_list.js
@@ -173,7 +173,7 @@ export class JobListUi extends Component {
 
         <EuiSpacer size="l" />
 
-        <DeprecationCallout />
+        <DeprecationCallout linksTestSubjPrefix="listView" />
 
         <EuiSpacer size="l" />
 
diff --git a/x-pack/plugins/rollup/public/extend_index_management/index.ts b/x-pack/plugins/rollup/public/extend_index_management/index.ts
index 116d7b38996f8..96c56d27d5c66 100644
--- a/x-pack/plugins/rollup/public/extend_index_management/index.ts
+++ b/x-pack/plugins/rollup/public/extend_index_management/index.ts
@@ -7,6 +7,7 @@
 
 import { i18n } from '@kbn/i18n';
 import { Index } from '@kbn/index-management-plugin/common';
+import { ROLLUP_DEPRECATION_BADGE_LABEL } from '@kbn/rollup';
 
 export const rollupToggleExtension = {
   matchIndex: (index: Index) => {
@@ -22,9 +23,7 @@ export const rollupBadgeExtension = {
   matchIndex: (index: Index) => {
     return Boolean(index.isRollupIndex);
   },
-  label: i18n.translate('xpack.rollupJobs.indexMgmtBadge.rollupLabel', {
-    defaultMessage: 'Rollup',
-  }),
-  color: 'success',
+  label: ROLLUP_DEPRECATION_BADGE_LABEL,
+  color: 'warning',
   filterExpression: 'isRollupIndex:true',
 };
diff --git a/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts b/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts
index 21c0681f8458c..0585526117f3e 100644
--- a/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts
+++ b/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts
@@ -21,7 +21,7 @@ export const registerCreateRoute = ({
         body: schema.object({
           job: schema.object(
             {
-              id: schema.string(),
+              id: schema.string({ maxLength: 1000 }),
             },
             { unknowns: 'allow' }
           ),
diff --git a/x-pack/plugins/rollup/tsconfig.json b/x-pack/plugins/rollup/tsconfig.json
index 766e5b28ddfdf..2957a4bcb17c4 100644
--- a/x-pack/plugins/rollup/tsconfig.json
+++ b/x-pack/plugins/rollup/tsconfig.json
@@ -34,6 +34,7 @@
     "@kbn/shared-ux-router",
     "@kbn/data-views-plugin",
     "@kbn/react-kibana-context-render",
+    "@kbn/rollup",
 
   ],
   "exclude": [
diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts
index 528354eed3d05..1b4b897664b84 100644
--- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts
+++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts
@@ -82,6 +82,11 @@ it('matches snapshot', () => {
         "required": false,
         "type": "keyword",
       },
+      "kibana.alert.previous_action_group": Object {
+        "array": false,
+        "required": false,
+        "type": "keyword",
+      },
       "kibana.alert.reason": Object {
         "array": false,
         "multi_fields": Array [
@@ -245,6 +250,11 @@ it('matches snapshot', () => {
         "required": false,
         "type": "keyword",
       },
+      "kibana.alert.severity_improving": Object {
+        "array": false,
+        "required": false,
+        "type": "boolean",
+      },
       "kibana.alert.start": Object {
         "array": false,
         "required": false,
diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
index 0c449d4f4126a..e45bbecf93cec 100644
--- a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
+++ b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
@@ -344,7 +344,8 @@ export class AlertsClient {
         throw Boom.badData(errorMessage);
       }
 
-      if (result?.hits?.hits != null && result?.hits.hits.length > 0) {
+      if (result?.hits.hits.length > 0) {
+        // @ts-expect-error type mismatch: SearchHit._id is optional
         await this.ensureAllAuthorized(result.hits.hits, operation);
 
         result?.hits.hits.map((item) =>
diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts
index f2cbe8ef5aeb7..335ab73dd8fe6 100644
--- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts
+++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts
@@ -567,6 +567,7 @@ describe('resourceInstaller', () => {
 
         it('gracefully fails on empty mappings', async () => {
           const mockClusterClient = elasticsearchServiceMock.createElasticsearchClient();
+          // @ts-expect-error wrong response type
           mockClusterClient.indices.simulateIndexTemplate.mockImplementation(async () => ({}));
 
           const { installer, indexInfo, logger } = setup(mockClusterClient);
diff --git a/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts b/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts
index d421ad6c8c9b7..7ab5f261989a4 100644
--- a/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts
+++ b/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts
@@ -206,6 +206,27 @@ export const DENSE_SPARSE_SAME_FIELD_NAME_CAPS = {
   },
 };
 
+export const DENSE_OLD_PIPELINE_DOCS = [
+  {
+    took: 1,
+    timed_out: false,
+    _shards: { total: 1, successful: 1, skipped: 0, failed: 0 },
+    hits: { total: { value: 1, relation: 'eq' }, max_score: null, hits: [] },
+    aggregations: {
+      'ml.inference.body_content.model_id': {
+        doc_count_error_upper_bound: 0,
+        sum_other_doc_count: 0,
+        buckets: [
+          {
+            key: '.multilingual-e5-small_linux-x86_64',
+            doc_count: 1,
+          },
+        ],
+      },
+    },
+  } as SearchResponse<any>,
+];
+
 export const DENSE_SPARSE_SAME_FIELD_NAME_DOCS = [
   {
     took: 1,
@@ -959,6 +980,572 @@ export const ELSER_PASSAGE_CHUNKED_TWO_INDICES = {
   },
 };
 
+export const DENSE_PIPELINE_FIELD_CAPS = {
+  indices: ['search-test-e5'],
+  fields: {
+    additional_urls: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'title.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.pipeline.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'headings.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.model_id.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'headings.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors': {
+      object: {
+        type: 'object',
+        metadata_field: false,
+        searchable: false,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.types.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'body_content.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    links: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    id: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'ml.inference.body_content.model_id.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    ml: {
+      object: {
+        type: 'object',
+        metadata_field: false,
+        searchable: false,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.model_id': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference': {
+      object: {
+        type: 'object',
+        metadata_field: false,
+        searchable: false,
+        aggregatable: false,
+      },
+    },
+    body_content: {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.pipeline.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    domains: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.model_version.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'body_content.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url_scheme: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    meta_description: {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content': {
+      object: {
+        type: 'object',
+        metadata_field: false,
+        searchable: false,
+        aggregatable: false,
+      },
+    },
+    headings: {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.types.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    last_crawled_at: {
+      date: {
+        type: 'date',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.model_version.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'title.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'headings.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'title.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.pipeline.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.pipeline.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'meta_description.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.types.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'title.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'body_content.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.types.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.model_id.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    title: {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    meta_keywords: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.processed_timestamp': {
+      date: {
+        type: 'date',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'ml.inference.body_content.model_id.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'meta_description.enum': {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'meta_description.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'title.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.pipeline': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    _ingest: {
+      object: {
+        type: 'object',
+        metadata_field: false,
+        searchable: false,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.is_truncated': {
+      boolean: {
+        type: 'boolean',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.model_version.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.model_version.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url_host: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    url_path: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.model_version': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url_path_dir3: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.pipeline.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'headings.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.types': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'meta_description.joined': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.predicted_value': {
+      dense_vector: {
+        type: 'dense_vector',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'meta_description.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'ml.inference.body_content.model_id.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url_port: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    'body_content.delimiter': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    '_ingest.processors.model_version.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    url_path_dir2: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    url_path_dir1: {
+      keyword: {
+        type: 'keyword',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: true,
+      },
+    },
+    '_ingest.processors.types.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'headings.stem': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+    'body_content.prefix': {
+      text: {
+        type: 'text',
+        metadata_field: false,
+        searchable: true,
+        aggregatable: false,
+      },
+    },
+  },
+};
+
 export const ELSER_PASSAGE_CHUNKED = {
   indices: ['search-nethys'],
   fields: {
diff --git a/x-pack/plugins/search_playground/public/components/chat.tsx b/x-pack/plugins/search_playground/public/components/chat.tsx
index 6cf82dd1ed2e1..de0a296e162b0 100644
--- a/x-pack/plugins/search_playground/public/components/chat.tsx
+++ b/x-pack/plugins/search_playground/public/components/chat.tsx
@@ -157,6 +157,7 @@ export const Chat = () => {
                     iconType="sparkles"
                     disabled={isToolBarActionsDisabled}
                     onClick={regenerateMessages}
+                    data-test-subj="regenerateActionButton"
                   >
                     <FormattedMessage
                       id="xpack.searchPlayground.chat.regenerateBtn"
@@ -169,6 +170,7 @@ export const Chat = () => {
                     iconType="refresh"
                     disabled={isToolBarActionsDisabled}
                     onClick={handleClearChat}
+                    data-test-subj="clearChatActionButton"
                   >
                     <FormattedMessage
                       id="xpack.searchPlayground.chat.clearChatBtn"
diff --git a/x-pack/plugins/search_playground/public/components/chat_sidebar.tsx b/x-pack/plugins/search_playground/public/components/chat_sidebar.tsx
index 0c89ccc9ea23b..2172ee8831ead 100644
--- a/x-pack/plugins/search_playground/public/components/chat_sidebar.tsx
+++ b/x-pack/plugins/search_playground/public/components/chat_sidebar.tsx
@@ -33,6 +33,7 @@ export const ChatSidebar: React.FC<ChatSidebarProps> = ({ selectedIndicesCount }
         defaultMessage: 'Model settings',
       }),
       children: <SummarizationPanel />,
+      dataTestId: 'summarizationAccordion',
     },
     {
       id: useGeneratedHtmlId({ prefix: 'sourcesAccordion' }),
@@ -50,13 +51,14 @@ export const ChatSidebar: React.FC<ChatSidebarProps> = ({ selectedIndicesCount }
         </EuiText>
       ),
       children: <SourcesPanelSidebar />,
+      dataTestId: 'sourcesAccordion',
     },
   ];
   const [openAccordionId, setOpenAccordionId] = useState(accordions[0].id);
 
   return (
     <EuiFlexGroup direction="column" className="eui-yScroll" gutterSize="none">
-      {accordions.map(({ id, title, extraAction, children }, index) => (
+      {accordions.map(({ id, title, extraAction, children, dataTestId }, index) => (
         <EuiFlexItem
           key={id}
           css={{
@@ -77,6 +79,7 @@ export const ChatSidebar: React.FC<ChatSidebarProps> = ({ selectedIndicesCount }
             buttonProps={{ paddingSize: 'l' }}
             forceState={openAccordionId === id ? 'open' : 'closed'}
             onToggle={() => setOpenAccordionId(openAccordionId === id ? '' : id)}
+            data-test-subj={dataTestId}
           >
             {children}
             <EuiSpacer size="l" />
diff --git a/x-pack/plugins/search_playground/public/components/sources_panel/indices_list.tsx b/x-pack/plugins/search_playground/public/components/sources_panel/indices_list.tsx
index 7af94bbdce814..0cf410072fbd2 100644
--- a/x-pack/plugins/search_playground/public/components/sources_panel/indices_list.tsx
+++ b/x-pack/plugins/search_playground/public/components/sources_panel/indices_list.tsx
@@ -32,6 +32,7 @@ export const IndicesList: React.FC<IndicesListProps> = ({ indices, onRemoveClick
             color="primary"
             label={index}
             size="s"
+            data-test-subj="indicesInAccordian"
             extraAction={{
               alwaysShow: true,
               'aria-label': i18n.translate('xpack.searchPlayground.sources.indices.removeIndex', {
diff --git a/x-pack/plugins/search_playground/public/components/summarization_panel/summarization_model.tsx b/x-pack/plugins/search_playground/public/components/summarization_panel/summarization_model.tsx
index 13a77d0c01e10..f60436025e0d1 100644
--- a/x-pack/plugins/search_playground/public/components/summarization_panel/summarization_model.tsx
+++ b/x-pack/plugins/search_playground/public/components/summarization_panel/summarization_model.tsx
@@ -14,13 +14,13 @@ import {
   EuiFormRow,
   EuiIcon,
   EuiSuperSelect,
+  type EuiSuperSelectOption,
   EuiText,
   EuiToolTip,
 } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { EuiSuperSelectOption } from '@elastic/eui/src/components/form/super_select/super_select_control';
 import { AnalyticsEvents } from '../../analytics/constants';
 import { useUsageTracker } from '../../hooks/use_usage_tracker';
 import type { LLMModel } from '../../types';
diff --git a/x-pack/plugins/search_playground/public/hooks/use_load_connectors.test.ts b/x-pack/plugins/search_playground/public/hooks/use_load_connectors.test.ts
index 7f04c053468a7..3a68d91fd0246 100644
--- a/x-pack/plugins/search_playground/public/hooks/use_load_connectors.test.ts
+++ b/x-pack/plugins/search_playground/public/hooks/use_load_connectors.test.ts
@@ -110,6 +110,55 @@ describe('useLoadConnectors', () => {
     });
   });
 
+  it('handles pre-configured connectors', async () => {
+    const connectors = [
+      {
+        id: '1',
+        actionTypeId: '.gen-ai',
+        isMissingSecrets: false,
+        isPreconfigured: true,
+        name: 'OpenAI',
+      },
+      {
+        id: '2',
+        actionTypeId: 'slack',
+        isMissingSecrets: false,
+      },
+      {
+        id: '3',
+        actionTypeId: '.gen-ai',
+        isMissingSecrets: false,
+        config: { apiProvider: OpenAiProviderType.AzureAi },
+      },
+    ];
+    mockedLoadConnectors.mockResolvedValue(connectors);
+
+    await act(async () => {
+      const { result, waitForNextUpdate } = renderHook(() => useLoadConnectors());
+      await waitForNextUpdate();
+
+      await expect(result.current).resolves.toStrictEqual([
+        {
+          actionTypeId: '.gen-ai',
+          id: '1',
+          isMissingSecrets: false,
+          isPreconfigured: true,
+          name: 'OpenAI',
+          title: 'OpenAI',
+          type: 'openai',
+        },
+        {
+          actionTypeId: '.gen-ai',
+          config: { apiProvider: 'Azure OpenAI' },
+          id: '3',
+          isMissingSecrets: false,
+          title: 'OpenAI Azure',
+          type: 'openai_azure',
+        },
+      ]);
+    });
+  });
+
   it('handles errors correctly', async () => {
     const error = new Error('Test Error');
     mockedLoadConnectors.mockRejectedValue(error);
diff --git a/x-pack/plugins/search_playground/public/hooks/use_load_connectors.ts b/x-pack/plugins/search_playground/public/hooks/use_load_connectors.ts
index 12df2410aac9c..6e66ece073cc2 100644
--- a/x-pack/plugins/search_playground/public/hooks/use_load_connectors.ts
+++ b/x-pack/plugins/search_playground/public/hooks/use_load_connectors.ts
@@ -39,7 +39,7 @@ const connectorTypeToLLM: Array<{
     actionProvider: OpenAiProviderType.AzureAi,
     match: (connector) =>
       connector.actionTypeId === OPENAI_CONNECTOR_ID &&
-      (connector as OpenAIConnector).config.apiProvider === OpenAiProviderType.AzureAi,
+      (connector as OpenAIConnector)?.config?.apiProvider === OpenAiProviderType.AzureAi,
     transform: (connector) => ({
       ...connector,
       title: i18n.translate('xpack.searchPlayground.openAIAzureConnectorTitle', {
@@ -52,7 +52,8 @@ const connectorTypeToLLM: Array<{
     actionId: OPENAI_CONNECTOR_ID,
     match: (connector) =>
       connector.actionTypeId === OPENAI_CONNECTOR_ID &&
-      (connector as OpenAIConnector).config.apiProvider === OpenAiProviderType.OpenAi,
+      ((connector as OpenAIConnector)?.config?.apiProvider === OpenAiProviderType.OpenAi ||
+        !!connector.isPreconfigured),
     transform: (connector) => ({
       ...connector,
       title: i18n.translate('xpack.searchPlayground.openAIConnectorTitle', {
diff --git a/x-pack/plugins/search_playground/public/utils/create_query.test.ts b/x-pack/plugins/search_playground/public/utils/create_query.test.ts
index 164f79618d74c..c059580703ba8 100644
--- a/x-pack/plugins/search_playground/public/utils/create_query.test.ts
+++ b/x-pack/plugins/search_playground/public/utils/create_query.test.ts
@@ -452,7 +452,11 @@ describe('create_query', () => {
                     standard: {
                       query: {
                         nested: {
-                          inner_hits: { _source: ['field2.inference.chunks.text'], size: 2 },
+                          inner_hits: {
+                            _source: ['field2.inference.chunks.text'],
+                            name: 'index1.field2',
+                            size: 2,
+                          },
                           path: 'field2.inference.chunks',
                           query: {
                             sparse_vector: {
@@ -570,7 +574,11 @@ describe('create_query', () => {
                     standard: {
                       query: {
                         nested: {
-                          inner_hits: { _source: ['field2.inference.chunks.text'], size: 2 },
+                          inner_hits: {
+                            _source: ['field2.inference.chunks.text'],
+                            name: 'index1.field2',
+                            size: 2,
+                          },
                           path: 'field2.inference.chunks',
                           query: {
                             knn: {
diff --git a/x-pack/plugins/search_playground/public/utils/create_query.ts b/x-pack/plugins/search_playground/public/utils/create_query.ts
index 0f65bea734d5c..fadf15f291abd 100644
--- a/x-pack/plugins/search_playground/public/utils/create_query.ts
+++ b/x-pack/plugins/search_playground/public/utils/create_query.ts
@@ -89,6 +89,7 @@ export function createQuery(
                 },
                 inner_hits: {
                   size: 2,
+                  name: `${index}.${semanticField.field}`,
                   _source: [`${semanticField.field}.inference.chunks.text`],
                 },
               },
@@ -106,6 +107,7 @@ export function createQuery(
                 },
                 inner_hits: {
                   size: 2,
+                  name: `${index}.${semanticField.field}`,
                   _source: [`${semanticField.field}.inference.chunks.text`],
                 },
               },
diff --git a/x-pack/plugins/search_playground/server/lib/conversational_chain.test.ts b/x-pack/plugins/search_playground/server/lib/conversational_chain.test.ts
index f7ad46d3fdfda..fa6ee8e6e1abd 100644
--- a/x-pack/plugins/search_playground/server/lib/conversational_chain.test.ts
+++ b/x-pack/plugins/search_playground/server/lib/conversational_chain.test.ts
@@ -224,7 +224,7 @@ describe('conversational chain', () => {
           _index: 'index',
           _id: '1',
           inner_hits: {
-            'field.inference.chunks': {
+            'index.field': {
               hits: {
                 hits: [
                   {
diff --git a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts
index 8991cb9924480..e41eb0d1e4445 100644
--- a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts
+++ b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts
@@ -26,6 +26,8 @@ import {
   DENSE_SEMANTIC_FIELD_MAPPINGS,
   DENSE_SEMANTIC_FIELD_FIELD_CAPS,
   DENSE_SEMANTIC_FIELD_MAPPINGS_MISSING_TASK_TYPE,
+  DENSE_PIPELINE_FIELD_CAPS,
+  DENSE_OLD_PIPELINE_DOCS,
 } from '../../__mocks__/fetch_query_source_fields.mock';
 import {
   fetchFields,
@@ -506,6 +508,54 @@ describe('fetch_query_source_fields', () => {
       });
     });
 
+    it('should perform a search request with the correct modelid for old style inference', async () => {
+      const client = {
+        asCurrentUser: {
+          fieldCaps: jest.fn().mockResolvedValue(DENSE_PIPELINE_FIELD_CAPS),
+          search: jest.fn().mockResolvedValue(DENSE_OLD_PIPELINE_DOCS[0]),
+          indices: {
+            getMapping: jest.fn().mockResolvedValue({
+              'search-test-e5': {
+                mappings: {},
+              },
+            }),
+          },
+        },
+      } as any;
+      const indices = ['search-test-e5'];
+      const response = await fetchFields(client, indices);
+      expect(client.asCurrentUser.search).toHaveBeenCalledWith({
+        index: 'search-test-e5',
+        body: {
+          size: 0,
+          aggs: {
+            'ml.inference.body_content.model_id': {
+              terms: {
+                field: 'ml.inference.body_content.model_id.enum',
+                size: 1,
+              },
+            },
+          },
+        },
+      });
+      expect(response).toEqual({
+        'search-test-e5': {
+          bm25_query_fields: expect.any(Array),
+          dense_vector_query_fields: [
+            {
+              field: 'ml.inference.body_content.predicted_value',
+              indices: ['search-test-e5'],
+              model_id: '.multilingual-e5-small_linux-x86_64',
+            },
+          ],
+          elser_query_fields: [],
+          semantic_fields: [],
+          source_fields: expect.any(Array),
+          skipped_fields: 30,
+        },
+      });
+    });
+
     it('should perform a search request with the correct parameters with top level model id', async () => {
       const client = {
         asCurrentUser: {
diff --git a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts
index 15e1ead0bf037..9dfd5c9b2b95e 100644
--- a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts
+++ b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts
@@ -53,25 +53,15 @@ const EMBEDDING_TYPE: Record<TaskType, SemanticEmbeddingType> = {
 export const getModelIdFields = (fieldCapsResponse: FieldCapsResponse) => {
   const { fields } = fieldCapsResponse;
   return Object.keys(fields).reduce<Array<{ path: string; aggField: string }>>((acc, fieldKey) => {
-    const field = fields[fieldKey];
     if (fieldKey.endsWith('model_id')) {
-      if ('keyword' in field && field.keyword.aggregatable) {
-        acc.push({
-          path: fieldKey,
-          aggField: fieldKey,
-        });
-        return acc;
-      }
-      const keywordModelIdField = fields[fieldKey + '.keyword'];
+      const multiField = Object.keys(fields)
+        .filter((key) => key.startsWith(fieldKey))
+        .find((key) => fields[key].keyword && fields[key].keyword.aggregatable);
 
-      if (
-        keywordModelIdField &&
-        `keyword` in keywordModelIdField &&
-        keywordModelIdField.keyword.aggregatable
-      ) {
+      if (multiField) {
         acc.push({
           path: fieldKey,
-          aggField: fieldKey + '.keyword',
+          aggField: multiField,
         });
         return acc;
       }
diff --git a/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.test.ts b/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.test.ts
index bf02f6620d38c..cfdefc99f80ef 100644
--- a/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.test.ts
+++ b/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.test.ts
@@ -91,7 +91,7 @@ describe('getValueForSelectedField', () => {
         },
       },
       inner_hits: {
-        'test.inference.chunks': {
+        'sample-index.test': {
           hits: {
             hits: [
               {
diff --git a/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.ts b/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.ts
index 68bd600d62143..695c56a571374 100644
--- a/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.ts
+++ b/x-pack/plugins/search_playground/server/utils/get_value_for_selected_field.ts
@@ -14,8 +14,9 @@ export const getValueForSelectedField = (hit: SearchHit, path: string): string =
   }
 
   // for semantic_text matches
-  if (!!hit.inner_hits?.[`${path}.inference.chunks`]) {
-    return hit.inner_hits[`${path}.inference.chunks`].hits.hits
+  const innerHitPath = `${hit._index}.${path}`;
+  if (!!hit.inner_hits?.[innerHitPath]) {
+    return hit.inner_hits[innerHitPath].hits.hits
       .map((innerHit) => innerHit._source.text)
       .join('\n --- \n');
   }
diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts
index 1a767f778fb7a..1f5767fc56b64 100644
--- a/x-pack/plugins/security/common/index.ts
+++ b/x-pack/plugins/security/common/index.ts
@@ -7,8 +7,6 @@
 
 export type {
   GetUserProfileResponse,
-  ApiKey,
-  RestApiKey,
   GetUserDisplayNameParams,
   EditUser,
   BuiltinESPrivileges,
@@ -19,6 +17,7 @@ export type {
   InvalidRoleTemplate,
   InlineRoleTemplate,
 } from './model';
+
 export { getUserDisplayName, isRoleReserved, isRoleWithWildcardBasePrivilege } from './model';
 
 // Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin.
diff --git a/x-pack/plugins/security/common/model/index.ts b/x-pack/plugins/security/common/model/index.ts
index 4afc921007d4b..4ad46b29212d8 100644
--- a/x-pack/plugins/security/common/model/index.ts
+++ b/x-pack/plugins/security/common/model/index.ts
@@ -5,17 +5,6 @@
  * 2.0.
  */
 
-export type {
-  ApiKey,
-  RestApiKey,
-  BaseApiKey,
-  CrossClusterApiKey,
-  ApiKeyToInvalidate,
-  ApiKeyRoleDescriptors,
-  CrossClusterApiKeyAccess,
-  ApiKeyAggregations,
-  QueryApiKeyResult,
-} from './api_key';
 export type { EditUser, GetUserDisplayNameParams } from './user';
 export type { GetUserProfileResponse } from './user_profile';
 export {
diff --git a/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx b/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx
index c9ae85dcda634..8e2f27c2db817 100644
--- a/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx
+++ b/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx
@@ -29,6 +29,7 @@ import {
   useEuiTheme,
   useGeneratedHtmlId,
 } from '@elastic/eui';
+import { css } from '@emotion/react';
 import { Form, FormikProvider, useFormik, useFormikContext } from 'formik';
 import type { FunctionComponent } from 'react';
 import React, { useRef, useState } from 'react';
@@ -38,6 +39,15 @@ import type { CoreStart, IUiSettingsClient, ThemeServiceStart } from '@kbn/core/
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
+import {
+  FormChangesProvider,
+  FormField,
+  FormLabel,
+  FormRow,
+  OptionalText,
+  useFormChanges,
+  useFormChangesContext,
+} from '@kbn/security-form-components';
 import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import type { DarkModeValue, UserProfileData } from '@kbn/user-profile-components';
 import { UserAvatar, useUpdateUserProfile } from '@kbn/user-profile-components';
@@ -53,17 +63,15 @@ import {
 } from '../../../common/model';
 import { useSecurityApiClients } from '../../components';
 import { Breadcrumb } from '../../components/breadcrumb';
-import {
-  FormChangesProvider,
-  useFormChanges,
-  useFormChangesContext,
-} from '../../components/form_changes';
-import { FormField } from '../../components/form_field';
-import { FormLabel } from '../../components/form_label';
-import { FormRow, OptionalText } from '../../components/form_row';
 import { ChangePasswordModal } from '../../management/users/edit_user/change_password_modal';
 import { isUserReserved } from '../../management/users/user_utils';
 
+const formRowCSS = css`
+  .euiFormRow__label {
+    flex: 1;
+  }
+`;
+
 export interface UserProfileProps {
   user: AuthenticatedUser;
   data?: UserProfileData;
@@ -128,30 +136,36 @@ const UserDetailsEditor: FunctionComponent<UserDetailsEditorProps> = ({ user })
       }
     >
       <FormRow
+        css={formRowCSS}
         label={
           <FormLabel for="user.full_name">
-            <FormattedMessage
-              id="xpack.security.accountManagement.userProfile.fullNameLabel"
-              defaultMessage="Full name"
-            />
+            <EuiFlexGroup justifyContent="spaceBetween">
+              <FormattedMessage
+                id="xpack.security.accountManagement.userProfile.fullNameLabel"
+                defaultMessage="Full name"
+              />
+              <OptionalText />
+            </EuiFlexGroup>
           </FormLabel>
         }
-        labelAppend={<OptionalText />}
         fullWidth
       >
         <FormField name="user.full_name" data-test-subj={'userProfileFullName'} fullWidth />
       </FormRow>
 
       <FormRow
+        css={formRowCSS}
         label={
           <FormLabel for="user.email">
-            <FormattedMessage
-              id="xpack.security.accountManagement.userProfile.emailLabel"
-              defaultMessage="Email address"
-            />
+            <EuiFlexGroup justifyContent="spaceBetween">
+              <FormattedMessage
+                id="xpack.security.accountManagement.userProfile.emailLabel"
+                defaultMessage="Email address"
+              />
+              <OptionalText />
+            </EuiFlexGroup>
           </FormLabel>
         }
-        labelAppend={<OptionalText />}
         fullWidth
       >
         <FormField type="email" name="user.email" data-test-subj={'userProfileEmail'} fullWidth />
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts
index 7700ec76a8462..5e207ac8f366f 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts
@@ -5,10 +5,9 @@
  * 2.0.
  */
 
+import type { APIKeysAPIClient } from '@kbn/security-api-key-management';
 import type { PublicMethodsOf } from '@kbn/utility-types';
 
-import type { APIKeysAPIClient } from './api_keys_api_client';
-
 export const apiKeysAPIClientMock = {
   create: (): jest.Mocked<PublicMethodsOf<APIKeysAPIClient>> => ({
     invalidateApiKeys: jest.fn(),
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx
index d3ba26eae9ea6..68c3ef426f77c 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx
@@ -17,20 +17,23 @@ import { SectionLoading } from '@kbn/es-ui-shared-plugin/public';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { reactRouterNavigate, useKibana } from '@kbn/kibana-react-plugin/public';
+import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '@kbn/security-api-key-management';
+import {
+  ApiKeyCreatedCallout,
+  ApiKeyFlyout,
+  APIKeysAPIClient,
+} from '@kbn/security-api-key-management';
+import type { CategorizedApiKey } from '@kbn/security-plugin-types-common';
 import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import { Route } from '@kbn/shared-ux-router';
 
-import { ApiKeyFlyout } from './api_key_flyout';
 import { ApiKeysEmptyPrompt } from './api_keys_empty_prompt';
 import { ApiKeysTable, MAX_PAGINATED_ITEMS } from './api_keys_table';
-import type { CategorizedApiKey, QueryFilters } from './api_keys_table';
+import type { QueryFilters } from './api_keys_table';
 import { InvalidateProvider } from './invalidate_provider';
 import { Breadcrumb } from '../../../components/breadcrumb';
-import { SelectableTokenField } from '../../../components/token_field';
 import { useCapabilities } from '../../../components/use_capabilities';
 import { useAuthentication } from '../../../components/use_current_user';
-import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '../api_keys_api_client';
-import { APIKeysAPIClient } from '../api_keys_api_client';
 
 interface ApiKeysTableState {
   query: Query;
@@ -187,6 +190,9 @@ export const APIKeysGridPage: FunctionComponent = () => {
             }}
             onCancel={() => history.push({ pathname: '/' })}
             canManageCrossClusterApiKeys={canManageCrossClusterApiKeys}
+            currentUser={currentUser}
+            isLoadingCurrentUser={state.loading}
+            readOnly={readOnly}
           />
         </Breadcrumb>
       </Route>
@@ -208,6 +214,9 @@ export const APIKeysGridPage: FunctionComponent = () => {
           onCancel={() => setOpenedApiKey(undefined)}
           apiKey={openedApiKey}
           readOnly={readOnly}
+          canManageCrossClusterApiKeys={canManageCrossClusterApiKeys}
+          currentUser={currentUser}
+          isLoadingCurrentUser={state.loading}
         />
       )}
       {totalKeys === 0 ? (
@@ -324,67 +333,3 @@ export const APIKeysGridPage: FunctionComponent = () => {
     </>
   );
 };
-
-export interface ApiKeyCreatedCalloutProps {
-  createdApiKey: CreateAPIKeyResult;
-}
-
-export const ApiKeyCreatedCallout: FunctionComponent<ApiKeyCreatedCalloutProps> = ({
-  createdApiKey,
-}) => {
-  const concatenated = `${createdApiKey.id}:${createdApiKey.api_key}`;
-  return (
-    <EuiCallOut
-      color="success"
-      iconType="check"
-      title={i18n.translate('xpack.security.management.apiKeys.createSuccessMessage', {
-        defaultMessage: "Created API key ''{name}''",
-        values: { name: createdApiKey.name },
-      })}
-    >
-      <p>
-        <FormattedMessage
-          id="xpack.security.management.apiKeys.successDescription"
-          defaultMessage="Copy this key now. You will not be able to view it again."
-        />
-      </p>
-      <SelectableTokenField
-        options={[
-          {
-            key: 'encoded',
-            value: createdApiKey.encoded,
-            icon: 'empty',
-            label: i18n.translate('xpack.security.management.apiKeys.encodedLabel', {
-              defaultMessage: 'Encoded',
-            }),
-            description: i18n.translate('xpack.security.management.apiKeys.encodedDescription', {
-              defaultMessage: 'Format used to make requests to Elasticsearch REST API.',
-            }),
-          },
-          {
-            key: 'beats',
-            value: concatenated,
-            icon: 'logoBeats',
-            label: i18n.translate('xpack.security.management.apiKeys.beatsLabel', {
-              defaultMessage: 'Beats',
-            }),
-            description: i18n.translate('xpack.security.management.apiKeys.beatsDescription', {
-              defaultMessage: 'Format used to configure Beats.',
-            }),
-          },
-          {
-            key: 'logstash',
-            value: concatenated,
-            icon: 'logoLogstash',
-            label: i18n.translate('xpack.security.management.apiKeys.logstashLabel', {
-              defaultMessage: 'Logstash',
-            }),
-            description: i18n.translate('xpack.security.management.apiKeys.logstashDescription', {
-              defaultMessage: 'Format used to configure Logstash.',
-            }),
-          },
-        ]}
-      />
-    </EuiCallOut>
-  );
-};
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx
index 00703df03ef42..63124b4db2d44 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx
@@ -19,26 +19,24 @@ import {
   EuiFilterButton,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiHealth,
   EuiLink,
   EuiSearchBar,
   EuiSpacer,
   EuiText,
-  EuiToolTip,
 } from '@elastic/eui';
 import type { CustomComponentProps } from '@elastic/eui/src/components/search_bar/filters/custom_component_filter';
-import moment from 'moment-timezone';
 import type { FunctionComponent } from 'react';
 import React, { createContext, useContext, useState } from 'react';
 
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
+import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '@kbn/security-api-key-management';
+import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from '@kbn/security-api-key-management';
+import type { ApiKeyAggregations, CategorizedApiKey } from '@kbn/security-plugin-types-common';
 import { UserAvatar, UserProfilesPopover } from '@kbn/user-profile-components';
 
 import { ApiKeysEmptyPrompt, doesErrorIndicateBadQuery } from './api_keys_empty_prompt';
 import type { AuthenticatedUser } from '../../../../common';
-import type { ApiKey, ApiKeyAggregations, BaseApiKey } from '../../../../common/model';
-import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '../api_keys_api_client';
 
 export interface TablePagination {
   pageIndex: number;
@@ -574,129 +572,6 @@ export const UsernameWithIcon: FunctionComponent<UsernameWithIconProps> = ({ use
   </EuiFlexGroup>
 );
 
-export interface TimeToolTipProps {
-  timestamp: number;
-}
-
-export const TimeToolTip: FunctionComponent<TimeToolTipProps> = ({ timestamp, children }) => {
-  return (
-    <EuiToolTip content={moment(timestamp).format('LLL')}>
-      <span>{children ?? moment(timestamp).fromNow()}</span>
-    </EuiToolTip>
-  );
-};
-
-export type ApiKeyStatusProps = Pick<CategorizedApiKey, 'expiration'>;
-
-export const ApiKeyStatus: FunctionComponent<ApiKeyStatusProps> = ({ expiration }) => {
-  if (!expiration) {
-    return (
-      <EuiHealth color="primary" data-test-subj="apiKeyStatus">
-        <FormattedMessage
-          id="xpack.security.management.apiKeys.table.statusActive"
-          defaultMessage="Active"
-        />
-      </EuiHealth>
-    );
-  }
-
-  if (Date.now() > expiration) {
-    return (
-      <EuiHealth color="subdued" data-test-subj="apiKeyStatus">
-        <FormattedMessage
-          id="xpack.security.management.apiKeys.table.statusExpired"
-          defaultMessage="Expired"
-        />
-      </EuiHealth>
-    );
-  }
-
-  return (
-    <EuiHealth color="warning" data-test-subj="apiKeyStatus">
-      <TimeToolTip timestamp={expiration}>
-        <FormattedMessage
-          id="xpack.security.management.apiKeys.table.statusExpires"
-          defaultMessage="Expires {timeFromNow}"
-          values={{
-            timeFromNow: moment(expiration).fromNow(),
-          }}
-        />
-      </TimeToolTip>
-    </EuiHealth>
-  );
-};
-
-export interface ApiKeyBadgeProps {
-  type: 'rest' | 'cross_cluster' | 'managed';
-}
-
-export const ApiKeyBadge: FunctionComponent<ApiKeyBadgeProps> = ({ type }) => {
-  return type === 'cross_cluster' ? (
-    <EuiToolTip
-      content={
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.crossClusterDescription"
-          defaultMessage="Allows remote clusters to connect to your local cluster."
-        />
-      }
-    >
-      <EuiBadge color="hollow" iconType="cluster">
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.crossClusterLabel"
-          defaultMessage="Cross-Cluster"
-        />
-      </EuiBadge>
-    </EuiToolTip>
-  ) : type === 'managed' ? (
-    <EuiToolTip
-      content={
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.managedDescription"
-          defaultMessage="Created and managed by Kibana to correctly run background tasks."
-        />
-      }
-    >
-      <EuiBadge color="hollow" iconType="gear">
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.managedTitle"
-          defaultMessage="Managed"
-        />
-      </EuiBadge>
-    </EuiToolTip>
-  ) : (
-    <EuiToolTip
-      content={
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.restDescription"
-          defaultMessage="Allows external services to access the Elastic Stack on behalf of a user."
-        />
-      }
-    >
-      <EuiBadge color="hollow" iconType="user">
-        <FormattedMessage
-          id="xpack.security.accountManagement.apiKeyBadge.restTitle"
-          defaultMessage="Personal"
-        />
-      </EuiBadge>
-    </EuiToolTip>
-  );
-};
-
-/**
- * Interface representing a REST API key that is managed by Kibana.
- */
-export interface ManagedApiKey extends BaseApiKey {
-  type: 'managed';
-}
-
-/**
- * Interface representing an API key the way it is presented in the Kibana UI  (with Kibana system
- * API keys given its own dedicated `managed` type).
- */
-export type CategorizedApiKey = (ApiKey | ManagedApiKey) & {
-  expired: boolean;
-};
-
 export const categorizeAggregations = (aggregationResponse?: ApiKeyAggregations) => {
   const typeFilters: Array<CategorizedApiKey['type']> = [];
   const usernameFilters: Array<CategorizedApiKey['username']> = [];
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx
index 98c4764bc754e..0e968031d47b8 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx
@@ -10,11 +10,10 @@ import React, { Fragment, useRef, useState } from 'react';
 
 import type { NotificationsStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
+import type { APIKeysAPIClient } from '@kbn/security-api-key-management';
+import type { ApiKeyToInvalidate } from '@kbn/security-plugin-types-common';
 import type { PublicMethodsOf } from '@kbn/utility-types';
 
-import type { ApiKeyToInvalidate } from '../../../../../common/model';
-import type { APIKeysAPIClient } from '../../api_keys_api_client';
-
 interface Props {
   isAdmin: boolean;
   children: (invalidateApiKeys: InvalidateApiKeys) => React.ReactElement;
diff --git a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.test.tsx b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.test.tsx
index 6b666cfd378f4..8951fd3e5c202 100644
--- a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.test.tsx
+++ b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.test.tsx
@@ -44,6 +44,7 @@ const waitForRender = async (
 describe('<RolesGridPage />', () => {
   let apiClientMock: jest.Mocked<PublicMethodsOf<RolesAPIClient>>;
   let history: ReturnType<typeof scopedHistoryMock.create>;
+  const { theme, i18n, analytics, notifications } = coreMock.createStart();
 
   beforeEach(() => {
     history = scopedHistoryMock.create();
@@ -87,7 +88,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
       />
     );
     const initialIconCount = wrapper.find(EuiIcon).length;
@@ -105,7 +110,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
       />
     );
     const initialIconCount = wrapper.find(EuiIcon).length;
@@ -125,7 +134,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
       />
     );
     await waitForRender(wrapper, (updatedWrapper) => {
@@ -139,7 +152,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
       />
     );
     const initialIconCount = wrapper.find(EuiIcon).length;
@@ -179,7 +196,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
       />
     );
     const initialIconCount = wrapper.find(EuiIcon).length;
@@ -190,32 +211,86 @@ describe('<RolesGridPage />', () => {
 
     expect(wrapper.find(EuiBasicTable).props().items).toEqual([
       {
-        name: 'disabled-role',
-        elasticsearch: { cluster: [], indices: [], run_as: [] },
-        kibana: [{ base: [], spaces: [], feature: {} }],
-        transient_metadata: { enabled: false },
+        name: 'test-role-1',
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            spaces: [],
+            feature: {},
+          },
+        ],
       },
       {
-        name: 'reserved-role',
-        elasticsearch: { cluster: [], indices: [], run_as: [] },
-        kibana: [{ base: [], spaces: [], feature: {} }],
-        metadata: { _reserved: true },
+        name: 'test-role-with-description',
+        description: 'role-description',
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            spaces: [],
+            feature: {},
+          },
+        ],
       },
       {
-        name: 'special%chars%role',
-        elasticsearch: { cluster: [], indices: [], run_as: [] },
-        kibana: [{ base: [], spaces: [], feature: {} }],
+        name: 'reserved-role',
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            spaces: [],
+            feature: {},
+          },
+        ],
+        metadata: {
+          _reserved: true,
+        },
       },
       {
-        name: 'test-role-1',
-        elasticsearch: { cluster: [], indices: [], run_as: [] },
-        kibana: [{ base: [], spaces: [], feature: {} }],
+        name: 'disabled-role',
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            spaces: [],
+            feature: {},
+          },
+        ],
+        transient_metadata: {
+          enabled: false,
+        },
       },
       {
-        name: 'test-role-with-description',
-        description: 'role-description',
-        elasticsearch: { cluster: [], indices: [], run_as: [] },
-        kibana: [{ base: [], spaces: [], feature: {} }],
+        name: 'special%chars%role',
+        elasticsearch: {
+          cluster: [],
+          indices: [],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            spaces: [],
+            feature: {},
+          },
+        ],
       },
     ]);
 
@@ -223,24 +298,24 @@ describe('<RolesGridPage />', () => {
 
     expect(wrapper.find(EuiBasicTable).props().items).toEqual([
       {
-        name: 'disabled-role',
+        name: 'test-role-1',
         elasticsearch: { cluster: [], indices: [], run_as: [] },
         kibana: [{ base: [], spaces: [], feature: {} }],
-        transient_metadata: { enabled: false },
       },
       {
-        name: 'special%chars%role',
+        name: 'test-role-with-description',
+        description: 'role-description',
         elasticsearch: { cluster: [], indices: [], run_as: [] },
         kibana: [{ base: [], spaces: [], feature: {} }],
       },
       {
-        name: 'test-role-1',
+        name: 'disabled-role',
         elasticsearch: { cluster: [], indices: [], run_as: [] },
         kibana: [{ base: [], spaces: [], feature: {} }],
+        transient_metadata: { enabled: false },
       },
       {
-        name: 'test-role-with-description',
-        description: 'role-description',
+        name: 'special%chars%role',
         elasticsearch: { cluster: [], indices: [], run_as: [] },
         kibana: [{ base: [], spaces: [], feature: {} }],
       },
@@ -252,7 +327,11 @@ describe('<RolesGridPage />', () => {
       <RolesGridPage
         rolesAPIClient={apiClientMock}
         history={history}
-        notifications={coreMock.createStart().notifications}
+        notifications={notifications}
+        i18n={i18n}
+        buildFlavor={'traditional'}
+        analytics={analytics}
+        theme={theme}
         readOnly
       />
     );
diff --git a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx
index c753a7cc8a6a6..7c16c4179f193 100644
--- a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx
+++ b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx
@@ -5,28 +5,35 @@
  * 2.0.
  */
 
-import type { EuiBasicTableColumn, EuiSwitchEvent } from '@elastic/eui';
+import type {
+  CriteriaWithPagination,
+  EuiBasicTableColumn,
+  EuiSwitchEvent,
+  Query,
+} from '@elastic/eui';
 import {
+  EuiBasicTable,
   EuiButton,
   EuiButtonEmpty,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiInMemoryTable,
   EuiLink,
-  EuiPageHeader,
+  EuiSearchBar,
   EuiSpacer,
   EuiSwitch,
   EuiText,
   EuiToolTip,
 } from '@elastic/eui';
 import _ from 'lodash';
-import React, { Component } from 'react';
+import React, { useEffect, useState } from 'react';
+import type { FC } from 'react';
 
 import type { BuildFlavor } from '@kbn/config';
 import type { NotificationsStart, ScopedHistory } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { reactRouterNavigate } from '@kbn/kibana-react-plugin/public';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import type { PublicMethodsOf } from '@kbn/utility-types';
 
 import { ConfirmDelete } from './confirm_delete';
@@ -52,190 +59,192 @@ export interface Props extends StartServices {
   cloudOrgUrl?: string;
 }
 
-interface State {
-  roles: Role[];
-  visibleRoles: Role[];
-  selection: Role[];
-  filter: string;
-  showDeleteConfirmation: boolean;
-  permissionDenied: boolean;
-  includeReservedRoles: boolean;
-  isLoading: boolean;
+interface RolesTableState {
+  query: Query;
+  from: number;
+  size: number;
 }
 
 const getRoleManagementHref = (action: 'edit' | 'clone', roleName?: string) => {
   return `/${action}${roleName ? `/${encodeURIComponent(roleName)}` : ''}`;
 };
 
-export class RolesGridPage extends Component<Props, State> {
-  static defaultProps: Partial<Props> = {
-    readOnly: false,
-  };
-
-  constructor(props: Props) {
-    super(props);
-    this.state = {
-      roles: [],
-      visibleRoles: [],
-      selection: [],
-      filter: '',
-      showDeleteConfirmation: false,
-      permissionDenied: false,
-      includeReservedRoles: true,
-      isLoading: false,
-    };
-  }
+const getVisibleRoles = (roles: Role[], filter: string, includeReservedRoles: boolean) => {
+  return roles.filter((role) => {
+    const normalized = `${role.name}`.toLowerCase();
+    const normalizedQuery = filter.toLowerCase();
+    return (
+      normalized.indexOf(normalizedQuery) !== -1 && (includeReservedRoles || !isRoleReserved(role))
+    );
+  });
+};
 
-  public componentDidMount() {
-    this.loadRoles();
-  }
+const DEFAULT_TABLE_STATE = {
+  query: EuiSearchBar.Query.MATCH_ALL,
+  sort: {
+    field: 'creation' as const,
+    direction: 'desc' as const,
+  },
+  from: 0,
+  size: 25,
+  filters: {},
+};
 
-  public render() {
-    const { permissionDenied } = this.state;
+export const RolesGridPage: FC<Props> = ({
+  notifications,
+  rolesAPIClient,
+  history,
+  readOnly,
+  buildFlavor,
+  cloudOrgUrl,
+  analytics,
+  theme,
+  i18n: i18nStart,
+}) => {
+  const [roles, setRoles] = useState<Role[]>([]);
+  const [visibleRoles, setVisibleRoles] = useState<Role[]>([]);
+  const [selection, setSelection] = useState<Role[]>([]);
+  const [filter, setFilter] = useState<string>('');
+  const [showDeleteConfirmation, setShowDeleteConfirmation] = useState<boolean>(false);
+  const [permissionDenied, setPermissionDenied] = useState<boolean>(false);
+  const [includeReservedRoles, setIncludeReservedRoles] = useState<boolean>(true);
+  const [isLoading, setIsLoading] = useState<boolean>(false);
+  const [tableState, setTableState] = useState<RolesTableState>(DEFAULT_TABLE_STATE);
+
+  useEffect(() => {
+    loadRoles();
+  }, []); // eslint-disable-line react-hooks/exhaustive-deps
+
+  const loadRoles = async () => {
+    try {
+      setIsLoading(true);
+      const rolesFromApi = await rolesAPIClient.getRoles();
+      setRoles(rolesFromApi);
+      setVisibleRoles(getVisibleRoles(rolesFromApi, filter, includeReservedRoles));
+    } catch (e) {
+      if (_.get(e, 'body.statusCode') === 403) {
+        setPermissionDenied(true);
+      } else {
+        notifications.toasts.addDanger(
+          i18n.translate('xpack.security.management.roles.fetchingRolesErrorMessage', {
+            defaultMessage: 'Error fetching roles: {message}',
+            values: { message: _.get(e, 'body.message', '') },
+          })
+        );
+      }
+    } finally {
+      setIsLoading(false);
+    }
+  };
 
-    return permissionDenied ? <PermissionDenied /> : this.getPageContent();
-  }
+  const onIncludeReservedRolesChange = (e: EuiSwitchEvent) => {
+    setIncludeReservedRoles(e.target.checked);
+    setVisibleRoles(getVisibleRoles(roles, filter, e.target.checked));
+  };
 
-  private getPageContent = () => {
-    const { isLoading } = this.state;
+  const getRoleStatusBadges = (role: Role) => {
+    const enabled = isRoleEnabled(role);
+    const deprecated = isRoleDeprecated(role);
+    const reserved = isRoleReserved(role);
 
-    const customRolesEnabled = this.props.buildFlavor === 'serverless';
+    const badges: JSX.Element[] = [];
+    if (!enabled) {
+      badges.push(<DisabledBadge data-test-subj="roleDisabled" />);
+    }
+    if (reserved) {
+      badges.push(
+        <ReservedBadge
+          data-test-subj="roleReserved"
+          tooltipContent={
+            <FormattedMessage
+              id="xpack.security.management.roles.reservedRoleBadgeTooltip"
+              defaultMessage="Reserved roles are built-in and cannot be edited or removed."
+            />
+          }
+        />
+      );
+    }
+    if (deprecated) {
+      badges.push(
+        <DeprecatedBadge
+          data-test-subj="roleDeprecated"
+          tooltipContent={getExtendedRoleDeprecationNotice(role)}
+        />
+      );
+    }
 
-    const rolesTitle = customRolesEnabled ? (
-      <FormattedMessage
-        id="xpack.security.management.roles.customRoleTitle"
-        defaultMessage="Custom Roles"
-      />
-    ) : (
-      <FormattedMessage id="xpack.security.management.roles.roleTitle" defaultMessage="Roles" />
+    return (
+      <EuiFlexGroup gutterSize="s">
+        {badges.map((badge, index) => (
+          <EuiFlexItem key={index} grow={false}>
+            {badge}
+          </EuiFlexItem>
+        ))}
+      </EuiFlexGroup>
     );
+  };
 
-    const rolesDescription = customRolesEnabled ? (
-      <FormattedMessage
-        id="xpack.security.management.roles.customRolesSubtitle"
-        defaultMessage="In addition to the predefined roles on the system, you can create your own roles and provide your users with the exact set of privileges that they need."
-      />
-    ) : (
-      <FormattedMessage
-        id="xpack.security.management.roles.subtitle"
-        defaultMessage="Apply roles to groups of users and manage permissions across the stack."
-      />
-    );
+  const handleDelete = () => {
+    setSelection([]);
+    setShowDeleteConfirmation(false);
+    loadRoles();
+  };
 
-    const emptyResultsMessage = customRolesEnabled ? (
-      <FormattedMessage
-        id="xpack.security.management.roles.noCustomRolesFound"
-        defaultMessage="No custom roles to show"
-      />
-    ) : (
-      <FormattedMessage
-        id="xpack.security.management.roles.noRolesFound"
-        defaultMessage="No items found"
-      />
-    );
-    const pageRightSideItems = [
+  const deleteOneRole = (roleToDelete: Role) => {
+    setSelection([roleToDelete]);
+    setShowDeleteConfirmation(true);
+  };
+
+  const renderToolsLeft = () => {
+    if (selection.length === 0) {
+      return;
+    }
+    const numSelected = selection.length;
+    return (
       <EuiButton
-        data-test-subj="createRoleButton"
-        {...reactRouterNavigate(this.props.history, getRoleManagementHref('edit'))}
-        fill
-        iconType="plusInCircleFilled"
+        data-test-subj="deleteRoleButton"
+        color="danger"
+        onClick={() => setShowDeleteConfirmation(true)}
       >
         <FormattedMessage
-          id="xpack.security.management.roles.createRoleButtonLabel"
-          defaultMessage="Create role"
-        />
-      </EuiButton>,
-    ];
-    if (customRolesEnabled) {
-      pageRightSideItems.push(
-        <EuiButtonEmpty
-          href={this.props.cloudOrgUrl}
-          target="_blank"
-          iconSide="right"
-          iconType="popout"
-        >
-          <FormattedMessage
-            id="xpack.security.management.roles.assignRolesLinkLabel"
-            defaultMessage="Assign roles"
-          />
-        </EuiButtonEmpty>
-      );
-    }
-    return (
-      <>
-        <EuiPageHeader
-          bottomBorder
-          data-test-subj="rolesGridPageHeader"
-          pageTitle={rolesTitle}
-          description={rolesDescription}
-          rightSideItems={this.props.readOnly ? undefined : pageRightSideItems}
+          id="xpack.security.management.roles.deleteSelectedRolesButtonLabel"
+          defaultMessage="Delete {numSelected} role{numSelected, plural, one { } other {s}}"
+          values={{
+            numSelected,
+          }}
         />
+      </EuiButton>
+    );
+  };
 
-        <EuiSpacer size="l" />
-
-        {this.state.showDeleteConfirmation ? (
-          <ConfirmDelete
-            onCancel={this.onCancelDelete}
-            rolesToDelete={this.state.selection.map((role) => role.name)}
-            callback={this.handleDelete}
-            cloudOrgUrl={this.props.cloudOrgUrl}
-            {...this.props}
-          />
-        ) : null}
-
-        <EuiInMemoryTable
-          data-test-subj="rolesTable"
-          itemId="name"
-          columns={this.getColumnConfig()}
-          selection={
-            this.props.readOnly
-              ? undefined
-              : {
-                  selectable: (role: Role) => !role.metadata || !role.metadata._reserved,
-                  selectableMessage: (selectable: boolean) =>
-                    !selectable ? 'Role is reserved' : '',
-                  onSelectionChange: (selection: Role[]) => this.setState({ selection }),
-                  selected: this.state.selection,
-                }
+  const renderToolsRight = () => {
+    if (buildFlavor !== 'serverless') {
+      return (
+        <EuiSwitch
+          data-test-subj="showReservedRolesSwitch"
+          label={
+            <FormattedMessage
+              id="xpack.security.management.roles.showReservedRolesLabel"
+              defaultMessage="Show reserved roles"
+            />
           }
-          pagination={{
-            initialPageSize: 20,
-            pageSizeOptions: [10, 20, 30, 50, 100],
-          }}
-          message={emptyResultsMessage}
-          items={this.state.visibleRoles}
-          loading={isLoading}
-          search={{
-            toolsLeft: this.renderToolsLeft(),
-            toolsRight: this.renderToolsRight(),
-            box: {
-              incremental: true,
-              'data-test-subj': 'searchRoles',
-            },
-            onChange: (query: Record<string, any>) => {
-              this.setState({
-                filter: query.queryText,
-                visibleRoles: this.getVisibleRoles(
-                  this.state.roles,
-                  query.queryText,
-                  this.state.includeReservedRoles
-                ),
-              });
-            },
-          }}
-          sorting={{
-            sort: {
-              field: 'name',
-              direction: 'asc',
-            },
-          }}
-          rowProps={{ 'data-test-subj': 'roleRow' }}
+          checked={includeReservedRoles}
+          onChange={onIncludeReservedRolesChange}
         />
-      </>
-    );
+      );
+    }
   };
 
-  private getColumnConfig = () => {
+  const onTableChange = ({ page, sort }: CriteriaWithPagination<Role>) => {
+    const newState = {
+      ...tableState,
+      from: page?.index! * page?.size!,
+      size: page?.size!,
+    };
+    setTableState(newState);
+  };
+
+  const getColumnConfig = (): Array<EuiBasicTableColumn<Role>> => {
     const config: Array<EuiBasicTableColumn<Role>> = [
       {
         field: 'name',
@@ -243,18 +252,16 @@ export class RolesGridPage extends Component<Props, State> {
           defaultMessage: 'Role',
         }),
         sortable: true,
-        render: (name: string) => {
-          return (
-            <EuiText color="subdued" size="s">
-              <EuiLink
-                data-test-subj="roleRowName"
-                {...reactRouterNavigate(this.props.history, getRoleManagementHref('edit', name))}
-              >
-                {name}
-              </EuiLink>
-            </EuiText>
-          );
-        },
+        render: (name: string) => (
+          <EuiText color="subdued" size="s">
+            <EuiLink
+              data-test-subj="roleRowName"
+              {...reactRouterNavigate(history, getRoleManagementHref('edit', name))}
+            >
+              {name}
+            </EuiLink>
+          </EuiText>
+        ),
       },
       {
         field: 'description',
@@ -263,35 +270,27 @@ export class RolesGridPage extends Component<Props, State> {
         }),
         sortable: true,
         truncateText: { lines: 3 },
-        render: (description: string, record: Role) => {
-          return (
-            <EuiToolTip position="top" content={description} display="block">
-              <EuiText
-                color="subdued"
-                size="s"
-                data-test-subj={`roleRowDescription-${record.name}`}
-              >
-                {description}
-              </EuiText>
-            </EuiToolTip>
-          );
-        },
+        render: (description: string, record: Role) => (
+          <EuiToolTip position="top" content={description} display="block">
+            <EuiText color="subdued" size="s" data-test-subj={`roleRowDescription-${record.name}`}>
+              {description}
+            </EuiText>
+          </EuiToolTip>
+        ),
       },
     ];
-    if (this.props.buildFlavor !== 'serverless') {
+    if (buildFlavor !== 'serverless') {
       config.push({
         field: 'metadata',
         name: i18n.translate('xpack.security.management.roles.statusColumnName', {
           defaultMessage: 'Status',
         }),
         sortable: (role: Role) => isRoleEnabled(role) && !isRoleDeprecated(role),
-        render: (_metadata: Role['metadata'], record: Role) => {
-          return this.getRoleStatusBadges(record);
-        },
+        render: (_metadata: Role['metadata'], record: Role) => getRoleStatusBadges(record),
       });
     }
 
-    if (!this.props.readOnly) {
+    if (!readOnly) {
       config.push({
         name: i18n.translate('xpack.security.management.roles.actionsColumnName', {
           defaultMessage: 'Actions',
@@ -312,13 +311,11 @@ export class RolesGridPage extends Component<Props, State> {
                 values: { roleName: role.name },
               }),
             href: (role: Role) =>
-              reactRouterNavigate(this.props.history, getRoleManagementHref('clone', role.name))
-                .href,
+              reactRouterNavigate(history, getRoleManagementHref('clone', role.name)).href,
             onClick: (role: Role, event: React.MouseEvent) =>
-              reactRouterNavigate(
-                this.props.history,
-                getRoleManagementHref('clone', role.name)
-              ).onClick(event),
+              reactRouterNavigate(history, getRoleManagementHref('clone', role.name)).onClick(
+                event
+              ),
             'data-test-subj': (role: Role) => `clone-role-action-${role.name}`,
           },
           {
@@ -334,7 +331,7 @@ export class RolesGridPage extends Component<Props, State> {
                 values: { roleName: role.name },
               }),
             'data-test-subj': (role: Role) => `delete-role-action-${role.name}`,
-            onClick: (role: Role) => this.deleteOneRole(role),
+            onClick: (role: Role) => deleteOneRole(role),
             available: (role: Role) => !role.metadata || !role.metadata._reserved,
           },
           {
@@ -351,15 +348,11 @@ export class RolesGridPage extends Component<Props, State> {
               }),
             'data-test-subj': (role: Role) => `edit-role-action-${role.name}`,
             href: (role: Role) =>
-              reactRouterNavigate(this.props.history, getRoleManagementHref('edit', role.name))
-                .href,
+              reactRouterNavigate(history, getRoleManagementHref('edit', role.name)).href,
             onClick: (role: Role, event: React.MouseEvent) =>
-              reactRouterNavigate(
-                this.props.history,
-                getRoleManagementHref('edit', role.name)
-              ).onClick(event),
+              reactRouterNavigate(history, getRoleManagementHref('edit', role.name)).onClick(event),
             available: (role: Role) => !isRoleReadOnly(role),
-            enabled: () => this.state.selection.length === 0,
+            enabled: () => selection.length === 0,
           },
         ],
       });
@@ -368,151 +361,152 @@ export class RolesGridPage extends Component<Props, State> {
     return config;
   };
 
-  private getVisibleRoles = (roles: Role[], filter: string, includeReservedRoles: boolean) => {
-    return roles.filter((role) => {
-      const normalized = `${role.name}`.toLowerCase();
-      const normalizedQuery = filter.toLowerCase();
-      return (
-        normalized.indexOf(normalizedQuery) !== -1 &&
-        (includeReservedRoles || !isRoleReserved(role))
-      );
-    });
+  const onCancelDelete = () => {
+    setShowDeleteConfirmation(false);
   };
 
-  private onIncludeReservedRolesChange = (e: EuiSwitchEvent) => {
-    this.setState({
-      includeReservedRoles: e.target.checked,
-      visibleRoles: this.getVisibleRoles(this.state.roles, this.state.filter, e.target.checked),
-    });
+  const pagination = {
+    pageIndex: tableState.from / tableState.size,
+    pageSize: tableState.size,
+    totalItemCount: visibleRoles.length,
+    pageSizeOptions: [25, 50, 100],
   };
-
-  private getRoleStatusBadges = (role: Role) => {
-    const enabled = isRoleEnabled(role);
-    const deprecated = isRoleDeprecated(role);
-    const reserved = isRoleReserved(role);
-
-    const badges: JSX.Element[] = [];
-    if (!enabled) {
-      badges.push(<DisabledBadge data-test-subj="roleDisabled" />);
-    }
-    if (reserved) {
-      badges.push(
-        <ReservedBadge
-          data-test-subj="roleReserved"
-          tooltipContent={
+  return permissionDenied ? (
+    <PermissionDenied />
+  ) : (
+    <>
+      <KibanaPageTemplate.Header
+        bottomBorder
+        data-test-subj="rolesGridPageHeader"
+        pageTitle={
+          buildFlavor === 'serverless' ? (
             <FormattedMessage
-              id="xpack.security.management.roles.reservedRoleBadgeTooltip"
-              defaultMessage="Reserved roles are built-in and cannot be edited or removed."
+              id="xpack.security.management.roles.customRoleTitle"
+              defaultMessage="Custom Roles"
             />
-          }
-        />
-      );
-    }
-    if (deprecated) {
-      badges.push(
-        <DeprecatedBadge
-          data-test-subj="roleDeprecated"
-          tooltipContent={getExtendedRoleDeprecationNotice(role)}
-        />
-      );
-    }
-
-    return (
-      <EuiFlexGroup gutterSize="s">
-        {badges.map((badge, index) => (
-          <EuiFlexItem key={index} grow={false}>
-            {badge}
-          </EuiFlexItem>
-        ))}
-      </EuiFlexGroup>
-    );
-  };
-
-  private handleDelete = () => {
-    this.setState({
-      selection: [],
-      showDeleteConfirmation: false,
-    });
-    this.loadRoles();
-  };
-
-  private deleteOneRole = (roleToDelete: Role) => {
-    this.setState({
-      selection: [roleToDelete],
-      showDeleteConfirmation: true,
-    });
-  };
-
-  private async loadRoles() {
-    try {
-      this.setState({ isLoading: true });
-      const roles = await this.props.rolesAPIClient.getRoles();
+          ) : (
+            <FormattedMessage
+              id="xpack.security.management.roles.roleTitle"
+              defaultMessage="Roles"
+            />
+          )
+        }
+        description={
+          buildFlavor === 'serverless' ? (
+            <FormattedMessage
+              id="xpack.security.management.roles.customRolesSubtitle"
+              defaultMessage="In addition to the predefined roles on the system, you can create your own roles and provide your users with the exact set of privileges that they need."
+            />
+          ) : (
+            <FormattedMessage
+              id="xpack.security.management.roles.subtitle"
+              defaultMessage="Apply roles to groups of users and manage permissions across the stack."
+            />
+          )
+        }
+        rightSideItems={
+          readOnly
+            ? undefined
+            : [
+                <EuiButton
+                  data-test-subj="createRoleButton"
+                  {...reactRouterNavigate(history, getRoleManagementHref('edit'))}
+                  fill
+                  iconType="plusInCircleFilled"
+                >
+                  <FormattedMessage
+                    id="xpack.security.management.roles.createRoleButtonLabel"
+                    defaultMessage="Create role"
+                  />
+                </EuiButton>,
+                buildFlavor === 'serverless' && (
+                  <EuiButtonEmpty
+                    href={cloudOrgUrl}
+                    target="_blank"
+                    iconSide="right"
+                    iconType="popout"
+                  >
+                    <FormattedMessage
+                      id="xpack.security.management.roles.assignRolesLinkLabel"
+                      defaultMessage="Assign roles"
+                    />
+                  </EuiButtonEmpty>
+                ),
+              ]
+        }
+      />
 
-      this.setState({
-        roles,
-        visibleRoles: this.getVisibleRoles(
-          roles,
-          this.state.filter,
-          this.state.includeReservedRoles
-        ),
-      });
-    } catch (e) {
-      if (_.get(e, 'body.statusCode') === 403) {
-        this.setState({ permissionDenied: true });
-      } else {
-        this.props.notifications.toasts.addDanger(
-          i18n.translate('xpack.security.management.roles.fetchingRolesErrorMessage', {
-            defaultMessage: 'Error fetching roles: {message}',
-            values: { message: _.get(e, 'body.message', '') },
-          })
-        );
-      }
-    } finally {
-      this.setState({ isLoading: false });
-    }
-  }
+      <EuiSpacer size="l" />
+      <KibanaPageTemplate.Section paddingSize="none">
+        {showDeleteConfirmation ? (
+          <ConfirmDelete
+            onCancel={onCancelDelete}
+            rolesToDelete={selection.map((role) => role.name)}
+            callback={handleDelete}
+            cloudOrgUrl={cloudOrgUrl}
+            notifications={notifications}
+            rolesAPIClient={rolesAPIClient}
+            buildFlavor={buildFlavor}
+            theme={theme}
+            analytics={analytics}
+            i18n={i18nStart}
+          />
+        ) : null}
 
-  private renderToolsLeft() {
-    const { selection } = this.state;
-    if (selection.length === 0) {
-      return;
-    }
-    const numSelected = selection.length;
-    return (
-      <EuiButton
-        data-test-subj="deleteRoleButton"
-        color="danger"
-        onClick={() => this.setState({ showDeleteConfirmation: true })}
-      >
-        <FormattedMessage
-          id="xpack.security.management.roles.deleteSelectedRolesButtonLabel"
-          defaultMessage="Delete {numSelected} role{numSelected, plural, one { } other {s}}"
-          values={{
-            numSelected,
+        <EuiSearchBar
+          box={{
+            incremental: true,
+            'data-test-subj': 'searchRoles',
           }}
+          onChange={(query: Record<string, any>) => {
+            setFilter(query.queryText);
+            setVisibleRoles(getVisibleRoles(roles, query.queryText, includeReservedRoles));
+          }}
+          toolsLeft={renderToolsLeft()}
+          toolsRight={renderToolsRight()}
         />
-      </EuiButton>
-    );
-  }
-
-  private renderToolsRight() {
-    if (this.props.buildFlavor !== 'serverless') {
-      return (
-        <EuiSwitch
-          data-test-subj="showReservedRolesSwitch"
-          label={
-            <FormattedMessage
-              id="xpack.security.management.roles.showReservedRolesLabel"
-              defaultMessage="Show reserved roles"
-            />
+        <EuiSpacer size="s" />
+        <EuiBasicTable
+          data-test-subj="rolesTable"
+          itemId="name"
+          columns={getColumnConfig()}
+          selection={
+            readOnly
+              ? undefined
+              : {
+                  selectable: (role: Role) => !role.metadata || !role.metadata._reserved,
+                  selectableMessage: (selectable: boolean) =>
+                    !selectable ? 'Role is reserved' : '',
+                  onSelectionChange: (value: Role[]) => setSelection(value),
+                  selected: selection,
+                }
+          }
+          onChange={onTableChange}
+          pagination={pagination}
+          noItemsMessage={
+            buildFlavor === 'serverless' ? (
+              <FormattedMessage
+                id="xpack.security.management.roles.noCustomRolesFound"
+                defaultMessage="No custom roles to show"
+              />
+            ) : (
+              <FormattedMessage
+                id="xpack.security.management.roles.noRolesFound"
+                defaultMessage="No items found"
+              />
+            )
           }
-          checked={this.state.includeReservedRoles}
-          onChange={this.onIncludeReservedRolesChange}
+          items={visibleRoles}
+          loading={isLoading}
+          sorting={{
+            sort: {
+              field: 'name',
+              direction: 'asc',
+            },
+          }}
+          rowProps={{ 'data-test-subj': 'roleRow' }}
         />
-      );
-    }
-  }
-  private onCancelDelete = () => {
-    this.setState({ showDeleteConfirmation: false });
-  };
-}
+      </KibanaPageTemplate.Section>
+    </>
+  );
+};
diff --git a/x-pack/plugins/security/server/routes/api_keys/index.ts b/x-pack/plugins/security/server/routes/api_keys/index.ts
index 542611bfd0a23..26ff43230f582 100644
--- a/x-pack/plugins/security/server/routes/api_keys/index.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/index.ts
@@ -19,7 +19,7 @@ export type {
   UpdateRestAPIKeyParams,
   UpdateCrossClusterAPIKeyParams,
   UpdateRestAPIKeyWithKibanaPrivilegesParams,
-} from './update';
+} from '@kbn/security-plugin-types-server';
 
 export function defineApiKeysRoutes(params: RouteDefinitionParams) {
   defineEnabledApiKeysRoutes(params);
diff --git a/x-pack/plugins/security/server/routes/api_keys/invalidate.ts b/x-pack/plugins/security/server/routes/api_keys/invalidate.ts
index 58f25bbf80b4f..1983dbf2344e0 100644
--- a/x-pack/plugins/security/server/routes/api_keys/invalidate.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/invalidate.ts
@@ -6,9 +6,9 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import type { ApiKey } from '@kbn/security-plugin-types-common';
 
 import type { RouteDefinitionParams } from '..';
-import type { ApiKey } from '../../../common/model';
 import { wrapError, wrapIntoCustomErrorResponse } from '../../errors';
 import { createLicensedRouteHandler } from '../licensed_route_handler';
 
diff --git a/x-pack/plugins/security/server/routes/api_keys/query.ts b/x-pack/plugins/security/server/routes/api_keys/query.ts
index 9657deb3db300..9fe8fdbdc734b 100644
--- a/x-pack/plugins/security/server/routes/api_keys/query.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/query.ts
@@ -6,9 +6,9 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import type { QueryApiKeyResult } from '@kbn/security-plugin-types-common';
 
 import type { RouteDefinitionParams } from '..';
-import type { QueryApiKeyResult } from '../../../common/model';
 import { wrapIntoCustomErrorResponse } from '../../errors';
 import { createLicensedRouteHandler } from '../licensed_route_handler';
 
diff --git a/x-pack/plugins/security/server/routes/api_keys/update.ts b/x-pack/plugins/security/server/routes/api_keys/update.ts
index 076e0448be11d..a7fe43c46e206 100644
--- a/x-pack/plugins/security/server/routes/api_keys/update.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/update.ts
@@ -5,15 +5,12 @@
  * 2.0.
  */
 
-import type { estypes } from '@elastic/elasticsearch';
-
 import { schema } from '@kbn/config-schema';
-import type { TypeOf } from '@kbn/config-schema';
+import type { UpdateAPIKeyResult } from '@kbn/security-plugin-types-server';
 import {
-  crossClusterApiKeySchema,
-  elasticsearchRoleSchema,
-  getKibanaRoleSchema,
-  restApiKeySchema,
+  getUpdateRestApiKeyWithKibanaPrivilegesSchema,
+  updateCrossClusterApiKeySchema,
+  updateRestApiKeySchema,
 } from '@kbn/security-plugin-types-server';
 
 import type { RouteDefinitionParams } from '..';
@@ -21,57 +18,12 @@ import { UpdateApiKeyValidationError } from '../../authentication/api_keys/api_k
 import { wrapIntoCustomErrorResponse } from '../../errors';
 import { createLicensedRouteHandler } from '../licensed_route_handler';
 
-/**
- * Response of Kibana Update API key endpoint.
- */
-export type UpdateAPIKeyResult = estypes.SecurityUpdateApiKeyResponse;
-
-/**
- * Request body of Kibana Update API key endpoint.
- */
-export type UpdateAPIKeyParams =
-  | UpdateRestAPIKeyParams
-  | UpdateCrossClusterAPIKeyParams
-  | UpdateRestAPIKeyWithKibanaPrivilegesParams;
-
-const updateRestApiKeySchema = restApiKeySchema.extends({
-  name: null,
-  id: schema.string(),
-});
-
-const updateCrossClusterApiKeySchema = crossClusterApiKeySchema.extends({
-  name: null,
-  id: schema.string(),
-});
-
-export type UpdateRestAPIKeyParams = TypeOf<typeof updateRestApiKeySchema>;
-export type UpdateCrossClusterAPIKeyParams = TypeOf<typeof updateCrossClusterApiKeySchema>;
-export type UpdateRestAPIKeyWithKibanaPrivilegesParams = TypeOf<
-  ReturnType<typeof getRestApiKeyWithKibanaPrivilegesSchema>
->;
-
-const getRestApiKeyWithKibanaPrivilegesSchema = (
-  getBasePrivilegeNames: Parameters<typeof getKibanaRoleSchema>[0]
-) =>
-  restApiKeySchema.extends({
-    role_descriptors: null,
-    name: null,
-    id: schema.string(),
-    kibana_role_descriptors: schema.recordOf(
-      schema.string(),
-      schema.object({
-        elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }),
-        kibana: getKibanaRoleSchema(getBasePrivilegeNames),
-      })
-    ),
-  });
-
 export function defineUpdateApiKeyRoutes({
   router,
   authz,
   getAuthenticationService,
 }: RouteDefinitionParams) {
-  const bodySchemaWithKibanaPrivileges = getRestApiKeyWithKibanaPrivilegesSchema(() => {
+  const bodySchemaWithKibanaPrivileges = getUpdateRestApiKeyWithKibanaPrivilegesSchema(() => {
     const privileges = authz.privileges.get();
     return {
       global: Object.keys(privileges.global),
diff --git a/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts b/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts
index 2df81edf2d75b..e7c2e06abbb8e 100644
--- a/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts
+++ b/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts
@@ -114,7 +114,7 @@ export function defineKibanaUserRoleDeprecationRoutes({ router, logger }: RouteD
       }
 
       for (const [mappingNameToUpdate, mappingToUpdate] of roleMappingsWithKibanaUserRole) {
-        const roles = mappingToUpdate.roles.filter((role) => role !== KIBANA_USER_ROLE_NAME);
+        const roles = mappingToUpdate.roles?.filter((role) => role !== KIBANA_USER_ROLE_NAME) ?? [];
         if (!roles.includes(KIBANA_ADMIN_ROLE_NAME)) {
           roles.push(KIBANA_ADMIN_ROLE_NAME);
         }
diff --git a/x-pack/plugins/security/server/session_management/session_index.ts b/x-pack/plugins/security/server/session_management/session_index.ts
index 32c5206c6eeb9..9f11e9224243c 100644
--- a/x-pack/plugins/security/server/session_management/session_index.ts
+++ b/x-pack/plugins/security/server/session_management/session_index.ts
@@ -487,7 +487,7 @@ export class SessionIndex {
       for await (const sessionValues of this.getSessionValuesInBatches()) {
         const operations = sessionValues.map(({ _id, _source }) => {
           const { usernameHash, provider } = _source!;
-          auditLogger.log(sessionCleanupEvent({ sessionId: _id, usernameHash, provider }));
+          auditLogger.log(sessionCleanupEvent({ sessionId: _id!, usernameHash, provider }));
           return { delete: { _id } };
         });
 
@@ -1029,7 +1029,9 @@ export class SessionIndex {
           return [];
         }
 
-        return response.hits?.hits?.map((hit) => ({ sid: hit._id, ...sessionGroups[index] })) ?? [];
+        return (
+          response.hits?.hits?.map((hit) => ({ sid: hit._id!, ...sessionGroups[index] })) ?? []
+        );
       }
     );
 
diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json
index a555c58c5804e..728fcec8d911a 100644
--- a/x-pack/plugins/security/tsconfig.json
+++ b/x-pack/plugins/security/tsconfig.json
@@ -7,7 +7,7 @@
     "common/**/*",
     "public/**/*",
     "server/**/*",
-    "__mocks__/**/*"
+    "__mocks__/**/*",
   ],
   "kbn_references": [
     "@kbn/cloud-plugin",
@@ -68,7 +68,6 @@
     "@kbn/security-plugin-types-common",
     "@kbn/security-plugin-types-public",
     "@kbn/security-plugin-types-server",
-    "@kbn/kibana-utils-plugin",
     "@kbn/code-editor",
     "@kbn/code-editor-mock",
     "@kbn/core-security-browser",
@@ -81,7 +80,9 @@
     "@kbn/core-theme-browser-mocks",
     "@kbn/core-analytics-browser-mocks",
     "@kbn/core-user-profile-server",
-    "@kbn/core-user-profile-browser"
+    "@kbn/core-user-profile-browser",
+    "@kbn/security-api-key-management",
+    "@kbn/security-form-components"
   ],
   "exclude": [
     "target/**/*",
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.gen.ts
new file mode 100644
index 0000000000000..9de8855a091a6
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.gen.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Create an alerts index API endpoint
+ *   version: 2023-10-31
+ */
+
+import { z } from 'zod';
+
+export type CreateAlertsIndexResponse = z.infer<typeof CreateAlertsIndexResponse>;
+export const CreateAlertsIndexResponse = z.object({
+  acknowledged: z.boolean(),
+});
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.schema.yaml
new file mode 100644
index 0000000000000..63213117bd9fb
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.schema.yaml
@@ -0,0 +1,47 @@
+openapi: 3.0.0
+info:
+  title: Create an alerts index API endpoint
+  version: '2023-10-31'
+paths:
+  /api/detection_engine/index:
+    post:
+      x-labels: [ess]
+      operationId: CreateAlertsIndex
+      x-codegen-enabled: true
+      summary: Create an alerts index
+      tags:
+        - Alert index API
+      responses:
+        200:
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  acknowledged:
+                    type: boolean
+                required: [acknowledged]
+        401:
+          description: Unsuccessful authentication response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
+        403:
+          description: Not enough permissions response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        404:
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        500:
+          description: Internal server error response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.gen.ts
new file mode 100644
index 0000000000000..e2bfef33d6167
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.gen.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Delete an alerts index API endpoint
+ *   version: 2023-10-31
+ */
+
+import { z } from 'zod';
+
+export type DeleteAlertsIndexResponse = z.infer<typeof DeleteAlertsIndexResponse>;
+export const DeleteAlertsIndexResponse = z.object({
+  acknowledged: z.boolean(),
+});
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.schema.yaml
new file mode 100644
index 0000000000000..7cdb02632535e
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/delete_index/delete_index.schema.yaml
@@ -0,0 +1,48 @@
+openapi: 3.0.0
+info:
+  title: Delete an alerts index API endpoint
+  version: '2023-10-31'
+paths:
+  /api/detection_engine/index:
+    delete:
+      x-labels: [ess]
+      operationId: DeleteAlertsIndex
+      x-codegen-enabled: true
+      summary: Delete an alerts index
+      tags:
+        - Alert index API
+      responses:
+        200:
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  acknowledged:
+                    type: boolean
+                required: [acknowledged]
+        401:
+          description: Unsuccessful authentication response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
+        403:
+          description: Not enough permissions response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        404:
+          description: Index does not exist response
+          content:
+            application/json:
+              schema:
+                type: string
+        500:
+          description: Internal server error response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/index.ts b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/index.ts
index f0accac2fc01e..b64bea9e974b3 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/index.ts
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/index.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-export * from './create_index/create_index_route';
-export * from './delete_index/delete_index_route';
+export * from './create_index/create_index.gen';
+export * from './delete_index/delete_index.gen';
 export * from './read_alerts_index_exists/read_alerts_index_exists_route';
-export * from './read_index/read_index_route';
+export * from './read_index/read_index.gen';
 export * from './read_privileges/read_privileges_route';
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.gen.ts
new file mode 100644
index 0000000000000..071d96b89fe9c
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.gen.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get alerts index name API endpoint
+ *   version: 2023-10-31
+ */
+
+import { z } from 'zod';
+
+export type GetAlertsIndexResponse = z.infer<typeof GetAlertsIndexResponse>;
+export const GetAlertsIndexResponse = z.object({
+  name: z.string(),
+  index_mapping_outdated: z.boolean().nullable(),
+});
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
new file mode 100644
index 0000000000000..4c38c57da7592
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
@@ -0,0 +1,50 @@
+openapi: 3.0.0
+info:
+  title: Get alerts index name API endpoint
+  version: '2023-10-31'
+paths:
+  /api/detection_engine/index:
+    get:
+      x-labels: [ess]
+      operationId: GetAlertsIndex
+      x-codegen-enabled: true
+      summary: Gets the alert index name if it exists
+      tags:
+        - Alert index API
+      responses:
+        200:
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  name:
+                    type: string
+                  index_mapping_outdated:
+                    type: boolean
+                    nullable: true
+                required: [name, index_mapping_outdated]
+        401:
+          description: Unsuccessful authentication response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
+        403:
+          description: Not enough permissions response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        404:
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        500:
+          description: Internal server error response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts
index 5bb393c1fd419..4645be2d5e9dd 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts
@@ -7,6 +7,7 @@
 
 export * from './common_attributes.gen';
 export * from './rule_schemas.gen';
+export * from './utils';
 
 export * from './specific_attributes/eql_attributes.gen';
 export * from './specific_attributes/ml_attributes.gen';
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts
new file mode 100644
index 0000000000000..d7e51d5b7d091
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { RuleResponse } from './rule_schemas.gen';
+
+export function isCustomizedPrebuiltRule(rule: RuleResponse): boolean {
+  return rule.rule_source?.type === 'external' && rule.rule_source.is_customized;
+}
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
index 9d7ed22f92052..b9750fd7eb06d 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
@@ -54,6 +54,8 @@ export const BulkActionsDryRunErrCode = z.enum([
   'MACHINE_LEARNING_INDEX_PATTERN',
   'ESQL_INDEX_PATTERN',
   'INVESTIGATION_FIELDS_FEATURE',
+  'MANUAL_RULE_RUN_FEATURE',
+  'MANUAL_RULE_RUN_DISABLED_RULE',
 ]);
 export type BulkActionsDryRunErrCodeEnum = typeof BulkActionsDryRunErrCode.enum;
 export const BulkActionsDryRunErrCodeEnum = BulkActionsDryRunErrCode.enum;
@@ -157,6 +159,23 @@ export const BulkDuplicateRules = BulkActionBase.merge(
   })
 );
 
+export type BulkManualRuleRun = z.infer<typeof BulkManualRuleRun>;
+export const BulkManualRuleRun = BulkActionBase.merge(
+  z.object({
+    action: z.literal('run'),
+    run: z.object({
+      /**
+       * Start date of the manual rule run
+       */
+      start_date: z.string(),
+      /**
+       * End date of the manual rule run
+       */
+      end_date: z.string().optional(),
+    }),
+  })
+);
+
 /**
  * The condition for throttling the notification: 'rule', 'no_actions', or time duration
  */
@@ -173,6 +192,7 @@ export const BulkActionType = z.enum([
   'delete',
   'duplicate',
   'edit',
+  'run',
 ]);
 export type BulkActionTypeEnum = typeof BulkActionType.enum;
 export const BulkActionTypeEnum = BulkActionType.enum;
@@ -302,6 +322,7 @@ export const PerformBulkActionRequestBody = z.union([
   BulkEnableRules,
   BulkExportRules,
   BulkDuplicateRules,
+  BulkManualRuleRun,
   BulkEditRules,
 ]);
 export type PerformBulkActionRequestBodyInput = z.input<typeof PerformBulkActionRequestBody>;
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
index 022646dda04c4..2df8c770546e8 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
@@ -29,6 +29,7 @@ paths:
                 - $ref: '#/components/schemas/BulkEnableRules'
                 - $ref: '#/components/schemas/BulkExportRules'
                 - $ref: '#/components/schemas/BulkDuplicateRules'
+                - $ref: '#/components/schemas/BulkManualRuleRun'
                 - $ref: '#/components/schemas/BulkEditRules'
       responses:
         200:
@@ -78,6 +79,8 @@ components:
         - MACHINE_LEARNING_INDEX_PATTERN
         - ESQL_INDEX_PATTERN
         - INVESTIGATION_FIELDS_FEATURE
+        - MANUAL_RULE_RUN_FEATURE
+        - MANUAL_RULE_RUN_DISABLED_RULE
 
     NormalizedRuleError:
       type: object
@@ -251,6 +254,29 @@ components:
           required:
             - action
 
+    BulkManualRuleRun:
+      allOf:
+        - $ref: '#/components/schemas/BulkActionBase'
+        - type: object
+          properties:
+            action:
+              type: string
+              enum: [run]
+            run:
+              type: object
+              properties:
+                start_date:
+                  type: string
+                  description: Start date of the manual rule run
+                end_date:
+                  type: string
+                  description: End date of the manual rule run
+              required:
+                - start_date
+          required:
+            - action
+            - run
+
     ThrottleForBulkActions:
       type: string
       description: "The condition for throttling the notification: 'rule', 'no_actions', or time duration"
@@ -269,6 +295,7 @@ components:
         - delete
         - duplicate
         - edit
+        - run
 
     BulkActionEditType:
       type: string
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts
index 74bdf8707629e..3c33eb6c103e7 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts
@@ -34,7 +34,7 @@ describe('Perform bulk action request schema', () => {
       expectParseError(result);
 
       expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-        `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 2 more"`
+        `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 4 more"`
       );
     });
 
@@ -46,7 +46,7 @@ describe('Perform bulk action request schema', () => {
       expectParseError(result);
 
       expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-        `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 2 more"`
+        `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 4 more"`
       );
     });
 
@@ -74,7 +74,7 @@ describe('Perform bulk action request schema', () => {
       expectParseError(result);
 
       expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-        `"ids: Expected array, received string, action: Invalid literal value, expected \\"delete\\", ids: Expected array, received string, action: Invalid literal value, expected \\"disable\\", ids: Expected array, received string, and 7 more"`
+        `"ids: Expected array, received string, action: Invalid literal value, expected \\"delete\\", ids: Expected array, received string, action: Invalid literal value, expected \\"disable\\", ids: Expected array, received string, and 10 more"`
       );
     });
   });
@@ -143,6 +143,36 @@ describe('Perform bulk action request schema', () => {
     });
   });
 
+  describe('bulk manual rule run', () => {
+    test('invalid request: missing manual rule run payload', () => {
+      const payload = {
+        query: 'name: test',
+        action: BulkActionTypeEnum.run,
+      };
+
+      const result = PerformBulkActionRequestBody.safeParse(payload);
+      expectParseError(result);
+
+      expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
+        `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 3 more"`
+      );
+    });
+
+    test('valid request', () => {
+      const payload: PerformBulkActionRequestBody = {
+        query: 'name: test',
+        action: BulkActionTypeEnum.run,
+        [BulkActionTypeEnum.run]: {
+          start_date: new Date().toISOString(),
+          end_date: new Date().toISOString(),
+        },
+      };
+      const result = PerformBulkActionRequestBody.safeParse(payload);
+      expectParseSuccess(result);
+      expect(result.data).toEqual(payload);
+    });
+  });
+
   describe('bulk edit', () => {
     describe('cases common to every type of editing', () => {
       test('invalid request: missing edit payload', () => {
@@ -155,7 +185,7 @@ describe('Perform bulk action request schema', () => {
         expectParseError(result);
 
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 1 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 3 more"`
         );
       });
 
@@ -170,7 +200,7 @@ describe('Perform bulk action request schema', () => {
         expectParseError(result);
 
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 1 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 3 more"`
         );
       });
     });
@@ -187,7 +217,7 @@ describe('Perform bulk action request schema', () => {
         expectParseError(result);
 
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 11 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 13 more"`
         );
       });
 
@@ -249,7 +279,7 @@ describe('Perform bulk action request schema', () => {
         expectParseError(result);
 
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 11 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 13 more"`
         );
       });
 
@@ -367,7 +397,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 9 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 11 more"`
         );
       });
 
@@ -389,7 +419,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 12 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 14 more"`
         );
       });
 
@@ -427,7 +457,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 9 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 11 more"`
         );
       });
 
@@ -472,7 +502,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 12 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 14 more"`
         );
       });
 
@@ -494,7 +524,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 12 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 14 more"`
         );
       });
 
@@ -532,7 +562,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 9 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 11 more"`
         );
       });
 
@@ -554,7 +584,7 @@ describe('Perform bulk action request schema', () => {
 
         expectParseError(result);
         expect(stringifyZodError(result.error)).toMatchInlineSnapshot(
-          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 13 more"`
+          `"action: Invalid literal value, expected \\"delete\\", action: Invalid literal value, expected \\"disable\\", action: Invalid literal value, expected \\"enable\\", action: Invalid literal value, expected \\"export\\", action: Invalid literal value, expected \\"duplicate\\", and 15 more"`
         );
       });
 
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts
index dfec5ee92c360..2abe745e97f4a 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts
@@ -10,52 +10,13 @@
  * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
  *
  * info:
- *   title: Risk Scoring API
+ *   title: RiskScoresCalculation types
  *   version: 1
  */
 
 import { z } from 'zod';
 
-import {
-  AfterKeys,
-  DataViewId,
-  Filter,
-  PageSize,
-  IdentifierType,
-  DateRange,
-  RiskScoreWeights,
-  EntityRiskScoreRecord,
-} from '../common/common.gen';
-
-export type RiskScoresCalculationRequest = z.infer<typeof RiskScoresCalculationRequest>;
-export const RiskScoresCalculationRequest = z.object({
-  /**
-   * Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response.
-   */
-  after_keys: AfterKeys.optional(),
-  /**
-   * The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead.
-   */
-  data_view_id: DataViewId,
-  /**
-   * If set to `true`, the internal ES requests/responses will be logged in Kibana.
-   */
-  debug: z.boolean().optional(),
-  /**
-   * An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated.
-   */
-  filter: Filter.optional(),
-  page_size: PageSize.optional(),
-  /**
-   * Used to restrict the type of risk scores calculated.
-   */
-  identifier_type: IdentifierType,
-  /**
-   * Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used.
-   */
-  range: DateRange,
-  weights: RiskScoreWeights.optional(),
-});
+import { AfterKeys, EntityRiskScoreRecord } from '../common/common.gen';
 
 export type RiskScoresCalculationResponse = z.infer<typeof RiskScoresCalculationResponse>;
 export const RiskScoresCalculationResponse = z.object({
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml
index 5a290ce7930af..857971ddbf555 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml
@@ -1,75 +1,12 @@
 openapi: 3.0.0
 
 info:
+  title: RiskScoresCalculation types
   version: '1'
-  title: Risk Scoring API
-  description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics.
-
-servers:
-  - url: 'http://{kibana_host}:{port}'
-    variables:
-      kibana_host:
-        default: localhost
-      port:
-        default: '5601'
-
-paths:
-  /api/risk_scores/calculation:
-    post:
-      x-labels: [ess, serverless]
-      x-internal: true
-      summary: Trigger calculation of Risk Scores
-      description: Calculates and persists a segment of Risk Scores, returning details about the calculation.
-      requestBody:
-        description: Details about the Risk Scores being calculated
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RiskScoresCalculationRequest'
-        required: true
-      responses:
-        '200':
-          description: Successful response
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RiskScoresCalculationResponse'
-        '400':
-          description: Invalid request
+paths: {}
 
 components:
   schemas:
-    RiskScoresCalculationRequest:
-      type: object
-      required:
-        - data_view_id
-        - identifier_type
-        - range
-      properties:
-        after_keys:
-          description: Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response.
-          $ref: '../common/common.schema.yaml#/components/schemas/AfterKeys'
-        data_view_id:
-          $ref: '../common/common.schema.yaml#/components/schemas/DataViewId'
-          description: The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead.
-        debug:
-          description: If set to `true`, the internal ES requests/responses will be logged in Kibana.
-          type: boolean
-        filter:
-          $ref: '../common/common.schema.yaml#/components/schemas/Filter'
-          description: An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated.
-        page_size:
-          $ref: '../common/common.schema.yaml#/components/schemas/PageSize'
-        identifier_type:
-          description: Used to restrict the type of risk scores calculated.
-          allOf:
-            - $ref: '../common/common.schema.yaml#/components/schemas/IdentifierType'
-        range:
-          $ref: '../common/common.schema.yaml#/components/schemas/DateRange'
-          description: Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used.
-        weights:
-          $ref: '../common/common.schema.yaml#/components/schemas/RiskScoreWeights'
-
     RiskScoresCalculationResponse:
       type: object
       required:
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml
index 328c67184e0f9..bb94305254885 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml
@@ -14,10 +14,33 @@ servers:
         default: '5601'
 
 paths:
+  # TODO delete on a future serverless release
   /api/risk_scores/calculation/entity:
     post:
       x-labels: [ess, serverless]
       x-internal: true
+      summary: Deprecated Trigger calculation of Risk Scores for an entity. Moved to /internal/risk_score/calculation/entity
+      description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
+      requestBody:
+        description: The entity type and identifier
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RiskScoresEntityCalculationRequest'
+        required: true
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RiskScoresEntityCalculationResponse'
+        '400':
+          description: Invalid request
+
+  /internal/risk_score/calculation/entity:
+    post:
+      x-labels: [ess, serverless]
       summary: Trigger calculation of Risk Scores for an entity
       description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
       requestBody:
diff --git a/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route.ts b/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route.ts
index af5dbaf394d81..717440fa0717a 100644
--- a/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route.ts
+++ b/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route.ts
@@ -10,4 +10,5 @@ import { unionWithNullType } from '../../../utility_types';
 
 export const deleteNoteSchema = runtimeTypes.partial({
   noteId: unionWithNullType(runtimeTypes.string),
+  noteIds: unionWithNullType(runtimeTypes.array(runtimeTypes.string)),
 });
diff --git a/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route_schema.yaml b/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route_schema.yaml
index e05666a3319a8..0f39551e757b6 100644
--- a/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route_schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route_schema.yaml
@@ -22,11 +22,19 @@ paths:
         content:
           application/json:
             schema:
-              type: object
-              properties:
-                noteId:
-                  type: string
-                  nullable: true
+              oneOf:
+                type: object
+                properties:
+                  noteId:
+                    type: string
+                    nullable: true
+                type: object
+                properties:
+                  noteIds:
+                  type: array
+                  items:
+                    type: string
+                    nullable: true
       responses:
         200:
           description: Indicates the note was successfully deleted.
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route.ts b/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route.ts
new file mode 100644
index 0000000000000..453f7ff045df2
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as runtimeTypes from 'io-ts';
+import { unionWithNullType } from '../../../utility_types';
+
+export const getNotesSchema = runtimeTypes.partial({
+  documentIds: runtimeTypes.union([runtimeTypes.array(runtimeTypes.string), runtimeTypes.string]),
+  page: unionWithNullType(runtimeTypes.number),
+  perPage: unionWithNullType(runtimeTypes.number),
+  search: unionWithNullType(runtimeTypes.string),
+  sortField: unionWithNullType(runtimeTypes.string),
+  sortOrder: unionWithNullType(runtimeTypes.string),
+  filter: unionWithNullType(runtimeTypes.string),
+});
diff --git a/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route_schema.yaml b/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route_schema.yaml
new file mode 100644
index 0000000000000..a78b7e6f9cbee
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route_schema.yaml
@@ -0,0 +1,60 @@
+openapi: 3.0.0
+info:
+  title: Elastic Security - Timeline - Notes API
+  version: 8.9.0
+servers:
+  - url: 'http://{kibana_host}:{port}'
+    variables:
+      kibana_host:
+        default: localhost
+      port:
+        default: '5601'
+paths:
+  /api/note:
+    get:
+      operationId: getNotes
+      description: Gets notes
+      tags:
+        - access:securitySolution
+      parameters:
+        - name: documentIds
+          in: query
+          schema:
+            oneOf:
+              - type: array
+                items:
+                  type: string
+              - type: string
+        - name: page
+          in: query
+          schema:
+            type: number
+            nullable: true
+        - name: perPage
+          in: query
+          schema:
+            type: number
+            nullable: true
+        - name: search
+          in: query
+          schema:
+            type: string
+            nullable: true
+        - name: sortField
+          in: query
+          schema:
+            type: string
+            nullable: true
+        - name: sortOrder
+          in: query
+          schema:
+            type: string
+            nullable: true
+        - name: filter
+          in: query
+          schema:
+            type: string
+            nullable: true
+      responses:
+        200:
+          description: Indicates the requested notes were returned.
diff --git a/x-pack/plugins/security_solution/common/api/timeline/model/api.ts b/x-pack/plugins/security_solution/common/api/timeline/model/api.ts
index 5230552f3e836..3e69bd14b646c 100644
--- a/x-pack/plugins/security_solution/common/api/timeline/model/api.ts
+++ b/x-pack/plugins/security_solution/common/api/timeline/model/api.ts
@@ -45,6 +45,16 @@ export type BareNote = runtimeTypes.TypeOf<typeof BareNoteSchema>;
  */
 export type BareNoteWithoutExternalRefs = Omit<BareNote, 'timelineId'>;
 
+export const BareNoteWithoutExternalRefsSchema = runtimeTypes.partial({
+  timelineId: unionWithNullType(runtimeTypes.string),
+  eventId: unionWithNullType(runtimeTypes.string),
+  note: unionWithNullType(runtimeTypes.string),
+  created: unionWithNullType(runtimeTypes.number),
+  createdBy: unionWithNullType(runtimeTypes.string),
+  updated: unionWithNullType(runtimeTypes.number),
+  updatedBy: unionWithNullType(runtimeTypes.string),
+});
+
 export const NoteRuntimeType = runtimeTypes.intersection([
   BareNoteSchema,
   runtimeTypes.type({
diff --git a/x-pack/plugins/security_solution/common/api/timeline/persist_note/persist_note_route.ts b/x-pack/plugins/security_solution/common/api/timeline/persist_note/persist_note_route.ts
index b588e6829aaba..e6f8b9cc94fd3 100644
--- a/x-pack/plugins/security_solution/common/api/timeline/persist_note/persist_note_route.ts
+++ b/x-pack/plugins/security_solution/common/api/timeline/persist_note/persist_note_route.ts
@@ -7,9 +7,9 @@
 
 import * as runtimeTypes from 'io-ts';
 import { unionWithNullType } from '../../../utility_types';
-import { BareNoteSchema } from '../model/api';
+import { BareNoteSchema, BareNoteWithoutExternalRefsSchema } from '../model/api';
 
-export const persistNoteSchema = runtimeTypes.intersection([
+export const persistNoteWithRefSchema = runtimeTypes.intersection([
   runtimeTypes.type({
     note: BareNoteSchema,
   }),
@@ -19,3 +19,22 @@ export const persistNoteSchema = runtimeTypes.intersection([
     version: unionWithNullType(runtimeTypes.string),
   }),
 ]);
+
+export const persistNoteWithoutRefSchema = runtimeTypes.intersection([
+  runtimeTypes.type({
+    note: BareNoteWithoutExternalRefsSchema,
+  }),
+  runtimeTypes.partial({
+    overrideOwner: unionWithNullType(runtimeTypes.boolean),
+    noteId: unionWithNullType(runtimeTypes.string),
+    version: unionWithNullType(runtimeTypes.string),
+    eventIngested: unionWithNullType(runtimeTypes.string),
+    eventTimestamp: unionWithNullType(runtimeTypes.string),
+    eventDataView: unionWithNullType(runtimeTypes.string),
+  }),
+]);
+
+export const persistNoteSchema = runtimeTypes.union([
+  persistNoteWithRefSchema,
+  persistNoteWithoutRefSchema,
+]);
diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
index 70fb550e798e1..38e0c5c0327b5 100644
--- a/x-pack/plugins/security_solution/common/constants.ts
+++ b/x-pack/plugins/security_solution/common/constants.ts
@@ -430,6 +430,8 @@ export enum BulkActionsDryRunErrCode {
   MACHINE_LEARNING_INDEX_PATTERN = 'MACHINE_LEARNING_INDEX_PATTERN',
   ESQL_INDEX_PATTERN = 'ESQL_INDEX_PATTERN',
   INVESTIGATION_FIELDS_FEATURE = 'INVESTIGATION_FIELDS_FEATURE',
+  MANUAL_RULE_RUN_FEATURE = 'MANUAL_RULE_RUN_FEATURE',
+  MANUAL_RULE_RUN_DISABLED_RULE = 'MANUAL_RULE_RUN_DISABLED_RULE',
 }
 
 export const MAX_NUMBER_OF_NEW_TERMS_FIELDS = 3;
@@ -493,3 +495,9 @@ export const MAX_COMMENT_LENGTH = 30000 as const;
  * Cases external attachment IDs
  */
 export const CASE_ATTACHMENT_ENDPOINT_TYPE_ID = 'endpoint' as const;
+
+/**
+ * Rule gaps
+ */
+export const MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS = 90;
+export const MAX_MANUAL_RULE_RUN_BULK_SIZE = 100;
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts
index 18282d6fceed5..87a3aee66a884 100644
--- a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts
@@ -27,7 +27,7 @@ import {
   type ResponseActionGetFileParameters,
   type ResponseActionScanOutputContent,
   type ResponseActionsExecuteParameters,
-  type ResponseActionsScanParameters,
+  type ResponseActionScanParameters,
   type ResponseActionUploadOutputContent,
   type ResponseActionUploadParameters,
   type WithAllKeys,
@@ -231,7 +231,7 @@ export class EndpointActionGenerator extends BaseDataGenerator {
       comment: 'thisisacomment',
       createdBy: 'auserid',
       parameters: undefined,
-      outputs: {},
+      outputs: undefined,
       agentState: {
         'agent-a': {
           errors: undefined,
@@ -265,8 +265,13 @@ export class EndpointActionGenerator extends BaseDataGenerator {
             ResponseActionGetFileOutputContent,
             ResponseActionGetFileParameters
           >
-        ).outputs = {
-          [details.agents[0]]: {
+        ).outputs = details.agents.reduce<
+          ActionDetails<
+            ResponseActionGetFileOutputContent,
+            ResponseActionGetFileParameters
+          >['outputs']
+        >((acc = {}, agentId) => {
+          acc[agentId] = {
             type: 'json',
             content: {
               code: 'ra_get-file_success',
@@ -281,8 +286,9 @@ export class EndpointActionGenerator extends BaseDataGenerator {
                 },
               ],
             },
-          },
-        };
+          };
+          return acc;
+        }, {});
       }
     }
 
@@ -291,7 +297,7 @@ export class EndpointActionGenerator extends BaseDataGenerator {
         (
           details as unknown as ActionDetails<
             ResponseActionScanOutputContent,
-            ResponseActionsScanParameters
+            ResponseActionScanParameters
           >
         ).parameters = {
           path: '/some/folder/to/scan',
@@ -302,16 +308,20 @@ export class EndpointActionGenerator extends BaseDataGenerator {
         (
           details as unknown as ActionDetails<
             ResponseActionScanOutputContent,
-            ResponseActionsScanParameters
+            ResponseActionScanParameters
           >
-        ).outputs = {
-          [details.agents[0]]: {
+        ).outputs = details.agents.reduce<
+          ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>['outputs']
+        >((acc = {}, agentId) => {
+          acc[agentId] = {
             type: 'json',
             content: {
-              code: 'ra_scan_success_done',
+              code: 'ra_scan_success',
             },
-          },
-        };
+          };
+
+          return acc;
+        }, {});
       }
     }
 
@@ -336,14 +346,20 @@ export class EndpointActionGenerator extends BaseDataGenerator {
             ResponseActionExecuteOutputContent,
             ResponseActionsExecuteParameters
           >
-        ).outputs = {
-          [details.agents[0]]: this.generateExecuteActionResponseOutput({
+        ).outputs = details.agents.reduce<
+          ActionDetails<
+            ResponseActionExecuteOutputContent,
+            ResponseActionsExecuteParameters
+          >['outputs']
+        >((acc = {}, agentId) => {
+          acc[agentId] = this.generateExecuteActionResponseOutput({
             content: {
               output_file_id: getFileDownloadId(details, details.agents[0]),
               ...(overrides.outputs?.[details.agents[0]]?.content ?? {}),
             },
-          }),
-        };
+          });
+          return acc;
+        }, {});
       }
     }
 
@@ -360,16 +376,19 @@ export class EndpointActionGenerator extends BaseDataGenerator {
         file_sha256: 'file-hash-sha-256',
       };
 
-      uploadActionDetails.outputs = {
-        'agent-a': {
+      uploadActionDetails.outputs = details.agents.reduce<
+        ActionDetails<ResponseActionUploadOutputContent, ResponseActionUploadParameters>['outputs']
+      >((acc = {}, agentId) => {
+        acc[agentId] = {
           type: 'json',
           content: {
             code: 'ra_upload_file-success',
             path: '/path/to/uploaded/file',
             disk_free_space: 1234567,
           },
-        },
-      };
+        };
+        return acc;
+      }, {});
     }
 
     return merge(details, overrides as ActionDetails) as unknown as ActionDetails<
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts
index 62fa05d794725..43463b0336b58 100644
--- a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts
@@ -65,7 +65,8 @@ export class FleetAgentGenerator extends BaseDataGenerator<Agent> {
         // Casting here is needed because several of the attributes in `FleetServerAgent` are
         // defined as optional, but required in `Agent` type.
         ...(hit._source as Agent),
-        id: hit._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
         policy_revision: hit._source?.policy_revision_idx,
         access_api_key: undefined,
         status: this.randomAgentStatus(),
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
new file mode 100644
index 0000000000000..10a3af979a125
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
@@ -0,0 +1,136 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Client, estypes } from '@elastic/elasticsearch';
+import type { ToolingLog } from '@kbn/tooling-log';
+import { ENDPOINT_HEARTBEAT_INDEX } from '../constants';
+import { createToolingLogger } from './utils';
+
+export interface IndexedEndpointHeartbeats {
+  data: estypes.BulkResponse;
+  cleanup: () => Promise<DeletedEndpointHeartbeats>;
+}
+
+export interface DeletedEndpointHeartbeats {
+  data: estypes.BulkResponse;
+}
+
+interface EndpointHeartbeat {
+  '@timestamp': string;
+  agent: {
+    id: string;
+  };
+  event: {
+    agent_id_status: string;
+    ingested: string;
+  };
+  billable?: boolean;
+}
+
+export const indexEndpointHeartbeats = async (
+  esClient: Client,
+  log: ToolingLog,
+  count: number
+): Promise<IndexedEndpointHeartbeats> => {
+  log.debug(`Indexing ${count} endpoint heartbeats`);
+  const startTime = new Date();
+
+  const docs: EndpointHeartbeat[] = Array.from({ length: count }).map((_, i) => {
+    const ingested = new Date(startTime.getTime() + i).toISOString();
+
+    const heartbeatDoc: EndpointHeartbeat = {
+      '@timestamp': '2024-06-11T13:03:37Z',
+      agent: {
+        id: `agent-${i}`,
+      },
+      event: {
+        agent_id_status: 'auth_metadata_missing',
+        ingested,
+      },
+    };
+    // billable: true and missing billable are billed
+    if (i % 2) {
+      heartbeatDoc.billable = true;
+    }
+    return heartbeatDoc;
+  });
+
+  // billable: false are not billed
+  const invalidDocs: EndpointHeartbeat[] = [
+    {
+      '@timestamp': '2024-06-11T13:03:37Z',
+      agent: {
+        id: 'agent-billable-false',
+      },
+      event: {
+        agent_id_status: 'auth_metadata_missing',
+        ingested: new Date().toISOString(),
+      },
+      billable: false,
+    },
+  ];
+
+  const operations = docs.concat(invalidDocs).flatMap((doc) => [
+    {
+      index: {
+        _index: ENDPOINT_HEARTBEAT_INDEX,
+        op_type: 'create',
+      },
+    },
+    doc,
+  ]);
+
+  const response = await esClient.bulk({
+    refresh: 'wait_for',
+    operations,
+  });
+
+  if (response.errors) {
+    log.error(
+      `There was an error indexing endpoint heartbeats ${JSON.stringify(response.items, null, 2)}`
+    );
+  } else {
+    log.debug(`Indexed ${docs.length} endpoint heartbeats successfully`);
+  }
+
+  return {
+    data: response,
+    cleanup: deleteIndexedEndpointHeartbeats.bind(null, esClient, response, log),
+  };
+};
+
+export const deleteIndexedEndpointHeartbeats = async (
+  esClient: Client,
+  indexedHeartbeats: IndexedEndpointHeartbeats['data'],
+  log = createToolingLogger()
+): Promise<DeletedEndpointHeartbeats> => {
+  let response: estypes.BulkResponse = {
+    took: 0,
+    errors: false,
+    items: [],
+  };
+
+  if (indexedHeartbeats.items.length) {
+    const idsToDelete = indexedHeartbeats.items
+      .filter((item) => item.create)
+      .map((item) => ({
+        delete: {
+          _index: item.create?._index,
+          _id: item.create?._id,
+        },
+      }));
+
+    if (idsToDelete.length) {
+      response = await esClient.bulk({
+        operations: idsToDelete,
+      });
+      log.debug('Indexed endpoint heartbeats deleted successfully');
+    }
+  }
+
+  return { data: response };
+};
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index 30743b3210c1a..44c9f8d0f7bd2 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -240,6 +240,7 @@ export interface Tree {
   allEvents: Event[];
   startTime: Date;
   endTime: Date;
+  agentId: string;
 }
 
 export interface TreeOptions {
@@ -381,6 +382,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
   protected get commonInfo() {
     return clone(this._commonInfo);
   }
+
   protected set commonInfo(newInfo) {
     this._commonInfo = newInfo;
   }
@@ -1184,6 +1186,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
       childrenLevels: levels,
       startTime,
       endTime,
+      agentId: this.commonInfo.agent.id,
     };
   }
 
diff --git a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
index 36a43d681e682..9ed0d20aee883 100644
--- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
@@ -6,7 +6,9 @@
  */
 
 import type { PolicyConfig } from '../types';
-import { ProtectionModes, AntivirusRegistrationModes } from '../types';
+import { AntivirusRegistrationModes, ProtectionModes } from '../types';
+
+import { isBillablePolicy } from './policy_config_helpers';
 
 /**
  * Return a new default `PolicyConfig` for platinum and above licenses
@@ -19,7 +21,7 @@ export const policyFactory = (
   clusterName = '',
   serverless = false
 ): PolicyConfig => {
-  return {
+  const policy: PolicyConfig = {
     meta: {
       license,
       license_uuid: licenseUid,
@@ -80,8 +82,8 @@ export const policyFactory = (
         file: 'info',
       },
       antivirus_registration: {
-        mode: AntivirusRegistrationModes.disabled,
-        enabled: false,
+        mode: AntivirusRegistrationModes.sync,
+        enabled: true, // Defaults to true since Malware protection is set to prevent and mode is set to sync
       },
       attack_surface_reduction: {
         credential_hardening: {
@@ -174,6 +176,9 @@ export const policyFactory = (
       },
     },
   };
+  policy.meta.billable = isBillablePolicy(policy);
+
+  return policy;
 };
 
 /**
diff --git a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts
index 3ef5dd474e1a0..8a7ab314c1e7b 100644
--- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts
@@ -12,6 +12,8 @@ import {
   disableProtections,
   isPolicySetToEventCollectionOnly,
   ensureOnlyEventCollectionIsAllowed,
+  isBillablePolicy,
+  getPolicyProtectionsReference,
 } from './policy_config_helpers';
 import { set } from 'lodash';
 
@@ -192,6 +194,35 @@ describe('Policy Config helpers', () => {
       }
     );
   });
+
+  describe('isBillablePolicy', () => {
+    it('doesnt bill if serverless false', () => {
+      const policy = policyFactory();
+      const isBillable = isBillablePolicy(policy);
+      expect(policy.meta.serverless).toBe(false);
+      expect(isBillable).toBe(false);
+    });
+
+    it('doesnt bill if event collection only', () => {
+      const policy = ensureOnlyEventCollectionIsAllowed(policyFactory());
+      policy.meta.serverless = true;
+      const isBillable = isBillablePolicy(policy);
+      expect(isBillable).toBe(false);
+    });
+
+    it.each(getPolicyProtectionsReference())(
+      'correctly bills if $keyPath is enabled',
+      (feature) => {
+        for (const os of feature.osList) {
+          const policy = ensureOnlyEventCollectionIsAllowed(policyFactory());
+          policy.meta.serverless = true;
+          set(policy, `${os}.${feature.keyPath}`, feature.enableValue);
+          const isBillable = isBillablePolicy(policy);
+          expect(isBillable).toBe(true);
+        }
+      }
+    );
+  });
 });
 
 // This constant makes sure that if the type `PolicyConfig` is ever modified,
@@ -205,6 +236,7 @@ export const eventsOnlyPolicy = (): PolicyConfig => ({
     cluster_name: '',
     cluster_uuid: '',
     serverless: false,
+    billable: false,
   },
   windows: {
     events: {
diff --git a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts
index af37b73b808d2..3f046e6ec15de 100644
--- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts
@@ -22,7 +22,7 @@ const allOsValues = [
   PolicyOperatingSystem.windows,
 ];
 
-const getPolicyProtectionsReference = (): PolicyProtectionReference[] => [
+export const getPolicyProtectionsReference = (): PolicyProtectionReference[] => [
   {
     keyPath: 'malware.mode',
     osList: [...allOsValues],
@@ -143,6 +143,11 @@ const getDisabledWindowsSpecificProtections = (policy: PolicyConfig) => ({
     ...policy.windows.ransomware,
     mode: ProtectionModes.off,
   },
+  antivirus_registration: {
+    ...policy.windows.antivirus_registration,
+    mode: AntivirusRegistrationModes.disabled,
+    enabled: false,
+  },
   attack_surface_reduction: {
     ...policy.windows.attack_surface_reduction,
     credential_hardening: {
@@ -199,3 +204,9 @@ export const isPolicySetToEventCollectionOnly = (
     message,
   };
 };
+
+export function isBillablePolicy(policy: PolicyConfig) {
+  if (!policy.meta.serverless) return false;
+
+  return !isPolicySetToEventCollectionOnly(policy).isOnlyCollectingEvents;
+}
diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/resolver.ts b/x-pack/plugins/security_solution/common/endpoint/schema/resolver.ts
index 6de81d3e95a55..28e9e451f0c51 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/resolver.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/resolver.ts
@@ -30,9 +30,12 @@ export const validateTree = {
         to: schema.string(),
       })
     ),
+    agentId: schema.maybe(schema.string()),
     schema: schema.object({
       // the ancestry field is optional
       ancestry: schema.maybe(schema.string({ minLength: 1 })),
+      // the agentId field is introduced because agent.id will stop being included in entity_id
+      agentId: schema.maybe(schema.string()),
       id: schema.string({ minLength: 1 }),
       name: schema.maybe(schema.string({ minLength: 1 })),
       parent: schema.string({ minLength: 1 }),
@@ -68,6 +71,7 @@ export const validateEvents = {
     filter: schema.maybe(schema.string()),
     entityType: schema.maybe(schema.string()),
     eventID: schema.maybe(schema.string()),
+    agentId: schema.maybe(schema.string()),
   }),
 };
 
diff --git a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/constants.ts b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/constants.ts
index fdfa5ed02cb73..447ae1f98c653 100644
--- a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/constants.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/constants.ts
@@ -183,5 +183,5 @@ export const RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD: Readonly<
 > = Object.freeze({
   endpoint: 'agent.id',
   sentinel_one: 'observer.serial_number',
-  crowdstrike: 'crowdstrike.event.DeviceId',
+  crowdstrike: 'device.id',
 });
diff --git a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts
new file mode 100644
index 0000000000000..9bd73637d667a
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { merge } from 'lodash';
+import type { DeepPartial } from 'utility-types';
+import type { AgentStatusRecords, AgentStatusApiResponse, AgentStatusInfo } from '../../../types';
+import { HostStatus } from '../../../types';
+
+const generateAgentStatusMock = (overrides: DeepPartial<AgentStatusInfo> = {}): AgentStatusInfo => {
+  return merge(
+    {
+      agentId: 'abfe4a35-d5b4-42a0-a539-bd054c791769',
+      agentType: 'endpoint',
+      found: true,
+      isolated: false,
+      lastSeen: new Date().toISOString(),
+      pendingActions: {},
+      status: HostStatus.HEALTHY,
+    },
+    overrides
+  ) as AgentStatusInfo;
+};
+
+const generateAgentStatusRecordsMock = (
+  overrides: DeepPartial<AgentStatusRecords> = {}
+): AgentStatusRecords => {
+  return merge(
+    { 'abfe4a35-d5b4-42a0-a539-bd054c791769': generateAgentStatusMock() },
+    overrides
+  ) as AgentStatusRecords;
+};
+
+const generateAgentStatusApiResponseMock = (
+  overrides: DeepPartial<AgentStatusApiResponse> = {}
+): AgentStatusApiResponse => {
+  return merge({ data: generateAgentStatusRecordsMock() }, overrides);
+};
+
+export const agentStatusMocks = Object.freeze({
+  generateAgentStatus: generateAgentStatusMock,
+  generateAgentStatusRecords: generateAgentStatusRecordsMock,
+  generateAgentStatusApiResponse: generateAgentStatusApiResponseMock,
+});
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/actions.ts b/x-pack/plugins/security_solution/common/endpoint/types/actions.ts
index 8727dff1b2f50..28be6f8d3d139 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/actions.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/actions.ts
@@ -201,7 +201,7 @@ export interface ResponseActionsExecuteParameters {
   timeout?: number;
 }
 
-export interface ResponseActionsScanParameters {
+export interface ResponseActionScanParameters {
   path: string;
 }
 
@@ -211,7 +211,7 @@ export type EndpointActionDataParameterTypes =
   | ResponseActionsExecuteParameters
   | ResponseActionGetFileParameters
   | ResponseActionUploadParameters
-  | ResponseActionsScanParameters;
+  | ResponseActionScanParameters;
 
 /** Output content of the different response actions */
 export type EndpointActionResponseDataOutput =
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/agents.ts b/x-pack/plugins/security_solution/common/endpoint/types/agents.ts
index 646bb944fce19..67e267f2f3d55 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/agents.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/agents.ts
@@ -11,22 +11,20 @@ import type {
   ResponseActionsApiCommandNames,
 } from '../service/response_actions/constants';
 
+export interface AgentStatusInfo {
+  agentId: string;
+  agentType: ResponseActionAgentType;
+  found: boolean;
+  isolated: boolean;
+  lastSeen: string; // ISO date
+  pendingActions: Record<ResponseActionsApiCommandNames | string, number>;
+  status: HostStatus;
+}
+
 export interface AgentStatusRecords {
-  [agentId: string]: {
-    agentId: string;
-    agentType: ResponseActionAgentType;
-    found: boolean;
-    isolated: boolean;
-    lastSeen: string; // ISO date
-    pendingActions: Record<ResponseActionsApiCommandNames | string, number>;
-    status: HostStatus;
-  };
+  [agentId: string]: AgentStatusInfo;
 }
 
-// TODO: 8.15 remove when `agentStatusClientEnabled` is enabled/removed
-export interface AgentStatusInfo {
-  [agentId: string]: AgentStatusRecords[string] & {
-    isPendingUninstall: boolean;
-    isUninstalled: boolean;
-  };
+export interface AgentStatusApiResponse {
+  data: AgentStatusRecords;
 }
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
index 7b33c5a3606a5..9e02fe0f69cef 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -149,6 +149,7 @@ export interface ResolverNode {
   parent?: string | number;
   name?: string;
   stats: EventStats;
+  agentId?: string;
 }
 
 /**
@@ -864,6 +865,11 @@ export interface ResolverSchema {
    * parent represents the field that is the edge between two nodes.
    */
   parent: string;
+
+  /**
+   * agent id is required for endpoint because entity_id might not include agent.id soon
+   */
+  agentId?: string;
 }
 
 /**
@@ -883,6 +889,11 @@ export type ResolverEntityIndex = Array<{
    * Unique ID value for the requested document using the `_id` field passed to the /entity route
    */
   id: string;
+
+  /**
+   * Agent id is required for endpoint because entity_id might not include agent.id soon
+   */
+  agentId?: string;
 }>;
 
 /**
@@ -949,6 +960,7 @@ export interface PolicyConfig {
     cluster_uuid: string;
     cluster_name: string;
     serverless: boolean;
+    billable?: boolean;
     heartbeatinterval?: number;
   };
   global_manifest_version: 'latest' | string;
diff --git a/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts b/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts
index 808a68871e96d..ff31aa502fd25 100644
--- a/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts
+++ b/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts
@@ -5,14 +5,6 @@
  * 2.0.
  */
 
-/**
- * Public Risk Score routes
- */
-export const RISK_ENGINE_PUBLIC_PREFIX = '/api/risk_scores' as const;
-export const RISK_SCORE_CALCULATION_URL = `${RISK_ENGINE_PUBLIC_PREFIX}/calculation` as const;
-export const RISK_SCORE_ENTITY_CALCULATION_URL =
-  `${RISK_ENGINE_PUBLIC_PREFIX}/calculation/entity` as const;
-
 /**
  * Internal Risk Score routes
  */
@@ -36,3 +28,5 @@ export const RISK_SCORE_CREATE_STORED_SCRIPT =
 export const RISK_SCORE_DELETE_STORED_SCRIPT =
   `${INTERNAL_RISK_SCORE_URL}/stored_scripts/delete` as const;
 export const RISK_SCORE_PREVIEW_URL = `${INTERNAL_RISK_SCORE_URL}/preview` as const;
+export const RISK_SCORE_ENTITY_CALCULATION_URL =
+  `${INTERNAL_RISK_SCORE_URL}/calculation/entity` as const;
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
index 761ec8d26035f..53c5bdd8a657e 100644
--- a/x-pack/plugins/security_solution/common/experimental_features.ts
+++ b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -79,20 +79,13 @@ export const allowedExperimentalValues = Object.freeze({
   responseActionsSentinelOneV2Enabled: true,
 
   /** Enables the `get-file` response action for SentinelOne */
-  responseActionsSentinelOneGetFileEnabled: false,
-
-  /**
-   * 8.15
-   * Enables use of agent status service to get agent status information
-   * for endpoint and third-party agents.
-   */
-  agentStatusClientEnabled: false,
+  responseActionsSentinelOneGetFileEnabled: true,
 
   /**
    * Enables the ability to send Response actions to Crowdstrike and persist the results
    * in ES.
    */
-  responseActionsCrowdstrikeManualHostIsolationEnabled: false,
+  responseActionsCrowdstrikeManualHostIsolationEnabled: true,
 
   /**
    * Enables scan response action on Endpoint
@@ -117,7 +110,12 @@ export const allowedExperimentalValues = Object.freeze({
   /**
    * Enables new notes
    */
-  notesEnabled: false,
+  securitySolutionNotesEnabled: false,
+
+  /**
+   * Enables entity and alert previews
+   */
+  entityAlertPreviewEnabled: false,
 
   /**
    * Enables the Assistant Model Evaluation advanced setting and API endpoint, introduced in `8.11.0`.
@@ -187,25 +185,13 @@ export const allowedExperimentalValues = Object.freeze({
   /**
    * Enables experimental Crowdstrike integration data to be available in Analyzer
    */
-  crowdstrikeDataInAnalyzerEnabled: false,
+  crowdstrikeDataInAnalyzerEnabled: true,
 
   /**
    * Enables experimental JAMF integration data to be available in Analyzer
    */
   jamfDataInAnalyzerEnabled: false,
 
-  /**
-   * Enables experimental "Updates" tab in the prebuilt rule upgrade flyout.
-   * This tab shows the JSON diff between the installed prebuilt rule
-   * version and the latest available version.
-   *
-   * Ticket: https://github.com/elastic/kibana/issues/169160
-   * Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management
-   * Added: on Dec 06, 2023 in https://github.com/elastic/kibana/pull/172535
-   * Turned: on Dec 20, 2023 in https://github.com/elastic/kibana/pull/173368
-   * Expires: on Feb 20, 2024
-   */
-  jsonPrebuiltRulesDiffingEnabled: true,
   /*
    * Disables discover esql tab within timeline
    *
@@ -223,15 +209,15 @@ export const allowedExperimentalValues = Object.freeze({
   analyzerDatePickersAndSourcererDisabled: false,
 
   /**
-   * Enables per-field rule diffs tab in the prebuilt rule upgrade flyout
+   * Enables an ability to customize Elastic prebuilt rules.
    *
-   * Ticket: https://github.com/elastic/kibana/issues/166489
+   * Ticket: https://github.com/elastic/kibana/issues/174168
    * Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management
-   * Added: on Feb 12, 2024 in https://github.com/elastic/kibana/pull/174564
-   * Turned: on Feb 23, 2024 in https://github.com/elastic/kibana/pull/177495
-   * Expires: on Apr 23, 2024
+   * Added: on Jun 24, 2024 in https://github.com/elastic/kibana/pull/186823
+   * Turned: TBD
+   * Expires: TBD
    */
-  perFieldPrebuiltRulesDiffingEnabled: true,
+  prebuiltRulesCustomizationEnabled: false,
 
   /**
    * Makes Elastic Defend integration's Malware On-Write Scan option available to edit.
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
index b434ee20cfb03..15dda8058221d 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
@@ -37,6 +37,7 @@ export interface HostItem {
   host?: Maybe<HostEcs>;
   lastSeen?: Maybe<string[]>;
   risk?: string;
+  criticality?: string;
 }
 
 export interface HostValue {
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts
index 19406bbca35d9..1d8feedf95e74 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts
@@ -14,6 +14,7 @@ export interface User {
   lastSeen: string;
   domain: string;
   risk?: RiskSeverity;
+  criticality?: string;
 }
 
 export interface UsersStrategyResponse extends IEsSearchResponse {
diff --git a/x-pack/plugins/security_solution/common/types/header_actions/index.ts b/x-pack/plugins/security_solution/common/types/header_actions/index.ts
index c2eb92c6bee17..2bb0c4ff5f33a 100644
--- a/x-pack/plugins/security_solution/common/types/header_actions/index.ts
+++ b/x-pack/plugins/security_solution/common/types/header_actions/index.ts
@@ -86,6 +86,7 @@ export interface ActionProps {
   columnId: string;
   columnValues: string;
   data: TimelineNonEcsData[];
+  disableExpandAction?: boolean;
   disabled?: boolean;
   ecsData: Ecs;
   eventId: string;
diff --git a/x-pack/plugins/security_solution/common/types/index.ts b/x-pack/plugins/security_solution/common/types/index.ts
index 877c7c4f0247f..42a3c10fc48e4 100644
--- a/x-pack/plugins/security_solution/common/types/index.ts
+++ b/x-pack/plugins/security_solution/common/types/index.ts
@@ -12,7 +12,6 @@ export * from './detail_panel';
 export * from './header_actions';
 export * from './session_view';
 export * from './bulk_actions';
-export * from './third_party_agent';
 
 export const FILTER_OPEN: Status = 'open';
 export const FILTER_CLOSED: Status = 'closed';
diff --git a/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts b/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts
deleted file mode 100644
index a7f3315be04e5..0000000000000
--- a/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { ResponseActionAgentType } from '../../endpoint/service/response_actions/constants';
-
-export interface ThirdPartyAgentInfo {
-  agent: {
-    id: string;
-    type: ResponseActionAgentType;
-  };
-  host: {
-    name: string;
-    os: {
-      name: string;
-      family: string;
-      version: string;
-    };
-  };
-  lastCheckin: string;
-}
diff --git a/x-pack/plugins/security_solution/common/types/timeline/note/saved_object.ts b/x-pack/plugins/security_solution/common/types/timeline/note/saved_object.ts
index 1fad511424eda..1de998559e76f 100644
--- a/x-pack/plugins/security_solution/common/types/timeline/note/saved_object.ts
+++ b/x-pack/plugins/security_solution/common/types/timeline/note/saved_object.ts
@@ -14,19 +14,15 @@ import { unionWithNullType } from '../../../utility_types';
 /*
  *  Note Types
  */
-const SavedNoteRuntimeType = runtimeTypes.intersection([
-  runtimeTypes.type({
-    timelineId: runtimeTypes.string,
-  }),
-  runtimeTypes.partial({
-    eventId: unionWithNullType(runtimeTypes.string),
-    note: unionWithNullType(runtimeTypes.string),
-    created: unionWithNullType(runtimeTypes.number),
-    createdBy: unionWithNullType(runtimeTypes.string),
-    updated: unionWithNullType(runtimeTypes.number),
-    updatedBy: unionWithNullType(runtimeTypes.string),
-  }),
-]);
+const SavedNoteRuntimeType = runtimeTypes.partial({
+  timelineId: unionWithNullType(runtimeTypes.string),
+  eventId: unionWithNullType(runtimeTypes.string),
+  note: unionWithNullType(runtimeTypes.string),
+  created: unionWithNullType(runtimeTypes.number),
+  createdBy: unionWithNullType(runtimeTypes.string),
+  updated: unionWithNullType(runtimeTypes.number),
+  updatedBy: unionWithNullType(runtimeTypes.string),
+});
 
 /**
  * Note Saved object type with metadata
diff --git a/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx b/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx
index b6492ef97cae7..5a1b8423572fc 100644
--- a/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx
+++ b/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx
@@ -12,6 +12,7 @@ import { IS_DRAGGING_CLASS_NAME } from '@kbn/securitysolution-t-grid';
 import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import type { KibanaPageTemplateProps } from '@kbn/shared-ux-page-kibana-template';
 import { ExpandableFlyoutProvider } from '@kbn/expandable-flyout';
+import { DataViewPickerProvider } from '../../../sourcerer/experimental/containers/dataview_picker_provider';
 import { AttackDiscoveryTour } from '../../../attack_discovery/tour';
 import { URL_PARAM_KEY } from '../../../common/hooks/use_url_state';
 import { SecuritySolutionFlyout, TimelineFlyout } from '../../../flyout';
@@ -103,10 +104,12 @@ export const SecuritySolutionTemplateWrapper: React.FC<SecuritySolutionTemplateW
               component="div"
               grow={true}
             >
-              <ExpandableFlyoutProvider urlKey={isPreview ? undefined : URL_PARAM_KEY.flyout}>
-                {children}
-                <SecuritySolutionFlyout />
-              </ExpandableFlyoutProvider>
+              <DataViewPickerProvider>
+                <ExpandableFlyoutProvider urlKey={isPreview ? undefined : URL_PARAM_KEY.flyout}>
+                  {children}
+                  <SecuritySolutionFlyout />
+                </ExpandableFlyoutProvider>
+              </DataViewPickerProvider>
 
               {didMount && <AttackDiscoveryTour />}
             </KibanaPageTemplate.Section>
diff --git a/x-pack/plugins/security_solution/public/assistant/provider.tsx b/x-pack/plugins/security_solution/public/assistant/provider.tsx
index 8516ec455aac0..2b5daf73fbf4b 100644
--- a/x-pack/plugins/security_solution/public/assistant/provider.tsx
+++ b/x-pack/plugins/security_solution/public/assistant/provider.tsx
@@ -117,6 +117,7 @@ export const createConversations = async (
  */
 export const AssistantProvider: FC<PropsWithChildren<unknown>> = ({ children }) => {
   const {
+    application: { navigateToApp },
     http,
     notifications,
     storage,
@@ -170,6 +171,7 @@ export const AssistantProvider: FC<PropsWithChildren<unknown>> = ({ children })
       baseConversations={baseConversations}
       getComments={getComments}
       http={http}
+      navigateToApp={navigateToApp}
       title={ASSISTANT_TITLE}
       toasts={toasts}
     >
diff --git a/x-pack/plugins/security_solution/public/assistant/stack_management/management_settings.tsx b/x-pack/plugins/security_solution/public/assistant/stack_management/management_settings.tsx
index 7282e5e85e437..525315ca36eb2 100644
--- a/x-pack/plugins/security_solution/public/assistant/stack_management/management_settings.tsx
+++ b/x-pack/plugins/security_solution/public/assistant/stack_management/management_settings.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { useCallback, useMemo, useState } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import { AssistantSettingsManagement } from '@kbn/elastic-assistant/impl/assistant/settings/assistant_settings_management';
 import type { Conversation } from '@kbn/elastic-assistant';
 import {
@@ -18,6 +18,8 @@ import { useConversation } from '@kbn/elastic-assistant/impl/assistant/use_conve
 import type { FetchConversationsResponse } from '@kbn/elastic-assistant/impl/assistant/api';
 import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experimental_features';
 
+const defaultSelectedConversationId = WELCOME_CONVERSATION_TITLE;
+
 export const ManagementSettings = React.memo(() => {
   const isFlyoutMode = useIsExperimentalFeatureEnabled('aiAssistantFlyoutMode');
 
@@ -32,32 +34,33 @@ export const ManagementSettings = React.memo(() => {
       mergeBaseWithPersistedConversations(baseConversations, conversationsData),
     [baseConversations]
   );
-  const { data: conversations } = useFetchCurrentUserConversations({
+  const {
+    data: conversations,
+    isFetched: conversationsLoaded,
+    refetch: refetchConversations,
+  } = useFetchCurrentUserConversations({
     http,
     onFetch: onFetchedConversations,
     isAssistantEnabled,
   });
 
-  const [selectedConversationId, setSelectedConversationId] = useState<string>(
-    WELCOME_CONVERSATION_TITLE
-  );
-
   const { getDefaultConversation } = useConversation();
 
   const currentConversation = useMemo(
     () =>
-      conversations?.[selectedConversationId] ??
+      conversations?.[defaultSelectedConversationId] ??
       getDefaultConversation({ cTitle: WELCOME_CONVERSATION_TITLE, isFlyoutMode }),
-    [conversations, getDefaultConversation, selectedConversationId, isFlyoutMode]
+    [conversations, getDefaultConversation, isFlyoutMode]
   );
 
   if (conversations) {
     return (
       <AssistantSettingsManagement
-        selectedConversation={currentConversation}
-        setSelectedConversationId={setSelectedConversationId}
         conversations={conversations}
+        conversationsLoaded={conversationsLoaded}
         isFlyoutMode={isFlyoutMode}
+        refetchConversations={refetchConversations}
+        selectedConversation={currentConversation}
       />
     );
   }
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx
new file mode 100644
index 0000000000000..4dcd772d783bd
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render } from '@testing-library/react';
+import React from 'react';
+
+import { AxisTick } from '.';
+
+describe('AxisTick', () => {
+  it('renders the top cell', async () => {
+    const { getByTestId } = render(<AxisTick />);
+
+    const topCell = getByTestId('topCell');
+
+    expect(topCell).toBeInTheDocument();
+  });
+
+  it('renders the bottom cell', async () => {
+    const { getByTestId } = render(<AxisTick />);
+
+    const bottomCell = getByTestId('bottomCell');
+
+    expect(bottomCell).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx
new file mode 100644
index 0000000000000..195a5fe49dd19
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { getTacticMetadata } from '../../helpers';
+import { AttackChain } from '.';
+
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+
+describe('AttackChain', () => {
+  it('renders the expected tactics', () => {
+    // get detected tactics from the attack discovery:
+    const tacticMetadata = getTacticMetadata(mockAttackDiscovery).filter(
+      (tactic) => tactic.detected
+    );
+    expect(tacticMetadata.length).toBeGreaterThan(0); // test pre-condition
+
+    render(<AttackChain attackDiscovery={mockAttackDiscovery} />);
+
+    tacticMetadata?.forEach((tactic) => {
+      expect(screen.getByText(tactic.name)).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx
index 18df24e442072..8f2d2dede419e 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx
@@ -9,9 +9,9 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import { css } from '@emotion/react';
 import React, { useMemo } from 'react';
 
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
 import { Tactic } from './tactic';
 import { getTacticMetadata } from '../../helpers';
-import type { AttackDiscovery } from '../../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx
new file mode 100644
index 0000000000000..9c4166a43d620
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Tactic } from '.';
+
+describe('Tactic', () => {
+  const tactic = 'Privilege Escalation';
+
+  it('renders the tactic name', () => {
+    render(<Tactic detected={false} tactic={tactic} />);
+
+    const tacticText = screen.getByTestId('tacticText');
+
+    expect(tacticText).toHaveTextContent(tactic);
+  });
+
+  const detectedTestCases: boolean[] = [true, false];
+
+  detectedTestCases.forEach((detected) => {
+    it(`renders the inner circle when detected is ${detected}`, () => {
+      render(<Tactic detected={detected} tactic={tactic} />);
+
+      const innerCircle = screen.getByTestId('innerCircle');
+
+      expect(innerCircle).toBeInTheDocument();
+    });
+
+    it(`renders the outerCircle circle when detected is ${detected}`, () => {
+      render(<Tactic detected={detected} tactic={tactic} />);
+
+      const outerCircle = screen.getByTestId('outerCircle');
+
+      expect(outerCircle).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx
new file mode 100644
index 0000000000000..c9923754d25da
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import type { TacticMetadata } from '../../helpers';
+import { getTacticMetadata } from '../../helpers';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { MiniAttackChain } from '.';
+
+describe('MiniAttackChain', () => {
+  it('displays the expected number of circles', () => {
+    // get detected tactics from the attack discovery:
+    const tacticMetadata: TacticMetadata[] = getTacticMetadata(mockAttackDiscovery);
+    expect(tacticMetadata.length).toBeGreaterThan(0); // test pre-condition
+
+    render(<MiniAttackChain attackDiscovery={mockAttackDiscovery} />);
+
+    const circles = screen.getAllByTestId('circle');
+
+    expect(circles.length).toEqual(tacticMetadata.length);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx
index 0764ca7fae644..ab41885563954 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx
@@ -9,9 +9,9 @@ import { css } from '@emotion/react';
 import { EuiFlexGroup, EuiFlexItem, EuiText, EuiToolTip, useEuiTheme } from '@elastic/eui';
 import React, { useMemo } from 'react';
 
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
 import { getTacticMetadata } from '../../helpers';
 import { ATTACK_CHAIN_TOOLTIP } from './translations';
-import type { AttackDiscovery } from '../../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts
new file mode 100644
index 0000000000000..fd3ada8f6bdd9
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getIconFromFieldName } from './helpers';
+
+describe('helpers', () => {
+  describe('getIconFromFieldName', () => {
+    it('returns the expected icon for a known field name', () => {
+      const fieldName = 'host.name';
+      const expectedIcon = 'desktop';
+
+      const icon = getIconFromFieldName(fieldName);
+
+      expect(icon).toEqual(expectedIcon);
+    });
+
+    it('returns an empty string for an unknown field name', () => {
+      const fieldName = 'unknown.field';
+      const emptyIcon = '';
+
+      const icon = getIconFromFieldName(fieldName);
+
+      expect(icon).toEqual(emptyIcon);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx
new file mode 100644
index 0000000000000..5772272673b67
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx
@@ -0,0 +1,102 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiMarkdownFormat,
+  getDefaultEuiMarkdownParsingPlugins,
+  getDefaultEuiMarkdownProcessingPlugins,
+} from '@elastic/eui';
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../common/mock';
+import { getFieldMarkdownRenderer } from '../field_markdown_renderer';
+import { AttackDiscoveryMarkdownParser } from '.';
+
+describe('AttackDiscoveryMarkdownParser', () => {
+  it('parsees markdown with valid fields', () => {
+    const attackDiscoveryParsingPluginList = [
+      ...getDefaultEuiMarkdownParsingPlugins(),
+      AttackDiscoveryMarkdownParser,
+    ];
+
+    const markdownWithValidFields = `
+    The following attack chain was detected involving Microsoft Office documents on multiple hosts:
+
+- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name 2c13d131-8fab-41b9-841e-669c66315a23 }}.
+- This document launched a child process to write and execute a malicious script file named "AppPool.vbs".
+- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1".
+- On {{ host.name 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented.
+
+This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.
+    `;
+
+    const processingPluginList = getDefaultEuiMarkdownProcessingPlugins();
+    processingPluginList[1][1].components.fieldPlugin = getFieldMarkdownRenderer(false);
+
+    render(
+      <TestProviders>
+        <EuiMarkdownFormat
+          color="subdued"
+          data-test-subj="attackDiscoveryMarkdownFormatter"
+          parsingPluginList={attackDiscoveryParsingPluginList}
+          processingPluginList={processingPluginList}
+          textSize="xs"
+        >
+          {markdownWithValidFields}
+        </EuiMarkdownFormat>
+      </TestProviders>
+    );
+
+    const result = screen.getByTestId('attackDiscoveryMarkdownFormatter');
+
+    expect(result).toHaveTextContent(
+      'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by 2c13d131-8fab-41b9-841e-669c66315a23. This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On 5149b291-72d0-4373-93ec-c117477932fe, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.'
+    );
+  });
+
+  it('parsees markdown with invalid fields', () => {
+    const attackDiscoveryParsingPluginList = [
+      ...getDefaultEuiMarkdownParsingPlugins(),
+      AttackDiscoveryMarkdownParser,
+    ];
+
+    const markdownWithInvalidFields = `
+    The following attack chain was detected involving Microsoft Office documents on multiple hosts:
+
+- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name }}.
+- This document launched a child process to write and execute a malicious script file named "AppPool.vbs".
+- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1".
+- On {{ 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented.
+
+This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. {{ foo.bar baz }}
+    `;
+
+    const processingPluginList = getDefaultEuiMarkdownProcessingPlugins();
+    processingPluginList[1][1].components.fieldPlugin = getFieldMarkdownRenderer(false);
+
+    render(
+      <TestProviders>
+        <EuiMarkdownFormat
+          color="subdued"
+          data-test-subj="attackDiscoveryMarkdownFormatter"
+          parsingPluginList={attackDiscoveryParsingPluginList}
+          processingPluginList={processingPluginList}
+          textSize="xs"
+        >
+          {markdownWithInvalidFields}
+        </EuiMarkdownFormat>
+      </TestProviders>
+    );
+
+    const result = screen.getByTestId('attackDiscoveryMarkdownFormatter');
+
+    expect(result).toHaveTextContent(
+      'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by . This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On (Empty string), a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. baz'
+    );
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts
new file mode 100644
index 0000000000000..ea42a7ec1b045
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getHostFlyoutPanelProps, isHostName } from './get_host_flyout_panel_props';
+
+describe('getHostFlyoutPanelProps', () => {
+  describe('isHostName', () => {
+    it('returns true for "host.name"', () => {
+      const result = isHostName('host.name');
+
+      expect(result).toBe(true);
+    });
+
+    it('returns true for "host.hostname"', () => {
+      const result = isHostName('host.hostname');
+
+      expect(result).toBe(true);
+    });
+
+    it('returns false for other field names', () => {
+      const result = isHostName('some.other.field');
+
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('getHostFlyoutPanelProps', () => {
+    it('returns the correct FlyoutPanelProps', () => {
+      const contextId = 'contextId';
+      const hostName = 'foo';
+
+      const result = getHostFlyoutPanelProps({ contextId, hostName });
+
+      expect(result).toEqual({
+        id: 'host-panel',
+        params: { contextID: contextId, hostName, scopeId: 'alerts-page' },
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts
new file mode 100644
index 0000000000000..92cb21e1f5dee
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isUserName } from './get_user_flyout_panel_props';
+
+describe('getUserFlyoutPanelProps', () => {
+  describe('isUserName', () => {
+    it('returns true when fieldName is "user.name"', () => {
+      const fieldName = 'user.name';
+      const result = isUserName(fieldName);
+
+      expect(result).toBe(true);
+    });
+
+    it('returns false when fieldName is NOT "user.name"', () => {
+      const fieldName = 'other.field';
+      const result = isUserName(fieldName);
+
+      expect(result).toBe(false);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts
new file mode 100644
index 0000000000000..e6e001d290afe
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getFlyoutPanelProps } from './helpers';
+
+describe('helpers', () => {
+  describe('getFlyoutPanelProps', () => {
+    it('returns FlyoutPanelProps for a valid host name', () => {
+      const contextId = 'contextId';
+      const fieldName = 'host.name';
+      const value = 'example.com';
+
+      const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value });
+
+      expect(flyoutPanelProps).toEqual({
+        id: 'host-panel',
+        params: { contextID: contextId, hostName: value, scopeId: 'alerts-page' },
+      });
+    });
+
+    it('returns FlyoutPanelProps for a valid user name', () => {
+      const contextId = 'contextId';
+      const fieldName = 'user.name';
+      const value = 'administator';
+
+      const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value });
+
+      expect(flyoutPanelProps).toEqual({
+        id: 'user-panel',
+        params: { contextID: contextId, userName: value, scopeId: 'alerts-page' },
+      });
+    });
+
+    it('returns null for an unknown field name', () => {
+      const contextId = 'contextId';
+      const fieldName = 'unknown.field';
+      const value = 'example';
+
+      const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value });
+
+      expect(flyoutPanelProps).toBeNull();
+    });
+
+    it('returns null when value is not a string', () => {
+      const contextId = 'contextId';
+      const fieldName = 'host.name';
+      const value = 123;
+
+      const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value });
+
+      expect(flyoutPanelProps).toBeNull();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx
new file mode 100644
index 0000000000000..8f647d02a626f
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx
@@ -0,0 +1,110 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../common/mock';
+import { getFieldMarkdownRenderer } from '.';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+}));
+
+describe('getFieldMarkdownRenderer', () => {
+  const mockOpenRightPanel = jest.fn();
+  const mockUseExpandableFlyoutApi = useExpandableFlyoutApi as jest.MockedFunction<
+    typeof useExpandableFlyoutApi
+  >;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    mockUseExpandableFlyoutApi.mockReturnValue({
+      closeFlyout: jest.fn(),
+      closeLeftPanel: jest.fn(),
+      closePreviewPanel: jest.fn(),
+      closeRightPanel: jest.fn(),
+      previousPreviewPanel: jest.fn(),
+      openFlyout: jest.fn(),
+      openLeftPanel: jest.fn(),
+      openPreviewPanel: jest.fn(),
+      openRightPanel: mockOpenRightPanel,
+    });
+  });
+
+  it('renders the field value', () => {
+    const FieldMarkdownRenderer = getFieldMarkdownRenderer(false);
+    const icon = '';
+    const name = 'some.field';
+    const value = 'some.value';
+
+    render(
+      <TestProviders>
+        <FieldMarkdownRenderer icon={icon} name={name} operator={':'} value={value} />
+      </TestProviders>
+    );
+
+    const fieldValue = screen.getByText(value);
+
+    expect(fieldValue).toBeInTheDocument();
+  });
+
+  it('opens the right panel when the entity button is clicked', () => {
+    const FieldMarkdownRenderer = getFieldMarkdownRenderer(false);
+    const icon = 'user';
+    const name = 'user.name';
+    const value = 'some.user';
+
+    render(
+      <TestProviders>
+        <FieldMarkdownRenderer icon={icon} name={name} operator={':'} value={value} />
+      </TestProviders>
+    );
+
+    const entityButton = screen.getByTestId('entityButton');
+
+    fireEvent.click(entityButton);
+
+    expect(mockOpenRightPanel).toHaveBeenCalledTimes(1);
+  });
+
+  it('does NOT render the entity button when flyoutPanelProps is null', () => {
+    const FieldMarkdownRenderer = getFieldMarkdownRenderer(false);
+    const icon = '';
+    const name = 'some.field';
+    const value = 'some.value';
+
+    render(
+      <TestProviders>
+        <FieldMarkdownRenderer icon={icon} name={name} operator={':'} value={value} />
+      </TestProviders>
+    );
+
+    const entityButton = screen.queryByTestId('entityButton');
+
+    expect(entityButton).not.toBeInTheDocument();
+  });
+
+  it('renders disabled actions badge when disableActions is true', () => {
+    const FieldMarkdownRenderer = getFieldMarkdownRenderer(true); // disable actions
+    const icon = 'user';
+    const name = 'user.name';
+    const value = 'some.user';
+
+    render(
+      <TestProviders>
+        <FieldMarkdownRenderer icon={icon} name={name} operator={':'} value={value} />
+      </TestProviders>
+    );
+
+    const disabledActionsBadge = screen.getByTestId('disabledActionsBadge');
+
+    expect(disabledActionsBadge).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx
new file mode 100644
index 0000000000000..5013ce646fe28
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../common/mock';
+import { AttackDiscoveryMarkdownFormatter } from '.';
+
+describe('AttackDiscoveryMarkdownFormatter', () => {
+  const markdown = `
+  The following attack chain was detected involving Microsoft Office documents on multiple hosts:
+
+- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name 2c13d131-8fab-41b9-841e-669c66315a23 }}.
+- This document launched a child process to write and execute a malicious script file named "AppPool.vbs".
+- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1".
+- On {{ host.name 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented.
+
+This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.
+  `;
+
+  it('renders the expected markdown', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryMarkdownFormatter markdown={markdown} />
+      </TestProviders>
+    );
+
+    const result = screen.getByTestId('attackDiscoveryMarkdownFormatter');
+
+    expect(result).toHaveTextContent(
+      'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by 2c13d131-8fab-41b9-841e-669c66315a23. This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On 5149b291-72d0-4373-93ec-c117477932fe, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.'
+    );
+  });
+
+  it('renders interactive host entities', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryMarkdownFormatter markdown={markdown} />
+      </TestProviders>
+    );
+
+    const entities = screen.getAllByTestId('entityButton');
+
+    expect(entities.length).toEqual(3);
+  });
+
+  it('renders NON-interactive host entities when disableActions is true', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryMarkdownFormatter disableActions={true} markdown={markdown} />
+      </TestProviders>
+    );
+
+    const entities = screen.queryAllByTestId('entityButton');
+
+    expect(entities.length).toEqual(0); // <-- no interactive buttons
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx
new file mode 100644
index 0000000000000..55d636bf35270
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { ActionableSummary } from '.';
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+
+describe('ActionableSummary', () => {
+  const mockReplacements = {
+    '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+    '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username',
+  };
+
+  describe('when entities with replacements are provided', () => {
+    beforeEach(() => {
+      render(
+        <TestProviders>
+          <ActionableSummary
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('renders a hostname with the expected value from replacements', () => {
+      expect(screen.getAllByTestId('entityButton')[0]).toHaveTextContent('foo.hostname');
+    });
+
+    it('renders a username with the expected value from replacements', () => {
+      expect(screen.getAllByTestId('entityButton')[1]).toHaveTextContent('bar.username');
+    });
+  });
+
+  describe('when entities that do NOT have replacements are provided', () => {
+    beforeEach(() => {
+      render(
+        <TestProviders>
+          <ActionableSummary
+            attackDiscovery={mockAttackDiscovery}
+            replacements={{}} // <-- no replacements for the entities
+          />
+        </TestProviders>
+      );
+    });
+
+    it('renders a hostname with with the original hostname value', () => {
+      expect(screen.getAllByTestId('entityButton')[0]).toHaveTextContent(
+        '5e454c38-439c-4096-8478-0a55511c76e3'
+      );
+    });
+
+    it('renders a username with the original username value', () => {
+      expect(screen.getAllByTestId('entityButton')[1]).toHaveTextContent(
+        '3bdc7952-a334-4d95-8092-cd176546e18a'
+      );
+    });
+  });
+
+  describe('when showAnonymized is true', () => {
+    beforeEach(() => {
+      render(
+        <TestProviders>
+          <ActionableSummary
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+            showAnonymized={true} // <-- show anonymized entities
+          />
+        </TestProviders>
+      );
+    });
+
+    it('renders a disabled badge with the original hostname value', () => {
+      expect(screen.getAllByTestId('disabledActionsBadge')[0]).toHaveTextContent(
+        '5e454c38-439c-4096-8478-0a55511c76e3'
+      );
+    });
+
+    it('renders a disabled badge with the original username value', () => {
+      expect(screen.getAllByTestId('disabledActionsBadge')[1]).toHaveTextContent(
+        '3bdc7952-a334-4d95-8092-cd176546e18a'
+      );
+    });
+  });
+
+  describe('View in AI assistant', () => {
+    beforeEach(() => {
+      render(
+        <TestProviders>
+          <ActionableSummary
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('renders the View in AI assistant button', () => {
+      expect(screen.getByTestId('viewInAiAssistantCompact')).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx
index 7f1dbe7be3b2e..885ab18c879a7 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx
@@ -6,11 +6,10 @@
  */
 
 import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import React, { useMemo } from 'react';
 
 import { AttackDiscoveryMarkdownFormatter } from '../../attack_discovery_markdown_formatter';
-import type { AttackDiscovery } from '../../types';
 import { ViewInAiAssistant } from '../view_in_ai_assistant';
 
 interface Props {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx
new file mode 100644
index 0000000000000..ac2494f050d88
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { ActionsPlaceholder } from '.';
+
+describe('ActionsPlaceholder', () => {
+  beforeEach(() => render(<ActionsPlaceholder />));
+
+  const expectedSkeletonTitles = ['skeletonTitle1', 'skeletonTitle2', 'skeletonTitle3'];
+
+  expectedSkeletonTitles.forEach((expectedSkeletonTitle) => {
+    it(`renders the ${expectedSkeletonTitle} skeleton title`, () => {
+      expect(screen.getByTestId(expectedSkeletonTitle)).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx
new file mode 100644
index 0000000000000..bc45d195aacfa
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { render } from '@testing-library/react';
+import React from 'react';
+
+import { AlertsBadge } from '.';
+
+describe('AlertsBadge', () => {
+  it('render the expected alerts count', () => {
+    const alertsCount = 5;
+
+    const { getByTestId } = render(<AlertsBadge alertsCount={alertsCount} />);
+    const badgeElement = getByTestId('alertsBadge');
+
+    expect(badgeElement.textContent).toBe(`${alertsCount}`);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx
new file mode 100644
index 0000000000000..30096f33dde90
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Actions } from '.';
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { ATTACK_CHAIN, ALERTS } from './translations';
+
+describe('Actions', () => {
+  beforeEach(() =>
+    render(
+      <TestProviders>
+        <Actions attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    )
+  );
+
+  it('renders the attack chain label', () => {
+    expect(screen.getByTestId('attackChainLabel')).toHaveTextContent(ATTACK_CHAIN);
+  });
+
+  it('renders the mini attack chain component', () => {
+    expect(screen.getByTestId('miniAttackChain')).toBeInTheDocument();
+  });
+
+  it('renders the alerts label', () => {
+    expect(screen.getByTestId('alertsLabel')).toHaveTextContent(ALERTS);
+  });
+
+  it('renders the alerts badge with the expected count', () => {
+    expect(screen.getByTestId('alertsBadge')).toHaveTextContent(
+      `${mockAttackDiscovery.alertIds.length}`
+    );
+  });
+
+  it('renders the take action dropdown', () => {
+    expect(screen.getByTestId('takeAction')).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx
index 3aeba84bee02f..9dc81821917f7 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx
@@ -7,14 +7,13 @@
 
 import { EuiFlexGroup, EuiFlexItem, EuiText, useEuiTheme } from '@elastic/eui';
 import { css } from '@emotion/react';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import React from 'react';
 
 import { AlertsBadge } from './alerts_badge';
 import { MiniAttackChain } from '../../attack/mini_attack_chain';
 import { TakeAction } from './take_action';
 import * as i18n from './translations';
-import type { AttackDiscovery } from '../../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts
new file mode 100644
index 0000000000000..9d58a1487d0ca
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getOriginalAlertIds } from './helpers';
+
+describe('helpers', () => {
+  describe('getOriginalAlertIds', () => {
+    const alertIds = ['alert1', 'alert2', 'alert3'];
+
+    it('returns the original alertIds when no replacements are provided', () => {
+      const result = getOriginalAlertIds({ alertIds });
+
+      expect(result).toEqual(alertIds);
+    });
+
+    it('returns the replaced alertIds when replacements are provided', () => {
+      const replacements = {
+        alert1: 'replaced1',
+        alert3: 'replaced3',
+      };
+      const expected = ['replaced1', 'alert2', 'replaced3'];
+
+      const result = getOriginalAlertIds({ alertIds, replacements });
+
+      expect(result).toEqual(expected);
+    });
+
+    it('returns the original alertIds when replacements are provided but no replacement is found', () => {
+      const replacements = {
+        alert4: 'replaced4',
+        alert5: 'replaced5',
+      };
+
+      const result = getOriginalAlertIds({ alertIds, replacements });
+
+      expect(result).toEqual(alertIds);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx
new file mode 100644
index 0000000000000..2772aa6e0c7a2
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../../common/mock';
+import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery';
+import { TakeAction } from '.';
+
+describe('TakeAction', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    render(
+      <TestProviders>
+        <TakeAction attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const takeActionButtons = screen.getAllByTestId('takeActionPopoverButton');
+
+    fireEvent.click(takeActionButtons[0]); // open the popover
+  });
+
+  it('renders the Add to new case action', () => {
+    const addToCase = screen.getByTestId('addToCase');
+
+    expect(addToCase).toBeInTheDocument();
+  });
+
+  it('renders the Add to existing case action', () => {
+    const addToCase = screen.getByTestId('addToExistingCase');
+
+    expect(addToCase).toBeInTheDocument();
+  });
+
+  it('renders the View in AI Assistant action', () => {
+    const addToCase = screen.getByTestId('viewInAiAssistant');
+
+    expect(addToCase).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx
index 5e019f6af6653..d94a177d52fdc 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import {
   EuiButtonEmpty,
   EuiContextMenuItem,
@@ -19,7 +19,6 @@ import { useKibana } from '../../../../common/lib/kibana';
 import { APP_ID } from '../../../../../common';
 import { getAttackDiscoveryMarkdown } from '../../../get_attack_discovery_markdown/get_attack_discovery_markdown';
 import * as i18n from './translations';
-import type { AttackDiscovery } from '../../../types';
 import { useAddToNewCase } from '../use_add_to_case';
 import { useAddToExistingCase } from '../use_add_to_existing_case';
 import { useViewInAiAssistant } from '../../view_in_ai_assistant/use_view_in_ai_assistant';
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx
new file mode 100644
index 0000000000000..d1c2e84049e9a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { act, renderHook } from '@testing-library/react-hooks';
+
+import { useAddToNewCase } from '.';
+import { TestProviders } from '../../../../common/mock';
+
+jest.mock('../../../../common/lib/kibana', () => ({
+  useKibana: jest.fn().mockReturnValue({
+    services: {
+      cases: {
+        hooks: {
+          useCasesAddToNewCaseFlyout: jest.fn().mockReturnValue({
+            open: jest.fn(),
+          }),
+        },
+      },
+    },
+  }),
+}));
+
+describe('useAddToNewCase', () => {
+  it('disables the action when a user can NOT create and read cases', () => {
+    const canUserCreateAndReadCases = jest.fn().mockReturnValue(false);
+
+    const { result } = renderHook(
+      () =>
+        useAddToNewCase({
+          canUserCreateAndReadCases,
+          title: 'Persistent Execution of Malicious Application',
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    expect(result.current.disabled).toBe(true);
+  });
+
+  it('enables the action when a user can create and read cases', () => {
+    const canUserCreateAndReadCases = jest.fn().mockReturnValue(true);
+
+    const { result } = renderHook(
+      () =>
+        useAddToNewCase({
+          canUserCreateAndReadCases,
+          title: 'Persistent Execution of Malicious Application',
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    expect(result.current.disabled).toBe(false);
+  });
+
+  it('calls the onClick callback when provided', () => {
+    const onClick = jest.fn();
+    const canUserCreateAndReadCases = jest.fn().mockReturnValue(true);
+
+    const { result } = renderHook(
+      () =>
+        useAddToNewCase({
+          canUserCreateAndReadCases,
+          title: 'Persistent Execution of Malicious Application',
+          onClick,
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    act(() => {
+      result.current.onAddToNewCase({
+        alertIds: ['alert1', 'alert2'],
+        markdownComments: ['Comment 1', 'Comment 2'],
+      });
+    });
+
+    expect(onClick).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx
new file mode 100644
index 0000000000000..80245d371f412
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx
@@ -0,0 +1,142 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { act, renderHook } from '@testing-library/react-hooks';
+
+import { useAddToExistingCase } from '.';
+import { useKibana } from '../../../../common/lib/kibana';
+import { TestProviders } from '../../../../common/mock';
+
+jest.mock('../../../../common/lib/kibana', () => ({
+  useKibana: jest.fn().mockReturnValue({
+    services: {
+      cases: {
+        hooks: {
+          useCasesAddToExistingCaseModal: jest.fn().mockReturnValue({
+            open: jest.fn(),
+          }),
+        },
+      },
+    },
+  }),
+}));
+
+describe('useAddToExistingCase', () => {
+  const mockCanUserCreateAndReadCases = jest.fn();
+  const mockOnClick = jest.fn();
+  const mockAlertIds = ['alert1', 'alert2'];
+  const mockMarkdownComments = ['Comment 1', 'Comment 2'];
+  const mockReplacements = { alert1: 'replacement1', alert2: 'replacement2' };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('disables the action when a user can NOT create and read cases', () => {
+    mockCanUserCreateAndReadCases.mockReturnValue(false);
+
+    const { result } = renderHook(
+      () =>
+        useAddToExistingCase({
+          canUserCreateAndReadCases: mockCanUserCreateAndReadCases,
+          onClick: mockOnClick,
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    expect(result.current.disabled).toBe(true);
+  });
+
+  it('enables the action when a user can create and read cases', () => {
+    mockCanUserCreateAndReadCases.mockReturnValue(true);
+
+    const { result } = renderHook(
+      () =>
+        useAddToExistingCase({
+          canUserCreateAndReadCases: mockCanUserCreateAndReadCases,
+          onClick: mockOnClick,
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    expect(result.current.disabled).toBe(false);
+  });
+
+  it('calls the openSelectCaseModal function with the expected attachments', () => {
+    mockCanUserCreateAndReadCases.mockReturnValue(true);
+    const mockOpenSelectCaseModal = jest.fn();
+    (useKibana as jest.Mock).mockReturnValue({
+      services: {
+        cases: {
+          hooks: {
+            useCasesAddToExistingCaseModal: jest.fn().mockReturnValue({
+              open: mockOpenSelectCaseModal,
+            }),
+          },
+        },
+      },
+    });
+
+    const { result } = renderHook(
+      () =>
+        useAddToExistingCase({
+          canUserCreateAndReadCases: mockCanUserCreateAndReadCases,
+          onClick: mockOnClick,
+        }),
+      {
+        wrapper: TestProviders,
+      }
+    );
+
+    act(() => {
+      result.current.onAddToExistingCase({
+        alertIds: mockAlertIds,
+        markdownComments: mockMarkdownComments,
+        replacements: mockReplacements,
+      });
+    });
+
+    expect(mockOpenSelectCaseModal).toHaveBeenCalledWith({
+      getAttachments: expect.any(Function),
+    });
+
+    const getAttachments = mockOpenSelectCaseModal.mock.calls[0][0].getAttachments;
+    const attachments = getAttachments();
+
+    expect(attachments).toHaveLength(4);
+    expect(attachments[0]).toEqual({
+      comment: 'Comment 1',
+      type: 'user',
+    });
+    expect(attachments[1]).toEqual({
+      comment: 'Comment 2',
+      type: 'user',
+    });
+    expect(attachments[2]).toEqual({
+      alertId: 'replacement1', // <-- case attachment uses the replacement values
+      index: '',
+      rule: {
+        id: null,
+        name: null,
+      },
+      type: 'alert',
+    });
+    expect(attachments[3]).toEqual({
+      alertId: 'replacement2',
+      index: '',
+      rule: {
+        id: null,
+        name: null,
+      },
+      type: 'alert',
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx
new file mode 100644
index 0000000000000..d65dd87117ca3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { AttackDiscoveryPanel } from '.';
+import { TestProviders } from '../../common/mock';
+import { mockAttackDiscovery } from '../mock/mock_attack_discovery';
+
+describe('AttackDiscoveryPanel', () => {
+  it('renders the attack discovery accordion', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryPanel attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const attackDiscoveryAccordion = screen.getByTestId('attackDiscoveryAccordion');
+
+    expect(attackDiscoveryAccordion).toBeInTheDocument();
+  });
+
+  it('renders empty accordion content', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryPanel attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const emptyAccordionContent = screen.getByTestId('emptyAccordionContent');
+
+    expect(emptyAccordionContent).toBeInTheDocument();
+  });
+
+  it('renders the attack discovery summary', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryPanel attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const actionableSummary = screen.getByTestId('actionableSummary');
+
+    expect(actionableSummary).toBeInTheDocument();
+  });
+
+  it('renders the attack discovery tabs panel when accordion is open', () => {
+    render(
+      <TestProviders>
+        <AttackDiscoveryPanel attackDiscovery={mockAttackDiscovery} initialIsOpen={true} />
+      </TestProviders>
+    );
+
+    const attackDiscoveryTabsPanel = screen.getByTestId('attackDiscoveryTabsPanel');
+
+    expect(attackDiscoveryTabsPanel).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx
index daa5abd264598..2aaac0449886a 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx
@@ -7,14 +7,13 @@
 
 import { css } from '@emotion/react';
 import { EuiAccordion, EuiPanel, EuiSpacer, useEuiTheme, useGeneratedHtmlId } from '@elastic/eui';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import React, { useCallback, useMemo, useState } from 'react';
 
 import { ActionableSummary } from './actionable_summary';
 import { Actions } from './actions';
 import { Tabs } from './tabs';
 import { Title } from './title';
-import type { AttackDiscovery } from '../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts
deleted file mode 100644
index 934be01172e24..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { GenerationInterval } from '../../types';
-
-export const encodeIntervals = (
-  intervalByConnectorId: Record<string, [GenerationInterval]>
-): string | null => {
-  try {
-    return JSON.stringify(intervalByConnectorId, null, 2);
-  } catch {
-    return null;
-  }
-};
-
-export const decodeIntervals = (
-  intervalByConnectorId: string
-): Record<string, [GenerationInterval]> | null => {
-  try {
-    return JSON.parse(intervalByConnectorId);
-  } catch {
-    return null;
-  }
-};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx
new file mode 100644
index 0000000000000..c505aafa6631b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../../common/mock';
+import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery';
+import { AlertsTab } from '.';
+
+describe('AlertsTab', () => {
+  it('renders the alerts tab', () => {
+    render(
+      <TestProviders>
+        <AlertsTab attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const alertsTab = screen.getByTestId('alertsTab');
+
+    expect(alertsTab).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx
index d7caf0a7528c9..fc1838dad055d 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx
@@ -5,13 +5,12 @@
  * 2.0.
  */
 
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import { AlertConsumers } from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names';
 import React, { useMemo } from 'react';
 
 import { ALERTS_TABLE_REGISTRY_CONFIG_IDS } from '../../../../../common/constants';
 import { useKibana } from '../../../../common/lib/kibana';
-import type { AttackDiscovery } from '../../../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx
new file mode 100644
index 0000000000000..3c05a10a6eb06
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx
@@ -0,0 +1,139 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { AttackDiscoveryTab } from '.';
+import type { Replacements } from '@kbn/elastic-assistant-common';
+import { TestProviders } from '../../../../common/mock';
+import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery';
+import { ATTACK_CHAIN, DETAILS, SUMMARY } from './translations';
+
+describe('AttackDiscoveryTab', () => {
+  const mockReplacements: Replacements = {
+    '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+    '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username',
+  };
+
+  describe('when showAnonymized is false', () => {
+    const showAnonymized = false;
+
+    beforeEach(() =>
+      render(
+        <TestProviders>
+          <AttackDiscoveryTab
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+            showAnonymized={showAnonymized}
+          />
+        </TestProviders>
+      )
+    );
+
+    it('renders the summary using the real host and username', () => {
+      const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter');
+      const summaryMarkdown = markdownFormatters[0];
+
+      expect(summaryMarkdown).toHaveTextContent(
+        'A multi-stage malware attack was detected on foo.hostname involving bar.username. A suspicious application delivered malware, attempted credential theft, and established persistence.'
+      );
+    });
+
+    it('renders the details using the real host and username', () => {
+      const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter');
+      const detailsMarkdown = markdownFormatters[1];
+
+      expect(detailsMarkdown).toHaveTextContent(
+        `The following attack progression appears to have occurred on the host foo.hostname involving the user bar.username: A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.`
+      );
+    });
+  });
+
+  describe('when showAnonymized is true', () => {
+    const showAnonymized = true;
+
+    beforeEach(() =>
+      render(
+        <TestProviders>
+          <AttackDiscoveryTab
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+            showAnonymized={showAnonymized}
+          />
+        </TestProviders>
+      )
+    );
+
+    it('renders the summary using the anonymized host and username', () => {
+      const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter');
+      const summaryMarkdown = markdownFormatters[0];
+
+      expect(summaryMarkdown).toHaveTextContent(
+        'A multi-stage malware attack was detected on 5e454c38-439c-4096-8478-0a55511c76e3 involving 3bdc7952-a334-4d95-8092-cd176546e18a. A suspicious application delivered malware, attempted credential theft, and established persistence.'
+      );
+    });
+
+    it('renders the details using the anonymized host and username', () => {
+      const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter');
+      const detailsMarkdown = markdownFormatters[1];
+
+      expect(detailsMarkdown).toHaveTextContent(
+        `The following attack progression appears to have occurred on the host 5e454c38-439c-4096-8478-0a55511c76e3 involving the user 3bdc7952-a334-4d95-8092-cd176546e18a: A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.`
+      );
+    });
+  });
+
+  describe('common cases', () => {
+    beforeEach(() =>
+      render(
+        <TestProviders>
+          <AttackDiscoveryTab
+            attackDiscovery={mockAttackDiscovery}
+            replacements={mockReplacements}
+          />
+        </TestProviders>
+      )
+    );
+
+    it('renders the expected summary title', () => {
+      const summaryTitle = screen.getByTestId('summaryTitle');
+
+      expect(summaryTitle).toHaveTextContent(SUMMARY);
+    });
+
+    it('renders the expected details title', () => {
+      const detailsTitle = screen.getByTestId('detailsTitle');
+
+      expect(detailsTitle).toHaveTextContent(DETAILS);
+    });
+
+    it('renders the expected attack chain title', () => {
+      const attackChainTitle = screen.getByTestId('attackChainTitle');
+
+      expect(attackChainTitle).toHaveTextContent(ATTACK_CHAIN);
+    });
+
+    it('renders the attack chain', () => {
+      const attackChain = screen.getByTestId('attackChain');
+
+      expect(attackChain).toBeInTheDocument();
+    });
+
+    it('renders the "View in AI Assistant" button', () => {
+      const viewInAiAssistantButton = screen.getByTestId('viewInAiAssistant');
+
+      expect(viewInAiAssistantButton).toBeInTheDocument();
+    });
+
+    it('renders the "Investigate in Timeline" button', () => {
+      const investigateInTimelineButton = screen.getByTestId('investigateInTimelineButton');
+
+      expect(investigateInTimelineButton).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx
index e80be849de08e..23a63d0503db3 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui';
 import { css } from '@emotion/react';
 import React, { useMemo } from 'react';
@@ -16,7 +16,6 @@ import { buildAlertsKqlFilter } from '../../../../detections/components/alerts_t
 import { getTacticMetadata } from '../../../helpers';
 import { AttackDiscoveryMarkdownFormatter } from '../../../attack_discovery_markdown_formatter';
 import * as i18n from './translations';
-import type { AttackDiscovery } from '../../../types';
 import { ViewInAiAssistant } from '../../view_in_ai_assistant';
 
 interface Props {
@@ -86,7 +85,7 @@ const AttackDiscoveryTabComponent: React.FC<Props> = ({
 
       {tacticMetadata.length > 0 && (
         <>
-          <EuiTitle data-test-subj="detailsTitle" size="xs">
+          <EuiTitle data-test-subj="attackChainTitle" size="xs">
             <h2>{i18n.ATTACK_CHAIN}</h2>
           </EuiTitle>
           <EuiSpacer size="s" />
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx
new file mode 100644
index 0000000000000..d002c0bde5324
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Replacements } from '@kbn/elastic-assistant-common';
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { getTabs } from './get_tabs';
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { ALERTS, ATTACK_DISCOVERY } from './translations';
+
+describe('getTabs', () => {
+  const mockReplacements: Replacements = {
+    '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+    '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username',
+  };
+
+  const tabs = getTabs({
+    attackDiscovery: mockAttackDiscovery,
+    replacements: mockReplacements,
+  });
+
+  describe('Attack discovery tab', () => {
+    const attackDiscoveryTab = tabs.find((tab) => tab.id === 'attackDiscovery--id');
+
+    it('includes the Attack discovery tab', () => {
+      expect(attackDiscoveryTab).not.toBeUndefined();
+    });
+
+    it('has the expected tab name', () => {
+      expect(attackDiscoveryTab?.name).toEqual(ATTACK_DISCOVERY);
+    });
+
+    it('renders the expected content', () => {
+      render(<TestProviders>{attackDiscoveryTab?.content}</TestProviders>);
+
+      expect(screen.getByTestId('attackDiscoveryTab')).toBeInTheDocument();
+    });
+  });
+
+  describe('Alerts tab', () => {
+    const alertsTab = tabs.find((tab) => tab.id === 'alerts--id');
+
+    it('includes the Alerts tab', () => {
+      expect(alertsTab).not.toBeUndefined();
+    });
+
+    it('has the expected tab name', () => {
+      expect(alertsTab?.name).toEqual(ALERTS);
+    });
+
+    it('renders the expected content', () => {
+      render(<TestProviders>{alertsTab?.content}</TestProviders>);
+
+      expect(screen.getByTestId('alertsTab')).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx
index 8f74a52bdb650..09708d0880c8a 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx
@@ -6,15 +6,14 @@
  */
 
 import { EuiSpacer } from '@elastic/eui';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import React from 'react';
 
 import { AttackDiscoveryTab } from './attack_discovery_tab';
 import { AlertsTab } from './alerts_tab';
 import * as i18n from './translations';
-import type { AttackDiscovery } from '../../types';
 
-interface TabInfo {
+export interface TabInfo {
   content: JSX.Element;
   id: string;
   name: string;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx
new file mode 100644
index 0000000000000..3b155d704708c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Tabs } from '.';
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+
+describe('Tabs', () => {
+  beforeEach(() => {
+    render(
+      <TestProviders>
+        <Tabs attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+  });
+
+  it('renders the attack discovery tab', () => {
+    const attackDiscoveryTab = screen.getByTestId('attackDiscoveryTab');
+
+    expect(attackDiscoveryTab).toBeInTheDocument();
+  });
+
+  it("renders the alerts tab when it's selected", () => {
+    const alertsTabButton = screen.getByText('Alerts');
+
+    fireEvent.click(alertsTabButton);
+    const alertsTab = screen.getByTestId('alertsTab');
+
+    expect(alertsTab).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx
index a11d63acb83bb..c11851fd15778 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx
@@ -5,12 +5,11 @@
  * 2.0.
  */
 
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import { EuiTabs, EuiTab } from '@elastic/eui';
 import React, { useCallback, useMemo, useState } from 'react';
 
 import { getTabs } from './get_tabs';
-import type { AttackDiscovery } from '../../types';
 
 interface Props {
   attackDiscovery: AttackDiscovery;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx
new file mode 100644
index 0000000000000..8648d861b0352
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Title } from '.';
+
+describe('Title', () => {
+  const title = 'Malware Delivery and Credentials Access on macOS';
+
+  it('renders the assistant avatar', () => {
+    render(<Title isLoading={false} title={title} />);
+    const assistantAvatar = screen.getByTestId('assistantAvatar');
+
+    expect(assistantAvatar).toBeInTheDocument();
+  });
+
+  it('renders the expected title', () => {
+    render(<Title isLoading={false} title={title} />);
+    const titleText = screen.getByTestId('titleText');
+
+    expect(titleText).toHaveTextContent(title);
+  });
+
+  it('renders the skeleton title when isLoading is true', () => {
+    render(<Title isLoading={true} title={title} />);
+    const skeletonTitle = screen.getByTestId('skeletonTitle');
+
+    expect(skeletonTitle).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx
new file mode 100644
index 0000000000000..322e26cb4df48
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { ViewInAiAssistant } from '.';
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { VIEW_IN_AI_ASSISTANT } from './translations';
+
+describe('ViewInAiAssistant', () => {
+  it('renders the assistant avatar', () => {
+    render(
+      <TestProviders>
+        <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const assistantAvatar = screen.getByTestId('assistantAvatar');
+
+    expect(assistantAvatar).toBeInTheDocument();
+  });
+
+  it('renders the expected button label', () => {
+    render(
+      <TestProviders>
+        <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} />
+      </TestProviders>
+    );
+
+    const viewInAiAssistantLabel = screen.getByTestId('viewInAiAssistantLabel');
+
+    expect(viewInAiAssistantLabel).toHaveTextContent(VIEW_IN_AI_ASSISTANT);
+  });
+
+  describe('compact mode', () => {
+    it('does NOT render the assistant avatar', () => {
+      render(
+        <TestProviders>
+          <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} compact={true} />
+        </TestProviders>
+      );
+
+      const assistantAvatar = screen.queryByTestId('assistantAvatar');
+
+      expect(assistantAvatar).not.toBeInTheDocument();
+    });
+
+    it('renders the expected button text', () => {
+      render(
+        <TestProviders>
+          <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} compact={true} />
+        </TestProviders>
+      );
+
+      const viewInAiAssistantCompact = screen.getByTestId('viewInAiAssistantCompact');
+
+      expect(viewInAiAssistantCompact).toHaveTextContent(VIEW_IN_AI_ASSISTANT);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx
index b3ad4590f0363..e254ce5d334b8 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx
@@ -6,12 +6,11 @@
  */
 
 import { AssistantAvatar } from '@kbn/elastic-assistant';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import { EuiButton, EuiButtonEmpty, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import React from 'react';
 
 import * as i18n from './translations';
-import type { AttackDiscovery } from '../../types';
 import { useViewInAiAssistant } from './use_view_in_ai_assistant';
 
 interface Props {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts
new file mode 100644
index 0000000000000..cc7058c8f3fe6
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts
@@ -0,0 +1,86 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react-hooks';
+import { useAssistantOverlay } from '@kbn/elastic-assistant';
+
+import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
+import { getAttackDiscoveryMarkdown } from '../../get_attack_discovery_markdown/get_attack_discovery_markdown';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { useViewInAiAssistant } from './use_view_in_ai_assistant';
+
+jest.mock('@kbn/elastic-assistant');
+jest.mock('../../../assistant/use_assistant_availability');
+jest.mock('../../get_attack_discovery_markdown/get_attack_discovery_markdown');
+
+describe('useViewInAiAssistant', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    (useAssistantOverlay as jest.Mock).mockReturnValue({
+      promptContextId: 'prompt-context-id',
+      showAssistantOverlay: jest.fn(),
+    });
+
+    (useAssistantAvailability as jest.Mock).mockReturnValue({
+      hasAssistantPrivilege: true,
+      isAssistantEnabled: true,
+    });
+
+    (getAttackDiscoveryMarkdown as jest.Mock).mockResolvedValue('Test markdown');
+  });
+
+  it('returns the expected promptContextId', () => {
+    const { result } = renderHook(() =>
+      useViewInAiAssistant({
+        attackDiscovery: mockAttackDiscovery,
+      })
+    );
+
+    expect(result.current.promptContextId).toBe('prompt-context-id');
+  });
+
+  it('returns disabled: false when the user has assistant privileges and promptContextId is provided', () => {
+    const { result } = renderHook(() =>
+      useViewInAiAssistant({
+        attackDiscovery: mockAttackDiscovery,
+      })
+    );
+
+    expect(result.current.disabled).toBe(false);
+  });
+
+  it('returns disabled: true when the user does NOT have assistant privileges', () => {
+    (useAssistantAvailability as jest.Mock).mockReturnValue({
+      hasAssistantPrivilege: false, // <-- the user does NOT have assistant privileges
+      isAssistantEnabled: true,
+    });
+
+    const { result } = renderHook(() =>
+      useViewInAiAssistant({
+        attackDiscovery: mockAttackDiscovery,
+      })
+    );
+
+    expect(result.current.disabled).toBe(true);
+  });
+
+  it('returns disabled: true when promptContextId is null', () => {
+    (useAssistantOverlay as jest.Mock).mockReturnValue({
+      promptContextId: null, // <-- promptContextId is null
+      showAssistantOverlay: jest.fn(),
+    });
+
+    const { result } = renderHook(() =>
+      useViewInAiAssistant({
+        attackDiscovery: mockAttackDiscovery,
+      })
+    );
+
+    expect(result.current.disabled).toBe(true);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts
index 58f66b1b2a0dd..8016e1b45b408 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts
@@ -7,10 +7,9 @@
 
 import { useMemo, useCallback } from 'react';
 import { useAssistantOverlay } from '@kbn/elastic-assistant';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
 import { getAttackDiscoveryMarkdown } from '../../get_attack_discovery_markdown/get_attack_discovery_markdown';
-import type { AttackDiscovery } from '../../types';
 
 /**
  * This category is provided in the prompt context for the assistant
@@ -39,7 +38,7 @@ export const useViewInAiAssistant = ({
     attackDiscovery.title, // conversation title
     attackDiscovery.title, // description used in context pill
     getPromptContext,
-    attackDiscovery.id, // accept the UUID default for this prompt context
+    attackDiscovery.id ?? null, // accept the UUID default for this prompt context
     null, // suggestedUserPrompt
     null, // tooltip
     isAssistantEnabled,
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx
new file mode 100644
index 0000000000000..4af83edba69aa
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx
@@ -0,0 +1,188 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  getAttackChainMarkdown,
+  getAttackDiscoveryMarkdown,
+  getMarkdownFields,
+  getMarkdownWithOriginalValues,
+} from './get_attack_discovery_markdown';
+import { mockAttackDiscovery } from '../mock/mock_attack_discovery';
+
+describe('getAttackDiscoveryMarkdown', () => {
+  describe('getMarkdownFields', () => {
+    it('replaces markdown fields with formatted values', () => {
+      const markdown = 'This is a {{ field1 value1 }} and {{ field2 value2 }}.';
+      const expected = 'This is a `value1` and `value2`.';
+
+      const result = getMarkdownFields(markdown);
+
+      expect(result).toBe(expected);
+    });
+
+    it('handles multiple occurrences of markdown fields', () => {
+      const markdown =
+        'This is a {{ field1 value1 }} and {{ field2 value2 }}. Also, {{ field1 value3 }}.';
+      const expected = 'This is a `value1` and `value2`. Also, `value3`.';
+
+      const result = getMarkdownFields(markdown);
+
+      expect(result).toBe(expected);
+    });
+
+    it('handles markdown fields with no spaces around them', () => {
+      const markdown = 'This is a {{field1 value1}} and {{field2 value2}}.';
+      const expected = 'This is a `value1` and `value2`.';
+
+      const result = getMarkdownFields(markdown);
+
+      expect(result).toBe(expected);
+    });
+
+    it('handles empty markdown', () => {
+      const markdown = '';
+      const expected = '';
+
+      const result = getMarkdownFields(markdown);
+
+      expect(result).toBe(expected);
+    });
+  });
+
+  describe('getAttackChainMarkdown', () => {
+    it('returns an empty string when no tactics are detected', () => {
+      const noTactics = {
+        ...mockAttackDiscovery,
+        mitreAttackTactics: [],
+      };
+
+      const result = getAttackChainMarkdown(noTactics);
+
+      expect(result).toBe('');
+    });
+
+    it('returns the expected attack chain markdown when tactics are detected', () => {
+      const result = getAttackChainMarkdown(mockAttackDiscovery);
+
+      expect(result).toBe(`### Attack Chain
+- Initial Access
+- Execution
+- Persistence
+- Privilege Escalation
+`);
+    });
+  });
+
+  describe('getMarkdownWithOriginalValues', () => {
+    const markdown = mockAttackDiscovery.summaryMarkdown;
+
+    it('returns the same markdown when no replacements are provided', () => {
+      const result = getMarkdownWithOriginalValues({ markdown });
+
+      expect(result).toBe(markdown);
+    });
+
+    it('replaces the UUIDs with the original values when replacements are provided ', () => {
+      const replacements = {
+        '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+        '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username',
+      };
+      const expected =
+        'A multi-stage malware attack was detected on {{ host.name foo.hostname }} involving {{ user.name bar.username }}. A suspicious application delivered malware, attempted credential theft, and established persistence.';
+
+      const result = getMarkdownWithOriginalValues({ markdown, replacements });
+
+      expect(result).toBe(expected);
+    });
+
+    it('only replaces values when there are corresponding entries in the replacements', () => {
+      // The UUID '3bdc7952-a334-4d95-8092-cd176546e18a' is not in the replacements:
+      const replacements = {
+        '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+      };
+
+      const expected =
+        'A multi-stage malware attack was detected on {{ host.name foo.hostname }} involving {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}. A suspicious application delivered malware, attempted credential theft, and established persistence.';
+
+      const result = getMarkdownWithOriginalValues({ markdown, replacements });
+
+      expect(result).toBe(expected);
+    });
+  });
+
+  describe('getAttackDiscoveryMarkdown', () => {
+    it('returns the expected markdown when replacements are NOT provided', () => {
+      const expectedMarkdown = `## Malware Attack With Credential Theft Attempt
+
+Suspicious activity involving the host \`5e454c38-439c-4096-8478-0a55511c76e3\` and user \`3bdc7952-a334-4d95-8092-cd176546e18a\`.
+
+### Summary
+A multi-stage malware attack was detected on \`5e454c38-439c-4096-8478-0a55511c76e3\` involving \`3bdc7952-a334-4d95-8092-cd176546e18a\`. A suspicious application delivered malware, attempted credential theft, and established persistence.
+
+### Details
+The following attack progression appears to have occurred on the host \`5e454c38-439c-4096-8478-0a55511c76e3\` involving the user \`3bdc7952-a334-4d95-8092-cd176546e18a\`:
+
+- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation.
+- This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable.
+- The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials.
+- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing.
+
+This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.
+
+### Attack Chain
+- Initial Access
+- Execution
+- Persistence
+- Privilege Escalation
+
+`;
+
+      const markdown = getAttackDiscoveryMarkdown({ attackDiscovery: mockAttackDiscovery });
+
+      expect(markdown).toBe(expectedMarkdown);
+    });
+
+    it('returns the expected markdown when replacements are provided', () => {
+      const replacements = {
+        '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname',
+        '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username',
+      };
+
+      const expectedMarkdown = `## Malware Attack With Credential Theft Attempt
+
+Suspicious activity involving the host \`foo.hostname\` and user \`bar.username\`.
+
+### Summary
+A multi-stage malware attack was detected on \`foo.hostname\` involving \`bar.username\`. A suspicious application delivered malware, attempted credential theft, and established persistence.
+
+### Details
+The following attack progression appears to have occurred on the host \`foo.hostname\` involving the user \`bar.username\`:
+
+- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation.
+- This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable.
+- The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials.
+- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing.
+
+This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.
+
+### Attack Chain
+- Initial Access
+- Execution
+- Persistence
+- Privilege Escalation
+
+`;
+
+      const markdown = getAttackDiscoveryMarkdown({
+        attackDiscovery: mockAttackDiscovery,
+        replacements,
+      });
+
+      expect(markdown).toBe(expectedMarkdown);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts
index e79470f670d8d..5309ef1de6bb2 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts
@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common';
 
 import { getTacticLabel, getTacticMetadata } from '../helpers';
-import type { AttackDiscovery } from '../types';
 
 export const getMarkdownFields = (markdown: string): string => {
   const regex = new RegExp('{{\\s*(\\S+)\\s+(\\S+)\\s*}}', 'gm');
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx
new file mode 100644
index 0000000000000..4f5e43323333f
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  COMMAND_AND_CONTROL,
+  DISCOVERY,
+  EXECUTION,
+  EXFILTRATION,
+  getTacticLabel,
+  getTacticMetadata,
+  INITIAL_ACCESS,
+  LATERAL_MOVEMENT,
+  PERSISTENCE,
+  PRIVILEGE_ESCALATION,
+  RECONNAISSANCE,
+  replaceNewlineLiterals,
+} from './helpers';
+import { mockAttackDiscovery } from './mock/mock_attack_discovery';
+import * as i18n from './translations';
+
+const expectedTactics = {
+  [RECONNAISSANCE]: i18n.RECONNAISSANCE,
+  [INITIAL_ACCESS]: i18n.INITIAL_ACCESS,
+  [EXECUTION]: i18n.EXECUTION,
+  [PERSISTENCE]: i18n.PERSISTENCE,
+  [PRIVILEGE_ESCALATION]: i18n.PRIVILEGE_ESCALATION,
+  [DISCOVERY]: i18n.DISCOVERY,
+  [LATERAL_MOVEMENT]: i18n.LATERAL_MOVEMENT,
+  [COMMAND_AND_CONTROL]: i18n.COMMAND_AND_CONTROL,
+  [EXFILTRATION]: i18n.EXFILTRATION,
+  unknown: 'unknown',
+};
+
+describe('helpers', () => {
+  describe('getTacticLabel', () => {
+    Object.entries(expectedTactics).forEach(([tactic, expectedLabel]) => {
+      it(`returns the expected label for ${tactic}`, () => {
+        const label = getTacticLabel(tactic);
+
+        expect(label).toBe(expectedLabel);
+      });
+    });
+  });
+
+  describe('getTacticMetadata', () => {
+    const expectedDetected = ['Initial Access', 'Execution', 'Persistence', 'Privilege Escalation'];
+
+    expectedDetected.forEach((tactic) => {
+      it(`sets the detected property to true for the '${tactic}' tactic`, () => {
+        const result = getTacticMetadata(mockAttackDiscovery);
+        const metadata = result.find(({ name }) => name === tactic);
+
+        expect(metadata?.detected).toBe(true);
+      });
+    });
+
+    it('sets the detected property to false for all tactics that were not detected', () => {
+      const result = getTacticMetadata(mockAttackDiscovery);
+      const filtered = result.filter(({ name }) => !expectedDetected.includes(name));
+
+      filtered.forEach((metadata) => {
+        expect(metadata.detected).toBe(false);
+      });
+    });
+
+    it('sets the expected "index" property for each tactic', () => {
+      const result = getTacticMetadata(mockAttackDiscovery);
+
+      result.forEach((metadata, i) => {
+        expect(metadata.index).toBe(i);
+      });
+    });
+  });
+
+  describe('replaceNewlineLiterals', () => {
+    it('replaces multiple newline literals with actual newlines', () => {
+      const input = 'Multiple\\nnewline\\nliterals';
+      const expected = 'Multiple\nnewline\nliterals';
+
+      const result = replaceNewlineLiterals(input);
+
+      expect(result).toEqual(expected);
+    });
+
+    it('does NOT replace anything if there are no newline literals', () => {
+      const input = 'This is a string without newlines';
+      const result = replaceNewlineLiterals(input);
+
+      expect(result).toEqual(input);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts
index 2cdd1354c9b6d..aa56835d5a1ed 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
 import * as i18n from './translations';
-import type { AttackDiscovery } from './types';
 
 export const RECONNAISSANCE = 'Reconnaissance';
 export const INITIAL_ACCESS = 'Initial Access';
@@ -56,7 +56,7 @@ export const getTacticLabel = (tactic: string): string => {
   }
 };
 
-interface TacticMetadata {
+export interface TacticMetadata {
   detected: boolean;
   index: number;
   name: string;
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx
deleted file mode 100644
index 3c8d5c40ec515..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { renderHook } from '@testing-library/react-hooks';
-import { useAttackDiscoveryTelemetry } from '.';
-import { createTelemetryServiceMock } from '../../../common/lib/telemetry/telemetry_service.mock';
-
-const reportAttackDiscoveriesGenerated = jest.fn();
-const mockedTelemetry = {
-  ...createTelemetryServiceMock(),
-  reportAttackDiscoveriesGenerated,
-};
-
-jest.mock('../../../common/lib/kibana', () => {
-  const original = jest.requireActual('../../../common/lib/kibana');
-
-  return {
-    ...original,
-    useKibana: () => ({
-      services: {
-        telemetry: mockedTelemetry,
-      },
-    }),
-  };
-});
-
-describe('useAttackDiscoveryTelemetry', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-  it('should return the expected telemetry object with tracking functions', () => {
-    const { result } = renderHook(() => useAttackDiscoveryTelemetry());
-    expect(result.current).toHaveProperty('reportAttackDiscoveriesGenerated');
-  });
-
-  it('Should call reportAttackDiscoveriesGenerated with appropriate actionTypeId when tracking is called', async () => {
-    const { result } = renderHook(() => useAttackDiscoveryTelemetry());
-    await result.current.reportAttackDiscoveriesGenerated({
-      actionTypeId: '.gen-ai',
-      model: 'gpt-4',
-      durationMs: 8000,
-      alertsCount: 20,
-      alertsContextCount: 25,
-      configuredAlertsCount: 30,
-    });
-    expect(reportAttackDiscoveriesGenerated).toHaveBeenCalledWith({
-      actionTypeId: '.gen-ai',
-      model: 'gpt-4',
-      durationMs: 8000,
-      alertsCount: 20,
-      alertsContextCount: 25,
-      configuredAlertsCount: 30,
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx
deleted file mode 100644
index a0cc331e88017..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { ReportAttackDiscoveriesGeneratedParams } from '../../../common/lib/telemetry/events/attack_discovery/types';
-import { useKibana } from '../../../common/lib/kibana';
-
-interface AttackDiscoveryTelemetry {
-  reportAttackDiscoveriesGenerated: (params: ReportAttackDiscoveriesGeneratedParams) => void;
-}
-
-export const useAttackDiscoveryTelemetry = (): AttackDiscoveryTelemetry => {
-  const {
-    services: { telemetry },
-  } = useKibana();
-
-  return {
-    reportAttackDiscoveriesGenerated: telemetry.reportAttackDiscoveriesGenerated,
-  };
-};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx
new file mode 100644
index 0000000000000..a08dbcfd9a26b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx
@@ -0,0 +1,207 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { HttpSetupMock } from '@kbn/core-http-browser-mocks';
+import { coreMock } from '@kbn/core/public/mocks';
+import { act, renderHook } from '@testing-library/react-hooks';
+import { attackDiscoveryStatus, usePollApi } from './use_poll_api';
+import moment from 'moment/moment';
+import { kibanaMock } from '../../common/mock';
+
+const http: HttpSetupMock = coreMock.createSetup().http;
+const setApproximateFutureTime = jest.fn();
+const defaultProps = { http, setApproximateFutureTime, connectorId: 'my-gpt4o-ai' };
+
+const mockResponse = {
+  timestamp: '2024-06-07T18:56:17.357Z',
+  createdAt: '2024-06-07T18:56:17.357Z',
+  users: [
+    {
+      id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+      name: 'elastic',
+    },
+  ],
+  status: 'succeeded',
+  apiConfig: {
+    actionTypeId: '.gen-ai',
+    connectorId: 'my-gpt4o-ai',
+  },
+  attackDiscoveries: [
+    {
+      summaryMarkdown:
+        'A critical malware incident involving {{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} has been detected. The malware, identified as AppPool.vbs, was executed with high privileges and attempted to evade detection.',
+      id: '2204421f-bb42-4b96-a200-016a5388a029',
+      title: 'Critical Malware Incident on Windows Host',
+      mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'],
+      alertIds: [
+        '43cf228ce034aeeb89a1ef41cd7fcdef1a3db574fa5237badf1fa9eaa3425c21',
+        '44ae9696784b3baeee75935f889e55ce77da338241230b5c488f90a8bace43e2',
+        '2479b1b1007952d3b6dc26344c89f44c1bb396de56f1655eca408135b3d05af8',
+      ],
+      detailsMarkdown: 'details',
+      entitySummaryMarkdown:
+        '{{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} are involved in a critical malware incident.',
+      timestamp: '2024-06-07T20:04:35.715Z',
+    },
+  ],
+  backingIndex: '1234',
+  lastViewedAt: '2024-06-07T20:04:35.715Z',
+  updatedAt: '2024-06-07T20:04:35.715Z',
+  replacements: {
+    'c1f9889f-1f6b-4abc-8e65-02de89fe1054': 'root',
+    '71ca47cf-082e-4d35-a8e7-6e4fa4e175da': 'james',
+  },
+  namespace: 'default',
+  generationIntervals: [
+    {
+      date: '2024-06-07T20:04:35.715Z',
+      durationMs: 104593,
+    },
+    {
+      date: '2024-06-07T18:58:27.880Z',
+      durationMs: 130526,
+    },
+  ],
+  alertsContextCount: 20,
+  averageIntervalMs: 117559,
+  id: '8e215edc-6318-4760-9566-d32f1844f9cb',
+};
+
+const mockStats = [
+  {
+    hasViewed: false,
+    status: 'failed',
+    count: 0,
+    connectorId: 'my-bedrock-old',
+  },
+  {
+    hasViewed: false,
+    status: 'running',
+    count: 1,
+    connectorId: 'my-gen-ai',
+  },
+  {
+    hasViewed: true,
+    status: 'succeeded',
+    count: 1,
+    connectorId: 'my-gpt4o-ai',
+  },
+  {
+    hasViewed: true,
+    status: 'canceled',
+    count: 1,
+    connectorId: 'my-bedrock',
+  },
+  {
+    hasViewed: false,
+    status: 'succeeded',
+    count: 4,
+    connectorId: 'my-gen-a2i',
+  },
+];
+
+describe('usePollApi', () => {
+  beforeAll(() => {
+    jest.useFakeTimers({ legacyFakeTimers: true });
+  });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+  test('should render initial state with null status and data', () => {
+    const { result } = renderHook(() => usePollApi(defaultProps));
+    expect(result.current.status).toBeNull();
+    expect(result.current.data).toBeNull();
+  });
+
+  test('should call http.fetch on pollApi call', async () => {
+    const { result } = renderHook(() => usePollApi(defaultProps));
+
+    await result.current.pollApi();
+
+    expect(http.fetch).toHaveBeenCalledTimes(1);
+    expect(http.fetch).toHaveBeenCalledWith(
+      '/internal/elastic_assistant/attack_discovery/my-gpt4o-ai',
+      { method: 'GET', version: '1' }
+    );
+  });
+
+  test('should update didInitialFetch on connector change', async () => {
+    http.fetch.mockResolvedValue({
+      data: mockResponse,
+      stats: mockStats,
+    });
+    const { result, rerender } = renderHook((props) => usePollApi(props), {
+      initialProps: defaultProps,
+    });
+
+    expect(result.current.didInitialFetch).toEqual(false);
+
+    await act(async () => {
+      await result.current.pollApi();
+    });
+
+    expect(result.current.didInitialFetch).toEqual(true);
+
+    rerender({ ...defaultProps, connectorId: 'new-connector-id' });
+
+    expect(result.current.didInitialFetch).toEqual(false);
+
+    await act(async () => {
+      await result.current.pollApi();
+    });
+
+    expect(result.current.didInitialFetch).toEqual(true);
+  });
+
+  test('should update stats, status, and data on successful response', async () => {
+    http.fetch.mockResolvedValue({
+      data: mockResponse,
+      stats: mockStats,
+    });
+    const { result } = renderHook(() => usePollApi(defaultProps));
+
+    await act(async () => {
+      await result.current.pollApi();
+    });
+
+    expect(result.current.status).toBe(attackDiscoveryStatus.succeeded);
+    expect(result.current.data).toEqual({ ...mockResponse, connectorId: defaultProps.connectorId });
+    expect(setApproximateFutureTime).toHaveBeenCalledWith(
+      moment(mockResponse.updatedAt).add(mockResponse.averageIntervalMs, 'milliseconds').toDate()
+    );
+    expect(result.current.stats).toEqual({
+      newConnectorResultsCount: 2,
+      newDiscoveriesCount: 4,
+      statsPerConnector: mockStats,
+    });
+  });
+
+  test('When no connectorId and pollApi is called, should update status and data to null on error and show toast', async () => {
+    const addDangerMock = jest.spyOn(kibanaMock.notifications.toasts, 'addDanger');
+    const { result } = renderHook(() =>
+      usePollApi({
+        http,
+        setApproximateFutureTime: () => {},
+        toasts: kibanaMock.notifications.toasts,
+      })
+    );
+
+    await result.current.pollApi();
+
+    expect(result.current.status).toBeNull();
+    expect(result.current.data).toBeNull();
+    expect(addDangerMock).toHaveBeenCalledTimes(1);
+    expect(addDangerMock).toHaveBeenCalledWith(new Error('Invalid connector id'), {
+      text: 'Invalid connector id',
+      title: 'Error generating attack discoveries',
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx
new file mode 100644
index 0000000000000..874a4d1c99ded
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx
@@ -0,0 +1,216 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback, useEffect, useRef, useState } from 'react';
+import * as uuid from 'uuid';
+import type {
+  AttackDiscoveryStats,
+  AttackDiscoveryStatus,
+  AttackDiscoveryResponse,
+} from '@kbn/elastic-assistant-common';
+import {
+  AttackDiscoveryCancelResponse,
+  AttackDiscoveryGetResponse,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+} from '@kbn/elastic-assistant-common';
+import type { HttpSetup } from '@kbn/core-http-browser';
+import moment from 'moment';
+import type { IToasts } from '@kbn/core-notifications-browser';
+import {
+  ERROR_CANCELING_ATTACK_DISCOVERIES,
+  ERROR_GENERATING_ATTACK_DISCOVERIES,
+} from '../pages/translations';
+import { getErrorToastText } from '../pages/helpers';
+import { replaceNewlineLiterals } from '../helpers';
+
+export interface Props {
+  http: HttpSetup;
+  setApproximateFutureTime: (date: Date | null) => void;
+  toasts?: IToasts;
+  connectorId?: string;
+}
+
+export interface AttackDiscoveryData extends AttackDiscoveryResponse {
+  connectorId: string;
+}
+
+interface UsePollApi {
+  cancelAttackDiscovery: () => Promise<void>;
+  didInitialFetch: boolean;
+  status: AttackDiscoveryStatus | null;
+  data: AttackDiscoveryData | null;
+  stats: AttackDiscoveryStats | null;
+  pollApi: () => void;
+  setStatus: (status: AttackDiscoveryStatus | null) => void;
+}
+
+export const usePollApi = ({
+  http,
+  setApproximateFutureTime,
+  toasts,
+  connectorId,
+}: Props): UsePollApi => {
+  const [status, setStatus] = useState<AttackDiscoveryStatus | null>(null);
+  const [stats, setStats] = useState<AttackDiscoveryStats | null>(null);
+  const [data, setData] = useState<AttackDiscoveryData | null>(null);
+  const timeoutIdRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+  const connectorIdRef = useRef<string | undefined>(undefined);
+
+  const [didInitialFetch, setDidInitialFetch] = useState(false);
+
+  useEffect(() => {
+    connectorIdRef.current = connectorId;
+    setDidInitialFetch(false);
+    return () => {
+      connectorIdRef.current = undefined;
+      // when a connectorId changes, clear timeout
+      if (timeoutIdRef.current) clearTimeout(timeoutIdRef.current);
+    };
+  }, [connectorId]);
+
+  const handleResponse = useCallback(
+    (responseData: AttackDiscoveryResponse | null) => {
+      if (connectorId == null || connectorId === '') {
+        throw new Error('Invalid connector id');
+      }
+      setDidInitialFetch(true);
+      if (responseData == null) {
+        setStatus(null);
+        setData(null);
+        return;
+      }
+      setData((prevData) => {
+        if (
+          responseData.updatedAt === prevData?.updatedAt &&
+          responseData.status === prevData?.status &&
+          responseData.id === prevData?.id
+        ) {
+          // do not update if the data is the same
+          // prevents unnecessary re-renders
+          return prevData;
+        }
+        setStatus(responseData.status);
+        setApproximateFutureTime(
+          moment(responseData.updatedAt)
+            .add(responseData.averageIntervalMs, 'milliseconds')
+            .toDate()
+        );
+        return {
+          ...responseData,
+          connectorId,
+          attackDiscoveries: responseData.attackDiscoveries.map((attackDiscovery) => ({
+            ...attackDiscovery,
+            id: attackDiscovery.id ?? uuid.v4(),
+            detailsMarkdown: replaceNewlineLiterals(attackDiscovery.detailsMarkdown),
+            entitySummaryMarkdown: replaceNewlineLiterals(attackDiscovery.entitySummaryMarkdown),
+            summaryMarkdown: replaceNewlineLiterals(attackDiscovery.summaryMarkdown),
+          })),
+        };
+      });
+    },
+    [connectorId, setApproximateFutureTime]
+  );
+
+  const cancelAttackDiscovery = useCallback(async () => {
+    try {
+      if (connectorId == null || connectorId === '') {
+        throw new Error('Invalid connector id');
+      }
+      const rawResponse = await http.fetch(
+        `/internal/elastic_assistant/attack_discovery/cancel/${connectorId}`,
+        {
+          method: 'PUT',
+          version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        }
+      );
+      const parsedResponse = AttackDiscoveryCancelResponse.safeParse(rawResponse);
+      if (!parsedResponse.success) {
+        throw new Error('Failed to parse the attack discovery cancel response');
+      }
+      handleResponse(parsedResponse.data);
+    } catch (error) {
+      setStatus(null);
+
+      toasts?.addDanger(error, {
+        title: ERROR_CANCELING_ATTACK_DISCOVERIES,
+        text: getErrorToastText(error),
+      });
+    }
+  }, [connectorId, handleResponse, http, toasts]);
+
+  const pollApi = useCallback(async () => {
+    try {
+      if (connectorId == null || connectorId === '') {
+        throw new Error('Invalid connector id');
+      }
+      // edge case - clearTimeout does not always work in time
+      // so we need to check if the connectorId has changed
+      if (connectorId !== connectorIdRef.current) {
+        return;
+      }
+      // call the internal API to generate attack discoveries:
+      const rawResponse = await http.fetch(
+        `/internal/elastic_assistant/attack_discovery/${connectorId}`,
+        {
+          method: 'GET',
+          version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        }
+      );
+
+      const parsedResponse = AttackDiscoveryGetResponse.safeParse(rawResponse);
+      if (!parsedResponse.success) {
+        throw new Error('Failed to parse the attack discovery GET response');
+      }
+      // ensure component did not unmount before setting state
+      if (connectorIdRef.current) {
+        handleResponse(parsedResponse.data.data ?? null);
+        const allStats = parsedResponse.data.stats.reduce(
+          (acc, ad) => {
+            return {
+              ...acc,
+              newConnectorResultsCount:
+                !ad.hasViewed && (ad.status === 'succeeded' || ad.status === 'failed')
+                  ? acc.newConnectorResultsCount + 1
+                  : acc.newConnectorResultsCount,
+              newDiscoveriesCount:
+                !ad.hasViewed && ad.status === 'succeeded'
+                  ? acc.newDiscoveriesCount + ad.count
+                  : acc.newDiscoveriesCount,
+            };
+          },
+          {
+            newDiscoveriesCount: 0,
+            newConnectorResultsCount: 0,
+            statsPerConnector: parsedResponse.data.stats,
+          }
+        );
+        setStats(allStats);
+        // poll every 5 seconds, regardless if current connector is running. Need stats object for connector dropdown stats
+        timeoutIdRef.current = setTimeout(() => {
+          pollApi();
+        }, 5000);
+      }
+    } catch (error) {
+      setStatus(null);
+      setData(null);
+
+      toasts?.addDanger(error, {
+        title: ERROR_GENERATING_ATTACK_DISCOVERIES,
+        text: getErrorToastText(error),
+      });
+    }
+  }, [connectorId, handleResponse, http, toasts]);
+
+  return { cancelAttackDiscovery, didInitialFetch, status, data, pollApi, stats, setStatus };
+};
+
+export const attackDiscoveryStatus: { [k: string]: AttackDiscoveryStatus } = {
+  canceled: 'canceled',
+  failed: 'failed',
+  running: 'running',
+  succeeded: 'succeeded',
+};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts
new file mode 100644
index 0000000000000..d5de6e8d7cc06
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
+
+export const mockAttackDiscovery: AttackDiscovery = {
+  alertIds: [
+    '639801cdb10a93610be4a91fe0eac94cd3d4d292cf0c2a6d7b3674d7f7390357',
+    'bdcf649846dc3ed0ca66537e1c1dc62035a35a208ba4d9853a93e9be4b0dbea3',
+    'cdbd13134bbd371cd045e5f89970b21ab866a9c3817b2aaba8d8e247ca88b823',
+    '58571e1653b4201c4f35d49b6eb4023fc0219d5885ff7c385a9253a692a77104',
+    '06fcb3563de7dad14137c0bb4e5bae17948c808b8a3b8c60d9ec209a865b20ed',
+    '8bd3fcaeca5698ee26df402c8bc40df0404d34a278bc0bd9355910c8c92a4aee',
+    '59ff4efa1a03b0d1cb5c0640f5702555faf5c88d273616c1b6e22dcfc47ac46c',
+    'f352f8ca14a12062cde77ff2b099202bf74f4a7d757c2ac75ac63690b2f2f91a',
+  ],
+  detailsMarkdown:
+    'The following attack progression appears to have occurred on the host {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} involving the user {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}:\n\n- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation.\n- This application spawned child processes to copy a malicious file named "unix1" to the user\'s home directory and make it executable.\n- The malicious "unix1" file was then executed, attempting to access the user\'s login keychain and potentially exfiltrate credentials.\n- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing.\n\nThis appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.',
+  entitySummaryMarkdown:
+    'Suspicious activity involving the host {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} and user {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}.',
+  id: 'e6d1f8ef-7c1d-42d6-ba6a-11610bab72b1',
+  mitreAttackTactics: [
+    'Initial Access',
+    'Execution',
+    'Persistence',
+    'Privilege Escalation',
+    'Credential Access',
+  ],
+  summaryMarkdown:
+    'A multi-stage malware attack was detected on {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} involving {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}. A suspicious application delivered malware, attempted credential theft, and established persistence.',
+  timestamp: '2024-06-25T21:14:40.098Z',
+  title: 'Malware Attack With Credential Theft Attempt',
+};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts
index e165fb2d83562..6c703d799d405 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts
@@ -12,365 +12,37 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = (
 ): UseAttackDiscovery => ({
   alertsContextCount: 20,
   approximateFutureTime: null,
-  cachedAttackDiscoveries: {
-    claudeV3SonnetUsEast1: {
-      connectorId: 'claudeV3SonnetUsEast1',
-      attackDiscoveries: [
-        {
-          alertIds: [
-            'e770a817-0e87-4e4b-8e26-1bf504a209d2',
-            'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96',
-            '8cfde870-cd3b-40b8-9999-901c0b97fb5a',
-            'da8fa0b1-1f51-4c63-b5d0-2e35c9fa3b84',
-            '597fd583-4036-4631-a71a-7a8a7dd17848',
-            '550691a2-edac-4cc5-a453-6a36d5351c76',
-            'df97c2d9-9e28-43e0-a461-3bacf91a262f',
-            'f6558144-630c-49ec-8aa2-fe96364883c7',
-            '113819ec-cfd0-4867-bfbd-cb9ca8e1e69f',
-            'c6cbd80f-9602-4748-b951-56c0745f3e1f',
-          ],
-          detailsMarkdown:
-            '- {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential ransomware attack progression:\n\n  - A suspicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} was created and executed from {{ file.path 4053a825-9628-470a-8c83-c733e941bece }} by the parent process {{ process.parent.executable C:\\Windows\\Explorer.EXE }}.\n  - The suspicious executable then created another file {{ file.name 604300eb-3711-4e38-8500-0a395d3cc1e5 }} at {{ file.path 8e2853aa-f0b9-4c95-9895-d71a7aa8b4a4 }} and loaded it.\n  - Multiple shellcode injection alerts were triggered by the loaded file, indicating potential malicious activity.\n  - A ransomware detection alert was also triggered, suggesting the presence of ransomware behavior.\n\n- The suspicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} had an expired code signature from "TRANSPORT", which is not a trusted source.\n- The loaded file {{ file.name 604300eb-3711-4e38-8500-0a395d3cc1e5 }} was identified as potentially malicious by Elastic Endpoint Security.',
-          entitySummaryMarkdown:
-            'Potential ransomware attack involving {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.',
-          id: '9f6d4a18-7483-4103-92e7-24e2ebab77bb',
-          mitreAttackTactics: [
-            'Execution',
-            'Persistence',
-            'Privilege Escalation',
-            'Defense Evasion',
-          ],
-          summaryMarkdown:
-            'A potential ransomware attack progression was detected on {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A suspicious executable with an untrusted code signature was executed, leading to the creation and loading of a malicious file that triggered shellcode injection and ransomware detection alerts.',
-          title: 'Potential Ransomware Attack Progression Detected',
-        },
-        {
-          alertIds: [
-            '4691c8da-ccba-40f2-b540-0ec5656ad8ef',
-            '53b3ee1a-1594-447d-94a0-338af2a22844',
-            '2e744d88-3040-4ab8-90a3-1d5011ab1a6b',
-            '452ed87e-2e64-486b-ad6a-b368010f570a',
-            'd2ce2be7-1d86-4fbe-851a-05883e575a0b',
-            '7d0ae0fc-7c24-4760-8543-dc4d44f17126',
-          ],
-          detailsMarkdown:
-            '- {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack progression:\n\n  - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name B1Z8U2N9.txt }}) into another executable ({{ file.name Q3C7N1V8.exe }}).\n  - The decoded executable {{ file.name Q3C7N1V8.exe }} was then executed and created another file {{ file.name 2ddee627-fbe2-45a8-8b2b-eba7542b4e3d }} at {{ file.path ae8aacc8-bfe3-4735-8075-a135fcf60722 }}, which was loaded.\n  - Multiple alerts were triggered, including malware detection, suspicious Microsoft Office child process, uncommon persistence via registry modification, and rundll32 with unusual arguments.\n\n- The decoded executable {{ file.name Q3C7N1V8.exe }} exhibited persistence behavior by modifying the registry.\n- The rundll32.exe process was launched with unusual arguments to load the decoded file, which is a common malware technique.',
-          entitySummaryMarkdown:
-            'Potential malware attack involving {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.',
-          id: 'fd82a3bf-45e4-43ba-bb8f-795584923474',
-          mitreAttackTactics: ['Execution', 'Persistence', 'Defense Evasion'],
-          summaryMarkdown:
-            'A potential malware attack progression was detected on {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A Microsoft Office process launched a suspicious child process that decoded and executed a malicious executable, which exhibited persistence behavior and triggered multiple security alerts.',
-          title: 'Potential Malware Attack Progression Detected',
-        },
-        {
-          alertIds: ['9896f807-4e57-4da8-b1ea-d62645045428'],
-          detailsMarkdown:
-            '- {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack:\n\n  - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name K2G8Q8Z9.txt }}) into another executable ({{ file.name Z5K7J6H8.exe }}).\n  - This behavior triggered a "Malicious Behavior Prevention Alert: Suspicious Microsoft Office Child Process" alert.\n\n- The certutil.exe process is commonly abused by malware to decode and execute malicious payloads.',
-          entitySummaryMarkdown:
-            'Potential malware attack involving {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.',
-          id: '79a97cec-4126-479a-8fa1-706aec736bc5',
-          mitreAttackTactics: ['Execution', 'Defense Evasion'],
-          summaryMarkdown:
-            'A potential malware attack was detected on {{ host.name c7697774-7350-4153-9061-64a484500241 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A Microsoft Office process launched a suspicious child process that attempted to decode and execute a malicious payload, triggering a security alert.',
-          title: 'Potential Malware Attack Detected',
-        },
-        {
-          alertIds: ['53157916-4437-4a92-a7fd-f792c4aa1aae'],
-          detailsMarkdown:
-            '- {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware incident:\n\n  - The explorer.exe process ({{ process.executable C:\\Windows\\explorer.exe }}) attempted to create a file ({{ file.name 25a994dc-c605-425c-b139-c273001dc816 }}) at {{ file.path 9693f967-2b96-4281-893e-79adbdcf1066 }}.\n  - This file creation attempt was blocked, and a "Malware Prevention Alert" was triggered.\n\n- The file {{ file.name 25a994dc-c605-425c-b139-c273001dc816 }} was likely identified as malicious by Elastic Endpoint Security, leading to the prevention of its creation.',
-          entitySummaryMarkdown:
-            'Potential malware incident involving {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.',
-          id: '13c4a00d-88a8-408c-9ed5-b2518df0eae3',
-          mitreAttackTactics: ['Defense Evasion'],
-          summaryMarkdown:
-            'A potential malware incident was detected on {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. The explorer.exe process attempted to create a file that was identified as malicious by Elastic Endpoint Security, triggering a malware prevention alert and blocking the file creation.',
-          title: 'Potential Malware Incident Detected',
-        },
-      ],
-      replacements: {
-        '8e2853aa-f0b9-4c95-9895-d71a7aa8b4a4': 'C:\\Windows\\mpsvc.dll',
-        '73f9a91c-3268-4229-8bb9-7c1fe2f667bc': 'Administrator',
-        '001cc415-42ad-4b21-a92c-e4193b283b78': 'SRVWIN02',
-        'b0fd402c-9752-4d43-b0f7-9750cce247e7': 'OMM-WIN-DETECT',
-        '604300eb-3711-4e38-8500-0a395d3cc1e5': 'mpsvc.dll',
-        'e770a817-0e87-4e4b-8e26-1bf504a209d2':
-          '13c8569b2bfd65ecfa75b264b6d7f31a1b50c530101bcaeb8569b3a0190e93b4',
-        'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96':
-          '250d812f9623d0916bba521d4221757163f199d64ffab92f888581a00ca499be',
-        '4053a825-9628-470a-8c83-c733e941bece':
-          'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe',
-        '2acbc31d-a0ec-4f99-a544-b23fcdd37b70':
-          'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe',
-        '8cfde870-cd3b-40b8-9999-901c0b97fb5a':
-          '138876c616a2f403aadb6a1c3da316d97f15669fc90187a27d7f94a55674d19a',
-        'da8fa0b1-1f51-4c63-b5d0-2e35c9fa3b84':
-          '2bc20691da4ec37cc1f967d6f5b79e95c7f07f6e473724479dcf4402a192969c',
-        '9693f967-2b96-4281-893e-79adbdcf1066':
-          'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e',
-        '25a994dc-c605-425c-b139-c273001dc816':
-          'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e',
-        '597fd583-4036-4631-a71a-7a8a7dd17848':
-          '6cea6124aa27adf2f782db267c5173742b675331107cdb7372a46ae469366210',
-        '550691a2-edac-4cc5-a453-6a36d5351c76':
-          '26a9788ca7189baa31dcbb509779c1ac5d2e72297cb02e4b4ee8c1f9e371666f',
-        'df97c2d9-9e28-43e0-a461-3bacf91a262f':
-          'c107e4e903724f2a1e0ea8e0135032d1d75624bf7de8b99c17ba9a9f178c2d6a',
-        'f6558144-630c-49ec-8aa2-fe96364883c7':
-          'afb8ed160ae9f78990980d92fb3213ffff74a12ec75034384b4f53a3edf74400',
-        'c6cbd80f-9602-4748-b951-56c0745f3e1f':
-          '137aa729928d2a0df1d5e35f47f0ad2bd525012409a889358476dca8e06ba804',
-        '113819ec-cfd0-4867-bfbd-cb9ca8e1e69f':
-          '5bec676e7faa4b6329027c9798e70e6d5e7a4d6d08696597dc8a3b31490bdfe5',
-        'ae8aacc8-bfe3-4735-8075-a135fcf60722':
-          'C:\\Users\\Administrator\\AppData\\Local\\cdnver.dll',
-        '4d31c85a-f08b-4461-a67e-ca1991427e6d': 'SRVWIN01',
-        '2ddee627-fbe2-45a8-8b2b-eba7542b4e3d': 'cdnver.dll',
-        '8e8e2e05-521d-4988-b7ce-4763fea1faf0':
-          'f5d9e2d82dad1ff40161b92c097340ee07ae43715f6c9270705fb0db7a9eeca4',
-        '4691c8da-ccba-40f2-b540-0ec5656ad8ef':
-          'b4bf1d7b993141f813008dccab0182af3c810de0c10e43a92ac0d9d5f1dbf42e',
-        '53b3ee1a-1594-447d-94a0-338af2a22844':
-          '4ab871ec3d41d3271c2a1fc3861fabcbc06f7f4534a1b6f741816417bc73927c',
-        '2e744d88-3040-4ab8-90a3-1d5011ab1a6b':
-          '1f492a1b66f6c633a81a4c6318345b07f6d05624714da0b0cb7dd6d8e374e249',
-        '9e44ac92-1d88-4cfc-9f38-781c3457b395':
-          'e6fba60799acc5bf85ca34ec634482b95ac941c71e9822dfa34d9d774dd1e2bd',
-        '5164c2f3-9f96-4867-a263-cc7041b06ece': 'C:\\ProgramData\\Q3C7N1V8.exe',
-        '0aaff15a-a311-46b8-b20b-0db550e5005e': 'Q3C7N1V8.exe',
-        '452ed87e-2e64-486b-ad6a-b368010f570a':
-          '4be1be7b4351f2e94fa706ea1ab7f9dd7c3267a77832e94794ebb2b0a6d8493a',
-        '84e2000b-3c0a-4775-9903-89ebe953f247': 'C:\\Programdata\\Q3C7N1V8.exe',
-        'd2ce2be7-1d86-4fbe-851a-05883e575a0b':
-          '5ed1aa94157bd6b949bf1527320caf0e6f5f61d86518e5f13912314d0f024e88',
-        '7d0ae0fc-7c24-4760-8543-dc4d44f17126':
-          'a786f965902ed5490656f48adc79b46676dc2518a052759625f6108bbe2d864d',
-        'c7697774-7350-4153-9061-64a484500241': 'SRVWIN01-PRIV',
-        'b26da819-a141-4efd-84b0-6d2876f8800d': 'OMM-WIN-PREVENT',
-        '9896f807-4e57-4da8-b1ea-d62645045428':
-          '2a33e2c6150dfc6f0d49022fc0b5aefc90db76b6e237371992ebdee909d3c194',
-        '6d4355b3-3d1a-4673-b0c7-51c1c698bcc5': 'SRVWIN02-PRIV',
-        '53157916-4437-4a92-a7fd-f792c4aa1aae':
-          '605ebf550ae0ffc4aec2088b97cbf99853113b0db81879500547c4277ca1981a',
-      },
-      updated: new Date('2024-04-15T13:48:44.393Z'),
+  isLoadingPost: false,
+  stats: null,
+  didInitialFetch: true,
+  failureReason: null,
+  generationIntervals: [
+    {
+      date: new Date('2024-04-15T13:48:44.397Z').toISOString(),
+      durationMs: 85807,
     },
-    claudeV3SonnetUsWest2: {
-      connectorId: 'claudeV3SonnetUsWest2',
-      attackDiscoveries: [
-        {
-          alertIds: [
-            'e6b49cac-a5d0-4d22-a7e2-868881aa9d20',
-            '648d8ad4-6f4e-4c06-99f7-cdbce20f4480',
-            'bbfc0fd4-fbad-4ac4-b1b4-a9acd91ac504',
-            'c1252ff5-113a-4fe8-b341-9726c5011402',
-            'a3544119-12a0-4dd2-97b8-ed211233393b',
-            '3575d826-2350-4a4d-bb26-c92c324f38ca',
-            '778fd5cf-13b9-40fe-863d-abac2a6fe3c7',
-            '2ed82499-db91-4197-ad8d-5f03f59c6616',
-            '280e1e76-3a10-470c-8adc-094094badb1d',
-            '61ae312a-82c7-4bae-8014-f3790628b82f',
-          ],
-          detailsMarkdown:
-            '- {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }} was compromised by a malicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} launched from {{ process.parent.executable C:\\Windows\\Explorer.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The malicious executable created a suspicious file {{ file.name d2aeb0e2-e327-4979-aa31-d46454d5b1a5 }} and loaded it into memory via {{ process.executable C:\\Windows\\MsMpEng.exe }}\n\n- This behavior triggered multiple alerts for shellcode injection, ransomware activity, and other malicious behaviors\n\n- The malware appears to be a variant of ransomware',
-          entitySummaryMarkdown:
-            'Malicious activity detected on {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          id: 'e536ae7a-4ae8-4e47-9f20-0e40ac675d56',
-          mitreAttackTactics: [
-            'Initial Access',
-            'Execution',
-            'Persistence',
-            'Privilege Escalation',
-            'Defense Evasion',
-            'Discovery',
-            'Lateral Movement',
-            'Collection',
-            'Exfiltration',
-            'Impact',
-          ],
-          summaryMarkdown:
-            'Multiple critical alerts indicate a ransomware attack on {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }}, likely initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          title: 'Ransomware Attack',
-        },
-        {
-          alertIds: [
-            'b544dd2a-e208-4dac-afba-b60f799ab623',
-            '7d3a4bae-3bd7-41a7-aee2-f68088aef1d5',
-            'd1716ee3-e12e-4b03-8057-b9320f3ce825',
-            'ca31a2b6-cb77-4ca2-ada0-14bb39ec1a2e',
-            'a0b56cd3-1f7f-4221-bc88-6efb4082e781',
-            '2ab6a581-e2ab-4a54-a0e1-7b23bf8299cb',
-            '1d1040c3-9e30-47fb-b2cf-f9e8ab647547',
-          ],
-          detailsMarkdown:
-            '- {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} was compromised by a malicious executable {{ file.name 94b3c78d-c647-4ee1-9eba-8101b806a7af }} launched from {{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The malicious executable was decoded from a file {{ file.name 30820807-30f3-4b43-bb1d-c523d6375f49 }} using certutil.exe, which is a common malware technique\n\n- It established persistence by modifying registry keys and loading a malicious DLL {{ file.name 30820807-30f3-4b43-bb1d-c523d6375f49 }} via rundll32.exe\n\n- This behavior triggered alerts for malware, suspicious Microsoft Office child processes, and uncommon persistence mechanisms',
-          entitySummaryMarkdown:
-            'Malicious activity detected on {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          id: '36d3daf0-93f0-4887-8d2c-a935863091a0',
-          mitreAttackTactics: [
-            'Initial Access',
-            'Execution',
-            'Persistence',
-            'Privilege Escalation',
-            'Defense Evasion',
-            'Discovery',
-          ],
-          summaryMarkdown:
-            'Multiple critical alerts indicate a malware infection on {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} likely initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }} via a malicious Microsoft Office document',
-          title: 'Malware Infection via Malicious Office Document',
-        },
-        {
-          alertIds: ['67a27f31-f18f-4256-b64f-63e718eb688e'],
-          detailsMarkdown:
-            '- {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }} was targeted by a malicious executable that attempted to be decoded from a file using certutil.exe, which is a common malware technique\n\n- The malicious activity was initiated from {{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}, likely via a malicious Microsoft Office document\n\n- This behavior triggered an alert for a suspicious Microsoft Office child process',
-          entitySummaryMarkdown:
-            'Suspected malicious activity detected on {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          id: 'bbf6f5fc-f739-4598-945b-463dea90ea50',
-          mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'],
-          summaryMarkdown:
-            'A suspicious Microsoft Office child process was detected on {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }}, potentially initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }} via a malicious document',
-          title: 'Suspected Malicious Activity via Office Document',
-        },
-        {
-          alertIds: ['2242a749-7d59-4f24-8b33-b8772ab4f8df'],
-          detailsMarkdown:
-            '- A suspicious file creation attempt {{ file.name efcf53ac-3943-4d7d-96b5-d84eefd2c478 }} with the same hash as a known malicious executable was blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The file was likely being staged for later malicious activity\n\n- This triggered a malware prevention alert, indicating the threat was detected and mitigated',
-          entitySummaryMarkdown:
-            'Suspected malicious file blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          id: '069a5b43-1458-4e87-8dc6-97459a020ef8',
-          mitreAttackTactics: ['Initial Access', 'Execution'],
-          summaryMarkdown:
-            'A suspected malicious file creation was blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}',
-          title: 'Suspected Malicious File Creation Blocked',
-        },
-      ],
-      replacements: {
-        '6fcdf365-367a-4695-b08e-519c31345fec': 'C:\\Windows\\mpsvc.dll',
-        '4f7ff689-3079-4811-8fec-8c2bc2646cc2': 'Administrator',
-        'fb5608fd-5bf4-4b28-8ea8-a51160df847f': 'SRVWIN02',
-        'a141c5f0-5c06-41b8-8399-27c03a459398': 'OMM-WIN-DETECT',
-        'd2aeb0e2-e327-4979-aa31-d46454d5b1a5': 'mpsvc.dll',
-        'e6b49cac-a5d0-4d22-a7e2-868881aa9d20':
-          '13c8569b2bfd65ecfa75b264b6d7f31a1b50c530101bcaeb8569b3a0190e93b4',
-        '648d8ad4-6f4e-4c06-99f7-cdbce20f4480':
-          '250d812f9623d0916bba521d4221757163f199d64ffab92f888581a00ca499be',
-        'fca45966-448c-4652-9e02-2600dfa02a35':
-          'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe',
-        '5b9f846a-c497-4631-8a2f-7de265bfc864':
-          'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe',
-        'bbfc0fd4-fbad-4ac4-b1b4-a9acd91ac504':
-          '138876c616a2f403aadb6a1c3da316d97f15669fc90187a27d7f94a55674d19a',
-        '61ae312a-82c7-4bae-8014-f3790628b82f':
-          '2bc20691da4ec37cc1f967d6f5b79e95c7f07f6e473724479dcf4402a192969c',
-        'f1bbf0b8-d417-438f-ad09-dd8a854e0abb':
-          'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e',
-        'efcf53ac-3943-4d7d-96b5-d84eefd2c478':
-          'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e',
-        'c1252ff5-113a-4fe8-b341-9726c5011402':
-          '6cea6124aa27adf2f782db267c5173742b675331107cdb7372a46ae469366210',
-        'a3544119-12a0-4dd2-97b8-ed211233393b':
-          '26a9788ca7189baa31dcbb509779c1ac5d2e72297cb02e4b4ee8c1f9e371666f',
-        '3575d826-2350-4a4d-bb26-c92c324f38ca':
-          'c107e4e903724f2a1e0ea8e0135032d1d75624bf7de8b99c17ba9a9f178c2d6a',
-        '778fd5cf-13b9-40fe-863d-abac2a6fe3c7':
-          'afb8ed160ae9f78990980d92fb3213ffff74a12ec75034384b4f53a3edf74400',
-        '2ed82499-db91-4197-ad8d-5f03f59c6616':
-          '137aa729928d2a0df1d5e35f47f0ad2bd525012409a889358476dca8e06ba804',
-        '280e1e76-3a10-470c-8adc-094094badb1d':
-          '5bec676e7faa4b6329027c9798e70e6d5e7a4d6d08696597dc8a3b31490bdfe5',
-        '6fad79d9-1ed4-4c1d-8b30-43023b7a5552':
-          'C:\\Users\\Administrator\\AppData\\Local\\cdnver.dll',
-        'b6fb7e37-e3d6-47aa-b176-83d800984be8': 'SRVWIN01',
-        '30820807-30f3-4b43-bb1d-c523d6375f49': 'cdnver.dll',
-        '1d1040c3-9e30-47fb-b2cf-f9e8ab647547':
-          'f5d9e2d82dad1ff40161b92c097340ee07ae43715f6c9270705fb0db7a9eeca4',
-        'b544dd2a-e208-4dac-afba-b60f799ab623':
-          'b4bf1d7b993141f813008dccab0182af3c810de0c10e43a92ac0d9d5f1dbf42e',
-        '7d3a4bae-3bd7-41a7-aee2-f68088aef1d5':
-          '4ab871ec3d41d3271c2a1fc3861fabcbc06f7f4534a1b6f741816417bc73927c',
-        'd1716ee3-e12e-4b03-8057-b9320f3ce825':
-          '1f492a1b66f6c633a81a4c6318345b07f6d05624714da0b0cb7dd6d8e374e249',
-        'ca31a2b6-cb77-4ca2-ada0-14bb39ec1a2e':
-          'e6fba60799acc5bf85ca34ec634482b95ac941c71e9822dfa34d9d774dd1e2bd',
-        '03bcdffb-54d1-457e-9599-f10b93e10ed3': 'C:\\ProgramData\\Q3C7N1V8.exe',
-        '94b3c78d-c647-4ee1-9eba-8101b806a7af': 'Q3C7N1V8.exe',
-        '8fd14f7c-6b89-43b2-b58e-09502a007e21':
-          '4be1be7b4351f2e94fa706ea1ab7f9dd7c3267a77832e94794ebb2b0a6d8493a',
-        '2342b541-1c6b-4d59-bbd4-d897637573e1': 'C:\\Programdata\\Q3C7N1V8.exe',
-        'a0b56cd3-1f7f-4221-bc88-6efb4082e781':
-          '5ed1aa94157bd6b949bf1527320caf0e6f5f61d86518e5f13912314d0f024e88',
-        '2ab6a581-e2ab-4a54-a0e1-7b23bf8299cb':
-          'a786f965902ed5490656f48adc79b46676dc2518a052759625f6108bbe2d864d',
-        'b8639719-38c4-401e-8582-6e8ea098feef': 'SRVWIN01-PRIV',
-        '0549244b-3878-4ff8-a327-1758b8e88c10': 'OMM-WIN-PREVENT',
-        '67a27f31-f18f-4256-b64f-63e718eb688e':
-          '2a33e2c6150dfc6f0d49022fc0b5aefc90db76b6e237371992ebdee909d3c194',
-        '6bcc5c79-2171-4c71-9bea-fe0c116d3803': 'SRVWIN02-PRIV',
-        '2242a749-7d59-4f24-8b33-b8772ab4f8df':
-          '605ebf550ae0ffc4aec2088b97cbf99853113b0db81879500547c4277ca1981a',
-      },
-      updated: new Date('2024-04-15T15:11:24.903Z'),
+    {
+      date: new Date('2024-04-15T12:41:15.255Z').toISOString(),
+      durationMs: 12751,
     },
-  },
-  generationIntervals: {
-    claudeV3SonnetUsEast1: [
-      {
-        connectorId: 'claudeV3SonnetUsEast1',
-        date: new Date('2024-04-15T13:48:44.397Z'),
-        durationMs: 85807,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsEast1',
-        date: new Date('2024-04-15T12:41:15.255Z'),
-        durationMs: 12751,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsEast1',
-        date: new Date('2024-04-12T20:59:13.238Z'),
-        durationMs: 46169,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsEast1',
-        date: new Date('2024-04-12T19:34:56.701Z'),
-        durationMs: 86674,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsEast1',
-        date: new Date('2024-04-12T19:17:21.697Z'),
-        durationMs: 78486,
-      },
-    ],
-    claudeV3SonnetUsWest2: [
-      {
-        connectorId: 'claudeV3SonnetUsWest2',
-        date: new Date('2024-04-15T15:11:24.906Z'),
-        durationMs: 71715,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsWest2',
-        date: new Date('2024-04-12T13:13:35.335Z'),
-        durationMs: 66176,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsWest2',
-        date: new Date('2024-04-11T18:30:36.360Z'),
-        durationMs: 88079,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsWest2',
-        date: new Date('2024-04-11T18:12:50.350Z'),
-        durationMs: 77704,
-      },
-      {
-        connectorId: 'claudeV3SonnetUsWest2',
-        date: new Date('2024-04-11T17:57:21.902Z'),
-        durationMs: 77016,
-      },
-    ],
-  },
+    {
+      date: new Date('2024-04-12T20:59:13.238Z').toISOString(),
+      durationMs: 46169,
+    },
+    {
+      date: new Date('2024-04-12T19:34:56.701Z').toISOString(),
+      durationMs: 86674,
+    },
+    {
+      date: new Date('2024-04-12T19:17:21.697Z').toISOString(),
+      durationMs: 78486,
+    },
+  ],
   fetchAttackDiscoveries,
+  onCancel: jest.fn(),
   attackDiscoveries: [
     {
+      timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(),
       alertIds: [
         'e770a817-0e87-4e4b-8e26-1bf504a209d2',
         'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96',
@@ -394,6 +66,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = (
       title: 'Potential Ransomware Attack Progression Detected',
     },
     {
+      timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(),
       alertIds: [
         '4691c8da-ccba-40f2-b540-0ec5656ad8ef',
         '53b3ee1a-1594-447d-94a0-338af2a22844',
@@ -413,6 +86,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = (
       title: 'Potential Malware Attack Progression Detected',
     },
     {
+      timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(),
       alertIds: ['9896f807-4e57-4da8-b1ea-d62645045428'],
       detailsMarkdown:
         '- {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack:\n\n  - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name K2G8Q8Z9.txt }}) into another executable ({{ file.name Z5K7J6H8.exe }}).\n  - This behavior triggered a "Malicious Behavior Prevention Alert: Suspicious Microsoft Office Child Process" alert.\n\n- The certutil.exe process is commonly abused by malware to decode and execute malicious payloads.',
@@ -425,6 +99,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = (
       title: 'Potential Malware Attack Detected',
     },
     {
+      timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(),
       alertIds: ['53157916-4437-4a92-a7fd-f792c4aa1aae'],
       detailsMarkdown:
         '- {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware incident:\n\n  - The explorer.exe process ({{ process.executable C:\\Windows\\explorer.exe }}) attempted to create a file ({{ file.name 25a994dc-c605-425c-b139-c273001dc816 }}) at {{ file.path 9693f967-2b96-4281-893e-79adbdcf1066 }}.\n  - This file creation attempt was blocked, and a "Malware Prevention Alert" was triggered.\n\n- The file {{ file.name 25a994dc-c605-425c-b139-c273001dc816 }} was likely identified as malicious by Elastic Endpoint Security, leading to the prevention of its creation.',
@@ -505,30 +180,104 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = (
   isLoading: false,
 });
 
-export const getMockUseAttackDiscoveriesWithNoAttackDiscoveries = (
-  fetchAttackDiscoveries: () => Promise<void>
-): UseAttackDiscovery => ({
-  alertsContextCount: null,
-  approximateFutureTime: null,
-  cachedAttackDiscoveries: {},
-  fetchAttackDiscoveries,
-  generationIntervals: undefined,
-  attackDiscoveries: [],
-  lastUpdated: null,
-  replacements: {},
-  isLoading: false,
-});
-
 export const getMockUseAttackDiscoveriesWithNoAttackDiscoveriesLoading = (
   fetchAttackDiscoveries: () => Promise<void>
 ): UseAttackDiscovery => ({
   alertsContextCount: null,
   approximateFutureTime: new Date('2024-04-15T17:13:29.470Z'), // <-- estimated generation completion time
-  cachedAttackDiscoveries: {},
   fetchAttackDiscoveries,
+  onCancel: jest.fn(),
   generationIntervals: undefined,
   attackDiscoveries: [],
+  isLoadingPost: false,
+  stats: null,
+  didInitialFetch: true,
+  failureReason: null,
   lastUpdated: null,
   replacements: {},
   isLoading: true, // <-- attack discoveries are being generated
 });
+
+export const getRawAttackDiscoveryResponse = () => ({
+  alertsContextCount: 20,
+  attackDiscoveries: [
+    {
+      alertIds: [
+        '382d546a7ba5ab35c050f106bece236e87e3d51076a479f0beae8b2015b8fb26',
+        'ca9da6b3b77b7038d958b9e144f0a406c223a862c0c991ce9782b98e03a98c87',
+        '5301f4fb014538df7ce1eb9929227dde3adc0bf5b4f28aa15c8aa4e4fda95f35',
+        '1459af4af8b92e1710c0ee075b1c444eaa927583dfd71b42e9a10de37c8b9cf0',
+        '468457e9c5132aadae501b75ec5b766e1465ab865ad8d79e03f66593a76fccdf',
+        'fb92e7fa5679db3e91d84d998faddb7ed269f1c8cdc40443f35e67c930383d34',
+        '03e0f8f1598018da8143bba6b60e6ddea30551a2286ba76d717568eed3d17a66',
+        '28021a7aca7de03018d820182c9784f8d5f2e1b99e0159177509a69bee1c3ac0',
+      ],
+      detailsMarkdown:
+        'The following attack progression appears to have occurred on the host {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} involving the user {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }}:\\n\\n- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation\\n- This application attempted to run various malicious scripts and commands, including:\\n  - Spawning a child process to run the "osascript" utility to display a fake system dialog prompting for user credentials ({{ process.command_line osascript -e display dialog "MacOS wants to access System Preferences\\n\\t\\t\\nPlease enter your password." with title "System Preferences" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:ToolbarAdvanced.icns" default answer "" giving up after 30 with hidden answer ¬ }})\\n  - Modifying permissions on a suspicious file named "unix1" ({{ process.command_line chmod 777 /Users/james/unix1 }})\\n  - Executing the suspicious "unix1" file and passing it the user\'s login keychain file and a hardcoded password ({{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }})\\n\\nThis appears to be a multi-stage malware attack, potentially aimed at credential theft and further malicious execution on the compromised host. The tactics used align with Credential Access ({{ threat.tactic.name Credential Access }}) and Execution ({{ threat.tactic.name Execution }}) based on MITRE ATT&CK.',
+      entitySummaryMarkdown:
+        'Suspicious activity detected on {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} involving {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }}.',
+      mitreAttackTactics: ['Credential Access', 'Execution'],
+      summaryMarkdown:
+        'A multi-stage malware attack was detected on a macOS host, likely initiated through a malicious application download. The attack involved credential phishing attempts, suspicious file modifications, and the execution of untrusted binaries potentially aimed at credential theft. {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} and {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }} were involved.',
+      title: 'Credential Theft Malware Attack on macOS',
+    },
+    {
+      alertIds: [
+        '8772effc4970e371a26d556556f68cb8c73f9d9d9482b7f20ee1b1710e642a23',
+        '63c761718211fa51ea797669d845c3d4f23b1a28c77a101536905e6fd0b4aaa6',
+        '55f4641a9604e1088deae4897e346e63108bde9167256c7cb236164233899dcc',
+        'eaf9991c83feef7798983dc7cacda86717d77136a3a72c9122178a03ce2f15d1',
+        'f7044f707ac119256e5a0ccd41d451b51bca00bdc6899c7e5e8e1edddfeb6774',
+        'fad83b4223f3c159646ad22df9877b9c400f9472655e49781e2a5951b641088e',
+      ],
+      detailsMarkdown:
+        'The following attack progression appears to have occurred on the host {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} involving the user {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}:\\n\\n- A malicious Microsoft Office document was opened, spawning a child process to write a suspicious VBScript file named "AppPool.vbs" ({{ file.path C:\\ProgramData\\WindowsAppPool\\AppPool.vbs }})\\n- The VBScript launched PowerShell and executed an obfuscated script from "AppPool.ps1"\\n- Additional malicious activities were performed, including:\\n  - Creating a scheduled task to periodically execute the VBScript\\n  - Spawning a cmd.exe process to create the scheduled task\\n  - Executing the VBScript directly\\n\\nThis appears to be a multi-stage malware attack initiated through malicious Office documents, employing script obfuscation, scheduled task persistence, and defense evasion tactics. The activities map to Initial Access ({{ threat.tactic.name Initial Access }}), Execution ({{ threat.tactic.name Execution }}), and Defense Evasion ({{ threat.tactic.name Defense Evasion }}) based on MITRE ATT&CK.',
+      entitySummaryMarkdown:
+        'Suspicious activity detected on {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} involving {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}.',
+      mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'],
+      summaryMarkdown:
+        'A multi-stage malware attack was detected on a Windows host, likely initiated through a malicious Microsoft Office document. The attack involved script obfuscation, scheduled task persistence, and other defense evasion tactics. {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} and {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }} were involved.',
+      title: 'Malicious Office Document Initiates Malware Attack',
+    },
+    {
+      alertIds: [
+        'd1b8b1c6f891fd181af236d0a81b8769c4569016d5b341cdf6a3fefb7cf9cbfd',
+        '005f2dfb7efb08b34865b308876ecad188fc9a3eebf35b5e3af3c3780a3fb239',
+        '7e41ddd221831544c5ff805e0ec31fc3c1f22c04257de1366112cfef14df9f63',
+      ],
+      detailsMarkdown:
+        'The following attack progression appears to have occurred on the host {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} involving the user {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}:\\n\\n- A suspicious process launched by msiexec.exe spawned a PowerShell session\\n- The PowerShell process exhibited the following malicious behaviors:\\n  - Shellcode injection detected, indicating the presence of the "Windows.Trojan.Bumblebee" malware\\n  - Establishing network connections, suggesting command and control or data exfiltration\\n\\nThis appears to be a case of malware delivery and execution via an MSI package, potentially initiated through a software supply chain compromise or social engineering attack. The tactics employed align with Defense Evasion ({{ threat.tactic.name Defense Evasion }}) through system binary proxy execution, as well as potential Command and Control ({{ threat.tactic.name Command and Control }}) based on MITRE ATT&CK.',
+      entitySummaryMarkdown:
+        'Suspicious activity detected on {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} involving {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}.',
+      mitreAttackTactics: ['Defense Evasion', 'Command and Control'],
+      summaryMarkdown:
+        'A malware attack was detected on a Windows host, likely delivered through a compromised MSI package. The attack involved shellcode injection, network connections, and the use of system binaries for defense evasion. {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} and {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }} were involved.',
+      title: 'Malware Delivery via Compromised MSI Package',
+    },
+    {
+      alertIds: [
+        '12057d82e79068080f6acf268ca45c777d3f80946b466b59954320ec5f86f24a',
+        '81c7c57a360bee531b1398b0773e7c4a2332fbdda4e66f135e01fc98ec7f4e3d',
+      ],
+      detailsMarkdown:
+        'The following attack progression appears to have occurred on the host {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} involving the user {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }}:\\n\\n- A malicious file named "kdmtmpflush" with the SHA256 hash {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} was copied to the /dev/shm directory\\n- Permissions were modified to make the file executable\\n- The file was then executed with the "--init" argument, likely to initialize malicious components\\n\\nThis appears to be a case of the "Linux.Trojan.BPFDoor" malware being deployed on the Linux host. The tactics employed align with Execution ({{ threat.tactic.name Execution }}) based on MITRE ATT&CK.',
+      entitySummaryMarkdown:
+        'Suspicious activity detected on {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} involving {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }}.',
+      mitreAttackTactics: ['Execution'],
+      summaryMarkdown:
+        'The "Linux.Trojan.BPFDoor" malware was detected being deployed on a Linux host. A malicious file was copied, permissions were modified, and the file was executed to likely initialize malicious components. {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} and {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }} were involved.',
+      title: 'Linux.Trojan.BPFDoor Malware Deployment Detected',
+    },
+  ],
+  connector_id: 'pmeClaudeV3SonnetUsEast1',
+  replacements: {
+    'ddc8db29-46eb-44fe-80b6-1ea642c338ac': 'james',
+    '05207978-1585-4e46-9b36-69c4bb85a768': 'SRVMAC08',
+    '7245f867-9a09-48d7-9165-84a69fa0727d': 'root',
+    'e411fe2e-aeea-44b5-b09a-4336dabb3969': 'Administrator',
+    '5a63f6dc-4e40-41fe-a92c-7898e891025e': 'SRVWIN07-PRIV',
+    'b775910b-4b71-494d-bfb1-4be3fe88c2b0': 'SRVWIN07',
+    'c1e00157-c636-4222-b3a2-5d9ea667a3a8': 'SRVWIN06',
+    'd4c92b0d-b82f-4702-892d-dd06ad8418e8': 'SRVNIX05',
+  },
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx
new file mode 100644
index 0000000000000..a70bfaa5c9951
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { AnimatedCounter } from '.';
+
+describe('AnimatedCounter', () => {
+  it('renders the expected final count', async () => {
+    const animationDurationMs = 10; // ms
+    const count = 20;
+
+    render(<AnimatedCounter animationDurationMs={animationDurationMs} count={count} />);
+    await new Promise((resolve) => setTimeout(resolve, animationDurationMs + 10));
+
+    const animatedCounter = screen.getByTestId('animatedCounter');
+
+    expect(animatedCounter).toHaveTextContent(`${count}`);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx
index 2428158aa5b71..5dd4cb8fc4267 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx
@@ -11,14 +11,14 @@ import * as d3 from 'd3';
 import React, { useRef, useEffect } from 'react';
 
 interface Props {
+  animationDurationMs?: number;
   count: number;
 }
 
-const AnimatedCounterComponent: React.FC<Props> = ({ count }) => {
+const AnimatedCounterComponent: React.FC<Props> = ({ animationDurationMs = 1000 * 1, count }) => {
   const { euiTheme } = useEuiTheme();
   const d3Ref = useRef(null);
   const zero = 0; // counter starts at zero
-  const animationDurationMs = 1000 * 1;
 
   useEffect(() => {
     if (d3Ref.current) {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx
new file mode 100644
index 0000000000000..70acc1dbb2ca8
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx
@@ -0,0 +1,150 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { EmptyPrompt } from '.';
+import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
+import { TestProviders } from '../../../common/mock';
+
+jest.mock('../../../assistant/use_assistant_availability');
+
+describe('EmptyPrompt', () => {
+  const alertsCount = 20;
+  const onGenerate = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('when the user has the assistant privilege', () => {
+    beforeEach(() => {
+      (useAssistantAvailability as jest.Mock).mockReturnValue({
+        hasAssistantPrivilege: true,
+        isAssistantEnabled: true,
+      });
+
+      render(
+        <TestProviders>
+          <EmptyPrompt
+            alertsCount={alertsCount}
+            isLoading={false}
+            isDisabled={false}
+            onGenerate={onGenerate}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('renders the empty prompt avatar', () => {
+      const emptyPromptAvatar = screen.getByTestId('emptyPromptAvatar');
+
+      expect(emptyPromptAvatar).toBeInTheDocument();
+    });
+
+    it('renders the animated counter', () => {
+      const emptyPromptAnimatedCounter = screen.getByTestId('emptyPromptAnimatedCounter');
+
+      expect(emptyPromptAnimatedCounter).toBeInTheDocument();
+    });
+
+    it('renders the expected statement', () => {
+      const emptyPromptAlertsWillBeAnalyzed = screen.getByTestId('emptyPromptAlertsWillBeAnalyzed');
+
+      expect(emptyPromptAlertsWillBeAnalyzed).toHaveTextContent('alerts will be analyzed');
+    });
+
+    it('calls onGenerate when the generate button is clicked', () => {
+      const generateButton = screen.getByTestId('generate');
+
+      fireEvent.click(generateButton);
+
+      expect(onGenerate).toHaveBeenCalled();
+    });
+  });
+
+  describe('when the user does NOT have the assistant privilege', () => {
+    it('disables the generate button when the user does NOT have the assistant privilege', () => {
+      (useAssistantAvailability as jest.Mock).mockReturnValue({
+        hasAssistantPrivilege: false, // <-- the user does NOT have the assistant privilege
+        isAssistantEnabled: true,
+      });
+
+      render(
+        <TestProviders>
+          <EmptyPrompt
+            alertsCount={alertsCount}
+            isLoading={false}
+            isDisabled={false}
+            onGenerate={onGenerate}
+          />
+        </TestProviders>
+      );
+
+      const generateButton = screen.getByTestId('generate');
+
+      expect(generateButton).toBeDisabled();
+    });
+  });
+
+  describe('when loading is true', () => {
+    const isLoading = true;
+
+    beforeEach(() => {
+      (useAssistantAvailability as jest.Mock).mockReturnValue({
+        hasAssistantPrivilege: true,
+        isAssistantEnabled: true,
+      });
+
+      render(
+        <TestProviders>
+          <EmptyPrompt
+            alertsCount={alertsCount}
+            isLoading={isLoading}
+            isDisabled={false}
+            onGenerate={onGenerate}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('disables the generate button while loading', () => {
+      const generateButton = screen.getByTestId('generate');
+
+      expect(generateButton).toBeDisabled();
+    });
+  });
+
+  describe('when isDisabled is true', () => {
+    const isDisabled = true;
+
+    beforeEach(() => {
+      (useAssistantAvailability as jest.Mock).mockReturnValue({
+        hasAssistantPrivilege: true,
+        isAssistantEnabled: true,
+      });
+
+      render(
+        <TestProviders>
+          <EmptyPrompt
+            alertsCount={alertsCount}
+            isLoading={false}
+            isDisabled={isDisabled}
+            onGenerate={onGenerate}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('disables the generate button when isDisabled is true', () => {
+      const generateButton = screen.getByTestId('generate');
+
+      expect(generateButton).toBeDisabled();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx
index 406b9a4233d7c..460511defbdf9 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx
@@ -32,6 +32,7 @@ describe('EmptyStates', () => {
             alertsCount={alertsCount}
             attackDiscoveriesCount={attackDiscoveriesCount}
             connectorId={connectorId}
+            failureReason={null}
             isLoading={isLoading}
             onGenerate={onGenerate}
           />
@@ -72,6 +73,7 @@ describe('EmptyStates', () => {
             alertsCount={alertsCount}
             attackDiscoveriesCount={attackDiscoveriesCount}
             connectorId={connectorId}
+            failureReason={null}
             isLoading={isLoading}
             onGenerate={onGenerate}
           />
@@ -83,6 +85,10 @@ describe('EmptyStates', () => {
       expect(screen.queryByTestId('welcome')).not.toBeInTheDocument();
     });
 
+    it('does NOT render the Failure prompt', () => {
+      expect(screen.queryByTestId('failure')).not.toBeInTheDocument();
+    });
+
     it('renders the No Alerts prompt', () => {
       expect(screen.getByTestId('noAlerts')).toBeInTheDocument();
     });
@@ -92,6 +98,51 @@ describe('EmptyStates', () => {
     });
   });
 
+  describe('when the Failure prompt should be shown', () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+
+      const aiConnectorsCount = 1;
+      const alertsContextCount = 10;
+      const alertsCount = 10;
+      const attackDiscoveriesCount = 10;
+      const connectorId = 'test-connector-id';
+      const isLoading = false;
+      const onGenerate = jest.fn();
+
+      render(
+        <TestProviders>
+          <EmptyStates
+            aiConnectorsCount={aiConnectorsCount}
+            alertsContextCount={alertsContextCount}
+            alertsCount={alertsCount}
+            attackDiscoveriesCount={attackDiscoveriesCount}
+            connectorId={connectorId}
+            failureReason={"you're a failure"}
+            isLoading={isLoading}
+            onGenerate={onGenerate}
+          />
+        </TestProviders>
+      );
+    });
+
+    it('does NOT render the Welcome prompt', () => {
+      expect(screen.queryByTestId('welcome')).not.toBeInTheDocument();
+    });
+
+    it('renders the Failure prompt', () => {
+      expect(screen.getByTestId('failure')).toBeInTheDocument();
+    });
+
+    it('does NOT render the No Alerts prompt', () => {
+      expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument();
+    });
+
+    it('does NOT render the Empty prompt', () => {
+      expect(screen.queryByTestId('emptyPrompt')).not.toBeInTheDocument();
+    });
+  });
+
   describe('when the Empty prompt should be shown', () => {
     beforeEach(() => {
       jest.clearAllMocks();
@@ -112,6 +163,7 @@ describe('EmptyStates', () => {
             alertsCount={alertsCount}
             attackDiscoveriesCount={attackDiscoveriesCount}
             connectorId={connectorId}
+            failureReason={null}
             isLoading={isLoading}
             onGenerate={onGenerate}
           />
@@ -123,6 +175,10 @@ describe('EmptyStates', () => {
       expect(screen.queryByTestId('welcome')).not.toBeInTheDocument();
     });
 
+    it('does NOT render the Failure prompt', () => {
+      expect(screen.queryByTestId('failure')).not.toBeInTheDocument();
+    });
+
     it('does NOT render the No Alerts prompt', () => {
       expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument();
     });
@@ -154,6 +210,7 @@ describe('EmptyStates', () => {
             alertsCount={alertsCount}
             attackDiscoveriesCount={attackDiscoveriesCount}
             connectorId={connectorId}
+            failureReason={null}
             isLoading={isLoading}
             onGenerate={onGenerate}
           />
@@ -165,6 +222,10 @@ describe('EmptyStates', () => {
       expect(screen.queryByTestId('welcome')).not.toBeInTheDocument();
     });
 
+    it('does NOT render the Failure prompt', () => {
+      expect(screen.queryByTestId('failure')).not.toBeInTheDocument();
+    });
+
     it('does NOT render the No Alerts prompt', () => {
       expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument();
     });
@@ -200,6 +261,7 @@ describe('EmptyStates', () => {
             alertsCount={alertsCount}
             attackDiscoveriesCount={attackDiscoveriesCount}
             connectorId={connectorId}
+            failureReason={null}
             isLoading={isLoading}
             onGenerate={onGenerate}
           />
@@ -211,6 +273,10 @@ describe('EmptyStates', () => {
       expect(screen.queryByTestId('welcome')).not.toBeInTheDocument();
     });
 
+    it('does NOT render the Failure prompt', () => {
+      expect(screen.queryByTestId('failure')).not.toBeInTheDocument();
+    });
+
     it('does NOT render the No Alerts prompt', () => {
       expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument();
     });
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx
index 009db0eb6e326..d38200a4be205 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx
@@ -7,6 +7,7 @@
 
 import React from 'react';
 
+import { Failure } from '../failure';
 import { EmptyPrompt } from '../empty_prompt';
 import { showEmptyPrompt, showNoAlertsPrompt, showWelcomePrompt } from '../helpers';
 import { NoAlerts } from '../no_alerts';
@@ -18,6 +19,7 @@ interface Props {
   alertsCount: number;
   attackDiscoveriesCount: number;
   connectorId: string | undefined;
+  failureReason: string | null;
   isLoading: boolean;
   onGenerate: () => Promise<void>;
 }
@@ -28,11 +30,14 @@ const EmptyStatesComponent: React.FC<Props> = ({
   alertsCount,
   attackDiscoveriesCount,
   connectorId,
+  failureReason,
   isLoading,
   onGenerate,
 }) => {
   if (showWelcomePrompt({ aiConnectorsCount, isLoading })) {
     return <Welcome />;
+  } else if (failureReason !== null) {
+    return <Failure failureReason={failureReason} />;
   } else if (showNoAlertsPrompt({ alertsContextCount, isLoading })) {
     return <NoAlerts />;
   } else if (showEmptyPrompt({ attackDiscoveriesCount, isLoading })) {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx
new file mode 100644
index 0000000000000..74778cb49164f
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Failure } from '.';
+import { LEARN_MORE, FAILURE_TITLE } from './translations';
+const failureReason = "You're a failure";
+describe('Failure', () => {
+  beforeEach(() => {
+    render(<Failure failureReason={failureReason} />);
+  });
+
+  it('renders the expected title', () => {
+    const title = screen.getByTestId('failureTitle');
+
+    expect(title).toHaveTextContent(FAILURE_TITLE);
+  });
+
+  it('renders the expected body text', () => {
+    const bodyText = screen.getByTestId('bodyText');
+
+    expect(bodyText).toHaveTextContent(failureReason);
+  });
+
+  describe('link', () => {
+    let learnMoreLink: HTMLElement;
+
+    beforeEach(() => {
+      learnMoreLink = screen.getByTestId('learnMoreLink');
+    });
+
+    it('links to the documentation', () => {
+      expect(learnMoreLink).toHaveAttribute(
+        'href',
+        'https://www.elastic.co/guide/en/security/current/attack-discovery.html'
+      );
+    });
+
+    it('opens in a new tab', () => {
+      expect(learnMoreLink).toHaveAttribute('target', '_blank');
+    });
+
+    it('has the expected text', () => {
+      expect(learnMoreLink).toHaveTextContent(LEARN_MORE);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx
new file mode 100644
index 0000000000000..8de3e0e380c07
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiLink, EuiText } from '@elastic/eui';
+import React from 'react';
+
+import * as i18n from './translations';
+
+const FailureComponent: React.FC<{ failureReason: string }> = ({ failureReason }) => {
+  return (
+    <EuiFlexGroup alignItems="center" data-test-subj="failure" direction="column">
+      <EuiFlexItem data-test-subj="emptyPromptContainer" grow={false}>
+        <EuiEmptyPrompt
+          iconType="error"
+          color="danger"
+          body={
+            <EuiText color="subdued" data-test-subj="bodyText">
+              {failureReason}
+            </EuiText>
+          }
+          title={<h2 data-test-subj="failureTitle">{i18n.FAILURE_TITLE}</h2>}
+        />
+      </EuiFlexItem>
+
+      <EuiFlexItem grow={false}>
+        <EuiLink
+          external={true}
+          data-test-subj="learnMoreLink"
+          href="https://www.elastic.co/guide/en/security/current/attack-discovery.html"
+          target="_blank"
+        >
+          {i18n.LEARN_MORE}
+        </EuiLink>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
+
+export const Failure = React.memo(FailureComponent);
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts
new file mode 100644
index 0000000000000..b36104d202ba8
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const LEARN_MORE = i18n.translate(
+  'xpack.securitySolution.attackDiscovery.pages.failure.learnMoreLink',
+  {
+    defaultMessage: 'Learn more about Attack discovery',
+  }
+);
+
+export const FAILURE_TITLE = i18n.translate(
+  'xpack.securitySolution.attackDiscovery.pages.failure.title',
+  {
+    defaultMessage: 'Attack discovery generation failed',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx
new file mode 100644
index 0000000000000..938da7f930d51
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx
@@ -0,0 +1,190 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Header } from '.';
+import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
+import { TestProviders } from '../../../common/mock';
+
+jest.mock('../../../assistant/use_assistant_availability');
+
+describe('Header', () => {
+  beforeEach(() => {
+    (useAssistantAvailability as jest.Mock).mockReturnValue({
+      hasAssistantPrivilege: true,
+      isAssistantEnabled: true,
+    });
+  });
+
+  it('renders the connector selector', () => {
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={false}
+          onCancel={jest.fn()}
+          onGenerate={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const connectorSelector = screen.getByTestId('connectorSelectorPlaceholderButton');
+
+    expect(connectorSelector).toBeInTheDocument();
+  });
+
+  it('does NOT render the connector selector when connectors are NOT configured', () => {
+    const connectorsAreConfigured = false;
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={connectorsAreConfigured}
+          isDisabledActions={false}
+          isLoading={false}
+          onCancel={jest.fn()}
+          onGenerate={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const connectorSelector = screen.queryByTestId('connectorSelectorPlaceholderButton');
+
+    expect(connectorSelector).not.toBeInTheDocument();
+  });
+
+  it('invokes onGenerate when the generate button is clicked', () => {
+    const onGenerate = jest.fn();
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={false}
+          onCancel={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+          onGenerate={onGenerate}
+        />
+      </TestProviders>
+    );
+
+    const generate = screen.getByTestId('generate');
+
+    fireEvent.click(generate);
+
+    expect(onGenerate).toHaveBeenCalled();
+  });
+
+  it('disables the generate button when the user does NOT have the assistant privilege', () => {
+    (useAssistantAvailability as jest.Mock).mockReturnValue({
+      hasAssistantPrivilege: false,
+      isAssistantEnabled: true,
+    });
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={false}
+          onCancel={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+          onGenerate={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const generate = screen.getByTestId('generate');
+
+    expect(generate).toBeDisabled();
+  });
+
+  it('displays the cancel button when loading', () => {
+    const isLoading = true;
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={isLoading}
+          onCancel={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+          onGenerate={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const cancel = screen.getByTestId('cancel');
+
+    expect(cancel).toBeInTheDocument();
+  });
+
+  it('invokes onCancel when the cancel button is clicked', () => {
+    const isLoading = true;
+    const onCancel = jest.fn();
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId="testConnectorId"
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={isLoading}
+          onCancel={onCancel}
+          onConnectorIdSelected={jest.fn()}
+          onGenerate={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const cancel = screen.getByTestId('cancel');
+    fireEvent.click(cancel);
+
+    expect(onCancel).toHaveBeenCalled();
+  });
+
+  it('disables the generate button when connectorId is undefined', () => {
+    const connectorId = undefined;
+
+    render(
+      <TestProviders>
+        <Header
+          stats={null}
+          connectorId={connectorId}
+          connectorsAreConfigured={true}
+          isDisabledActions={false}
+          isLoading={false}
+          onCancel={jest.fn()}
+          onConnectorIdSelected={jest.fn()}
+          onGenerate={jest.fn()}
+        />
+      </TestProviders>
+    );
+
+    const generate = screen.getByTestId('generate');
+
+    expect(generate).toBeDisabled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx
index 650eff33fbd93..78ad8db6d2f6e 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx
@@ -5,12 +5,15 @@
  * 2.0.
  */
 
+import type { EuiButtonProps } from '@elastic/eui';
 import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiToolTip, useEuiTheme } from '@elastic/eui';
 import { css } from '@emotion/react';
 import { ConnectorSelectorInline } from '@kbn/elastic-assistant';
 import { noop } from 'lodash/fp';
-import React from 'react';
+import React, { useCallback, useEffect, useMemo, useState } from 'react';
 
+import type { AttackDiscoveryStats } from '@kbn/elastic-assistant-common';
+import { StatusBell } from './status_bell';
 import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
 import * as i18n from './translations';
 
@@ -18,22 +21,56 @@ interface Props {
   connectorId: string | undefined;
   connectorsAreConfigured: boolean;
   isLoading: boolean;
+  isDisabledActions: boolean;
   onGenerate: () => void;
+  onCancel: () => void;
   onConnectorIdSelected: (connectorId: string) => void;
+  stats: AttackDiscoveryStats | null;
 }
 
 const HeaderComponent: React.FC<Props> = ({
   connectorId,
   connectorsAreConfigured,
   isLoading,
+  isDisabledActions,
   onGenerate,
   onConnectorIdSelected,
+  onCancel,
+  stats,
 }) => {
   const isFlyoutMode = false; // always false for attack discovery
   const { hasAssistantPrivilege } = useAssistantAvailability();
   const { euiTheme } = useEuiTheme();
-  const disabled = !hasAssistantPrivilege || isLoading || connectorId == null;
+  const disabled = !hasAssistantPrivilege || connectorId == null;
 
+  const [didCancel, setDidCancel] = useState(false);
+
+  const handleCancel = useCallback(() => {
+    setDidCancel(true);
+    onCancel();
+  }, [onCancel]);
+
+  useEffect(() => {
+    if (isLoading === false) setDidCancel(false);
+  }, [isLoading]);
+
+  const buttonProps = useMemo(
+    () =>
+      isLoading
+        ? {
+            dataTestSubj: 'cancel',
+            color: 'danger' as EuiButtonProps['color'],
+            onClick: handleCancel,
+            text: i18n.CANCEL,
+          }
+        : {
+            dataTestSubj: 'generate',
+            color: 'primary' as EuiButtonProps['color'],
+            onClick: onGenerate,
+            text: i18n.GENERATE,
+          },
+    [isLoading, handleCancel, onGenerate]
+  );
   return (
     <EuiFlexGroup
       alignItems="center"
@@ -44,6 +81,7 @@ const HeaderComponent: React.FC<Props> = ({
       data-test-subj="header"
       gutterSize="none"
     >
+      <StatusBell stats={stats} />
       {connectorsAreConfigured && (
         <EuiFlexItem grow={false}>
           <ConnectorSelectorInline
@@ -51,6 +89,7 @@ const HeaderComponent: React.FC<Props> = ({
             onConnectorSelected={noop}
             onConnectorIdSelected={onConnectorIdSelected}
             selectedConnectorId={connectorId}
+            stats={stats}
           />
         </EuiFlexItem>
       )}
@@ -61,13 +100,13 @@ const HeaderComponent: React.FC<Props> = ({
           data-test-subj="generateTooltip"
         >
           <EuiButton
-            data-test-subj="generate"
+            data-test-subj={buttonProps.dataTestSubj}
             size="s"
-            disabled={disabled}
-            isLoading={isLoading}
-            onClick={onGenerate}
+            disabled={disabled || didCancel || isDisabledActions}
+            color={buttonProps.color}
+            onClick={buttonProps.onClick}
           >
-            {isLoading ? i18n.LOADING : i18n.GENERATE}
+            {buttonProps.text}
           </EuiButton>
         </EuiToolTip>
       </EuiFlexItem>
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/index.tsx
new file mode 100644
index 0000000000000..a8d7013d2343d
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/index.tsx
@@ -0,0 +1,68 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiFlexItem, EuiIconTip } from '@elastic/eui';
+import { css } from '@emotion/react';
+import type { AttackDiscoveryStats } from '@kbn/elastic-assistant-common';
+import { euiThemeVars } from '@kbn/ui-theme';
+import * as i18n from './translations';
+
+interface Props {
+  stats: AttackDiscoveryStats | null;
+}
+
+export const StatusBell: React.FC<Props> = ({ stats }) => {
+  if (stats && stats.newConnectorResultsCount > 0) {
+    return (
+      <EuiFlexItem grow={false}>
+        <EuiIconTip
+          color={euiThemeVars.euiColorAccentText}
+          type="bell"
+          content={i18n.ATTACK_DISCOVERY_STATS_MESSAGE(stats)}
+          position="bottom"
+          anchorProps={{
+            css: css`
+              animation-name: ringTheBell;
+              animation-duration: 1s;
+              @keyframes ringTheBell {
+                0% {
+                  transform: skewX(-15deg);
+                }
+                7% {
+                  transform: skewX(15deg);
+                }
+                14% {
+                  transform: skewX(-15deg);
+                }
+                21% {
+                  transform: skewX(15deg);
+                }
+                28% {
+                  transform: skewX(-15deg);
+                }
+                35% {
+                  transform: skewX(15deg);
+                }
+                52% {
+                  transform: skewX(-15deg);
+                }
+                55% {
+                  transform: skewX(0deg);
+                }
+                100% {
+                  transform: skewX(0deg);
+                }
+              }
+            `,
+          }}
+        />
+      </EuiFlexItem>
+    );
+  }
+  return null;
+};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/translations.ts
new file mode 100644
index 0000000000000..b821634e9f746
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/status_bell/translations.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const ATTACK_DISCOVERY_STATS_MESSAGE = ({
+  newConnectorResultsCount,
+  newDiscoveriesCount,
+}: {
+  newConnectorResultsCount: number;
+  newDiscoveriesCount: number;
+}) =>
+  i18n.translate('xpack.securitySolution.attackDiscovery.pages.pageTitle.statusConnectors', {
+    values: { newConnectorResultsCount, newDiscoveriesCount },
+    defaultMessage:
+      'You have {newDiscoveriesCount} new {newDiscoveriesCount, plural, =1 {discovery} other {discoveries}} across {newConnectorResultsCount} {newConnectorResultsCount, plural, =1 {connector} other {connectors}} to view.',
+  });
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts
index f155dda9e234f..97c43dfb173de 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts
@@ -14,10 +14,10 @@ export const GENERATE = i18n.translate(
   }
 );
 
-export const LOADING = i18n.translate(
-  'xpack.securitySolution.attackDiscovery.pages.header.loadingButton',
+export const CANCEL = i18n.translate(
+  'xpack.securitySolution.attackDiscovery.pages.header.cancelButton',
   {
-    defaultMessage: 'Loading...',
+    defaultMessage: 'Cancel',
   }
 );
 
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx
index 0777406ba66f7..ff4e420e0e360 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx
@@ -63,9 +63,12 @@ jest.mock('../use_attack_discovery', () => ({
     approximateFutureTime: null,
     attackDiscoveries: [],
     cachedAttackDiscoveries: {},
+    didInitialFetch: true,
     fetchAttackDiscoveries: jest.fn(),
+    failureReason: null,
     generationIntervals: undefined,
     isLoading: false,
+    isLoadingPost: false,
     lastUpdated: null,
     replacements: {},
   }),
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx
index 809a97c98c03c..a3784311983cb 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui';
+import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiLoadingLogo, EuiSpacer } from '@elastic/eui';
 import { css } from '@emotion/react';
 import {
   ATTACK_DISCOVERY_STORAGE_KEY,
@@ -13,7 +13,7 @@ import {
   useAssistantContext,
   useLoadConnectors,
 } from '@kbn/elastic-assistant';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AttackDiscoveries, Replacements } from '@kbn/elastic-assistant-common';
 import { uniq } from 'lodash/fp';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { useLocalStorage } from 'react-use';
@@ -37,7 +37,6 @@ import { PageTitle } from './page_title';
 import { Summary } from './summary';
 import { Upgrade } from './upgrade';
 import { useAttackDiscovery } from '../use_attack_discovery';
-import type { AttackDiscovery } from '../types';
 
 const AttackDiscoveryPageComponent: React.FC = () => {
   const spaceId = useSpaceId() ?? 'default';
@@ -72,31 +71,33 @@ const AttackDiscoveryPageComponent: React.FC = () => {
     alertsContextCount,
     approximateFutureTime,
     attackDiscoveries,
-    cachedAttackDiscoveries,
+    didInitialFetch,
+    failureReason,
     fetchAttackDiscoveries,
     generationIntervals,
+    onCancel,
     isLoading,
+    isLoadingPost,
     lastUpdated,
     replacements,
+    stats,
   } = useAttackDiscovery({
     connectorId,
-    setConnectorId,
     setLoadingConnectorId,
   });
 
   // get last updated from the cached attack discoveries if it exists:
   const [selectedConnectorLastUpdated, setSelectedConnectorLastUpdated] = useState<Date | null>(
-    cachedAttackDiscoveries[connectorId ?? '']?.updated ?? null
+    lastUpdated ?? null
   );
 
   // get cached attack discoveries if they exist:
-  const [selectedConnectorAttackDiscoveries, setSelectedConnectorAttackDiscoveries] = useState<
-    AttackDiscovery[]
-  >(cachedAttackDiscoveries[connectorId ?? '']?.attackDiscoveries ?? []);
+  const [selectedConnectorAttackDiscoveries, setSelectedConnectorAttackDiscoveries] =
+    useState<AttackDiscoveries>(attackDiscoveries ?? []);
 
   // get replacements from the cached attack discoveries if they exist:
   const [selectedConnectorReplacements, setSelectedConnectorReplacements] = useState<Replacements>(
-    cachedAttackDiscoveries[connectorId ?? '']?.replacements ?? {}
+    replacements ?? {}
   );
 
   // the number of unique alerts in the attack discoveries:
@@ -114,27 +115,12 @@ const AttackDiscoveryPageComponent: React.FC = () => {
       // update the connector ID in local storage:
       setConnectorId(selectedConnectorId);
       setLocalStorageAttackDiscoveryConnectorId(selectedConnectorId);
-
-      // get the cached attack discoveries for the selected connector:
-      const cached = cachedAttackDiscoveries[selectedConnectorId];
-      if (cached != null) {
-        setSelectedConnectorReplacements(cached.replacements ?? {});
-        setSelectedConnectorAttackDiscoveries(cached.attackDiscoveries ?? []);
-        setSelectedConnectorLastUpdated(cached.updated ?? null);
-      } else {
-        setSelectedConnectorReplacements({});
-        setSelectedConnectorAttackDiscoveries([]);
-        setSelectedConnectorLastUpdated(null);
-      }
     },
-    [cachedAttackDiscoveries, setLocalStorageAttackDiscoveryConnectorId]
+    [setLocalStorageAttackDiscoveryConnectorId]
   );
 
   // get connector intervals from generation intervals:
-  const connectorIntervals = useMemo(
-    () => generationIntervals?.[connectorId ?? ''] ?? [],
-    [connectorId, generationIntervals]
-  );
+  const connectorIntervals = useMemo(() => generationIntervals ?? [], [generationIntervals]);
 
   const pageTitle = useMemo(() => <PageTitle />, []);
 
@@ -182,73 +168,83 @@ const AttackDiscoveryPageComponent: React.FC = () => {
             connectorId={connectorId}
             connectorsAreConfigured={aiConnectors != null && aiConnectors.length > 0}
             isLoading={isLoading}
+            // disable header actions before post request has completed
+            isDisabledActions={isLoadingPost}
             onConnectorIdSelected={onConnectorIdSelected}
             onGenerate={onGenerate}
+            onCancel={onCancel}
+            stats={stats}
           />
           <EuiSpacer size="m" />
         </HeaderPage>
+        {!didInitialFetch ? (
+          <EuiEmptyPrompt icon={<EuiLoadingLogo logo="logoSecurity" size="xl" />} />
+        ) : (
+          <>
+            {showSummary({
+              attackDiscoveriesCount,
+              connectorId,
+              loadingConnectorId,
+            }) && (
+              <Summary
+                alertsCount={alertsCount}
+                attackDiscoveriesCount={attackDiscoveriesCount}
+                lastUpdated={selectedConnectorLastUpdated}
+                onToggleShowAnonymized={onToggleShowAnonymized}
+                showAnonymized={showAnonymized}
+              />
+            )}
 
-        {showSummary({
-          attackDiscoveriesCount,
-          connectorId,
-          loadingConnectorId,
-        }) && (
-          <Summary
-            alertsCount={alertsCount}
-            attackDiscoveriesCount={attackDiscoveriesCount}
-            lastUpdated={selectedConnectorLastUpdated}
-            onToggleShowAnonymized={onToggleShowAnonymized}
-            showAnonymized={showAnonymized}
-          />
-        )}
-
-        <>
-          {showLoading({
-            attackDiscoveriesCount,
-            connectorId,
-            isLoading,
-            loadingConnectorId,
-          }) ? (
-            <LoadingCallout
-              alertsCount={knowledgeBase.latestAlerts}
-              approximateFutureTime={approximateFutureTime}
-              connectorIntervals={connectorIntervals}
-            />
-          ) : (
-            selectedConnectorAttackDiscoveries.map((attackDiscovery, i) => (
-              <React.Fragment key={attackDiscovery.id}>
-                <AttackDiscoveryPanel
-                  attackDiscovery={attackDiscovery}
-                  initialIsOpen={getInitialIsOpen(i)}
-                  showAnonymized={showAnonymized}
-                  replacements={selectedConnectorReplacements}
+            <>
+              {showLoading({
+                attackDiscoveriesCount,
+                connectorId,
+                isLoading: isLoading || isLoadingPost,
+                loadingConnectorId,
+              }) ? (
+                <LoadingCallout
+                  alertsCount={knowledgeBase.latestAlerts}
+                  approximateFutureTime={approximateFutureTime}
+                  connectorIntervals={connectorIntervals}
+                />
+              ) : (
+                selectedConnectorAttackDiscoveries.map((attackDiscovery, i) => (
+                  <React.Fragment key={attackDiscovery.id}>
+                    <AttackDiscoveryPanel
+                      attackDiscovery={attackDiscovery}
+                      initialIsOpen={getInitialIsOpen(i)}
+                      showAnonymized={showAnonymized}
+                      replacements={selectedConnectorReplacements}
+                    />
+                    <EuiSpacer size="l" />
+                  </React.Fragment>
+                ))
+              )}
+            </>
+            <EuiFlexGroup
+              css={css`
+                max-height: 100%;
+                min-height: 100%;
+              `}
+              direction="column"
+              gutterSize="none"
+            >
+              <EuiSpacer size="xxl" />
+              <EuiFlexItem grow={false}>
+                <EmptyStates
+                  aiConnectorsCount={aiConnectors?.length ?? null}
+                  alertsContextCount={alertsContextCount}
+                  alertsCount={knowledgeBase.latestAlerts}
+                  attackDiscoveriesCount={attackDiscoveriesCount}
+                  failureReason={failureReason}
+                  connectorId={connectorId}
+                  isLoading={isLoading || isLoadingPost}
+                  onGenerate={onGenerate}
                 />
-                <EuiSpacer size="l" />
-              </React.Fragment>
-            ))
-          )}
-        </>
-        <EuiFlexGroup
-          css={css`
-            max-height: 100%;
-            min-height: 100%;
-          `}
-          direction="column"
-          gutterSize="none"
-        >
-          <EuiSpacer size="xxl" />
-          <EuiFlexItem grow={false}>
-            <EmptyStates
-              aiConnectorsCount={aiConnectors?.length ?? null}
-              alertsContextCount={alertsContextCount}
-              alertsCount={knowledgeBase.latestAlerts}
-              attackDiscoveriesCount={attackDiscoveriesCount}
-              connectorId={connectorId}
-              isLoading={isLoading}
-              onGenerate={onGenerate}
-            />
-          </EuiFlexItem>
-        </EuiFlexGroup>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </>
+        )}
         <SpyRoute pageName={SecurityPageName.attackDiscovery} />
       </SecurityRoutePageWrapper>
     </div>
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx
new file mode 100644
index 0000000000000..14a707958b888
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import moment from 'moment';
+
+import { act, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Countdown } from '.';
+import { TestProviders } from '../../../../common/mock';
+import { APPROXIMATE_TIME_REMAINING } from './translations';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+
+describe('Countdown', () => {
+  const connectorIntervals: GenerationInterval[] = [
+    {
+      date: '2024-05-16T14:13:09.838Z',
+      durationMs: 173648,
+    },
+    {
+      date: '2024-05-16T13:59:49.620Z',
+      durationMs: 146605,
+    },
+    {
+      date: '2024-05-16T13:47:00.629Z',
+      durationMs: 255163,
+    },
+  ];
+
+  beforeAll(() => {
+    jest.useFakeTimers({ legacyFakeTimers: true });
+  });
+
+  beforeEach(() => {
+    jest.clearAllTimers();
+  });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+
+  it('returns null when connectorIntervals is empty', () => {
+    const { container } = render(
+      <TestProviders>
+        <Countdown approximateFutureTime={null} connectorIntervals={[]} />
+      </TestProviders>
+    );
+
+    expect(container.innerHTML).toEqual('');
+  });
+
+  it('renders the expected prefix', () => {
+    render(
+      <TestProviders>
+        <Countdown approximateFutureTime={null} connectorIntervals={connectorIntervals} />
+      </TestProviders>
+    );
+
+    expect(screen.getByTestId('prefix')).toHaveTextContent(APPROXIMATE_TIME_REMAINING);
+  });
+
+  it('renders the expected the timer text', () => {
+    const approximateFutureTime = moment().add(1, 'minute').toDate();
+
+    render(
+      <TestProviders>
+        <Countdown
+          approximateFutureTime={approximateFutureTime}
+          connectorIntervals={connectorIntervals}
+        />
+      </TestProviders>
+    );
+
+    act(() => {
+      jest.runOnlyPendingTimers();
+    });
+
+    expect(screen.getByTestId('timerText')).toHaveTextContent('00:59');
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx
index 8a61704ef7361..f691e508a47ff 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx
@@ -18,10 +18,10 @@ import { css } from '@emotion/react';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import moment from 'moment';
 
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
 import { useKibana } from '../../../../common/lib/kibana';
 import { getTimerPrefix } from './last_times_popover/helpers';
 
-import type { GenerationInterval } from '../../../types';
 import { InfoPopoverBody } from '../info_popover_body';
 
 const TEXT_COLOR = '#343741';
@@ -48,17 +48,21 @@ const CountdownComponent: React.FC<Props> = ({ approximateFutureTime, connectorI
 
   useEffect(() => {
     // periodically update the formatted date as time passes:
+    if (approximateFutureTime === null) {
+      return;
+    }
     const intervalId = setInterval(() => {
-      const now = moment();
-
-      const duration = moment(approximateFutureTime).isSameOrAfter(now)
-        ? moment.duration(moment(approximateFutureTime).diff(now))
-        : moment.duration(now.diff(approximateFutureTime));
+      setPrefix(getTimerPrefix(approximateFutureTime));
+      if (approximateFutureTime !== null) {
+        const now = moment();
 
-      const text = moment.utc(duration.asMilliseconds()).format('mm:ss');
+        const duration = moment(approximateFutureTime).isSameOrAfter(now)
+          ? moment.duration(moment(approximateFutureTime).diff(now))
+          : moment.duration(now.diff(approximateFutureTime));
 
-      setPrefix(getTimerPrefix(approximateFutureTime));
-      setTimerText(text);
+        const text = moment.utc(duration.asMilliseconds()).format('mm:ss');
+        setTimerText(text);
+      }
     }, 1000);
 
     return () => clearInterval(intervalId);
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx
new file mode 100644
index 0000000000000..35a72d6455f2b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../../../../common/mock';
+import { GenerationTiming } from '.';
+
+describe('GenerationTiming', () => {
+  const interval = {
+    connectorId: 'claudeV3SonnetUsEast1',
+    date: '2024-04-15T13:48:44.397Z',
+    durationMs: 5000,
+  };
+
+  beforeEach(() => {
+    render(
+      <TestProviders>
+        <GenerationTiming interval={interval} />
+      </TestProviders>
+    );
+  });
+
+  it('renders the expected duration in seconds', () => {
+    const durationText = screen.getByTestId('clockBadge').textContent;
+
+    expect(durationText).toEqual('5s');
+  });
+
+  it('displays the expected date', () => {
+    const date = screen.getByTestId('date').textContent;
+
+    expect(date).toEqual('Apr 15, 2024 @ 13:48:44.397');
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx
index 67e1ebe592b11..e05374f7ccee1 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx
@@ -7,13 +7,14 @@
 
 import { EuiFlexGroup, EuiFlexItem, EuiBadge, EuiText, useEuiTheme } from '@elastic/eui';
 import { css } from '@emotion/react';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+import moment from 'moment';
 import React, { useMemo } from 'react';
 
 import { PreferenceFormattedDate } from '../../../../../../common/components/formatted_date';
 import { useKibana } from '../../../../../../common/lib/kibana';
 import { MAX_SECONDS_BADGE_WIDTH } from '../helpers';
 import * as i18n from '../translations';
-import type { GenerationInterval } from '../../../../../types';
 
 interface Props {
   interval: GenerationInterval;
@@ -51,7 +52,7 @@ const GenerationTimingComponent: React.FC<Props> = ({ interval }) => {
           data-test-subj="date"
           size="xs"
         >
-          <PreferenceFormattedDate value={interval.date} />
+          <PreferenceFormattedDate value={moment(interval.date).toDate()} />
         </EuiText>
       </EuiFlexItem>
     </EuiFlexGroup>
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts
new file mode 100644
index 0000000000000..6e7b12f0a51c7
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts
@@ -0,0 +1,74 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import moment from 'moment';
+
+import { getAverageIntervalSeconds, getTimerPrefix } from './helpers';
+import { APPROXIMATE_TIME_REMAINING, ABOVE_THE_AVERAGE_TIME } from '../translations';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+
+describe('helpers', () => {
+  describe('getAverageIntervalSeconds', () => {
+    it('returns 0 when the intervals array is empty', () => {
+      const intervals: GenerationInterval[] = [];
+
+      const average = getAverageIntervalSeconds(intervals);
+
+      expect(average).toEqual(0);
+    });
+
+    it('calculates the average interval in seconds', () => {
+      const intervals: GenerationInterval[] = [
+        {
+          date: '2024-04-15T13:48:44.397Z',
+          durationMs: 85807,
+        },
+        {
+          date: '2024-04-15T12:41:15.255Z',
+          durationMs: 12751,
+        },
+        {
+          date: '2024-04-12T20:59:13.238Z',
+          durationMs: 46169,
+        },
+        {
+          date: '2024-04-12T19:34:56.701Z',
+          durationMs: 86674,
+        },
+      ];
+
+      const average = getAverageIntervalSeconds(intervals);
+
+      expect(average).toEqual(57);
+    });
+  });
+
+  describe('getTimerPrefix', () => {
+    it('returns APPROXIMATE_TIME_REMAINING when approximateFutureTime is null', () => {
+      const approximateFutureTime: Date | null = null;
+
+      const result = getTimerPrefix(approximateFutureTime);
+
+      expect(result).toEqual(APPROXIMATE_TIME_REMAINING);
+    });
+
+    it('returns APPROXIMATE_TIME_REMAINING when approximateFutureTime is in the future', () => {
+      const approximateFutureTime = moment().add(1, 'minute').toDate();
+      const result = getTimerPrefix(approximateFutureTime);
+
+      expect(result).toEqual(APPROXIMATE_TIME_REMAINING);
+    });
+
+    it('returns ABOVE_THE_AVERAGE_TIME when approximateFutureTime is in the past', () => {
+      const approximateFutureTime = moment().subtract(1, 'minute').toDate();
+
+      const result = getTimerPrefix(approximateFutureTime);
+
+      expect(result).toEqual(ABOVE_THE_AVERAGE_TIME);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts
index 3ce1e1f411641..9d8a0c4792eae 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts
@@ -5,10 +5,10 @@
  * 2.0.
  */
 
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
 import moment from 'moment';
 
 import { APPROXIMATE_TIME_REMAINING, ABOVE_THE_AVERAGE_TIME } from '../translations';
-import type { GenerationInterval } from '../../../../types';
 
 export const MAX_SECONDS_BADGE_WIDTH = 64; // px
 
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx
new file mode 100644
index 0000000000000..45ea68f2a780c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { LastTimesPopover } from '.';
+import { TestProviders } from '../../../../../common/mock';
+
+describe('LastTimesPopover', () => {
+  const connectorIntervals: GenerationInterval[] = [
+    {
+      date: '2024-05-16T14:13:09.838Z',
+      durationMs: 173648,
+    },
+    {
+      date: '2024-05-16T13:59:49.620Z',
+      durationMs: 146605,
+    },
+    {
+      date: '2024-05-16T13:47:00.629Z',
+      durationMs: 255163,
+    },
+  ];
+
+  beforeEach(() => {
+    render(
+      <TestProviders>
+        <LastTimesPopover connectorIntervals={connectorIntervals} />
+      </TestProviders>
+    );
+  });
+
+  it('renders average time calculated message', () => {
+    const averageTimeIsCalculated = screen.getByTestId('averageTimeIsCalculated');
+
+    expect(averageTimeIsCalculated).toHaveTextContent(
+      'Remaining time is based on the average speed of the last 3 times the same connector generated results.'
+    );
+  });
+
+  it('renders generation timing for each connector interval', () => {
+    const generationTimings = screen.getAllByTestId('generationTiming');
+    expect(generationTimings.length).toEqual(connectorIntervals.length);
+
+    const expectedDates = [
+      'May 16, 2024 @ 14:13:09.838',
+      'May 16, 2024 @ 13:59:49.620',
+      'May 16, 2024 @ 13:47:00.629',
+    ];
+
+    generationTimings.forEach((timing, i) => expect(timing).toHaveTextContent(expectedDates[i]));
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx
index 89925fdd33d4c..b1a24f0a3b079 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx
@@ -8,10 +8,10 @@
 import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, useEuiTheme } from '@elastic/eui';
 import { css } from '@emotion/react';
 import React, { useMemo } from 'react';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
 
 import { useKibana } from '../../../../../common/lib/kibana';
 import * as i18n from './translations';
-import type { GenerationInterval } from '../../../../types';
 import { GenerationTiming } from './generation_timing';
 
 interface Props {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx
new file mode 100644
index 0000000000000..af6efafb3c1dd
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { LoadingCallout } from '.';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+import { TestProviders } from '../../../common/mock';
+
+describe('LoadingCallout', () => {
+  const connectorIntervals: GenerationInterval[] = [
+    {
+      date: '2024-05-16T14:13:09.838Z',
+      durationMs: 173648,
+    },
+    {
+      date: '2024-05-16T13:59:49.620Z',
+      durationMs: 146605,
+    },
+    {
+      date: '2024-05-16T13:47:00.629Z',
+      durationMs: 255163,
+    },
+  ];
+
+  const defaultProps = {
+    alertsCount: 30,
+    approximateFutureTime: new Date(),
+    connectorIntervals,
+  };
+
+  it('renders the animated loading icon', () => {
+    render(
+      <TestProviders>
+        <LoadingCallout {...defaultProps} />
+      </TestProviders>
+    );
+
+    const loadingElastic = screen.getByTestId('loadingElastic');
+
+    expect(loadingElastic).toBeInTheDocument();
+  });
+
+  it('renders loading messages with the expected count', () => {
+    render(
+      <TestProviders>
+        <LoadingCallout {...defaultProps} />
+      </TestProviders>
+    );
+
+    const aisCurrentlyAnalyzing = screen.getByTestId('aisCurrentlyAnalyzing');
+
+    expect(aisCurrentlyAnalyzing).toHaveTextContent(
+      'AI is analyzing up to 30 alerts in the last 24 hours to generate discoveries.'
+    );
+  });
+
+  it('renders the countdown', () => {
+    render(
+      <TestProviders>
+        <LoadingCallout {...defaultProps} />
+      </TestProviders>
+    );
+    const countdown = screen.getByTestId('countdown');
+
+    expect(countdown).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx
index b9d2737db1647..7e392e3165711 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx
@@ -9,10 +9,10 @@ import { EuiFlexGroup, EuiFlexItem, EuiLoadingElastic, useEuiTheme } from '@elas
 import { css } from '@emotion/react';
 import React, { useMemo } from 'react';
 
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
 import { useKibana } from '../../../common/lib/kibana';
 import { Countdown } from './countdown';
 import { LoadingMessages } from './loading_messages';
-import type { GenerationInterval } from '../../types';
 
 const BACKGROUND_COLOR_LIGHT = '#E6F1FA';
 const BACKGROUND_COLOR_DARK = '#0B2030';
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx
new file mode 100644
index 0000000000000..b264af94dcb1b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { InfoPopoverBody } from '.';
+import { TestProviders } from '../../../../common/mock';
+import { AVERAGE_TIME } from '../countdown/translations';
+
+describe('InfoPopoverBody', () => {
+  const connectorIntervals: GenerationInterval[] = [
+    {
+      date: '2024-05-16T14:13:09.838Z',
+      durationMs: 173648,
+    },
+    {
+      date: '2024-05-16T13:59:49.620Z',
+      durationMs: 146605,
+    },
+    {
+      date: '2024-05-16T13:47:00.629Z',
+      durationMs: 255163,
+    },
+  ];
+
+  it('renders the expected average time', () => {
+    render(
+      <TestProviders>
+        <InfoPopoverBody connectorIntervals={connectorIntervals} />
+      </TestProviders>
+    );
+
+    const averageTimeBadge = screen.getByTestId('averageTimeBadge');
+
+    expect(averageTimeBadge).toHaveTextContent('191s');
+  });
+
+  it('renders the expected explanation', () => {
+    render(
+      <TestProviders>
+        <InfoPopoverBody connectorIntervals={connectorIntervals} />
+      </TestProviders>
+    );
+
+    const averageTimeIsCalculated = screen.getAllByTestId('averageTimeIsCalculated');
+
+    expect(averageTimeIsCalculated[0]).toHaveTextContent(AVERAGE_TIME);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx
index 3355a3041c0f2..1c1416acc09ac 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx
@@ -7,6 +7,7 @@
 
 import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiPopoverTitle, EuiText } from '@elastic/eui';
 import { css } from '@emotion/react';
+import type { GenerationInterval } from '@kbn/elastic-assistant-common';
 import React, { useMemo } from 'react';
 import { useKibana } from '../../../../common/lib/kibana';
 
@@ -17,7 +18,6 @@ import {
 } from '../countdown/last_times_popover/helpers';
 import { SECONDS_ABBREVIATION } from '../countdown/last_times_popover/translations';
 import { AVERAGE_TIME } from '../countdown/translations';
-import type { GenerationInterval } from '../../../types';
 
 const TEXT_COLOR = '#343741';
 
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx
new file mode 100644
index 0000000000000..250a25055791a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { LoadingMessages } from '.';
+import { TestProviders } from '../../../../common/mock';
+import { ATTACK_DISCOVERY_GENERATION_IN_PROGRESS } from '../translations';
+
+describe('LoadingMessages', () => {
+  it('renders the expected loading message', () => {
+    render(
+      <TestProviders>
+        <LoadingMessages alertsCount={20} />
+      </TestProviders>
+    );
+    const attackDiscoveryGenerationInProgress = screen.getByTestId(
+      'attackDiscoveryGenerationInProgress'
+    );
+
+    expect(attackDiscoveryGenerationInProgress).toHaveTextContent(
+      ATTACK_DISCOVERY_GENERATION_IN_PROGRESS
+    );
+  });
+
+  it('renders the loading message with the expected alerts count', () => {
+    render(
+      <TestProviders>
+        <LoadingMessages alertsCount={20} />
+      </TestProviders>
+    );
+    const aiCurrentlyAnalyzing = screen.getByTestId('aisCurrentlyAnalyzing');
+
+    expect(aiCurrentlyAnalyzing).toHaveTextContent(
+      'AI is analyzing up to 20 alerts in the last 24 hours to generate discoveries.'
+    );
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx
new file mode 100644
index 0000000000000..0c8ea0501f2d3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { PageTitle } from '.';
+import { ATTACK_DISCOVERY_PAGE_TITLE } from './translations';
+
+describe('PageTitle', () => {
+  it('renders the expected title', () => {
+    render(<PageTitle />);
+
+    const attackDiscoveryPageTitle = screen.getByTestId('attackDiscoveryPageTitle');
+
+    expect(attackDiscoveryPageTitle).toHaveTextContent(ATTACK_DISCOVERY_PAGE_TITLE);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts
deleted file mode 100644
index dd5932bbb3dd7..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { GenerationInterval } from '../../types';
-import {
-  encodeGenerationIntervals,
-  decodeGenerationIntervals,
-  getLocalStorageGenerationIntervals,
-  setLocalStorageGenerationIntervals,
-} from '.';
-
-const key = 'elasticAssistantDefault.attackDiscovery.default.generationIntervals';
-
-const generationIntervals: Record<string, GenerationInterval[]> = {
-  'test-connector-1': [
-    {
-      connectorId: 'test-connector-1',
-      date: new Date('2024-05-16T14:13:09.838Z'),
-      durationMs: 173648,
-    },
-    {
-      connectorId: 'test-connector-1',
-      date: new Date('2024-05-16T13:59:49.620Z'),
-      durationMs: 146605,
-    },
-    {
-      connectorId: 'test-connector-1',
-      date: new Date('2024-05-16T13:47:00.629Z'),
-      durationMs: 255163,
-    },
-  ],
-  testConnector2: [
-    {
-      connectorId: 'testConnector2',
-      date: new Date('2024-05-16T14:26:25.273Z'),
-      durationMs: 130447,
-    },
-  ],
-  testConnector3: [
-    {
-      connectorId: 'testConnector3',
-      date: new Date('2024-05-16T14:36:53.171Z'),
-      durationMs: 46614,
-    },
-    {
-      connectorId: 'testConnector3',
-      date: new Date('2024-05-16T14:27:17.187Z'),
-      durationMs: 44129,
-    },
-  ],
-};
-
-describe('storage', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-
-  describe('encodeGenerationIntervals', () => {
-    it('returns null when generationIntervals is invalid', () => {
-      const invalidGenerationIntervals: Record<string, GenerationInterval[]> =
-        1n as unknown as Record<string, GenerationInterval[]>; // <-- invalid
-
-      const result = encodeGenerationIntervals(invalidGenerationIntervals);
-
-      expect(result).toBeNull();
-    });
-
-    it('returns the expected encoded generationIntervals', () => {
-      const result = encodeGenerationIntervals(generationIntervals);
-
-      expect(result).toEqual(JSON.stringify(generationIntervals));
-    });
-  });
-
-  describe('decodeGenerationIntervals', () => {
-    it('returns null when generationIntervals is invalid', () => {
-      const invalidGenerationIntervals = 'invalid generation intervals'; // <-- invalid
-
-      const result = decodeGenerationIntervals(invalidGenerationIntervals);
-
-      expect(result).toBeNull();
-    });
-
-    it('returns the expected decoded generation intervals', () => {
-      const encoded = encodeGenerationIntervals(generationIntervals) ?? ''; // <-- valid intervals
-
-      const result = decodeGenerationIntervals(encoded);
-
-      expect(result).toEqual(generationIntervals);
-    });
-
-    it('parses date strings into Date objects', () => {
-      const encoded = JSON.stringify({
-        'test-connector-1': [
-          {
-            connectorId: 'test-connector-1',
-            date: '2024-05-16T14:13:09.838Z',
-            durationMs: 173648,
-          },
-        ],
-      });
-
-      const result = decodeGenerationIntervals(encoded);
-
-      expect(result).toEqual({
-        'test-connector-1': [
-          {
-            connectorId: 'test-connector-1',
-            date: new Date('2024-05-16T14:13:09.838Z'),
-            durationMs: 173648,
-          },
-        ],
-      });
-    });
-
-    it('returns null when date is not a string', () => {
-      const encoded = JSON.stringify({
-        'test-connector-1': [
-          {
-            connectorId: 'test-connector-1',
-            date: 1234, // <-- invalid
-            durationMs: 173648,
-          },
-        ],
-      });
-
-      const result = decodeGenerationIntervals(encoded);
-
-      expect(result).toBeNull();
-    });
-  });
-
-  describe('getLocalStorageGenerationIntervals', () => {
-    it('returns null when the key is empty', () => {
-      const result = getLocalStorageGenerationIntervals(''); // <-- empty key
-
-      expect(result).toBeNull();
-    });
-
-    it('returns null the key is unknown', () => {
-      const result = getLocalStorageGenerationIntervals('unknown key'); // <-- unknown key
-
-      expect(result).toBeNull();
-    });
-
-    it('returns null when the generation intervals are invalid', () => {
-      localStorage.setItem(key, 'invalid generation intervals'); // <-- invalid
-
-      const result = getLocalStorageGenerationIntervals(key);
-
-      expect(result).toBeNull();
-    });
-
-    it('returns the expected decoded generation intervals', () => {
-      const encoded = encodeGenerationIntervals(generationIntervals) ?? ''; // <-- valid intervals
-      localStorage.setItem(key, encoded);
-
-      const decoded = decodeGenerationIntervals(encoded);
-      const result = getLocalStorageGenerationIntervals(key);
-
-      expect(result).toEqual(decoded);
-    });
-  });
-
-  describe('setLocalStorageGenerationIntervals', () => {
-    const localStorageSetItemSpy = jest.spyOn(Storage.prototype, 'setItem');
-
-    it('sets the encoded generation intervals in localStorage', () => {
-      const encoded = encodeGenerationIntervals(generationIntervals) ?? '';
-
-      setLocalStorageGenerationIntervals({ key, generationIntervals });
-
-      expect(localStorageSetItemSpy).toHaveBeenCalledWith(key, encoded);
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts
deleted file mode 100644
index 8c8c49b482650..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Replacements } from '@kbn/elastic-assistant-common';
-import { isEmpty } from 'lodash/fp';
-
-import type { AttackDiscovery, GenerationInterval } from '../../types';
-
-export interface CachedAttackDiscoveries {
-  connectorId: string;
-  updated: Date;
-  attackDiscoveries: AttackDiscovery[];
-  replacements: Replacements;
-}
-
-export const encodeCachedAttackDiscoveries = (
-  cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries>
-): string | null => {
-  try {
-    return JSON.stringify(cachedAttackDiscoveries);
-  } catch {
-    return null;
-  }
-};
-
-export const decodeCachedAttackDiscoveries = (
-  cachedAttackDiscoveries: string
-): Record<string, CachedAttackDiscoveries> | null => {
-  try {
-    return JSON.parse(cachedAttackDiscoveries);
-  } catch {
-    return null;
-  }
-};
-
-export const getSessionStorageCachedAttackDiscoveries = (
-  key: string
-): Record<string, CachedAttackDiscoveries> | null => {
-  if (!isEmpty(key)) {
-    return decodeCachedAttackDiscoveries(sessionStorage.getItem(key) ?? '');
-  }
-
-  return null;
-};
-
-export const setSessionStorageCachedAttackDiscoveries = ({
-  key,
-  cachedAttackDiscoveries,
-}: {
-  key: string;
-  cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries>;
-}) => {
-  if (!isEmpty(key)) {
-    const encoded = encodeCachedAttackDiscoveries(cachedAttackDiscoveries);
-
-    if (encoded != null) {
-      sessionStorage.setItem(key, encoded);
-    }
-  }
-};
-
-export const encodeGenerationIntervals = (
-  generationIntervals: Record<string, GenerationInterval[]>
-): string | null => {
-  try {
-    return JSON.stringify(generationIntervals);
-  } catch {
-    return null;
-  }
-};
-
-export const decodeGenerationIntervals = (
-  generationIntervals: string
-): Record<string, GenerationInterval[]> | null => {
-  const parseDate = (key: string, value: unknown) => {
-    if (key === 'date' && typeof value === 'string') {
-      return new Date(value);
-    } else if (key === 'date' && typeof value !== 'string') {
-      throw new Error('Invalid date');
-    } else {
-      return value;
-    }
-  };
-
-  try {
-    return JSON.parse(generationIntervals, parseDate);
-  } catch {
-    return null;
-  }
-};
-
-export const getLocalStorageGenerationIntervals = (
-  key: string
-): Record<string, GenerationInterval[]> | null => {
-  if (!isEmpty(key)) {
-    return decodeGenerationIntervals(localStorage.getItem(key) ?? '');
-  }
-
-  return null;
-};
-
-export const setLocalStorageGenerationIntervals = ({
-  key,
-  generationIntervals,
-}: {
-  key: string;
-  generationIntervals: Record<string, GenerationInterval[]>;
-}) => {
-  if (!isEmpty(key)) {
-    const encoded = encodeGenerationIntervals(generationIntervals);
-
-    if (encoded != null) {
-      localStorage.setItem(key, encoded);
-    }
-  }
-};
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx
new file mode 100644
index 0000000000000..43134b14f616d
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Summary } from '.';
+
+describe('Summary', () => {
+  const defaultProps = {
+    alertsCount: 20,
+    attackDiscoveriesCount: 5,
+    lastUpdated: new Date(),
+    onToggleShowAnonymized: jest.fn(),
+    showAnonymized: false,
+  };
+
+  beforeEach(() => jest.clearAllMocks());
+
+  it('renders the expected summary counts', () => {
+    render(<Summary {...defaultProps} />);
+
+    const summaryCount = screen.getByTestId('summaryCount');
+
+    expect(summaryCount).toHaveTextContent('5 discoveries|20 alerts|Generated: a few seconds ago');
+  });
+
+  it('renders the expected button icon when showAnonymized is false', () => {
+    render(<Summary {...defaultProps} />);
+
+    const toggleAnonymized = screen.getByTestId('toggleAnonymized').querySelector('span');
+
+    expect(toggleAnonymized).toHaveAttribute('data-euiicon-type', 'eyeClosed');
+  });
+
+  it('renders the expected button icon when showAnonymized is true', () => {
+    render(<Summary {...defaultProps} showAnonymized={true} />);
+
+    const toggleAnonymized = screen.getByTestId('toggleAnonymized').querySelector('span');
+
+    expect(toggleAnonymized).toHaveAttribute('data-euiicon-type', 'eye');
+  });
+
+  it('calls onToggleShowAnonymized when toggle button is clicked', () => {
+    render(<Summary {...defaultProps} />);
+
+    const toggleAnonymized = screen.getByTestId('toggleAnonymized');
+    fireEvent.click(toggleAnonymized);
+
+    expect(defaultProps.onToggleShowAnonymized).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx
new file mode 100644
index 0000000000000..b8460eafef87b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { SummaryCount } from '.';
+
+describe('SummaryCount', () => {
+  const defaultProps = {
+    alertsCount: 20,
+    attackDiscoveriesCount: 5,
+    lastUpdated: new Date(),
+  };
+
+  it('renders the expected count of attack discoveries', () => {
+    render(<SummaryCount {...defaultProps} />);
+
+    const discoveriesCount = screen.getByTestId('discoveriesCount');
+
+    expect(discoveriesCount).toHaveTextContent('5 discoveries');
+  });
+
+  it('renders the expected alerts count', () => {
+    render(<SummaryCount {...defaultProps} />);
+
+    const alertsCount = screen.getByTestId('alertsCount');
+
+    expect(alertsCount).toHaveTextContent('20 alerts');
+  });
+
+  it('renders a humanized last generated when lastUpdated is provided', () => {
+    render(<SummaryCount {...defaultProps} />);
+
+    const lastGenerated = screen.getByTestId('lastGenerated');
+
+    expect(lastGenerated).toHaveTextContent('Generated: a few seconds ago');
+  });
+
+  it('should NOT render the last generated date when lastUpdated is null', () => {
+    render(<SummaryCount {...defaultProps} lastUpdated={null} />);
+
+    const lastGenerated = screen.queryByTestId('lastGenerated');
+
+    expect(lastGenerated).not.toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts
index 3f8b87a9058c2..57b6aac6f05ba 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts
@@ -14,6 +14,20 @@ export const ERROR_GENERATING_ATTACK_DISCOVERIES = i18n.translate(
   }
 );
 
+export const ERROR_CANCELING_ATTACK_DISCOVERIES = i18n.translate(
+  'xpack.securitySolution.attackDiscovery.errorCancelingAttackDiscoveriesToastTitle',
+  {
+    defaultMessage: 'Error canceling attack discoveries',
+  }
+);
+
+export const CONNECTOR_ERROR = i18n.translate(
+  'xpack.securitySolution.attackDiscovery.errorConnector',
+  {
+    defaultMessage: 'No connector selected, select a connector to use attack discovery',
+  }
+);
+
 export const SHOW_REAL_VALUES = i18n.translate(
   'xpack.securitySolution.attackDiscovery.showRealValuesLabel',
   {
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx
new file mode 100644
index 0000000000000..e72f53e9062d7
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { Upgrade } from '.';
+import { TestProviders } from '../../../common/mock';
+import {
+  ATTACK_DISCOVERY_IS_AVAILABLE,
+  FIND_POTENTIAL_ATTACKS_WITH_AI,
+  PLEASE_UPGRADE,
+} from './translations';
+
+describe('Upgrade', () => {
+  beforeEach(() => {
+    render(
+      <TestProviders>
+        <Upgrade />
+      </TestProviders>
+    );
+  });
+
+  it('renders the assistant avatar', () => {
+    const assistantAvatar = screen.getByTestId('assistantAvatar');
+
+    expect(assistantAvatar).toBeInTheDocument();
+  });
+
+  it('renders the expected upgrade title', () => {
+    const upgradeTitle = screen.getByTestId('upgradeTitle');
+
+    expect(upgradeTitle).toHaveTextContent(FIND_POTENTIAL_ATTACKS_WITH_AI);
+  });
+
+  it('renders the attack discovery availability text', () => {
+    const attackDiscoveryIsAvailable = screen.getByTestId('attackDiscoveryIsAvailable');
+
+    expect(attackDiscoveryIsAvailable).toHaveTextContent(ATTACK_DISCOVERY_IS_AVAILABLE);
+  });
+
+  it('renders the please upgrade text', () => {
+    const pleaseUpgrade = screen.getByTestId('pleaseUpgrade');
+
+    expect(pleaseUpgrade).toHaveTextContent(PLEASE_UPGRADE);
+  });
+
+  it('renders the upgrade subscription plans (docs) link', () => {
+    const upgradeDocs = screen.getByRole('link', { name: 'Subscription plans' });
+
+    expect(upgradeDocs).toBeInTheDocument();
+  });
+
+  it('renders the upgrade Manage license call to action', () => {
+    const upgradeCta = screen.getByRole('link', { name: 'Manage license' });
+
+    expect(upgradeCta).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/types.ts b/x-pack/plugins/security_solution/public/attack_discovery/types.ts
deleted file mode 100644
index 5a5c490042d06..0000000000000
--- a/x-pack/plugins/security_solution/public/attack_discovery/types.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-export interface AttackDiscovery {
-  alertIds: string[];
-  detailsMarkdown: string;
-  entitySummaryMarkdown: string;
-  id: string;
-  mitreAttackTactics?: string[];
-  summaryMarkdown: string;
-  title: string;
-}
-
-/** Generation intervals measure the time it takes to generate attack discoveries */
-export interface GenerationInterval {
-  connectorId: string;
-  date: Date;
-  durationMs: number;
-}
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts
new file mode 100644
index 0000000000000..a15cb7090f6cc
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts
@@ -0,0 +1,284 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common';
+import type { ActionConnector } from '@kbn/triggers-actions-ui-plugin/public';
+import { omit } from 'lodash/fp';
+
+import { getGenAiConfig, getRequestBody } from './helpers';
+
+const connector: ActionConnector = {
+  actionTypeId: '.gen-ai',
+  config: {
+    apiProvider: 'Azure OpenAI',
+    apiUrl:
+      'https://example.com/openai/deployments/example/chat/completions?api-version=2024-02-15-preview',
+  },
+  id: '15b4f8df-e2ca-4060-81a1-3bd2a2bffc7e',
+  isDeprecated: false,
+  isMissingSecrets: false,
+  isPreconfigured: false,
+  isSystemAction: false,
+  name: 'Azure OpenAI GPT-4o',
+  secrets: { secretTextField: 'a secret' },
+};
+
+describe('getGenAiConfig', () => {
+  it('returns undefined when the connector is preconfigured', () => {
+    const preconfigured = {
+      ...connector,
+      isPreconfigured: true,
+    };
+
+    const result = getGenAiConfig(preconfigured);
+
+    expect(result).toBeUndefined();
+  });
+
+  it('returns the expected GenAiConfig when the connector is NOT preconfigured', () => {
+    const result = getGenAiConfig(connector);
+
+    expect(result).toEqual({
+      apiProvider: connector.config.apiProvider,
+      apiUrl: connector.config.apiUrl,
+      defaultModel: '2024-02-15-preview',
+    });
+  });
+
+  it('returns the expected defaultModel for Azure OpenAI', () => {
+    const result = getGenAiConfig(connector);
+
+    expect(result).toEqual({
+      apiProvider: connector.config.apiProvider,
+      apiUrl: connector.config.apiUrl,
+      defaultModel: '2024-02-15-preview',
+    });
+  });
+
+  it('returns the an undefined defaultModel for NON-Azure OpenAI when the config does NOT include a default model', () => {
+    const apiProvider = 'OpenAI'; // <-- NON-Azure OpenAI
+    const openAiConnector = {
+      ...connector,
+      config: {
+        ...connector.config,
+        apiProvider,
+        // config does NOT have a default model
+      },
+    };
+
+    const result = getGenAiConfig(openAiConnector);
+
+    expect(result).toEqual({
+      apiProvider,
+      apiUrl: connector.config.apiUrl,
+      defaultModel: undefined, // <-- because the config does not have a default model
+    });
+  });
+
+  it('returns the expected defaultModel for NON-Azure OpenAi when the config has a default model', () => {
+    const apiProvider = 'OpenAI'; // <-- NON-Azure OpenAI
+    const withDefaultModel = {
+      ...connector,
+      config: {
+        ...connector.config,
+        apiProvider,
+        defaultModel: 'aDefaultModel', // <-- default model is specified
+      },
+    };
+
+    const result = getGenAiConfig(withDefaultModel);
+
+    expect(result).toEqual({
+      apiProvider,
+      apiUrl: connector.config.apiUrl,
+      defaultModel: 'aDefaultModel',
+    });
+  });
+
+  it('returns the expected GenAiConfig when the connector config is undefined', () => {
+    const connectorWithoutConfig = omit('config', connector) as ActionConnector<
+      Record<string, unknown>,
+      Record<string, unknown>
+    >;
+
+    const result = getGenAiConfig(connectorWithoutConfig);
+
+    expect(result).toEqual({
+      apiProvider: undefined,
+      apiUrl: undefined,
+      defaultModel: undefined,
+    });
+  });
+});
+
+describe('getRequestBody', () => {
+  const alertsIndexPattern = 'test-index-pattern';
+  const anonymizationFields = {
+    page: 1,
+    perPage: 10,
+    total: 100,
+    data: [
+      {
+        id: '1',
+        field: 'field1',
+      },
+      {
+        id: '2',
+        field: 'field2',
+      },
+    ],
+  };
+  const knowledgeBase = {
+    isEnabledKnowledgeBase: true,
+    isEnabledRAGAlerts: true,
+    latestAlerts: 20,
+  };
+  const traceOptions = {
+    apmUrl: '/app/apm',
+    langSmithProject: '',
+    langSmithApiKey: '',
+  };
+
+  it('returns the expected AttackDiscoveryPostRequestBody', () => {
+    const result = getRequestBody({
+      alertsIndexPattern,
+      anonymizationFields,
+      knowledgeBase,
+      traceOptions,
+    });
+
+    expect(result).toEqual({
+      alertsIndexPattern,
+      anonymizationFields: anonymizationFields.data,
+      apiConfig: {
+        actionTypeId: '',
+        connectorId: '',
+        model: undefined,
+        provider: undefined,
+      },
+      langSmithProject: undefined,
+      langSmithApiKey: undefined,
+      size: knowledgeBase.latestAlerts,
+      replacements: {},
+      subAction: 'invokeAI',
+    });
+  });
+
+  it('returns the expected AttackDiscoveryPostRequestBody when alertsIndexPattern is undefined', () => {
+    const result = getRequestBody({
+      alertsIndexPattern: undefined,
+      anonymizationFields,
+      knowledgeBase,
+      traceOptions,
+    });
+
+    expect(result).toEqual({
+      alertsIndexPattern: '',
+      anonymizationFields: anonymizationFields.data,
+      apiConfig: {
+        actionTypeId: '',
+        connectorId: '',
+        model: undefined,
+        provider: undefined,
+      },
+      langSmithProject: undefined,
+      langSmithApiKey: undefined,
+      size: knowledgeBase.latestAlerts,
+      replacements: {},
+      subAction: 'invokeAI',
+    });
+  });
+
+  it('returns the expected AttackDiscoveryPostRequestBody when LangSmith details are provided', () => {
+    const withLangSmith = {
+      alertsIndexPattern,
+      anonymizationFields,
+      knowledgeBase,
+      traceOptions: {
+        apmUrl: '/app/apm',
+        langSmithProject: 'A project',
+        langSmithApiKey: 'an API key',
+      },
+    };
+
+    const result = getRequestBody(withLangSmith);
+
+    expect(result).toEqual({
+      alertsIndexPattern,
+      anonymizationFields: anonymizationFields.data,
+      apiConfig: {
+        actionTypeId: '',
+        connectorId: '',
+        model: undefined,
+        provider: undefined,
+      },
+      langSmithApiKey: withLangSmith.traceOptions.langSmithApiKey,
+      langSmithProject: withLangSmith.traceOptions.langSmithProject,
+      size: knowledgeBase.latestAlerts,
+      replacements: {},
+      subAction: 'invokeAI',
+    });
+  });
+
+  it('returns the expected AttackDiscoveryPostRequestBody with the expected apiConfig when selectedConnector is provided', () => {
+    const result = getRequestBody({
+      alertsIndexPattern,
+      anonymizationFields,
+      knowledgeBase,
+      selectedConnector: connector, // <-- selectedConnector is provided
+      traceOptions,
+    });
+
+    expect(result).toEqual({
+      alertsIndexPattern,
+      anonymizationFields: anonymizationFields.data,
+      apiConfig: {
+        actionTypeId: connector.actionTypeId,
+        connectorId: connector.id,
+        model: undefined,
+        provider: undefined,
+      },
+      langSmithProject: undefined,
+      langSmithApiKey: undefined,
+      size: knowledgeBase.latestAlerts,
+      replacements: {},
+      subAction: 'invokeAI',
+    });
+  });
+
+  it('returns the expected AttackDiscoveryPostRequestBody with the expected apiConfig when genAiConfig is provided', () => {
+    const genAiConfig = {
+      apiProvider: OpenAiProviderType.AzureAi,
+      defaultModel: '2024-02-15-preview',
+    };
+
+    const result = getRequestBody({
+      alertsIndexPattern,
+      anonymizationFields,
+      genAiConfig, // <-- genAiConfig is provided
+      knowledgeBase,
+      selectedConnector: connector, // <-- selectedConnector is provided
+      traceOptions,
+    });
+
+    expect(result).toEqual({
+      alertsIndexPattern,
+      anonymizationFields: anonymizationFields.data,
+      apiConfig: {
+        actionTypeId: connector.actionTypeId,
+        connectorId: connector.id,
+        model: genAiConfig.defaultModel,
+        provider: genAiConfig.apiProvider,
+      },
+      langSmithProject: undefined,
+      langSmithApiKey: undefined,
+      size: knowledgeBase.latestAlerts,
+      replacements: {},
+      subAction: 'invokeAI',
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts
index 34b3d9b8a4c20..f800651985217 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts
+++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts
@@ -56,14 +56,13 @@ const getAzureApiVersionParameter = (url: string): string | undefined => {
 };
 
 export const getRequestBody = ({
-  actionTypeId,
   alertsIndexPattern,
   anonymizationFields,
-  connectorId,
+  genAiConfig,
   knowledgeBase,
+  selectedConnector,
   traceOptions,
 }: {
-  actionTypeId: string;
   alertsIndexPattern: string | undefined;
   anonymizationFields: {
     page: number;
@@ -82,14 +81,13 @@ export const getRequestBody = ({
       namespace?: string | undefined;
     }>;
   };
-  connectorId: string | undefined;
+  genAiConfig?: GenAiConfig;
   knowledgeBase: KnowledgeBaseConfig;
+  selectedConnector?: ActionConnector;
   traceOptions: TraceOptions;
 }): AttackDiscoveryPostRequestBody => ({
-  actionTypeId,
   alertsIndexPattern: alertsIndexPattern ?? '',
   anonymizationFields: anonymizationFields?.data ?? [],
-  connectorId: connectorId ?? '',
   langSmithProject: isEmpty(traceOptions?.langSmithProject)
     ? undefined
     : traceOptions?.langSmithProject,
@@ -99,4 +97,10 @@ export const getRequestBody = ({
   size: knowledgeBase.latestAlerts,
   replacements: {}, // no need to re-use replacements in the current implementation
   subAction: 'invokeAI', // non-streaming
+  apiConfig: {
+    connectorId: selectedConnector?.id ?? '',
+    actionTypeId: selectedConnector?.actionTypeId ?? '',
+    provider: genAiConfig?.apiProvider,
+    model: genAiConfig?.defaultModel,
+  },
 });
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx
new file mode 100644
index 0000000000000..ca6f2c8ca02df
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx
@@ -0,0 +1,229 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { renderHook, act } from '@testing-library/react-hooks';
+import { useKibana } from '../../common/lib/kibana';
+import { useFetchAnonymizationFields } from '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields';
+import { usePollApi } from '../hooks/use_poll_api';
+import { useAttackDiscovery } from '.';
+import { ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations';
+import { useKibana as mockUseKibana } from '../../common/lib/kibana/__mocks__';
+
+jest.mock(
+  '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields'
+);
+jest.mock('../hooks/use_poll_api');
+jest.mock('../../common/lib/kibana');
+const mockedUseKibana = mockUseKibana();
+
+const mockAssistantAvailability = jest.fn(() => ({
+  hasAssistantPrivilege: true,
+}));
+const mockConnectors: unknown[] = [
+  {
+    id: 'test-id',
+    name: 'OpenAI connector',
+    actionTypeId: '.gen-ai',
+  },
+];
+jest.mock('@kbn/elastic-assistant', () => ({
+  AssistantOverlay: () => <div data-test-subj="assistantOverlay" />,
+  useAssistantContext: () => ({
+    alertsIndexPattern: 'alerts-index-pattern',
+    assistantAvailability: mockAssistantAvailability(),
+    knowledgeBase: {
+      isEnabledRAGAlerts: true,
+      isEnabledKnowledgeBase: true,
+      latestAlerts: 20,
+    },
+  }),
+  useLoadConnectors: () => ({
+    isFetched: true,
+    data: mockConnectors,
+  }),
+}));
+const mockAttackDiscoveryPost = {
+  timestamp: '2024-06-13T17:50:59.409Z',
+  id: 'f48da2ca-b63e-4387-82d7-1423a68500aa',
+  backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001',
+  createdAt: '2024-06-13T17:50:59.409Z',
+  updatedAt: '2024-06-17T15:00:39.680Z',
+  lastViewedAt: '2024-06-17T15:00:39.680Z',
+  users: [
+    {
+      id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+      name: 'elastic',
+    },
+  ],
+  namespace: 'default',
+  status: 'running',
+  alertsContextCount: 20,
+  apiConfig: {
+    connectorId: 'my-gpt4o-ai',
+    actionTypeId: '.gen-ai',
+  },
+  attackDiscoveries: [],
+  replacements: { abcd: 'hostname' },
+  generationIntervals: [
+    {
+      date: '2024-06-13T17:52:47.619Z',
+      durationMs: 108214,
+    },
+  ],
+  averageIntervalMs: 108214,
+};
+
+const mockAttackDiscoveries = [
+  {
+    summaryMarkdown:
+      'A critical malware incident involving {{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} has been detected. The malware, identified as AppPool.vbs, was executed with high privileges and attempted to evade detection.',
+    id: '2204421f-bb42-4b96-a200-016a5388a029',
+    title: 'Critical Malware Incident on Windows Host',
+    mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'],
+    alertIds: [
+      '43cf228ce034aeeb89a1ef41cd7fcdef1a3db574fa5237badf1fa9eaa3425c21',
+      '44ae9696784b3baeee75935f889e55ce77da338241230b5c488f90a8bace43e2',
+      '2479b1b1007952d3b6dc26344c89f44c1bb396de56f1655eca408135b3d05af8',
+    ],
+    detailsMarkdown: 'details',
+    entitySummaryMarkdown:
+      '{{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} are involved in a critical malware incident.',
+    timestamp: '2024-06-07T20:04:35.715Z',
+  },
+];
+const setLoadingConnectorId = jest.fn();
+const setStatus = jest.fn();
+
+describe('useAttackDiscovery', () => {
+  const mockPollApi = {
+    cancelAttackDiscovery: jest.fn(),
+    data: null,
+    pollApi: jest.fn(),
+    status: 'succeeded',
+    stats: null,
+    setStatus,
+    didInitialFetch: true,
+  };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    (useKibana as jest.Mock).mockReturnValue(mockedUseKibana);
+    (useFetchAnonymizationFields as jest.Mock).mockReturnValue({ data: [] });
+    (usePollApi as jest.Mock).mockReturnValue(mockPollApi);
+  });
+
+  it('initializes with correct default values', () => {
+    const { result } = renderHook(() =>
+      useAttackDiscovery({ connectorId: 'test-id', setLoadingConnectorId })
+    );
+
+    expect(result.current.alertsContextCount).toBeNull();
+    expect(result.current.approximateFutureTime).toBeNull();
+    expect(result.current.attackDiscoveries).toEqual([]);
+    expect(result.current.failureReason).toBeNull();
+    expect(result.current.generationIntervals).toEqual([]);
+    expect(result.current.isLoading).toBe(false);
+    expect(result.current.lastUpdated).toBeNull();
+    expect(result.current.replacements).toEqual({});
+    expect(mockPollApi.pollApi).toHaveBeenCalled();
+    expect(setLoadingConnectorId).toHaveBeenCalledWith(null);
+  });
+
+  it('fetches attack discoveries and updates state correctly', async () => {
+    (mockedUseKibana.services.http.fetch as jest.Mock).mockResolvedValue(mockAttackDiscoveryPost);
+
+    const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' }));
+    await act(async () => {
+      await result.current.fetchAttackDiscoveries();
+    });
+    expect(mockedUseKibana.services.http.fetch).toHaveBeenCalledWith(
+      '/internal/elastic_assistant/attack_discovery',
+      {
+        body: '{"alertsIndexPattern":"alerts-index-pattern","anonymizationFields":[],"size":20,"replacements":{},"subAction":"invokeAI","apiConfig":{"connectorId":"test-id","actionTypeId":".gen-ai"}}',
+        method: 'POST',
+        version: '1',
+      }
+    );
+    // called on mount
+    expect(mockPollApi.pollApi).toHaveBeenCalledTimes(1);
+    expect(setStatus).toHaveBeenCalledWith('running');
+    expect(result.current.isLoadingPost).toBe(false);
+  });
+
+  it('handles fetch errors correctly', async () => {
+    const errorMessage = 'Fetch error';
+    const error = new Error(errorMessage);
+    (mockedUseKibana.services.http.fetch as jest.Mock).mockRejectedValue(error);
+
+    const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' }));
+
+    await act(async () => {
+      await result.current.fetchAttackDiscoveries();
+    });
+
+    expect(mockedUseKibana.services.notifications.toasts.addDanger).toHaveBeenCalledWith(error, {
+      title: ERROR_GENERATING_ATTACK_DISCOVERIES,
+      text: errorMessage,
+    });
+    expect(result.current.isLoading).toBe(false);
+    expect(result.current.isLoadingPost).toBe(false);
+  });
+
+  it('sets loading state based on poll status', async () => {
+    (usePollApi as jest.Mock).mockReturnValue({ ...mockPollApi, status: 'running' });
+    const { result } = renderHook(() =>
+      useAttackDiscovery({ connectorId: 'test-id', setLoadingConnectorId })
+    );
+
+    expect(result.current.isLoading).toBe(true);
+    expect(setLoadingConnectorId).toHaveBeenCalledWith('test-id');
+  });
+
+  it('sets state based off of poll data', () => {
+    (usePollApi as jest.Mock).mockReturnValue({
+      ...mockPollApi,
+      data: {
+        ...mockAttackDiscoveryPost,
+        status: 'succeeded',
+        attackDiscoveries: mockAttackDiscoveries,
+        connectorId: 'test-id',
+      },
+      status: 'succeeded',
+    });
+    const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' }));
+
+    expect(result.current.alertsContextCount).toEqual(20);
+    // this is set from usePollApi
+    expect(result.current.approximateFutureTime).toBeNull();
+
+    expect(result.current.attackDiscoveries).toEqual(mockAttackDiscoveries);
+    expect(result.current.failureReason).toBeNull();
+    expect(result.current.generationIntervals).toEqual(mockAttackDiscoveryPost.generationIntervals);
+    expect(result.current.isLoading).toBe(false);
+    expect(result.current.lastUpdated).toEqual(new Date(mockAttackDiscoveries[0].timestamp));
+    expect(result.current.replacements).toEqual(mockAttackDiscoveryPost.replacements);
+  });
+
+  it('sets state based off of failed poll data', () => {
+    (usePollApi as jest.Mock).mockReturnValue({
+      ...mockPollApi,
+      data: {
+        ...mockAttackDiscoveryPost,
+        status: 'failed',
+        failureReason: 'something bad',
+        connectorId: 'test-id',
+      },
+      status: 'failed',
+    });
+    const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' }));
+
+    expect(result.current.failureReason).toEqual('something bad');
+    expect(result.current.isLoading).toBe(false);
+    expect(result.current.lastUpdated).toEqual(null);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx
index 1a768d9d21b72..87f0f4d9a5089 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx
@@ -5,71 +5,49 @@
  * 2.0.
  */
 
-import {
-  ATTACK_DISCOVERY_STORAGE_KEY,
-  DEFAULT_ASSISTANT_NAMESPACE,
-  useAssistantContext,
-  useLoadConnectors,
-} from '@kbn/elastic-assistant';
-import type { Replacements } from '@kbn/elastic-assistant-common';
+import { useAssistantContext, useLoadConnectors } from '@kbn/elastic-assistant';
+import type {
+  AttackDiscoveries,
+  Replacements,
+  GenerationInterval,
+  AttackDiscoveryStats,
+} from '@kbn/elastic-assistant-common';
 import {
   AttackDiscoveryPostResponse,
   ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
 } from '@kbn/elastic-assistant-common';
-import { uniq } from 'lodash/fp';
-import moment from 'moment';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
-import * as uuid from 'uuid';
 import { useFetchAnonymizationFields } from '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields';
 
-import { useSpaceId } from '../../common/hooks/use_space_id';
+import { usePollApi } from '../hooks/use_poll_api';
 import { useKibana } from '../../common/lib/kibana';
-import { replaceNewlineLiterals } from '../helpers';
-import { useAttackDiscoveryTelemetry } from '../hooks/use_attack_discovery_telemetry';
-import {
-  CACHED_ATTACK_DISCOVERIES_SESSION_STORAGE_KEY,
-  GENERATION_INTERVALS_LOCAL_STORAGE_KEY,
-  getErrorToastText,
-  getFallbackActionTypeId,
-} from '../pages/helpers';
-import { getAverageIntervalSeconds } from '../pages/loading_callout/countdown/last_times_popover/helpers';
-import type { CachedAttackDiscoveries } from '../pages/session_storage';
-import {
-  getLocalStorageGenerationIntervals,
-  getSessionStorageCachedAttackDiscoveries,
-  setLocalStorageGenerationIntervals,
-  setSessionStorageCachedAttackDiscoveries,
-} from '../pages/session_storage';
-import { ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations';
-import type { AttackDiscovery, GenerationInterval } from '../types';
+import { getErrorToastText } from '../pages/helpers';
+import { CONNECTOR_ERROR, ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations';
 import { getGenAiConfig, getRequestBody } from './helpers';
 
-const MAX_GENERATION_INTERVALS = 5;
-
 export interface UseAttackDiscovery {
   alertsContextCount: number | null;
   approximateFutureTime: Date | null;
-  attackDiscoveries: AttackDiscovery[];
-  cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries>;
+  attackDiscoveries: AttackDiscoveries;
+  didInitialFetch: boolean;
+  failureReason: string | null;
   fetchAttackDiscoveries: () => Promise<void>;
-  generationIntervals: Record<string, GenerationInterval[]> | undefined;
+  generationIntervals: GenerationInterval[] | undefined;
   isLoading: boolean;
+  isLoadingPost: boolean;
   lastUpdated: Date | null;
+  onCancel: () => Promise<void>;
   replacements: Replacements;
+  stats: AttackDiscoveryStats | null;
 }
 
 export const useAttackDiscovery = ({
   connectorId,
-  setConnectorId,
   setLoadingConnectorId,
 }: {
   connectorId: string | undefined;
-  setConnectorId?: (connectorId: string | undefined) => void;
   setLoadingConnectorId?: (loadingConnectorId: string | null) => void;
 }): UseAttackDiscovery => {
-  const { reportAttackDiscoveriesGenerated } = useAttackDiscoveryTelemetry();
-  const spaceId: string | undefined = useSpaceId();
-
   // get Kibana services and connectors
   const {
     http,
@@ -79,6 +57,20 @@ export const useAttackDiscovery = ({
     http,
   });
 
+  // generation can take a long time, so we calculate an approximate future time:
+  const [approximateFutureTime, setApproximateFutureTime] = useState<Date | null>(null);
+  // whether post request is loading (dont show actions)
+  const [isLoadingPost, setIsLoadingPost] = useState<boolean>(false);
+  const {
+    cancelAttackDiscovery,
+    data: pollData,
+    pollApi,
+    status: pollStatus,
+    setStatus: setPollStatus,
+    didInitialFetch,
+    stats,
+  } = usePollApi({ http, setApproximateFutureTime, toasts, connectorId });
+
   // loading boilerplate:
   const [isLoading, setIsLoading] = useState(false);
 
@@ -87,245 +79,123 @@ export const useAttackDiscovery = ({
 
   const { data: anonymizationFields } = useFetchAnonymizationFields();
 
-  const sessionStorageKey = useMemo(
-    () =>
-      spaceId != null // spaceId is undefined while the useSpaceId hook is loading
-        ? `${DEFAULT_ASSISTANT_NAMESPACE}.${ATTACK_DISCOVERY_STORAGE_KEY}.${spaceId}.${CACHED_ATTACK_DISCOVERIES_SESSION_STORAGE_KEY}`
-        : '',
-    [spaceId]
-  );
-
-  const [cachedAttackDiscoveries, setCachedAttackDiscoveries] = useState<
-    Record<string, CachedAttackDiscoveries>
-  >({});
-
-  useEffect(() => {
-    const decoded = getSessionStorageCachedAttackDiscoveries(sessionStorageKey);
-
-    if (decoded != null) {
-      setCachedAttackDiscoveries(decoded);
-
-      const decodedAttackDiscoveries = decoded[connectorId ?? '']?.attackDiscoveries;
-      if (decodedAttackDiscoveries != null) {
-        setAttackDiscoveries(decodedAttackDiscoveries);
-      }
-
-      const decodedReplacements = decoded[connectorId ?? '']?.replacements;
-      if (decodedReplacements != null) {
-        setReplacements(decodedReplacements);
-      }
-
-      const decodedLastUpdated = decoded[connectorId ?? '']?.updated;
-      if (decodedLastUpdated != null) {
-        setLastUpdated(decodedLastUpdated);
-      }
-    }
-  }, [connectorId, sessionStorageKey]);
-
-  const localStorageKey = useMemo(
-    () =>
-      spaceId != null // spaceId is undefined while the useSpaceId hook is loading
-        ? `${DEFAULT_ASSISTANT_NAMESPACE}.${ATTACK_DISCOVERY_STORAGE_KEY}.${spaceId}.${GENERATION_INTERVALS_LOCAL_STORAGE_KEY}`
-        : '',
-    [spaceId]
-  );
-
-  const [generationIntervals, setGenerationIntervals] = React.useState<
-    Record<string, GenerationInterval[]> | undefined
-  >(undefined);
-
-  useEffect(() => {
-    const decoded = getLocalStorageGenerationIntervals(localStorageKey);
-
-    if (decoded != null) {
-      setGenerationIntervals(decoded);
-    }
-  }, [localStorageKey]);
-
-  // get connector intervals from generation intervals:
-  const connectorIntervals = useMemo(
-    () => generationIntervals?.[connectorId ?? ''] ?? [],
-    [connectorId, generationIntervals]
-  );
-
-  // generation can take a long time, so we calculate an approximate future time:
-  const [approximateFutureTime, setApproximateFutureTime] = useState<Date | null>(null);
-
-  // get cached attack discoveries if they exist:
-  const [attackDiscoveries, setAttackDiscoveries] = useState<AttackDiscovery[]>(
-    cachedAttackDiscoveries[connectorId ?? '']?.attackDiscoveries ?? []
-  );
-
-  // get replacements from the cached attack discoveries if they exist:
-  const [replacements, setReplacements] = useState<Replacements>(
-    cachedAttackDiscoveries[connectorId ?? '']?.replacements ?? {}
-  );
-
-  // get last updated from the cached attack discoveries if it exists:
-  const [lastUpdated, setLastUpdated] = useState<Date | null>(
-    cachedAttackDiscoveries[connectorId ?? '']?.updated ?? null
-  );
+  const [generationIntervals, setGenerationIntervals] = React.useState<GenerationInterval[]>([]);
+  const [attackDiscoveries, setAttackDiscoveries] = useState<AttackDiscoveries>([]);
+  const [replacements, setReplacements] = useState<Replacements>({});
+  const [lastUpdated, setLastUpdated] = useState<Date | null>(null);
+  const [failureReason, setFailureReason] = useState<string | null>(null);
 
   // number of alerts sent as context to the LLM:
   const [alertsContextCount, setAlertsContextCount] = useState<number | null>(null);
 
-  /** The callback when users click the Generate button */
-  const fetchAttackDiscoveries = useCallback(async () => {
+  const requestBody = useMemo(() => {
     const selectedConnector = aiConnectors?.find((connector) => connector.id === connectorId);
-    const actionTypeId = getFallbackActionTypeId(selectedConnector?.actionTypeId);
-
-    const body = getRequestBody({
-      actionTypeId,
+    const genAiConfig = getGenAiConfig(selectedConnector);
+    return getRequestBody({
       alertsIndexPattern,
       anonymizationFields,
-      connectorId,
+      genAiConfig,
       knowledgeBase,
+      selectedConnector,
       traceOptions,
     });
+  }, [
+    aiConnectors,
+    alertsIndexPattern,
+    anonymizationFields,
+    connectorId,
+    knowledgeBase,
+    traceOptions,
+  ]);
 
-    try {
-      setLoadingConnectorId?.(connectorId ?? null);
-      setIsLoading(true);
-      setApproximateFutureTime(null);
+  useEffect(() => {
+    if (connectorId != null && connectorId !== '') {
+      pollApi();
+      setLoadingConnectorId?.(connectorId);
+      setAlertsContextCount(null);
+      setFailureReason(null);
+      setLastUpdated(null);
+      setReplacements({});
+      setAttackDiscoveries([]);
+      setGenerationIntervals([]);
+      setPollStatus(null);
+    }
+  }, [pollApi, connectorId, setLoadingConnectorId, setPollStatus]);
 
-      const averageIntervalSeconds = getAverageIntervalSeconds(connectorIntervals);
-      setApproximateFutureTime(moment().add(averageIntervalSeconds, 'seconds').toDate());
+  useEffect(() => {
+    if (pollStatus === 'running') {
+      setIsLoading(true);
+      setLoadingConnectorId?.(connectorId ?? null);
+    } else {
+      setIsLoading(false);
+      setLoadingConnectorId?.(null);
+    }
+  }, [pollStatus, connectorId, setLoadingConnectorId]);
 
-      const startTime = moment(); // start timing the generation
+  useEffect(() => {
+    if (pollData !== null && pollData.connectorId === connectorId) {
+      if (pollData.alertsContextCount != null) setAlertsContextCount(pollData.alertsContextCount);
+      if (pollData.attackDiscoveries.length) {
+        // get last updated from timestamp, not from updatedAt since this can indicate the last time the status was updated
+        setLastUpdated(new Date(pollData.attackDiscoveries[0].timestamp));
+      }
+      if (pollData.replacements) setReplacements(pollData.replacements);
+      if (pollData.status === 'failed' && pollData.failureReason) {
+        setFailureReason(pollData.failureReason);
+      } else {
+        setFailureReason(null);
+      }
+      setAttackDiscoveries(pollData.attackDiscoveries);
+      setGenerationIntervals(pollData.generationIntervals);
+    }
+  }, [connectorId, pollData]);
 
+  /** The callback when users click the Generate button */
+  const fetchAttackDiscoveries = useCallback(async () => {
+    try {
+      if (requestBody.apiConfig.connectorId === '' || requestBody.apiConfig.actionTypeId === '') {
+        throw new Error(CONNECTOR_ERROR);
+      }
+      setLoadingConnectorId?.(connectorId ?? null);
+      // sets isLoading to true
+      setPollStatus('running');
+      setIsLoadingPost(true);
+      setApproximateFutureTime(null);
       // call the internal API to generate attack discoveries:
       const rawResponse = await http.fetch('/internal/elastic_assistant/attack_discovery', {
-        body: JSON.stringify(body),
+        body: JSON.stringify(requestBody),
         method: 'POST',
         version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
       });
-
+      setIsLoadingPost(false);
       const parsedResponse = AttackDiscoveryPostResponse.safeParse(rawResponse);
+
       if (!parsedResponse.success) {
         throw new Error('Failed to parse the response');
       }
-
-      const endTime = moment();
-      const durationMs = endTime.diff(startTime);
-
-      // update the cached attack discoveries with the new discoveries:
-      const newAttackDiscoveries: AttackDiscovery[] =
-        parsedResponse.data.attackDiscoveries?.map((attackDiscovery) => ({
-          alertIds: [...attackDiscovery.alertIds],
-          detailsMarkdown: replaceNewlineLiterals(attackDiscovery.detailsMarkdown),
-          entitySummaryMarkdown: replaceNewlineLiterals(attackDiscovery.entitySummaryMarkdown),
-          id: uuid.v4(),
-          mitreAttackTactics: attackDiscovery.mitreAttackTactics,
-          summaryMarkdown: replaceNewlineLiterals(attackDiscovery.summaryMarkdown),
-          title: attackDiscovery.title,
-        })) ?? [];
-
-      const responseReplacements = parsedResponse.data.replacements ?? {};
-      const newReplacements = { ...replacements, ...responseReplacements };
-
-      const newLastUpdated = new Date();
-
-      const newCachedAttackDiscoveries = {
-        ...cachedAttackDiscoveries,
-        [connectorId ?? '']: {
-          connectorId: connectorId ?? '',
-          attackDiscoveries: newAttackDiscoveries,
-          replacements: newReplacements,
-          updated: newLastUpdated,
-        },
-      };
-
-      setCachedAttackDiscoveries(newCachedAttackDiscoveries);
-      setSessionStorageCachedAttackDiscoveries({
-        key: sessionStorageKey,
-        cachedAttackDiscoveries: newCachedAttackDiscoveries,
-      });
-
-      // update the generation intervals with the latest timing:
-      const previousConnectorIntervals: GenerationInterval[] =
-        generationIntervals != null ? generationIntervals[connectorId ?? ''] ?? [] : [];
-      const newInterval: GenerationInterval = {
-        connectorId: connectorId ?? '',
-        date: new Date(),
-        durationMs,
-      };
-
-      const newConnectorIntervals = [newInterval, ...previousConnectorIntervals].slice(
-        0,
-        MAX_GENERATION_INTERVALS
-      );
-      const newGenerationIntervals: Record<string, GenerationInterval[]> = {
-        ...generationIntervals,
-        [connectorId ?? '']: newConnectorIntervals,
-      };
-
-      const newAlertsContextCount = parsedResponse.data.alertsContextCount ?? null;
-      setAlertsContextCount(newAlertsContextCount);
-
-      // only update the generation intervals if alerts were sent as context to the LLM:
-      if (newAlertsContextCount != null && newAlertsContextCount > 0) {
-        setGenerationIntervals(newGenerationIntervals);
-        setLocalStorageGenerationIntervals({
-          key: localStorageKey,
-          generationIntervals: newGenerationIntervals,
-        });
-      }
-
-      setReplacements(newReplacements);
-      setAttackDiscoveries(newAttackDiscoveries);
-      setLastUpdated(newLastUpdated);
-      setConnectorId?.(connectorId);
-      const connectorConfig = getGenAiConfig(selectedConnector);
-      reportAttackDiscoveriesGenerated({
-        actionTypeId,
-        durationMs,
-        alertsContextCount: newAlertsContextCount ?? 0,
-        alertsCount: uniq(
-          newAttackDiscoveries.flatMap((attackDiscovery) => attackDiscovery.alertIds)
-        ).length,
-        configuredAlertsCount: knowledgeBase.latestAlerts,
-        provider: connectorConfig?.apiProvider,
-        model: connectorConfig?.defaultModel,
-      });
     } catch (error) {
+      setIsLoadingPost(false);
+      setIsLoading(false);
       toasts?.addDanger(error, {
         title: ERROR_GENERATING_ATTACK_DISCOVERIES,
         text: getErrorToastText(error),
       });
-    } finally {
-      setApproximateFutureTime(null);
-      setLoadingConnectorId?.(null);
-      setIsLoading(false);
     }
-  }, [
-    aiConnectors,
-    alertsIndexPattern,
-    anonymizationFields,
-    cachedAttackDiscoveries,
-    connectorId,
-    connectorIntervals,
-    generationIntervals,
-    http,
-    knowledgeBase,
-    localStorageKey,
-    replacements,
-    reportAttackDiscoveriesGenerated,
-    sessionStorageKey,
-    setConnectorId,
-    setLoadingConnectorId,
-    toasts,
-    traceOptions,
-  ]);
+  }, [connectorId, http, requestBody, setLoadingConnectorId, setPollStatus, toasts]);
 
   return {
     alertsContextCount,
     approximateFutureTime,
     attackDiscoveries,
-    cachedAttackDiscoveries,
+    didInitialFetch,
+    failureReason,
     fetchAttackDiscoveries,
     generationIntervals,
     isLoading,
+    isLoadingPost,
     lastUpdated,
+    onCancel: cancelAttackDiscovery,
     replacements,
+    stats,
   };
 };
diff --git a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx
index c586e887ce5e7..92ae4d094ed48 100644
--- a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx
@@ -10,11 +10,15 @@ import React, { useCallback, useMemo } from 'react';
 import { useDispatch } from 'react-redux';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { dataTableActions, TableId } from '@kbn/securitysolution-data-table';
+import { LeftPanelNotesTab } from '../../../../flyout/document_details/left';
 import { useRouteSpy } from '../../../utils/route/use_route_spy';
 import { useKibana } from '../../../lib/kibana';
 import { timelineActions } from '../../../../timelines/store';
 import { SecurityPageName } from '../../../../../common/constants';
-import { DocumentDetailsRightPanelKey } from '../../../../flyout/document_details/shared/constants/panel_keys';
+import {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from '../../../../flyout/document_details/shared/constants/panel_keys';
 import type {
   SetEventsDeleted,
   SetEventsLoading,
@@ -100,6 +104,9 @@ const RowActionComponent = ({
 
   // TODO remove when https://github.com/elastic/security-team/issues/7462 is merged
   const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
   const showExpandableFlyout =
     pageName === SecurityPageName.attackDiscovery ? true : !expandableFlyoutDisabled;
 
@@ -162,6 +169,32 @@ const RowActionComponent = ({
     tabType,
   ]);
 
+  const toggleShowNotes = useCallback(
+    () =>
+      openFlyout({
+        right: {
+          id: DocumentDetailsRightPanelKey,
+          params: {
+            id: eventId,
+            indexName,
+            scopeId: tableId,
+          },
+        },
+        left: {
+          id: DocumentDetailsLeftPanelKey,
+          path: {
+            tab: LeftPanelNotesTab,
+          },
+          params: {
+            id: eventId,
+            indexName,
+            scopeId: tableId,
+          },
+        },
+      }),
+    [eventId, indexName, openFlyout, tableId]
+  );
+
   const Action = controlColumn.rowCellRender;
 
   if (!timelineNonEcsData || !ecsData || !eventId) {
@@ -191,6 +224,9 @@ const RowActionComponent = ({
           showCheckboxes={showCheckboxes}
           tabType={tabType}
           timelineId={tableId}
+          toggleShowNotes={
+            !expandableFlyoutDisabled && securitySolutionNotesEnabled ? toggleShowNotes : undefined
+          }
           width={width}
           setEventsLoading={setEventsLoading}
           setEventsDeleted={setEventsDeleted}
diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap
index 3a964febf4c85..87f926e5b2b7f 100644
--- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap
@@ -8,12 +8,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "agent.ephemeral_id": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "8a4f500f",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -26,12 +23,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "agent.hostname": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -44,12 +38,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "agent.id": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "8a4f500d",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -62,12 +53,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "agent.name": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "foo",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -84,12 +72,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "auditd.data.a0": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -100,12 +85,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "auditd.data.a1": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -116,12 +98,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "auditd.data.a2": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -136,12 +115,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "@timestamp": Object {
             "aggregatable": true,
-            "category": "base",
-            "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.",
             "esTypes": Array [
               "date",
             ],
-            "example": "2016-05-23T08:05:34.853Z",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -155,10 +131,7 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "_id": Object {
             "aggregatable": false,
-            "category": "base",
-            "description": "Each document has an _id that uniquely identifies it",
             "esTypes": Array [],
-            "example": "Y-6TfmcB0WOhS6qyMv3s",
             "indexes": Array [
               "auditbeat",
               "filebeat",
@@ -170,12 +143,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "message": Object {
             "aggregatable": false,
-            "category": "base",
-            "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.",
             "esTypes": Array [
               "text",
             ],
-            "example": "Hello World",
             "format": "string",
             "indexes": Array [
               "auditbeat",
@@ -192,12 +162,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "client.address": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -210,12 +177,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "client.bytes": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Bytes sent from the client to the server.",
             "esTypes": Array [
               "long",
             ],
-            "example": "184",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -228,12 +192,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "client.domain": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Client domain.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -246,12 +207,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "client.geo.country_iso_code": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Country ISO code.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "CA",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -268,12 +226,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "cloud.account.id": Object {
             "aggregatable": true,
-            "category": "cloud",
-            "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "666777888999",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -286,12 +241,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "cloud.availability_zone": Object {
             "aggregatable": true,
-            "category": "cloud",
-            "description": "Availability zone in which this host is running.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "us-east-1c",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -308,12 +260,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "container.id": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Unique container id.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -326,12 +275,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "container.image.name": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Name of the image the container was built on.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -344,12 +290,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "container.image.tag": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Container image tag.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -366,12 +309,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "destination.address": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -384,12 +324,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "destination.bytes": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Bytes sent from the destination to the source.",
             "esTypes": Array [
               "long",
             ],
-            "example": "184",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -402,12 +339,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "destination.domain": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Destination domain.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -420,12 +354,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "destination.ip": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.",
             "esTypes": Array [
               "ip",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -438,12 +369,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "destination.port": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Port of the destination.",
             "esTypes": Array [
               "long",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -460,12 +388,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "event.action": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "user-password-change",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -484,12 +409,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "event.category": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "authentication",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -508,12 +430,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "event.end": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "event.end contains the date when the event ended or when the activity was last observed.",
             "esTypes": Array [
               "date",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "apm-*-transaction*",
@@ -532,12 +451,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "event.kind": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "This defined the type of event eg. alerts",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "signal",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -556,12 +472,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "event.severity": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.",
             "esTypes": Array [
               "long",
             ],
-            "example": 7,
             "format": "number",
             "indexes": Array [
               "apm-*-transaction*",
@@ -584,8 +497,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "host.name": Object {
             "aggregatable": true,
-            "category": "host",
-            "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.",
             "esTypes": Array [
               "keyword",
             ],
@@ -611,9 +522,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "nestedField.firstAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -631,9 +539,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "nestedField.secondAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -651,9 +556,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "nestedField.thirdAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -690,12 +592,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "source.ip": Object {
             "aggregatable": true,
-            "category": "source",
-            "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.",
             "esTypes": Array [
               "ip",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -708,12 +607,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
           },
           "source.port": Object {
             "aggregatable": true,
-            "category": "source",
-            "description": "Port of the source.",
             "esTypes": Array [
               "long",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -730,12 +626,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] =
         "fields": Object {
           "user.name": Object {
             "aggregatable": true,
-            "category": "user",
-            "description": "Short name or login of the user.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "albert",
             "format": "string",
             "indexes": Array [
               "auditbeat",
diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts
index ae0a417e5e32a..5b14d7919baf2 100644
--- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts
+++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { isString, keyBy } from 'lodash/fp';
+import { keyBy } from 'lodash/fp';
 import type { DropResult } from '@hello-pangea/dnd';
 import type { Dispatch } from 'redux';
 import type { ActionCreator } from 'typescript-fsa';
@@ -231,10 +231,7 @@ export const addFieldToColumns = ({
     dispatch(
       scopedActions.upsertColumn({
         column: {
-          category: column.category,
           columnHeaderType: 'not-filtered',
-          description: isString(column.description) ? column.description : undefined,
-          example: isString(column.example) ? column.example : undefined,
           id: fieldId,
           linkField: linkFields[fieldId] ?? undefined,
           type: column.type,
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx
index 275cc4751e6fe..cda92909a51ac 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx
@@ -8,10 +8,10 @@
 import React, { memo, useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiTextColor, EuiToolTip } from '@elastic/eui';
+import { ISOLATED_LABEL, ISOLATING_LABEL, RELEASING_LABEL } from './translations';
 import type { EndpointPendingActions } from '../../../../../../common/endpoint/types';
 import type { ResponseActionsApiCommandNames } from '../../../../../../common/endpoint/service/response_actions/constants';
 import { RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP } from '../../../../../../common/endpoint/service/response_actions/constants';
-import { ISOLATED_LABEL, ISOLATING_LABEL, RELEASING_LABEL } from './endpoint/endpoint_agent_status';
 import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator';
 
 const TOOLTIP_CONTENT_STYLES: React.CSSProperties = Object.freeze({ width: 150 });
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx
index b384cf9a542a2..3a347d7d9a7d3 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx
@@ -7,57 +7,79 @@
 
 import React from 'react';
 
+import type { AgentStatusProps } from './agent_status';
 import { AgentStatus } from './agent_status';
-import {
-  useAgentStatusHook,
-  useGetAgentStatus,
-} from '../../../../../management/hooks/agents/use_get_agent_status';
+import { useGetAgentStatus as _useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status';
 import {
   RESPONSE_ACTION_AGENT_TYPE,
   type ResponseActionAgentType,
 } from '../../../../../../common/endpoint/service/response_actions/constants';
 import type { AppContextTestRender } from '../../../../mock/endpoint';
 import { createAppRootMockRenderer } from '../../../../mock/endpoint';
+import type { AgentStatusInfo } from '../../../../../../common/endpoint/types';
 import { HostStatus } from '../../../../../../common/endpoint/types';
 
 jest.mock('../../../../hooks/use_experimental_features');
 jest.mock('../../../../../management/hooks/agents/use_get_agent_status');
 
-const getAgentStatusMock = useGetAgentStatus as jest.Mock;
-const useAgentStatusHookMock = useAgentStatusHook as jest.Mock;
+const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock;
 
 describe('AgentStatus component', () => {
   let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>;
   let renderResult: ReturnType<typeof render>;
   let mockedContext: AppContextTestRender;
-  const agentId = 'agent-id-1234';
-  const baseData = {
-    agentId,
-    found: true,
-    isolated: false,
-    lastSeen: new Date().toISOString(),
-    pendingActions: {},
-    status: HostStatus.HEALTHY,
-  };
+  let baseData: AgentStatusInfo;
+  let agentId: string;
+  let statusInfoProp: AgentStatusProps['statusInfo'];
 
   beforeEach(() => {
     mockedContext = createAppRootMockRenderer();
-    render = (agentType?: ResponseActionAgentType) =>
-      (renderResult = mockedContext.render(
-        <AgentStatus agentId={agentId} agentType={agentType || 'endpoint'} data-test-subj="test" />
+    render = (agentType: ResponseActionAgentType = 'endpoint') => {
+      baseData.agentType = agentType;
+
+      return (renderResult = mockedContext.render(
+        <AgentStatus
+          agentId={agentId}
+          agentType={agentType}
+          statusInfo={statusInfoProp}
+          data-test-subj="test"
+        />
       ));
-
-    getAgentStatusMock.mockReturnValue({ data: {} });
-    useAgentStatusHookMock.mockImplementation(() => useGetAgentStatus);
+    };
+    useGetAgentStatusMock.mockReturnValue({ data: {} });
+    baseData = {
+      agentId,
+      found: true,
+      isolated: false,
+      lastSeen: new Date().toISOString(),
+      pendingActions: {},
+      status: HostStatus.HEALTHY,
+      agentType: 'endpoint',
+    };
+    agentId = 'agent-id-1234';
+    statusInfoProp = undefined;
   });
 
   afterEach(() => {
     jest.clearAllMocks();
   });
 
+  it('should call the API when `agentId` is provided and no `statusInfo` prop', () => {
+    render();
+
+    expect(useGetAgentStatusMock).toHaveBeenCalledWith(agentId, 'endpoint', { enabled: true });
+  });
+
+  it('should NOT call the API when `statusInfo` prop is provided', () => {
+    statusInfoProp = baseData;
+    render();
+
+    expect(useGetAgentStatusMock).toHaveBeenCalledWith(agentId, 'endpoint', { enabled: false });
+  });
+
   describe.each(RESPONSE_ACTION_AGENT_TYPE)('`%s` agentType', (agentType) => {
     it('should show agent health status info', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: { ...baseData, agentType, status: HostStatus.OFFLINE },
         },
@@ -74,7 +96,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Isolated status', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -95,7 +117,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Releasing status', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -119,7 +141,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Isolating status', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -142,7 +164,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Releasing status also when multiple actions are pending', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -168,7 +190,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Isolating status also when multiple actions are pending', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -193,7 +215,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and pending action status when not isolating/releasing', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
@@ -217,7 +239,7 @@ describe('AgentStatus component', () => {
     });
 
     it('should show agent health status info and Isolated when pending actions', () => {
-      getAgentStatusMock.mockReturnValue({
+      useGetAgentStatusMock.mockReturnValue({
         data: {
           [agentId]: {
             ...baseData,
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx
index c4e61103e6a82..19a93978c1b05 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx
@@ -8,20 +8,14 @@
 import { EuiBadge, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import React, { useMemo } from 'react';
 import styled from 'styled-components';
+import { getAgentStatusText } from './translations';
+import { getEmptyTagValue } from '../../../empty_value';
 import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
-import type { EndpointPendingActions } from '../../../../../../common/endpoint/types';
-import { useAgentStatusHook } from '../../../../../management/hooks/agents/use_get_agent_status';
+import { useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status';
 import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator';
 import { HOST_STATUS_TO_BADGE_COLOR } from '../../../../../management/pages/endpoint_hosts/view/host_constants';
-import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features';
-import { getAgentStatusText } from '../agent_status_text';
 import { AgentResponseActionsStatus } from './agent_response_action_status';
-export enum SENTINEL_ONE_NETWORK_STATUS {
-  CONNECTING = 'connecting',
-  CONNECTED = 'connected',
-  DISCONNECTING = 'disconnecting',
-  DISCONNECTED = 'disconnected',
-}
+import type { AgentStatusInfo } from '../../../../../../common/endpoint/types';
 
 const EuiFlexGroupStyled = styled(EuiFlexGroup)`
   .isolation-status {
@@ -29,42 +23,61 @@ const EuiFlexGroupStyled = styled(EuiFlexGroup)`
   }
 `;
 
+export interface AgentStatusProps {
+  agentType: ResponseActionAgentType;
+  /**
+   * The agent id for which the status will be displayed. An API call will be made to retrieve the
+   * status. If using this component on a List view, use `statusInfo` prop instead and make API
+   * call to retrieve all statuses of displayed agents at the view level in order to keep API calls
+   * to a minimum
+   *
+   * NOTE: will be ignored if `statusInfo` prop is defined!
+   */
+  agentId?: string;
+  /**
+   * The status info for the agent. When both `agentId` and `agentInfo` are defined, `agentInfo` will
+   * be used and `agentId` ignored.
+   */
+  statusInfo?: AgentStatusInfo;
+  'data-test-subj'?: string;
+}
+
+/**
+ * Display the agent status of a host that supports response actions.
+ *
+ * IMPORTANT: If using this component on a list view, ensure that `statusInfo` prop is used instead
+ *            of `agentId` in order to ensure API calls are kept to a minimum and the list view
+ *            remains more performant.
+ */
 export const AgentStatus = React.memo(
-  ({
-    agentId,
-    agentType,
-    'data-test-subj': dataTestSubj,
-  }: {
-    agentId: string;
-    agentType: ResponseActionAgentType;
-    'data-test-subj'?: string;
-  }) => {
+  ({ agentId, agentType, statusInfo, 'data-test-subj': dataTestSubj }: AgentStatusProps) => {
     const getTestId = useTestIdGenerator(dataTestSubj);
-    const useAgentStatus = useAgentStatusHook();
-
-    const sentinelOneManualHostActionsEnabled = useIsExperimentalFeatureEnabled(
-      'sentinelOneManualHostActionsEnabled'
-    );
-    const responseActionsCrowdstrikeManualHostIsolationEnabled = useIsExperimentalFeatureEnabled(
-      'responseActionsCrowdstrikeManualHostIsolationEnabled'
-    );
-    const { data, isLoading, isFetched } = useAgentStatus([agentId], agentType, {
-      enabled:
-        sentinelOneManualHostActionsEnabled || responseActionsCrowdstrikeManualHostIsolationEnabled,
+    const enableApiCall = useMemo(() => {
+      return !statusInfo || !agentId;
+    }, [agentId, statusInfo]);
+    const { data, isLoading, isFetched } = useGetAgentStatus(agentId ?? '', agentType, {
+      enabled: enableApiCall,
     });
-    const agentStatus = data?.[`${agentId}`];
+    const agentStatus: AgentStatusInfo | undefined = useMemo(() => {
+      if (statusInfo) {
+        return statusInfo;
+      }
+      return data?.[agentId ?? ''];
+    }, [agentId, data, statusInfo]);
+
     const isCurrentlyIsolated = Boolean(agentStatus?.isolated);
-    const pendingActions = agentStatus?.pendingActions;
 
     const [hasPendingActions, hostPendingActions] = useMemo<
-      [boolean, EndpointPendingActions['pending_actions']]
+      [boolean, AgentStatusInfo['pendingActions']]
     >(() => {
+      const pendingActions = agentStatus?.pendingActions;
+
       if (!pendingActions) {
         return [false, {}];
       }
 
       return [Object.keys(pendingActions).length > 0, pendingActions];
-    }, [pendingActions]);
+    }, [agentStatus?.pendingActions]);
 
     return (
       <EuiFlexGroupStyled
@@ -83,7 +96,7 @@ export const AgentStatus = React.memo(
               {getAgentStatusText(agentStatus.status)}
             </EuiBadge>
           ) : (
-            '-'
+            getEmptyTagValue()
           )}
         </EuiFlexItem>
         {(isCurrentlyIsolated || hasPendingActions) && (
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx
deleted file mode 100644
index 40119d452d2c1..0000000000000
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { AppContextTestRender } from '../../../../../mock/endpoint';
-import { createAppRootMockRenderer } from '../../../../../mock/endpoint';
-import type {
-  EndpointAgentStatusByIdProps,
-  EndpointAgentStatusProps,
-} from './endpoint_agent_status';
-import { EndpointAgentStatus, EndpointAgentStatusById } from './endpoint_agent_status';
-import type {
-  EndpointPendingActions,
-  HostInfoInterface,
-} from '../../../../../../../common/endpoint/types';
-import { HostStatus } from '../../../../../../../common/endpoint/types';
-import React from 'react';
-import { EndpointActionGenerator } from '../../../../../../../common/endpoint/data_generators/endpoint_action_generator';
-import { EndpointDocGenerator } from '../../../../../../../common/endpoint/generate_data';
-import { composeHttpHandlerMocks } from '../../../../../mock/endpoint/http_handler_mock_factory';
-import type { EndpointMetadataHttpMocksInterface } from '../../../../../../management/pages/endpoint_hosts/mocks';
-import { endpointMetadataHttpMocks } from '../../../../../../management/pages/endpoint_hosts/mocks';
-import type { ResponseActionsHttpMocksInterface } from '../../../../../../management/mocks/response_actions_http_mocks';
-import { responseActionsHttpMocks } from '../../../../../../management/mocks/response_actions_http_mocks';
-import { waitFor, within, fireEvent } from '@testing-library/react';
-import { getEmptyValue } from '../../../../empty_value';
-import { clone, set } from 'lodash';
-
-type AgentStatusApiMocksInterface = EndpointMetadataHttpMocksInterface &
-  ResponseActionsHttpMocksInterface;
-
-// API mocks composed from the endpoint metadata API mock and the response actions API mocks
-const agentStatusApiMocks = composeHttpHandlerMocks<AgentStatusApiMocksInterface>([
-  endpointMetadataHttpMocks,
-  responseActionsHttpMocks,
-]);
-
-describe('When showing Endpoint Agent Status', () => {
-  const ENDPOINT_ISOLATION_OBJ_PATH = 'metadata.Endpoint.state.isolation';
-
-  let appTestContext: AppContextTestRender;
-  let render: () => ReturnType<AppContextTestRender['render']>;
-  let renderResult: ReturnType<AppContextTestRender['render']>;
-  let endpointDetails: HostInfoInterface;
-  let actionsSummary: EndpointPendingActions;
-  let apiMocks: ReturnType<typeof agentStatusApiMocks>;
-
-  const triggerTooltip = () => {
-    fireEvent.mouseOver(renderResult.getByTestId('test-actionStatuses-tooltipTrigger'));
-  };
-
-  beforeEach(() => {
-    appTestContext = createAppRootMockRenderer();
-    apiMocks = agentStatusApiMocks(appTestContext.coreStart.http);
-
-    const actionGenerator = new EndpointActionGenerator('seed');
-
-    actionsSummary = actionGenerator.generateAgentPendingActionsSummary();
-    actionsSummary.pending_actions = {};
-    apiMocks.responseProvider.agentPendingActionsSummary.mockImplementation(() => {
-      return {
-        data: [actionsSummary],
-      };
-    });
-
-    const metadataGenerator = new EndpointDocGenerator('seed');
-
-    endpointDetails = {
-      metadata: metadataGenerator.generateHostMetadata(),
-      host_status: HostStatus.HEALTHY,
-    } as HostInfoInterface;
-    apiMocks.responseProvider.metadataDetails.mockImplementation(() => endpointDetails);
-  });
-
-  describe('and using `EndpointAgentStatus` component', () => {
-    let renderProps: EndpointAgentStatusProps;
-
-    beforeEach(() => {
-      renderProps = {
-        'data-test-subj': 'test',
-        endpointHostInfo: endpointDetails,
-      };
-
-      render = () => {
-        renderResult = appTestContext.render(<EndpointAgentStatus {...renderProps} />);
-        return renderResult;
-      };
-    });
-
-    it('should display status', () => {
-      const { getByTestId } = render();
-
-      expect(getByTestId('test').textContent).toEqual('Healthy');
-    });
-
-    it('should display status and isolated', () => {
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      const { getByTestId } = render();
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolated');
-    });
-
-    it('should display status and isolated and display other pending actions in tooltip', async () => {
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      actionsSummary.pending_actions = {
-        'get-file': 2,
-        execute: 6,
-      };
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolated');
-
-      triggerTooltip();
-
-      await waitFor(() => {
-        expect(
-          within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent')
-            .textContent
-        ).toEqual('Pending actions:execute6get-file2');
-      });
-    });
-
-    it('should display status and action count', async () => {
-      actionsSummary.pending_actions = {
-        'get-file': 2,
-        execute: 6,
-      };
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('Healthy8 actions pending');
-    });
-
-    it('should display status and isolating', async () => {
-      actionsSummary.pending_actions = {
-        isolate: 1,
-      };
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolating');
-    });
-
-    it('should display status and isolating and have tooltip with other pending actions', async () => {
-      actionsSummary.pending_actions = {
-        isolate: 1,
-        'kill-process': 1,
-      };
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolating');
-
-      triggerTooltip();
-
-      await waitFor(() => {
-        expect(
-          within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent')
-            .textContent
-        ).toEqual('Pending actions:isolate1kill-process1');
-      });
-    });
-
-    it('should display status and releasing', async () => {
-      actionsSummary.pending_actions = {
-        unisolate: 1,
-      };
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyReleasing');
-    });
-
-    it('should display status and releasing and show other pending actions in tooltip', async () => {
-      actionsSummary.pending_actions = {
-        unisolate: 1,
-        'kill-process': 1,
-      };
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyReleasing');
-
-      triggerTooltip();
-
-      await waitFor(() => {
-        expect(
-          within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent')
-            .textContent
-        ).toEqual('Pending actions:kill-process1release1');
-      });
-    });
-
-    it('should show individual action count in tooltip (including unknown actions) sorted asc', async () => {
-      actionsSummary.pending_actions = {
-        isolate: 1,
-        'get-file': 2,
-        execute: 6,
-        'kill-process': 1,
-        foo: 2,
-      };
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolating');
-
-      triggerTooltip();
-
-      await waitFor(() => {
-        expect(
-          within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent')
-            .textContent
-        ).toEqual('Pending actions:execute6foo2get-file2isolate1kill-process1');
-      });
-    });
-
-    it('should still display status and isolation state if action summary api fails', async () => {
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      apiMocks.responseProvider.agentPendingActionsSummary.mockImplementation(() => {
-        throw new Error('test error');
-      });
-
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual('HealthyIsolated');
-    });
-
-    describe('and `autoRefresh` prop is set to true', () => {
-      beforeEach(() => {
-        renderProps.autoRefresh = true;
-        jest.useFakeTimers();
-      });
-
-      afterEach(() => {
-        jest.useRealTimers();
-      });
-
-      it('should keep actions up to date when autoRefresh is true', async () => {
-        apiMocks.responseProvider.agentPendingActionsSummary.mockReturnValueOnce({
-          data: [actionsSummary],
-        });
-
-        const { getByTestId } = render();
-
-        await waitFor(() => {
-          expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled();
-        });
-
-        expect(getByTestId('test').textContent).toEqual('Healthy');
-
-        apiMocks.responseProvider.agentPendingActionsSummary.mockReturnValueOnce({
-          data: [
-            {
-              ...actionsSummary,
-              pending_actions: {
-                'kill-process': 2,
-                'running-processes': 2,
-              },
-            },
-          ],
-        });
-
-        jest.runOnlyPendingTimers();
-
-        await waitFor(() => {
-          expect(getByTestId('test').textContent).toEqual('Healthy4 actions pending');
-        });
-      });
-    });
-  });
-
-  describe('And when using EndpointAgentStatusById', () => {
-    let renderProps: EndpointAgentStatusByIdProps;
-
-    beforeEach(() => {
-      jest.useFakeTimers();
-
-      renderProps = {
-        'data-test-subj': 'test',
-        endpointAgentId: '123',
-      };
-
-      render = () => {
-        renderResult = appTestContext.render(<EndpointAgentStatusById {...renderProps} />);
-        return renderResult;
-      };
-    });
-
-    afterEach(() => {
-      jest.useRealTimers();
-    });
-
-    it('should display status and isolated', async () => {
-      set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true);
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(getByTestId('test').textContent).toEqual('HealthyIsolated');
-      });
-    });
-
-    it('should display empty value if API call to host metadata fails', async () => {
-      apiMocks.responseProvider.metadataDetails.mockImplementation(() => {
-        throw new Error('test error');
-      });
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(apiMocks.responseProvider.metadataDetails).toHaveBeenCalled();
-      });
-
-      expect(getByTestId('test').textContent).toEqual(getEmptyValue());
-    });
-
-    it('should keep agent status up to date when autoRefresh is true', async () => {
-      renderProps.autoRefresh = true;
-      apiMocks.responseProvider.metadataDetails.mockReturnValueOnce(endpointDetails);
-
-      const { getByTestId } = render();
-
-      await waitFor(() => {
-        expect(getByTestId('test').textContent).toEqual('Healthy');
-      });
-
-      apiMocks.responseProvider.metadataDetails.mockReturnValueOnce(
-        set(clone(endpointDetails), 'metadata.Endpoint.state.isolation', true)
-      );
-      jest.runOnlyPendingTimers();
-
-      await waitFor(() => {
-        expect(getByTestId('test').textContent).toEqual('HealthyIsolated');
-      });
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx
deleted file mode 100644
index a2b6d869f9d2d..0000000000000
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React, { memo, useMemo } from 'react';
-import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui';
-import styled from 'styled-components';
-import { i18n } from '@kbn/i18n';
-import { DEFAULT_POLL_INTERVAL } from '../../../../../../management/common/constants';
-import { HOST_STATUS_TO_BADGE_COLOR } from '../../../../../../management/pages/endpoint_hosts/view/host_constants';
-import { getEmptyValue } from '../../../../empty_value';
-
-import { useGetEndpointPendingActionsSummary } from '../../../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary';
-import { useTestIdGenerator } from '../../../../../../management/hooks/use_test_id_generator';
-import type { EndpointPendingActions, HostInfo } from '../../../../../../../common/endpoint/types';
-import { useGetEndpointDetails } from '../../../../../../management/hooks';
-import { getAgentStatusText } from '../../agent_status_text';
-import { AgentResponseActionsStatus } from '../agent_response_action_status';
-
-export const ISOLATING_LABEL = i18n.translate(
-  'xpack.securitySolution.endpoint.agentAndActionsStatus.isIsolating',
-  { defaultMessage: 'Isolating' }
-);
-export const RELEASING_LABEL = i18n.translate(
-  'xpack.securitySolution.endpoint.agentAndActionsStatus.isUnIsolating',
-  { defaultMessage: 'Releasing' }
-);
-export const ISOLATED_LABEL = i18n.translate(
-  'xpack.securitySolution.endpoint.agentAndActionsStatus.isolated',
-  { defaultMessage: 'Isolated' }
-);
-
-const EuiFlexGroupStyled = styled(EuiFlexGroup)`
-  .isolation-status {
-    margin-left: ${({ theme }) => theme.eui.euiSizeS};
-  }
-`;
-
-export interface EndpointAgentStatusProps {
-  endpointHostInfo: HostInfo;
-  /**
-   * If set to `true` (Default), then the endpoint isolation state and response actions count
-   * will be kept up to date by querying the API periodically.
-   * Only used if `pendingActions` is not defined.
-   */
-  autoRefresh?: boolean;
-  /**
-   * The pending actions for the host (as return by the pending actions summary api).
-   * If undefined, then this component will call the API to retrieve that list of pending actions.
-   * NOTE: if this prop is defined, it will invalidate `autoRefresh` prop.
-   */
-  pendingActions?: EndpointPendingActions['pending_actions'];
-  'data-test-subj'?: string;
-}
-
-/**
- * Displays the status of an Endpoint agent along with its Isolation state or the number of pending
- * response actions against it.
- *
- * TIP: if you only have the Endpoint's `agent.id`, then consider using `EndpointAgentStatusById`,
- * which will call the needed APIs to get the information necessary to display the status.
- */
-
-// TODO: used by `EndpointAgentStatusById`
-// remove usage/code when `agentStatusClientEnabled` FF is enabled and removed
-export const EndpointAgentStatus = memo<EndpointAgentStatusProps>(
-  ({ endpointHostInfo, autoRefresh = true, pendingActions, 'data-test-subj': dataTestSubj }) => {
-    const getTestId = useTestIdGenerator(dataTestSubj);
-    const { data: endpointPendingActions } = useGetEndpointPendingActionsSummary(
-      [endpointHostInfo.metadata.agent.id],
-      {
-        refetchInterval: autoRefresh ? DEFAULT_POLL_INTERVAL : false,
-        enabled: !pendingActions,
-      }
-    );
-
-    const [hasPendingActions, hostPendingActions] = useMemo<
-      [boolean, EndpointPendingActions['pending_actions']]
-    >(() => {
-      if (!endpointPendingActions && !pendingActions) {
-        return [false, {}];
-      }
-
-      const pending = pendingActions
-        ? pendingActions
-        : endpointPendingActions?.data[0].pending_actions ?? {};
-
-      return [Object.keys(pending).length > 0, pending];
-    }, [endpointPendingActions, pendingActions]);
-
-    const status = endpointHostInfo.host_status;
-    const isIsolated = Boolean(endpointHostInfo.metadata.Endpoint.state?.isolation);
-
-    return (
-      <EuiFlexGroupStyled
-        gutterSize="none"
-        responsive={false}
-        className="eui-textTruncate"
-        data-test-subj={dataTestSubj}
-      >
-        <EuiFlexItem grow={false}>
-          <EuiBadge
-            color={status != null ? HOST_STATUS_TO_BADGE_COLOR[status] : 'warning'}
-            data-test-subj={getTestId('agentStatus')}
-            className="eui-textTruncate"
-          >
-            {getAgentStatusText(status)}
-          </EuiBadge>
-        </EuiFlexItem>
-        {(isIsolated || hasPendingActions) && (
-          <EuiFlexItem grow={false} className="eui-textTruncate isolation-status">
-            <AgentResponseActionsStatus
-              data-test-subj={getTestId('actionStatuses')}
-              isIsolated={isIsolated}
-              pendingActions={hostPendingActions}
-            />
-          </EuiFlexItem>
-        )}
-      </EuiFlexGroupStyled>
-    );
-  }
-);
-EndpointAgentStatus.displayName = 'EndpointAgentStatus';
-
-export interface EndpointAgentStatusByIdProps {
-  endpointAgentId: string;
-  /**
-   * If set to `true` (Default), then the endpoint status and isolation/action counts will
-   * be kept up to date by querying the API periodically
-   */
-  autoRefresh?: boolean;
-  'data-test-subj'?: string;
-}
-
-/**
- * Given an Endpoint Agent Id, it will make the necessary API calls and then display the agent
- * status using the `<EndpointAgentStatus />` component.
- *
- * NOTE: if the `HostInfo` is already available, consider using `<EndpointAgentStatus/>` component
- * instead in order to avoid duplicate API calls.
- */
-export const EndpointAgentStatusById = memo<EndpointAgentStatusByIdProps>(
-  ({ endpointAgentId, autoRefresh, 'data-test-subj': dataTestSubj }) => {
-    const { data } = useGetEndpointDetails(endpointAgentId, {
-      refetchInterval: autoRefresh ? DEFAULT_POLL_INTERVAL : false,
-    });
-
-    if (!data) {
-      return (
-        <EuiText size="xs" data-test-subj={dataTestSubj}>
-          <p>{getEmptyValue()}</p>
-        </EuiText>
-      );
-    }
-
-    return (
-      <EndpointAgentStatus
-        endpointHostInfo={data}
-        data-test-subj={dataTestSubj}
-        autoRefresh={autoRefresh}
-      />
-    );
-  }
-);
-EndpointAgentStatusById.displayName = 'EndpointAgentStatusById';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts
index f6c67097ef46d..8acabf42608ff 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts
@@ -5,6 +5,4 @@
  * 2.0.
  */
 
-export * from './endpoint/endpoint_agent_status';
-export type { EndpointAgentStatusProps } from './endpoint/endpoint_agent_status';
 export * from './agent_status';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts
similarity index 55%
rename from x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts
rename to x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts
index ac0987e295283..d3d95e7b4977b 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts
@@ -6,7 +6,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import type { HostStatus } from '../../../../../common/endpoint/types';
+import type { HostStatus } from '../../../../../../common/endpoint/types';
 
 export const getAgentStatusText = (hostStatus: HostStatus) => {
   return i18n.translate('xpack.securitySolution.endpoint.list.hostStatusValue', {
@@ -15,3 +15,15 @@ export const getAgentStatusText = (hostStatus: HostStatus) => {
     values: { hostStatus },
   });
 };
+export const ISOLATING_LABEL = i18n.translate(
+  'xpack.securitySolution.endpoint.agentAndActionsStatus.isIsolating',
+  { defaultMessage: 'Isolating' }
+);
+export const RELEASING_LABEL = i18n.translate(
+  'xpack.securitySolution.endpoint.agentAndActionsStatus.isUnIsolating',
+  { defaultMessage: 'Releasing' }
+);
+export const ISOLATED_LABEL = i18n.translate(
+  'xpack.securitySolution.endpoint.agentAndActionsStatus.isolated',
+  { defaultMessage: 'Isolated' }
+);
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.test.tsx
new file mode 100644
index 0000000000000..87b144ad51d1c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.test.tsx
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type { AppContextTestRender } from '../../../../mock/endpoint';
+import { createAppRootMockRenderer } from '../../../../mock/endpoint';
+import type { AgentTypeIntegrationProps } from './agent_type_integration';
+import { AgentTypeIntegration, INTEGRATION_SECTION_LABEL } from './agent_type_integration';
+import { getAgentTypeName } from '../../../../translations';
+import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../common/endpoint/service/response_actions/constants';
+
+describe('AgentTypeIntegration component', () => {
+  let props: AgentTypeIntegrationProps;
+  let render: () => ReturnType<AppContextTestRender['render']>;
+
+  describe.each(RESPONSE_ACTION_AGENT_TYPE)('for agent type: %s', (agentType) => {
+    beforeEach(() => {
+      const mockedContext = createAppRootMockRenderer();
+
+      props = { agentType, 'data-test-subj': 'test' };
+
+      render = () => {
+        return mockedContext.render(<AgentTypeIntegration {...props} />);
+      };
+    });
+
+    it('should display agent type vendor name', () => {
+      const { getByTestId } = render();
+
+      expect(getByTestId('test-name')).toHaveTextContent(getAgentTypeName(agentType));
+    });
+
+    it('should display agent type vendor icon', () => {
+      const { getByTestId } = render();
+
+      expect(getByTestId('test-vendorLogo'));
+    });
+
+    it('should display label', () => {
+      const { getByTestId } = render();
+
+      expect(getByTestId('test-label')).toHaveTextContent(INTEGRATION_SECTION_LABEL);
+    });
+
+    it('should include tooltip', () => {
+      const { getByTestId } = render();
+
+      expect(getByTestId('test-tooltipAnchor'));
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.tsx
new file mode 100644
index 0000000000000..e99c91fe05dbb
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import type { EuiTextProps } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator';
+import { AgentTypeVendorLogo } from '../agent_type_vendor_logo';
+import { getAgentTypeName } from '../../../../translations';
+import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
+
+export const INTEGRATION_SECTION_LABEL = i18n.translate(
+  'xpack.securitySolution.agentTypeIntegration.integrationSectionLabel',
+  { defaultMessage: 'Integration' }
+);
+
+/**
+ * Shows the vendor Icon and name associated with an agent type
+ */
+export interface AgentTypeIntegrationProps {
+  agentType: ResponseActionAgentType;
+  textSize?: EuiTextProps['size'];
+  /**
+   * If content should be shown vertically (label and integration name on separate lines) or horizontally (next to each other).
+   * Defaults to `vertical`
+   */
+  layout?: 'vertical' | 'horizontal';
+  'data-test-subj'?: string;
+}
+
+export const AgentTypeIntegration = memo<AgentTypeIntegrationProps>(
+  ({ agentType, textSize = 's', layout = 'vertical', 'data-test-subj': dataTestSubj }) => {
+    const testId = useTestIdGenerator(dataTestSubj);
+
+    return (
+      <EuiFlexGroup
+        direction={layout === 'horizontal' ? 'row' : 'column'}
+        gutterSize="s"
+        data-test-subj={testId()}
+      >
+        <EuiFlexItem grow={false}>
+          <EuiText color="subdued" size={textSize} data-test-subj={testId('label')}>
+            {INTEGRATION_SECTION_LABEL}&nbsp;
+            <EuiIconTip
+              content={
+                <FormattedMessage
+                  id="xpack.securitySolution.responder.header.integrationSectionLabelTooltip"
+                  defaultMessage="The integration used to execute response actions on this host"
+                />
+              }
+              position={layout === 'horizontal' ? 'bottom' : 'right'}
+              anchorProps={{ 'data-test-subj': testId('tooltipAnchor') }}
+            />
+          </EuiText>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <EuiFlexGroup responsive={false} wrap={false} gutterSize="xs" alignItems="center">
+            <EuiFlexItem grow={false}>
+              <AgentTypeVendorLogo agentType={agentType} data-test-subj={testId('vendorLogo')} />
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiText size={textSize} data-test-subj={testId('name')}>
+                {getAgentTypeName(agentType)}
+              </EuiText>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    );
+  }
+);
+AgentTypeIntegration.displayName = 'AgentTypeIntegration';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/index.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/index.ts
new file mode 100644
index 0000000000000..d1dcc86cdecfc
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './agent_type_integration';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.test.tsx
new file mode 100644
index 0000000000000..a2195004dfb03
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.test.tsx
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../common/endpoint/service/response_actions/constants';
+import type { AppContextTestRender } from '../../../../mock/endpoint';
+import { createAppRootMockRenderer } from '../../../../mock/endpoint';
+import React from 'react';
+import type { AgentTypeVendorLogoProps } from './agent_type_vendor_logo';
+import { AgentTypeVendorLogo } from './agent_type_vendor_logo';
+import { waitFor } from '@testing-library/react';
+import { getAgentTypeName } from '../../../../translations';
+
+describe('AgentTypeVendorLogo component', () => {
+  let props: AgentTypeVendorLogoProps;
+  let render: () => ReturnType<AppContextTestRender['render']>;
+
+  beforeEach(() => {
+    const mockedContext = createAppRootMockRenderer();
+
+    props = { agentType: 'endpoint', 'data-test-subj': 'test' };
+
+    render = () => {
+      return mockedContext.render(<AgentTypeVendorLogo {...props} />);
+    };
+  });
+
+  it.each(RESPONSE_ACTION_AGENT_TYPE)('should display logo for: %s', async (agentType) => {
+    props.agentType = agentType;
+    const { getByTitle } = render();
+
+    await waitFor(() => {
+      expect(getByTitle(getAgentTypeName(agentType)));
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.tsx
new file mode 100644
index 0000000000000..2933e840288c0
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.tsx
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useEffect, useState } from 'react';
+import type { EuiIconProps } from '@elastic/eui';
+import { EuiIcon } from '@elastic/eui';
+import { useIsMounted } from '@kbn/securitysolution-hook-utils';
+import { getAgentTypeName } from '../../../../translations';
+import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
+
+const fetchSentinelOneLogoSvg = (): Promise<string> =>
+  import('./images/sentinelone_logo.svg').then((response) => response.default);
+const fetchCrowdstrikeLogoSvg = (): Promise<string> =>
+  import('./images/crowdstrike_logo.svg').then((response) => response.default);
+
+export interface AgentTypeVendorLogoProps
+  extends Pick<EuiIconProps, 'size' | 'data-test-subj' | 'color'> {
+  agentType: ResponseActionAgentType;
+}
+
+export const AgentTypeVendorLogo = memo<AgentTypeVendorLogoProps>(
+  ({ agentType, ...otherIconProps }) => {
+    const isMounted = useIsMounted();
+    const [iconType, setIconType] = useState<EuiIconProps['type']>('empty');
+
+    useEffect(() => {
+      if (isMounted()) {
+        const setSvgToState = (svgContent: string) => {
+          if (isMounted()) {
+            setIconType(svgContent);
+          }
+        };
+
+        switch (agentType) {
+          case 'endpoint':
+            setIconType('logoSecurity');
+            break;
+
+          case 'sentinel_one':
+            fetchSentinelOneLogoSvg().then(setSvgToState);
+            break;
+
+          case 'crowdstrike':
+            fetchCrowdstrikeLogoSvg().then(setSvgToState);
+            break;
+        }
+      }
+    }, [agentType, isMounted]);
+
+    return (
+      <EuiIcon
+        type={iconType}
+        title={iconType === 'empty' ? '' : getAgentTypeName(agentType)}
+        size="m"
+        {...otherIconProps}
+      />
+    );
+  }
+);
+AgentTypeVendorLogo.displayName = 'AgentTypeVendorLogo';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/crowdstrike_logo.svg b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/crowdstrike_logo.svg
new file mode 100644
index 0000000000000..f877656d6f0b0
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/crowdstrike_logo.svg
@@ -0,0 +1 @@
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 116.4 88.8" style="enable-background:new 0 0 116.4 88.8" xml:space="preserve"><style>.st0{fill-rule:evenodd;clip-rule:evenodd;fill:#fc0000}</style><g id="Page-1"><g id="Home-v4.1" transform="translate(-26 -22)"><g id="CS-Logo" transform="translate(26 22)"><path id="Fill-110" class="st0" d="M113.3 71.7c-2.6-.2-7.1-.8-12.9 1.8-5.7 2.7-8 2.8-10.8 2.5.8 1.4 2.5 3.3 7.7 3.7 5.2.3 7.8.5 5 6.6.1-1.8-.4-5.4-5.6-4.8s-6.4 5-.8 7.1c-1.8.3-5.7.5-8.4-6.1-1.9.8-4.8 2.3-10.2-1.5 1.9.6 4.2.7 4.2.7-4.7-2.1-9.3-6-12.1-9.7 2.3 1.6 4.8 3.2 7.4 3.5-3-3.4-10-10.3-18.6-17.3 5.5 3.3 12.2 8.6 23 7.4 10.9-1.2 18.2-3.5 32.1 6.1"/><path id="Fill-112" class="st0" d="M67.4 70.4c-7.3-2.7-8.8-3.3-18.2-5.3-9.3-2.1-18.5-6.3-24.7-13 4.3 2.8 13.2 8.3 22.3 7.7-1.4-1.8-3.9-3.1-7-4.5 3.4.7 13.8 3 27.6 15.1"/><path id="Fill-118" class="st0" d="M104.1 64.3c6.4.6 6.1 1.5 6.1 3.1-2.7-2-6.1-3.1-6.1-3.1M65.5 31.2C37.9 23.3 26.9 13.4 18.4 3.1c3.9 11.9 13.1 16.2 23 24.2s10.5 12.3 13.4 17.1c6.5 10.6 7.5 12.3 14 16.9 7.6 5 16.8 1.6 26.9 3.2s18.4 9.2 20.2 12.1c2.1-3.7-2.9-9.1-4.3-10.5.7-4.9-10.9-7.1-15.4-8.7-.9-.3-3-.8-1.2-5.2 2.5-6.1 5.2-11.4-29.5-21"/><path id="Fill-114" class="st0" d="M52.1 45.9c-1.8-4.9-4.9-11.1-19.9-20.4C24.8 20.8 14.1 15 0 0c1 4 5.5 14.5 27.9 28.2 7.4 4.9 17 7.9 24.2 17.7"/><path id="Fill-116" class="st0" d="M52.1 55.1c-1.7-4.1-5.3-9.4-19-16.9-6.4-3.6-17.2-9.2-27-19.8.9 3.8 5.4 12.2 24.9 22.7 5.4 3.1 14.5 5.9 21.1 14"/></g></g></g></svg>
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/sentinelone_logo.svg b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/sentinelone_logo.svg
new file mode 100644
index 0000000000000..7e48c6ca17f03
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/images/sentinelone_logo.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32"><g stroke="null"><path fill="#6B0AEA" stroke="none" d="M13.367.09h4.295v25.68h-4.295zM18.703 31.968l4.292-2.66V7.077a10.707 10.707 0 0 0-4.292-1.901v26.793zm-10.68-2.646 4.294 2.66V5.187a10.7 10.7 0 0 0-4.294 1.888v22.246zM24.04 1.31v27.528l1.995-1.236a5.086 5.086 0 0 0 2.29-4.322v-13c.01-3.75-4.284-8.97-4.284-8.97zM2.698 23.27a5.076 5.076 0 0 0 2.29 4.322l1.995 1.237V1.311s-4.285 5.22-4.285 8.969v12.99z"/></g></svg>
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/index.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/index.ts
new file mode 100644
index 0000000000000..41cfcdb56f3fb
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_type_vendor_logo/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './agent_type_vendor_logo';
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx
index 5c459286fe11b..c5bc4a01f5140 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx
@@ -5,140 +5,188 @@
  * 2.0.
  */
 
-import type { FC, PropsWithChildren } from 'react';
-import React from 'react';
-import { renderHook } from '@testing-library/react-hooks';
+import type { UseHostIsolationActionProps } from './use_host_isolation_action';
 import { useHostIsolationAction } from './use_host_isolation_action';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import type { AppContextTestRender, UserPrivilegesMockSetter } from '../../../../mock/endpoint';
+import { createAppRootMockRenderer, endpointAlertDataMock } from '../../../../mock/endpoint';
+import { agentStatusGetHttpMock } from '../../../../../management/mocks';
+import { useUserPrivileges as _useUserPrivileges } from '../../../user_privileges';
+import type { AlertTableContextMenuItem } from '../../../../../detections/components/alerts_table/types';
+import type { ResponseActionsApiCommandNames } from '../../../../../../common/endpoint/service/response_actions/constants';
+import { agentStatusMocks } from '../../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
+import { ISOLATE_HOST, UNISOLATE_HOST } from './translations';
+import type React from 'react';
 import {
-  useAgentStatusHook,
-  useGetAgentStatus,
-  useGetSentinelOneAgentStatus,
-} from '../../../../../management/hooks/agents/use_get_agent_status';
-import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features';
-import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
-import { ExperimentalFeaturesService as ExperimentalFeaturesServiceMock } from '../../../../experimental_features_service';
-import { endpointAlertDataMock } from '../../../../mock/endpoint';
-
-jest.mock('../../../../../management/hooks/agents/use_get_agent_status');
-jest.mock('../../../../hooks/use_experimental_features');
-jest.mock('../../../../experimental_features_service');
-
-const useIsExperimentalFeatureEnabledMock = useIsExperimentalFeatureEnabled as jest.Mock;
-const useGetSentinelOneAgentStatusMock = useGetSentinelOneAgentStatus as jest.Mock;
-const useGetAgentStatusMock = useGetAgentStatus as jest.Mock;
-const useAgentStatusHookMock = useAgentStatusHook as jest.Mock;
+  HOST_ENDPOINT_UNENROLLED_TOOLTIP,
+  LOADING_ENDPOINT_DATA_TOOLTIP,
+  NOT_FROM_ENDPOINT_HOST_TOOLTIP,
+} from '../..';
+import { HostStatus } from '../../../../../../common/endpoint/types';
+
+jest.mock('../../../user_privileges');
+
+const useUserPrivilegesMock = _useUserPrivileges as jest.Mock;
 
 describe('useHostIsolationAction', () => {
-  const setFeatureFlags = (isEnabled: boolean = true): void => {
-    useIsExperimentalFeatureEnabledMock.mockReturnValue(isEnabled);
-    (ExperimentalFeaturesServiceMock.get as jest.Mock).mockReturnValue({
-      responseActionsSentinelOneV1Enabled: isEnabled,
-      responseActionsCrowdstrikeManualHostIsolationEnabled: isEnabled,
-    });
+  let appContextMock: AppContextTestRender;
+  let hookProps: UseHostIsolationActionProps;
+  let apiMock: ReturnType<typeof agentStatusGetHttpMock>;
+  let authMockSetter: UserPrivilegesMockSetter;
+
+  const buildExpectedMenuItemResult = (
+    overrides: Partial<AlertTableContextMenuItem> = {}
+  ): AlertTableContextMenuItem => {
+    return {
+      'data-test-subj': 'isolate-host-action-item',
+      disabled: false,
+      key: 'isolate-host-action-item',
+      name: ISOLATE_HOST,
+      onClick: expect.any(Function),
+      ...overrides,
+    };
   };
 
-  const createReactQueryWrapper = () => {
-    const queryClient = new QueryClient();
-    const wrapper: FC<PropsWithChildren<unknown>> = ({ children }) => (
-      <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
-    );
-    return wrapper;
+  const render = () => {
+    return appContextMock.renderHook(() => useHostIsolationAction(hookProps));
   };
 
-  it('should NOT return the menu item for Events', () => {
-    useAgentStatusHookMock.mockImplementation(() => {
-      return jest.fn(() => {
-        return { data: {} };
-      });
+  beforeEach(() => {
+    appContextMock = createAppRootMockRenderer();
+    authMockSetter = appContextMock.getUserPrivilegesMockSetter(useUserPrivilegesMock);
+    hookProps = {
+      closePopover: jest.fn(),
+      detailsData: endpointAlertDataMock.generateEndpointAlertDetailsItemData(),
+      isHostIsolationPanelOpen: false,
+      onAddIsolationStatusClick: jest.fn(),
+    };
+    apiMock = agentStatusGetHttpMock(appContextMock.coreStart.http);
+    appContextMock.setExperimentalFlag({
+      responseActionsSentinelOneV1Enabled: true,
+      responseActionsCrowdstrikeManualHostIsolationEnabled: true,
     });
-    setFeatureFlags(true);
-    const { result } = renderHook(
-      () => {
-        return useHostIsolationAction({
-          closePopover: jest.fn(),
-          detailsData: endpointAlertDataMock.generateAlertDetailsItemDataForAgentType('foo', {
-            'kibana.alert.rule.uuid': undefined,
-          }),
-          isHostIsolationPanelOpen: false,
-          onAddIsolationStatusClick: jest.fn(),
-        });
-      },
-      { wrapper: createReactQueryWrapper() }
-    );
+    authMockSetter.set({
+      canIsolateHost: true,
+      canUnIsolateHost: true,
+    });
+  });
 
-    expect(result.current).toHaveLength(0);
+  afterEach(() => {
+    authMockSetter.reset();
   });
 
-  // FIXME:PT refactor describe below - its not actually testing the component! Tests seem to be for `useAgentStatusHook()`
-  describe.each([
-    ['useGetSentinelOneAgentStatus', useGetSentinelOneAgentStatusMock],
-    ['useGetAgentStatus', useGetAgentStatusMock],
-  ])('works with %s hook', (name, hook) => {
-    const render = (agentTypeAlert: ResponseActionAgentType) =>
-      renderHook(
-        () =>
-          useHostIsolationAction({
-            closePopover: jest.fn(),
-            detailsData:
-              endpointAlertDataMock.generateAlertDetailsItemDataForAgentType(agentTypeAlert),
-            isHostIsolationPanelOpen: false,
-            onAddIsolationStatusClick: jest.fn(),
-          }),
-        {
-          wrapper: createReactQueryWrapper(),
-        }
-      );
-
-    beforeEach(() => {
-      useAgentStatusHookMock.mockImplementation(() => hook);
-      setFeatureFlags(true);
-    });
+  it.each<ResponseActionsApiCommandNames>(['isolate', 'unisolate'])(
+    'should return menu item for displaying %s',
+    async (command) => {
+      if (command === 'unisolate') {
+        apiMock.responseProvider.getAgentStatus.mockReturnValue({
+          data: {
+            'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({
+              isolated: true,
+            }),
+          },
+        });
+      }
 
-    afterEach(() => {
-      jest.clearAllMocks();
-      (ExperimentalFeaturesServiceMock.get as jest.Mock).mockReset();
-    });
+      const { result, waitForValueToChange } = render();
+      await waitForValueToChange(() => result.current);
 
-    it(`${name} is invoked as 'enabled' when SentinelOne alert and FF enabled`, () => {
-      render('sentinel_one');
+      expect(result.current).toEqual([
+        buildExpectedMenuItemResult({
+          ...(command === 'unisolate' ? { name: UNISOLATE_HOST } : {}),
+        }),
+      ]);
+    }
+  );
 
-      expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'sentinel_one', {
-        enabled: true,
-      });
-    });
-    it(`${name} is invoked as 'enabled' when Crowdstrike alert and FF enabled`, () => {
-      render('crowdstrike');
+  it('should call `closePopover` callback when menu item `onClick` is called', async () => {
+    const { result, waitForValueToChange } = render();
+    await waitForValueToChange(() => result.current);
+    result.current[0].onClick!({} as unknown as React.MouseEvent);
 
-      expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'crowdstrike', {
-        enabled: true,
-      });
+    expect(hookProps.closePopover).toHaveBeenCalled();
+  });
+
+  it('should NOT return the menu item for Events', () => {
+    hookProps.detailsData = endpointAlertDataMock.generateAlertDetailsItemDataForAgentType('foo', {
+      'kibana.alert.rule.uuid': undefined,
     });
+    const { result } = render();
 
-    it(`${name} is invoked as 'disabled' when SentinelOne alert and FF disabled`, () => {
-      setFeatureFlags(false);
-      render('sentinel_one');
+    expect(result.current).toHaveLength(0);
+  });
 
-      expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'sentinel_one', {
-        enabled: false,
-      });
+  it('should NOT return menu item if user does not have authz', async () => {
+    authMockSetter.set({
+      canIsolateHost: false,
+      canUnIsolateHost: false,
     });
+    const { result } = render();
 
-    it(`${name} is invoked as 'disabled' when Crowdstrike alert and FF disabled`, () => {
-      setFeatureFlags(false);
-      render('crowdstrike');
+    expect(result.current).toHaveLength(0);
+  });
 
-      expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'crowdstrike', {
-        enabled: false,
-      });
-    });
+  it('should NOT attempt to get Agent status if host does not support response actions', async () => {
+    hookProps.detailsData = [];
+    render();
 
-    it(`${name} is invoked as 'disabled' when endpoint alert`, () => {
-      render('endpoint');
+    expect(apiMock.responseProvider.getAgentStatus).not.toHaveBeenCalled();
+  });
 
-      expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'endpoint', {
-        enabled: false,
+  it('should return disabled menu item while loading agent status', async () => {
+    const { result } = render();
+
+    expect(result.current).toEqual([
+      buildExpectedMenuItemResult({
+        disabled: true,
+        toolTipContent: LOADING_ENDPOINT_DATA_TOOLTIP,
+      }),
+    ]);
+  });
+
+  it.each(['endpoint', 'non-endpoint'])(
+    'should return disabled menu item if %s host agent is unenrolled',
+    async (type) => {
+      apiMock.responseProvider.getAgentStatus.mockReturnValue({
+        data: {
+          'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({
+            status: HostStatus.UNENROLLED,
+          }),
+        },
       });
-    });
+      if (type === 'non-endpoint') {
+        hookProps.detailsData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData();
+      }
+      const { result, waitForValueToChange } = render();
+      await waitForValueToChange(() => result.current);
+
+      expect(result.current).toEqual([
+        buildExpectedMenuItemResult({
+          disabled: true,
+          toolTipContent:
+            type === 'endpoint' ? HOST_ENDPOINT_UNENROLLED_TOOLTIP : NOT_FROM_ENDPOINT_HOST_TOOLTIP,
+        }),
+      ]);
+    }
+  );
+
+  it('should call isolate API when agent is currently NOT isolated', async () => {
+    const { result, waitForValueToChange } = render();
+    await waitForValueToChange(() => result.current);
+    result.current[0].onClick!({} as unknown as React.MouseEvent);
+
+    expect(hookProps.onAddIsolationStatusClick).toHaveBeenCalledWith('isolateHost');
+  });
+
+  it('should call un-isolate API when agent is currently isolated', async () => {
+    apiMock.responseProvider.getAgentStatus.mockReturnValue(
+      agentStatusMocks.generateAgentStatusApiResponse({
+        data: { 'abfe4a35-d5b4-42a0-a539-bd054c791769': { isolated: true } },
+      })
+    );
+    const { result, waitForValueToChange } = render();
+    await waitForValueToChange(() => result.current);
+    result.current[0].onClick!({} as unknown as React.MouseEvent);
+
+    expect(hookProps.onAddIsolationStatusClick).toHaveBeenCalledWith('unisolateHost');
   });
 });
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx
index 42f31ba946887..91e7cb32ceff8 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx
@@ -12,16 +12,13 @@ import {
   NOT_FROM_ENDPOINT_HOST_TOOLTIP,
 } from '../../responder';
 import { useAlertResponseActionsSupport } from '../../../../hooks/endpoint/use_alert_response_actions_support';
-import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features';
-import type { AgentStatusInfo } from '../../../../../../common/endpoint/types';
 import { HostStatus } from '../../../../../../common/endpoint/types';
-import { useEndpointHostIsolationStatus } from './use_host_isolation_status';
 import { ISOLATE_HOST, UNISOLATE_HOST } from './translations';
 import { useUserPrivileges } from '../../../user_privileges';
 import type { AlertTableContextMenuItem } from '../../../../../detections/components/alerts_table/types';
-import { useAgentStatusHook } from '../../../../../management/hooks/agents/use_get_agent_status';
+import { useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status';
 
-interface UseHostIsolationActionProps {
+export interface UseHostIsolationActionProps {
   closePopover: () => void;
   detailsData: TimelineEventsDetailsItem[] | null;
   isHostIsolationPanelOpen: boolean;
@@ -44,87 +41,39 @@ export const useHostIsolationAction = ({
       agentSupport: { isolate: isolationSupported },
     },
   } = useAlertResponseActionsSupport(detailsData);
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
-  const useAgentStatus = useAgentStatusHook();
   const { canIsolateHost, canUnIsolateHost } = useUserPrivileges().endpointPrivileges;
-
-  const isEndpointAgent = useMemo(() => {
-    return agentType === 'endpoint';
-  }, [agentType]);
-
-  const {
-    loading: loadingHostIsolationStatus,
-    isIsolated,
-    agentStatus,
-    capabilities,
-  } = useEndpointHostIsolationStatus({
-    agentId,
-    agentType,
-  });
-
-  const { data: externalAgentData } = useAgentStatus([agentId], agentType, {
-    enabled: hostSupportsResponseActions && !isEndpointAgent,
+  const { data, isLoading, isFetched } = useGetAgentStatus(agentId, agentType, {
+    enabled: hostSupportsResponseActions,
   });
-
-  const externalAgentStatus = externalAgentData?.[agentId];
-
-  const isHostIsolated = useMemo((): boolean => {
-    if (!isEndpointAgent) {
-      return Boolean(externalAgentStatus?.isolated);
-    }
-
-    return isIsolated;
-  }, [isEndpointAgent, isIsolated, externalAgentStatus?.isolated]);
+  const agentStatus = data?.[agentId];
 
   const doesHostSupportIsolation = useMemo(() => {
-    // With Elastic Defend Endpoint, we check that the actual `endpoint` agent on
-    // this host reported that capability
-    if (agentType === 'endpoint') {
-      return capabilities.includes('isolation');
-    }
+    return hostSupportsResponseActions && isolationSupported;
+  }, [hostSupportsResponseActions, isolationSupported]);
 
-    return Boolean(externalAgentStatus?.found && isolationSupported);
-  }, [agentType, externalAgentStatus?.found, isolationSupported, capabilities]);
+  const isHostIsolated = useMemo(() => {
+    return Boolean(agentStatus?.isolated);
+  }, [agentStatus?.isolated]);
 
   const isolateHostHandler = useCallback(() => {
     closePopover();
-    if (!isHostIsolated) {
-      onAddIsolationStatusClick('isolateHost');
-    } else {
-      onAddIsolationStatusClick('unisolateHost');
-    }
-  }, [closePopover, isHostIsolated, onAddIsolationStatusClick]);
 
-  const isHostAgentUnEnrolled = useMemo<boolean>(() => {
-    if (!hostSupportsResponseActions) {
-      return true;
-    }
-
-    if (isEndpointAgent) {
-      return agentStatus === HostStatus.UNENROLLED;
-    }
-
-    // NON-Endpoint agent types
-    // 8.15 use FF for computing if action is enabled
-    if (agentStatusClientEnabled) {
-      return externalAgentStatus?.status === HostStatus.UNENROLLED;
-    }
-
-    // else use the old way
-    if (!externalAgentStatus) {
-      return true;
+    if (doesHostSupportIsolation) {
+      if (!isHostIsolated) {
+        onAddIsolationStatusClick('isolateHost');
+      } else {
+        onAddIsolationStatusClick('unisolateHost');
+      }
     }
+  }, [closePopover, doesHostSupportIsolation, isHostIsolated, onAddIsolationStatusClick]);
 
-    const { isUninstalled, isPendingUninstall } = externalAgentStatus as AgentStatusInfo[string];
-
-    return isUninstalled || isPendingUninstall;
-  }, [
-    hostSupportsResponseActions,
-    isEndpointAgent,
-    agentStatusClientEnabled,
-    externalAgentStatus,
-    agentStatus,
-  ]);
+  const isHostAgentUnEnrolled = useMemo<boolean>(() => {
+    return (
+      !hostSupportsResponseActions ||
+      !agentStatus?.found ||
+      agentStatus.status === HostStatus.UNENROLLED
+    );
+  }, [hostSupportsResponseActions, agentStatus]);
 
   return useMemo<AlertTableContextMenuItem[]>(() => {
     // If not an Alert OR user has no Authz, then don't show the menu item at all
@@ -147,14 +96,15 @@ export const useHostIsolationAction = ({
       // support response actions, then show that as the tooltip. Else, just show the normal "enroll" message
       menuItem.toolTipContent =
         agentType && unsupportedReason ? unsupportedReason : NOT_FROM_ENDPOINT_HOST_TOOLTIP;
-    } else if (isEndpointAgent && loadingHostIsolationStatus) {
+    } else if (isLoading || !isFetched) {
       menuItem.disabled = true;
       menuItem.toolTipContent = LOADING_ENDPOINT_DATA_TOOLTIP;
     } else if (isHostAgentUnEnrolled) {
       menuItem.disabled = true;
-      menuItem.toolTipContent = isEndpointAgent
-        ? HOST_ENDPOINT_UNENROLLED_TOOLTIP
-        : NOT_FROM_ENDPOINT_HOST_TOOLTIP;
+      menuItem.toolTipContent =
+        agentType === 'endpoint'
+          ? HOST_ENDPOINT_UNENROLLED_TOOLTIP
+          : NOT_FROM_ENDPOINT_HOST_TOOLTIP;
     }
 
     return [menuItem];
@@ -167,8 +117,8 @@ export const useHostIsolationAction = ({
     isHostIsolationPanelOpen,
     isolateHostHandler,
     doesHostSupportIsolation,
-    isEndpointAgent,
-    loadingHostIsolationStatus,
+    isLoading,
+    isFetched,
     agentType,
     unsupportedReason,
   ]);
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts
index 89ad874726d91..88383ecb7eff4 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts
@@ -107,25 +107,6 @@ describe('use responder action data hooks', () => {
 
         expect(onClickMock).not.toHaveBeenCalled();
       });
-    });
-
-    describe('and agentType is NOT Endpoint', () => {
-      beforeEach(() => {
-        alertDetailItemData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData();
-      });
-
-      it('should show action when agentType is supported', () => {
-        expect(renderHook().result.current).toEqual(getExpectedResponderActionData());
-      });
-
-      it('should NOT call the endpoint host metadata api', () => {
-        renderHook();
-        const wasMetadataApiCalled = appContextMock.coreStart.http.get.mock.calls.some(([path]) => {
-          return (path as unknown as string).includes(HOST_METADATA_LIST_ROUTE);
-        });
-
-        expect(wasMetadataApiCalled).toBe(false);
-      });
 
       it.each([...RESPONSE_ACTION_AGENT_TYPE])(
         'should show action disabled with tooltip for %s if agent id field is missing',
@@ -150,6 +131,25 @@ describe('use responder action data hooks', () => {
       );
     });
 
+    describe('and agentType is NOT Endpoint', () => {
+      beforeEach(() => {
+        alertDetailItemData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData();
+      });
+
+      it('should show action when agentType is supported', () => {
+        expect(renderHook().result.current).toEqual(getExpectedResponderActionData());
+      });
+
+      it('should NOT call the endpoint host metadata api', () => {
+        renderHook();
+        const wasMetadataApiCalled = appContextMock.coreStart.http.get.mock.calls.some(([path]) => {
+          return (path as unknown as string).includes(HOST_METADATA_LIST_ROUTE);
+        });
+
+        expect(wasMetadataApiCalled).toBe(false);
+      });
+    });
+
     describe('and agentType IS Endpoint', () => {
       let metadataApiMocks: ReturnType<typeof endpointMetadataHttpMocks>;
 
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts
index 266425dd452da..7e73d86aa1d06 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts
@@ -133,8 +133,6 @@ const useResponderDataForEndpointHost = (
   endpointAgentId: string,
   enabled: boolean = true
 ): ResponderDataForEndpointHost => {
-  // FIXME:PT is this the correct API to call? or should we call the agent status api instead
-
   const {
     data: endpointHostInfo,
     isFetching,
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx
index 26d98016c169c..5ec5cf8ce892c 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx
@@ -6,10 +6,10 @@
  */
 
 import { EuiPanel, EuiText } from '@elastic/eui';
-import { get } from 'lodash';
 import memoizeOne from 'memoize-one';
 import React from 'react';
 import styled from 'styled-components';
+import { getCategory } from '@kbn/triggers-actions-ui-plugin/public';
 import { SecurityCellActions, CellActionsMode, SecurityCellActionsTrigger } from '../cell_actions';
 import type { BrowserFields } from '../../containers/source';
 import * as i18n from './translations';
@@ -35,9 +35,12 @@ const HoverActionsContainer = styled(EuiPanel)`
 HoverActionsContainer.displayName = 'HoverActionsContainer';
 
 export const getFieldFromBrowserField = memoizeOne(
-  (keys: string[], browserFields: BrowserFields): BrowserField | undefined =>
-    get(browserFields, keys),
-  (newArgs, lastArgs) => newArgs[0].join() === lastArgs[0].join()
+  (field: string, browserFields: BrowserFields): BrowserField | undefined => {
+    const category = getCategory(field);
+
+    return browserFields[category]?.fields?.[field] as BrowserField;
+  },
+  (newArgs, lastArgs) => newArgs[0] === lastArgs[0]
 );
 
 export const getColumns: ColumnsProvider = ({
@@ -106,10 +109,7 @@ export const getColumns: ColumnsProvider = ({
     sortable: true,
     truncateText: false,
     render: (values, data) => {
-      const fieldFromBrowserField = getFieldFromBrowserField(
-        [data.category as string, 'fields', data.field],
-        browserFields
-      );
+      const fieldFromBrowserField = getFieldFromBrowserField(data.field, browserFields);
       return (
         <FieldValueCell
           contextId={contextId}
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx
index 433cf98d8fa97..1ddc73207725a 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx
@@ -204,9 +204,7 @@ describe('EventFieldsBrowser', () => {
 
       expect(
         wrapper.find('[data-test-subj="field-name-cell"]').at(0).find('EuiToolTip').prop('content')
-      ).toContain(
-        'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events. Example: 2016-05-23T08:05:34.853Z'
-      );
+      ).toContain('Date/time when the event originated.');
     });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx
index bcdec78fe0614..6e5f4f7217527 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx
@@ -5,29 +5,18 @@
  * 2.0.
  */
 
-import { mockDetailItemData } from '../../mock/mock_detail_item';
-
 import { getExampleText, getIconFromType } from './helpers';
-import { mockBrowserFields } from '../../containers/source/mock';
-
-const aField = {
-  ...mockDetailItemData[4],
-  ...mockBrowserFields.base.fields?.['@timestamp'],
-};
 
 describe('helpers', () => {
   describe('getExampleText', () => {
     test('it returns the expected example text when the field contains an example', () => {
-      expect(getExampleText(aField.example)).toEqual('Example: 2016-05-23T08:05:34.853Z');
+      expect(getExampleText('2016-05-23T08:05:34.853Z')).toEqual(
+        'Example: 2016-05-23T08:05:34.853Z'
+      );
     });
 
     test(`it returns an empty string when the field's example is an empty string`, () => {
-      const fieldWithEmptyExample = {
-        ...aField,
-        example: '',
-      };
-
-      expect(getExampleText(fieldWithEmptyExample.example)).toEqual('');
+      expect(getExampleText('')).toEqual('');
     });
   });
 
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx
index e465bfb37407e..3848bb8a15295 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx
@@ -21,9 +21,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW';
 const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::'];
 const hostIpFieldFromBrowserField: BrowserField = {
   aggregatable: true,
-  category: 'host',
-  description: 'Host ip addresses.',
-  example: '127.0.0.1',
   fields: {},
   format: '',
   indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx
index 1304c14f9044a..3ca3ae7a2b0c7 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx
@@ -10,11 +10,21 @@ import { EuiFlexGroup, EuiFlexItem, EuiBadge, EuiText, EuiToolTip } from '@elast
 import { isEmpty } from 'lodash';
 import { FieldIcon } from '@kbn/react-field';
 import type { DataViewField } from '@kbn/data-views-plugin/common';
+import { EcsFlat } from '@elastic/ecs';
 import * as i18n from '../translations';
 import { getExampleText } from '../helpers';
 import type { EventFieldsData } from '../types';
 import { getFieldTypeName } from './get_field_type_name';
 
+const getEcsField = (field: string): { example?: string; description?: string } | undefined => {
+  return EcsFlat[field as keyof typeof EcsFlat] as
+    | {
+        example?: string;
+        description?: string;
+      }
+    | undefined;
+};
+
 export interface FieldNameCellProps {
   data: EventFieldsData;
   field: string;
@@ -23,13 +33,11 @@ export interface FieldNameCellProps {
 }
 export const FieldNameCell = React.memo(
   ({ data, field, fieldMapping, scripted }: FieldNameCellProps) => {
+    const ecsField = getEcsField(field);
     const typeName = getFieldTypeName(data.type);
     // TODO: We don't have fieldMapping or isMultiField until kibana indexPatterns is implemented. Will default to field for now
     const displayName = fieldMapping && fieldMapping.displayName ? fieldMapping.displayName : field;
     const defaultTooltip = displayName !== field ? `${field} (${displayName})` : field;
-    // TODO: Remove. This is what was used to show the plaintext fieldName vs the tooltip one
-    // const showPlainTextName =
-    //   (data.isObjectArray && data.type !== 'geo_point') || fieldFromBrowserField == null;
     const isMultiField = fieldMapping?.isSubtypeMulti();
     return (
       <>
@@ -52,8 +60,8 @@ export const FieldNameCell = React.memo(
             <EuiToolTip
               position="top"
               content={
-                !isEmpty(data.description)
-                  ? `${data.description} ${getExampleText(data.example)}`
+                !isEmpty(ecsField?.description)
+                  ? `${ecsField?.description} ${getExampleText(ecsField?.example)}`
                   : defaultTooltip
               }
               delay="long"
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx
index 6c78e4ba4fa4c..2529122140b07 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx
@@ -20,9 +20,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW';
 const hostIpData: EventFieldsData = {
   aggregatable: true,
   ariaRowindex: 35,
-  category: 'host',
-  description: 'Host ip addresses.',
-  example: '127.0.0.1',
   field: 'host.ip',
   fields: {},
   format: '',
@@ -89,10 +86,6 @@ describe('FieldValueCell', () => {
     const messageData: EventFieldsData = {
       aggregatable: false,
       ariaRowindex: 50,
-      category: 'base',
-      description:
-        'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.',
-      example: 'Hello World',
       field: 'message',
       fields: {},
       format: '',
@@ -109,10 +102,6 @@ describe('FieldValueCell', () => {
 
     const messageFieldFromBrowserField: BrowserField = {
       aggregatable: false,
-      category: 'base',
-      description:
-        'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.',
-      example: 'Hello World',
       fields: {},
       format: '',
       indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
@@ -150,9 +139,6 @@ describe('FieldValueCell', () => {
   describe('when `BrowserField` metadata IS available', () => {
     const hostIpFieldFromBrowserField: BrowserField = {
       aggregatable: true,
-      category: 'host',
-      description: 'Host ip addresses.',
-      example: '127.0.0.1',
       fields: {},
       format: '',
       indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx
index 3afe62980628d..d48d7cd0fdaaf 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx
@@ -27,9 +27,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW';
 const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::'];
 const hostIpFieldFromBrowserField: BrowserField = {
   aggregatable: true,
-  category: 'host',
-  description: 'Host ip addresses.',
-  example: '127.0.0.1',
   fields: {},
   format: '',
   indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx
index ace35265885f8..859d1b258c796 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx
@@ -24,9 +24,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW';
 const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::'];
 const hostIpFieldFromBrowserField: BrowserField = {
   aggregatable: true,
-  category: 'host',
-  description: 'Host ip addresses.',
-  example: '127.0.0.1',
   fields: {},
   format: '',
   indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
@@ -61,9 +58,6 @@ const enrichedAgentStatusData: AlertSummaryRow['description'] = {
     format: '',
     type: '',
     aggregatable: false,
-    description: '',
-    example: '',
-    category: '',
     fields: {},
     indexes: [],
     name: AGENT_STATUS_FIELD_NAME,
diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx b/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx
index 3eb6519a041c8..dfaf17f474c74 100644
--- a/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx
@@ -29,6 +29,7 @@ import type {
   TimelineStrategyResponseType,
 } from '@kbn/timelines-plugin/common/search_strategy';
 import { dataTableActions, Direction, TableId } from '@kbn/securitysolution-data-table';
+import { fetchNotesByDocumentIds } from '../../../notes/store/notes.slice';
 import type { RunTimeMappings } from '../../../sourcerer/store/model';
 import { TimelineEventsQueries } from '../../../../common/search_strategy';
 import type { KueryFilterQueryKind } from '../../../../common/types';
@@ -434,6 +435,8 @@ export const useTimelineEvents = ({
   timerangeKind,
   data,
 }: UseTimelineEventsProps): [boolean, TimelineArgs] => {
+  const dispatch = useDispatch();
+
   const [loading, timelineResponse, timelineSearchHandler] = useTimelineEventsHandler({
     alertConsumers,
     dataViewId,
@@ -458,7 +461,11 @@ export const useTimelineEvents = ({
   useEffect(() => {
     if (!timelineSearchHandler) return;
     timelineSearchHandler();
-  }, [timelineSearchHandler]);
+
+    // fetch notes for the events
+    const events = timelineResponse.events.map((event: TimelineItem) => event._id);
+    dispatch(fetchNotesByDocumentIds({ documentIds: events }));
+  }, [dispatch, timelineResponse.events, timelineSearchHandler]);
 
   return [loading, timelineResponse];
 };
diff --git a/x-pack/plugins/security_solution/public/common/components/header_actions/actions.test.tsx b/x-pack/plugins/security_solution/public/common/components/header_actions/actions.test.tsx
index d31564e8bd1af..a305c41cdc808 100644
--- a/x-pack/plugins/security_solution/public/common/components/header_actions/actions.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/header_actions/actions.test.tsx
@@ -98,6 +98,7 @@ const defaultProps = {
   checked: false,
   columnId: '',
   columnValues: 'abc def',
+  disableExpandAction: false,
   data: mockTimelineData[0].data,
   ecsData: mockTimelineData[0].ecs,
   eventId: 'abc',
@@ -428,4 +429,16 @@ describe('Actions', () => {
       expect(wrapper.find('[data-test-subj="session-view-button"]').exists()).toEqual(true);
     });
   });
+
+  describe('Expand action', () => {
+    test('should not be visible if disableExpandAction is true', () => {
+      const wrapper = mount(
+        <TestProviders>
+          <Actions {...defaultProps} disableExpandAction />
+        </TestProviders>
+      );
+
+      expect(wrapper.find('[data-test-subj="expand-event"]').exists()).toBeFalsy();
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/common/components/header_actions/actions.tsx b/x-pack/plugins/security_solution/public/common/components/header_actions/actions.tsx
index 16fabb97fb464..7d346d4fd2c7b 100644
--- a/x-pack/plugins/security_solution/public/common/components/header_actions/actions.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/header_actions/actions.tsx
@@ -6,11 +6,13 @@
  */
 
 import React, { useCallback, useMemo } from 'react';
-import { useDispatch } from 'react-redux';
+import { useDispatch, useSelector } from 'react-redux';
 import { EuiButtonIcon, EuiToolTip } from '@elastic/eui';
 import styled from 'styled-components';
 
 import { TimelineTabs, TableId } from '@kbn/securitysolution-data-table';
+import { selectNotesByDocumentId } from '../../../notes/store/notes.slice';
+import type { State } from '../../store';
 import { selectTimelineById } from '../../../timelines/store/selectors';
 import {
   eventHasNotes,
@@ -50,6 +52,7 @@ const ActionsContainer = styled.div`
 const ActionsComponent: React.FC<ActionProps> = ({
   ariaRowindex,
   columnValues,
+  disableExpandAction = false,
   ecsData,
   eventId,
   eventIdToNoteIds,
@@ -63,9 +66,11 @@ const ActionsComponent: React.FC<ActionProps> = ({
   refetch,
 }) => {
   const dispatch = useDispatch();
-  const unifiedComponentsInTimelineEnabled = useIsExperimentalFeatureEnabled(
-    'unifiedComponentsInTimelineEnabled'
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
   );
+  const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+
   const emptyNotes: string[] = [];
   const { timelineType } = useShallowEqualSelector((state) =>
     isTimelineScope(timelineId) ? selectTimelineById(state, timelineId) : timelineDefaults
@@ -105,6 +110,8 @@ const ActionsComponent: React.FC<ActionProps> = ({
     );
   }, [ecsData, eventType]);
 
+  const notes = useSelector((state: State) => selectNotesByDocumentId(state, eventId));
+
   const isDisabled = !useIsInvestigateInResolverActionEnabled(ecsData);
   const { setGlobalFullScreen } = useGlobalFullScreen();
   const { setTimelineFullScreen } = useTimelineFullScreen();
@@ -212,15 +219,11 @@ const ActionsComponent: React.FC<ActionProps> = ({
     }
     onEventDetailsPanelOpened();
   }, [activeStep, incrementStep, isTourAnchor, isTourShown, onEventDetailsPanelOpened]);
-  const showExpandEvent = useMemo(
-    () => !unifiedComponentsInTimelineEnabled || isEventViewer,
-    [isEventViewer, unifiedComponentsInTimelineEnabled]
-  );
 
   return (
     <ActionsContainer>
       <>
-        {showExpandEvent && (
+        {!disableExpandAction && (
           <GuidedOnboardingTourStep
             isTourAnchor={isTourAnchor}
             onClick={onExpandEvent}
@@ -251,15 +254,16 @@ const ActionsComponent: React.FC<ActionProps> = ({
             />
           )}
         </>
-        {!isEventViewer && toggleShowNotes && (
+        {securitySolutionNotesEnabled && !expandableFlyoutDisabled && toggleShowNotes && (
           <>
             <AddEventNoteAction
               ariaLabel={i18n.ADD_NOTES_FOR_ROW({ ariaRowindex, columnValues })}
               key="add-event-note"
-              showNotes={showNotes ?? false}
+              showNotes={false}
               toggleShowNotes={toggleShowNotes}
               timelineType={timelineType}
               eventId={eventId}
+              notesCount={notes.length}
             />
             <PinEventAction
               ariaLabel={i18n.PIN_EVENT_FOR_ROW({ ariaRowindex, columnValues, isEventPinned })}
@@ -272,6 +276,29 @@ const ActionsComponent: React.FC<ActionProps> = ({
             />
           </>
         )}
+        {(!securitySolutionNotesEnabled || expandableFlyoutDisabled) &&
+          !isEventViewer &&
+          toggleShowNotes && (
+            <>
+              <AddEventNoteAction
+                ariaLabel={i18n.ADD_NOTES_FOR_ROW({ ariaRowindex, columnValues })}
+                key="add-event-note"
+                showNotes={showNotes ?? false}
+                toggleShowNotes={toggleShowNotes}
+                timelineType={timelineType}
+                eventId={eventId}
+              />
+              <PinEventAction
+                ariaLabel={i18n.PIN_EVENT_FOR_ROW({ ariaRowindex, columnValues, isEventPinned })}
+                isAlert={isAlert(eventType)}
+                key="pin-event"
+                onPinClicked={handlePinClicked}
+                noteIds={eventIdToNoteIds ? eventIdToNoteIds[eventId] || emptyNotes : emptyNotes}
+                eventIsPinned={isEventPinned}
+                timelineType={timelineType}
+              />
+            </>
+          )}
         <AlertContextMenu
           ariaLabel={i18n.MORE_ACTIONS_FOR_ROW({ ariaRowindex, columnValues })}
           ariaRowindex={ariaRowindex}
diff --git a/x-pack/plugins/security_solution/public/common/components/header_actions/add_note_icon_item.tsx b/x-pack/plugins/security_solution/public/common/components/header_actions/add_note_icon_item.tsx
index bc9aff293aa18..82671b399ee62 100644
--- a/x-pack/plugins/security_solution/public/common/components/header_actions/add_note_icon_item.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/header_actions/add_note_icon_item.tsx
@@ -18,6 +18,10 @@ interface AddEventNoteActionProps {
   timelineType: TimelineType;
   toggleShowNotes: () => void;
   eventId?: string;
+  /**
+   * Number of notes associated with the event
+   */
+  notesCount?: number;
 }
 
 const AddEventNoteActionComponent: React.FC<AddEventNoteActionProps> = ({
@@ -26,9 +30,17 @@ const AddEventNoteActionComponent: React.FC<AddEventNoteActionProps> = ({
   timelineType,
   toggleShowNotes,
   eventId,
+  notesCount,
 }) => {
   const { kibanaSecuritySolutionsPrivileges } = useUserPrivileges();
 
+  const tooltip =
+    notesCount && notesCount > 0
+      ? i18n.NOTE_COUNT_TOOLTIP(notesCount)
+      : timelineType === TimelineType.template
+      ? i18n.NOTES_DISABLE_TOOLTIP
+      : i18n.NOTES_TOOLTIP;
+
   return (
     <ActionIconItem>
       <NotesButton
@@ -38,10 +50,9 @@ const AddEventNoteActionComponent: React.FC<AddEventNoteActionProps> = ({
         showNotes={showNotes}
         timelineType={timelineType}
         toggleShowNotes={toggleShowNotes}
-        toolTip={
-          timelineType === TimelineType.template ? i18n.NOTES_DISABLE_TOOLTIP : i18n.NOTES_TOOLTIP
-        }
+        toolTip={tooltip}
         eventId={eventId}
+        notesCount={notesCount}
       />
     </ActionIconItem>
   );
diff --git a/x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts b/x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts
index 8cb4bbb51e1b0..4db668cc78d16 100644
--- a/x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts
@@ -21,6 +21,12 @@ export const NOTES_DISABLE_TOOLTIP = i18n.translate(
   }
 );
 
+export const NOTE_COUNT_TOOLTIP = (notesCount: number) =>
+  i18n.translate('xpack.securitySolution.notes.noteCountTooltip', {
+    defaultMessage: '{notesCount} {notesCount, plural, one { note } other { notes }}',
+    values: { notesCount },
+  });
+
 export const NOTES_TOOLTIP = i18n.translate(
   'xpack.securitySolution.timeline.body.notes.addNoteTooltip',
   {
diff --git a/x-pack/plugins/security_solution/public/common/components/import_data_modal/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/import_data_modal/__snapshots__/index.test.tsx.snap
index 599249231c93a..1fe2bda944e0a 100644
--- a/x-pack/plugins/security_solution/public/common/components/import_data_modal/__snapshots__/index.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/common/components/import_data_modal/__snapshots__/index.test.tsx.snap
@@ -60,36 +60,32 @@ Object {
                 class="euiSpacer euiSpacer--s emotion-euiSpacer-s"
               />
               <div
-                class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth"
+                class="euiFilePicker emotion-euiFilePicker-fullWidth"
               >
+                <input
+                  accept=".ndjson"
+                  aria-describedby="rule-file-picker-filePicker__prompt"
+                  aria-labelledby="generated-id"
+                  class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+                  data-test-subj="rule-file-picker"
+                  id="rule-file-picker"
+                  type="file"
+                />
                 <div
-                  class="euiFilePicker__wrap"
+                  class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+                  id="rule-file-picker-filePicker__prompt"
                 >
-                  <input
-                    accept=".ndjson"
-                    aria-describedby="rule-file-picker-filePicker__prompt"
-                    aria-labelledby="generated-id"
-                    class="euiFilePicker__input"
-                    data-test-subj="rule-file-picker"
-                    id="rule-file-picker"
-                    type="file"
+                  <span
+                    aria-hidden="true"
+                    class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+                    color="primary"
+                    data-euiicon-type="importAction"
                   />
-                  <div
-                    class="euiFilePicker__prompt"
-                    id="rule-file-picker-filePicker__prompt"
+                  <span
+                    class="euiFilePicker__promptText"
                   >
-                    <span
-                      aria-hidden="true"
-                      class="euiFilePicker__icon"
-                      color="primary"
-                      data-euiicon-type="importAction"
-                    />
-                    <div
-                      class="euiFilePicker__promptText"
-                    >
-                      subtitle
-                    </div>
-                  </div>
+                    subtitle
+                  </span>
                 </div>
               </div>
               <div
@@ -272,51 +268,47 @@ Object {
                 class="euiSpacer euiSpacer--s emotion-euiSpacer-s"
               />
               <div
-                class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth euiFilePicker-hasFiles"
+                class="euiFilePicker euiFilePicker-hasFiles emotion-euiFilePicker-fullWidth-hasFiles"
               >
+                <input
+                  accept=".ndjson"
+                  aria-describedby="rule-file-picker-filePicker__prompt"
+                  aria-labelledby="generated-id"
+                  class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+                  data-test-subj="rule-file-picker"
+                  id="rule-file-picker"
+                  type="file"
+                />
                 <div
-                  class="euiFilePicker__wrap"
+                  class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+                  id="rule-file-picker-filePicker__prompt"
                 >
-                  <input
-                    accept=".ndjson"
-                    aria-describedby="rule-file-picker-filePicker__prompt"
-                    aria-labelledby="generated-id"
-                    class="euiFilePicker__input"
-                    data-test-subj="rule-file-picker"
-                    id="rule-file-picker"
-                    type="file"
+                  <span
+                    aria-hidden="true"
+                    class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+                    color="primary"
+                    data-euiicon-type="importAction"
                   />
-                  <div
-                    class="euiFilePicker__prompt"
-                    id="rule-file-picker-filePicker__prompt"
+                  <span
+                    class="euiFilePicker__promptText"
+                  >
+                    subtitle
+                  </span>
+                  <button
+                    aria-label="Clear selected files"
+                    class="euiButtonEmpty euiFilePicker__clearButton emotion-euiButtonDisplay-euiButtonEmpty-xs-empty-primary-euiFilePicker__clearButton"
+                    type="button"
                   >
                     <span
-                      aria-hidden="true"
-                      class="euiFilePicker__icon"
-                      color="primary"
-                      data-euiicon-type="importAction"
-                    />
-                    <div
-                      class="euiFilePicker__promptText"
-                    >
-                      subtitle
-                    </div>
-                    <button
-                      aria-label="Clear selected files"
-                      class="euiButtonEmpty euiFilePicker__clearButton emotion-euiButtonDisplay-euiButtonEmpty-xs-empty-primary"
-                      type="button"
+                      class="euiButtonEmpty__content emotion-euiButtonDisplayContent"
                     >
                       <span
-                        class="euiButtonEmpty__content emotion-euiButtonDisplayContent"
+                        class="eui-textTruncate euiButtonEmpty__text"
                       >
-                        <span
-                          class="eui-textTruncate euiButtonEmpty__text"
-                        >
-                          Remove
-                        </span>
+                        Remove
                       </span>
-                    </button>
-                  </div>
+                    </span>
+                  </button>
                 </div>
               </div>
               <div
@@ -563,51 +555,47 @@ Object {
                 class="euiSpacer euiSpacer--s emotion-euiSpacer-s"
               />
               <div
-                class="euiFilePicker euiFilePicker--large euiFilePicker--fullWidth euiFilePicker-hasFiles"
+                class="euiFilePicker euiFilePicker-hasFiles emotion-euiFilePicker-fullWidth-hasFiles"
               >
+                <input
+                  accept=".ndjson"
+                  aria-describedby="rule-file-picker-filePicker__prompt"
+                  aria-labelledby="generated-id"
+                  class="euiFilePicker__input emotion-euiFilePicker__input-largeInteractive"
+                  data-test-subj="rule-file-picker"
+                  id="rule-file-picker"
+                  type="file"
+                />
                 <div
-                  class="euiFilePicker__wrap"
+                  class="euiFilePicker__prompt emotion-euiFilePicker__prompt-large"
+                  id="rule-file-picker-filePicker__prompt"
                 >
-                  <input
-                    accept=".ndjson"
-                    aria-describedby="rule-file-picker-filePicker__prompt"
-                    aria-labelledby="generated-id"
-                    class="euiFilePicker__input"
-                    data-test-subj="rule-file-picker"
-                    id="rule-file-picker"
-                    type="file"
+                  <span
+                    aria-hidden="true"
+                    class="euiFilePicker__icon emotion-euiFilePicker__icon-large"
+                    color="primary"
+                    data-euiicon-type="importAction"
                   />
-                  <div
-                    class="euiFilePicker__prompt"
-                    id="rule-file-picker-filePicker__prompt"
+                  <span
+                    class="euiFilePicker__promptText"
+                  >
+                    subtitle
+                  </span>
+                  <button
+                    aria-label="Clear selected files"
+                    class="euiButtonEmpty euiFilePicker__clearButton emotion-euiButtonDisplay-euiButtonEmpty-xs-empty-primary-euiFilePicker__clearButton"
+                    type="button"
                   >
                     <span
-                      aria-hidden="true"
-                      class="euiFilePicker__icon"
-                      color="primary"
-                      data-euiicon-type="importAction"
-                    />
-                    <div
-                      class="euiFilePicker__promptText"
-                    >
-                      subtitle
-                    </div>
-                    <button
-                      aria-label="Clear selected files"
-                      class="euiButtonEmpty euiFilePicker__clearButton emotion-euiButtonDisplay-euiButtonEmpty-xs-empty-primary"
-                      type="button"
+                      class="euiButtonEmpty__content emotion-euiButtonDisplayContent"
                     >
                       <span
-                        class="euiButtonEmpty__content emotion-euiButtonDisplayContent"
+                        class="eui-textTruncate euiButtonEmpty__text"
                       >
-                        <span
-                          class="eui-textTruncate euiButtonEmpty__text"
-                        >
-                          Remove
-                        </span>
+                        Remove
                       </span>
-                    </button>
-                  </div>
+                    </span>
+                  </button>
                 </div>
               </div>
               <div
diff --git a/x-pack/plugins/security_solution/public/common/components/response_actions/endpoint_action_results.tsx b/x-pack/plugins/security_solution/public/common/components/response_actions/endpoint_action_results.tsx
index 41c0bcbdbcfbe..7444a53ee441f 100644
--- a/x-pack/plugins/security_solution/public/common/components/response_actions/endpoint_action_results.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/response_actions/endpoint_action_results.tsx
@@ -67,6 +67,7 @@ export const EndpointResponseActionResults = ({
         expandedAction ? (
           <ActionsLogExpandedTray
             action={expandedAction}
+            fromAlertWorkaround
             data-test-subj={`response-results-${hostName}`}
           />
         ) : (
diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts
index a723cea93433a..4e6747384fe34 100644
--- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts
+++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts
@@ -22,6 +22,7 @@ export interface StatsNode {
     };
   };
 }
+
 interface UserAlertPrevalenceFromProcessTreeResult {
   loading: boolean;
   alertIds: undefined | string[];
@@ -39,6 +40,7 @@ interface EntityResponse {
   id: string;
   name: string;
   schema: object;
+  agentId: string;
 }
 
 interface UseAlertPrevalenceFromProcessTree {
@@ -73,16 +75,18 @@ function useAlertDocumentAnalyzerSchema({ documentId, indices }: UseAlertDocumen
       error: false,
       id: null,
       schema: null,
+      agentId: null,
     };
   } else if (query.data && query.data.length > 0) {
     const {
-      data: [{ schema, id }],
+      data: [{ schema, id, agentId }],
     } = query;
     return {
       loading: false,
       error: false,
       id,
       schema,
+      agentId,
     };
   } else {
     return {
@@ -90,6 +94,7 @@ function useAlertDocumentAnalyzerSchema({ documentId, indices }: UseAlertDocumen
       error: true,
       id: null,
       schema: null,
+      agentId: null,
     };
   }
 }
@@ -103,7 +108,7 @@ export function useAlertPrevalenceFromProcessTree({
 
   const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline);
   const alertAndOriginalIndices = [...new Set(selectedPatterns.concat(indices))];
-  const { loading, id, schema } = useAlertDocumentAnalyzerSchema({
+  const { loading, id, schema, agentId } = useAlertDocumentAnalyzerSchema({
     documentId,
     indices: alertAndOriginalIndices,
   });
@@ -118,6 +123,7 @@ export function useAlertPrevalenceFromProcessTree({
           indexPatterns: alertAndOriginalIndices,
           nodes: [id],
           includeHits: true,
+          agentId,
         }),
       });
     },
diff --git a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
index c3cd086ea056f..ad0a86d2490df 100644
--- a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
+++ b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts
@@ -53,10 +53,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'agent.ephemeral_id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.',
-        example: '8a4f500f',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.ephemeral_id',
@@ -66,9 +62,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.hostname': {
         aggregatable: true,
-        category: 'agent',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.hostname',
@@ -78,10 +71,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.',
-        example: '8a4f500d',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.id',
@@ -91,10 +80,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.name': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
-        example: 'foo',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.name',
@@ -108,9 +93,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'auditd.data.a0': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a0',
@@ -120,9 +102,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a1': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a1',
@@ -132,9 +111,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a2': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a2',
@@ -148,10 +124,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       '@timestamp': {
         aggregatable: true,
-        category: 'base',
-        description:
-          'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-        example: '2016-05-23T08:05:34.853Z',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: '@timestamp',
@@ -161,9 +133,6 @@ export const mockBrowserFields: BrowserFields = {
         readFromDocValues: true,
       },
       _id: {
-        category: 'base',
-        description: 'Each document has an _id that uniquely identifies it',
-        example: 'Y-6TfmcB0WOhS6qyMv3s',
         name: '_id',
         type: 'string',
         esTypes: [],
@@ -172,10 +141,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       },
       message: {
-        category: 'base',
-        description:
-          'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.',
-        example: 'Hello World',
         name: 'message',
         type: 'string',
         esTypes: ['text'],
@@ -190,10 +155,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'client.address': {
         aggregatable: true,
-        category: 'client',
-        description:
-          'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.address',
@@ -203,9 +164,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.bytes': {
         aggregatable: true,
-        category: 'client',
-        description: 'Bytes sent from the client to the server.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.bytes',
@@ -215,9 +173,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.domain': {
         aggregatable: true,
-        category: 'client',
-        description: 'Client domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.domain',
@@ -227,9 +182,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.geo.country_iso_code': {
         aggregatable: true,
-        category: 'client',
-        description: 'Country ISO code.',
-        example: 'CA',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.geo.country_iso_code',
@@ -243,10 +195,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'cloud.account.id': {
         aggregatable: true,
-        category: 'cloud',
-        description:
-          'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.',
-        example: '666777888999',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.account.id',
@@ -256,9 +204,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'cloud.availability_zone': {
         aggregatable: true,
-        category: 'cloud',
-        description: 'Availability zone in which this host is running.',
-        example: 'us-east-1c',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.availability_zone',
@@ -272,9 +217,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'container.id': {
         aggregatable: true,
-        category: 'container',
-        description: 'Unique container id.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.id',
@@ -284,9 +226,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.name': {
         aggregatable: true,
-        category: 'container',
-        description: 'Name of the image the container was built on.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.name',
@@ -296,9 +235,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.tag': {
         aggregatable: true,
-        category: 'container',
-        description: 'Container image tag.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.tag',
@@ -312,10 +248,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'destination.address': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.address',
@@ -325,9 +257,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.bytes': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Bytes sent from the destination to the source.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.bytes',
@@ -337,9 +266,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.domain': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Destination domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.domain',
@@ -349,10 +275,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.ip': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.ip',
@@ -362,9 +284,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.port': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Port of the destination.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.port',
@@ -377,10 +296,6 @@ export const mockBrowserFields: BrowserFields = {
   event: {
     fields: {
       'event.end': {
-        category: 'event',
-        description:
-          'event.end contains the date when the event ended or when the activity was last observed.',
-        example: null,
         format: '',
         indexes: DEFAULT_INDEX_PATTERN,
         name: 'event.end',
@@ -390,10 +305,6 @@ export const mockBrowserFields: BrowserFields = {
         aggregatable: true,
       },
       'event.action': {
-        category: 'event',
-        description:
-          'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.',
-        example: 'user-password-change',
         name: 'event.action',
         type: 'string',
         esTypes: ['keyword'],
@@ -403,10 +314,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.category': {
-        category: 'event',
-        description:
-          'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.',
-        example: 'authentication',
         name: 'event.category',
         type: 'string',
         esTypes: ['keyword'],
@@ -416,10 +323,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.severity': {
-        category: 'event',
-        description:
-          "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.",
-        example: 7,
         name: 'event.severity',
         type: 'number',
         esTypes: ['long'],
@@ -429,9 +332,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.kind': {
-        category: 'event',
-        description: 'This defined the type of event eg. alerts',
-        example: 'signal',
         name: 'event.kind',
         type: 'string',
         esTypes: ['keyword'],
@@ -445,9 +345,6 @@ export const mockBrowserFields: BrowserFields = {
   host: {
     fields: {
       'host.name': {
-        category: 'host',
-        description:
-          'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.',
         name: 'host.name',
         type: 'string',
         esTypes: ['keyword'],
@@ -462,9 +359,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'source.ip': {
         aggregatable: true,
-        category: 'source',
-        description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.ip',
@@ -474,9 +368,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'source.port': {
         aggregatable: true,
-        category: 'source',
-        description: 'Port of the source.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.port',
@@ -489,9 +380,6 @@ export const mockBrowserFields: BrowserFields = {
   user: {
     fields: {
       'user.name': {
-        category: 'user',
-        description: 'Short name or login of the user.',
-        example: 'albert',
         name: 'user.name',
         type: 'string',
         esTypes: ['keyword'],
@@ -506,9 +394,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'nestedField.firstAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.firstAttributes',
@@ -522,9 +407,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.secondAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.secondAttributes',
@@ -538,9 +420,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.thirdAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.thirdAttributes',
diff --git a/x-pack/plugins/security_solution/public/common/hooks/endpoint/use_alert_response_actions_support.ts b/x-pack/plugins/security_solution/public/common/hooks/endpoint/use_alert_response_actions_support.ts
index 7d4698695c3b8..60917dfb3a9f7 100644
--- a/x-pack/plugins/security_solution/public/common/hooks/endpoint/use_alert_response_actions_support.ts
+++ b/x-pack/plugins/security_solution/public/common/hooks/endpoint/use_alert_response_actions_support.ts
@@ -132,7 +132,7 @@ export const useAlertResponseActionsSupport = (
 
     if (agentType === 'crowdstrike') {
       return getAlertDetailsFieldValue(
-        { category: 'crowdstrike', field: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike },
+        { category: 'device', field: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike },
         eventData
       );
     }
@@ -172,23 +172,15 @@ export const useAlertResponseActionsSupport = (
   }, [agentType, isFeatureEnabled]);
 
   const hostName = useMemo(() => {
-    // TODO:PT need to check if crowdstrike event has `host.name`
-    if (agentType === 'crowdstrike') {
-      return getAlertDetailsFieldValue(
-        { category: 'crowdstrike', field: 'crowdstrike.event.HostName' },
-        eventData
-      );
-    }
-
     return getAlertDetailsFieldValue({ category: 'host', field: 'host.name' }, eventData);
-  }, [agentType, eventData]);
+  }, [eventData]);
 
   const platform = useMemo(() => {
-    // TODO:PT need to check if crowdstrike event has `host.os.family`
+    // TODO:TC I couldn't find host.os.family in the example data, thus using host.os.type and host.os.platform which are present one at a time in different type of events
     if (agentType === 'crowdstrike') {
-      return getAlertDetailsFieldValue(
-        { category: 'crowdstrike', field: 'crowdstrike.event.Platform' },
-        eventData
+      return (
+        getAlertDetailsFieldValue({ category: 'host', field: 'host.os.type' }, eventData) ||
+        getAlertDetailsFieldValue({ category: 'host', field: 'host.os.platform' }, eventData)
       );
     }
 
diff --git a/x-pack/plugins/security_solution/public/common/lib/apm/user_actions.ts b/x-pack/plugins/security_solution/public/common/lib/apm/user_actions.ts
index 7293c8146fd18..81ac26c8d32f5 100644
--- a/x-pack/plugins/security_solution/public/common/lib/apm/user_actions.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/apm/user_actions.ts
@@ -13,7 +13,7 @@ export const SINGLE_RULE_ACTIONS = {
   DUPLICATE: `${APP_UI_ID} singleRuleActions duplicate`,
   EXPORT: `${APP_UI_ID} singleRuleActions export`,
   DELETE: `${APP_UI_ID} singleRuleActions delete`,
-  MANUAL_RULE_RUN: `${APP_UI_ID} singleRuleActions manual run`,
+  MANUAL_RULE_RUN: `${APP_UI_ID} singleRuleActions manual rule run`,
   PREVIEW: `${APP_UI_ID} singleRuleActions preview`,
   SAVE: `${APP_UI_ID} singleRuleActions save`,
 };
@@ -23,6 +23,7 @@ export const BULK_RULE_ACTIONS = {
   DISABLE: `${APP_UI_ID} bulkRuleActions disable`,
   DUPLICATE: `${APP_UI_ID} bulkRuleActions duplicate`,
   EXPORT: `${APP_UI_ID} bulkRuleActions export`,
+  MANUAL_RULE_RUN: `${APP_UI_ID} bulkRuleActions manual rule run`,
   DELETE: `${APP_UI_ID} bulkRuleActions delete`,
   EDIT: `${APP_UI_ID} bulkRuleActions edit`,
 };
diff --git a/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts b/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts
index 86e3a88cc0d2b..624e5f17592d0 100644
--- a/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts
@@ -21,6 +21,8 @@ import { ACTION_STATUS_ROUTE } from '../../../../../common/endpoint/constants';
 export const fetchPendingActionsByAgentId = (
   agentIds: PendingActionsRequestQuery['agent_ids']
 ): Promise<PendingActionsResponse> => {
+  // FIXME:PT Delete method now that we are using new internal API (team issue: 9783)
+
   return KibanaServices.get().http.get<PendingActionsResponse>(ACTION_STATUS_ROUTE, {
     version: '2023-10-31',
     query: {
diff --git a/x-pack/plugins/security_solution/public/common/lib/endpoint/utils/is_agent_type_and_action_supported.test.ts b/x-pack/plugins/security_solution/public/common/lib/endpoint/utils/is_agent_type_and_action_supported.test.ts
index 79294c165ab22..b414bf328995e 100644
--- a/x-pack/plugins/security_solution/public/common/lib/endpoint/utils/is_agent_type_and_action_supported.test.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/endpoint/utils/is_agent_type_and_action_supported.test.ts
@@ -30,6 +30,9 @@ describe('isAgentTypeAndActionSupported() util', () => {
   const disableS1GetFileFeature = () => {
     enableFeatures({ responseActionsSentinelOneGetFileEnabled: false });
   };
+  const disableCSIsolateFeature = () => {
+    enableFeatures({ responseActionsCrowdstrikeManualHostIsolationEnabled: false });
+  };
 
   const resetFeatures = (): void => {
     (ExperimentalFeaturesService.get as jest.Mock).mockReturnValue({
@@ -56,7 +59,7 @@ describe('isAgentTypeAndActionSupported() util', () => {
     ${'sentinel_one'} | ${'get-file'} | ${undefined}   | ${false}      | ${disableS1GetFileFeature}
     ${'crowdstrike'}  | ${undefined}  | ${undefined}   | ${true}       | ${undefined}
     ${'crowdstrike'}  | ${'isolate'}  | ${'manual'}    | ${true}       | ${undefined}
-    ${'crowdstrike'}  | ${'isolate'}  | ${undefined}   | ${false}      | ${resetFeatures}
+    ${'crowdstrike'}  | ${'isolate'}  | ${undefined}   | ${false}      | ${disableCSIsolateFeature}
   `(
     'should return `$expectedValue` for $agentType $actionName ($actionType)',
     ({
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts
index b7893592296e9..d16fd182928de 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts
@@ -60,7 +60,6 @@ export enum TelemetryEventTypes {
   AssetCriticalityCsvPreviewGenerated = 'Asset Criticality Csv Preview Generated',
   AssetCriticalityFileSelected = 'Asset Criticality File Selected',
   AssetCriticalityCsvImported = 'Asset Criticality CSV Imported',
-  AttackDiscoveriesGenerated = 'Attack Discoveries Generated',
   EntityDetailsClicked = 'Entity Details Clicked',
   EntityAlertsClicked = 'Entity Alerts Clicked',
   EntityRiskFiltered = 'Entity Risk Filtered',
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts
deleted file mode 100644
index dc83083bd38e3..0000000000000
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { RootSchema } from '@kbn/core/public';
-import type { TelemetryEventTypes } from '../../constants';
-
-export interface ReportAttackDiscoveriesGeneratedParams {
-  actionTypeId: string;
-  provider?: string;
-  model?: string;
-  durationMs: number;
-  alertsContextCount: number;
-  alertsCount: number;
-  configuredAlertsCount: number;
-}
-
-export type ReportAttackDiscoveryTelemetryEventParams = ReportAttackDiscoveriesGeneratedParams;
-
-export interface AttackDiscoveryTelemetryEvent {
-  eventType: TelemetryEventTypes.AttackDiscoveriesGenerated;
-  schema: RootSchema<ReportAttackDiscoveriesGeneratedParams>;
-}
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts
index fa9875a027db6..8fe949fc783e7 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts
@@ -28,7 +28,6 @@ import {
   assistantMessageSentEvent,
   assistantQuickPrompt,
 } from './ai_assistant';
-import { insightsGeneratedEvent } from './attack_discovery';
 import { dataQualityIndexCheckedEvent, dataQualityCheckAllClickedEvent } from './data_quality';
 import {
   DocumentDetailsFlyoutOpenedEvent,
@@ -156,7 +155,6 @@ export const telemetryEvents = [
   assistantMessageSentEvent,
   assistantQuickPrompt,
   assistantSettingToggledEvent,
-  insightsGeneratedEvent,
   entityClickedEvent,
   entityAlertsClickedEvent,
   entityRiskFilteredEvent,
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts
index e1c4c8d4746cf..747a0a3a57770 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts
@@ -35,5 +35,4 @@ export const createTelemetryClientMock = (): jest.Mocked<TelemetryClientStart> =
   reportAssetCriticalityCsvPreviewGenerated: jest.fn(),
   reportAssetCriticalityFileSelected: jest.fn(),
   reportAssetCriticalityCsvImported: jest.fn(),
-  reportAttackDiscoveriesGenerated: jest.fn(),
 });
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts
index 3ca55ab75e685..266b3c737eb62 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts
@@ -24,7 +24,6 @@ import type {
   ReportAssistantMessageSentParams,
   ReportAssistantQuickPromptParams,
   ReportAssistantSettingToggledParams,
-  ReportAttackDiscoveriesGeneratedParams,
   ReportRiskInputsExpandedFlyoutOpenedParams,
   ReportToggleRiskSummaryClickedParams,
   ReportDetailsFlyoutOpenedParams,
@@ -74,10 +73,6 @@ export class TelemetryClient implements TelemetryClientStart {
     this.analytics.reportEvent(TelemetryEventTypes.AssistantSettingToggled, params);
   };
 
-  public reportAttackDiscoveriesGenerated = (params: ReportAttackDiscoveriesGeneratedParams) => {
-    this.analytics.reportEvent(TelemetryEventTypes.AttackDiscoveriesGenerated, params);
-  };
-
   public reportEntityDetailsClicked = ({ entity }: ReportEntityDetailsClickedParams) => {
     this.analytics.reportEvent(TelemetryEventTypes.EntityDetailsClicked, {
       entity,
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts
index 3be54678c0ad8..9e7a49a91497e 100644
--- a/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts
@@ -6,11 +6,6 @@
  */
 
 import type { AnalyticsServiceSetup, RootSchema } from '@kbn/core/public';
-import type {
-  AttackDiscoveryTelemetryEvent,
-  ReportAttackDiscoveriesGeneratedParams,
-  ReportAttackDiscoveryTelemetryEventParams,
-} from './events/attack_discovery/types';
 import type { SecurityCellActionMetadata } from '../../../app/actions/types';
 import type { ML_JOB_TELEMETRY_STATUS, TelemetryEventTypes } from './constants';
 import type {
@@ -61,7 +56,6 @@ import type {
 
 export * from './events/ai_assistant/types';
 export * from './events/alerts_grouping/types';
-export * from './events/attack_discovery/types';
 export * from './events/data_quality/types';
 export * from './events/onboarding/types';
 export type {
@@ -108,7 +102,6 @@ export interface ReportBreadcrumbClickedParams {
 export type TelemetryEventParams =
   | ReportAlertsGroupingTelemetryEventParams
   | ReportAssistantTelemetryEventParams
-  | ReportAttackDiscoveryTelemetryEventParams
   | ReportEntityAnalyticsTelemetryEventParams
   | ReportMLJobUpdateParams
   | ReportCellActionClickedParams
@@ -132,9 +125,6 @@ export interface TelemetryClientStart {
   reportAssistantQuickPrompt(params: ReportAssistantQuickPromptParams): void;
   reportAssistantSettingToggled(params: ReportAssistantSettingToggledParams): void;
 
-  // Attack discovery
-  reportAttackDiscoveriesGenerated(params: ReportAttackDiscoveriesGeneratedParams): void;
-
   // Entity Analytics
   reportEntityDetailsClicked(params: ReportEntityDetailsClickedParams): void;
   reportEntityAlertsClicked(params: ReportEntityAlertsClickedParams): void;
@@ -173,7 +163,6 @@ export type TelemetryEvent =
   | EntityAnalyticsTelemetryEvent
   | DataQualityTelemetryEvents
   | DocumentDetailsTelemetryEvents
-  | AttackDiscoveryTelemetryEvent
   | {
       eventType: TelemetryEventTypes.MLJobUpdate;
       schema: RootSchema<ReportMLJobUpdateParams>;
diff --git a/x-pack/plugins/security_solution/public/common/mock/endpoint/app_context_render.tsx b/x-pack/plugins/security_solution/public/common/mock/endpoint/app_context_render.tsx
index 11b4607ee4aae..147f52c7d4b42 100644
--- a/x-pack/plugins/security_solution/public/common/mock/endpoint/app_context_render.tsx
+++ b/x-pack/plugins/security_solution/public/common/mock/endpoint/app_context_render.tsx
@@ -23,6 +23,9 @@ import type {
 } from '@testing-library/react-hooks/src/types/react';
 import type { UseBaseQueryResult } from '@tanstack/react-query';
 import ReactDOM from 'react-dom';
+import type { DeepReadonly } from 'utility-types';
+import type { UserPrivilegesState } from '../../components/user_privileges/user_privileges_context';
+import { getUserPrivilegesMockDefaultValue } from '../../components/user_privileges/__mocks__';
 import type { AppLinkItems } from '../../links/types';
 import { ExperimentalFeaturesService } from '../../experimental_features_service';
 import { applyIntersectionObserverMock } from '../intersection_observer_mock';
@@ -41,6 +44,7 @@ import { KibanaServices } from '../../lib/kibana';
 import { appLinks } from '../../../app_links';
 import { fleetGetPackageHttpMock } from '../../../management/mocks';
 import { allowedExperimentalValues } from '../../../../common/experimental_features';
+import type { EndpointPrivileges } from '../../../../common/endpoint/types';
 
 const REAL_REACT_DOM_CREATE_PORTAL = ReactDOM.createPortal;
 
@@ -116,6 +120,11 @@ export type ReactQueryHookRenderer<
   options?: RenderHookOptions<TProps>
 ) => Promise<TResult>;
 
+export interface UserPrivilegesMockSetter {
+  set: (privileges: Partial<EndpointPrivileges>) => void;
+  reset: () => void;
+}
+
 /**
  * Mocked app root context renderer
  */
@@ -155,6 +164,42 @@ export interface AppContextTestRender {
    */
   setExperimentalFlag: (flags: Partial<ExperimentalFeatures>) => void;
 
+  /**
+   * A helper method that will return an interface to more easily manipulate Endpoint related user authz.
+   * Works in conjunction with `jest.mock()` at the test level.
+   * @param useUserPrivilegesHookMock
+   *
+   * @example
+   *
+   * // in your test
+   * import { useUserPrivileges as _useUserPrivileges } from 'path/to/user_privileges'
+   *
+   * jest.mock('path/to/user_privileges');
+   *
+   * const useUserPrivilegesMock = _useUserPrivileges as jest.Mock;
+   *
+   * // If you test - or more likely, in the `beforeEach` and `afterEach`
+   * let authMockSetter: UserPrivilegesMockSetter;
+   *
+   * beforeEach(() => {
+   *   const appTestSetup = createAppRootMockRenderer();
+   *
+   *   authMockSetter = appTestSetup.getUserPrivilegesMockSetter(useUserPrivilegesMock);
+   * })
+   *
+   * afterEach(() => {
+   *   authMockSetter.reset();
+   * }
+   *
+   * // Manipulate the authz in your test
+   * it('does something', () => {
+   *   authMockSetter({ canReadPolicyManagement: false });
+   * });
+   */
+  getUserPrivilegesMockSetter: (
+    useUserPrivilegesHookMock: jest.MockedFn<() => DeepReadonly<UserPrivilegesState>>
+  ) => UserPrivilegesMockSetter;
+
   /**
    * The React Query client (setup to support jest testing)
    */
@@ -305,6 +350,23 @@ export const createAppRootMockRenderer = (): AppContextTestRender => {
     });
   };
 
+  const getUserPrivilegesMockSetter: AppContextTestRender['getUserPrivilegesMockSetter'] = (
+    useUserPrivilegesHookMock
+  ) => {
+    return {
+      set: (authOverrides) => {
+        const newAuthz = getUserPrivilegesMockDefaultValue();
+
+        Object.assign(newAuthz.endpointPrivileges, authOverrides);
+        useUserPrivilegesHookMock.mockReturnValue(newAuthz);
+      },
+      reset: () => {
+        useUserPrivilegesHookMock.mockReset();
+        useUserPrivilegesHookMock.mockReturnValue(getUserPrivilegesMockDefaultValue());
+      },
+    };
+  };
+
   // Initialize the singleton `KibanaServices` with global services created for this test instance.
   // The module (`../../lib/kibana`) could have been mocked at the test level via `jest.mock()`,
   // and if so, then we set the return value of `KibanaServices.get` instead of calling `KibanaServices.init()`
@@ -336,6 +398,7 @@ export const createAppRootMockRenderer = (): AppContextTestRender => {
     renderHook,
     renderReactQueryHook,
     setExperimentalFlag,
+    getUserPrivilegesMockSetter,
     queryClient,
   };
 };
diff --git a/x-pack/plugins/security_solution/public/common/mock/endpoint/endpoint_alert_data_mock.ts b/x-pack/plugins/security_solution/public/common/mock/endpoint/endpoint_alert_data_mock.ts
index 96003266c1315..0de961badd9b1 100644
--- a/x-pack/plugins/security_solution/public/common/mock/endpoint/endpoint_alert_data_mock.ts
+++ b/x-pack/plugins/security_solution/public/common/mock/endpoint/endpoint_alert_data_mock.ts
@@ -90,7 +90,7 @@ const generateEndpointAlertDetailsItemDataMock = (
     },
     {
       category: 'agent',
-      field: 'agent.id',
+      field: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.endpoint,
       values: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
       originalValue: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
       isObjectArray: false,
@@ -185,22 +185,22 @@ const generateCrowdStrikeAlertDetailsItemDataMock = (
 
   data.push(
     {
-      category: 'crowdstrike',
+      category: 'device',
       field: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike,
       values: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
       originalValue: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
       isObjectArray: false,
     },
     {
-      category: 'crowdstrike',
-      field: 'crowdstrike.event.HostName',
-      values: ['elastic-host-win'],
-      originalValue: ['windows-native'],
+      category: 'host',
+      field: 'host.os.type',
+      values: ['windows'],
+      originalValue: ['windows'],
       isObjectArray: false,
     },
     {
-      category: 'crowdstrike',
-      field: 'crowdstrike.event.Platform',
+      category: 'host',
+      field: 'host.os.platform',
       values: ['windows'],
       originalValue: ['windows'],
       isObjectArray: false,
diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
index b99e788246dce..6aa38d25806a8 100644
--- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts
+++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
@@ -7,6 +7,7 @@
 
 import { TableId } from '@kbn/securitysolution-data-table';
 import type { DataViewSpec, FieldSpec } from '@kbn/data-views-plugin/public';
+import { ReqStatus } from '../../notes/store/notes.slice';
 import { HostsFields } from '../../../common/api/search_strategy/hosts/model/sort';
 import { InputsModelId } from '../store/inputs/constants';
 import {
@@ -46,6 +47,7 @@ import { initialGroupingState } from '../store/grouping/reducer';
 import type { SourcererState } from '../../sourcerer/store';
 import { EMPTY_RESOLVER } from '../../resolver/store/helpers';
 import { getMockDiscoverInTimelineState } from './mock_discover_state';
+import { initialState as dataViewPickerInitialState } from '../../sourcerer/experimental/redux/reducer';
 
 const mockFieldMap: DataViewSpec['fields'] = Object.fromEntries(
   mockIndexFields.map((field) => [field.name, field])
@@ -500,4 +502,31 @@ export const mockGlobalState: State = {
    */
   management: mockManagementState as ManagementState,
   discover: getMockDiscoverInTimelineState(),
+  dataViewPicker: dataViewPickerInitialState,
+  notes: {
+    ids: ['1'],
+    entities: {
+      '1': {
+        eventId: 'event-id',
+        noteId: '1',
+        note: 'note-1',
+        timelineId: 'timeline-1',
+        created: 1663882629000,
+        createdBy: 'elastic',
+        updated: 1663882629000,
+        updatedBy: 'elastic',
+        version: 'version',
+      },
+    },
+    status: {
+      fetchNotesByDocumentIds: ReqStatus.Idle,
+      createNote: ReqStatus.Idle,
+      deleteNote: ReqStatus.Idle,
+    },
+    error: {
+      fetchNotesByDocumentIds: null,
+      createNote: null,
+      deleteNote: null,
+    },
+  },
 };
diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx b/x-pack/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx
index 63ed6b5cac7f6..b9a83fd280b10 100644
--- a/x-pack/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx
+++ b/x-pack/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx
@@ -27,6 +27,7 @@ export const MockAssistantProviderComponent: React.FC<Props> = ({
 }) => {
   const actionTypeRegistry = actionTypeRegistryMock.create();
   const mockHttp = httpServiceMock.createStartContract({ basePath: '/test' });
+  const mockNavigateToApp = jest.fn();
   const defaultAssistantAvailability: AssistantAvailability = {
     hasAssistantPrivilege: false,
     hasConnectorsAllPrivilege: true,
@@ -47,6 +48,7 @@ export const MockAssistantProviderComponent: React.FC<Props> = ({
       }}
       getComments={jest.fn(() => [])}
       http={mockHttp}
+      navigateToApp={mockNavigateToApp}
       baseConversations={BASE_SECURITY_CONVERSATIONS}
     >
       {children}
diff --git a/x-pack/plugins/security_solution/public/common/store/reducer.test.tsx b/x-pack/plugins/security_solution/public/common/store/reducer.test.tsx
index 0710872ae547d..c04474ce5db4a 100644
--- a/x-pack/plugins/security_solution/public/common/store/reducer.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/store/reducer.test.tsx
@@ -13,6 +13,8 @@ import { useSourcererDataView } from '../../sourcerer/containers';
 import { renderHook } from '@testing-library/react-hooks';
 import { initialGroupingState } from './grouping/reducer';
 import { initialAnalyzerState } from '../../resolver/store/helpers';
+import { initialState as dataViewPickerInitialState } from '../../sourcerer/experimental/redux/reducer';
+import { initialNotesState } from '../../notes/store/notes.slice';
 
 jest.mock('../hooks/use_selector');
 jest.mock('../lib/kibana', () => {
@@ -69,7 +71,9 @@ describe('createInitialState', () => {
       },
       {
         analyzer: initialAnalyzerState,
-      }
+      },
+      dataViewPickerInitialState,
+      initialNotesState
     );
 
     test('indicesExist should be TRUE if patternList is NOT empty', async () => {
@@ -107,7 +111,9 @@ describe('createInitialState', () => {
         },
         {
           analyzer: initialAnalyzerState,
-        }
+        },
+        dataViewPickerInitialState,
+        initialNotesState
       );
       const { result } = renderHook(() => useSourcererDataView(), {
         wrapper: ({ children }) => (
diff --git a/x-pack/plugins/security_solution/public/common/store/reducer.ts b/x-pack/plugins/security_solution/public/common/store/reducer.ts
index 5ec7ae66bb2bd..3226c508b7078 100644
--- a/x-pack/plugins/security_solution/public/common/store/reducer.ts
+++ b/x-pack/plugins/security_solution/public/common/store/reducer.ts
@@ -35,6 +35,12 @@ import type { GroupState } from './grouping/types';
 import { analyzerReducer } from '../../resolver/store/reducer';
 import { securitySolutionDiscoverReducer } from './discover/reducer';
 import type { AnalyzerState } from '../../resolver/types';
+import {
+  type DataviewPickerState,
+  reducer as dataviewPickerReducer,
+} from '../../sourcerer/experimental/redux/reducer';
+import type { NotesState } from '../../notes/store/notes.slice';
+import { notesReducer } from '../../notes/store/notes.slice';
 
 enableMapSet();
 
@@ -66,7 +72,9 @@ export const createInitialState = (
   },
   dataTableState: DataTableState,
   groupsState: GroupState,
-  analyzerState: AnalyzerState
+  analyzerState: AnalyzerState,
+  dataviewPickerState: DataviewPickerState,
+  notesState: NotesState
 ): State => {
   const initialPatterns = {
     [SourcererScopeName.default]: getScopePatternListSelection(
@@ -128,6 +136,8 @@ export const createInitialState = (
       internal: undefined,
       savedSearch: undefined,
     },
+    dataViewPicker: dataviewPickerState,
+    notes: notesState,
   };
 
   return preloadedState;
@@ -146,8 +156,10 @@ export const createReducer: (
     sourcerer: sourcererReducer,
     globalUrlParam: globalUrlParamReducer,
     dataTable: dataTableReducer,
+    dataViewPicker: dataviewPickerReducer,
     groups: groupsReducer,
     analyzer: analyzerReducer,
     discover: securitySolutionDiscoverReducer,
     ...pluginsReducer,
+    notes: notesReducer,
   });
diff --git a/x-pack/plugins/security_solution/public/common/store/store.ts b/x-pack/plugins/security_solution/public/common/store/store.ts
index 5b3500a58d9c6..ed20e253db538 100644
--- a/x-pack/plugins/security_solution/public/common/store/store.ts
+++ b/x-pack/plugins/security_solution/public/common/store/store.ts
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import thunk from 'redux-thunk';
 import type {
   Action,
   Store,
@@ -54,6 +55,12 @@ import { dataAccessLayerFactory } from '../../resolver/data_access_layer/factory
 import { sourcererActions } from '../../sourcerer/store';
 import { createMiddlewares } from './middlewares';
 import { addNewTimeline } from '../../timelines/store/helpers';
+import {
+  reducer as dataViewPickerReducer,
+  initialState as dataViewPickerState,
+} from '../../sourcerer/experimental/redux/reducer';
+import { listenerMiddleware } from '../../sourcerer/experimental/redux/listeners';
+import { initialNotesState } from '../../notes/store/notes.slice';
 
 let store: Store<State, Action> | null = null;
 
@@ -168,19 +175,23 @@ export const createStoreFactory = async (
     },
     dataTableInitialState,
     groupsInitialState,
-    analyzerInitialState
+    analyzerInitialState,
+    dataViewPickerState,
+    initialNotesState
   );
 
   const rootReducer = {
     ...subPlugins.explore.store.reducer,
     timeline: timelineReducer,
     ...subPlugins.management.store.reducer,
+    dataViewPicker: dataViewPickerReducer,
   };
 
   return createStore(initialState, rootReducer, coreStart, storage, [
     ...(subPlugins.management.store.middleware ?? []),
     ...(subPlugins.explore.store.middleware ?? []),
     ...[resolverMiddlewareFactory(dataAccessLayerFactory(coreStart)) ?? []],
+    listenerMiddleware.middleware,
   ]);
 };
 
@@ -284,7 +295,8 @@ export const createStore = (
   const middlewareEnhancer = applyMiddleware(
     ...createMiddlewares(kibana, storage),
     telemetryMiddleware,
-    ...(additionalMiddleware ?? [])
+    ...(additionalMiddleware ?? []),
+    thunk
   );
 
   store = createReduxStore(
diff --git a/x-pack/plugins/security_solution/public/common/store/types.ts b/x-pack/plugins/security_solution/public/common/store/types.ts
index 3623ec8837ad4..8809ccc6ec0fa 100644
--- a/x-pack/plugins/security_solution/public/common/store/types.ts
+++ b/x-pack/plugins/security_solution/public/common/store/types.ts
@@ -25,11 +25,12 @@ import type { GlobalUrlParam } from './global_url_param';
 import type { GroupState } from './grouping/types';
 import type { SecuritySolutionDiscoverState } from './discover/model';
 import type { AnalyzerState } from '../../resolver/types';
+import { type DataviewPickerState } from '../../sourcerer/experimental/redux/reducer';
+import type { NotesState } from '../../notes/store/notes.slice';
 
 export type State = HostsPluginState &
   UsersPluginState &
   NetworkPluginState &
-  UsersPluginState &
   TimelinePluginState &
   ManagementPluginState & {
     app: AppState;
@@ -38,9 +39,10 @@ export type State = HostsPluginState &
     sourcerer: SourcererState;
     globalUrlParam: GlobalUrlParam;
     discover: SecuritySolutionDiscoverState;
+    dataViewPicker: DataviewPickerState;
   } & DataTableState &
   GroupState &
-  AnalyzerState;
+  AnalyzerState & { notes: NotesState };
 /**
  * The Redux store type for the Security app.
  */
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx
index 4428d6cca6de6..984f0f5dee926 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx
@@ -169,11 +169,11 @@ export const getSourceEventTimeRangeColumns = () => [
       return backfill ? (
         <div>
           <div>
-            <FormattedDate value={backfill.to} fieldName="backfill.to" />
+            <FormattedDate value={backfill.from} fieldName="backfill.from" />
           </div>
           <EuiText textAlign="center">{'-'}</EuiText>
           <div>
-            <FormattedDate value={backfill.from} fieldName="backfill.from" />
+            <FormattedDate value={backfill.to} fieldName="backfill.to" />
           </div>
         </div>
       ) : (
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx
index 1444dc8e0fd40..981f80f36f744 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx
@@ -78,7 +78,7 @@ import {
   getSourceEventTimeRangeColumns,
 } from './execution_log_columns';
 import { ExecutionLogSearchBar } from './execution_log_search_bar';
-import { RuleBackfillsInfo } from '../../../../rule_gaps/components/rule_backfills_info';
+
 import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 
 const EXECUTION_UUID_FIELD_NAME = 'kibana.alert.rule.execution.uuid';
@@ -594,9 +594,6 @@ const ExecutionLogTableComponent: React.FC<ExecutionLogTableProps> = ({
         itemIdToExpandedRowMap={rows.itemIdToExpandedRowMap}
         data-test-subj="executionsTable"
       />
-
-      <EuiSpacer size="xl" />
-      <RuleBackfillsInfo ruleId={ruleId} />
     </EuiPanel>
   );
 };
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts
index f84e0b6b859c2..76b3f5483baad 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts
@@ -93,7 +93,8 @@ export const COLUMN_SOURCE_EVENT_TIME_RANGE = i18n.translate(
 export const COLUMN_SOURCE_EVENT_TIME_RANGE_TOOLTIP = i18n.translate(
   'xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.sourceEventTimeRangeTooltip',
   {
-    defaultMessage: "Only for manual rule runs. Don't include additional lookback time.",
+    defaultMessage:
+      "Only applies to manual rule executions. If the rule has look-back time, it's included in the logged time range.",
   }
 );
 
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
index 43491a1969fff..71ae7791fab0d 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
@@ -112,6 +112,7 @@ import {
 } from '../../../../detections/components/rules/rule_execution_status';
 import { ExecutionEventsTable } from '../../../rule_monitoring';
 import { ExecutionLogTable } from './execution_log_table/execution_log_table';
+import { RuleBackfillsInfo } from '../../../rule_gaps/components/rule_backfills_info';
 
 import * as ruleI18n from '../../../../detections/pages/detection_engine/rules/translations';
 
@@ -138,6 +139,7 @@ import { RuleSnoozeBadge } from '../../../rule_management/components/rule_snooze
 import { useBoolState } from '../../../../common/hooks/use_bool_state';
 import { RuleDefinitionSection } from '../../../rule_management/components/rule_details/rule_definition_section';
 import { RuleScheduleSection } from '../../../rule_management/components/rule_details/rule_schedule_section';
+import { CustomizedPrebuiltRuleBadge } from '../../../rule_management/components/rule_details/customized_prebuilt_rule_badge';
 import { ManualRuleRunModal } from '../../../rule_gaps/components/manual_rule_run';
 import { useManualRuleRunConfirmation } from '../../../rule_gaps/components/manual_rule_run/use_manual_rule_run_confirmation';
 // eslint-disable-next-line no-restricted-imports
@@ -591,15 +593,16 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                 border
                 subtitle={subTitle}
                 subtitle2={
-                  <>
-                    <EuiFlexGroup gutterSize="xs" alignItems="center" justifyContent="flexStart">
+                  <EuiFlexGroup gutterSize="m" alignItems="center" justifyContent="flexStart">
+                    <CustomizedPrebuiltRuleBadge rule={rule} />
+                    <EuiFlexGroup alignItems="center" gutterSize="xs">
                       <EuiFlexItem grow={false}>
                         {ruleStatusI18n.STATUS}
                         {':'}
                       </EuiFlexItem>
                       {ruleStatusInfo}
                     </EuiFlexGroup>
-                  </>
+                  </EuiFlexGroup>
                 }
                 title={title}
                 badgeOptions={badgeOptions}
@@ -785,13 +788,17 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                   />
                 </Route>
                 <Route path={`/rules/id/:detailName/:tabName(${RuleDetailTabs.executionResults})`}>
-                  <ExecutionLogTable
-                    ruleId={ruleId}
-                    selectAlertsTab={navigateToAlertsTab}
-                    analytics={analytics}
-                    i18n={i18nStart}
-                    theme={theme}
-                  />
+                  <>
+                    <ExecutionLogTable
+                      ruleId={ruleId}
+                      selectAlertsTab={navigateToAlertsTab}
+                      analytics={analytics}
+                      i18n={i18nStart}
+                      theme={theme}
+                    />
+                    <EuiSpacer size="xl" />
+                    <RuleBackfillsInfo ruleId={ruleId} />
+                  </>
                 </Route>
                 <Route path={`/rules/id/:detailName/:tabName(${RuleDetailTabs.executionEvents})`}>
                   <ExecutionEventsTable ruleId={ruleId} />
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/utils/helpers.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/utils/helpers.test.tsx
index c3b288cb15c79..574aa6a6c1970 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/utils/helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/utils/helpers.test.tsx
@@ -49,6 +49,8 @@ import {
   ALERT_ORIGINAL_EVENT_MODULE,
 } from '../../../../common/field_maps/field_names';
 import { AGENT_ID } from './highlighted_fields_config';
+import { RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD } from '../../../../common/endpoint/service/response_actions/constants';
+
 jest.mock('uuid', () => ({
   v4: jest.fn().mockReturnValue('123'),
 }));
@@ -1796,17 +1798,17 @@ describe('Exception helpers', () => {
           id: 'host.name',
         },
         {
-          id: 'agent.id',
+          id: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.endpoint,
           label: 'Agent status',
           overrideField: 'agent.status',
         },
         {
-          id: 'observer.serial_number',
+          id: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.sentinel_one,
           overrideField: 'agent.status',
           label: 'Agent status',
         },
         {
-          id: 'crowdstrike.event.DeviceId',
+          id: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike,
           overrideField: 'agent.status',
           label: 'Agent status',
         },
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts
index 78e3c5cbe6ca5..98c8a436393ad 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts
@@ -9,6 +9,7 @@ import type { UseMutationOptions } from '@tanstack/react-query';
 import { useMutation } from '@tanstack/react-query';
 import type { ScheduleBackfillProps } from '../../types';
 import { scheduleRuleRun } from '../api';
+import { useInvalidateFindBackfillQuery } from './use_find_backfills_for_rules';
 
 export const SCHEDULE_RULE_RUN_MUTATION_KEY = [
   'POST',
@@ -18,8 +19,15 @@ export const SCHEDULE_RULE_RUN_MUTATION_KEY = [
 export const useScheduleRuleRunMutation = (
   options?: UseMutationOptions<unknown, Error, ScheduleBackfillProps>
 ) => {
+  const invalidateBackfillQuery = useInvalidateFindBackfillQuery();
   return useMutation((scheduleOptions: ScheduleBackfillProps) => scheduleRuleRun(scheduleOptions), {
     ...options,
+    onSettled: (...args) => {
+      invalidateBackfillQuery();
+      if (options?.onSettled) {
+        options.onSettled(...args);
+      }
+    },
     mutationKey: SCHEDULE_RULE_RUN_MUTATION_KEY,
   });
 };
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx
index a215de5406080..8d3b02b78108f 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx
@@ -6,73 +6,93 @@
  */
 
 import React from 'react';
-import { render, within } from '@testing-library/react';
+import moment from 'moment';
+import { fireEvent, render, screen } from '@testing-library/react';
 import { ManualRuleRunModal } from '.';
+import { MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS } from '../../../../../common/constants';
+
+const convertToDatePickerFormat = (date: moment.Moment) => {
+  return `${date.format('L')} ${date.format('LT')}`;
+};
 
 describe('ManualRuleRunModal', () => {
   const onCancelMock = jest.fn();
   const onConfirmMock = jest.fn();
 
+  let startDatePicker: Element;
+  let endDatePicker: Element;
+  let confirmModalConfirmButton: HTMLElement;
+  let cancelModalConfirmButton: HTMLElement;
+  let timeRangeForm: HTMLElement;
+
   afterEach(() => {
     onCancelMock.mockReset();
     onConfirmMock.mockReset();
   });
 
-  it('should render modal', () => {
-    const wrapper = render(
-      <ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />
-    );
+  beforeEach(() => {
+    render(<ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />);
+
+    timeRangeForm = screen.getByTestId('manual-rule-run-time-range-form');
+    startDatePicker = timeRangeForm.getElementsByClassName('start-date-picker')[0];
+    endDatePicker = timeRangeForm.getElementsByClassName('end-date-picker')[0];
+    confirmModalConfirmButton = screen.getByTestId('confirmModalConfirmButton');
+    cancelModalConfirmButton = screen.getByTestId('confirmModalCancelButton');
+  });
 
-    expect(wrapper.getByTestId('manual-rule-run-modal-form')).toBeInTheDocument();
-    expect(wrapper.getByTestId('confirmModalCancelButton')).toBeEnabled();
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeEnabled();
+  it('should render modal', () => {
+    expect(timeRangeForm).toBeInTheDocument();
+    expect(cancelModalConfirmButton).toBeEnabled();
+    expect(confirmModalConfirmButton).toBeEnabled();
   });
 
   it('should render confirmation button disabled if invalid time range has been selected', () => {
-    const wrapper = render(
-      <ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />
-    );
+    expect(confirmModalConfirmButton).toBeEnabled();
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeEnabled();
+    const now = moment();
+    const startDate = now.clone().subtract(1, 'd');
+    const endDate = now.clone().subtract(2, 'd');
 
-    within(wrapper.getByTestId('end-date-picker')).getByText('Previous Month').click();
+    fireEvent.change(startDatePicker, {
+      target: { value: convertToDatePickerFormat(startDate) },
+    });
+    fireEvent.change(endDatePicker, {
+      target: { value: convertToDatePickerFormat(endDate) },
+    });
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeDisabled();
-    expect(wrapper.getByTestId('manual-rule-run-time-range-form')).toHaveTextContent(
-      'Selected time range is invalid'
-    );
+    expect(confirmModalConfirmButton).toBeDisabled();
+    expect(timeRangeForm).toHaveTextContent('Selected time range is invalid');
   });
 
   it('should render confirmation button disabled if selected start date is more than 90 days in the past', () => {
-    const wrapper = render(
-      <ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />
-    );
+    expect(confirmModalConfirmButton).toBeEnabled();
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeEnabled();
+    const now = moment();
+    const startDate = now.clone().subtract(MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS, 'd');
 
-    within(wrapper.getByTestId('start-date-picker')).getByText('Previous Month').click();
-    within(wrapper.getByTestId('start-date-picker')).getByText('Previous Month').click();
-    within(wrapper.getByTestId('start-date-picker')).getByText('Previous Month').click();
-    within(wrapper.getByTestId('start-date-picker')).getByText('Previous Month').click();
+    fireEvent.change(startDatePicker, {
+      target: {
+        value: convertToDatePickerFormat(startDate),
+      },
+    });
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeDisabled();
-    expect(wrapper.getByTestId('manual-rule-run-time-range-form')).toHaveTextContent(
+    expect(confirmModalConfirmButton).toBeDisabled();
+    expect(timeRangeForm).toHaveTextContent(
       'Manual rule run cannot be scheduled earlier than 90 days ago'
     );
   });
 
   it('should render confirmation button disabled if selected end date is in future', () => {
-    const wrapper = render(
-      <ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />
-    );
+    expect(confirmModalConfirmButton).toBeEnabled();
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeEnabled();
+    const now = moment();
+    const endDate = now.clone().add(2, 'd');
 
-    within(wrapper.getByTestId('end-date-picker')).getByText('Next month').click();
+    fireEvent.change(endDatePicker, {
+      target: { value: convertToDatePickerFormat(endDate) },
+    });
 
-    expect(wrapper.getByTestId('confirmModalConfirmButton')).toBeDisabled();
-    expect(wrapper.getByTestId('manual-rule-run-time-range-form')).toHaveTextContent(
-      'Manual rule run cannot be scheduled for the future'
-    );
+    expect(confirmModalConfirmButton).toBeDisabled();
+    expect(timeRangeForm).toHaveTextContent('Manual rule run cannot be scheduled for the future');
   });
 });
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx
index 365ebc865ec32..0f11ec3888603 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx
@@ -13,17 +13,18 @@ import {
   EuiFlexItem,
   EuiForm,
   EuiFormRow,
-  EuiHorizontalRule,
-  EuiSpacer,
   useGeneratedHtmlId,
+  EuiCallOut,
+  EuiSpacer,
 } from '@elastic/eui';
 import moment from 'moment';
 import React, { useCallback, useMemo, useState } from 'react';
+import { MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS } from '../../../../../common/constants';
 import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../../common/translations';
 
 import * as i18n from './translations';
 
-export const MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS = 90;
+const MANUAL_RULE_RUN_MODAL_WIDTH = 600;
 
 interface ManualRuleRunModalProps {
   onCancel: () => void;
@@ -41,7 +42,7 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal
 
   const isStartDateOutOfRange = now
     .clone()
-    .subtract(MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS, 'd')
+    .subtract(MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS, 'd')
     .isAfter(startDate);
   const isEndDateInFuture = endDate.isAfter(now);
   const isInvalidTimeRange = startDate.isSameOrAfter(endDate);
@@ -49,7 +50,7 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal
   const errorMessage = useMemo(() => {
     if (isStartDateOutOfRange) {
       return i18n.MANUAL_RULE_RUN_START_DATE_OUT_OF_RANGE_ERROR(
-        MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS
+        MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS
       );
     }
     if (isEndDateInFuture) {
@@ -68,36 +69,34 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal
   return (
     <EuiConfirmModal
       aria-labelledby={modalTitleId}
-      titleProps={{ id: modalTitleId }}
+      title={
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiFlexItem>{i18n.MANUAL_RULE_RUN_MODAL_TITLE}</EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiBetaBadge label={TECHNICAL_PREVIEW} tooltipContent={TECHNICAL_PREVIEW_TOOLTIP} />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      }
+      titleProps={{ id: modalTitleId, style: { width: '100%' } }}
       onCancel={onCancel}
       onConfirm={handleConfirm}
       confirmButtonText={i18n.MANUAL_RULE_RUN_CONFIRM_BUTTON}
       cancelButtonText={i18n.MANUAL_RULE_RUN_CANCEL_BUTTON}
       confirmButtonDisabled={isInvalid}
+      style={{ width: MANUAL_RULE_RUN_MODAL_WIDTH }}
     >
-      <EuiForm data-test-subj="manual-rule-run-modal-form">
-        <EuiSpacer size="m" />
+      <EuiForm data-test-subj="manual-rule-run-modal-form" fullWidth>
         <EuiFormRow
           data-test-subj="manual-rule-run-time-range-form"
-          label={
-            <EuiFlexGroup>
-              <EuiFlexItem>{i18n.MANUAL_RULE_RUN_TIME_RANGE_TITLE}</EuiFlexItem>
-              <EuiFlexItem grow={false}>
-                <EuiBetaBadge
-                  label={TECHNICAL_PREVIEW}
-                  tooltipContent={TECHNICAL_PREVIEW_TOOLTIP}
-                />
-              </EuiFlexItem>
-            </EuiFlexGroup>
-          }
+          label={i18n.MANUAL_RULE_RUN_TIME_RANGE_TITLE}
           isInvalid={isInvalid}
           error={errorMessage}
         >
           <EuiDatePickerRange
             data-test-subj="manual-rule-run-time-range"
-            readOnly={true}
             startDateControl={
               <EuiDatePicker
+                className="start-date-picker"
                 aria-label="Start date range"
                 selected={startDate}
                 onChange={(date) => date && setStartDate(date)}
@@ -108,6 +107,7 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal
             }
             endDateControl={
               <EuiDatePicker
+                className="end-date-picker"
                 aria-label="End date range"
                 selected={endDate}
                 onChange={(date) => date && setEndDate(date)}
@@ -118,31 +118,19 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal
             }
           />
         </EuiFormRow>
-        <EuiHorizontalRule />
-        <EuiFormRow data-test-subj="start-date-picker" label={i18n.MANUAL_RULE_RUN_START_AT_TITLE}>
-          <EuiDatePicker
-            aria-label="Start date picker"
-            inline
-            selected={startDate}
-            onChange={(date) => date && setStartDate(date)}
-            startDate={startDate}
-            endDate={endDate}
-            showTimeSelect={true}
-          />
-        </EuiFormRow>
-        <EuiHorizontalRule />
-        <EuiFormRow data-test-subj="end-date-picker" label={i18n.MANUAL_RULE_RUN_END_AT_TITLE}>
-          <EuiDatePicker
-            aria-label="End date picker"
-            inline
-            selected={endDate}
-            onChange={(date) => date && setEndDate(date)}
-            startDate={startDate}
-            endDate={endDate}
-            showTimeSelect={true}
-          />
-        </EuiFormRow>
       </EuiForm>
+
+      <EuiSpacer size="m" />
+
+      <EuiCallOut
+        size="s"
+        iconType="warning"
+        title={i18n.MANUAL_RULE_RUN_NOTIFIACTIONS_LIMITATIONS}
+      />
+
+      <EuiSpacer size="m" />
+
+      <EuiCallOut size="s" title={i18n.MANUAL_RULE_RUN_ALERT_LIMITATIONS} iconType="iInCircle" />
     </EuiConfirmModal>
   );
 };
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts
index c640377ed3b23..d9833232deb11 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts
@@ -6,58 +6,80 @@
  */
 import { i18n } from '@kbn/i18n';
 
+export const MANUAL_RULE_RUN_MODAL_TITLE = i18n.translate(
+  'xpack.securitySolution.manualRuleRun.modalTitle',
+  {
+    defaultMessage: 'Manual rule run',
+  }
+);
+
 export const MANUAL_RULE_RUN_TIME_RANGE_TITLE = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.timeRangeTitle',
+  'xpack.securitySolution.manualRuleRun.timeRangeTitle',
   {
     defaultMessage: 'Select timerange for manual rule run',
   }
 );
 
 export const MANUAL_RULE_RUN_START_AT_TITLE = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.startAtTitle',
+  'xpack.securitySolution.manualRuleRun.startAtTitle',
   {
     defaultMessage: 'Start at',
   }
 );
 
 export const MANUAL_RULE_RUN_END_AT_TITLE = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.endAtTitle',
+  'xpack.securitySolution.manualRuleRun.endAtTitle',
   {
     defaultMessage: 'Finish at',
   }
 );
 
 export const MANUAL_RULE_RUN_CONFIRM_BUTTON = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.confirmButton',
+  'xpack.securitySolution.manualRuleRun.confirmButton',
   {
     defaultMessage: 'Run',
   }
 );
 
 export const MANUAL_RULE_RUN_CANCEL_BUTTON = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.cancelButton',
+  'xpack.securitySolution.manualRuleRun.cancelButton',
   {
     defaultMessage: 'Cancel',
   }
 );
 
 export const MANUAL_RULE_RUN_INVALID_TIME_RANGE_ERROR = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.invalidTimeRangeError',
+  'xpack.securitySolution.manualRuleRun.invalidTimeRangeError',
   {
     defaultMessage: 'Selected time range is invalid',
   }
 );
 
 export const MANUAL_RULE_RUN_FUTURE_TIME_RANGE_ERROR = i18n.translate(
-  'xpack.securitySolution.manuelRuleRun.futureTimeRangeError',
+  'xpack.securitySolution.manualRuleRun.futureTimeRangeError',
   {
     defaultMessage: 'Manual rule run cannot be scheduled for the future',
   }
 );
 
 export const MANUAL_RULE_RUN_START_DATE_OUT_OF_RANGE_ERROR = (maxDaysLookback: number) =>
-  i18n.translate('xpack.securitySolution.manuelRuleRun.startDateIsOutOfRangeError', {
+  i18n.translate('xpack.securitySolution.manuelRulaRun.startDateIsOutOfRangeError', {
     values: { maxDaysLookback },
     defaultMessage:
       'Manual rule run cannot be scheduled earlier than {maxDaysLookback, plural, =1 {# day} other {# days}} ago',
   });
+
+export const MANUAL_RULE_RUN_ALERT_LIMITATIONS = i18n.translate(
+  'xpack.securitySolution.manualRuleRun.alertLimitations',
+  {
+    defaultMessage:
+      'To view alerts generated by this run, filter the Alerts page by the time range that was selected for this manual rule run.',
+  }
+);
+
+export const MANUAL_RULE_RUN_NOTIFIACTIONS_LIMITATIONS = i18n.translate(
+  'xpack.securitySolution.manualRuleRun.notificationsLimitations',
+  {
+    defaultMessage: 'Rule actions are not performed during manual rule runs.',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx
index 1c8a180207d2a..3a2a608d84431 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx
@@ -6,12 +6,15 @@
  */
 
 import React, { useState } from 'react';
-import { EuiAutoRefresh, EuiBasicTable, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import type {
-  EuiBasicTableColumn,
-  CriteriaWithPagination,
-  OnRefreshChangeProps,
+import {
+  EuiButton,
+  EuiBasicTable,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiBetaBadge,
 } from '@elastic/eui';
+import type { EuiBasicTableColumn, CriteriaWithPagination } from '@elastic/eui';
 import { useFindBackfillsForRules } from '../../api/hooks/use_find_backfills_for_rules';
 import { StopBackfill } from './stop_backfill';
 import { BackfillStatusInfo } from './backfill_status';
@@ -23,12 +26,15 @@ import { useUserData } from '../../../../detections/components/user_info';
 import { getBackfillRowsFromResponse } from './utils';
 import { HeaderSection } from '../../../../common/components/header_section';
 import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { TableHeaderTooltipCell } from '../../../rule_management_ui/components/rules_table/table_header_tooltip_cell';
+import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../../common/translations';
+import { useKibana } from '../../../../common/lib/kibana';
 
-const AUTO_REFRESH_INTERVAL = 3000;
 const DEFAULT_PAGE_SIZE = 10;
 
 const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => {
   const stopAction = {
+    name: i18n.BACKFILLS_TABLE_COLUMN_ACTION,
     render: (item: BackfillRow) => <StopBackfill id={item.id} />,
     width: '10%',
   };
@@ -36,18 +42,33 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => {
   const columns: Array<EuiBasicTableColumn<BackfillRow>> = [
     {
       field: 'status',
-      name: i18n.BACKFILLS_TABLE_COLUMN_STATUS,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_STATUS}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_STATUS_TOOLTIP}
+        />
+      ),
       render: (value: BackfillStatus) => <BackfillStatusInfo status={value} />,
       width: '10%',
     },
     {
       field: 'created_at',
-      name: i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT_TOOLTIP}
+        />
+      ),
       render: (value: 'string') => <FormattedDate value={value} fieldName={'created_at'} />,
       width: '20%',
     },
     {
-      name: i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANCE,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE_TOOLTIP}
+        />
+      ),
       render: (value: BackfillRow) => (
         <>
           <FormattedDate value={value.start} fieldName={'start'} />
@@ -60,31 +81,56 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => {
     {
       field: 'error',
       align: 'right',
-      name: i18n.BACKFILLS_TABLE_COLUMN_ERROR,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_ERROR}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_ERROR_TOOLTIP}
+        />
+      ),
       'data-test-subj': 'rule-backfills-column-error',
     },
     {
       field: 'pending',
       align: 'right',
-      name: i18n.BACKFILLS_TABLE_COLUMN_PENDING,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_PENDING}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_PENDING_TOOLTIP}
+        />
+      ),
       'data-test-subj': 'rule-backfills-column-pending',
     },
     {
       field: 'running',
       align: 'right',
-      name: i18n.BACKFILLS_TABLE_COLUMN_RUNNING,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_RUNNING}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_RUNNING_TOOLTIP}
+        />
+      ),
       'data-test-subj': 'rule-backfills-column-running',
     },
     {
       field: 'complete',
       align: 'right',
-      name: i18n.BACKFILLS_TABLE_COLUMN_COMPLETED,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_COMPLETED}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_COMPLETED_TOOLTIP}
+        />
+      ),
       'data-test-subj': 'rule-backfills-column-completed',
     },
     {
       field: 'total',
       align: 'right',
-      name: i18n.BACKFILLS_TABLE_COLUMN_TOTAL,
+      name: (
+        <TableHeaderTooltipCell
+          title={i18n.BACKFILLS_TABLE_COLUMN_TOTAL}
+          tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_TOTAL_TOOLTIP}
+        />
+      ),
       'data-test-subj': 'rule-backfills-column-total',
     },
   ];
@@ -98,21 +144,18 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => {
 
 export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => {
   const isManualRuleRunEnabled = useIsExperimentalFeatureEnabled('manualRuleRunEnabled');
-  const [autoRefreshInterval, setAutoRefreshInterval] = useState(AUTO_REFRESH_INTERVAL);
-  const [isAutoRefresh, setIsAutoRefresh] = useState(false);
   const [pageIndex, setPageIndex] = useState(0);
   const [pageSize, setPageSize] = useState(DEFAULT_PAGE_SIZE);
   const [{ canUserCRUD }] = useUserData();
   const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD);
-
-  const { data, isLoading, isError } = useFindBackfillsForRules(
+  const { timelines } = useKibana().services;
+  const { data, isLoading, isError, refetch, dataUpdatedAt } = useFindBackfillsForRules(
     {
       ruleIds: [ruleId],
       page: pageIndex + 1,
       perPage: pageSize,
     },
     {
-      refetchInterval: isAutoRefresh ? autoRefreshInterval : false,
       enabled: isManualRuleRunEnabled,
     }
   );
@@ -131,13 +174,6 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) =>
     totalItemCount: data?.total ?? 0,
   };
 
-  if (data?.total === 0) return null;
-
-  const handleRefreshChange = ({ isPaused, refreshInterval }: OnRefreshChangeProps) => {
-    setIsAutoRefresh(!isPaused);
-    setAutoRefreshInterval(refreshInterval);
-  };
-
   const handleTableChange: (params: CriteriaWithPagination<BackfillRow>) => void = ({
     page,
     sort,
@@ -148,23 +184,39 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) =>
     }
   };
 
+  const handleRefresh = () => {
+    refetch();
+  };
+
   return (
-    <div>
-      <EuiFlexGroup gutterSize="s" data-test-subj="rule-backfills-info">
+    <EuiPanel hasBorder>
+      <EuiFlexGroup alignItems="flexStart" gutterSize="s" data-test-subj="rule-backfills-info">
         <EuiFlexItem grow={true}>
-          <HeaderSection
-            title={i18n.BACKFILL_TABLE_TITLE}
-            subtitle={i18n.BACKFILL_TABLE_SUBTITLE}
-          />
+          <EuiFlexGroup gutterSize="s" alignItems="baseline">
+            <HeaderSection
+              title={i18n.BACKFILL_TABLE_TITLE}
+              subtitle={i18n.BACKFILL_TABLE_SUBTITLE}
+            />
+            <EuiBetaBadge label={TECHNICAL_PREVIEW} tooltipContent={TECHNICAL_PREVIEW_TOOLTIP} />
+          </EuiFlexGroup>
+        </EuiFlexItem>
+
+        <EuiFlexItem grow={false}>
+          <EuiButton iconType="refresh" fill onClick={handleRefresh}>
+            {i18n.BACKFILL_TABLE_REFRESH}
+          </EuiButton>
         </EuiFlexItem>
+      </EuiFlexGroup>
+
+      <EuiFlexGroup justifyContent="flexEnd">
         <EuiFlexItem grow={false}>
-          <EuiAutoRefresh
-            isPaused={!isAutoRefresh}
-            refreshInterval={autoRefreshInterval}
-            onRefreshChange={handleRefreshChange}
-          />
+          {timelines.getLastUpdated({
+            showUpdating: isLoading,
+            updatedAt: dataUpdatedAt,
+          })}
         </EuiFlexItem>
       </EuiFlexGroup>
+
       <EuiBasicTable
         data-test-subj="rule-backfills-table"
         items={backfills}
@@ -173,9 +225,8 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) =>
         error={isError ? 'error' : undefined}
         loading={isLoading}
         onChange={handleTableChange}
-        noItemsMessage={'not found'}
       />
-    </div>
+    </EuiPanel>
   );
 });
 
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts
index cb77ec89524fc..c2297e237100b 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts
@@ -14,6 +14,13 @@ export const BACKFILLS_TABLE_COLUMN_STATUS = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_STATUS_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.statusTooltip',
+  {
+    defaultMessage: 'Overall status of execution',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_CREATED_AT = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.createdAt',
   {
@@ -21,13 +28,27 @@ export const BACKFILLS_TABLE_COLUMN_CREATED_AT = i18n.translate(
   }
 );
 
-export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANCE = i18n.translate(
+export const BACKFILLS_TABLE_COLUMN_CREATED_AT_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.createdAtTooltip',
+  {
+    defaultMessage: 'When the manual run started',
+  }
+);
+
+export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.sourceTimeRange',
   {
     defaultMessage: 'Source event time range',
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.sourceTimeRangeTooltip',
+  {
+    defaultMessage: 'The date and time range selected for the manual run',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_ERROR = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.error',
   {
@@ -35,6 +56,13 @@ export const BACKFILLS_TABLE_COLUMN_ERROR = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_ERROR_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.errorTooltip',
+  {
+    defaultMessage: 'The number of failed manual run rule executions',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_COMPLETED = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.completed',
   {
@@ -42,6 +70,13 @@ export const BACKFILLS_TABLE_COLUMN_COMPLETED = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_COMPLETED_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.completedTooltip',
+  {
+    defaultMessage: 'The number of completed manual run rule executions',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_RUNNING = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.running',
   {
@@ -49,6 +84,13 @@ export const BACKFILLS_TABLE_COLUMN_RUNNING = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_RUNNING_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.runningTooltip',
+  {
+    defaultMessage: 'The number of manual run rule executions that are in progress',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_PENDING = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.pending',
   {
@@ -56,6 +98,13 @@ export const BACKFILLS_TABLE_COLUMN_PENDING = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_PENDING_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.pendingTooltip',
+  {
+    defaultMessage: 'The number of manual run rule executions that are waiting to execute',
+  }
+);
+
 export const BACKFILLS_TABLE_COLUMN_TOTAL = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.column.total',
   {
@@ -63,17 +112,25 @@ export const BACKFILLS_TABLE_COLUMN_TOTAL = i18n.translate(
   }
 );
 
+export const BACKFILLS_TABLE_COLUMN_TOTAL_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.totalTooltip',
+  {
+    defaultMessage:
+      'The total number of rule executions that will occur during the selected date and time range',
+  }
+);
+
 export const BACKFILLS_TABLE_STOP = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop',
   {
-    defaultMessage: 'Stop',
+    defaultMessage: 'Stop run',
   }
 );
 
 export const BACKFILLS_TABLE_STOP_CONFIRMATION_TITLE = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationTitle',
   {
-    defaultMessage: 'Are you sure you want to stop this run?',
+    defaultMessage: 'Stop this rule run',
   }
 );
 
@@ -87,42 +144,49 @@ export const BACKFILLS_TABLE_STOP_CONFIRMATION_CANCEL = i18n.translate(
 export const BACKFILLS_TABLE_STOP_CONFIRMATION_STOP_RUNS = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop.stopRuns',
   {
-    defaultMessage: 'Stop runs',
+    defaultMessage: 'Stop run',
   }
 );
 
 export const BACKFILLS_TABLE_STOP_CONFIRMATION_BODY = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop.description',
   {
-    defaultMessage: 'All remaining rule runs will be stopped',
+    defaultMessage: 'All the pending rule executions for this manual rule run will be stopped',
   }
 );
 
 export const BACKFILLS_TABLE_STOP_CONFIRMATION_SUCCESS = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationSuccess',
   {
-    defaultMessage: 'Run stopped',
+    defaultMessage: 'Rule run stopped',
   }
 );
 
 export const BACKFILLS_TABLE_STOP_CONFIRMATION_ERROR = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationError',
   {
-    defaultMessage: 'Error stopping run',
+    defaultMessage: 'Error stopping rule run',
   }
 );
 
 export const BACKFILL_TABLE_TITLE = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillTable.title',
   {
-    defaultMessage: 'Backfill runs',
+    defaultMessage: 'Manual runs',
+  }
+);
+
+export const BACKFILL_TABLE_REFRESH = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillTable.refresh',
+  {
+    defaultMessage: 'Refresh',
   }
 );
 
 export const BACKFILL_TABLE_SUBTITLE = i18n.translate(
   'xpack.securitySolution.rule_gaps.backfillTable.subtitle',
   {
-    defaultMessage: 'View and manage backfill runs',
+    defaultMessage: 'View and manage active manual runs',
   }
 );
 
@@ -132,13 +196,20 @@ export const BACKFILL_SCHEDULE_SUCCESS = (numRules: number) =>
     {
       values: { numRules },
       defaultMessage:
-        'Successfully scheduled backfill for {numRules, plural, =1 {# rule} other {# rules}}',
+        'Successfully scheduled manual run for {numRules, plural, =1 {# rule} other {# rules}}',
     }
   );
 
 export const BACKFILL_SCHEDULE_ERROR_TITLE = i18n.translate(
   'xpack.securitySolution.containers.detectionEngine.backfillSchedule.scheduleRuleRunErrorTitle',
   {
-    defaultMessage: 'Error while scheduling backfill',
+    defaultMessage: 'Error while scheduling manual run',
+  }
+);
+
+export const BACKFILLS_TABLE_COLUMN_ACTION = i18n.translate(
+  'xpack.securitySolution.rule_gaps.backfillsTable.column.action',
+  {
+    defaultMessage: 'Action',
   }
 );
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.test.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.test.ts
index 226d0a2bd16ed..4b912c4a9a2fc 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.test.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.test.ts
@@ -767,6 +767,33 @@ describe('Detections Rules API', () => {
       );
     });
 
+    test('passes manual rule run payload', async () => {
+      const startDate = new Date().toISOString();
+      const endDate = new Date().toISOString();
+      await performBulkAction({
+        bulkAction: {
+          type: BulkActionTypeEnum.run,
+          ids: ['ruleId1'],
+          runPayload: { start_date: startDate, end_date: endDate },
+        },
+      });
+
+      expect(fetchMock).toHaveBeenCalledWith(
+        '/api/detection_engine/rules/_bulk_action',
+        expect.objectContaining({
+          method: 'POST',
+          body: JSON.stringify({
+            action: 'run',
+            ids: ['ruleId1'],
+            run: { start_date: startDate, end_date: endDate },
+          }),
+          query: {
+            dry_run: false,
+          },
+        })
+      );
+    });
+
     test('executes dry run', async () => {
       await performBulkAction({
         bulkAction: { type: BulkActionTypeEnum.disable, query: 'some query' },
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
index 70f0a56ef74cd..ad82a33559bbc 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
@@ -30,6 +30,7 @@ import type {
   BulkDuplicateRules,
   BulkActionEditPayload,
   BulkActionType,
+  BulkManualRuleRun,
   CoverageOverviewResponse,
   GetRuleManagementFiltersResponse,
 } from '../../../../common/api/detection_engine/rule_management';
@@ -330,7 +331,10 @@ export type QueryOrIds = { query: string; ids?: undefined } | { query?: undefine
 type PlainBulkAction = {
   type: Exclude<
     BulkActionType,
-    BulkActionTypeEnum['edit'] | BulkActionTypeEnum['export'] | BulkActionTypeEnum['duplicate']
+    | BulkActionTypeEnum['edit']
+    | BulkActionTypeEnum['export']
+    | BulkActionTypeEnum['duplicate']
+    | BulkActionTypeEnum['run']
   >;
 } & QueryOrIds;
 
@@ -344,7 +348,16 @@ type DuplicateBulkAction = {
   duplicatePayload?: BulkDuplicateRules['duplicate'];
 } & QueryOrIds;
 
-export type BulkAction = PlainBulkAction | EditBulkAction | DuplicateBulkAction;
+export type ManualRuleRunBulkAction = {
+  type: BulkActionTypeEnum['run'];
+  runPayload: BulkManualRuleRun['run'];
+} & QueryOrIds;
+
+export type BulkAction =
+  | PlainBulkAction
+  | EditBulkAction
+  | DuplicateBulkAction
+  | ManualRuleRunBulkAction;
 
 export interface PerformBulkActionProps {
   bulkAction: BulkAction;
@@ -370,6 +383,7 @@ export async function performBulkAction({
     edit: bulkAction.type === BulkActionTypeEnum.edit ? bulkAction.editPayload : undefined,
     duplicate:
       bulkAction.type === BulkActionTypeEnum.duplicate ? bulkAction.duplicatePayload : undefined,
+    run: bulkAction.type === BulkActionTypeEnum.run ? bulkAction.runPayload : undefined,
   };
 
   return KibanaServices.get().http.fetch<BulkActionResponse>(DETECTION_ENGINE_RULES_BULK_ACTION, {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx
new file mode 100644
index 0000000000000..56a559a91794a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiBadge } from '@elastic/eui';
+import * as i18n from './translations';
+import { isCustomizedPrebuiltRule } from '../../../../../common/api/detection_engine';
+import type { RuleResponse } from '../../../../../common/api/detection_engine';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+
+interface CustomizedPrebuiltRuleBadgeProps {
+  rule: RuleResponse | null;
+}
+
+export const CustomizedPrebuiltRuleBadge: React.FC<CustomizedPrebuiltRuleBadgeProps> = ({
+  rule,
+}) => {
+  const isPrebuiltRulesCustomizationEnabled = useIsExperimentalFeatureEnabled(
+    'prebuiltRulesCustomizationEnabled'
+  );
+
+  if (!isPrebuiltRulesCustomizationEnabled) {
+    return null;
+  }
+
+  if (rule === null || !isCustomizedPrebuiltRule(rule)) {
+    return null;
+  }
+
+  return <EuiBadge color="hollow">{i18n.CUSTOMIZED_PREBUILT_RULE_LABEL}</EuiBadge>;
+};
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts
index 3e75677d54da9..a5fab42457e44 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts
@@ -349,3 +349,10 @@ export const MAX_SIGNALS_FIELD_LABEL = i18n.translate(
     defaultMessage: 'Max alerts per run',
   }
 );
+
+export const CUSTOMIZED_PREBUILT_RULE_LABEL = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.customizedPrebuiltRuleLabel',
+  {
+    defaultMessage: 'Customized Elastic rule',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts
index 99bad79536bd7..ad68e31cbeb05 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts
@@ -34,6 +34,9 @@ export function summarizeBulkSuccess(action: BulkActionType): string {
     case BulkActionTypeEnum.disable:
       return i18n.RULES_BULK_DISABLE_SUCCESS;
 
+    case BulkActionTypeEnum.run:
+      return i18n.RULES_BULK_MANUAL_RULE_RUN_SUCCESS;
+
     case BulkActionTypeEnum.edit:
       return i18n.RULES_BULK_EDIT_SUCCESS;
   }
@@ -58,6 +61,9 @@ export function explainBulkSuccess(
 
     case BulkActionTypeEnum.disable:
       return i18n.RULES_BULK_DISABLE_SUCCESS_DESCRIPTION(summary.succeeded);
+
+    case BulkActionTypeEnum.run:
+      return i18n.RULES_BULK_MANUAL_RULE_RUN_SUCCESS_DESCRIPTION(summary.succeeded);
   }
 }
 
@@ -101,6 +107,9 @@ export function summarizeBulkError(action: BulkActionType): string {
     case BulkActionTypeEnum.disable:
       return i18n.RULES_BULK_DISABLE_FAILURE;
 
+    case BulkActionTypeEnum.run:
+      return i18n.RULES_BULK_MANUAL_RULE_RUN_FAILURE;
+
     case BulkActionTypeEnum.edit:
       return i18n.RULES_BULK_EDIT_FAILURE;
   }
@@ -130,6 +139,9 @@ export function explainBulkError(action: BulkActionType, error: HTTPError): stri
     case BulkActionTypeEnum.disable:
       return i18n.RULES_BULK_DISABLE_FAILURE_DESCRIPTION(summary.failed);
 
+    case BulkActionTypeEnum.run:
+      return i18n.RULES_BULK_MANUAL_RULE_RUN_FAILURE_DESCRIPTION(summary.failed);
+
     case BulkActionTypeEnum.edit:
       return i18n.RULES_BULK_EDIT_FAILURE_DESCRIPTION(summary.failed, summary.skipped);
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_dry_run_confirmation.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_dry_run_confirmation.tsx
index 23bb9106d62cf..023b5d118eed4 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_dry_run_confirmation.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_dry_run_confirmation.tsx
@@ -24,6 +24,8 @@ const getActionRejectedTitle = (
       return i18n.BULK_EDIT_CONFIRMATION_REJECTED_TITLE(failedRulesCount);
     case BulkActionTypeEnum.export:
       return i18n.BULK_EXPORT_CONFIRMATION_REJECTED_TITLE(failedRulesCount);
+    case BulkActionTypeEnum.run:
+      return i18n.BULK_MANUAL_RULE_RUN_CONFIRMATION_REJECTED_TITLE(failedRulesCount);
     default:
       assertUnreachable(bulkAction);
   }
@@ -38,6 +40,8 @@ const getActionConfirmLabel = (
       return i18n.BULK_EDIT_CONFIRMATION_CONFIRM(succeededRulesCount);
     case BulkActionTypeEnum.export:
       return i18n.BULK_EXPORT_CONFIRMATION_CONFIRM(succeededRulesCount);
+    case BulkActionTypeEnum.run:
+      return i18n.BULK_MANUAL_RULE_RUN_CONFIRMATION_CONFIRM(succeededRulesCount);
     default:
       assertUnreachable(bulkAction);
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.test.tsx
index c0112f13b776a..7354bd306d6ea 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.test.tsx
@@ -92,4 +92,31 @@ describe('Component BulkEditRuleErrorsList', () => {
 
     expect(screen.getByText(value)).toBeInTheDocument();
   });
+
+  test.each([
+    [
+      BulkActionsDryRunErrCode.MANUAL_RULE_RUN_FEATURE,
+      '2 rules (Manual rule run feature is disabled)',
+    ],
+    [
+      BulkActionsDryRunErrCode.MANUAL_RULE_RUN_DISABLED_RULE,
+      '2 rules (Cannot schedule manual rule run for disabled rules)',
+    ],
+  ])('should render correct message for "%s" errorCode', (errorCode, value) => {
+    const ruleErrors: DryRunResult['ruleErrors'] = [
+      {
+        message: 'test failure',
+        errorCode,
+        ruleIds: ['rule:1', 'rule:2'],
+      },
+    ];
+    render(
+      <BulkActionRuleErrorsList bulkAction={BulkActionTypeEnum.run} ruleErrors={ruleErrors} />,
+      {
+        wrapper: Wrapper,
+      }
+    );
+
+    expect(screen.getByText(value)).toBeInTheDocument();
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.tsx
index 907e67f658bc4..72e380a1a7d5a 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_action_rule_errors_list.tsx
@@ -108,6 +108,45 @@ const BulkExportRuleErrorItem = ({
   }
 };
 
+const BulkManualRuleRunErrorItem = ({
+  errorCode,
+  message,
+  rulesCount,
+}: BulkActionRuleErrorItemProps) => {
+  switch (errorCode) {
+    case BulkActionsDryRunErrCode.MANUAL_RULE_RUN_FEATURE:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRunFeatureDisabledDescription"
+            defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} (Manual rule run feature is disabled)"
+            values={{ rulesCount }}
+          />
+        </li>
+      );
+    case BulkActionsDryRunErrCode.MANUAL_RULE_RUN_DISABLED_RULE:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.scheduleDisabledRuleDescription"
+            defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} (Cannot schedule manual rule run for disabled rules)"
+            values={{ rulesCount }}
+          />
+        </li>
+      );
+    default:
+      return (
+        <li key={message}>
+          <FormattedMessage
+            id="xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.defaultScheduleRuleRunFailureDescription"
+            defaultMessage="{rulesCount, plural, =1 {# rule} other {# rules}} can't be scheduled ({message})"
+            values={{ rulesCount, message }}
+          />
+        </li>
+      );
+  }
+};
+
 interface BulkActionRuleErrorsListProps {
   ruleErrors: DryRunResult['ruleErrors'];
   bulkAction: BulkActionForConfirmation;
@@ -150,6 +189,15 @@ const BulkActionRuleErrorsListComponent = ({
                 />
               );
 
+            case BulkActionTypeEnum.run:
+              return (
+                <BulkManualRuleRunErrorItem
+                  message={message}
+                  errorCode={errorCode}
+                  rulesCount={rulesCount}
+                />
+              );
+
             default:
               return null;
           }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_manual_rule_run_limit_error_modal.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_manual_rule_run_limit_error_modal.tsx
new file mode 100644
index 0000000000000..a2ae63b66a9ad
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/bulk_manual_rule_run_limit_error_modal.tsx
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiButton,
+  EuiModal,
+  EuiModalBody,
+  EuiModalFooter,
+  EuiModalHeader,
+  EuiModalHeaderTitle,
+} from '@elastic/eui';
+
+import { MAX_MANUAL_RULE_RUN_BULK_SIZE } from '../../../../../../common/constants';
+import * as i18n from '../../../../../detections/pages/detection_engine/rules/translations';
+
+interface BulkManualRuleRunRulesLimitErrorModalProps {
+  onClose: () => void;
+}
+
+const BulkManualRuleRunLimitErrorModalComponent = ({
+  onClose,
+}: BulkManualRuleRunRulesLimitErrorModalProps) => {
+  // if the amount of selected rules is more than the limit, modal window the appropriate error will be displayed
+  return (
+    <EuiModal onClose={onClose}>
+      <EuiModalHeader>
+        <EuiModalHeaderTitle>{i18n.BULK_MANUAL_RULE_RUN_LIMIT_ERROR_TITLE}</EuiModalHeaderTitle>
+      </EuiModalHeader>
+      <EuiModalBody>
+        {i18n.BULK_MANUAL_RULE_RUN_LIMIT_ERROR_MESSAGE(MAX_MANUAL_RULE_RUN_BULK_SIZE)}
+      </EuiModalBody>
+      <EuiModalFooter>
+        <EuiButton onClick={onClose} fill>
+          {i18n.BULK_MANUAL_RULE_RUN_LIMIT_ERROR_CLOSE_BUTTON}
+        </EuiButton>
+      </EuiModalFooter>
+    </EuiModal>
+  );
+};
+
+export const BulkManualRuleRunLimitErrorModal = React.memo(
+  BulkManualRuleRunLimitErrorModalComponent
+);
+
+BulkManualRuleRunLimitErrorModal.displayName = 'BulkManualRuleRunLimitErrorModal';
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/types.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/types.ts
index 409ee722c6383..1203e7258a24d 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/types.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/types.ts
@@ -9,11 +9,15 @@ import type { BulkActionsDryRunErrCode } from '../../../../../../common/constant
 import type { BulkActionTypeEnum } from '../../../../../../common/api/detection_engine/rule_management';
 
 /**
- * Only 2 bulk actions are supported for for confirmation dry run modal:
+ * Only 3 bulk actions are supported for for confirmation dry run modal:
  * * export
  * * edit
+ * * manual rule run
  */
-export type BulkActionForConfirmation = BulkActionTypeEnum['export'] | BulkActionTypeEnum['edit'];
+export type BulkActionForConfirmation =
+  | BulkActionTypeEnum['export']
+  | BulkActionTypeEnum['edit']
+  | BulkActionTypeEnum['run'];
 
 /**
  * transformed results of dry run
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx
index 70d522323a964..5ea5d3d456f15 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx
@@ -12,6 +12,8 @@ import type { Toast } from '@kbn/core/public';
 import { toMountPoint } from '@kbn/react-kibana-mount';
 import { euiThemeVars } from '@kbn/ui-theme';
 import React, { useCallback } from 'react';
+import { MAX_MANUAL_RULE_RUN_BULK_SIZE } from '../../../../../../common/constants';
+import type { TimeRange } from '../../../../rule_gaps/types';
 import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 import { useKibana } from '../../../../../common/lib/kibana';
 import { convertRulesFilterToKQL } from '../../../../../../common/detection_engine/rule_management/rule_filtering';
@@ -53,6 +55,8 @@ interface UseBulkActionsArgs {
     action: BulkActionForConfirmation
   ) => Promise<boolean>;
   showBulkDuplicateConfirmation: () => Promise<string | null>;
+  showManualRuleRunConfirmation: () => Promise<TimeRange | null>;
+  showManualRuleRunLimitError: () => void;
   completeBulkEditForm: (
     bulkActionEditType: BulkActionEditType
   ) => Promise<BulkActionEditPayload | null>;
@@ -64,6 +68,8 @@ export const useBulkActions = ({
   confirmDeletion,
   showBulkActionConfirmation,
   showBulkDuplicateConfirmation,
+  showManualRuleRunConfirmation,
+  showManualRuleRunLimitError,
   completeBulkEditForm,
   executeBulkActionsDryRun,
 }: UseBulkActionsArgs) => {
@@ -202,6 +208,53 @@ export const useBulkActions = ({
         await downloadExportedRules(response);
       };
 
+      const handleScheduleRuleRunAction = async () => {
+        startTransaction({ name: BULK_RULE_ACTIONS.MANUAL_RULE_RUN });
+        closePopover();
+
+        setIsPreflightInProgress(true);
+
+        const dryRunResult = await executeBulkActionsDryRun({
+          type: BulkActionTypeEnum.run,
+          ...(isAllSelected
+            ? { query: convertRulesFilterToKQL(filterOptions) }
+            : { ids: selectedRuleIds }),
+          runPayload: { start_date: new Date().toISOString() },
+        });
+
+        setIsPreflightInProgress(false);
+
+        if ((dryRunResult?.succeededRulesCount ?? 0) > MAX_MANUAL_RULE_RUN_BULK_SIZE) {
+          showManualRuleRunLimitError();
+          return;
+        }
+
+        // User has cancelled edit action or there are no custom rules to proceed
+        const hasActionBeenConfirmed = await showBulkActionConfirmation(
+          dryRunResult,
+          BulkActionTypeEnum.run
+        );
+        if (hasActionBeenConfirmed === false) {
+          return;
+        }
+
+        const modalManualRuleRunConfirmationResult = await showManualRuleRunConfirmation();
+        if (modalManualRuleRunConfirmationResult === null) {
+          return;
+        }
+
+        const enabledIds = selectedRules.filter(({ enabled }) => enabled).map(({ id }) => id);
+
+        await executeBulkAction({
+          type: BulkActionTypeEnum.run,
+          ...(isAllSelected ? { query: kql } : { ids: enabledIds }),
+          runPayload: {
+            start_date: modalManualRuleRunConfirmationResult.startDate.toISOString(),
+            end_date: modalManualRuleRunConfirmationResult.endDate.toISOString(),
+          },
+        });
+      };
+
       const handleBulkEdit = (bulkEditActionType: BulkActionEditType) => async () => {
         let longTimeWarningToast: Toast;
         let isBulkEditFinished = false;
@@ -391,6 +444,14 @@ export const useBulkActions = ({
               onClick: handleExportAction,
               icon: undefined,
             },
+            {
+              key: i18n.BULK_ACTION_MANUAL_RULE_RUN,
+              name: i18n.BULK_ACTION_MANUAL_RULE_RUN,
+              'data-test-subj': 'scheduleRuleRunBulk',
+              disabled: containsLoading || (!containsEnabled && !isAllSelected),
+              onClick: handleScheduleRuleRunAction,
+              icon: undefined,
+            },
             {
               key: i18n.BULK_ACTION_DISABLE,
               name: i18n.BULK_ACTION_DISABLE,
@@ -520,6 +581,8 @@ export const useBulkActions = ({
       kql,
       toasts,
       showBulkDuplicateConfirmation,
+      showManualRuleRunConfirmation,
+      showManualRuleRunLimitError,
       clearRulesSelection,
       confirmDeletion,
       bulkExport,
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table/rules_table_context.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table/rules_table_context.tsx
index 1bf260aff69ed..8f0cac0130083 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table/rules_table_context.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table/rules_table_context.tsx
@@ -138,6 +138,7 @@ export type LoadingRuleAction =
   | 'export'
   | 'load'
   | 'edit'
+  | 'run'
   | null;
 
 export interface LoadingRules {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx
index d5e3fb77b237d..3a9c5dfb8ee00 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx
@@ -37,6 +37,7 @@ import type { FindRulesSortField } from '../../../../../common/api/detection_eng
 import { useIsUpgradingSecurityPackages } from '../../../rule_management/logic/use_upgrade_security_packages';
 import { useManualRuleRunConfirmation } from '../../../rule_gaps/components/manual_rule_run/use_manual_rule_run_confirmation';
 import { ManualRuleRunModal } from '../../../rule_gaps/components/manual_rule_run';
+import { BulkManualRuleRunLimitErrorModal } from './bulk_actions/bulk_manual_rule_run_limit_error_modal';
 
 const INITIAL_SORT_FIELD = 'enabled';
 
@@ -117,6 +118,12 @@ export const RulesTables = React.memo<RulesTableProps>(({ selectedTab }) => {
     confirmManualRuleRun,
   } = useManualRuleRunConfirmation();
 
+  const [
+    isManualRuleRunLimitErrorVisible,
+    showManualRuleRunLimitError,
+    hideManualRuleRunLimitError,
+  ] = useBoolState();
+
   const {
     bulkEditActionType,
     isBulkEditFlyoutVisible,
@@ -132,6 +139,8 @@ export const RulesTables = React.memo<RulesTableProps>(({ selectedTab }) => {
     confirmDeletion,
     showBulkActionConfirmation,
     showBulkDuplicateConfirmation,
+    showManualRuleRunConfirmation,
+    showManualRuleRunLimitError,
     completeBulkEditForm,
     executeBulkActionsDryRun,
   });
@@ -276,6 +285,9 @@ export const RulesTables = React.memo<RulesTableProps>(({ selectedTab }) => {
       {isManualRuleRunConfirmationVisible && (
         <ManualRuleRunModal onCancel={cancelManualRuleRun} onConfirm={confirmManualRuleRun} />
       )}
+      {isManualRuleRunLimitErrorVisible && (
+        <BulkManualRuleRunLimitErrorModal onClose={hideManualRuleRunLimitError} />
+      )}
       {isBulkActionConfirmationVisible && bulkAction && (
         <BulkActionDryRunConfirmation
           bulkAction={bulkAction}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
index 0a938e0d10512..9d1a3071b44e1 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
@@ -32,7 +32,6 @@ import {
 } from '../../../../rule_management/components/rule_details/rule_details_flyout';
 import { RuleDiffTab } from '../../../../rule_management/components/rule_details/rule_diff_tab';
 import { MlJobUpgradeModal } from '../../../../../detections/components/modals/ml_job_upgrade_modal';
-import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 import * as ruleDetailsI18n from '../../../../rule_management/components/rule_details/translations';
 import * as i18n from './translations';
 
@@ -120,14 +119,6 @@ export const UpgradePrebuiltRulesTableContextProvider = ({
     tags: [],
   });
 
-  const isJsonPrebuiltRulesDiffingEnabled = useIsExperimentalFeatureEnabled(
-    'jsonPrebuiltRulesDiffingEnabled'
-  );
-
-  const isPerFieldPrebuiltRulesDiffingEnabled = useIsExperimentalFeatureEnabled(
-    'perFieldPrebuiltRulesDiffingEnabled'
-  );
-
   const isUpgradingSecurityPackages = useIsUpgradingSecurityPackages();
 
   const {
@@ -282,53 +273,34 @@ export const UpgradePrebuiltRulesTableContextProvider = ({
     }
 
     return [
-      ...(isPerFieldPrebuiltRulesDiffingEnabled
-        ? [
-            {
-              id: 'updates',
-              name: (
-                <EuiToolTip
-                  position="top"
-                  content={i18n.UPDATE_FLYOUT_PER_FIELD_TOOLTIP_DESCRIPTION}
-                >
-                  <>{ruleDetailsI18n.UPDATES_TAB_LABEL}</>
-                </EuiToolTip>
-              ),
-              content: (
-                <TabContentPadding>
-                  <PerFieldRuleDiffTab ruleDiff={activeRule.diff} />
-                </TabContentPadding>
-              ),
-            },
-          ]
-        : []),
-      ...(isJsonPrebuiltRulesDiffingEnabled
-        ? [
-            {
-              id: 'jsonViewUpdates',
-              name: (
-                <EuiToolTip
-                  position="top"
-                  content={i18n.UPDATE_FLYOUT_JSON_VIEW_TOOLTIP_DESCRIPTION}
-                >
-                  <>{ruleDetailsI18n.JSON_VIEW_UPDATES_TAB_LABEL}</>
-                </EuiToolTip>
-              ),
-              content: (
-                <TabContentPadding>
-                  <RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
-                </TabContentPadding>
-              ),
-            },
-          ]
-        : []),
+      {
+        id: 'updates',
+        name: (
+          <EuiToolTip position="top" content={i18n.UPDATE_FLYOUT_PER_FIELD_TOOLTIP_DESCRIPTION}>
+            <>{ruleDetailsI18n.UPDATES_TAB_LABEL}</>
+          </EuiToolTip>
+        ),
+        content: (
+          <TabContentPadding>
+            <PerFieldRuleDiffTab ruleDiff={activeRule.diff} />
+          </TabContentPadding>
+        ),
+      },
+      {
+        id: 'jsonViewUpdates',
+        name: (
+          <EuiToolTip position="top" content={i18n.UPDATE_FLYOUT_JSON_VIEW_TOOLTIP_DESCRIPTION}>
+            <>{ruleDetailsI18n.JSON_VIEW_UPDATES_TAB_LABEL}</>
+          </EuiToolTip>
+        ),
+        content: (
+          <TabContentPadding>
+            <RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
+          </TabContentPadding>
+        ),
+      },
     ];
-  }, [
-    previewedRule,
-    filteredRules,
-    isJsonPrebuiltRulesDiffingEnabled,
-    isPerFieldPrebuiltRulesDiffingEnabled,
-  ]);
+  }, [previewedRule, filteredRules]);
 
   return (
     <UpgradePrebuiltRulesTableContext.Provider value={providerValue}>
@@ -344,7 +316,7 @@ export const UpgradePrebuiltRulesTableContextProvider = ({
         {previewedRule && (
           <RuleDetailsFlyout
             rule={previewedRule}
-            size={isJsonPrebuiltRulesDiffingEnabled ? 'l' : 'm'}
+            size="l"
             id={PREBUILT_RULE_UPDATE_FLYOUT_ANCHOR}
             dataTestSubj="updatePrebuiltRulePreview"
             closeFlyout={closeRulePreview}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
index dc4a0cb429b87..4af2fdd7ef356 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
@@ -122,7 +122,8 @@ export const useRulesTableActions = ({
           {
             type: 'icon',
             'data-test-subj': 'manualRuleRunAction',
-            description: i18n.MANUAL_RULE_RUN,
+            description: (rule) =>
+              !rule.enabled ? i18n.MANUAL_RULE_RUN_TOOLTIP : i18n.MANUAL_RULE_RUN,
             icon: 'play',
             name: i18n.MANUAL_RULE_RUN,
             onClick: async (rule: Rule) => {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx
index 6567d3e2ee248..7033785b20052 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx
@@ -9,7 +9,6 @@ import { EuiButtonEmpty, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/
 import { MaintenanceWindowCallout } from '@kbn/alerts-ui-shared';
 import React, { useCallback } from 'react';
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { APP_UI_ID } from '../../../../../common/constants';
 import { SecurityPageName } from '../../../../app/types';
 import { ImportDataModal } from '../../../../common/components/import_data_modal';
@@ -55,9 +54,6 @@ const RulesPageComponent: React.FC = () => {
     invalidateFetchRuleManagementFilters,
     invalidateFetchCoverageOverviewQuery,
   ]);
-  const isPerFieldPrebuiltRulesDiffingEnabled = useIsExperimentalFeatureEnabled(
-    'perFieldPrebuiltRulesDiffingEnabled'
-  );
 
   const [
     {
@@ -177,7 +173,7 @@ const RulesPageComponent: React.FC = () => {
             kibanaServices={kibanaServices}
             categories={[DEFAULT_APP_CATEGORIES.security.id]}
           />
-          {isPerFieldPrebuiltRulesDiffingEnabled && <RuleFeatureTour />}
+          <RuleFeatureTour />
           <AllRules data-test-subj="all-rules" />
         </SecuritySolutionPageWrapper>
       </RulesTableContextProvider>
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
index 7a3ed25b8084e..c1465be7e67e0 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
@@ -471,7 +471,8 @@ const createThresholdTimeline = async (
           ...acc,
           {
             ...formatAlertToEcsSignal(_source),
-            _id,
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            _id: _id!,
             _index,
             timestamp: _source['@timestamp'],
           },
@@ -629,7 +630,8 @@ const createNewTermsTimeline = async (
           ...acc,
           {
             ...formatAlertToEcsSignal(_source),
-            _id,
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            _id: _id!,
             _index,
             timestamp: _source['@timestamp'],
           },
@@ -795,7 +797,8 @@ const createSuppressedTimeline = async (
           ...acc,
           {
             ...formatAlertToEcsSignal(_source),
-            _id,
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            _id: _id!,
             _index,
             timestamp: _source['@timestamp'],
           },
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
index 5fc8364b0d7eb..4688d12d64bab 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
@@ -11,7 +11,7 @@ import type { Filter } from '@kbn/es-query';
 import type { FC } from 'react';
 import React, { useRef, useEffect, useState, useCallback, useMemo } from 'react';
 import type { AlertsTableStateProps } from '@kbn/triggers-actions-ui-plugin/public/application/sections/alerts_table/alerts_table_state';
-import type { Alert } from '@kbn/triggers-actions-ui-plugin/public/types';
+import type { Alert, Alerts } from '@kbn/triggers-actions-ui-plugin/public/types';
 import { ALERT_BUILDING_BLOCK_TYPE } from '@kbn/rule-data-utils';
 import styled from 'styled-components';
 import { useDispatch } from 'react-redux';
@@ -22,6 +22,7 @@ import {
   tableDefaults,
   TableId,
 } from '@kbn/securitysolution-data-table';
+import { fetchNotesByDocumentIds } from '../../../notes/store/notes.slice';
 import { useGlobalTime } from '../../../common/containers/use_global_time';
 import { useLicense } from '../../../common/hooks/use_license';
 import { VIEW_SELECTION } from '../../../../common/constants';
@@ -265,11 +266,19 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
     };
   }, []);
 
+  const onLoaded = useCallback(
+    (alerts: Alerts) => {
+      const alertIds = alerts.map((alert: Alert) => alert._id);
+      dispatch(fetchNotesByDocumentIds({ documentIds: alertIds }));
+    },
+    [dispatch]
+  );
+
   const alertStateProps: AlertsTableStateProps = useMemo(
     () => ({
       alertsTableConfigurationRegistry: triggersActionsUi.alertsTableConfigurationRegistry,
       configurationId: configId,
-      // stores saperate configuration based on the view of the table
+      // stores separate configuration based on the view of the table
       id: `detection-engine-alert-table-${configId}-${tableView}`,
       featureIds: ['siem'],
       query: finalBoolQuery,
@@ -280,6 +289,7 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
       browserFields: finalBrowserFields,
       onUpdate: onAlertTableUpdate,
       cellContext,
+      onLoaded,
       runtimeMappings,
       toolbarVisibility: {
         showColumnSelector: !isEventRenderedView,
@@ -300,6 +310,7 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
       runtimeMappings,
       isEventRenderedView,
       cellContext,
+      onLoaded,
     ]
   );
 
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
index 5be000d508195..6ed110483ecc4 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
@@ -155,6 +155,11 @@ const RuleActionsOverflowComponent = ({
                     key={i18nActions.MANUAL_RULE_RUN}
                     icon="play"
                     disabled={!userHasPermissions || !rule.enabled}
+                    toolTipContent={
+                      !userHasPermissions || !rule.enabled
+                        ? i18nActions.MANUAL_RULE_RUN_TOOLTIP
+                        : ''
+                    }
                     data-test-subj="rules-details-manual-rule-run"
                     onClick={async () => {
                       startTransaction({ name: SINGLE_RULE_ACTIONS.MANUAL_RULE_RUN });
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_execution_status/rule_status_failed_callout.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_execution_status/rule_status_failed_callout.test.tsx
index 45291cb5d0315..b5e7737be38f7 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_execution_status/rule_status_failed_callout.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_execution_status/rule_status_failed_callout.test.tsx
@@ -28,6 +28,7 @@ const MESSAGE = 'This rule is attempting to query data but...';
 const actionTypeRegistry = actionTypeRegistryMock.create();
 const mockGetComments = jest.fn(() => []);
 const mockHttp = httpServiceMock.createStartContract({ basePath: '/test' });
+const mockNavigationToApp = jest.fn();
 const mockAssistantAvailability: AssistantAvailability = {
   hasAssistantPrivilege: false,
   hasConnectorsAllPrivilege: true,
@@ -61,6 +62,7 @@ const ContextWrapper: FC<PropsWithChildren<unknown>> = ({ children }) => (
       }}
       getComments={mockGetComments}
       http={mockHttp}
+      navigateToApp={mockNavigationToApp}
       baseConversations={BASE_SECURITY_CONVERSATIONS}
     >
       {children}
diff --git a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.test.tsx b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.test.tsx
index e3fe9d39d6601..8d55d14a4718c 100644
--- a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.test.tsx
@@ -27,7 +27,7 @@ const mockSelectFile: <P>(container: ReactWrapper<P>, file: File) => Promise<voi
   container,
   file
 ) => {
-  const fileChange = container.find('EuiFilePicker').prop('onChange');
+  const fileChange = container.find('EuiFilePickerClass').last().prop('onChange');
   await waitFor(() => {
     if (fileChange) {
       fileChange({ item: () => file } as unknown as FormEvent);
diff --git a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.tsx b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.tsx
index b95ec41048f89..0190f06381e66 100644
--- a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/form.tsx
@@ -17,6 +17,10 @@ import {
   EuiFlexItem,
   EuiSelect,
 } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 
 import type { Type, ListSchema } from '@kbn/securitysolution-io-ts-list-types';
 import { useImportList } from '@kbn/securitysolution-list-hooks';
@@ -55,7 +59,7 @@ export const ValueListsFormComponent: React.FC<ValueListsFormProps> = ({ onError
   const ctrl = useRef(new AbortController());
   const [file, setFile] = useState<File | null>(null);
   const [type, setType] = useState<Type>(defaultListType);
-  const filePickerRef = useRef<EuiFilePicker | null>(null);
+  const filePickerRef = useRef<EuiFilePickerClass | null>(null);
   const { http } = useKibana().services;
   const { start: importList, ...importState } = useImportList();
 
@@ -136,7 +140,7 @@ export const ValueListsFormComponent: React.FC<ValueListsFormProps> = ({ onError
           data-test-subj="value-list-file-picker"
           id="value-list-file-picker"
           initialPromptText={i18n.FILE_PICKER_PROMPT}
-          ref={filePickerRef}
+          ref={filePickerRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
           onChange={handleFileChange}
           fullWidth={true}
           isLoading={importState.loading}
diff --git a/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_actions_column.tsx b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_actions_column.tsx
index 840cc0efb5529..2e838e9f2ba23 100644
--- a/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_actions_column.tsx
+++ b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_actions_column.tsx
@@ -10,6 +10,7 @@ import React, { useCallback, useContext, useMemo } from 'react';
 import { useSelector } from 'react-redux';
 import type { AlertsTableConfigurationRegistry } from '@kbn/triggers-actions-ui-plugin/public/types';
 import { TableId } from '@kbn/securitysolution-data-table';
+import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
 import { StatefulEventContext } from '../../../common/components/events_viewer/stateful_event_context';
 import { eventsViewerSelector } from '../../../common/components/events_viewer/selectors';
 import { getDefaultControlColumn } from '../../../timelines/components/timeline/body/control_columns';
@@ -24,7 +25,17 @@ export const getUseActionColumnHook =
   () => {
     const license = useLicense();
     const isEnterprisePlus = license.isEnterprise();
-    const ACTION_BUTTON_COUNT = tableId === TableId.alertsOnCasePage ? 3 : isEnterprisePlus ? 5 : 4;
+    let ACTION_BUTTON_COUNT = tableId === TableId.alertsOnCasePage ? 4 : isEnterprisePlus ? 6 : 5;
+
+    // we only want to show the note icon if the expandable flyout and the new notes system are enabled
+    // TODO delete most likely in 8.16
+    const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+    const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+      'securitySolutionNotesEnabled'
+    );
+    if (expandableFlyoutDisabled || !securitySolutionNotesEnabled) {
+      ACTION_BUTTON_COUNT--;
+    }
 
     const eventContext = useContext(StatefulEventContext);
 
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
index eb2d6b01b492f..4fa96cf519bbf 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
@@ -103,6 +103,13 @@ export const BULK_ACTION_EXPORT = i18n.translate(
   }
 );
 
+export const BULK_ACTION_MANUAL_RULE_RUN = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRunTitle',
+  {
+    defaultMessage: 'Manual run',
+  }
+);
+
 export const BULK_ACTION_DUPLICATE = i18n.translate(
   'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicateTitle',
   {
@@ -240,6 +247,15 @@ export const BULK_EXPORT_CONFIRMATION_REJECTED_TITLE = (rulesCount: number) =>
     }
   );
 
+export const BULK_MANUAL_RULE_RUN_CONFIRMATION_REJECTED_TITLE = (rulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkManualRuleRunConfirmationDeniedTitle',
+    {
+      values: { rulesCount },
+      defaultMessage: '{rulesCount, plural, =1 {# rule} other {# rules}} cannot be scheduled',
+    }
+  );
+
 export const BULK_EDIT_CONFIRMATION_REJECTED_TITLE = (rulesCount: number) =>
   i18n.translate(
     'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkEditConfirmationDeniedTitle',
@@ -292,6 +308,40 @@ export const BULK_EXPORT_CONFIRMATION_CONFIRM = (customRulesCount: number) =>
     }
   );
 
+export const BULK_MANUAL_RULE_RUN_CONFIRMATION_CONFIRM = (customRulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkManualRuleRunConfirmation.confirmButtonLabel',
+    {
+      values: { customRulesCount },
+      defaultMessage:
+        'Schedule {customRulesCount, plural, =1 {# custom rule} other {# custom rules}}',
+    }
+  );
+
+export const BULK_MANUAL_RULE_RUN_LIMIT_ERROR_TITLE = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkManualRuleRunLimitErrorMessage',
+  {
+    defaultMessage: 'This action can only be applied',
+  }
+);
+
+export const BULK_MANUAL_RULE_RUN_LIMIT_ERROR_MESSAGE = (rulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkManualRuleRunLimitErrorTitle',
+    {
+      values: { rulesCount },
+      defaultMessage:
+        'Manual rule run cannot be scheduled for more than {rulesCount, plural, =1 {# rule} other {# rules}}',
+    }
+  );
+
+export const BULK_MANUAL_RULE_RUN_LIMIT_ERROR_CLOSE_BUTTON = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.bulkManualRuleRunLimitErrorCloseButton',
+  {
+    defaultMessage: 'Close',
+  }
+);
+
 export const BULK_EDIT_FLYOUT_FORM_SAVE = i18n.translate(
   'xpack.securitySolution.detectionEngine.components.allRules.bulkActions.bulkEditFlyoutForm.saveButtonLabel',
   {
@@ -584,6 +634,13 @@ export const MANUAL_RULE_RUN = i18n.translate(
   }
 );
 
+export const MANUAL_RULE_RUN_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip',
+  {
+    defaultMessage: 'Manual run available only for enabled rules',
+  }
+);
+
 export const COLUMN_RULE = i18n.translate(
   'xpack.securitySolution.detectionEngine.rules.allRules.columns.ruleTitle',
   {
@@ -1194,6 +1251,44 @@ export const RULES_BULK_DISABLE_FAILURE_DESCRIPTION = (rulesCount: number) =>
     }
   );
 
+/**
+ * Bulk Manual Rule Run
+ */
+
+export const RULES_BULK_MANUAL_RULE_RUN_SUCCESS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRun.successToastTitle',
+  {
+    defaultMessage: 'Rules scheduled',
+  }
+);
+
+export const RULES_BULK_MANUAL_RULE_RUN_FAILURE = i18n.translate(
+  'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRun.errorToastTitle',
+  {
+    defaultMessage: 'Error scheduling manual rule run',
+  }
+);
+
+export const RULES_BULK_MANUAL_RULE_RUN_SUCCESS_DESCRIPTION = (totalRules: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRun.successToastDescription',
+    {
+      values: { totalRules },
+      defaultMessage:
+        'Successfully scheduled manual rule run for {totalRules, plural, =1 {{totalRules} rule} other {{totalRules} rules}}',
+    }
+  );
+
+export const RULES_BULK_MANUAL_RULE_RUN_FAILURE_DESCRIPTION = (failedRulesCount: number) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.manualRuleRun.errorToastDescription',
+    {
+      values: { failedRulesCount },
+      defaultMessage:
+        '{failedRulesCount, plural, =0 {} =1 {# rule} other {# rules}} failed to schedule manual rule run.',
+    }
+  );
+
 /**
  * Bulk Edit
  */
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.stories.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.stories.tsx
index b48629cbbe26f..2d0d8f9525713 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.stories.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.stories.tsx
@@ -33,3 +33,20 @@ export const Default: Story<void> = () => {
     </StorybookProviders>
   );
 };
+
+export const PreviewMode: Story<void> = () => {
+  return (
+    <StorybookProviders>
+      <TestProvider>
+        <div style={{ maxWidth: '300px' }}>
+          <RiskSummary
+            riskScoreData={{ ...mockRiskScoreState, data: [] }}
+            queryId={'testQuery'}
+            recalculatingScore={false}
+            isPreviewMode
+          />
+        </div>
+      </TestProvider>
+    </StorybookProviders>
+  );
+};
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.test.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.test.tsx
index 56a84c340dee3..e35e0d4130500 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.test.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.test.tsx
@@ -134,6 +134,23 @@ describe('RiskSummary', () => {
     expect(queryByTestId('riskInputsTitleLink')).not.toBeInTheDocument();
   });
 
+  it('risk summary header does not render expand icon when in preview mode', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskSummary
+          riskScoreData={{ ...mockHostRiskScoreState, data: undefined, loading: true }}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          isPreviewMode
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('riskInputsTitleLink')).not.toBeInTheDocument();
+    expect(queryByTestId('riskInputsTitleIcon')).not.toBeInTheDocument();
+  });
+
   it('renders visualization embeddable', () => {
     const { getByTestId } = render(
       <TestProviders>
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx
index 86da9df4f5376..ce70b5fb211e7 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx
@@ -51,7 +51,8 @@ export interface RiskSummaryProps<T extends RiskScoreEntity> {
   riskScoreData: RiskScoreState<T>;
   recalculatingScore: boolean;
   queryId: string;
-  openDetailsPanel: (tab: EntityDetailsLeftPanelTab) => void;
+  openDetailsPanel?: (tab: EntityDetailsLeftPanelTab) => void;
+  isPreviewMode?: boolean;
 }
 
 const RiskSummaryComponent = <T extends RiskScoreEntity>({
@@ -59,6 +60,7 @@ const RiskSummaryComponent = <T extends RiskScoreEntity>({
   recalculatingScore,
   queryId,
   openDetailsPanel,
+  isPreviewMode,
 }: RiskSummaryProps<T>) => {
   const { telemetry } = useKibana().services;
   const { data } = riskScoreData;
@@ -189,7 +191,9 @@ const RiskSummaryComponent = <T extends RiskScoreEntity>({
           link: riskScoreData.loading
             ? undefined
             : {
-                callback: () => openDetailsPanel(EntityDetailsLeftPanelTab.RISK_INPUTS),
+                callback: openDetailsPanel
+                  ? () => openDetailsPanel(EntityDetailsLeftPanelTab.RISK_INPUTS)
+                  : undefined,
                 tooltip: (
                   <FormattedMessage
                     id="xpack.securitySolution.flyout.entityDetails.showAllRiskInputs"
@@ -197,7 +201,7 @@ const RiskSummaryComponent = <T extends RiskScoreEntity>({
                   />
                 ),
               },
-          iconType: 'arrowStart',
+          iconType: !isPreviewMode ? 'arrowStart' : undefined,
         }}
         expand={{
           expandable: false,
diff --git a/x-pack/plugins/security_solution/public/exceptions/components/import_exceptions_list_flyout/index.tsx b/x-pack/plugins/security_solution/public/exceptions/components/import_exceptions_list_flyout/index.tsx
index d34a67087e40e..5c7fa4ba3b14c 100644
--- a/x-pack/plugins/security_solution/public/exceptions/components/import_exceptions_list_flyout/index.tsx
+++ b/x-pack/plugins/security_solution/public/exceptions/components/import_exceptions_list_flyout/index.tsx
@@ -26,6 +26,10 @@ import {
   EuiFlyout,
   EuiToolTip,
 } from '@elastic/eui';
+import type {
+  EuiFilePickerClass,
+  EuiFilePickerProps,
+} from '@elastic/eui/src/components/form/file_picker/file_picker';
 import type {
   BulkErrorSchema,
   ImportExceptionsResponseSchema,
@@ -53,7 +57,7 @@ export const ImportExceptionListFlyout = React.memo(
     addError: (error: unknown, options: ErrorToastOptions) => Toast;
     setDisplayImportListFlyout: Dispatch<SetStateAction<boolean>>;
   }) => {
-    const filePickerRef = useRef<EuiFilePicker | null>(null);
+    const filePickerRef = useRef<EuiFilePickerClass | null>(null);
 
     const filePickerId = useGeneratedHtmlId({ prefix: 'filePicker' });
     const [files, setFiles] = useState<FileList | null>(null);
@@ -179,7 +183,7 @@ export const ImportExceptionListFlyout = React.memo(
           <EuiFilePicker
             id={filePickerId}
             multiple
-            ref={filePickerRef}
+            ref={filePickerRef as React.Ref<Omit<EuiFilePickerProps, 'stylesMemoizer'>>}
             initialPromptText={i18n.IMPORT_PROMPT}
             onChange={handleFileChange}
             display={'large'}
diff --git a/x-pack/plugins/security_solution/public/explore/users/components/all_users/index.tsx b/x-pack/plugins/security_solution/public/explore/users/components/all_users/index.tsx
index 6948009ebb188..d05c9551a2518 100644
--- a/x-pack/plugins/security_solution/public/explore/users/components/all_users/index.tsx
+++ b/x-pack/plugins/security_solution/public/explore/users/components/all_users/index.tsx
@@ -9,6 +9,9 @@ import React, { useCallback, useMemo } from 'react';
 import { useDispatch } from 'react-redux';
 
 import { EuiLink, EuiText } from '@elastic/eui';
+import { ENABLE_ASSET_CRITICALITY_SETTING } from '../../../../../common/constants';
+import { AssetCriticalityBadge } from '../../../../entity_analytics/components/asset_criticality';
+import type { CriticalityLevelWithUnassigned } from '../../../../../common/entity_analytics/asset_criticality/types';
 import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 import { UserDetailsLink } from '../../../../common/components/links';
 import {
@@ -32,7 +35,7 @@ import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml
 import { VIEW_USERS_BY_SEVERITY } from '../../../../entity_analytics/components/user_risk_score_table/translations';
 import { SecurityPageName } from '../../../../app/types';
 import { UsersTableType } from '../../store/model';
-import { useNavigateTo } from '../../../../common/lib/kibana';
+import { useNavigateTo, useUiSetting$ } from '../../../../common/lib/kibana';
 
 const tableType = usersModel.UsersTableType.allUsers;
 
@@ -53,7 +56,8 @@ export type UsersTableColumns = [
   Columns<User['name']>,
   Columns<User['lastSeen']>,
   Columns<User['domain']>,
-  Columns<RiskSeverity>?
+  Columns<RiskSeverity>?,
+  Columns<CriticalityLevelWithUnassigned>?
 ];
 
 const rowItems: ItemsPerRow[] = [
@@ -69,7 +73,8 @@ const rowItems: ItemsPerRow[] = [
 
 const getUsersColumns = (
   showRiskColumn: boolean,
-  dispatchSeverityUpdate: (s: RiskSeverity) => void
+  dispatchSeverityUpdate: (s: RiskSeverity) => void,
+  isAssetCriticalityEnabled: boolean
 ): UsersTableColumns => {
   const columns: UsersTableColumns = [
     {
@@ -138,6 +143,25 @@ const getUsersColumns = (
     });
   }
 
+  if (isAssetCriticalityEnabled) {
+    columns.push({
+      field: 'criticality',
+      name: i18n.ASSET_CRITICALITY,
+      truncateText: false,
+      mobileOptions: { show: true },
+      sortable: false,
+      render: (assetCriticality: CriticalityLevelWithUnassigned) => {
+        if (!assetCriticality) return getEmptyTagValue();
+        return (
+          <AssetCriticalityBadge
+            criticalityLevel={assetCriticality}
+            css={{ verticalAlign: 'middle' }}
+          />
+        );
+      },
+    });
+  }
+
   return columns;
 };
 
@@ -217,9 +241,11 @@ const UsersTableComponent: React.FC<UsersTableProps> = ({
     [dispatch, navigateTo]
   );
 
+  const [isAssetCriticalityEnabled] = useUiSetting$<boolean>(ENABLE_ASSET_CRITICALITY_SETTING);
   const columns = useMemo(
-    () => getUsersColumns(isPlatinumOrTrialLicense, dispatchSeverityUpdate),
-    [isPlatinumOrTrialLicense, dispatchSeverityUpdate]
+    () =>
+      getUsersColumns(isPlatinumOrTrialLicense, dispatchSeverityUpdate, isAssetCriticalityEnabled),
+    [isPlatinumOrTrialLicense, dispatchSeverityUpdate, isAssetCriticalityEnabled]
   );
 
   return (
diff --git a/x-pack/plugins/security_solution/public/explore/users/components/all_users/translations.ts b/x-pack/plugins/security_solution/public/explore/users/components/all_users/translations.ts
index e1e3f43c6af32..0a96f6ff717b8 100644
--- a/x-pack/plugins/security_solution/public/explore/users/components/all_users/translations.ts
+++ b/x-pack/plugins/security_solution/public/explore/users/components/all_users/translations.ts
@@ -42,3 +42,10 @@ export const UNIT = (totalCount: number) =>
 export const USER_RISK = i18n.translate('xpack.securitySolution.usersTable.riskTitle', {
   defaultMessage: 'User risk level',
 });
+
+export const ASSET_CRITICALITY = i18n.translate(
+  'xpack.securitySolution.hostsTable.assetCriticality',
+  {
+    defaultMessage: 'Asset criticality',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.test.tsx
similarity index 50%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.test.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.test.tsx
index 53e0e5547a5f7..74a4d587178c0 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.test.tsx
@@ -7,11 +7,11 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { PreviewPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
-import { ALERT_REASON_PREVIEW_BODY_TEST_ID } from './test_ids';
-import { AlertReasonPreview } from './alert_reason_preview';
-import { TestProviders } from '../../../../common/mock';
+import { AlertReasonPanelContext } from './context';
+import { mockContextValue } from './mocks/mock_context';
+import { ALERT_REASON_BODY_TEST_ID } from './test_ids';
+import { AlertReason } from './alert_reason';
+import { TestProviders } from '../../../common/mock';
 
 const panelContextValue = {
   ...mockContextValue,
@@ -19,23 +19,23 @@ const panelContextValue = {
 
 const NO_DATA_MESSAGE = 'There was an error displaying data.';
 
-describe('<AlertReasonPreview />', () => {
+describe('<AlertReason />', () => {
   it('should render alert reason preview', () => {
     const { getByTestId } = render(
-      <PreviewPanelContext.Provider value={panelContextValue}>
-        <AlertReasonPreview />
-      </PreviewPanelContext.Provider>,
+      <AlertReasonPanelContext.Provider value={panelContextValue}>
+        <AlertReason />
+      </AlertReasonPanelContext.Provider>,
       { wrapper: TestProviders }
     );
-    expect(getByTestId(ALERT_REASON_PREVIEW_BODY_TEST_ID)).toBeInTheDocument();
-    expect(getByTestId(ALERT_REASON_PREVIEW_BODY_TEST_ID)).toHaveTextContent('Alert reason');
+    expect(getByTestId(ALERT_REASON_BODY_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(ALERT_REASON_BODY_TEST_ID)).toHaveTextContent('Alert reason');
   });
 
   it('should render no data message if alert reason is not available', () => {
     const { getByText } = render(
-      <PreviewPanelContext.Provider value={{} as unknown as PreviewPanelContext}>
-        <AlertReasonPreview />
-      </PreviewPanelContext.Provider>,
+      <AlertReasonPanelContext.Provider value={{} as unknown as AlertReasonPanelContext}>
+        <AlertReason />
+      </AlertReasonPanelContext.Provider>,
       { wrapper: TestProviders }
     );
     expect(getByText(NO_DATA_MESSAGE)).toBeInTheDocument();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.tsx
similarity index 61%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.tsx
index e9b6996db78cb..62e6e9f492b2f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/alert_reason_preview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/alert_reason.tsx
@@ -10,24 +10,24 @@ import { EuiPanel, EuiSpacer, EuiTitle } from '@elastic/eui';
 import styled from '@emotion/styled';
 import { euiThemeVars } from '@kbn/ui-theme';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { ALERT_REASON_PREVIEW_BODY_TEST_ID } from './test_ids';
-import { usePreviewPanelContext } from '../context';
-import { getRowRenderer } from '../../../../timelines/components/timeline/body/renderers/get_row_renderer';
-import { defaultRowRenderers } from '../../../../timelines/components/timeline/body/renderers';
-import { FlyoutError } from '../../../shared/components/flyout_error';
+import { ALERT_REASON_BODY_TEST_ID } from './test_ids';
+import { useAlertReasonPanelContext } from './context';
+import { getRowRenderer } from '../../../timelines/components/timeline/body/renderers/get_row_renderer';
+import { defaultRowRenderers } from '../../../timelines/components/timeline/body/renderers';
+import { FlyoutError } from '../../shared/components/flyout_error';
 
-const ReasonPreviewContainerWrapper = styled.div`
+const ReasonContainerWrapper = styled.div`
   overflow-x: auto;
   padding-block: ${euiThemeVars.euiSizeS};
 `;
 
-const ReasonPreviewContainer = styled.div``;
+const ReasonContainer = styled.div``;
 
 /**
  * Alert reason renderer on a preview panel on top of the right section of expandable flyout
  */
-export const AlertReasonPreview: React.FC = () => {
-  const { dataAsNestedObject, scopeId } = usePreviewPanelContext();
+export const AlertReason: React.FC = () => {
+  const { dataAsNestedObject, scopeId } = useAlertReasonPanelContext();
 
   const renderer = useMemo(
     () => getRowRenderer({ data: dataAsNestedObject, rowRenderers: defaultRowRenderers }),
@@ -56,7 +56,7 @@ export const AlertReasonPreview: React.FC = () => {
   }
 
   return (
-    <EuiPanel hasShadow={false} data-test-subj={ALERT_REASON_PREVIEW_BODY_TEST_ID}>
+    <EuiPanel hasShadow={false} data-test-subj={ALERT_REASON_BODY_TEST_ID}>
       <EuiTitle>
         <h6>
           <FormattedMessage
@@ -66,13 +66,11 @@ export const AlertReasonPreview: React.FC = () => {
         </h6>
       </EuiTitle>
       <EuiSpacer size="m" />
-      <ReasonPreviewContainerWrapper>
-        <ReasonPreviewContainer className={'eui-displayInlineBlock'}>
-          {rowRenderer}
-        </ReasonPreviewContainer>
-      </ReasonPreviewContainerWrapper>
+      <ReasonContainerWrapper>
+        <ReasonContainer className={'eui-displayInlineBlock'}>{rowRenderer}</ReasonContainer>
+      </ReasonContainerWrapper>
     </EuiPanel>
   );
 };
 
-AlertReasonPreview.displayName = 'AlertReasonPreview';
+AlertReason.displayName = 'AlertReason';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/context.tsx
similarity index 56%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/context.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/context.tsx
index 3a1044ce484a9..b67c9af508d96 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/context.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/context.tsx
@@ -6,14 +6,13 @@
  */
 
 import React, { createContext, memo, useContext, useMemo } from 'react';
-import type { DataViewBase } from '@kbn/es-query';
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { useEventDetails } from '../shared/hooks/use_event_details';
 import { FlyoutError } from '../../shared/components/flyout_error';
 import { FlyoutLoading } from '../../shared/components/flyout_loading';
-import type { PreviewPanelProps } from '.';
+import type { AlertReasonPanelProps } from '.';
 
-export interface PreviewPanelContext {
+export interface AlertReasonPanelContext {
   /**
    * Id of the document
    */
@@ -26,32 +25,26 @@ export interface PreviewPanelContext {
    * Maintain backwards compatibility // TODO remove when possible
    */
   scopeId: string;
-  /**
-   * Rule id if preview is rule details
-   */
-  ruleId: string;
-  /**
-   * Index pattern for rule details
-   */
-  indexPattern: DataViewBase;
   /**
    * An object with top level fields from the ECS object
    */
   dataAsNestedObject: Ecs;
 }
 
-export const PreviewPanelContext = createContext<PreviewPanelContext | undefined>(undefined);
+export const AlertReasonPanelContext = createContext<AlertReasonPanelContext | undefined>(
+  undefined
+);
 
-export type PreviewPanelProviderProps = {
+export type AlertReasonPanelProviderProps = {
   /**
    * React components to render
    */
   children: React.ReactNode;
-} & Partial<PreviewPanelProps['params']>;
+} & Partial<AlertReasonPanelProps['params']>;
 
-export const PreviewPanelProvider = memo(
-  ({ id, indexName, scopeId, ruleId, children }: PreviewPanelProviderProps) => {
-    const { dataAsNestedObject, indexPattern, loading } = useEventDetails({
+export const AlertReasonPanelProvider = memo(
+  ({ id, indexName, scopeId, children }: AlertReasonPanelProviderProps) => {
+    const { dataAsNestedObject, loading } = useEventDetails({
       eventId: id,
       indexName,
     });
@@ -63,12 +56,10 @@ export const PreviewPanelProvider = memo(
               eventId: id,
               indexName,
               scopeId,
-              ruleId: ruleId ?? '',
-              indexPattern,
               dataAsNestedObject,
             }
           : undefined,
-      [id, indexName, scopeId, ruleId, indexPattern, dataAsNestedObject]
+      [id, indexName, scopeId, dataAsNestedObject]
     );
 
     if (loading) {
@@ -80,18 +71,22 @@ export const PreviewPanelProvider = memo(
     }
 
     return (
-      <PreviewPanelContext.Provider value={contextValue}>{children}</PreviewPanelContext.Provider>
+      <AlertReasonPanelContext.Provider value={contextValue}>
+        {children}
+      </AlertReasonPanelContext.Provider>
     );
   }
 );
 
-PreviewPanelProvider.displayName = 'PreviewPanelProvider';
+AlertReasonPanelProvider.displayName = 'AlertReasonPanelProvider';
 
-export const usePreviewPanelContext = (): PreviewPanelContext => {
-  const contextValue = useContext(PreviewPanelContext);
+export const useAlertReasonPanelContext = (): AlertReasonPanelContext => {
+  const contextValue = useContext(AlertReasonPanelContext);
 
   if (!contextValue) {
-    throw new Error('PreviewPanelContext can only be used within PreviewPanelContext provider');
+    throw new Error(
+      'AlertReasonPanelContext can only be used within AlertReasonPanelContext provider'
+    );
   }
 
   return contextValue;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/index.tsx
new file mode 100644
index 0000000000000..a17e02969a8f9
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/index.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import type { DocumentDetailsAlertReasonPanelKey } from '../shared/constants/panel_keys';
+import { AlertReason } from './alert_reason';
+
+export interface AlertReasonPanelProps extends FlyoutPanelProps {
+  key: typeof DocumentDetailsAlertReasonPanelKey;
+  path?: PanelPath;
+  params?: {
+    id: string;
+    indexName: string;
+    scopeId: string;
+    ruleId?: string;
+  };
+}
+
+/**
+ * Preview panel to be displayed on top of the document details expandable flyout right section
+ */
+export const AlertReasonPanel: React.FC = memo(() => {
+  return (
+    <EuiFlexGroup
+      justifyContent="spaceBetween"
+      direction="column"
+      gutterSize="none"
+      style={{ height: '100%' }}
+    >
+      <EuiFlexItem style={{ marginTop: '-15px' }}>
+        <AlertReason />
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+});
+
+AlertReasonPanel.displayName = 'AlertReasonPanel';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/mocks/mock_context.ts
similarity index 74%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/mocks/mock_context.ts
rename to x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/mocks/mock_context.ts
index 3a12f3d9a580b..523deca2d67ef 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/mocks/mock_context.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/mocks/mock_context.ts
@@ -6,16 +6,14 @@
  */
 
 import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object';
-import type { PreviewPanelContext } from '../context';
+import type { AlertReasonPanelContext } from '../context';
 
 /**
  * Mock contextValue for right panel context
  */
-export const mockContextValue: PreviewPanelContext = {
+export const mockContextValue: AlertReasonPanelContext = {
   eventId: 'eventId',
   indexName: 'index',
   scopeId: 'scopeId',
-  ruleId: '',
-  indexPattern: { fields: [], title: 'test index' },
   dataAsNestedObject: mockDataAsNestedObject,
 };
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/test_ids.ts
new file mode 100644
index 0000000000000..fa35a2a99ca09
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/alert_reason/test_ids.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PREFIX } from '../../shared/test_ids';
+
+export const ALERT_REASON_BODY_TEST_ID = `${PREFIX}AlertReasonBody` as const;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.test.tsx
index 63fd7651f04aa..ba166175640ea 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.test.tsx
@@ -95,6 +95,8 @@ describe('Isolation Flyout PanelHeader', () => {
       } else {
         expect(queryByTestId('flyoutHostIsolationHeaderBadge')).toBeNull();
       }
+
+      expect(getByTestId('flyoutHostIsolationHeaderIntegration'));
     }
   );
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx
index 635d273b43237..aa4c04623dfba 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx
@@ -5,9 +5,10 @@
  * 2.0.
  */
 
-import { EuiBetaBadge, EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui';
+import { EuiBetaBadge, EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiTitle } from '@elastic/eui';
 import type { FC } from 'react';
 import React, { useMemo } from 'react';
+import { AgentTypeIntegration } from '../../../common/components/endpoint/agents/agent_type_integration';
 import { useAlertResponseActionsSupport } from '../../../common/hooks/endpoint/use_alert_response_actions_support';
 import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../common/translations';
 import { useIsolateHostPanelContext } from './context';
@@ -32,7 +33,13 @@ export const PanelHeader: FC = () => {
   const title = (
     <EuiFlexGroup responsive gutterSize="s">
       <EuiFlexItem grow={false} data-test-subj="flyoutHostIsolationHeaderTitle">
-        {isolateAction === 'isolateHost' ? <>{ISOLATE_HOST}</> : <>{UNISOLATE_HOST}</>}
+        {isolateAction === 'isolateHost' ? ISOLATE_HOST : UNISOLATE_HOST}
+        <EuiSpacer size="s" />
+        <AgentTypeIntegration
+          agentType={agentType}
+          layout="horizontal"
+          data-test-subj="flyoutHostIsolationHeaderIntegration"
+        />
       </EuiFlexItem>
       {showTechPreviewBadge && (
         <EuiFlexItem grow={false}>
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx
new file mode 100644
index 0000000000000..9c3319aa9e9d2
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx
@@ -0,0 +1,170 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as uuid from 'uuid';
+import { render } from '@testing-library/react';
+import React from 'react';
+import { createMockStore, mockGlobalState, TestProviders } from '../../../../common/mock';
+import { AddNote, CREATE_NOTE_ERROR } from './add_note';
+import {
+  ADD_NOTE_BUTTON_TEST_ID,
+  ADD_NOTE_MARKDOWN_TEST_ID,
+  ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID,
+} from './test_ids';
+import { ReqStatus } from '../../../../notes/store/notes.slice';
+import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open';
+import { TimelineId } from '../../../../../common/types';
+
+jest.mock('../../shared/hooks/use_is_timeline_flyout_open');
+
+const mockAddError = jest.fn();
+jest.mock('../../../../common/hooks/use_app_toasts', () => ({
+  useAppToasts: () => ({
+    addError: mockAddError,
+  }),
+}));
+
+const mockDispatch = jest.fn();
+jest.mock('react-redux', () => {
+  const original = jest.requireActual('react-redux');
+  return {
+    ...original,
+    useDispatch: () => mockDispatch,
+  };
+});
+
+const renderAddNote = () =>
+  render(
+    <TestProviders>
+      <AddNote eventId={'event-id'} />
+    </TestProviders>
+  );
+
+describe('AddNote', () => {
+  it('should render the markdown and add button components', () => {
+    const { getByTestId } = renderAddNote();
+
+    expect(getByTestId(ADD_NOTE_MARKDOWN_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(ADD_NOTE_BUTTON_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('should create note', () => {
+    const { getByTestId } = renderAddNote();
+
+    getByTestId(ADD_NOTE_BUTTON_TEST_ID).click();
+
+    expect(mockDispatch).toHaveBeenCalled();
+  });
+
+  it('should render the add note button in loading state while creating a new note', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          createNote: ReqStatus.Loading,
+        },
+      },
+    });
+
+    const { container } = render(
+      <TestProviders store={store}>
+        <AddNote eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(container.querySelector('.euiLoadingSpinner')).toBeInTheDocument();
+  });
+
+  it('should render error toast if create a note fails', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          createNote: ReqStatus.Failed,
+        },
+        error: {
+          ...mockGlobalState.notes.error,
+          createNote: { type: 'http', status: 500 },
+        },
+      },
+    });
+
+    render(
+      <TestProviders store={store}>
+        <AddNote eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(mockAddError).toHaveBeenCalledWith(null, {
+      title: CREATE_NOTE_ERROR,
+    });
+  });
+
+  it('should disable attach to timeline checkbox if flyout is not open from timeline', () => {
+    (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(false);
+
+    const { getByTestId } = renderAddNote();
+
+    expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toHaveAttribute('disabled');
+  });
+
+  it('should disable attach to timeline checkbox if active timeline is not saved', () => {
+    (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(true);
+
+    const store = createMockStore({
+      ...mockGlobalState,
+      timeline: {
+        ...mockGlobalState.timeline,
+        timelineById: {
+          ...mockGlobalState.timeline.timelineById,
+          [TimelineId.active]: {
+            ...mockGlobalState.timeline.timelineById[TimelineId.test],
+          },
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <AddNote eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toHaveAttribute('disabled');
+  });
+
+  it('should have attach to timeline checkbox enabled', () => {
+    (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(true);
+
+    const store = createMockStore({
+      ...mockGlobalState,
+      timeline: {
+        ...mockGlobalState.timeline,
+        timelineById: {
+          ...mockGlobalState.timeline.timelineById,
+          [TimelineId.active]: {
+            ...mockGlobalState.timeline.timelineById[TimelineId.test],
+            savedObjectId: uuid.v4(),
+          },
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <AddNote eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).not.toHaveAttribute('disabled');
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx
new file mode 100644
index 0000000000000..d89bcfb23a97c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx
@@ -0,0 +1,180 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useState } from 'react';
+import {
+  EuiButton,
+  EuiCheckbox,
+  EuiComment,
+  EuiCommentList,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiIcon,
+  EuiSpacer,
+  EuiToolTip,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import { useDispatch, useSelector } from 'react-redux';
+import { i18n } from '@kbn/i18n';
+import { TimelineId } from '../../../../../common/types';
+import { timelineSelectors } from '../../../../timelines/store';
+import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open';
+import {
+  ADD_NOTE_BUTTON_TEST_ID,
+  ADD_NOTE_MARKDOWN_TEST_ID,
+  ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID,
+} from './test_ids';
+import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
+import type { State } from '../../../../common/store';
+import {
+  createNote,
+  ReqStatus,
+  selectCreateNoteError,
+  selectCreateNoteStatus,
+} from '../../../../notes/store/notes.slice';
+import { MarkdownEditor } from '../../../../common/components/markdown_editor';
+
+const timelineCheckBoxId = 'xpack.securitySolution.notes.attachToTimelineCheckboxId';
+
+export const MARKDOWN_ARIA_LABEL = i18n.translate(
+  'xpack.securitySolution.notes.markdownAriaLabel',
+  {
+    defaultMessage: 'Note',
+  }
+);
+export const ADD_NOTE_BUTTON = i18n.translate('xpack.securitySolution.notes.addNoteBtnLabel', {
+  defaultMessage: 'Add note',
+});
+export const CREATE_NOTE_ERROR = i18n.translate(
+  'xpack.securitySolution.notes.createNoteErrorLabel',
+  {
+    defaultMessage: 'Error create note',
+  }
+);
+export const ATTACH_TO_TIMELINE_CHECKBOX = i18n.translate(
+  'xpack.securitySolution.notes.attachToTimelineCheckboxLabel',
+  {
+    defaultMessage: 'Attach to active timeline',
+  }
+);
+export const ATTACH_TO_TIMELINE_INFO = i18n.translate(
+  'xpack.securitySolution.notes.attachToTimelineInfoLabel',
+  {
+    defaultMessage: 'The active timeline must be saved before a note can be associated with it',
+  }
+);
+
+export interface AddNewNoteProps {
+  /**
+   * Id of the document
+   */
+  eventId: string;
+}
+
+/**
+ * Renders a markdown editor and an add button to create new notes.
+ * The checkbox is automatically checked if the flyout is opened from a timeline and that timeline is saved. It is disabled if the flyout is NOT opened from a timeline.
+ */
+export const AddNote = memo(({ eventId }: AddNewNoteProps) => {
+  const dispatch = useDispatch();
+  const { addError: addErrorToast } = useAppToasts();
+  const [editorValue, setEditorValue] = useState('');
+
+  const activeTimeline = useSelector((state: State) =>
+    timelineSelectors.selectTimelineById(state, TimelineId.active)
+  );
+
+  // if the flyout is open from a timeline and that timeline is saved, we automatically check the checkbox to associate the note to it
+  const isTimelineFlyout = useIsTimelineFlyoutOpen();
+  const [checked, setChecked] = useState(isTimelineFlyout && activeTimeline.savedObjectId != null);
+  const onCheckboxChange = useCallback(
+    (e: React.ChangeEvent<HTMLInputElement>) => setChecked(e.target.checked),
+    []
+  );
+
+  const createStatus = useSelector((state: State) => selectCreateNoteStatus(state));
+  const createError = useSelector((state: State) => selectCreateNoteError(state));
+
+  const addNote = useCallback(() => {
+    dispatch(
+      createNote({
+        note: {
+          timelineId: (checked && activeTimeline?.savedObjectId) || '',
+          eventId,
+          note: editorValue,
+        },
+      })
+    );
+    setEditorValue('');
+  }, [activeTimeline?.savedObjectId, checked, dispatch, editorValue, eventId]);
+
+  // show a toast if the create note call fails
+  useEffect(() => {
+    if (createStatus === ReqStatus.Failed && createError) {
+      addErrorToast(null, {
+        title: CREATE_NOTE_ERROR,
+      });
+    }
+  }, [addErrorToast, createError, createStatus]);
+
+  const checkBoxDisabled =
+    !isTimelineFlyout || (isTimelineFlyout && activeTimeline.savedObjectId == null);
+
+  return (
+    <>
+      <EuiCommentList>
+        <EuiComment username="">
+          <MarkdownEditor
+            dataTestSubj={ADD_NOTE_MARKDOWN_TEST_ID}
+            value={editorValue}
+            onChange={setEditorValue}
+            ariaLabel={MARKDOWN_ARIA_LABEL}
+            setIsMarkdownInvalid={() => {}}
+          />
+        </EuiComment>
+      </EuiCommentList>
+      <EuiSpacer />
+      <EuiFlexGroup alignItems="center" justifyContent="flexEnd" responsive={false}>
+        <EuiFlexItem grow={false}>
+          <>
+            <EuiCheckbox
+              data-test-subj={ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID}
+              id={timelineCheckBoxId}
+              label={
+                <>
+                  {ATTACH_TO_TIMELINE_CHECKBOX}
+                  <EuiToolTip position="top" content={ATTACH_TO_TIMELINE_INFO}>
+                    <EuiIcon
+                      type="iInCircle"
+                      css={css`
+                        margin-left: 4px;
+                      `}
+                    />
+                  </EuiToolTip>
+                </>
+              }
+              disabled={checkBoxDisabled}
+              checked={checked}
+              onChange={(e) => onCheckboxChange(e)}
+            />
+          </>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <EuiButton
+            onClick={addNote}
+            isLoading={createStatus === ReqStatus.Loading}
+            data-test-subj={ADD_NOTE_BUTTON_TEST_ID}
+          >
+            {ADD_NOTE_BUTTON}
+          </EuiButton>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+});
+
+AddNote.displayName = 'AddNote';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
index 7b2307d06669d..aff568e29bea8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import '@testing-library/jest-dom';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { AnalyzeGraph } from './analyze_graph';
 import { ANALYZER_GRAPH_TEST_ID } from './test_ids';
@@ -34,13 +34,13 @@ describe('<AnalyzeGraph />', () => {
   it('renders analyzer graph correctly', () => {
     const contextValue = {
       eventId: 'eventId',
-    } as unknown as LeftPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = render(
       <TestProviders>
-        <LeftPanelContext.Provider value={contextValue}>
+        <DocumentDetailsContext.Provider value={contextValue}>
           <AnalyzeGraph />
-        </LeftPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
     expect(wrapper.getByTestId(ANALYZER_GRAPH_TEST_ID)).toBeInTheDocument();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
index 6a252296983a3..faefd92e9b689 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
@@ -8,7 +8,7 @@
 import type { FC } from 'react';
 import React, { useMemo } from 'react';
 
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { ANALYZER_GRAPH_TEST_ID } from './test_ids';
 import { Resolver } from '../../../../resolver/view';
 import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
@@ -20,7 +20,7 @@ export const ANALYZE_GRAPH_ID = 'analyze_graph';
  * Analyzer graph view displayed in the document details expandable flyout left section under the Visualize tab
  */
 export const AnalyzeGraph: FC = () => {
-  const { eventId } = useLeftPanelContext();
+  const { eventId } = useDocumentDetailsContext();
   const scopeId = 'flyout'; // Different scope Id to distinguish flyout and data table analyzers
   const { from, to, shouldUpdate, selectedPatterns } = useTimelineDataFilters(
     isActiveTimeline(scopeId)
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx
index 27fb6f752f71b..322568c6a53f9 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx
@@ -7,7 +7,7 @@
 
 import type { FC } from 'react';
 import React, { useMemo } from 'react';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getSourcererScopeId } from '../../../../helpers';
 import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers';
 import { SecurityCellActionType } from '../../../../app/actions/constants';
@@ -40,7 +40,7 @@ interface CellActionsProps {
  * Security cell action wrapper for document details flyout
  */
 export const CellActions: FC<CellActionsProps> = ({ field, value, isObjectArray, children }) => {
-  const { dataFormattedForFieldBrowser, scopeId, isPreview } = useLeftPanelContext();
+  const { dataFormattedForFieldBrowser, scopeId, isPreview } = useDocumentDetailsContext();
   const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
 
   const triggerId = isAlert
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
index a0a147d9754d5..b3b129a75c13d 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
@@ -9,7 +9,7 @@ import React from 'react';
 import { render } from '@testing-library/react';
 import { CorrelationsDetails } from './correlations_details';
 import { TestProviders } from '../../../../common/mock';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { useShowRelatedAlertsByAncestry } from '../../shared/hooks/use_show_related_alerts_by_ancestry';
 import { useShowRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_show_related_alerts_by_same_source_event';
 import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session';
@@ -26,7 +26,7 @@ import { useFetchRelatedAlertsBySession } from '../../shared/hooks/use_fetch_rel
 import { useFetchRelatedAlertsByAncestry } from '../../shared/hooks/use_fetch_related_alerts_by_ancestry';
 import { useFetchRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_fetch_related_alerts_by_same_source_event';
 import { useFetchRelatedCases } from '../../shared/hooks/use_fetch_related_cases';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
 import { EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID } from '../../../shared/components/test_ids';
 
@@ -52,9 +52,9 @@ const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
 const renderCorrelationDetails = () => {
   return render(
     <TestProviders>
-      <LeftPanelContext.Provider value={mockContextValue}>
+      <DocumentDetailsContext.Provider value={mockContextValue}>
         <CorrelationsDetails />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 };
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
index 9c5a33a04a243..a3b3d5f1e0751 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
@@ -15,7 +15,7 @@ import { RelatedCases } from './related_cases';
 import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases';
 import { useShowRelatedAlertsByAncestry } from '../../shared/hooks/use_show_related_alerts_by_ancestry';
 import { useShowSuppressedAlerts } from '../../shared/hooks/use_show_suppressed_alerts';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useShowRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_show_related_alerts_by_same_source_event';
 import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session';
 import { RelatedAlertsByAncestry } from './related_alerts_by_ancestry';
@@ -29,7 +29,8 @@ export const CORRELATIONS_TAB_ID = 'correlations';
  * Correlations displayed in the document details expandable flyout left section under the Insights tab
  */
 export const CorrelationsDetails: React.FC = () => {
-  const { dataAsNestedObject, eventId, getFieldsData, scopeId, isPreview } = useLeftPanelContext();
+  const { dataAsNestedObject, eventId, getFieldsData, scopeId, isPreview } =
+    useDocumentDetailsContext();
 
   const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx
index 7f8d428ece2ea..d9d468649a221 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx
@@ -8,11 +8,11 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import '@testing-library/jest-dom';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { EntitiesDetails } from './entities_details';
 import { ENTITIES_DETAILS_TEST_ID, HOST_DETAILS_TEST_ID, USER_DETAILS_TEST_ID } from './test_ids';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids';
 import type { Anomalies } from '../../../../common/components/ml/types';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
@@ -100,12 +100,12 @@ const HOST_TEST_ID = EXPANDABLE_PANEL_CONTENT_TEST_ID(HOST_DETAILS_TEST_ID);
 
 const NO_DATA_MESSAGE = 'Host and user information are unavailable for this alert.';
 
-const renderEntitiesDetails = (contextValue: LeftPanelContext) =>
+const renderEntitiesDetails = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <EntitiesDetails />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx
index d4064e6894c3a..2f3c652492500 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getField } from '../../shared/utils';
 import { UserDetails } from './user_details';
 import { HostDetails } from './host_details';
@@ -20,7 +20,7 @@ export const ENTITIES_TAB_ID = 'entity';
  * Entities displayed in the document details expandable flyout left section under the Insights tab
  */
 export const EntitiesDetails: React.FC = () => {
-  const { getFieldsData, scopeId } = useLeftPanelContext();
+  const { getFieldsData, scopeId } = useDocumentDetailsContext();
   const hostName = getField(getFieldsData('host.name'));
   const userName = getField(getFieldsData('user.name'));
   const timestamp = getField(getFieldsData('@timestamp'));
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
index e0b6bedea0047..49a10875c67a0 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
@@ -8,22 +8,39 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import type { Anomalies } from '../../../../common/components/ml/types';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { HostDetails } from './host_details';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { mockAnomalies } from '../../../../common/components/ml/mock';
 import { useHostDetails } from '../../../../explore/hosts/containers/hosts/details';
 import { useHostRelatedUsers } from '../../../../common/containers/related_entities/related_users';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { RiskSeverity } from '../../../../../common/search_strategy';
 import {
   HOST_DETAILS_TEST_ID,
   HOST_DETAILS_INFO_TEST_ID,
   HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID,
+  HOST_DETAILS_LINK_TEST_ID,
+  HOST_DETAILS_RELATED_USERS_LINK_TEST_ID,
 } from './test_ids';
 import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids';
 import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
+
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
 
 jest.mock('react-router-dom', () => {
   const actual = jest.requireActual('react-router-dom');
@@ -124,27 +141,46 @@ const mockRelatedUsersResponse = {
   loading: false,
 };
 
-const renderHostDetails = (contextValue: LeftPanelContext) =>
+const renderHostDetails = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <HostDetails {...defaultProps} />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
 describe('<HostDetails />', () => {
   beforeEach(() => {
     jest.clearAllMocks();
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
     mockUseMlUserPermissions.mockReturnValue({ isPlatinumOrTrialLicense: false, capabilities: {} });
     mockUseHostDetails.mockReturnValue(mockHostDetailsResponse);
     mockUseRiskScore.mockReturnValue(mockRiskScoreResponse);
     mockUseHostsRelatedUsers.mockReturnValue(mockRelatedUsersResponse);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
   it('should render host details correctly', () => {
-    const { getByTestId } = renderHostDetails(mockContextValue);
+    const { getByTestId, queryByTestId } = renderHostDetails(mockContextValue);
     expect(getByTestId(EXPANDABLE_PANEL_CONTENT_TEST_ID(HOST_DETAILS_TEST_ID))).toBeInTheDocument();
+    expect(queryByTestId(HOST_DETAILS_LINK_TEST_ID)).not.toBeInTheDocument();
+  });
+
+  it('should render host name as clicable link when feature flag is true', () => {
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+    const { getByTestId } = renderHostDetails(mockContextValue);
+    expect(getByTestId(HOST_DETAILS_LINK_TEST_ID)).toBeInTheDocument();
+
+    getByTestId(HOST_DETAILS_LINK_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName: defaultProps.hostName,
+        scopeId: defaultProps.scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
   });
 
   describe('Host overview', () => {
@@ -181,7 +217,7 @@ describe('<HostDetails />', () => {
 
   describe('Related users', () => {
     it('should render the related user table with correct dates and indices', () => {
-      const { getByTestId } = renderHostDetails(mockContextValue);
+      const { getByTestId, queryByTestId } = renderHostDetails(mockContextValue);
       expect(mockUseHostsRelatedUsers).toBeCalledWith({
         from: timestamp,
         hostName: 'test host',
@@ -189,6 +225,7 @@ describe('<HostDetails />', () => {
         skip: false,
       });
       expect(getByTestId(HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID)).toBeInTheDocument();
+      expect(queryByTestId(HOST_DETAILS_RELATED_USERS_LINK_TEST_ID)).not.toBeInTheDocument();
     });
 
     it('should render user risk score column when license and capabilities are valid', () => {
@@ -233,5 +270,21 @@ describe('<HostDetails />', () => {
         'No users identified'
       );
     });
+
+    it('should render user name as clicable link when feature flag is true', () => {
+      mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+      const { getAllByTestId } = renderHostDetails(mockContextValue);
+      expect(getAllByTestId(HOST_DETAILS_RELATED_USERS_LINK_TEST_ID).length).toBe(1);
+
+      getAllByTestId(HOST_DETAILS_RELATED_USERS_LINK_TEST_ID)[0].click();
+      expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+        id: UserPreviewPanelKey,
+        params: {
+          userName: 'test user',
+          scopeId: defaultProps.scopeId,
+          banner: USER_PREVIEW_BANNER,
+        },
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
index 50523e006dc53..ee12a9062063c 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
@@ -18,9 +18,13 @@ import {
   EuiToolTip,
   EuiIcon,
   EuiPanel,
+  EuiLink,
 } from '@elastic/eui';
 import type { EuiBasicTableColumn } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 import type { RelatedUser } from '../../../../../common/search_strategy/security_solution/related_entities/related_users';
 import type { RiskSeverity } from '../../../../../common/search_strategy';
@@ -43,9 +47,17 @@ import { useHostDetails } from '../../../../explore/hosts/containers/hosts/detai
 import { useHostRelatedUsers } from '../../../../common/containers/related_entities/related_users';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { getEmptyTagValue } from '../../../../common/components/empty_value';
-import { HOST_DETAILS_TEST_ID, HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID } from './test_ids';
+import {
+  HOST_DETAILS_TEST_ID,
+  HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID,
+  HOST_DETAILS_RELATED_USERS_LINK_TEST_ID,
+} from './test_ids';
 import { ENTITY_RISK_LEVEL } from '../../../../entity_analytics/components/risk_score/translations';
 import { useHasSecurityCapability } from '../../../../helper_hooks';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
 
 const HOST_DETAILS_ID = 'entities-hosts-details';
 const RELATED_USERS_ID = 'entities-hosts-related-users';
@@ -82,6 +94,9 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
   const isPlatinumOrTrialLicense = useMlCapabilities().isPlatinumOrTrialLicense;
   const isEntityAnalyticsAuthorized = isPlatinumOrTrialLicense && hasEntityAnalyticsCapability;
 
+  const { openPreviewPanel } = useExpandableFlyoutApi();
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
+
   const narrowDateRange = useCallback(
     (score, interval) => {
       const fromTo = scoreIntervalToDateTime(score, interval);
@@ -96,6 +111,31 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
     [dispatch]
   );
 
+  const openHostPreview = useCallback(() => {
+    openPreviewPanel({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName,
+        scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, hostName, scopeId]);
+
+  const openUserPreview = useCallback(
+    (userName: string) => {
+      openPreviewPanel({
+        id: UserPreviewPanelKey,
+        params: {
+          userName,
+          scopeId,
+          banner: USER_PREVIEW_BANNER,
+        },
+      });
+    },
+    [openPreviewPanel, scopeId]
+  );
+
   const [isHostLoading, { inspect, hostDetails, refetch }] = useHostDetails({
     id: hostDetailsQueryId,
     startDate: from,
@@ -131,7 +171,16 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
         render: (user: string) => (
           <EuiText grow={false} size="xs">
             <CellActions field={'user.name'} value={user}>
-              {user}
+              {isPreviewEnabled ? (
+                <EuiLink
+                  data-test-subj={HOST_DETAILS_RELATED_USERS_LINK_TEST_ID}
+                  onClick={() => openUserPreview(user)}
+                >
+                  {user}
+                </EuiLink>
+              ) : (
+                <>{user}</>
+              )}
             </CellActions>
           </EuiText>
         ),
@@ -175,7 +224,7 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
           ]
         : []),
     ],
-    [isEntityAnalyticsAuthorized, scopeId]
+    [isEntityAnalyticsAuthorized, scopeId, isPreviewEnabled, openUserPreview]
   );
 
   const relatedUsersCount = useMemo(
@@ -205,6 +254,22 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
     showPerPageOptions: false,
   };
 
+  const hostLink = useMemo(
+    () =>
+      isPreviewEnabled
+        ? {
+            callback: openHostPreview,
+            tooltip: i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.entities.host.hostPreviewTitle',
+              {
+                defaultMessage: 'Preview host',
+              }
+            ),
+          }
+        : undefined,
+    [isPreviewEnabled, openHostPreview]
+  );
+
   return (
     <>
       <EuiTitle size="xs">
@@ -221,6 +286,7 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
           title: hostName,
           iconType: 'storage',
           headerContent: relatedUsersCount,
+          link: hostLink,
         }}
         expand={{ expandable: true, expandedOnFirstRender: true }}
         data-test-subj={HOST_DETAILS_TEST_ID}
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx
index 7ba849e1fec1b..fc0e140a73d9f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx
@@ -8,10 +8,10 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { InvestigationGuide } from './investigation_guide';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { INVESTIGATION_GUIDE_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID } from './test_ids';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide';
 
 jest.mock('../../shared/hooks/use_investigation_guide');
@@ -20,11 +20,11 @@ const NO_DATA_TEXT =
   "There's no investigation guide for this rule. Edit the rule's settingsExternal link(opens in a new tab or window) to add one.";
 const PREVIEW_MESSAGE = 'Investigation guide is not available in alert preview.';
 
-const renderInvestigationGuide = (context: LeftPanelContext = mockContextValue) => (
+const renderInvestigationGuide = (context: DocumentDetailsContext = mockContextValue) => (
   <TestProviders>
-    <LeftPanelContext.Provider value={context}>
+    <DocumentDetailsContext.Provider value={context}>
       <InvestigationGuide />
-    </LeftPanelContext.Provider>
+    </DocumentDetailsContext.Provider>
   </TestProviders>
 );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx
index d061cbb25c4c8..0bf6ca92b28fa 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx
@@ -8,7 +8,7 @@ import React from 'react';
 import { EuiLink } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { INVESTIGATION_GUIDE_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID } from './test_ids';
 import { InvestigationGuideView } from '../../../../common/components/event_details/investigation_guide_view';
 import { FlyoutLoading } from '../../../shared/components/flyout_loading';
@@ -18,7 +18,7 @@ import { FlyoutLoading } from '../../../shared/components/flyout_loading';
  * Renders a message saying the guide hasn't been set up or the full investigation guide.
  */
 export const InvestigationGuide: React.FC = () => {
-  const { dataFormattedForFieldBrowser, isPreview } = useLeftPanelContext();
+  const { dataFormattedForFieldBrowser, isPreview } = useDocumentDetailsContext();
 
   const { loading, error, basicAlertData, ruleNote } = useInvestigationGuide({
     dataFormattedForFieldBrowser,
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx
new file mode 100644
index 0000000000000..ba1700e22e090
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render } from '@testing-library/react';
+import React from 'react';
+import { DocumentDetailsContext } from '../../shared/context';
+import { TestProviders } from '../../../../common/mock';
+import { NotesDetails } from './notes_details';
+
+const mockDispatch = jest.fn();
+jest.mock('react-redux', () => {
+  const original = jest.requireActual('react-redux');
+  return {
+    ...original,
+    useDispatch: () => mockDispatch,
+  };
+});
+
+const panelContextValue = {
+  eventId: 'event id',
+} as unknown as DocumentDetailsContext;
+
+const renderNotesDetails = () =>
+  render(
+    <TestProviders>
+      <DocumentDetailsContext.Provider value={panelContextValue}>
+        <NotesDetails />
+      </DocumentDetailsContext.Provider>
+    </TestProviders>
+  );
+
+describe('NotesDetails', () => {
+  it('should fetch notes for the document id', () => {
+    renderNotesDetails();
+    expect(mockDispatch).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx
index 3c23ab55cff0f..7ff48d0392779 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx
@@ -5,14 +5,33 @@
  * 2.0.
  */
 
-import React, { memo } from 'react';
+import React, { memo, useEffect } from 'react';
+import { useDispatch } from 'react-redux';
+import { EuiSpacer } from '@elastic/eui';
+import { AddNote } from './add_note';
+import { NotesList } from './notes_list';
+import { fetchNotesByDocumentIds } from '../../../../notes/store/notes.slice';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 /**
  * List all the notes for a document id and allows to create new notes associated with that document.
  * Displayed in the document details expandable flyout left section.
  */
 export const NotesDetails = memo(() => {
-  return <></>;
+  const dispatch = useDispatch();
+  const { eventId } = useDocumentDetailsContext();
+
+  useEffect(() => {
+    dispatch(fetchNotesByDocumentIds({ documentIds: [eventId] }));
+  }, [dispatch, eventId]);
+
+  return (
+    <>
+      <NotesList eventId={eventId} />
+      <EuiSpacer />
+      <AddNote eventId={eventId} />
+    </>
+  );
 });
 
 NotesDetails.displayName = 'NotesDetails';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx
new file mode 100644
index 0000000000000..8491804e1a572
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx
@@ -0,0 +1,286 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, within } from '@testing-library/react';
+import React from 'react';
+import {
+  ADD_NOTE_LOADING_TEST_ID,
+  DELETE_NOTE_BUTTON_TEST_ID,
+  NOTE_AVATAR_TEST_ID,
+  NOTES_COMMENT_TEST_ID,
+  NOTES_LOADING_TEST_ID,
+  OPEN_TIMELINE_BUTTON_TEST_ID,
+} from './test_ids';
+import { createMockStore, mockGlobalState, TestProviders } from '../../../../common/mock';
+import { DELETE_NOTE_ERROR, FETCH_NOTES_ERROR, NO_NOTES, NotesList } from './notes_list';
+import { ReqStatus } from '../../../../notes/store/notes.slice';
+import { useQueryTimelineById } from '../../../../timelines/components/open_timeline/helpers';
+
+jest.mock('../../../../timelines/components/open_timeline/helpers');
+
+const mockAddError = jest.fn();
+jest.mock('../../../../common/hooks/use_app_toasts', () => ({
+  useAppToasts: () => ({
+    addError: mockAddError,
+  }),
+}));
+
+const mockDispatch = jest.fn();
+jest.mock('react-redux', () => {
+  const original = jest.requireActual('react-redux');
+  return {
+    ...original,
+    useDispatch: () => mockDispatch,
+  };
+});
+
+const renderNotesList = () =>
+  render(
+    <TestProviders>
+      <NotesList eventId={'event-id'} />
+    </TestProviders>
+  );
+
+describe('NotesList', () => {
+  it('should render a note as a comment', () => {
+    const { getByTestId, getByText } = renderNotesList();
+    expect(getByTestId(`${NOTES_COMMENT_TEST_ID}-0`)).toBeInTheDocument();
+    expect(getByText('note-1')).toBeInTheDocument();
+    expect(getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`)).toBeInTheDocument();
+    expect(getByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`)).toBeInTheDocument();
+    expect(getByTestId(`${NOTE_AVATAR_TEST_ID}-0`)).toBeInTheDocument();
+  });
+
+  it('should render loading spinner if notes are being fetched', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          fetchNotesByDocumentIds: ReqStatus.Loading,
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(NOTES_LOADING_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('should render no data message if no notes are present', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          fetchNotesByDocumentIds: ReqStatus.Succeeded,
+        },
+      },
+    });
+
+    const { getByText } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'wrong-event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByText(NO_NOTES)).toBeInTheDocument();
+  });
+
+  it('should render error toast if fetching notes fails', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          fetchNotesByDocumentIds: ReqStatus.Failed,
+        },
+        error: {
+          ...mockGlobalState.notes.error,
+          fetchNotesByDocumentIds: { type: 'http', status: 500 },
+        },
+      },
+    });
+
+    render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(mockAddError).toHaveBeenCalledWith(null, {
+      title: FETCH_NOTES_ERROR,
+    });
+  });
+
+  it('should render ? in avatar is user is missing', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        entities: {
+          '1': {
+            eventId: 'event-id',
+            noteId: '1',
+            note: 'note-1',
+            timelineId: '',
+            created: 1663882629000,
+            createdBy: 'elastic',
+            updated: 1663882629000,
+            updatedBy: null,
+            version: 'version',
+          },
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+    const { getByText } = within(getByTestId(`${NOTE_AVATAR_TEST_ID}-0`));
+
+    expect(getByText('?')).toBeInTheDocument();
+  });
+
+  it('should render create loading when user creates a new note', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          createNote: ReqStatus.Loading,
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(ADD_NOTE_LOADING_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('should dispatch delete action when user deletes a new note', () => {
+    const { getByTestId } = renderNotesList();
+
+    const deleteIcon = getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`);
+
+    expect(deleteIcon).toBeInTheDocument();
+    expect(deleteIcon).not.toHaveAttribute('disabled');
+
+    deleteIcon.click();
+
+    expect(mockDispatch).toHaveBeenCalled();
+  });
+
+  it('should have delete icons disabled and show spinner if a new note is being deleted', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          deleteNote: ReqStatus.Loading,
+        },
+      },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`)).toHaveAttribute('disabled');
+  });
+
+  it('should render error toast if deleting a note fails', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        status: {
+          ...mockGlobalState.notes.status,
+          deleteNote: ReqStatus.Failed,
+        },
+        error: {
+          ...mockGlobalState.notes.error,
+          deleteNote: { type: 'http', status: 500 },
+        },
+      },
+    });
+
+    render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(mockAddError).toHaveBeenCalledWith(null, {
+      title: DELETE_NOTE_ERROR,
+    });
+  });
+
+  it('should open timeline if user clicks on the icon', () => {
+    const queryTimelineById = jest.fn();
+    (useQueryTimelineById as jest.Mock).mockReturnValue(queryTimelineById);
+
+    const { getByTestId } = renderNotesList();
+
+    getByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`).click();
+
+    expect(queryTimelineById).toHaveBeenCalledWith({
+      duplicate: false,
+      onOpenTimeline: undefined,
+      timelineId: 'timeline-1',
+      timelineType: undefined,
+      unifiedComponentsInTimelineEnabled: false,
+    });
+  });
+
+  it('should not render timeline icon if no timeline is related to the note', () => {
+    const store = createMockStore({
+      ...mockGlobalState,
+      notes: {
+        ...mockGlobalState.notes,
+        entities: {
+          '1': {
+            eventId: 'event-id',
+            noteId: '1',
+            note: 'note-1',
+            timelineId: '',
+            created: 1663882629000,
+            createdBy: 'elastic',
+            updated: 1663882629000,
+            updatedBy: 'elastic',
+            version: 'version',
+          },
+        },
+      },
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders store={store}>
+        <NotesList eventId={'event-id'} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`)).not.toBeInTheDocument();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx
new file mode 100644
index 0000000000000..c27f8441c103a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx
@@ -0,0 +1,195 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useState } from 'react';
+import {
+  EuiAvatar,
+  EuiButtonIcon,
+  EuiComment,
+  EuiCommentList,
+  EuiLoadingElastic,
+} from '@elastic/eui';
+import { useDispatch, useSelector } from 'react-redux';
+import { FormattedRelative } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+import { MarkdownRenderer } from '../../../../common/components/markdown_editor';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { useQueryTimelineById } from '../../../../timelines/components/open_timeline/helpers';
+import {
+  ADD_NOTE_LOADING_TEST_ID,
+  DELETE_NOTE_BUTTON_TEST_ID,
+  NOTE_AVATAR_TEST_ID,
+  NOTES_COMMENT_TEST_ID,
+  NOTES_LOADING_TEST_ID,
+  OPEN_TIMELINE_BUTTON_TEST_ID,
+} from './test_ids';
+import type { State } from '../../../../common/store';
+import type { Note } from '../../../../../common/api/timeline';
+import {
+  deleteNote,
+  ReqStatus,
+  selectCreateNoteStatus,
+  selectDeleteNoteError,
+  selectDeleteNoteStatus,
+  selectFetchNotesByDocumentIdsError,
+  selectFetchNotesByDocumentIdsStatus,
+  selectNotesByDocumentId,
+} from '../../../../notes/store/notes.slice';
+import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
+
+export const ADDED_A_NOTE = i18n.translate('xpack.securitySolution.notes.addedANoteLabel', {
+  defaultMessage: 'added a note',
+});
+export const FETCH_NOTES_ERROR = i18n.translate(
+  'xpack.securitySolution.notes.fetchNotesErrorLabel',
+  {
+    defaultMessage: 'Error fetching notes',
+  }
+);
+export const NO_NOTES = i18n.translate('xpack.securitySolution.notes.noNotesLabel', {
+  defaultMessage: 'No notes have been created for this document',
+});
+export const DELETE_NOTE = i18n.translate('xpack.securitySolution.notes.deleteNoteLabel', {
+  defaultMessage: 'Delete note',
+});
+export const DELETE_NOTE_ERROR = i18n.translate(
+  'xpack.securitySolution.notes.deleteNoteErrorLabel',
+  {
+    defaultMessage: 'Error deleting note',
+  }
+);
+
+export interface NotesListProps {
+  /**
+   * Id of the document
+   */
+  eventId: string;
+}
+
+/**
+ * Renders a list of notes for the document.
+ * If a note belongs to a timeline, a timeline icon will be shown the top right corner.
+ * Also, a delete icon is shown in the top right corner to delete a note.
+ * When a note is being created, the component renders a loading spinner when the new note is about to be added.
+ */
+export const NotesList = memo(({ eventId }: NotesListProps) => {
+  const dispatch = useDispatch();
+  const { addError: addErrorToast } = useAppToasts();
+
+  const unifiedComponentsInTimelineEnabled = useIsExperimentalFeatureEnabled(
+    'unifiedComponentsInTimelineEnabled'
+  );
+
+  const fetchStatus = useSelector((state: State) => selectFetchNotesByDocumentIdsStatus(state));
+  const fetchError = useSelector((state: State) => selectFetchNotesByDocumentIdsError(state));
+
+  const notes: Note[] = useSelector((state: State) => selectNotesByDocumentId(state, eventId));
+
+  const createStatus = useSelector((state: State) => selectCreateNoteStatus(state));
+
+  const deleteStatus = useSelector((state: State) => selectDeleteNoteStatus(state));
+  const deleteError = useSelector((state: State) => selectDeleteNoteError(state));
+  const [deletingNoteId, setDeletingNoteId] = useState('');
+
+  const deleteNoteFc = useCallback(
+    (noteId: string) => {
+      setDeletingNoteId(noteId);
+      dispatch(deleteNote({ id: noteId }));
+    },
+    [dispatch]
+  );
+
+  const queryTimelineById = useQueryTimelineById();
+  const openTimeline = useCallback(
+    ({ timelineId }) =>
+      queryTimelineById({
+        duplicate: false,
+        onOpenTimeline: undefined,
+        timelineId,
+        timelineType: undefined,
+        unifiedComponentsInTimelineEnabled,
+      }),
+    [queryTimelineById, unifiedComponentsInTimelineEnabled]
+  );
+
+  // show a toast if the fetch notes call fails
+  useEffect(() => {
+    if (fetchStatus === ReqStatus.Failed && fetchError) {
+      addErrorToast(null, {
+        title: FETCH_NOTES_ERROR,
+      });
+    }
+  }, [addErrorToast, fetchError, fetchStatus]);
+
+  useEffect(() => {
+    if (deleteStatus === ReqStatus.Failed && deleteError) {
+      addErrorToast(null, {
+        title: DELETE_NOTE_ERROR,
+      });
+    }
+  }, [addErrorToast, deleteError, deleteStatus]);
+
+  if (fetchStatus === ReqStatus.Loading) {
+    return <EuiLoadingElastic data-test-subj={NOTES_LOADING_TEST_ID} size="xxl" />;
+  }
+
+  if (fetchStatus === ReqStatus.Succeeded && notes.length === 0) {
+    return <p>{NO_NOTES}</p>;
+  }
+
+  return (
+    <EuiCommentList>
+      {notes.map((note, index) => (
+        <EuiComment
+          data-test-subj={`${NOTES_COMMENT_TEST_ID}-${index}`}
+          key={note.noteId}
+          username={note.createdBy}
+          timestamp={<>{note.created && <FormattedRelative value={new Date(note.created)} />}</>}
+          event={ADDED_A_NOTE}
+          actions={
+            <>
+              {note.timelineId && note.timelineId.length > 0 && (
+                <EuiButtonIcon
+                  data-test-subj={`${OPEN_TIMELINE_BUTTON_TEST_ID}-${index}`}
+                  title="Open timeline"
+                  aria-label="Open timeline"
+                  color="text"
+                  iconType="timeline"
+                  onClick={() => openTimeline(note)}
+                />
+              )}
+              <EuiButtonIcon
+                data-test-subj={`${DELETE_NOTE_BUTTON_TEST_ID}-${index}`}
+                title={DELETE_NOTE}
+                aria-label={DELETE_NOTE}
+                color="text"
+                iconType="trash"
+                onClick={() => deleteNoteFc(note.noteId)}
+                disabled={deletingNoteId !== note.noteId && deleteStatus === ReqStatus.Loading}
+                isLoading={deletingNoteId === note.noteId && deleteStatus === ReqStatus.Loading}
+              />
+            </>
+          }
+          timelineAvatar={
+            <EuiAvatar
+              data-test-subj={`${NOTE_AVATAR_TEST_ID}-${index}`}
+              size="l"
+              name={note.updatedBy || '?'}
+            />
+          }
+        >
+          <MarkdownRenderer>{note.note || ''}</MarkdownRenderer>
+        </EuiComment>
+      ))}
+      {createStatus === ReqStatus.Loading && (
+        <EuiLoadingElastic size="xxl" data-test-subj={ADD_NOTE_LOADING_TEST_ID} />
+      )}
+    </EuiCommentList>
+  );
+});
+
+NotesList.displayName = 'NotesList';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx
index 3d881e80b0e47..43c5dc2cbe3a5 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx
@@ -7,7 +7,7 @@
 
 import { render } from '@testing-library/react';
 import React from 'react';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { PrevalenceDetails } from './prevalence_details';
 import {
   PREVALENCE_DETAILS_TABLE_ALERT_COUNT_CELL_TEST_ID,
@@ -18,11 +18,28 @@ import {
   PREVALENCE_DETAILS_UPSELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID,
+  PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID,
+  PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_UPSELL_CELL_TEST_ID,
 } from './test_ids';
 import { usePrevalence } from '../../shared/hooks/use_prevalence';
 import { TestProviders } from '../../../../common/mock';
 import { licenseService } from '../../../../common/hooks/use_license';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
+
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
 
 jest.mock('../../shared/hooks/use_prevalence');
 
@@ -53,16 +70,56 @@ const panelContextValue = {
   indexName: 'indexName',
   browserFields: {},
   dataFormattedForFieldBrowser: [],
-} as unknown as LeftPanelContext;
+  scopeId: 'scopeId',
+} as unknown as DocumentDetailsContext;
 
 const UPSELL_MESSAGE = 'Host and user prevalence are only available with a';
 
+const mockPrevelanceReturnValue = {
+  loading: false,
+  error: false,
+  data: [
+    {
+      field: 'field1',
+      values: ['value1'],
+      alertCount: 1,
+      docCount: 1,
+      hostPrevalence: 0.05,
+      userPrevalence: 0.1,
+    },
+    {
+      field: 'field2',
+      values: ['value2'],
+      alertCount: 1,
+      docCount: 1,
+      hostPrevalence: 0.5,
+      userPrevalence: 0.05,
+    },
+    {
+      field: 'host.name',
+      values: ['test host'],
+      alertCount: 1,
+      docCount: 1,
+      hostPrevalence: 0.05,
+      userPrevalence: 0.1,
+    },
+    {
+      field: 'user.name',
+      values: ['test user'],
+      alertCount: 1,
+      docCount: 1,
+      hostPrevalence: 0.05,
+      userPrevalence: 0.1,
+    },
+  ],
+};
+
 const renderPrevalenceDetails = () =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={panelContextValue}>
+      <DocumentDetailsContext.Provider value={panelContextValue}>
         <PrevalenceDetails />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -70,35 +127,14 @@ describe('PrevalenceDetails', () => {
   const licenseServiceMock = licenseService as jest.Mocked<typeof licenseService>;
 
   beforeEach(() => {
+    jest.clearAllMocks();
     licenseServiceMock.isPlatinumPlus.mockReturnValue(true);
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
   it('should render the table with all data if license is platinum', () => {
-    const field1 = 'field1';
-    const field2 = 'field2';
-    (usePrevalence as jest.Mock).mockReturnValue({
-      loading: false,
-      error: false,
-      data: [
-        {
-          field: field1,
-          values: ['value1'],
-          alertCount: 1,
-          docCount: 1,
-          hostPrevalence: 0.05,
-          userPrevalence: 0.1,
-        },
-        {
-          field: field2,
-          values: ['value2'],
-          alertCount: 1,
-          docCount: 1,
-          hostPrevalence: 0.5,
-          userPrevalence: 0.05,
-        },
-      ],
-    });
-
+    (usePrevalence as jest.Mock).mockReturnValue(mockPrevelanceReturnValue);
     const { getByTestId, getAllByTestId, queryByTestId, queryByText } = renderPrevalenceDetails();
 
     expect(getByTestId(PREVALENCE_DETAILS_TABLE_TEST_ID)).toBeInTheDocument();
@@ -118,6 +154,37 @@ describe('PrevalenceDetails', () => {
     ).toBeGreaterThan(1);
     expect(queryByTestId(PREVALENCE_DETAILS_UPSELL_TEST_ID)).not.toBeInTheDocument();
     expect(queryByText(NO_DATA_MESSAGE)).not.toBeInTheDocument();
+    expect(queryByTestId(PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID)).not.toBeInTheDocument();
+    expect(queryByTestId(PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID)).not.toBeInTheDocument();
+  });
+
+  it('should render host and user name as clickable link if feature flag is true', () => {
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+    (usePrevalence as jest.Mock).mockReturnValue(mockPrevelanceReturnValue);
+
+    const { getByTestId } = renderPrevalenceDetails();
+    expect(getByTestId(PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID)).toBeInTheDocument();
+
+    getByTestId(PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName: 'test host',
+        scopeId: panelContextValue.scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
+
+    getByTestId(PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: UserPreviewPanelKey,
+      params: {
+        userName: 'test user',
+        scopeId: panelContextValue.scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
   });
 
   it('should hide data in prevalence columns if license is not platinum', () => {
@@ -170,9 +237,9 @@ describe('PrevalenceDetails', () => {
 
     const { getByTestId } = render(
       <TestProviders>
-        <LeftPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <PrevalenceDetails />
-        </LeftPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
@@ -207,9 +274,9 @@ describe('PrevalenceDetails', () => {
 
     const { getByTestId } = render(
       <TestProviders>
-        <LeftPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <PrevalenceDetails />
-        </LeftPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx
index fd6cadc598477..2a680fe62a963 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx
@@ -6,7 +6,7 @@
  */
 
 import dateMath from '@elastic/datemath';
-import React, { useMemo, useState } from 'react';
+import React, { useMemo, useState, useCallback } from 'react';
 import type { EuiBasicTableColumn, OnTimeChangeProps } from '@elastic/eui';
 import {
   EuiCallOut,
@@ -22,6 +22,8 @@ import {
   useEuiTheme,
 } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { FormattedCount } from '../../../../common/components/formatted_number';
 import { useLicense } from '../../../../common/hooks/use_license';
 import { InvestigateInTimelineButton } from '../../../../common/components/event_details/table/investigate_in_timeline_button';
@@ -32,6 +34,8 @@ import {
   PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_HOST_PREVALENCE_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID,
+  PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID,
+  PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID,
   PREVALENCE_DETAILS_DATE_PICKER_TEST_ID,
@@ -39,13 +43,21 @@ import {
   PREVALENCE_DETAILS_UPSELL_TEST_ID,
   PREVALENCE_DETAILS_TABLE_UPSELL_CELL_TEST_ID,
 } from './test_ids';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import {
   getDataProvider,
   getDataProviderAnd,
 } from '../../../../common/components/event_details/table/use_action_cell_data_provider';
 import { getEmptyTagValue } from '../../../../common/components/empty_value';
 import { IS_OPERATOR } from '../../../../../common/types';
+import {
+  HOST_NAME_FIELD_NAME,
+  USER_NAME_FIELD_NAME,
+} from '../../../../timelines/components/timeline/body/renderers/constants';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
 
 export const PREVALENCE_TAB_ID = 'prevalence';
 const DEFAULT_FROM = 'now-30d';
@@ -77,6 +89,18 @@ interface PrevalenceDetailsRow extends PrevalenceData {
    * License to drive the rendering of the last 2 prevalence columns
    */
   isPlatinumPlus: boolean;
+  /**
+   * If enabled, clicking host or user should open an entity preview
+   */
+  isPreviewEnabled: boolean;
+  /**
+   * Callback to open host preview
+   */
+  openHostPreview: (hostName: string) => void;
+  /**
+   * Callback to open user preview
+   */
+  openUserPreview: (userName: string) => void;
 }
 
 const columns: Array<EuiBasicTableColumn<PrevalenceDetailsRow>> = [
@@ -93,7 +117,6 @@ const columns: Array<EuiBasicTableColumn<PrevalenceDetailsRow>> = [
     width: '20%',
   },
   {
-    field: 'values',
     name: (
       <FormattedMessage
         id="xpack.securitySolution.flyout.left.insights.prevalence.valueColumnLabel"
@@ -101,13 +124,39 @@ const columns: Array<EuiBasicTableColumn<PrevalenceDetailsRow>> = [
       />
     ),
     'data-test-subj': PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID,
-    render: (values: string[]) => (
+    render: (data: PrevalenceDetailsRow) => (
       <EuiFlexGroup direction="column" gutterSize="none">
-        {values.map((value) => (
-          <EuiFlexItem key={value}>
-            <EuiText size="xs">{value}</EuiText>
-          </EuiFlexItem>
-        ))}
+        {data.values.map((value) => {
+          if (data.isPreviewEnabled && data.field === HOST_NAME_FIELD_NAME) {
+            return (
+              <EuiFlexItem key={value}>
+                <EuiLink
+                  data-test-subj={PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID}
+                  onClick={() => data.openHostPreview(value)}
+                >
+                  <EuiText size="xs">{value}</EuiText>
+                </EuiLink>
+              </EuiFlexItem>
+            );
+          }
+          if (data.isPreviewEnabled && data.field === USER_NAME_FIELD_NAME) {
+            return (
+              <EuiFlexItem key={value}>
+                <EuiLink
+                  data-test-subj={PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID}
+                  onClick={() => data.openUserPreview(value)}
+                >
+                  <EuiText size="xs">{value}</EuiText>
+                </EuiLink>
+              </EuiFlexItem>
+            );
+          }
+          return (
+            <EuiFlexItem key={value}>
+              <EuiText size="xs">{value}</EuiText>
+            </EuiFlexItem>
+          );
+        })}
       </EuiFlexGroup>
     ),
     width: '20%',
@@ -296,9 +345,12 @@ const columns: Array<EuiBasicTableColumn<PrevalenceDetailsRow>> = [
  * Prevalence table displayed in the document details expandable flyout left section under the Insights tab
  */
 export const PrevalenceDetails: React.FC = () => {
-  const { dataFormattedForFieldBrowser, investigationFields } = useLeftPanelContext();
+  const { dataFormattedForFieldBrowser, investigationFields, scopeId } =
+    useDocumentDetailsContext();
+  const { openPreviewPanel } = useExpandableFlyoutApi();
 
   const isPlatinumPlus = useLicense().isPlatinumPlus();
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
 
   // these two are used by the usePrevalence hook to fetch the data
   const [start, setStart] = useState(DEFAULT_FROM);
@@ -341,10 +393,55 @@ export const PrevalenceDetails: React.FC = () => {
     },
   });
 
+  const openHostPreview = useCallback(
+    (hostName: string) => {
+      openPreviewPanel({
+        id: HostPreviewPanelKey,
+        params: {
+          hostName,
+          scopeId,
+          banner: HOST_PREVIEW_BANNER,
+        },
+      });
+    },
+    [openPreviewPanel, scopeId]
+  );
+
+  const openUserPreview = useCallback(
+    (userName: string) => {
+      openPreviewPanel({
+        id: UserPreviewPanelKey,
+        params: {
+          userName,
+          scopeId,
+          banner: USER_PREVIEW_BANNER,
+        },
+      });
+    },
+    [openPreviewPanel, scopeId]
+  );
+
   // add timeRange to pass it down to timeline and license to drive the rendering of the last 2 prevalence columns
   const items = useMemo(
-    () => data.map((item) => ({ ...item, from: absoluteStart, to: absoluteEnd, isPlatinumPlus })),
-    [data, absoluteStart, absoluteEnd, isPlatinumPlus]
+    () =>
+      data.map((item) => ({
+        ...item,
+        from: absoluteStart,
+        to: absoluteEnd,
+        isPlatinumPlus,
+        isPreviewEnabled,
+        openHostPreview,
+        openUserPreview,
+      })),
+    [
+      data,
+      absoluteStart,
+      absoluteEnd,
+      isPlatinumPlus,
+      isPreviewEnabled,
+      openHostPreview,
+      openUserPreview,
+    ]
   );
 
   const upsell = (
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx
index 9eac104c768b1..e8be41c601844 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import '@testing-library/jest-dom';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { rawEventData, TestProviders } from '../../../../common/mock';
 import { RESPONSE_DETAILS_TEST_ID } from './test_ids';
 import { ResponseDetails } from './response_details';
@@ -68,7 +68,7 @@ const defaultContextValue = {
     _id: 'test',
   },
   searchHit: rawEventData,
-} as unknown as LeftPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const contextWithResponseActions = {
   ...defaultContextValue,
@@ -88,12 +88,12 @@ const contextWithResponseActions = {
 };
 
 // Renders System Under Test
-const renderResponseDetails = (contextValue: LeftPanelContext) =>
+const renderResponseDetails = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <ResponseDetails />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx
index 8caaad7225057..c240799639166 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx
@@ -10,7 +10,7 @@ import { EuiSpacer, EuiTitle } from '@elastic/eui';
 import styled from 'styled-components';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { RESPONSE_DETAILS_TEST_ID } from './test_ids';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { useOsqueryTab } from '../../../../common/components/event_details/osquery_tab';
 import { useResponseActionsView } from '../../../../common/components/event_details/response_actions_view';
@@ -24,7 +24,7 @@ const ExtendedFlyoutWrapper = styled.div`
  * Automated response actions results, displayed in the document details expandable flyout left section under the Insights tab, Response tab
  */
 export const ResponseDetails: React.FC = () => {
-  const { searchHit, dataAsNestedObject, isPreview } = useLeftPanelContext();
+  const { searchHit, dataAsNestedObject, isPreview } = useDocumentDetailsContext();
   const endpointResponseActionsEnabled = useIsExperimentalFeatureEnabled(
     'endpointResponseActionsEnabled'
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx
index 559aeb5427bea..cce77411d6c9f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import '@testing-library/jest-dom';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { SESSION_VIEW_TEST_ID } from './test_ids';
 import { SessionView } from './session_view';
@@ -46,12 +46,12 @@ jest.mock('../../../../common/lib/kibana', () => {
   };
 });
 
-const renderSessionView = (contextValue: LeftPanelContext) =>
+const renderSessionView = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <SessionView />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -60,7 +60,7 @@ describe('<SessionView />', () => {
     const contextValue = {
       getFieldsData: mockFieldsData,
       indexName: '.ds-logs-endpoint.events.process-default',
-    } as unknown as LeftPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderSessionView(contextValue);
     expect(wrapper.getByTestId(SESSION_VIEW_TEST_ID)).toBeInTheDocument();
@@ -70,7 +70,7 @@ describe('<SessionView />', () => {
     const contextValue = {
       getFieldsData: mockFieldsData,
       indexName: '.alerts-security', // it should prioritize KIBANA_ANCESTOR_INDEX above indexName
-    } as unknown as LeftPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderSessionView(contextValue);
     expect(wrapper.getByTestId(SESSION_VIEW_TEST_ID)).toBeInTheDocument();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx
index 60bafd1765179..fa44e0154b59f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx
@@ -15,7 +15,7 @@ import {
 import { getField } from '../../shared/utils';
 import { SESSION_VIEW_TEST_ID } from './test_ids';
 import { useKibana } from '../../../../common/lib/kibana';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 export const SESSION_VIEW_ID = 'session-view';
 
@@ -24,7 +24,7 @@ export const SESSION_VIEW_ID = 'session-view';
  */
 export const SessionView: FC = () => {
   const { sessionView } = useKibana().services;
-  const { getFieldsData, indexName } = useLeftPanelContext();
+  const { getFieldsData, indexName } = useDocumentDetailsContext();
 
   const ancestorIndex = getField(getFieldsData(ANCESTOR_INDEX)); // e.g in case of alert, we want to grab it's origin index
   const sessionEntityId = getField(getFieldsData(ENTRY_LEADER_ENTITY_ID)) || '';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx
index c78fdaca30124..5c05e373105d8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx
@@ -18,8 +18,8 @@ import {
   EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID,
   EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID,
 } from '../../../shared/components/test_ids';
-import { LeftPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { isSuppressionRuleInGA } from '../../../../../common/detection_engine/utils';
 
 jest.mock('../../../../../common/detection_engine/utils', () => ({
@@ -46,12 +46,12 @@ const INVESTIGATE_IN_TIMELINE_BUTTON_TEST_ID = `${CORRELATIONS_DETAILS_SUPPRESSE
 const renderSuppressedAlerts = (alertSuppressionCount: number) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={mockContextValue}>
+      <DocumentDetailsContext.Provider value={mockContextValue}>
         <SuppressedAlerts
           alertSuppressionCount={alertSuppressionCount}
           dataAsNestedObject={mockDataAsNestedObject}
         />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts
index 1ac4fb1c5f263..95ec61d66fff3 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts
@@ -25,6 +25,10 @@ export const PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID =
   `${PREVALENCE_DETAILS_TABLE_TEST_ID}FieldCell` as const;
 export const PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID =
   `${PREVALENCE_DETAILS_TABLE_TEST_ID}ValueCell` as const;
+export const PREVALENCE_DETAILS_TABLE_HOST_LINK_CELL_TEST_ID =
+  `${PREVALENCE_DETAILS_TABLE_TEST_ID}HostCell` as const;
+export const PREVALENCE_DETAILS_TABLE_USER_LINK_CELL_TEST_ID =
+  `${PREVALENCE_DETAILS_TABLE_TEST_ID}UserCell` as const;
 export const PREVALENCE_DETAILS_TABLE_ALERT_COUNT_CELL_TEST_ID =
   `${PREVALENCE_DETAILS_TABLE_TEST_ID}AlertCountCell` as const;
 export const PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID =
@@ -40,12 +44,19 @@ export const PREVALENCE_DETAILS_TABLE_UPSELL_CELL_TEST_ID =
 
 export const ENTITIES_DETAILS_TEST_ID = `${PREFIX}EntitiesDetails` as const;
 export const USER_DETAILS_TEST_ID = `${PREFIX}UsersDetails` as const;
+export const USER_DETAILS_LINK_TEST_ID = `${USER_DETAILS_TEST_ID}TitleLink` as const;
 export const USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID =
   `${USER_DETAILS_TEST_ID}RelatedHostsTable` as const;
+export const USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID =
+  `${USER_DETAILS_TEST_ID}RelatedHostsLink` as const;
 export const USER_DETAILS_INFO_TEST_ID = 'user-overview' as const;
+
 export const HOST_DETAILS_TEST_ID = `${PREFIX}HostsDetails` as const;
+export const HOST_DETAILS_LINK_TEST_ID = `${HOST_DETAILS_TEST_ID}TitleLink` as const;
 export const HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID =
   `${HOST_DETAILS_TEST_ID}RelatedUsersTable` as const;
+export const HOST_DETAILS_RELATED_USERS_LINK_TEST_ID =
+  `${HOST_DETAILS_TEST_ID}RelatedUsersLink` as const;
 export const HOST_DETAILS_INFO_TEST_ID = 'host-overview' as const;
 
 /* Threat Intelligence */
@@ -89,3 +100,15 @@ export const RESPONSE_NO_DATA_TEST_ID = `${RESPONSE_TEST_ID}NoData` as const;
 
 export const INVESTIGATION_GUIDE_TEST_ID = `${PREFIX}InvestigationGuide` as const;
 export const INVESTIGATION_GUIDE_LOADING_TEST_ID = `${INVESTIGATION_GUIDE_TEST_ID}Loading` as const;
+
+/* Notes */
+
+export const NOTES_LOADING_TEST_ID = `${PREFIX}NotesLoading` as const;
+export const NOTES_COMMENT_TEST_ID = `${PREFIX}NotesComment` as const;
+export const ADD_NOTE_LOADING_TEST_ID = `${PREFIX}AddNotesLoading` as const;
+export const ADD_NOTE_MARKDOWN_TEST_ID = `${PREFIX}AddNotesMarkdown` as const;
+export const ADD_NOTE_BUTTON_TEST_ID = `${PREFIX}AddNotesButton` as const;
+export const NOTE_AVATAR_TEST_ID = `${PREFIX}NoteAvatar` as const;
+export const DELETE_NOTE_BUTTON_TEST_ID = `${PREFIX}DeleteNotesButton` as const;
+export const ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID = `${PREFIX}AttachToTimelineCheckbox` as const;
+export const OPEN_TIMELINE_BUTTON_TEST_ID = `${PREFIX}OpenTimelineButton` as const;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx
index 110a6f186d584..c028b9194748f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import '@testing-library/jest-dom';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import {
   THREAT_INTELLIGENCE_DETAILS_ENRICHMENTS_TEST_ID,
@@ -35,15 +35,15 @@ jest.mock('../hooks/use_threat_intelligence_details');
 
 const defaultContextValue = {
   getFieldsData: () => 'id',
-} as unknown as LeftPanelContext;
+} as unknown as DocumentDetailsContext;
 
 // Renders System Under Test
-const renderThreatIntelligenceDetails = (contextValue: LeftPanelContext) =>
+const renderThreatIntelligenceDetails = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <ThreatIntelligenceDetails />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx
index fff177d43040c..9aaffcfe2d71c 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx
@@ -8,8 +8,8 @@
 import React from 'react';
 import { render, waitFor, fireEvent } from '@testing-library/react';
 import { LeftPanelTour } from './tour';
-import { LeftPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import {
   createMockStore,
   createSecuritySolutionStorageMock,
@@ -31,15 +31,15 @@ const mockStore = createMockStore(undefined, undefined, undefined, {
   ...storageMock,
 });
 
-const renderLeftPanelTour = (context: LeftPanelContext = mockContextValue) =>
+const renderLeftPanelTour = (context: DocumentDetailsContext = mockContextValue) =>
   render(
     <TestProviders store={mockStore}>
-      <LeftPanelContext.Provider value={context}>
+      <DocumentDetailsContext.Provider value={context}>
         <LeftPanelTour />
         {Object.values(FLYOUT_TOUR_CONFIG_ANCHORS).map((i, idx) => (
           <div key={idx} data-test-subj={i} />
         ))}
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx
index e1719be5b20a5..4e3adc140a8aa 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx
@@ -8,7 +8,7 @@
 import React, { memo, useMemo } from 'react';
 import { getField } from '../../shared/utils';
 import { EventKind } from '../../shared/constants/event_kinds';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { FlyoutTour } from '../../shared/components/flyout_tour';
 import { getLeftSectionTourSteps } from '../../shared/utils/tour_step_config';
 import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open';
@@ -17,7 +17,7 @@ import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyo
  * Guided tour for the left panel in details flyout
  */
 export const LeftPanelTour = memo(() => {
-  const { getFieldsData, isPreview } = useLeftPanelContext();
+  const { getFieldsData, isPreview } = useDocumentDetailsContext();
   const eventKind = getField(getFieldsData('event.kind'));
   const isAlert = eventKind === EventKind.signal;
   const isTimelineFlyoutOpen = useIsTimelineFlyoutOpen();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx
index 35853d8e4d97a..b00bb091d070f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx
@@ -9,21 +9,38 @@ import React from 'react';
 import { render } from '@testing-library/react';
 import type { Anomalies } from '../../../../common/components/ml/types';
 import { TestProviders } from '../../../../common/mock';
-import { LeftPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { UserDetails } from './user_details';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { mockAnomalies } from '../../../../common/components/ml/mock';
 import { useObservedUserDetails } from '../../../../explore/users/containers/users/observed_details';
 import { useUserRelatedHosts } from '../../../../common/containers/related_entities/related_hosts';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { RiskSeverity } from '../../../../../common/search_strategy';
 import {
   USER_DETAILS_TEST_ID,
+  USER_DETAILS_LINK_TEST_ID,
   USER_DETAILS_INFO_TEST_ID,
   USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID,
+  USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID,
 } from './test_ids';
 import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids';
 import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
+
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
 
 jest.mock('react-router-dom', () => {
   const actual = jest.requireActual('react-router-dom');
@@ -121,27 +138,46 @@ const mockRelatedHostsResponse = {
   loading: false,
 };
 
-const renderUserDetails = (contextValue: LeftPanelContext) =>
+const renderUserDetails = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <LeftPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <UserDetails {...defaultProps} />
-      </LeftPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
 describe('<UserDetails />', () => {
   beforeEach(() => {
     jest.clearAllMocks();
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
     mockUseMlUserPermissions.mockReturnValue({ isPlatinumOrTrialLicense: false, capabilities: {} });
     mockUseObservedUserDetails.mockReturnValue(mockUserDetailsResponse);
     mockUseRiskScore.mockReturnValue(mockRiskScoreResponse);
     mockUseUsersRelatedHosts.mockReturnValue(mockRelatedHostsResponse);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
-  it('should render host details correctly', () => {
-    const { getByTestId } = renderUserDetails(mockContextValue);
+  it('should render user details correctly', () => {
+    const { getByTestId, queryByTestId } = renderUserDetails(mockContextValue);
     expect(getByTestId(EXPANDABLE_PANEL_CONTENT_TEST_ID(USER_DETAILS_TEST_ID))).toBeInTheDocument();
+    expect(queryByTestId(USER_DETAILS_LINK_TEST_ID)).not.toBeInTheDocument();
+  });
+
+  it('should render user name as clicable link when feature flag is true', () => {
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+    const { getByTestId } = renderUserDetails(mockContextValue);
+    expect(getByTestId(USER_DETAILS_LINK_TEST_ID)).toBeInTheDocument();
+
+    getByTestId(USER_DETAILS_LINK_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: UserPreviewPanelKey,
+      params: {
+        userName: defaultProps.userName,
+        scopeId: defaultProps.scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
   });
 
   describe('Host overview', () => {
@@ -176,7 +212,7 @@ describe('<UserDetails />', () => {
 
   describe('Related hosts', () => {
     it('should render the related host table with correct dates and indices', () => {
-      const { getByTestId } = renderUserDetails(mockContextValue);
+      const { getByTestId, queryByTestId } = renderUserDetails(mockContextValue);
       expect(mockUseUsersRelatedHosts).toBeCalledWith({
         from: timestamp,
         userName: 'test user',
@@ -184,6 +220,7 @@ describe('<UserDetails />', () => {
         skip: false,
       });
       expect(getByTestId(USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID)).toBeInTheDocument();
+      expect(queryByTestId(USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID)).not.toBeInTheDocument();
     });
 
     it('should render host risk score column when license is valid', () => {
@@ -215,5 +252,21 @@ describe('<UserDetails />', () => {
         'No hosts identified'
       );
     });
+
+    it('should render host name as clicable link when feature flag is true', () => {
+      mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+      const { getAllByTestId } = renderUserDetails(mockContextValue);
+      expect(getAllByTestId(USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID).length).toBe(1);
+
+      getAllByTestId(USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID)[0].click();
+      expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+        id: HostPreviewPanelKey,
+        params: {
+          hostName: 'test host',
+          scopeId: defaultProps.scopeId,
+          banner: HOST_PREVIEW_BANNER,
+        },
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.tsx
index 14b92678f9fe2..5fea7c0fc1126 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.tsx
@@ -18,9 +18,13 @@ import {
   EuiFlexItem,
   EuiToolTip,
   EuiPanel,
+  EuiLink,
 } from '@elastic/eui';
 import type { EuiBasicTableColumn } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 import type { RelatedHost } from '../../../../../common/search_strategy/security_solution/related_entities/related_hosts';
 import type { RiskSeverity } from '../../../../../common/search_strategy';
@@ -43,9 +47,17 @@ import { useObservedUserDetails } from '../../../../explore/users/containers/use
 import { useUserRelatedHosts } from '../../../../common/containers/related_entities/related_hosts';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { getEmptyTagValue } from '../../../../common/components/empty_value';
-import { USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID, USER_DETAILS_TEST_ID } from './test_ids';
+import {
+  USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID,
+  USER_DETAILS_TEST_ID,
+  USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID,
+} from './test_ids';
 import { ENTITY_RISK_LEVEL } from '../../../../entity_analytics/components/risk_score/translations';
 import { useHasSecurityCapability } from '../../../../helper_hooks';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
 
 const USER_DETAILS_ID = 'entities-users-details';
 const RELATED_HOSTS_ID = 'entities-users-related-hosts';
@@ -83,6 +95,9 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
   const isPlatinumOrTrialLicense = useMlCapabilities().isPlatinumOrTrialLicense;
   const isEntityAnalyticsAuthorized = isPlatinumOrTrialLicense && hasEntityAnalyticsCapability;
 
+  const { openPreviewPanel } = useExpandableFlyoutApi();
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
+
   const narrowDateRange = useCallback(
     (score, interval) => {
       const fromTo = scoreIntervalToDateTime(score, interval);
@@ -97,6 +112,31 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
     [dispatch]
   );
 
+  const openUserPreview = useCallback(() => {
+    openPreviewPanel({
+      id: UserPreviewPanelKey,
+      params: {
+        userName,
+        scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, userName, scopeId]);
+
+  const openHostPreview = useCallback(
+    (hostName: string) => {
+      openPreviewPanel({
+        id: HostPreviewPanelKey,
+        params: {
+          hostName,
+          scopeId,
+          banner: HOST_PREVIEW_BANNER,
+        },
+      });
+    },
+    [openPreviewPanel, scopeId]
+  );
+
   const [isUserLoading, { inspect, userDetails, refetch }] = useObservedUserDetails({
     id: userDetailsQueryId,
     startDate: from,
@@ -132,7 +172,16 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
         render: (host: string) => (
           <EuiText grow={false} size="xs">
             <CellActions field={'host.name'} value={host}>
-              {host}
+              {isPreviewEnabled ? (
+                <EuiLink
+                  data-test-subj={USER_DETAILS_RELATED_HOSTS_LINK_TEST_ID}
+                  onClick={() => openHostPreview(host)}
+                >
+                  {host}
+                </EuiLink>
+              ) : (
+                <>{host}</>
+              )}
             </CellActions>
           </EuiText>
         ),
@@ -176,7 +225,7 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
           ]
         : []),
     ],
-    [isEntityAnalyticsAuthorized, scopeId]
+    [isEntityAnalyticsAuthorized, scopeId, openHostPreview, isPreviewEnabled]
   );
 
   const relatedHostsCount = useMemo(
@@ -206,6 +255,22 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
     showPerPageOptions: false,
   };
 
+  const userLink = useMemo(
+    () =>
+      isPreviewEnabled
+        ? {
+            callback: openUserPreview,
+            tooltip: i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.entities.user.userPreviewTitle',
+              {
+                defaultMessage: 'Preview user',
+              }
+            ),
+          }
+        : undefined,
+    [isPreviewEnabled, openUserPreview]
+  );
+
   return (
     <>
       <EuiTitle size="xs">
@@ -222,6 +287,7 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
           title: userName,
           iconType: 'user',
           headerContent: relatedHostsCount,
+          link: userLink,
         }}
         expand={{
           expandable: true,
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx
deleted file mode 100644
index 52bf509462699..0000000000000
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common';
-import React, { createContext, memo, useContext, useMemo } from 'react';
-import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
-import { TableId } from '@kbn/securitysolution-data-table';
-import { useEventDetails } from '../shared/hooks/use_event_details';
-import { FlyoutError } from '../../shared/components/flyout_error';
-import { FlyoutLoading } from '../../shared/components/flyout_loading';
-import type { SearchHit } from '../../../../common/search_strategy';
-import type { LeftPanelProps } from '.';
-import type { GetFieldsData } from '../../../common/hooks/use_get_fields_data';
-import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers';
-import { useRuleWithFallback } from '../../../detection_engine/rule_management/logic/use_rule_with_fallback';
-
-export interface LeftPanelContext {
-  /**
-   * Id of the document
-   */
-  eventId: string;
-  /**
-   * Name of the index used in the parent's page
-   */
-  indexName: string;
-  /**
-   * Maintain backwards compatibility // TODO remove when possible
-   */
-  scopeId: string;
-  /**
-   * An object containing fields by type
-   */
-  browserFields: BrowserFields;
-  /**
-   * An object with top level fields from the ECS object
-   */
-  dataAsNestedObject: Ecs;
-  /**
-   * An array of field objects with category and value
-   */
-  dataFormattedForFieldBrowser: TimelineEventsDetailsItem[];
-  /**
-   * The actual raw document object
-   */
-  searchHit: SearchHit;
-  /**
-   * User defined fields to highlight (defined on the rule)
-   */
-  investigationFields: string[];
-  /**
-   * Retrieves searchHit values for the provided field
-   */
-  getFieldsData: GetFieldsData;
-  /**
-   * Boolean to indicate whether it is a preview flyout
-   */
-  isPreview: boolean;
-}
-
-export const LeftPanelContext = createContext<LeftPanelContext | undefined>(undefined);
-
-export type LeftPanelProviderProps = {
-  /**
-   * React components to render
-   */
-  children: React.ReactNode;
-} & Partial<LeftPanelProps['params']>;
-
-export const LeftPanelProvider = memo(
-  ({ id, indexName, scopeId, children }: LeftPanelProviderProps) => {
-    const {
-      browserFields,
-      dataAsNestedObject,
-      dataFormattedForFieldBrowser,
-      getFieldsData,
-      loading,
-      searchHit,
-    } = useEventDetails({ eventId: id, indexName });
-
-    const { ruleId } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
-    const { rule: maybeRule } = useRuleWithFallback(ruleId);
-
-    const contextValue = useMemo(
-      () =>
-        id &&
-        indexName &&
-        scopeId &&
-        dataAsNestedObject &&
-        dataFormattedForFieldBrowser &&
-        searchHit
-          ? {
-              eventId: id,
-              indexName,
-              scopeId,
-              browserFields,
-              dataAsNestedObject,
-              dataFormattedForFieldBrowser,
-              searchHit,
-              investigationFields: maybeRule?.investigation_fields?.field_names ?? [],
-              getFieldsData,
-              isPreview: scopeId === TableId.rulePreview,
-            }
-          : undefined,
-      [
-        id,
-        indexName,
-        scopeId,
-        browserFields,
-        dataAsNestedObject,
-        dataFormattedForFieldBrowser,
-        searchHit,
-        maybeRule?.investigation_fields,
-        getFieldsData,
-      ]
-    );
-
-    if (loading) {
-      return <FlyoutLoading />;
-    }
-
-    if (!contextValue) {
-      return <FlyoutError />;
-    }
-
-    return <LeftPanelContext.Provider value={contextValue}>{children}</LeftPanelContext.Provider>;
-  }
-);
-
-LeftPanelProvider.displayName = 'LeftPanelProvider';
-
-export const useLeftPanelContext = () => {
-  const contextValue = useContext(LeftPanelContext);
-
-  if (!contextValue) {
-    throw new Error('LeftPanelContext can only be used within LeftPanelContext provider');
-  }
-
-  return contextValue;
-};
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx
index bbc8201a19f1a..2b61a97577e06 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx
@@ -14,7 +14,7 @@ import { FlyoutHeader } from '../../shared/components/flyout_header';
 import type { LeftPanelTabType } from './tabs';
 import { getField } from '../shared/utils';
 import { EventKind } from '../shared/constants/event_kinds';
-import { useLeftPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
 
 export interface PanelHeaderProps {
   /**
@@ -38,7 +38,7 @@ export interface PanelHeaderProps {
  */
 export const PanelHeader: FC<PanelHeaderProps> = memo(
   ({ selectedTabId, setSelectedTabId, tabs }) => {
-    const { getFieldsData } = useLeftPanelContext();
+    const { getFieldsData } = useDocumentDetailsContext();
     const isEventKindSignal = getField(getFieldsData('event.kind')) === EventKind.signal;
 
     const onSelectedTabChanged = (id: LeftPanelPaths) => setSelectedTabId(id);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts
index f8a34e374a938..ae71c7f74c8d6 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts
@@ -11,7 +11,7 @@ import { renderHook } from '@testing-library/react-hooks';
 import { useTimelineEventsDetails } from '../../../../timelines/containers/details';
 import { useSourcererDataView } from '../../../../sourcerer/containers';
 import { useRouteSpy } from '../../../../common/utils/route/use_route_spy';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useInvestigationTimeEnrichment } from '../../../../common/containers/cti/event_enrichment';
 import { SecurityPageName } from '../../../../../common/constants';
 import type { RouteSpyState } from '../../../../common/utils/route/types';
@@ -19,12 +19,12 @@ import {
   type GetBasicDataFromDetailsData,
   useBasicDataFromDetailsData,
 } from '../../../../timelines/components/side_panel/event_details/helpers';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 
 jest.mock('../../../../timelines/containers/details');
 jest.mock('../../../../sourcerer/containers');
 jest.mock('../../../../common/utils/route/use_route_spy');
-jest.mock('../context');
+jest.mock('../../shared/context');
 jest.mock('../../../../common/containers/cti/event_enrichment');
 jest.mock('../../../../timelines/components/side_panel/event_details/helpers');
 
@@ -64,7 +64,7 @@ describe('useThreatIntelligenceDetails', () => {
         () => {},
       ]);
 
-    jest.mocked(useLeftPanelContext).mockReturnValue(mockContextValue);
+    jest.mocked(useDocumentDetailsContext).mockReturnValue(mockContextValue);
   });
 
   afterEach(() => {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts
index f8d6ee67edbc9..04a2bd0ddee47 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts
@@ -22,7 +22,7 @@ import { useInvestigationTimeEnrichment } from '../../../../common/containers/ct
 import { useTimelineEventsDetails } from '../../../../timelines/containers/details';
 import { useSourcererDataView } from '../../../../sourcerer/containers';
 import { useRouteSpy } from '../../../../common/utils/route/use_route_spy';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 export interface ThreatIntelligenceDetailsValue {
   enrichments: CtiEnrichment[];
@@ -43,7 +43,7 @@ export interface ThreatIntelligenceDetailsValue {
  * for component testing.
  */
 export const useThreatIntelligenceDetails = (): ThreatIntelligenceDetailsValue => {
-  const { indexName, eventId } = useLeftPanelContext();
+  const { indexName, eventId } = useDocumentDetailsContext();
   const [{ pageName }] = useRouteSpy();
   const sourcererScope =
     pageName === SecurityPageName.detections
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx
index a93b1e7e7a4fb..8facaef0885ca 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx
@@ -7,7 +7,7 @@
 
 import type { FC } from 'react';
 import React, { memo, useMemo } from 'react';
-import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout';
+
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
 import { DocumentDetailsLeftPanelKey } from '../shared/constants/panel_keys';
@@ -18,7 +18,8 @@ import type { LeftPanelTabType } from './tabs';
 import * as tabs from './tabs';
 import { getField } from '../shared/utils';
 import { EventKind } from '../shared/constants/event_kinds';
-import { useLeftPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
+import type { DocumentDetailsProps } from '../shared/types';
 import { LeftPanelTour } from './components/tour';
 
 export type LeftPanelPaths = 'visualize' | 'insights' | 'investigation' | 'response' | 'notes';
@@ -28,33 +29,25 @@ export const LeftPanelInvestigationTab: LeftPanelPaths = 'investigation';
 export const LeftPanelResponseTab: LeftPanelPaths = 'response';
 export const LeftPanelNotesTab: LeftPanelPaths = 'notes';
 
-export interface LeftPanelProps extends FlyoutPanelProps {
-  key: typeof DocumentDetailsLeftPanelKey;
-  path?: PanelPath;
-  params?: {
-    id: string;
-    indexName: string;
-    scopeId: string;
-  };
-}
-
-export const LeftPanel: FC<Partial<LeftPanelProps>> = memo(({ path }) => {
+export const LeftPanel: FC<Partial<DocumentDetailsProps>> = memo(({ path }) => {
   const { telemetry } = useKibana().services;
   const { openLeftPanel } = useExpandableFlyoutApi();
-  const { eventId, indexName, scopeId, getFieldsData } = useLeftPanelContext();
+  const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext();
   const eventKind = getField(getFieldsData('event.kind'));
-  const notesEnabled = useIsExperimentalFeatureEnabled('notesEnabled');
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
 
   const tabsDisplayed = useMemo(() => {
     const tabList =
       eventKind === EventKind.signal
         ? [tabs.insightsTab, tabs.investigationTab, tabs.responseTab]
         : [tabs.insightsTab];
-    if (notesEnabled) {
+    if (securitySolutionNotesEnabled) {
       tabList.push(tabs.notesTab);
     }
     return tabList;
-  }, [eventKind, notesEnabled]);
+  }, [eventKind, securitySolutionNotesEnabled]);
 
   const selectedTabId = useMemo(() => {
     const defaultTab = tabsDisplayed[0].id;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx
index 4513e857b0b6f..99072977ac982 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx
@@ -21,7 +21,7 @@ import {
   INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID,
   INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID,
 } from './test_ids';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '..';
 import { ENTITIES_TAB_ID, EntitiesDetails } from '../components/entities_details';
@@ -86,7 +86,7 @@ const insightsButtons: EuiButtonGroupOptionProps[] = [
  */
 export const InsightsTab = memo(() => {
   const { telemetry } = useKibana().services;
-  const { eventId, indexName, scopeId, getFieldsData } = useLeftPanelContext();
+  const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext();
   const isEventKindSignal = getField(getFieldsData('event.kind')) === EventKind.signal;
   const { openLeftPanel } = useExpandableFlyoutApi();
   const panels = useExpandableFlyoutState();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx
index ab148fd04c65b..32f64aecd1cb8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx
@@ -11,7 +11,7 @@ import type { EuiButtonGroupOptionProps } from '@elastic/eui/src/components/butt
 import { useExpandableFlyoutApi, useExpandableFlyoutState } from '@kbn/expandable-flyout';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useLeftPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelVisualizeTab } from '..';
 import {
@@ -51,7 +51,7 @@ const visualizeButtons: EuiButtonGroupOptionProps[] = [
  * Visualize view displayed in the document details expandable flyout left section
  */
 export const VisualizeTab = memo(() => {
-  const { eventId, indexName, scopeId } = useLeftPanelContext();
+  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
   const { openLeftPanel } = useExpandableFlyoutApi();
   const panels = useExpandableFlyoutState();
   const [activeVisualizationId, setActiveVisualizationId] = useState(
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/test_ids.ts
deleted file mode 100644
index 3a676c192ca69..0000000000000
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/test_ids.ts
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { PREFIX } from '../../../shared/test_ids';
-import { CONTENT_TEST_ID, HEADER_TEST_ID } from '../../right/components/expandable_section';
-
-/* Rule preview */
-
-const RULE_PREVIEW_TEST_ID = `${PREFIX}RulePreview` as const;
-export const RULE_PREVIEW_TITLE_TEST_ID = `${RULE_PREVIEW_TEST_ID}RulePreviewTitle` as const;
-export const RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID =
-  `${RULE_PREVIEW_TITLE_TEST_ID}Suppressed` as const;
-export const RULE_PREVIEW_RULE_CREATED_BY_TEST_ID = `${RULE_PREVIEW_TEST_ID}CreatedByText` as const;
-export const RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID = `${RULE_PREVIEW_TEST_ID}UpdatedByText` as const;
-export const RULE_PREVIEW_BODY_TEST_ID = `${RULE_PREVIEW_TEST_ID}Body` as const;
-export const RULE_PREVIEW_ABOUT_TEST_ID = `${RULE_PREVIEW_TEST_ID}AboutSection` as const;
-export const RULE_PREVIEW_ABOUT_HEADER_TEST_ID = RULE_PREVIEW_ABOUT_TEST_ID + HEADER_TEST_ID;
-export const RULE_PREVIEW_ABOUT_CONTENT_TEST_ID = RULE_PREVIEW_ABOUT_TEST_ID + CONTENT_TEST_ID;
-export const RULE_PREVIEW_DEFINITION_TEST_ID = `${RULE_PREVIEW_TEST_ID}DefinitionSection` as const;
-export const RULE_PREVIEW_DEFINITION_HEADER_TEST_ID =
-  RULE_PREVIEW_DEFINITION_TEST_ID + HEADER_TEST_ID;
-export const RULE_PREVIEW_DEFINITION_CONTENT_TEST_ID =
-  RULE_PREVIEW_DEFINITION_TEST_ID + CONTENT_TEST_ID;
-export const RULE_PREVIEW_SCHEDULE_TEST_ID = `${RULE_PREVIEW_TEST_ID}ScheduleSection` as const;
-export const RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID = RULE_PREVIEW_SCHEDULE_TEST_ID + HEADER_TEST_ID;
-export const RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID =
-  RULE_PREVIEW_SCHEDULE_TEST_ID + CONTENT_TEST_ID;
-export const RULE_PREVIEW_ACTIONS_TEST_ID = `${RULE_PREVIEW_TEST_ID}ActionsSection` as const;
-export const RULE_PREVIEW_ACTIONS_HEADER_TEST_ID = RULE_PREVIEW_ACTIONS_TEST_ID + HEADER_TEST_ID;
-export const RULE_PREVIEW_ACTIONS_CONTENT_TEST_ID = RULE_PREVIEW_ACTIONS_TEST_ID + CONTENT_TEST_ID;
-export const RULE_PREVIEW_LOADING_TEST_ID = `${RULE_PREVIEW_TEST_ID}Loading` as const;
-export const RULE_PREVIEW_FOOTER_TEST_ID = `${RULE_PREVIEW_TEST_ID}Footer` as const;
-export const RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID =
-  `${RULE_PREVIEW_FOOTER_TEST_ID}LinkToRuleDetails` as const;
-export const ALERT_REASON_PREVIEW_BODY_TEST_ID = `${PREFIX}AlertReasonPreviewBody` as const;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx
deleted file mode 100644
index 27e7d8646031c..0000000000000
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React, { memo, useMemo } from 'react';
-import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout';
-import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import type { DocumentDetailsPreviewPanelKey } from '../shared/constants/panel_keys';
-import { panels } from './panels';
-
-export type PreviewPanelPaths = 'rule-preview' | 'alert-reason-preview';
-export const RulePreviewPanel: PreviewPanelPaths = 'rule-preview';
-export const AlertReasonPreviewPanel: PreviewPanelPaths = 'alert-reason-preview';
-
-export interface PreviewPanelProps extends FlyoutPanelProps {
-  key: typeof DocumentDetailsPreviewPanelKey;
-  path?: PanelPath;
-  params?: {
-    id: string;
-    indexName: string;
-    scopeId: string;
-    ruleId?: string;
-  };
-}
-
-/**
- * Preview panel to be displayed on top of the document details expandable flyout right section
- */
-export const PreviewPanel: React.FC<Partial<PreviewPanelProps>> = memo(({ path }) => {
-  const previewPanel = useMemo(() => {
-    return path ? panels.find((panel) => panel.id === path.tab) : null;
-  }, [path]);
-
-  if (!previewPanel) {
-    return null;
-  }
-  return (
-    <EuiFlexGroup
-      justifyContent="spaceBetween"
-      direction="column"
-      gutterSize="none"
-      style={{ height: '100%' }}
-    >
-      <EuiFlexItem style={{ marginTop: '-15px' }}>{previewPanel.content}</EuiFlexItem>
-      <EuiFlexItem grow={false}>{previewPanel.footer}</EuiFlexItem>
-    </EuiFlexGroup>
-  );
-});
-
-PreviewPanel.displayName = 'PreviewPanel';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/panels.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/panels.tsx
deleted file mode 100644
index b5e42754a46d3..0000000000000
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/panels.tsx
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React from 'react';
-import { AlertReasonPreview } from './components/alert_reason_preview';
-import type { PreviewPanelPaths } from '.';
-import { RulePreview } from './components/rule_preview';
-import { RulePreviewFooter } from './components/rule_preview_footer';
-
-export type PreviewPanelType = Array<{
-  /**
-   * Id of the preview panel
-   */
-  id: PreviewPanelPaths;
-  /**
-   * Main body component to be rendered in the panel
-   */
-  content: React.ReactElement;
-  /**
-   * Footer section in the panel
-   */
-  footer?: React.ReactElement;
-}>;
-
-/**
- * Array of all preview panels
- */
-export const panels: PreviewPanelType = [
-  {
-    id: 'rule-preview',
-    content: <RulePreview />,
-    footer: <RulePreviewFooter />,
-  },
-  {
-    id: 'alert-reason-preview',
-    content: <AlertReasonPreview />,
-  },
-];
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx
index 7013e5d3303e1..46cefbb7533aa 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx
@@ -19,8 +19,8 @@ import {
 } from './test_ids';
 import { TestProviders } from '../../../../common/mock';
 import { AboutSection } from './about_section';
-import { RightPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { useExpandSection } from '../hooks/use_expand_section';
 
 jest.mock('../../../../common/components/link_to');
@@ -42,9 +42,9 @@ const renderAboutSection = (getFieldsData = mockGetFieldsData) => {
   };
   return render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <AboutSection />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 };
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx
index a02e69f611ab0..5b9da45df2dfd 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx
@@ -15,7 +15,7 @@ import { Reason } from './reason';
 import { MitreAttack } from './mitre_attack';
 import { getField } from '../../shared/utils';
 import { EventKind } from '../../shared/constants/event_kinds';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { isEcsAllowedValue } from '../utils/event_utils';
 import { EventCategoryDescription } from './event_category_description';
 import { EventKindDescription } from './event_kind_description';
@@ -30,7 +30,7 @@ const KEY = 'about';
  * For all other events, it shows the event kind description, a list of event categories and event renderer.
  */
 export const AboutSection = memo(() => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const eventKind = getField(getFieldsData('event.kind'));
   const eventKindInECS = eventKind && isEcsAllowedValue('event.kind', eventKind);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx
index 856c3ec51f364..c8a00cf0837fa 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx
@@ -13,13 +13,12 @@ import {
   RULE_SUMMARY_BUTTON_TEST_ID,
   ALERT_DESCRIPTION_DETAILS_TEST_ID,
 } from './test_ids';
-import { AlertDescription } from './alert_description';
-import { RightPanelContext } from '../context';
+import { AlertDescription, RULE_OVERVIEW_BANNER } from './alert_description';
+import { DocumentDetailsContext } from '../../shared/context';
 import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
 import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common';
-import { DocumentDetailsPreviewPanelKey } from '../../shared/constants/panel_keys';
+import { DocumentDetailsRuleOverviewPanelKey } from '../../shared/constants/panel_keys';
 import { TestProviders } from '../../../../common/mock';
-import { i18n } from '@kbn/i18n';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import type { ExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { createTelemetryServiceMock } from '../../../../common/lib/telemetry/telemetry_service.mock';
@@ -72,15 +71,15 @@ const panelContextValue = (dataFormattedForFieldBrowser: TimelineEventsDetailsIt
     scopeId: 'scopeId',
     dataFormattedForFieldBrowser,
     getFieldsData: mockGetFieldsData,
-  } as unknown as RightPanelContext);
+  } as unknown as DocumentDetailsContext);
 
-const renderDescription = (panelContext: RightPanelContext) =>
+const renderDescription = (panelContext: DocumentDetailsContext) =>
   render(
     <TestProviders>
       <IntlProvider locale="en">
-        <RightPanelContext.Provider value={panelContext}>
+        <DocumentDetailsContext.Provider value={panelContext}>
           <AlertDescription />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </IntlProvider>
     </TestProviders>
   );
@@ -151,20 +150,12 @@ describe('<AlertDescription />', () => {
       getByTestId(RULE_SUMMARY_BUTTON_TEST_ID).click();
 
       expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({
-        id: DocumentDetailsPreviewPanelKey,
-        path: { tab: 'rule-preview' },
+        id: DocumentDetailsRuleOverviewPanelKey,
         params: {
           id: panelContext.eventId,
           indexName: panelContext.indexName,
           scopeId: panelContext.scopeId,
-          banner: {
-            title: i18n.translate(
-              'xpack.securitySolution.flyout.right.about.description.rulePreviewTitle',
-              { defaultMessage: 'Preview rule details' }
-            ),
-            backgroundColor: 'warning',
-            textColor: 'warning',
-          },
+          banner: RULE_OVERVIEW_BANNER,
           ruleId: ruleUuid.values[0],
         },
       });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx
index 1b649700f3bb2..b908185cd9d9d 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx
@@ -14,15 +14,22 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { useKibana } from '../../../../common/lib/kibana';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers';
 import {
   ALERT_DESCRIPTION_DETAILS_TEST_ID,
   ALERT_DESCRIPTION_TITLE_TEST_ID,
   RULE_SUMMARY_BUTTON_TEST_ID,
 } from './test_ids';
-import { DocumentDetailsPreviewPanelKey } from '../../shared/constants/panel_keys';
-import { type PreviewPanelProps, RulePreviewPanel } from '../../preview';
+import { DocumentDetailsRuleOverviewPanelKey } from '../../shared/constants/panel_keys';
+
+export const RULE_OVERVIEW_BANNER = {
+  title: i18n.translate('xpack.securitySolution.flyout.right.about.description.rulePreviewTitle', {
+    defaultMessage: 'Preview rule details',
+  }),
+  backgroundColor: 'warning',
+  textColor: 'warning',
+};
 
 /**
  * Displays the rule description of a signal document.
@@ -30,28 +37,19 @@ import { type PreviewPanelProps, RulePreviewPanel } from '../../preview';
 export const AlertDescription: FC = () => {
   const { telemetry } = useKibana().services;
   const { dataFormattedForFieldBrowser, scopeId, eventId, indexName, isPreview } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
   const { isAlert, ruleDescription, ruleName, ruleId } = useBasicDataFromDetailsData(
     dataFormattedForFieldBrowser
   );
   const { openPreviewPanel } = useExpandableFlyoutApi();
   const openRulePreview = useCallback(() => {
-    const PreviewPanelRulePreview: PreviewPanelProps['path'] = { tab: RulePreviewPanel };
     openPreviewPanel({
-      id: DocumentDetailsPreviewPanelKey,
-      path: PreviewPanelRulePreview,
+      id: DocumentDetailsRuleOverviewPanelKey,
       params: {
         id: eventId,
         indexName,
         scopeId,
-        banner: {
-          title: i18n.translate(
-            'xpack.securitySolution.flyout.right.about.description.rulePreviewTitle',
-            { defaultMessage: 'Preview rule details' }
-          ),
-          backgroundColor: 'warning',
-          textColor: 'warning',
-        },
+        banner: RULE_OVERVIEW_BANNER,
         ruleId,
       },
     });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx
index 61dbc57a2080a..4a0267a8dade8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import {
   RISK_SCORE_VALUE_TEST_ID,
   SEVERITY_VALUE_TEST_ID,
@@ -32,15 +32,15 @@ const dateFormat = 'MMM D, YYYY @ HH:mm:ss.SSS';
 const mockContextValue = {
   dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
   getFieldsData: jest.fn().mockImplementation(mockGetFieldsData),
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 const HEADER_TEXT_TEST_ID = `${FLYOUT_ALERT_HEADER_TITLE_TEST_ID}Text`;
 
-const renderHeader = (contextValue: RightPanelContext) =>
+const renderHeader = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProvidersComponent>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <AlertHeaderTitle />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProvidersComponent>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx
index 8386acdba31ca..a9da1ae146394 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx
@@ -16,7 +16,7 @@ import { DocumentSeverity } from './severity';
 import { RiskScore } from './risk_score';
 import { useRefetchByScope } from '../../../../timelines/components/side_panel/event_details/flyout/use_refetch_by_scope';
 import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { PreferenceFormattedDate } from '../../../../common/components/formatted_date';
 import { FLYOUT_ALERT_HEADER_TITLE_TEST_ID, ALERT_SUMMARY_PANEL_TEST_ID } from './test_ids';
 import { Assignees } from './assignees';
@@ -33,7 +33,7 @@ export const AlertHeaderTitle = memo(() => {
     isPreview,
     refetchFlyoutData,
     getFieldsData,
-  } = useRightPanelContext();
+  } = useDocumentDetailsContext();
   const { isAlert, ruleName, timestamp, ruleId } = useBasicDataFromDetailsData(
     dataFormattedForFieldBrowser
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
index 7e5323e37b518..67d7438e8bb68 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
@@ -10,9 +10,9 @@ import React from 'react';
 import { TestProviders } from '../../../../common/mock';
 import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { AnalyzerPreview } from './analyzer_preview';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
 import * as mock from '../mocks/mock_analyzer_data';
@@ -34,12 +34,12 @@ const mockTreeValues = {
   statsNodes: mock.mockStatsNodes,
 };
 
-const renderAnalyzerPreview = (contextValue: RightPanelContext) =>
+const renderAnalyzerPreview = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <AnalyzerPreview />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
index e87bc1fddbe92..efae023e0d092 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
@@ -12,7 +12,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { ANALYZER_PREVIEW_TEST_ID, ANALYZER_PREVIEW_LOADING_TEST_ID } from './test_ids';
 import { getTreeNodes } from '../utils/analyzer_helpers';
 import { ANCESTOR_ID, RULE_INDICES } from '../../shared/constants/field_names';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import type { StatsNode } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import { isActiveTimeline } from '../../../../helpers';
@@ -41,7 +41,7 @@ export const AnalyzerPreview: React.FC = () => {
     scopeId,
     eventId,
     isPreview,
-  } = useRightPanelContext();
+  } = useDocumentDetailsContext();
   const ancestorId = getField(getFieldsData(ANCESTOR_ID)) ?? '';
   const documentId = isPreview ? ancestorId : eventId; // use ancestor as fallback for alert preview
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx
index c43511ddae460..5ce6fcebae76b 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx
@@ -8,8 +8,8 @@
 import { render, screen } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
 import React from 'react';
-import { RightPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { AnalyzerPreviewContainer } from './analyzer_preview_container';
 import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
@@ -56,9 +56,9 @@ const panelContextValue = {
 const renderAnalyzerPreview = (context = panelContextValue) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={context}>
+      <DocumentDetailsContext.Provider value={context}>
         <AnalyzerPreviewContainer />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx
index 6e3c8241136ea..ad85e8e8701e1 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx
@@ -15,7 +15,7 @@ import { useInvestigateInTimeline } from '../../../../detections/components/aler
 import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions';
 import { getScopedActions } from '../../../../helpers';
 import { setActiveTabTimeline } from '../../../../timelines/store/actions';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
 import { AnalyzerPreview } from './analyzer_preview';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
@@ -27,7 +27,7 @@ const timelineId = 'timeline-1';
  * Analyzer preview under Overview, Visualizations. It shows a tree representation of analyzer.
  */
 export const AnalyzerPreviewContainer: React.FC = () => {
-  const { dataAsNestedObject, isPreview } = useRightPanelContext();
+  const { dataAsNestedObject, isPreview } = useDocumentDetailsContext();
 
   // decide whether to show the analyzer preview or not
   const isEnabled = useIsInvestigateInResolverActionEnabled(dataAsNestedObject);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx
index 52c216517b9de..96a0f2b100291 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx
@@ -7,7 +7,7 @@
 
 import type { FC } from 'react';
 import React, { useMemo } from 'react';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getSourcererScopeId } from '../../../../helpers';
 import { SecurityCellActionType } from '../../../../app/actions/constants';
 import {
@@ -39,7 +39,7 @@ interface CellActionsProps {
  * Security cell action wrapper for document details flyout
  */
 export const CellActions: FC<CellActionsProps> = ({ field, value, isObjectArray, children }) => {
-  const { scopeId, isPreview } = useRightPanelContext();
+  const { scopeId, isPreview } = useDocumentDetailsContext();
 
   const data = useMemo(() => ({ field, value }), [field, value]);
   const metadata = useMemo(() => ({ scopeId, isObjectArray }), [scopeId, isObjectArray]);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
index 2ae680fc54ba9..2145d3efff129 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
@@ -9,7 +9,7 @@ import React from 'react';
 import { render } from '@testing-library/react';
 import type { ExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { CorrelationsOverview } from './correlations_overview';
 import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details';
@@ -76,13 +76,13 @@ const panelContextValue = {
   browserFields: {},
   getFieldsData: () => {},
   scopeId: 'scopeId',
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
-const renderCorrelationsOverview = (contextValue: RightPanelContext) => (
+const renderCorrelationsOverview = (contextValue: DocumentDetailsContext) => (
   <TestProviders>
-    <RightPanelContext.Provider value={contextValue}>
+    <DocumentDetailsContext.Provider value={contextValue}>
       <CorrelationsOverview />
-    </RightPanelContext.Provider>
+    </DocumentDetailsContext.Provider>
   </TestProviders>
 );
 
@@ -209,9 +209,9 @@ describe('<CorrelationsOverview />', () => {
   it('should navigate to the left section Insights tab when clicking on button', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <CorrelationsOverview />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
@@ -230,9 +230,9 @@ describe('<CorrelationsOverview />', () => {
   it('should navigate to the left section Insights tab automatically when active step is "view case"', () => {
     render(
       <TestProviders>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <CorrelationsOverview />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
index 2125eb47316ae..3bf57aa916963 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
@@ -24,7 +24,7 @@ import { useShowSuppressedAlerts } from '../../shared/hooks/use_show_suppressed_
 import { RelatedCases } from './related_cases';
 import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases';
 import { CORRELATIONS_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details';
@@ -43,7 +43,7 @@ import {
  */
 export const CorrelationsOverview: React.FC = () => {
   const { dataAsNestedObject, eventId, indexName, getFieldsData, scopeId, isPreview } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
   const { openLeftPanel } = useExpandableFlyoutApi();
   const { isTourShown, activeStep } = useTourContext();
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx
index e27470debe535..7c8c119b31c6b 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import {
   ENTITIES_HOST_OVERVIEW_TEST_ID,
   ENTITIES_USER_OVERVIEW_TEST_ID,
@@ -67,14 +67,14 @@ const mockContextValue = {
   indexName: 'index',
   scopeId: 'scopeId',
   getFieldsData: mockGetFieldsData,
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
-const renderEntitiesOverview = (contextValue: RightPanelContext) =>
+const renderEntitiesOverview = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <EntitiesOverview />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -108,7 +108,7 @@ describe('<EntitiesOverview />', () => {
     const contextValue = {
       ...mockContextValue,
       getFieldsData: (field: string) => (field === 'user.name' ? 'user1' : null),
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { queryByTestId, getByTestId, queryByText } = renderEntitiesOverview(contextValue);
 
@@ -121,7 +121,7 @@ describe('<EntitiesOverview />', () => {
     const contextValue = {
       ...mockContextValue,
       getFieldsData: (field: string) => (field === 'host.name' ? 'host1' : null),
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { queryByTestId, getByTestId, queryByText } = renderEntitiesOverview(contextValue);
 
@@ -134,7 +134,7 @@ describe('<EntitiesOverview />', () => {
     const contextValue = {
       ...mockContextValue,
       getFieldsData: (field: string) => {},
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByText } = renderEntitiesOverview(contextValue);
     expect(getByText(NO_DATA_MESSAGE)).toBeInTheDocument();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx
index 7d150c0850c81..51ec7f002ed0a 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx
@@ -11,7 +11,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { INSIGHTS_ENTITIES_TEST_ID } from './test_ids';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getField } from '../../shared/utils';
 import { HostEntityOverview } from './host_entity_overview';
 import { UserEntityOverview } from './user_entity_overview';
@@ -23,7 +23,7 @@ import { ENTITIES_TAB_ID } from '../../left/components/entities_details';
  * Entities section under Insights section, overview tab. It contains a preview of host and user information.
  */
 export const EntitiesOverview: React.FC = () => {
-  const { eventId, getFieldsData, indexName, scopeId } = useRightPanelContext();
+  const { eventId, getFieldsData, indexName, scopeId } = useDocumentDetailsContext();
   const { openLeftPanel } = useExpandableFlyoutApi();
   const hostName = getField(getFieldsData('host.name'));
   const userName = getField(getFieldsData('user.name'));
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx
index 8ce893fa4f828..1719eed80aaa0 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx
@@ -7,18 +7,18 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids';
 import { EventCategoryDescription } from './event_category_description';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { TestProvidersComponent } from '../../../../common/mock';
 
-const renderDescription = (contextValue: RightPanelContext) =>
+const renderDescription = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProvidersComponent>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <EventCategoryDescription />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProvidersComponent>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx
index 2a9048a0504e5..2900c05200741 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx
@@ -8,7 +8,7 @@
 import React, { useMemo } from 'react';
 import { EuiFlexItem, EuiTitle, EuiSpacer, EuiText } from '@elastic/eui';
 import { startCase } from 'lodash';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getEcsAllowedValueDescription } from '../utils/event_utils';
 import { getFieldArray } from '../../shared/utils';
 import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids';
@@ -17,7 +17,7 @@ import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids';
  * Displays the category description of an event document.
  */
 export const EventCategoryDescription: React.FC = () => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const eventCategories = useMemo(
     () => getFieldArray(getFieldsData('event.category')),
     [getFieldsData]
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx
index 049e129d10120..05f5f0a166a52 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx
@@ -7,12 +7,12 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { SEVERITY_VALUE_TEST_ID, FLYOUT_EVENT_HEADER_TITLE_TEST_ID } from './test_ids';
 import { EventHeaderTitle } from './event_header_title';
 import moment from 'moment-timezone';
 import { useDateFormat, useTimeZone } from '../../../../common/lib/kibana';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { TestProvidersComponent } from '../../../../common/mock';
 
 jest.mock('../../../../common/lib/kibana');
@@ -22,12 +22,12 @@ moment.tz.setDefault('UTC');
 
 const dateFormat = 'MMM D, YYYY @ HH:mm:ss.SSS';
 
-const renderHeader = (contextValue: RightPanelContext) =>
+const renderHeader = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProvidersComponent>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <EventHeaderTitle />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProvidersComponent>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx
index f19e3c27ee4dc..4bed17e24b77e 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx
@@ -12,7 +12,7 @@ import { i18n } from '@kbn/i18n';
 import { FlyoutTitle } from '../../../shared/components/flyout_title';
 import { DocumentSeverity } from './severity';
 import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { PreferenceFormattedDate } from '../../../../common/components/formatted_date';
 import { FLYOUT_EVENT_HEADER_TITLE_TEST_ID } from './test_ids';
 import { getField } from '../../shared/utils';
@@ -22,7 +22,7 @@ import { EVENT_CATEGORY_TO_FIELD } from '../utils/event_utils';
  * Event details flyout right section header
  */
 export const EventHeaderTitle = memo(() => {
-  const { dataFormattedForFieldBrowser, getFieldsData } = useRightPanelContext();
+  const { dataFormattedForFieldBrowser, getFieldsData } = useDocumentDetailsContext();
   const { timestamp } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
 
   const eventKind = getField(getFieldsData('event.kind'));
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx
index 6c7f69b175f03..5039040e701be 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx
@@ -7,22 +7,22 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import {
   EVENT_KIND_DESCRIPTION_TEST_ID,
   EVENT_KIND_DESCRIPTION_TEXT_TEST_ID,
   EVENT_KIND_DESCRIPTION_CATEGORIES_TEST_ID,
 } from './test_ids';
 import { EventKindDescription } from './event_kind_description';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { TestProvidersComponent } from '../../../../common/mock';
 
-const renderDescription = (contextValue: RightPanelContext) =>
+const renderDescription = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProvidersComponent>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <EventKindDescription eventKind="alert" />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProvidersComponent>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx
index 21e4a6a2d4a49..3750e9c83448c 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx
@@ -9,7 +9,7 @@ import React, { useMemo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiTitle, EuiSpacer, EuiText, EuiToolTip } from '@elastic/eui';
 import { startCase } from 'lodash';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getEcsAllowedValueDescription } from '../utils/event_utils';
 import { getFieldArray } from '../../shared/utils';
 import {
@@ -30,7 +30,7 @@ export interface EventKindDescriptionProps {
  * Shows the ecs description of the event kind, and a list of event categories
  */
 export const EventKindDescription: React.FC<EventKindDescriptionProps> = ({ eventKind }) => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const eventCategories = useMemo(
     () => getFieldArray(getFieldsData('event.category')),
     [getFieldsData]
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx
index f6e91cbe31756..761a8c4df8649 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx
@@ -8,17 +8,17 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { EventRenderer } from './event_renderer';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { EVENT_RENDERER_TEST_ID } from './test_ids';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object';
 import { TestProviders } from '../../../../common/mock';
 
-const renderEventRenderer = (contextValue: RightPanelContext) =>
+const renderEventRenderer = (contextValue: DocumentDetailsContext) =>
   render(
-    <RightPanelContext.Provider value={contextValue}>
+    <DocumentDetailsContext.Provider value={contextValue}>
       <EventRenderer />
-    </RightPanelContext.Provider>,
+    </DocumentDetailsContext.Provider>,
     { wrapper: TestProviders }
   );
 
@@ -38,7 +38,7 @@ describe('<EventRenderer />', () => {
   });
 
   it('should render empty component if event renderer is not available', async () => {
-    const { container } = renderEventRenderer({} as unknown as RightPanelContext);
+    const { container } = renderEventRenderer({} as unknown as DocumentDetailsContext);
 
     expect(container).toBeEmptyDOMElement();
   });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx
index 54e60d0331b81..cd612286f01fb 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx
@@ -12,7 +12,7 @@ import styled from '@emotion/styled';
 import { euiThemeVars } from '@kbn/ui-theme';
 import { getRowRenderer } from '../../../../timelines/components/timeline/body/renderers/get_row_renderer';
 import { defaultRowRenderers } from '../../../../timelines/components/timeline/body/renderers';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { EVENT_RENDERER_TEST_ID } from './test_ids';
 
 const ReasonPreviewContainerWrapper = styled.div`
@@ -26,7 +26,7 @@ const ReasonPreviewContainer = styled.div``;
  * Event renderer of an event document
  */
 export const EventRenderer: FC = () => {
-  const { dataAsNestedObject, scopeId } = useRightPanelContext();
+  const { dataAsNestedObject, scopeId } = useDocumentDetailsContext();
 
   const renderer = useMemo(
     () => getRowRenderer({ data: dataAsNestedObject, rowRenderers: defaultRowRenderers }),
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx
index 2a46926d9dc3b..26d2c9d1f63d4 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { SHARE_BUTTON_TEST_ID, CHAT_BUTTON_TEST_ID } from './test_ids';
 import { HeaderActions } from './header_actions';
 import { useAssistant } from '../hooks/use_assistant';
@@ -31,14 +31,14 @@ const alertUrl = 'https://example.com/alert';
 const mockContextValue = {
   dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
   getFieldsData: jest.fn().mockImplementation(mockGetFieldsData),
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
-const renderHeaderActions = (contextValue: RightPanelContext) =>
+const renderHeaderActions = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProvidersComponent>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <HeaderActions />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProvidersComponent>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx
index 89f982810068b..00fbd9303c332 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx
@@ -17,14 +17,14 @@ import {
   ALERT_SUMMARY_CONVERSATION_ID,
   EVENT_SUMMARY_CONVERSATION_ID,
 } from '../../../../common/components/event_details/translations';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { SHARE_BUTTON_TEST_ID } from './test_ids';
 
 /**
  * Actions displayed in the header menu in the right section of alerts flyout
  */
 export const HeaderActions: VFC = memo(() => {
-  const { dataFormattedForFieldBrowser, eventId, indexName } = useRightPanelContext();
+  const { dataFormattedForFieldBrowser, eventId, indexName } = useDocumentDetailsContext();
   const { isAlert, timestamp } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
 
   const alertDetailsLink = useGetAlertDetailsFlyoutLink({
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx
index cf5db0460b88a..f4033bba7bce9 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { HIGHLIGHTED_FIELDS_DETAILS_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID } from './test_ids';
 import { HighlightedFields } from './highlighted_fields';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
@@ -18,12 +18,12 @@ import { useRuleWithFallback } from '../../../../detection_engine/rule_managemen
 jest.mock('../../shared/hooks/use_highlighted_fields');
 jest.mock('../../../../detection_engine/rule_management/logic/use_rule_with_fallback');
 
-const renderHighlightedFields = (contextValue: RightPanelContext) =>
+const renderHighlightedFields = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <HighlightedFields />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -38,7 +38,7 @@ describe('<HighlightedFields />', () => {
     const contextValue = {
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
     (useHighlightedFields as jest.Mock).mockReturnValue({
       field: {
         values: ['value'],
@@ -55,7 +55,7 @@ describe('<HighlightedFields />', () => {
     const contextValue = {
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
     (useHighlightedFields as jest.Mock).mockReturnValue({});
 
     const { getByText } = renderHighlightedFields(contextValue);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx
index 02f7ac73665ad..22e5b65bdade8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx
@@ -16,7 +16,7 @@ import { useBasicDataFromDetailsData } from '../../../../timelines/components/si
 import { HighlightedFieldsCell } from './highlighted_fields_cell';
 import { CellActions } from './cell_actions';
 import { HIGHLIGHTED_FIELDS_DETAILS_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useHighlightedFields } from '../../shared/hooks/use_highlighted_fields';
 
 export interface HighlightedFieldsTableRow {
@@ -92,7 +92,7 @@ const columns: Array<EuiBasicTableColumn<HighlightedFieldsTableRow>> = [
  * Component that displays the highlighted fields in the right panel under the Investigation section.
  */
 export const HighlightedFields: FC = () => {
-  const { dataFormattedForFieldBrowser, scopeId, isPreview } = useRightPanelContext();
+  const { dataFormattedForFieldBrowser, scopeId, isPreview } = useDocumentDetailsContext();
   const { ruleId } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
   const { loading, rule: maybeRule } = useRuleWithFallback(ruleId);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx
index 46f22886c8b58..dfa62ecf33c22 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx
@@ -13,18 +13,19 @@ import {
   HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID,
 } from './test_ids';
 import { HighlightedFieldsCell } from './highlighted_fields_cell';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { TestProviders } from '../../../../common/mock';
 import { ENTITIES_TAB_ID } from '../../left/components/entities_details';
-import { useGetEndpointDetails } from '../../../../management/hooks';
-import {
-  useAgentStatusHook,
-  useGetAgentStatus,
-  useGetSentinelOneAgentStatus,
-} from '../../../../management/hooks/agents/use_get_agent_status';
-import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { useGetAgentStatus } from '../../../../management/hooks/agents/use_get_agent_status';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from './host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from './user_entity_overview';
 
 jest.mock('../../../../management/hooks');
 jest.mock('../../../../management/hooks/agents/use_get_agent_status');
@@ -34,36 +35,30 @@ jest.mock('@kbn/expandable-flyout', () => ({
   ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
 }));
 
-const useGetSentinelOneAgentStatusMock = useGetSentinelOneAgentStatus as jest.Mock;
 const useGetAgentStatusMock = useGetAgentStatus as jest.Mock;
-const useAgentStatusHookMock = useAgentStatusHook as jest.Mock;
-const hooksToMock: Record<string, jest.Mock> = {
-  useGetSentinelOneAgentStatus: useGetSentinelOneAgentStatusMock,
-  useGetAgentStatus: useGetAgentStatusMock,
-};
 
-const flyoutContextValue = {
-  openLeftPanel: jest.fn(),
-} as unknown as ExpandableFlyoutApi;
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
 
 const panelContextValue = {
   eventId: 'event id',
   indexName: 'indexName',
   scopeId: 'scopeId',
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const renderHighlightedFieldsCell = (values: string[], field: string) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={panelContextValue}>
+      <DocumentDetailsContext.Provider value={panelContextValue}>
         <HighlightedFieldsCell values={values} field={field} />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
 describe('<HighlightedFieldsCell />', () => {
   beforeAll(() => {
-    jest.mocked(useExpandableFlyoutApi).mockReturnValue(flyoutContextValue);
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
   it('should render a basic cell', () => {
@@ -88,11 +83,11 @@ describe('<HighlightedFieldsCell />', () => {
     expect(getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID)).toBeInTheDocument();
   });
 
-  it('should open left panel when clicking on the link within a a link cell', () => {
+  it('should open left panel when clicking on the link within a a link cell when feature flag is off', () => {
     const { getByTestId } = renderHighlightedFieldsCell(['value'], 'user.name');
 
     getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID).click();
-    expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({
+    expect(mockFlyoutApi.openLeftPanel).toHaveBeenCalledWith({
       id: DocumentDetailsLeftPanelKey,
       path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID },
       params: {
@@ -103,8 +98,41 @@ describe('<HighlightedFieldsCell />', () => {
     });
   });
 
+  it('should open host preview when click on host when feature flag is on', () => {
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+    const { getByTestId } = renderHighlightedFieldsCell(['test host'], 'host.name');
+
+    getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName: 'test host',
+        scopeId: panelContextValue.scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
+  });
+
+  it('should open user preview when click on user when feature flag is on', () => {
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+    const { getByTestId } = renderHighlightedFieldsCell(['test user'], 'user.name');
+
+    getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID).click();
+    expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+      id: UserPreviewPanelKey,
+      params: {
+        userName: 'test user',
+        scopeId: panelContextValue.scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
+  });
+
   it('should render agent status cell if field is `agent.status`', () => {
-    (useGetEndpointDetails as jest.Mock).mockReturnValue({});
+    useGetAgentStatusMock.mockReturnValue({
+      isFetched: true,
+      isLoading: false,
+    });
     const { getByTestId } = render(
       <TestProviders>
         <HighlightedFieldsCell values={['value']} field={'agent.status'} />
@@ -114,55 +142,43 @@ describe('<HighlightedFieldsCell />', () => {
     expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument();
   });
 
-  // TODO: 8.15 simplify when `agentStatusClientEnabled` FF is enabled and removed
-  it.each(Object.keys(hooksToMock))(
-    'should render SentinelOne agent status cell if field is agent.status and `originalField` is `observer.serial_number` with %s hook',
-    (hookName) => {
-      const hook = hooksToMock[hookName];
-      useAgentStatusHookMock.mockImplementation(() => hook);
-
-      (hook as jest.Mock).mockReturnValue({
-        isFetched: true,
-        isLoading: false,
-      });
-
-      const { getByTestId } = render(
-        <TestProviders>
-          <HighlightedFieldsCell
-            values={['value']}
-            field={'agent.status'}
-            originalField="observer.serial_number"
-          />
-        </TestProviders>
-      );
-
-      expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument();
-    }
-  );
-  it.each(Object.keys(hooksToMock))(
-    'should render Crowdstrike agent status cell if field is agent.status and `originalField` is `crowdstrike.event.DeviceId` with %s hook',
-    (hookName) => {
-      const hook = hooksToMock[hookName];
-      useAgentStatusHookMock.mockImplementation(() => hook);
-
-      (hook as jest.Mock).mockReturnValue({
-        isFetched: true,
-        isLoading: false,
-      });
-
-      const { getByTestId } = render(
-        <TestProviders>
-          <HighlightedFieldsCell
-            values={['value']}
-            field={'agent.status'}
-            originalField="crowdstrike.event.DeviceId"
-          />
-        </TestProviders>
-      );
-
-      expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument();
-    }
-  );
+  it('should render SentinelOne agent status cell if field is agent.status and `originalField` is `observer.serial_number`', () => {
+    useGetAgentStatusMock.mockReturnValue({
+      isFetched: true,
+      isLoading: false,
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <HighlightedFieldsCell
+          values={['value']}
+          field={'agent.status'}
+          originalField="observer.serial_number"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('should render Crowdstrike agent status cell if field is agent.status and `originalField` is `crowdstrike.event.DeviceId`', () => {
+    useGetAgentStatusMock.mockReturnValue({
+      isFetched: true,
+      isLoading: false,
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <HighlightedFieldsCell
+          values={['value']}
+          field={'agent.status'}
+          originalField="crowdstrike.event.DeviceId"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument();
+  });
   it('should not render if values is null', () => {
     const { container } = render(
       <TestProviders>
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx
index 51e60b67ed8b0..5918a1ec8d7b5 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx
@@ -6,16 +6,13 @@
  */
 
 import type { VFC } from 'react';
-import React, { memo, useCallback, useMemo } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import { EuiFlexItem, EuiLink } from '@elastic/eui';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
+import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
-import {
-  AgentStatus,
-  EndpointAgentStatusById,
-} from '../../../../common/components/endpoint/agents/agent_status';
-import { useRightPanelContext } from '../context';
 import {
   AGENT_STATUS_FIELD_NAME,
   HOST_NAME_FIELD_NAME,
@@ -31,8 +28,16 @@ import {
   HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID,
 } from './test_ids';
 import { RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD } from '../../../../../common/endpoint/service/response_actions/constants';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
+import { HOST_PREVIEW_BANNER } from './host_entity_overview';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
+import { USER_PREVIEW_BANNER } from './user_entity_overview';
 
 interface LinkFieldCellProps {
+  /**
+   * Highlighted field's field name
+   */
+  field: string;
   /**
    * Highlighted field's value to display as a EuiLink to open the expandable left panel
    * (used for host name and username fields)
@@ -43,9 +48,10 @@ interface LinkFieldCellProps {
 /**
  * // Currently we can use the same component for both host name and username
  */
-const LinkFieldCell: VFC<LinkFieldCellProps> = ({ value }) => {
-  const { scopeId, eventId, indexName } = useRightPanelContext();
-  const { openLeftPanel } = useExpandableFlyoutApi();
+const LinkFieldCell: VFC<LinkFieldCellProps> = ({ field, value }) => {
+  const { scopeId, eventId, indexName } = useDocumentDetailsContext();
+  const { openLeftPanel, openPreviewPanel } = useExpandableFlyoutApi();
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
 
   const goToInsightsEntities = useCallback(() => {
     openLeftPanel({
@@ -59,8 +65,40 @@ const LinkFieldCell: VFC<LinkFieldCellProps> = ({ value }) => {
     });
   }, [eventId, indexName, openLeftPanel, scopeId]);
 
+  const openHostPreview = useCallback(() => {
+    openPreviewPanel({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName: value,
+        scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, value, scopeId]);
+
+  const openUserPreview = useCallback(() => {
+    openPreviewPanel({
+      id: UserPreviewPanelKey,
+      params: {
+        userName: value,
+        scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, value, scopeId]);
+
+  const onClick = useMemo(() => {
+    if (isPreviewEnabled && field === HOST_NAME_FIELD_NAME) {
+      return openHostPreview;
+    }
+    if (isPreviewEnabled && field === USER_NAME_FIELD_NAME) {
+      return openUserPreview;
+    }
+    return goToInsightsEntities;
+  }, [isPreviewEnabled, field, openHostPreview, openUserPreview, goToInsightsEntities]);
+
   return (
-    <EuiLink onClick={goToInsightsEntities} data-test-subj={HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID}>
+    <EuiLink onClick={onClick} data-test-subj={HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID}>
       {value}
     </EuiLink>
   );
@@ -81,33 +119,7 @@ export interface HighlightedFieldsCellProps {
   values: string[] | null | undefined;
 }
 
-const FieldsAgentStatus = memo(
-  ({ value, agentType }: { value: string | undefined; agentType: ResponseActionAgentType }) => {
-    const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
-    if (agentType !== 'endpoint' || agentStatusClientEnabled) {
-      return (
-        <AgentStatus
-          agentId={String(value ?? '')}
-          agentType={agentType}
-          data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID}
-        />
-      );
-    } else {
-      // TODO: remove usage of `EndpointAgentStatusById` when `agentStatusClientEnabled` FF is enabled and removed
-      return (
-        <EndpointAgentStatusById
-          endpointAgentId={String(value ?? '')}
-          data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID}
-        />
-      );
-    }
-  }
-);
-
-FieldsAgentStatus.displayName = 'FieldsAgentStatus';
-
 /**
- * console.log('c::*, values != null
  * Renders a component in the highlighted fields table cell based on the field name
  */
 export const HighlightedFieldsCell: VFC<HighlightedFieldsCellProps> = ({
@@ -144,9 +156,13 @@ export const HighlightedFieldsCell: VFC<HighlightedFieldsCellProps> = ({
               data-test-subj={`${value}-${HIGHLIGHTED_FIELDS_CELL_TEST_ID}`}
             >
               {field === HOST_NAME_FIELD_NAME || field === USER_NAME_FIELD_NAME ? (
-                <LinkFieldCell value={value} />
+                <LinkFieldCell field={field} value={value} />
               ) : field === AGENT_STATUS_FIELD_NAME ? (
-                <FieldsAgentStatus value={value} agentType={agentType} />
+                <AgentStatus
+                  agentId={String(value ?? '')}
+                  agentType={agentType}
+                  data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID}
+                />
               ) : (
                 <span data-test-subj={HIGHLIGHTED_FIELDS_BASIC_CELL_TEST_ID}>{value}</span>
               )}
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx
index 3e74b94b1efa9..0fcdf4b380d8e 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx
@@ -7,7 +7,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
-import { HostEntityOverview } from './host_entity_overview';
+import { HostEntityOverview, HOST_PREVIEW_BANNER } from './host_entity_overview';
 import { useHostDetails } from '../../../../explore/hosts/containers/hosts/details';
 import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
 import {
@@ -17,14 +17,17 @@ import {
   ENTITIES_HOST_OVERVIEW_RISK_LEVEL_TEST_ID,
   ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID,
 } from './test_ids';
-import { RightPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { useExpandableFlyoutApi, type ExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
 import { LeftPanelInsightsTab } from '../../left';
 import { ENTITIES_TAB_ID } from '../../left/components/entities_details';
 import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
 
 const hostName = 'host';
 const osFamily = 'Windows';
@@ -46,9 +49,8 @@ jest.mock('@kbn/expandable-flyout', () => ({
   ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
 }));
 
-const flyoutContextValue = {
-  openLeftPanel: jest.fn(),
-} as unknown as ExpandableFlyoutApi;
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
 
 const mockUseGlobalTime = jest.fn().mockReturnValue({ from, to });
 jest.mock('../../../../common/containers/use_global_time', () => {
@@ -76,15 +78,16 @@ jest.mock('../../../../common/containers/use_first_last_seen');
 const renderHostEntityContent = () =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={panelContextValue}>
+      <DocumentDetailsContext.Provider value={panelContextValue}>
         <HostEntityOverview hostName={hostName} />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
 describe('<HostEntityContent />', () => {
   beforeAll(() => {
-    jest.mocked(useExpandableFlyoutApi).mockReturnValue(flyoutContextValue);
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
   describe('license is valid', () => {
@@ -115,9 +118,9 @@ describe('<HostEntityContent />', () => {
 
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <HostEntityOverview hostName={hostName} />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
     expect(getByTestId(ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument();
@@ -129,9 +132,9 @@ describe('<HostEntityContent />', () => {
 
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <HostEntityOverview hostName={hostName} />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
     expect(getByTestId(ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument();
@@ -160,14 +163,14 @@ describe('<HostEntityContent />', () => {
       expect(getByTestId(ENTITIES_HOST_OVERVIEW_LAST_SEEN_TEST_ID)).toHaveTextContent('—');
     });
 
-    it('should navigate to left panel entities tab when clicking on title', () => {
+    it('should navigate to left panel entities tab when clicking on title when feature flag is off', () => {
       mockUseHostDetails.mockReturnValue([false, { hostDetails: hostData }]);
       mockUseRiskScore.mockReturnValue({ data: riskLevel, isAuthorized: true });
 
       const { getByTestId } = renderHostEntityContent();
 
       getByTestId(ENTITIES_HOST_OVERVIEW_LINK_TEST_ID).click();
-      expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({
+      expect(mockFlyoutApi.openLeftPanel).toHaveBeenCalledWith({
         id: DocumentDetailsLeftPanelKey,
         path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID },
         params: {
@@ -177,5 +180,23 @@ describe('<HostEntityContent />', () => {
         },
       });
     });
+
+    it('should open host preview when clicking on title when feature flag is on', () => {
+      mockUseHostDetails.mockReturnValue([false, { hostDetails: hostData }]);
+      mockUseRiskScore.mockReturnValue({ data: riskLevel, isAuthorized: true });
+      mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+
+      const { getByTestId } = renderHostEntityContent();
+
+      getByTestId(ENTITIES_HOST_OVERVIEW_LINK_TEST_ID).click();
+      expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+        id: HostPreviewPanelKey,
+        params: {
+          hostName,
+          scopeId: mockContextValue.scopeId,
+          banner: HOST_PREVIEW_BANNER,
+        },
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx
index b1316cb8fa434..e48b5f8fd4f9d 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx
@@ -19,8 +19,9 @@ import { css } from '@emotion/css';
 import { getOr } from 'lodash/fp';
 import { i18n } from '@kbn/i18n';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import type { DescriptionList } from '../../../../../common/utility_types';
 import {
   FirstLastSeen,
@@ -53,6 +54,7 @@ import {
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { RiskScoreDocTooltip } from '../../../../overview/components/common';
+import { HostPreviewPanelKey } from '../../../entity_details/host_right';
 
 const HOST_ICON = 'storage';
 
@@ -63,12 +65,23 @@ export interface HostEntityOverviewProps {
   hostName: string;
 }
 
+export const HOST_PREVIEW_BANNER = {
+  title: i18n.translate('xpack.securitySolution.flyout.right.host.hostPreviewTitle', {
+    defaultMessage: 'Preview host',
+  }),
+  backgroundColor: 'warning',
+  textColor: 'warning',
+};
+
 /**
  * Host preview content for the entities preview in right flyout. It contains ip addresses and risk level
  */
 export const HostEntityOverview: React.FC<HostEntityOverviewProps> = ({ hostName }) => {
-  const { eventId, indexName, scopeId } = useRightPanelContext();
-  const { openLeftPanel } = useExpandableFlyoutApi();
+  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
+  const { openLeftPanel, openPreviewPanel } = useExpandableFlyoutApi();
+
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
+
   const goToEntitiesTab = useCallback(() => {
     openLeftPanel({
       id: DocumentDetailsLeftPanelKey,
@@ -81,6 +94,17 @@ export const HostEntityOverview: React.FC<HostEntityOverviewProps> = ({ hostName
     });
   }, [eventId, openLeftPanel, indexName, scopeId]);
 
+  const openHostPreview = useCallback(() => {
+    openPreviewPanel({
+      id: HostPreviewPanelKey,
+      params: {
+        hostName,
+        scopeId,
+        banner: HOST_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, hostName, scopeId]);
+
   const { from, to } = useGlobalTime();
   const { selectedPatterns } = useSourcererDataView();
 
@@ -199,7 +223,7 @@ export const HostEntityOverview: React.FC<HostEntityOverviewProps> = ({ hostName
                 font-size: ${xsFontSize};
                 font-weight: ${euiTheme.font.weight.bold};
               `}
-              onClick={goToEntitiesTab}
+              onClick={isPreviewEnabled ? openHostPreview : goToEntitiesTab}
             >
               {hostName}
             </EuiLink>
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
index d98dcb3c9edc7..eb1af2a74b8df 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import {
   INSIGHTS_HEADER_TEST_ID,
   INSIGHTS_THREAT_INTELLIGENCE_TEST_ID,
@@ -102,12 +102,12 @@ jest.mock('../../../../common/components/guided_onboarding_tour', () => ({
   useTourContext: jest.fn().mockReturnValue({ activeStep: 1, isTourShown: jest.fn(() => true) }),
 }));
 
-const renderInsightsSection = (contextValue: RightPanelContext) =>
+const renderInsightsSection = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <InsightsSection />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -134,7 +134,7 @@ describe('<InsightsSection />', () => {
     const contextValue = {
       eventId: 'some_Id',
       getFieldsData: mockGetFieldsData,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderInsightsSection(contextValue);
 
@@ -150,7 +150,7 @@ describe('<InsightsSection />', () => {
       eventId: 'some_Id',
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       getFieldsData: mockGetFieldsData,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderInsightsSection(contextValue);
     expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).not.toBeVisible();
@@ -163,7 +163,7 @@ describe('<InsightsSection />', () => {
       eventId: 'some_Id',
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       getFieldsData: mockGetFieldsData,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderInsightsSection(contextValue);
     expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).toBeVisible();
@@ -177,7 +177,7 @@ describe('<InsightsSection />', () => {
       eventId: 'some_Id',
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       getFieldsData: mockGetFieldsData,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const wrapper = renderInsightsSection(contextValue);
     expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).toBeVisible();
@@ -196,7 +196,7 @@ describe('<InsightsSection />', () => {
       eventId: 'some_Id',
       getFieldsData,
       documentIsSignal: true,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId } = renderInsightsSection(contextValue);
 
@@ -219,7 +219,7 @@ describe('<InsightsSection />', () => {
       eventId: 'some_Id',
       getFieldsData,
       documentIsSignal: false,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId, queryByTestId } = renderInsightsSection(contextValue);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx
index 7ea4b67734ae4..19c75a77cbabf 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx
@@ -15,7 +15,7 @@ import { ThreatIntelligenceOverview } from './threat_intelligence_overview';
 import { INSIGHTS_TEST_ID } from './test_ids';
 import { EntitiesOverview } from './entities_overview';
 import { ExpandableSection } from './expandable_section';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getField } from '../../shared/utils';
 import { EventKind } from '../../shared/constants/event_kinds';
 import { useTourContext } from '../../../../common/components/guided_onboarding_tour';
@@ -30,7 +30,7 @@ const KEY = 'insights';
  * Insights section under overview tab. It contains entities, threat intelligence, prevalence and correlations.
  */
 export const InsightsSection = memo(() => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const eventKind = getField(getFieldsData('event.kind'));
 
   const { activeStep, isTourShown } = useTourContext();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx
index a1292e66a6c2f..128ca3b643af9 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx
@@ -9,13 +9,13 @@ import React from 'react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 import { render } from '@testing-library/react';
 import { InvestigationGuide } from './investigation_guide';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import {
   INVESTIGATION_GUIDE_BUTTON_TEST_ID,
   INVESTIGATION_GUIDE_LOADING_TEST_ID,
   INVESTIGATION_GUIDE_TEST_ID,
 } from './test_ids';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import type { ExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide';
@@ -33,9 +33,9 @@ const PREVIEW_MESSAGE = 'Investigation guide is not available in alert preview.'
 const renderInvestigationGuide = () =>
   render(
     <IntlProvider locale="en">
-      <RightPanelContext.Provider value={mockContextValue}>
+      <DocumentDetailsContext.Provider value={mockContextValue}>
         <InvestigationGuide />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </IntlProvider>
   );
 
@@ -109,9 +109,9 @@ describe('<InvestigationGuide />', () => {
   it('should render preview message when flyout is in preview', () => {
     const { queryByTestId, getByTestId } = render(
       <IntlProvider locale="en">
-        <RightPanelContext.Provider value={{ ...mockContextValue, isPreview: true }}>
+        <DocumentDetailsContext.Provider value={{ ...mockContextValue, isPreview: true }}>
           <InvestigationGuide />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </IntlProvider>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx
index 4b19af37fcfea..33fa0db42c453 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx
@@ -10,7 +10,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInvestigationTab } from '../../left';
 import {
@@ -26,7 +26,7 @@ import {
 export const InvestigationGuide: React.FC = () => {
   const { openLeftPanel } = useExpandableFlyoutApi();
   const { eventId, indexName, scopeId, dataFormattedForFieldBrowser, isPreview } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
 
   const { loading, error, basicAlertData, ruleNote } = useInvestigationGuide({
     dataFormattedForFieldBrowser,
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx
index 192befd46f339..7f137dc1815c8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx
@@ -14,12 +14,12 @@ import {
   INVESTIGATION_GUIDE_TEST_ID,
   HIGHLIGHTED_FIELDS_TITLE_TEST_ID,
 } from './test_ids';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { InvestigationSection } from './investigation_section';
 import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { useExpandSection } from '../hooks/use_expand_section';
 
 jest.mock('../../../../detection_engine/rule_management/logic/use_rule_with_fallback');
@@ -36,9 +36,9 @@ const renderInvestigationSection = (contextValue = panelContextValue) =>
   render(
     <IntlProvider locale="en">
       <TestProvider>
-        <RightPanelContext.Provider value={contextValue}>
+        <DocumentDetailsContext.Provider value={contextValue}>
           <InvestigationSection />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </IntlProvider>
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx
index 167db7aebc058..b211fa597df5f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx
@@ -15,7 +15,7 @@ import { INVESTIGATION_SECTION_TEST_ID } from './test_ids';
 import { InvestigationGuide } from './investigation_guide';
 import { getField } from '../../shared/utils';
 import { EventKind } from '../../shared/constants/event_kinds';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 const KEY = 'investigation';
 
@@ -24,7 +24,7 @@ const KEY = 'investigation';
  * It contains investigation guide (alerts only) and highlighted fields
  */
 export const InvestigationSection = memo(() => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const eventKind = getField(getFieldsData('event.kind'));
 
   const expanded = useExpandSection({ title: KEY, defaultValue: true });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx
index 41a7e7b0e3da9..34245fc136f47 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx
@@ -8,21 +8,21 @@
 import React from 'react';
 import { act, render } from '@testing-library/react';
 import { MitreAttack } from './mitre_attack';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { MITRE_ATTACK_DETAILS_TEST_ID, MITRE_ATTACK_TITLE_TEST_ID } from './test_ids';
 import { mockSearchHit } from '../../shared/mocks/mock_search_hit';
 
-const renderMitreAttack = (contextValue: RightPanelContext) =>
+const renderMitreAttack = (contextValue: DocumentDetailsContext) =>
   render(
-    <RightPanelContext.Provider value={contextValue}>
+    <DocumentDetailsContext.Provider value={contextValue}>
       <MitreAttack />
-    </RightPanelContext.Provider>
+    </DocumentDetailsContext.Provider>
   );
 
 // FLAKY: https://github.com/elastic/kibana/issues/176002
 describe.skip('<MitreAttack />', () => {
   it('should render mitre attack information', async () => {
-    const contextValue = { searchHit: mockSearchHit } as unknown as RightPanelContext;
+    const contextValue = { searchHit: mockSearchHit } as unknown as DocumentDetailsContext;
 
     const { getByTestId } = renderMitreAttack(contextValue);
 
@@ -37,7 +37,7 @@ describe.skip('<MitreAttack />', () => {
       searchHit: {
         some_field: 'some_value',
       },
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderMitreAttack(contextValue);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx
index e84c7b8759140..2c7a45dc17346 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx
@@ -10,10 +10,10 @@ import type { FC } from 'react';
 import React, { useMemo } from 'react';
 import { MITRE_ATTACK_DETAILS_TEST_ID, MITRE_ATTACK_TITLE_TEST_ID } from './test_ids';
 import { getMitreComponentParts } from '../../../../detections/mitre/get_mitre_threat_component';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 export const MitreAttack: FC = () => {
-  const { searchHit } = useRightPanelContext();
+  const { searchHit } = useDocumentDetailsContext();
   const threatDetails = useMemo(() => getMitreComponentParts(searchHit), [searchHit]);
 
   if (!threatDetails || !threatDetails[0]) {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx
index f516ddb0860d7..d2fa414ac746a 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx
@@ -7,7 +7,7 @@
 
 import { render } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { PREVALENCE_TEST_ID } from './test_ids';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
@@ -22,7 +22,7 @@ import {
   EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID,
 } from '../../../shared/components/test_ids';
 import { usePrevalence } from '../../shared/hooks/use_prevalence';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 
 jest.mock('../../shared/hooks/use_prevalence');
@@ -43,12 +43,12 @@ jest.mock('@kbn/expandable-flyout', () => ({
   ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
 }));
 
-const renderPrevalenceOverview = (contextValue: RightPanelContext = mockContextValue) =>
+const renderPrevalenceOverview = (contextValue: DocumentDetailsContext = mockContextValue) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <PrevalenceOverview />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx
index 527e2f16e0f60..7135df1ec79ec 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx
@@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 import { usePrevalence } from '../../shared/hooks/use_prevalence';
 import { PREVALENCE_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details';
@@ -29,7 +29,7 @@ const DEFAULT_TO = 'now';
  */
 export const PrevalenceOverview: FC = () => {
   const { eventId, indexName, dataFormattedForFieldBrowser, scopeId, investigationFields } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
   const { openLeftPanel } = useExpandableFlyoutApi();
 
   const goPrevalenceTab = useCallback(() => {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx
index 46e9230830f33..e69f2d833e949 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx
@@ -9,13 +9,12 @@ import React from 'react';
 import { render } from '@testing-library/react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 import { REASON_DETAILS_PREVIEW_BUTTON_TEST_ID, REASON_TITLE_TEST_ID } from './test_ids';
-import { Reason } from './reason';
-import { RightPanelContext } from '../context';
+import { Reason, ALERT_REASON_BANNER } from './reason';
+import { DocumentDetailsContext } from '../../shared/context';
 import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { DocumentDetailsPreviewPanelKey } from '../../shared/constants/panel_keys';
+import { DocumentDetailsAlertReasonPanelKey } from '../../shared/constants/panel_keys';
 import { TestProviders } from '../../../../common/mock';
-import { i18n } from '@kbn/i18n';
 import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { createTelemetryServiceMock } from '../../../../common/lib/telemetry/telemetry_service.mock';
 
@@ -45,15 +44,15 @@ const panelContextValue = {
   scopeId: 'scopeId',
   dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
   getFieldsData: mockGetFieldsData,
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
-const renderReason = (panelContext: RightPanelContext = panelContextValue) =>
+const renderReason = (panelContext: DocumentDetailsContext = panelContextValue) =>
   render(
     <TestProviders>
       <IntlProvider locale="en">
-        <RightPanelContext.Provider value={panelContext}>
+        <DocumentDetailsContext.Provider value={panelContext}>
           <Reason />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </IntlProvider>
     </TestProviders>
   );
@@ -92,7 +91,7 @@ describe('<Reason />', () => {
     const panelContext = {
       ...panelContextValue,
       getFieldsData: () => {},
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByText } = renderReason(panelContext);
 
@@ -105,22 +104,12 @@ describe('<Reason />', () => {
     getByTestId(REASON_DETAILS_PREVIEW_BUTTON_TEST_ID).click();
 
     expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({
-      id: DocumentDetailsPreviewPanelKey,
-      path: { tab: 'alert-reason-preview' },
+      id: DocumentDetailsAlertReasonPanelKey,
       params: {
         id: panelContextValue.eventId,
         indexName: panelContextValue.indexName,
         scopeId: panelContextValue.scopeId,
-        banner: {
-          title: i18n.translate(
-            'xpack.securitySolution.flyout.right.about.reason.alertReasonPreviewTitle',
-            {
-              defaultMessage: 'Preview alert reason',
-            }
-          ),
-          backgroundColor: 'warning',
-          textColor: 'warning',
-        },
+        banner: ALERT_REASON_BANNER,
       },
     });
   });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx
index 5400052295c22..1ce7e9ed53949 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx
@@ -14,15 +14,25 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { useKibana } from '../../../../common/lib/kibana';
 import { getField } from '../../shared/utils';
-import { DocumentDetailsPreviewPanelKey } from '../../shared/constants/panel_keys';
-import { AlertReasonPreviewPanel } from '../../preview';
+import { DocumentDetailsAlertReasonPanelKey } from '../../shared/constants/panel_keys';
 import {
   REASON_DETAILS_PREVIEW_BUTTON_TEST_ID,
   REASON_DETAILS_TEST_ID,
   REASON_TITLE_TEST_ID,
 } from './test_ids';
 import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
+
+export const ALERT_REASON_BANNER = {
+  title: i18n.translate(
+    'xpack.securitySolution.flyout.right.about.reason.alertReasonPreviewTitle',
+    {
+      defaultMessage: 'Preview alert reason',
+    }
+  ),
+  backgroundColor: 'warning',
+  textColor: 'warning',
+};
 
 /**
  * Displays the information provided by the rowRenderer. Supports multiple types of documents.
@@ -30,29 +40,19 @@ import { useRightPanelContext } from '../context';
 export const Reason: FC = () => {
   const { telemetry } = useKibana().services;
   const { eventId, indexName, scopeId, dataFormattedForFieldBrowser, getFieldsData } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
   const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
   const alertReason = getField(getFieldsData(ALERT_REASON));
 
   const { openPreviewPanel } = useExpandableFlyoutApi();
   const openRulePreview = useCallback(() => {
     openPreviewPanel({
-      id: DocumentDetailsPreviewPanelKey,
-      path: { tab: AlertReasonPreviewPanel },
+      id: DocumentDetailsAlertReasonPanelKey,
       params: {
         id: eventId,
         indexName,
         scopeId,
-        banner: {
-          title: i18n.translate(
-            'xpack.securitySolution.flyout.right.about.reason.alertReasonPreviewTitle',
-            {
-              defaultMessage: 'Preview alert reason',
-            }
-          ),
-          backgroundColor: 'warning',
-          textColor: 'warning',
-        },
+        banner: ALERT_REASON_BANNER,
       },
     });
     telemetry.reportDetailsFlyoutOpened({
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx
index 2c0e5a5d5574a..3765daec05496 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx
@@ -8,9 +8,9 @@
 import React from 'react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { RESPONSE_BUTTON_TEST_ID, RESPONSE_EMPTY_TEST_ID } from './test_ids';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { ResponseButton } from './response_button';
 import type { SearchHit } from '../../../../../common/search_strategy';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
@@ -30,13 +30,13 @@ const mockValidSearchHit = {
   },
 } as unknown as SearchHit;
 
-const renderResponseButton = (panelContextValue: RightPanelContext = mockContextValue) =>
+const renderResponseButton = (panelContextValue: DocumentDetailsContext = mockContextValue) =>
   render(
     <IntlProvider locale="en">
       <TestProvider>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <ResponseButton />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </IntlProvider>
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx
index 36b941886383f..206c4d32a4238 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx
@@ -8,7 +8,7 @@ import React, { useCallback } from 'react';
 import { EuiButton } from '@elastic/eui';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelResponseTab } from '../../left';
 import { RESPONSE_BUTTON_TEST_ID } from './test_ids';
@@ -18,7 +18,7 @@ import { RESPONSE_BUTTON_TEST_ID } from './test_ids';
  */
 export const ResponseButton: React.FC = () => {
   const { openLeftPanel } = useExpandableFlyoutApi();
-  const { eventId, indexName, scopeId } = useRightPanelContext();
+  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
 
   const goToResponseTab = useCallback(() => {
     openLeftPanel({
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx
index 60ccf34154297..a401b8da14adb 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx
@@ -13,8 +13,8 @@ import {
   RESPONSE_SECTION_CONTENT_TEST_ID,
   RESPONSE_SECTION_HEADER_TEST_ID,
 } from './test_ids';
-import { RightPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { ResponseSection } from './response_section';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
 import { useExpandSection } from '../hooks/use_expand_section';
@@ -27,9 +27,9 @@ const renderResponseSection = () =>
   render(
     <IntlProvider locale="en">
       <TestProvider>
-        <RightPanelContext.Provider value={mockContextValue}>
+        <DocumentDetailsContext.Provider value={mockContextValue}>
           <ResponseSection />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </IntlProvider>
   );
@@ -70,14 +70,14 @@ describe('<ResponseSection />', () => {
     const { getByTestId } = render(
       <IntlProvider locale="en">
         <TestProvider>
-          <RightPanelContext.Provider
+          <DocumentDetailsContext.Provider
             value={{
               ...mockContextValue,
               getFieldsData: mockGetFieldsData,
             }}
           >
             <ResponseSection />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProvider>
       </IntlProvider>
     );
@@ -90,9 +90,9 @@ describe('<ResponseSection />', () => {
     const { getByTestId } = render(
       <IntlProvider locale="en">
         <TestProvider>
-          <RightPanelContext.Provider value={{ ...mockContextValue, isPreview: true }}>
+          <DocumentDetailsContext.Provider value={{ ...mockContextValue, isPreview: true }}>
             <ResponseSection />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProvider>
       </IntlProvider>
     );
@@ -111,14 +111,14 @@ describe('<ResponseSection />', () => {
     const { container } = render(
       <IntlProvider locale="en">
         <TestProvider>
-          <RightPanelContext.Provider
+          <DocumentDetailsContext.Provider
             value={{
               ...mockContextValue,
               getFieldsData: mockGetFieldsData,
             }}
           >
             <ResponseSection />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProvider>
       </IntlProvider>
     );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx
index a95d44abafe0e..6a802dfd94cf4 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx
@@ -10,7 +10,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { useExpandSection } from '../hooks/use_expand_section';
 import { ResponseButton } from './response_button';
 import { ExpandableSection } from './expandable_section';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getField } from '../../shared/utils';
 import { EventKind } from '../../shared/constants/event_kinds';
 import { RESPONSE_SECTION_TEST_ID } from './test_ids';
@@ -21,7 +21,7 @@ const KEY = 'response';
  * Most bottom section of the overview tab. It contains a summary of the response tab.
  */
 export const ResponseSection = memo(() => {
-  const { isPreview, getFieldsData } = useRightPanelContext();
+  const { isPreview, getFieldsData } = useDocumentDetailsContext();
 
   const expanded = useExpandSection({ title: KEY, defaultValue: false });
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx
index d0b006794ac32..ce6093703f735 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx
@@ -8,17 +8,17 @@
 import React from 'react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { RISK_SCORE_TITLE_TEST_ID, RISK_SCORE_VALUE_TEST_ID } from './test_ids';
 import { RiskScore } from './risk_score';
 import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
 
-const renderRiskScore = (contextValue: RightPanelContext) =>
+const renderRiskScore = (contextValue: DocumentDetailsContext) =>
   render(
     <IntlProvider locale="en">
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <RiskScore />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </IntlProvider>
   );
 
@@ -26,7 +26,7 @@ describe('<RiskScore />', () => {
   it('should render risk score information', () => {
     const contextValue = {
       getFieldsData: jest.fn().mockImplementation(mockGetFieldsData),
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId } = renderRiskScore(contextValue);
 
@@ -39,7 +39,7 @@ describe('<RiskScore />', () => {
   it('should render empty component if missing getFieldsData value', () => {
     const contextValue = {
       getFieldsData: jest.fn(),
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderRiskScore(contextValue);
 
@@ -49,7 +49,7 @@ describe('<RiskScore />', () => {
   it('should render empty component if getFieldsData is invalid', () => {
     const contextValue = {
       getFieldsData: jest.fn().mockImplementation(() => 123),
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderRiskScore(contextValue);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx
index 95c5310b4d992..dfa03cabd53e6 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx
@@ -10,13 +10,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui';
 import { ALERT_RISK_SCORE } from '@kbn/rule-data-utils';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { RISK_SCORE_TITLE_TEST_ID, RISK_SCORE_VALUE_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 /**
  * Document details risk score displayed in flyout right section header
  */
 export const RiskScore = memo(() => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const fieldsData = getFieldsData(ALERT_RISK_SCORE);
 
   if (!fieldsData) {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx
index 97fcd563a9ef7..8f7736f6a1d35 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx
@@ -10,7 +10,7 @@ import { useProcessData } from '../hooks/use_process_data';
 import { SessionPreview } from './session_preview';
 import { TestProviders } from '../../../../common/mock';
 import React from 'react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
 import { SESSION_PREVIEW_RULE_DETAILS_LINK_TEST_ID } from './test_ids';
 import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link';
@@ -23,15 +23,15 @@ const panelContextValue = {
   indexName: 'indexName',
   browserFields: {},
   dataFormattedForFieldBrowser: [],
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const renderSessionPreview = () =>
   render(
     <TestProviders>
       <TestProvider>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <SessionPreview />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </TestProviders>
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx
index a50d2e9188c88..b9610823619a1 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx
@@ -12,7 +12,7 @@ import { css } from '@emotion/react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link';
 import { SESSION_PREVIEW_RULE_DETAILS_LINK_TEST_ID, SESSION_PREVIEW_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { PreferenceFormattedDate } from '../../../../common/components/formatted_date';
 import { useProcessData } from '../hooks/use_process_data';
 
@@ -36,7 +36,7 @@ const ValueContainer: FC<PropsWithChildren<{ text?: ReactElement }>> = ({ text,
  * Renders session preview under Visualizations section in the flyout right EuiPanel
  */
 export const SessionPreview: FC = () => {
-  const { isPreview } = useRightPanelContext();
+  const { isPreview } = useDocumentDetailsContext();
 
   const { processName, userName, startAt, ruleName, ruleId, workdir, command } = useProcessData();
   const { euiTheme } = useEuiTheme();
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx
index 80d9c81a064e8..f6f56f1c9cd2a 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx
@@ -8,7 +8,7 @@
 import { render, screen } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
 import React from 'react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { SessionPreviewContainer } from './session_preview_container';
 import { useSessionPreview } from '../hooks/use_session_preview';
 import { useLicense } from '../../../../common/hooks/use_license';
@@ -32,7 +32,7 @@ const UPSELL_TEXT = 'This feature requires an Enterprise subscription';
 
 const panelContextValue = {
   getFieldsData: mockGetFieldsData,
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const sessionViewConfig = {
   index: {},
@@ -43,9 +43,9 @@ const sessionViewConfig = {
 const renderSessionPreview = (context = panelContextValue) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={context}>
+      <DocumentDetailsContext.Provider value={context}>
         <SessionPreviewContainer />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx
index 54990dd6b67f8..43a19667d4fb6 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx
@@ -15,7 +15,7 @@ import { useLicense } from '../../../../common/hooks/use_license';
 import { SessionPreview } from './session_preview';
 import { useSessionPreview } from '../hooks/use_session_preview';
 import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 import { SESSION_PREVIEW_TEST_ID } from './test_ids';
@@ -30,7 +30,7 @@ const timelineId = 'timeline-1';
  */
 export const SessionPreviewContainer: FC = () => {
   const { dataAsNestedObject, getFieldsData, isPreview, dataFormattedForFieldBrowser } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
 
   // decide whether to show the session view or not
   const sessionViewConfig = useSessionPreview({ getFieldsData, dataFormattedForFieldBrowser });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx
index 0a61ccacac201..5402f6f229671 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx
@@ -7,18 +7,18 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { SEVERITY_VALUE_TEST_ID } from './test_ids';
 import { DocumentSeverity } from './severity';
 import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
 import { TestProviders } from '../../../../common/mock';
 
-const renderDocumentSeverity = (contextValue: RightPanelContext) =>
+const renderDocumentSeverity = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <DocumentSeverity />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
@@ -27,7 +27,7 @@ describe('<DocumentSeverity />', () => {
     const contextValue = {
       getFieldsData: jest.fn().mockImplementation(mockGetFieldsData),
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId } = renderDocumentSeverity(contextValue);
 
@@ -40,7 +40,7 @@ describe('<DocumentSeverity />', () => {
     const contextValue = {
       getFieldsData: jest.fn(),
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderDocumentSeverity(contextValue);
 
@@ -51,7 +51,7 @@ describe('<DocumentSeverity />', () => {
     const contextValue = {
       getFieldsData: jest.fn().mockImplementation(() => ['abc']),
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderDocumentSeverity(contextValue);
 
@@ -62,7 +62,7 @@ describe('<DocumentSeverity />', () => {
     const contextValue = {
       getFieldsData: jest.fn().mockImplementation(() => 'abc'),
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderDocumentSeverity(contextValue);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx
index 275affef442de..0ecd0928697c4 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx
@@ -9,7 +9,7 @@ import React, { memo } from 'react';
 import { ALERT_SEVERITY } from '@kbn/rule-data-utils';
 import type { Severity } from '@kbn/securitysolution-io-ts-alerting-types';
 import { CellActions } from './cell_actions';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { SeverityBadge } from '../../../../common/components/severity_badge';
 
 const isSeverity = (x: unknown): x is Severity =>
@@ -19,7 +19,7 @@ const isSeverity = (x: unknown): x is Severity =>
  * Document details severity displayed in flyout right section header
  */
 export const DocumentSeverity = memo(() => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
   const fieldsData = getFieldsData(ALERT_SEVERITY);
 
   if (!fieldsData) {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx
index 2d11e3dc24f48..9cb3d61343875 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { DocumentStatus } from './status';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
 import { TestProviders } from '../../../../common/mock';
@@ -17,13 +17,13 @@ import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
 
 jest.mock('../../../../detections/components/alerts_table/timeline_actions/use_alerts_actions');
 
-const renderStatus = (contextValue: RightPanelContext) =>
+const renderStatus = (contextValue: DocumentDetailsContext) =>
   render(
     <TestProviders>
       <TestProvider>
-        <RightPanelContext.Provider value={contextValue}>
+        <DocumentDetailsContext.Provider value={contextValue}>
           <DocumentStatus />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </TestProviders>
   );
@@ -45,7 +45,7 @@ describe('<DocumentStatus />', () => {
       browserFields: {},
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId, getByText } = renderStatus(contextValue);
 
@@ -62,7 +62,7 @@ describe('<DocumentStatus />', () => {
       browserFields: {},
       dataFormattedForFieldBrowser: [],
       scopeId: 'scopeId',
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderStatus(contextValue);
 
@@ -76,7 +76,7 @@ describe('<DocumentStatus />', () => {
       dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
       scopeId: 'scopeId',
       isPreview: true,
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { container } = renderStatus(contextValue);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx
index a97e009e11556..2737a5a608b5a 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx
@@ -18,7 +18,7 @@ import type {
 } from '../../../../common/components/event_details/types';
 import { SIGNAL_STATUS_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants';
 import { StatusPopoverButton } from '../../../../common/components/event_details/overview/status_popover_button';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { getEnrichedFieldInfo } from '../../../../common/components/event_details/helpers';
 import { CellActions } from './cell_actions';
 import { STATUS_TITLE_TEST_ID } from './test_ids';
@@ -36,7 +36,7 @@ function hasData(fieldInfo?: EnrichedFieldInfo): fieldInfo is EnrichedFieldInfoW
 export const DocumentStatus: FC = () => {
   const { closeFlyout } = useExpandableFlyoutApi();
   const { eventId, browserFields, dataFormattedForFieldBrowser, scopeId, isPreview } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
 
   const statusData = useMemo(() => {
     const item = find(
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx
index 9cb6da0b929f8..542aae9ce18c0 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { useExpandableFlyoutApi, type ExpandableFlyoutApi } from '@kbn/expandable-flyout';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TestProviders } from '../../../../common/mock';
 import { ThreatIntelligenceOverview } from './threat_intelligence_overview';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
@@ -46,18 +46,18 @@ const panelContextValue = {
   eventId: 'event id',
   indexName: 'indexName',
   dataFormattedForFieldBrowser: [],
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 jest.mock('@kbn/expandable-flyout', () => ({
   useExpandableFlyoutApi: jest.fn(),
   ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
 }));
 
-const renderThreatIntelligenceOverview = (contextValue: RightPanelContext) => (
+const renderThreatIntelligenceOverview = (contextValue: DocumentDetailsContext) => (
   <TestProviders>
-    <RightPanelContext.Provider value={contextValue}>
+    <DocumentDetailsContext.Provider value={contextValue}>
       <ThreatIntelligenceOverview />
-    </RightPanelContext.Provider>
+    </DocumentDetailsContext.Provider>
   </TestProviders>
 );
 
@@ -161,9 +161,9 @@ describe('<ThreatIntelligenceOverview />', () => {
     });
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={panelContextValue}>
+        <DocumentDetailsContext.Provider value={panelContextValue}>
           <ThreatIntelligenceOverview />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx
index 351c09f71d3f7..1bc0191f8bce2 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx
@@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligence';
 import { InsightsSummaryRow } from './insights_summary_row';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
@@ -25,7 +25,7 @@ import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelli
  * and the SummaryPanel component for data rendering.
  */
 export const ThreatIntelligenceOverview: FC = () => {
-  const { eventId, indexName, scopeId, dataFormattedForFieldBrowser } = useRightPanelContext();
+  const { eventId, indexName, scopeId, dataFormattedForFieldBrowser } = useDocumentDetailsContext();
   const { openLeftPanel } = useExpandableFlyoutApi();
 
   const goToThreatIntelligenceTab = useCallback(() => {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx
index 60b655d3c63c7..f0cc3f1da8559 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx
@@ -8,8 +8,8 @@
 import React from 'react';
 import { render, waitFor, fireEvent } from '@testing-library/react';
 import { RightPanelTour } from './tour';
-import { RightPanelContext } from '../context';
-import { mockContextValue } from '../mocks/mock_context';
+import { DocumentDetailsContext } from '../../shared/context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import {
   createMockStore,
   createSecuritySolutionStorageMock,
@@ -37,15 +37,15 @@ const mockCasesContract = casesPluginMock.createStartContract();
 const mockUseIsAddToCaseOpen = mockCasesContract.hooks.useIsAddToCaseOpen as jest.Mock;
 mockUseIsAddToCaseOpen.mockReturnValue(false);
 
-const renderRightPanelTour = (context: RightPanelContext = mockContextValue) =>
+const renderRightPanelTour = (context: DocumentDetailsContext = mockContextValue) =>
   render(
     <TestProviders store={mockStore}>
-      <RightPanelContext.Provider value={context}>
+      <DocumentDetailsContext.Provider value={context}>
         <RightPanelTour />
         {Object.values(FLYOUT_TOUR_CONFIG_ANCHORS).map((i, idx) => (
           <div key={idx} data-test-subj={i} />
         ))}
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx
index 9fd7219007dd8..621bf90d823c3 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx
@@ -7,7 +7,7 @@
 
 import React, { memo, useMemo, useCallback } from 'react';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import { FlyoutTour } from '../../shared/components/flyout_tour';
 import {
   getRightSectionTourSteps,
@@ -35,7 +35,7 @@ export const RightPanelTour = memo(() => {
   const { isTourShown: isGuidedOnboardingTourShown } = useTourContext();
 
   const { openLeftPanel, openRightPanel } = useExpandableFlyoutApi();
-  const { eventId, indexName, scopeId, isPreview, getFieldsData } = useRightPanelContext();
+  const { eventId, indexName, scopeId, isPreview, getFieldsData } = useDocumentDetailsContext();
 
   const eventKind = getField(getFieldsData('event.kind'));
   const isAlert = eventKind === EventKind.signal;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx
index 23de6a14d7d5a..fd703e401b6d4 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx
@@ -7,7 +7,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
-import { UserEntityOverview } from './user_entity_overview';
+import { UserEntityOverview, USER_PREVIEW_BANNER } from './user_entity_overview';
 import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
 import {
   ENTITIES_USER_OVERVIEW_DOMAIN_TEST_ID,
@@ -17,14 +17,17 @@ import {
   ENTITIES_USER_OVERVIEW_LOADING_TEST_ID,
 } from './test_ids';
 import { useObservedUserDetails } from '../../../../explore/users/containers/users/observed_details';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { ENTITIES_TAB_ID } from '../../left/components/entities_details';
 import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
-import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
 
 const userName = 'user';
 const domain = 'n54bg2lfc7';
@@ -46,9 +49,13 @@ jest.mock('@kbn/expandable-flyout', () => ({
   ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
 }));
 
-const flyoutContextValue = {
-  openLeftPanel: jest.fn(),
-} as unknown as ExpandableFlyoutApi;
+jest.mock('../../../../common/hooks/use_experimental_features');
+const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock;
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
 
 const mockUseGlobalTime = jest.fn().mockReturnValue({ from, to });
 jest.mock('../../../../common/containers/use_global_time', () => {
@@ -76,15 +83,16 @@ jest.mock('../../../../common/containers/use_first_last_seen');
 const renderUserEntityOverview = () =>
   render(
     <TestProviders>
-      <RightPanelContext.Provider value={panelContextValue}>
+      <DocumentDetailsContext.Provider value={panelContextValue}>
         <UserEntityOverview userName={userName} />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </TestProviders>
   );
 
 describe('<UserEntityOverview />', () => {
   beforeAll(() => {
-    jest.mocked(useExpandableFlyoutApi).mockReturnValue(flyoutContextValue);
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+    mockUseIsExperimentalFeatureEnabled.mockReturnValue(false);
   });
 
   describe('license is valid', () => {
@@ -139,9 +147,9 @@ describe('<UserEntityOverview />', () => {
 
       const { getByTestId, queryByTestId } = render(
         <TestProviders>
-          <RightPanelContext.Provider value={panelContextValue}>
+          <DocumentDetailsContext.Provider value={panelContextValue}>
             <UserEntityOverview userName={userName} />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProviders>
       );
       expect(getByTestId(ENTITIES_USER_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument();
@@ -154,29 +162,29 @@ describe('<UserEntityOverview />', () => {
 
       const { getByTestId, queryByTestId } = render(
         <TestProviders>
-          <RightPanelContext.Provider value={panelContextValue}>
+          <DocumentDetailsContext.Provider value={panelContextValue}>
             <UserEntityOverview userName={userName} />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProviders>
       );
       expect(getByTestId(ENTITIES_USER_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument();
       expect(queryByTestId(ENTITIES_USER_OVERVIEW_DOMAIN_TEST_ID)).not.toBeInTheDocument();
     });
 
-    it('should navigate to left panel entities tab when clicking on title', () => {
+    it('should navigate to left panel entities tab when clicking on title when feature flag is off', () => {
       mockUseUserDetails.mockReturnValue([false, { userDetails: userData }]);
       mockUseRiskScore.mockReturnValue({ data: riskLevel, isAuthorized: true });
 
       const { getByTestId } = render(
         <TestProviders>
-          <RightPanelContext.Provider value={panelContextValue}>
+          <DocumentDetailsContext.Provider value={panelContextValue}>
             <UserEntityOverview userName={userName} />
-          </RightPanelContext.Provider>
+          </DocumentDetailsContext.Provider>
         </TestProviders>
       );
 
       getByTestId(ENTITIES_USER_OVERVIEW_LINK_TEST_ID).click();
-      expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({
+      expect(mockFlyoutApi.openLeftPanel).toHaveBeenCalledWith({
         id: DocumentDetailsLeftPanelKey,
         path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID },
         params: {
@@ -186,5 +194,29 @@ describe('<UserEntityOverview />', () => {
         },
       });
     });
+
+    it('should open user preview if feature flag is true', () => {
+      mockUseUserDetails.mockReturnValue([false, { userDetails: userData }]);
+      mockUseRiskScore.mockReturnValue({ data: riskLevel, isAuthorized: true });
+      mockUseIsExperimentalFeatureEnabled.mockReturnValue(true);
+
+      const { getByTestId } = render(
+        <TestProviders>
+          <DocumentDetailsContext.Provider value={panelContextValue}>
+            <UserEntityOverview userName={userName} />
+          </DocumentDetailsContext.Provider>
+        </TestProviders>
+      );
+
+      getByTestId(ENTITIES_USER_OVERVIEW_LINK_TEST_ID).click();
+      expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({
+        id: UserPreviewPanelKey,
+        params: {
+          userName,
+          scopeId: mockContextValue.scopeId,
+          banner: USER_PREVIEW_BANNER,
+        },
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx
index 49dfa9df1c0ba..47938e5212e7c 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx
@@ -19,10 +19,11 @@ import { css } from '@emotion/css';
 import { getOr } from 'lodash/fp';
 import { i18n } from '@kbn/i18n';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys';
 import { LeftPanelInsightsTab } from '../../left';
 import { ENTITIES_TAB_ID } from '../../left/components/entities_details';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import type { DescriptionList } from '../../../../../common/utility_types';
 import { getField } from '../../shared/utils';
 import { CellActions } from './cell_actions';
@@ -54,6 +55,7 @@ import {
 } from './test_ids';
 import { useObservedUserDetails } from '../../../../explore/users/containers/users/observed_details';
 import { RiskScoreDocTooltip } from '../../../../overview/components/common';
+import { UserPreviewPanelKey } from '../../../entity_details/user_right';
 
 const USER_ICON = 'user';
 
@@ -64,12 +66,23 @@ export interface UserEntityOverviewProps {
   userName: string;
 }
 
+export const USER_PREVIEW_BANNER = {
+  title: i18n.translate('xpack.securitySolution.flyout.right.user.userPreviewTitle', {
+    defaultMessage: 'Preview user',
+  }),
+  backgroundColor: 'warning',
+  textColor: 'warning',
+};
+
 /**
  * User preview content for the entities preview in right flyout. It contains ip addresses and risk level
  */
 export const UserEntityOverview: React.FC<UserEntityOverviewProps> = ({ userName }) => {
-  const { eventId, indexName, scopeId } = useRightPanelContext();
-  const { openLeftPanel } = useExpandableFlyoutApi();
+  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
+  const { openLeftPanel, openPreviewPanel } = useExpandableFlyoutApi();
+
+  const isPreviewEnabled = useIsExperimentalFeatureEnabled('entityAlertPreviewEnabled');
+
   const goToEntitiesTab = useCallback(() => {
     openLeftPanel({
       id: DocumentDetailsLeftPanelKey,
@@ -82,6 +95,17 @@ export const UserEntityOverview: React.FC<UserEntityOverviewProps> = ({ userName
     });
   }, [eventId, openLeftPanel, indexName, scopeId]);
 
+  const openUserPreview = useCallback(() => {
+    openPreviewPanel({
+      id: UserPreviewPanelKey,
+      params: {
+        userName,
+        scopeId,
+        banner: USER_PREVIEW_BANNER,
+      },
+    });
+  }, [openPreviewPanel, userName, scopeId]);
+
   const { from, to } = useGlobalTime();
   const { selectedPatterns } = useSourcererDataView();
 
@@ -199,7 +223,7 @@ export const UserEntityOverview: React.FC<UserEntityOverviewProps> = ({ userName
                 font-size: ${xsFontSize};
                 font-weight: ${euiTheme.font.weight.bold};
               `}
-              onClick={goToEntitiesTab}
+              onClick={isPreviewEnabled ? openUserPreview : goToEntitiesTab}
             >
               {userName}
             </EuiLink>
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
index 766f73d7f98e6..36fe53aa41dea 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
@@ -15,9 +15,9 @@ import {
   VISUALIZATIONS_SECTION_HEADER_TEST_ID,
 } from './test_ids';
 import { VisualizationsSection } from './visualizations_section';
-import { mockContextValue } from '../mocks/mock_context';
+import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
@@ -59,9 +59,9 @@ const renderVisualizationsSection = (contextValue = panelContextValue) =>
   render(
     <IntlProvider locale="en">
       <TestProvider>
-        <RightPanelContext.Provider value={contextValue}>
+        <DocumentDetailsContext.Provider value={contextValue}>
           <VisualizationsSection />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProvider>
     </IntlProvider>
   );
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx
index 83d93f03ea26b..100365b0bc6f9 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx
@@ -12,7 +12,7 @@ import styled from 'styled-components';
 import { euiThemeVars } from '@kbn/ui-theme';
 import { DocumentDetailsIsolateHostPanelKey } from '../shared/constants/panel_keys';
 import { FlyoutFooter } from '../../../timelines/components/side_panel/event_details/flyout';
-import { useRightPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
 import { useHostIsolationTools } from '../../../timelines/components/side_panel/event_details/use_host_isolation_tools';
 
 const ContainerDiv = styled('div')`
@@ -40,7 +40,7 @@ export const PanelFooter: FC<PanelFooterProps> = ({ isPreview }) => {
     dataAsNestedObject,
     refetchFlyoutData,
     scopeId,
-  } = useRightPanelContext();
+  } = useDocumentDetailsContext();
   const { isHostIsolationPanelOpen, showHostIsolationPanel } = useHostIsolationTools();
 
   const showHostIsolationPanelCallback = useCallback(
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx
index f77e636ef5901..8130174ebbda6 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx
@@ -13,8 +13,8 @@ import { allThreeTabs } from './hooks/use_tabs';
 import { GuidedOnboardingTourStep } from '../../../common/components/guided_onboarding_tour/tour_step';
 import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers';
 
-jest.mock('./context', () => ({
-  useRightPanelContext: jest.fn().mockReturnValue({ dataFormattedForFieldBrowser: [] }),
+jest.mock('../shared/context', () => ({
+  useDocumentDetailsContext: jest.fn().mockReturnValue({ dataFormattedForFieldBrowser: [] }),
 }));
 jest.mock('../../../timelines/components/side_panel/event_details/helpers', () => ({
   useBasicDataFromDetailsData: jest.fn(),
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx
index b85476d2679fc..22e6df6d01fd7 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx
@@ -14,7 +14,7 @@ import { FlyoutHeader } from '../../shared/components/flyout_header';
 import { FlyoutHeaderTabs } from '../../shared/components/flyout_header_tabs';
 import { AlertHeaderTitle } from './components/alert_header_title';
 import { EventHeaderTitle } from './components/event_header_title';
-import { useRightPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
 import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers';
 import {
   AlertsCasesTourSteps,
@@ -41,7 +41,7 @@ export interface PanelHeaderProps {
 
 export const PanelHeader: FC<PanelHeaderProps> = memo(
   ({ selectedTabId, setSelectedTabId, tabs }) => {
-    const { dataFormattedForFieldBrowser } = useRightPanelContext();
+    const { dataFormattedForFieldBrowser } = useDocumentDetailsContext();
     const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
     const onSelectedTabChanged = (id: RightPanelPaths) => setSelectedTabId(id);
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx
index 01b7b62e19b01..31eb78975d195 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx
@@ -8,7 +8,7 @@
 import { getUserDisplayName, useProcessData } from './use_process_data';
 import { renderHook } from '@testing-library/react-hooks';
 import type { FC, PropsWithChildren } from 'react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import React from 'react';
 
 describe('getUserDisplayName', () => {
@@ -59,10 +59,12 @@ describe('getUserDisplayName', () => {
 
 const panelContextValue = {
   getFieldsData: jest.fn().mockReturnValue('test'),
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const ProviderComponent: FC<PropsWithChildren<unknown>> = ({ children }) => (
-  <RightPanelContext.Provider value={panelContextValue}>{children}</RightPanelContext.Provider>
+  <DocumentDetailsContext.Provider value={panelContextValue}>
+    {children}
+  </DocumentDetailsContext.Provider>
 );
 
 describe('useProcessData', () => {
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts
index 8d3edf833e0db..8f02f371a5319 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts
@@ -9,7 +9,7 @@ import { useMemo } from 'react';
 import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
 import type { GetFieldsData } from '../../../../common/hooks/use_get_fields_data';
 import { getField } from '../../shared/utils';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 const FIELD_USER_NAME = 'process.entry_leader.user.name' as const;
 const FIELD_USER_ID = 'process.entry_leader.user.id' as const;
@@ -40,7 +40,7 @@ export const getUserDisplayName = (getFieldsData: GetFieldsData): string => {
  * Returns memoized process-related values for the session preview component
  */
 export const useProcessData = () => {
-  const { getFieldsData } = useRightPanelContext();
+  const { getFieldsData } = useDocumentDetailsContext();
 
   return useMemo(
     () => ({
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx
index 969d481b09407..1f9006b8d04a8 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx
@@ -7,13 +7,13 @@
 
 import type { FC } from 'react';
 import React, { memo, useEffect } from 'react';
-import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { DocumentDetailsRightPanelKey } from '../shared/constants/panel_keys';
 import { useTabs } from './hooks/use_tabs';
 import { FLYOUT_STORAGE_KEYS } from '../shared/constants/local_storage';
 import { useKibana } from '../../../common/lib/kibana';
-import { useRightPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
+import type { DocumentDetailsProps } from '../shared/types';
 import { PanelNavigation } from './navigation';
 import { PanelHeader } from './header';
 import { PanelContent } from './content';
@@ -24,24 +24,14 @@ import { useFlyoutIsExpandable } from './hooks/use_flyout_is_expandable';
 
 export type RightPanelPaths = 'overview' | 'table' | 'json';
 
-export interface RightPanelProps extends FlyoutPanelProps {
-  key: typeof DocumentDetailsRightPanelKey;
-  path?: PanelPath;
-  params?: {
-    id: string;
-    indexName: string;
-    scopeId: string;
-  };
-}
-
 /**
  * Panel to be displayed in the document details expandable flyout right section
  */
-export const RightPanel: FC<Partial<RightPanelProps>> = memo(({ path }) => {
+export const RightPanel: FC<Partial<DocumentDetailsProps>> = memo(({ path }) => {
   const { storage, telemetry } = useKibana().services;
   const { openRightPanel, closeFlyout } = useExpandableFlyoutApi();
   const { eventId, indexName, scopeId, isPreview, dataAsNestedObject, getFieldsData } =
-    useRightPanelContext();
+    useDocumentDetailsContext();
 
   // if the flyout is expandable we render all 3 tabs (overview, table and json)
   // if the flyout is not, we render only table and json
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts
deleted file mode 100644
index 086c272bee359..0000000000000
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { mockBrowserFields } from '../../shared/mocks/mock_browser_fields';
-import { mockSearchHit } from '../../shared/mocks/mock_search_hit';
-import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
-import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object';
-import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import type { RightPanelContext } from '../context';
-
-/**
- * Mock contextValue for right panel context
- */
-export const mockContextValue: RightPanelContext = {
-  eventId: 'eventId',
-  indexName: 'index',
-  scopeId: 'scopeId',
-  getFieldsData: mockGetFieldsData,
-  dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
-  browserFields: mockBrowserFields,
-  dataAsNestedObject: mockDataAsNestedObject,
-  searchHit: mockSearchHit,
-  investigationFields: [],
-  refetchFlyoutData: jest.fn(),
-  isPreview: false,
-};
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx
index 110f6892309ef..b4f12fbabf94f 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx
@@ -12,7 +12,7 @@ import { useKibana } from '../../../common/lib/kibana';
 import { HeaderActions } from './components/header_actions';
 import { FlyoutNavigation } from '../../shared/components/flyout_navigation';
 import { DocumentDetailsLeftPanelKey } from '../shared/constants/panel_keys';
-import { useRightPanelContext } from './context';
+import { useDocumentDetailsContext } from '../shared/context';
 
 interface PanelNavigationProps {
   /**
@@ -24,7 +24,7 @@ interface PanelNavigationProps {
 export const PanelNavigation: FC<PanelNavigationProps> = memo(({ flyoutIsExpandable }) => {
   const { telemetry } = useKibana().services;
   const { openLeftPanel } = useExpandableFlyoutApi();
-  const { eventId, indexName, scopeId } = useRightPanelContext();
+  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
 
   const expandDetails = useCallback(() => {
     openLeftPanel({
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx
index 7a9ab169ccfea..47055c7bde2ae 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx
@@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { JsonTab } from './json_tab';
 import { JSON_TAB_CONTENT_TEST_ID, JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID } from './test_ids';
 
@@ -22,14 +22,14 @@ const searchHit = {
 };
 const contextValue = {
   searchHit,
-} as unknown as RightPanelContext;
+} as unknown as DocumentDetailsContext;
 
 const renderJsonTab = () =>
   render(
     <IntlProvider locale="en">
-      <RightPanelContext.Provider value={contextValue}>
+      <DocumentDetailsContext.Provider value={contextValue}>
         <JsonTab />
-      </RightPanelContext.Provider>
+      </DocumentDetailsContext.Provider>
     </IntlProvider>
   );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx
index 54d82c33b6014..0b8c3e3216f53 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx
@@ -11,7 +11,7 @@ import { EuiButtonEmpty, EuiCopy, EuiFlexGroup, EuiFlexItem } from '@elastic/eui
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { JSON_TAB_CONTENT_TEST_ID, JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID } from './test_ids';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 
 const FLYOUT_BODY_PADDING = 24;
 const COPY_TO_CLIPBOARD_BUTTON_HEIGHT = 24;
@@ -21,7 +21,7 @@ const FLYOUT_FOOTER_HEIGHT = 72;
  * Json view displayed in the document details expandable flyout right section
  */
 export const JsonTab = memo(() => {
-  const { searchHit, isPreview } = useRightPanelContext();
+  const { searchHit, isPreview } = useDocumentDetailsContext();
   const jsonValue = JSON.stringify(searchHit, null, 2);
 
   const flexGroupElement = useRef<HTMLDivElement>(null);
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx
index 08a63c2cd9cc0..0f6f3046ee3af 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import { RightPanelContext } from '../context';
+import { DocumentDetailsContext } from '../../shared/context';
 import { TABLE_TAB_CONTENT_TEST_ID } from './test_ids';
 import { TableTab } from './table_tab';
 import { TestProviders } from '../../../../common/mock';
@@ -28,13 +28,13 @@ describe('<TableTab />', () => {
       eventId: 'some_Id',
       browserFields: {},
       dataFormattedForFieldBrowser: [],
-    } as unknown as RightPanelContext;
+    } as unknown as DocumentDetailsContext;
 
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={contextValue}>
+        <DocumentDetailsContext.Provider value={contextValue}>
           <TableTab />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx
index b00004e936d95..138714693a796 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx
@@ -7,25 +7,17 @@
 
 import React, { memo } from 'react';
 import { EuiText } from '@elastic/eui';
-import { get } from 'lodash';
-import memoizeOne from 'memoize-one';
+import { getFieldFromBrowserField } from '../../../../common/components/event_details/columns';
 import type { EventFieldsData } from '../../../../common/components/event_details/types';
 import { FieldValueCell } from '../../../../common/components/event_details/table/field_value_cell';
-import type { BrowserField, BrowserFields } from '../../../../../common/search_strategy';
 import { FieldNameCell } from '../../../../common/components/event_details/table/field_name_cell';
 import { CellActions } from '../components/cell_actions';
 import * as i18n from '../../../../common/components/event_details/translations';
-import { useRightPanelContext } from '../context';
+import { useDocumentDetailsContext } from '../../shared/context';
 import type { ColumnsProvider } from '../../../../common/components/event_details/event_fields_browser';
 import { EventFieldsBrowser } from '../../../../common/components/event_details/event_fields_browser';
 import { TimelineTabs } from '../../../../../common/types';
 
-export const getFieldFromBrowserField = memoizeOne(
-  (keys: string[], browserFields: BrowserFields): BrowserField | undefined =>
-    get(browserFields, keys),
-  (newArgs, lastArgs) => newArgs[0].join() === lastArgs[0].join()
-);
-
 export const getColumns: ColumnsProvider = ({
   browserFields,
   eventId,
@@ -57,10 +49,7 @@ export const getColumns: ColumnsProvider = ({
     ),
     width: '70%',
     render: (values, data) => {
-      const fieldFromBrowserField = getFieldFromBrowserField(
-        [data.category as string, 'fields', data.field],
-        browserFields
-      );
+      const fieldFromBrowserField = getFieldFromBrowserField(data.field, browserFields);
       return (
         <CellActions field={data.field} value={values} isObjectArray={data.isObjectArray}>
           <FieldValueCell
@@ -82,7 +71,8 @@ export const getColumns: ColumnsProvider = ({
  * Table view displayed in the document details expandable flyout right section
  */
 export const TableTab = memo(() => {
-  const { browserFields, dataFormattedForFieldBrowser, eventId, scopeId } = useRightPanelContext();
+  const { browserFields, dataFormattedForFieldBrowser, eventId, scopeId } =
+    useDocumentDetailsContext();
 
   return (
     <EventFieldsBrowser
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.test.tsx
similarity index 59%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.test.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.test.tsx
index 5dcd75d048218..6db228e75cb81 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.test.tsx
@@ -9,19 +9,19 @@ import { render } from '@testing-library/react';
 import React from 'react';
 import { TestProviders } from '../../../../common/mock';
 import { mockContextValue } from '../mocks/mock_context';
-import { PreviewPanelContext } from '../context';
-import { RULE_PREVIEW_FOOTER_TEST_ID, RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID } from './test_ids';
-import { RulePreviewFooter } from './rule_preview_footer';
+import { RuleOverviewPanelContext } from '../context';
+import { RULE_OVERVIEW_FOOTER_TEST_ID, RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID } from './test_ids';
+import { RuleFooter } from './footer';
 import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link';
 
 jest.mock('../../shared/hooks/use_rule_details_link');
 
-const renderRulePreviewFooter = (contextValue: PreviewPanelContext) =>
+const renderRulePreviewFooter = (contextValue: RuleOverviewPanelContext) =>
   render(
     <TestProviders>
-      <PreviewPanelContext.Provider value={contextValue}>
-        <RulePreviewFooter />
-      </PreviewPanelContext.Provider>
+      <RuleOverviewPanelContext.Provider value={contextValue}>
+        <RuleFooter />
+      </RuleOverviewPanelContext.Provider>
     </TestProviders>
   );
 
@@ -31,9 +31,9 @@ describe('<RulePreviewFooter />', () => {
 
     const { getByTestId } = renderRulePreviewFooter(mockContextValue);
 
-    expect(getByTestId(RULE_PREVIEW_FOOTER_TEST_ID)).toBeInTheDocument();
-    expect(getByTestId(RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID)).toBeInTheDocument();
-    expect(getByTestId(RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID)).toHaveTextContent(
+    expect(getByTestId(RULE_OVERVIEW_FOOTER_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID)).toHaveTextContent(
       'Show rule details'
     );
   });
@@ -43,7 +43,7 @@ describe('<RulePreviewFooter />', () => {
 
     const { queryByTestId } = renderRulePreviewFooter(mockContextValue);
 
-    expect(queryByTestId(RULE_PREVIEW_FOOTER_TEST_ID)).not.toBeInTheDocument();
-    expect(queryByTestId(RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID)).not.toBeInTheDocument();
+    expect(queryByTestId(RULE_OVERVIEW_FOOTER_TEST_ID)).not.toBeInTheDocument();
+    expect(queryByTestId(RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID)).not.toBeInTheDocument();
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.tsx
similarity index 71%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.tsx
index 61cd4cc2f7c01..d1af7096ef5fc 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_footer.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/footer.tsx
@@ -8,26 +8,26 @@
 import React, { memo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiLink } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
-import { usePreviewPanelContext } from '../context';
+import { useRuleOverviewPanelContext } from '../context';
 import { FlyoutFooter } from '../../../shared/components/flyout_footer';
-import { RULE_PREVIEW_FOOTER_TEST_ID, RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID } from './test_ids';
+import { RULE_OVERVIEW_FOOTER_TEST_ID, RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID } from './test_ids';
 import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link';
 
 /**
  * Footer in rule preview panel
  */
-export const RulePreviewFooter = memo(() => {
-  const { ruleId } = usePreviewPanelContext();
+export const RuleFooter = memo(() => {
+  const { ruleId } = useRuleOverviewPanelContext();
   const href = useRuleDetailsLink({ ruleId });
 
   return href ? (
-    <FlyoutFooter data-test-subj={RULE_PREVIEW_FOOTER_TEST_ID}>
+    <FlyoutFooter data-test-subj={RULE_OVERVIEW_FOOTER_TEST_ID}>
       <EuiFlexGroup justifyContent="center">
         <EuiFlexItem grow={false}>
           <EuiLink
             href={href}
             target="_blank"
-            data-test-subj={RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID}
+            data-test-subj={RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID}
           >
             {i18n.translate('xpack.securitySolution.flyout.preview.rule.viewDetailsLabel', {
               defaultMessage: 'Show rule details',
@@ -39,4 +39,4 @@ export const RulePreviewFooter = memo(() => {
   ) : null;
 });
 
-RulePreviewFooter.displayName = 'RulePreviewFooter';
+RuleFooter.displayName = 'RuleFooter';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.test.tsx
similarity index 67%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.test.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.test.tsx
index f6cac8f48a65b..f55937a9ebafa 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.test.tsx
@@ -7,8 +7,8 @@
 
 import React from 'react';
 import { act, render } from '@testing-library/react';
-import { RulePreview } from './rule_preview';
-import { PreviewPanelContext } from '../context';
+import { RuleOverview } from './rule_overview';
+import { RuleOverviewPanelContext } from '../context';
 import { mockContextValue } from '../mocks/mock_context';
 import { ThemeProvider } from 'styled-components';
 import { getMockTheme } from '../../../../common/lib/kibana/kibana_react.mock';
@@ -23,16 +23,16 @@ import {
 } from '../../../../detection_engine/rule_management_ui/components/rules_table/__mocks__/mock';
 import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import {
-  RULE_PREVIEW_BODY_TEST_ID,
-  RULE_PREVIEW_ABOUT_HEADER_TEST_ID,
-  RULE_PREVIEW_ABOUT_CONTENT_TEST_ID,
-  RULE_PREVIEW_DEFINITION_HEADER_TEST_ID,
-  RULE_PREVIEW_DEFINITION_CONTENT_TEST_ID,
-  RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID,
-  RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID,
-  RULE_PREVIEW_ACTIONS_HEADER_TEST_ID,
-  RULE_PREVIEW_ACTIONS_CONTENT_TEST_ID,
-  RULE_PREVIEW_LOADING_TEST_ID,
+  RULE_OVERVIEW_BODY_TEST_ID,
+  RULE_OVERVIEW_ABOUT_HEADER_TEST_ID,
+  RULE_OVERVIEW_ABOUT_CONTENT_TEST_ID,
+  RULE_OVERVIEW_DEFINITION_HEADER_TEST_ID,
+  RULE_OVERVIEW_DEFINITION_CONTENT_TEST_ID,
+  RULE_OVERVIEW_SCHEDULE_HEADER_TEST_ID,
+  RULE_OVERVIEW_SCHEDULE_CONTENT_TEST_ID,
+  RULE_OVERVIEW_ACTIONS_HEADER_TEST_ID,
+  RULE_OVERVIEW_ACTIONS_CONTENT_TEST_ID,
+  RULE_OVERVIEW_LOADING_TEST_ID,
 } from './test_ids';
 
 jest.mock('../../../../common/lib/kibana');
@@ -58,9 +58,9 @@ const renderRulePreview = () =>
     <TestProviders>
       <ThemeProvider theme={mockTheme}>
         <TestProvider>
-          <PreviewPanelContext.Provider value={contextValue}>
-            <RulePreview />
-          </PreviewPanelContext.Provider>
+          <RuleOverviewPanelContext.Provider value={contextValue}>
+            <RuleOverview />
+          </RuleOverviewPanelContext.Provider>
         </TestProvider>
       </ThemeProvider>
     </TestProviders>
@@ -88,19 +88,19 @@ describe('<RulePreview />', () => {
     const { getByTestId } = renderRulePreview();
 
     await act(async () => {
-      expect(getByTestId(RULE_PREVIEW_BODY_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_ABOUT_HEADER_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_ABOUT_HEADER_TEST_ID)).toHaveTextContent('About');
-      expect(getByTestId(RULE_PREVIEW_ABOUT_CONTENT_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_DEFINITION_HEADER_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_DEFINITION_HEADER_TEST_ID)).toHaveTextContent('Definition');
-      expect(getByTestId(RULE_PREVIEW_DEFINITION_CONTENT_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID)).toHaveTextContent('Schedule');
-      expect(getByTestId(RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_ACTIONS_HEADER_TEST_ID)).toBeInTheDocument();
-      expect(getByTestId(RULE_PREVIEW_ACTIONS_HEADER_TEST_ID)).toHaveTextContent('Actions');
-      expect(getByTestId(RULE_PREVIEW_ACTIONS_CONTENT_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_BODY_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_ABOUT_HEADER_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_ABOUT_HEADER_TEST_ID)).toHaveTextContent('About');
+      expect(getByTestId(RULE_OVERVIEW_ABOUT_CONTENT_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_DEFINITION_HEADER_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_DEFINITION_HEADER_TEST_ID)).toHaveTextContent('Definition');
+      expect(getByTestId(RULE_OVERVIEW_DEFINITION_CONTENT_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_SCHEDULE_HEADER_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_SCHEDULE_HEADER_TEST_ID)).toHaveTextContent('Schedule');
+      expect(getByTestId(RULE_OVERVIEW_SCHEDULE_CONTENT_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_ACTIONS_HEADER_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_ACTIONS_HEADER_TEST_ID)).toHaveTextContent('Actions');
+      expect(getByTestId(RULE_OVERVIEW_ACTIONS_CONTENT_TEST_ID)).toBeInTheDocument();
     });
   });
 
@@ -116,8 +116,8 @@ describe('<RulePreview />', () => {
     const { queryByTestId } = renderRulePreview();
 
     await act(async () => {
-      expect(queryByTestId(RULE_PREVIEW_ACTIONS_HEADER_TEST_ID)).not.toBeInTheDocument();
-      expect(queryByTestId(RULE_PREVIEW_ACTIONS_CONTENT_TEST_ID)).not.toBeInTheDocument();
+      expect(queryByTestId(RULE_OVERVIEW_ACTIONS_HEADER_TEST_ID)).not.toBeInTheDocument();
+      expect(queryByTestId(RULE_OVERVIEW_ACTIONS_CONTENT_TEST_ID)).not.toBeInTheDocument();
     });
   });
 
@@ -126,7 +126,7 @@ describe('<RulePreview />', () => {
     mockGetStepsData.mockReturnValue({});
     const { getByTestId } = renderRulePreview();
     await act(async () => {
-      expect(getByTestId(RULE_PREVIEW_LOADING_TEST_ID)).toBeInTheDocument();
+      expect(getByTestId(RULE_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument();
     });
   });
 
@@ -135,7 +135,7 @@ describe('<RulePreview />', () => {
     mockGetStepsData.mockReturnValue({});
     const { queryByTestId, getByText } = renderRulePreview();
     await act(async () => {
-      expect(queryByTestId(RULE_PREVIEW_BODY_TEST_ID)).not.toBeInTheDocument();
+      expect(queryByTestId(RULE_OVERVIEW_BODY_TEST_ID)).not.toBeInTheDocument();
       expect(getByText(NO_DATA_MESSAGE)).toBeInTheDocument();
     });
   });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.tsx
similarity index 83%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.tsx
index ad4e14b430149..73f9cc12dd053 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_overview.tsx
@@ -8,11 +8,11 @@ import React, { memo, useState, useEffect } from 'react';
 import { EuiText, EuiHorizontalRule, EuiSpacer, EuiPanel } from '@elastic/eui';
 import { css } from '@emotion/css';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { usePreviewPanelContext } from '../context';
+import { useRuleOverviewPanelContext } from '../context';
 import { ExpandableSection } from '../../right/components/expandable_section';
 import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback';
 import { getStepsData } from '../../../../detections/pages/detection_engine/rules/helpers';
-import { RulePreviewTitle } from './rule_preview_title';
+import { RuleTitle } from './rule_title';
 import { RuleAboutSection } from '../../../../detection_engine/rule_management/components/rule_details/rule_about_section';
 import { RuleScheduleSection } from '../../../../detection_engine/rule_management/components/rule_details/rule_schedule_section';
 import { RuleDefinitionSection } from '../../../../detection_engine/rule_management/components/rule_details/rule_definition_section';
@@ -20,12 +20,12 @@ import { StepRuleActionsReadOnly } from '../../../../detection_engine/rule_creat
 import { FlyoutLoading } from '../../../shared/components/flyout_loading';
 import { FlyoutError } from '../../../shared/components/flyout_error';
 import {
-  RULE_PREVIEW_BODY_TEST_ID,
-  RULE_PREVIEW_ABOUT_TEST_ID,
-  RULE_PREVIEW_DEFINITION_TEST_ID,
-  RULE_PREVIEW_SCHEDULE_TEST_ID,
-  RULE_PREVIEW_ACTIONS_TEST_ID,
-  RULE_PREVIEW_LOADING_TEST_ID,
+  RULE_OVERVIEW_BODY_TEST_ID,
+  RULE_OVERVIEW_ABOUT_TEST_ID,
+  RULE_OVERVIEW_DEFINITION_TEST_ID,
+  RULE_OVERVIEW_SCHEDULE_TEST_ID,
+  RULE_OVERVIEW_ACTIONS_TEST_ID,
+  RULE_OVERVIEW_LOADING_TEST_ID,
 } from './test_ids';
 import type { RuleResponse } from '../../../../../common/api/detection_engine';
 
@@ -47,8 +47,8 @@ const panelViewStyle = css`
 /**
  * Rule summary on a preview panel on top of the right section of expandable flyout
  */
-export const RulePreview = memo(() => {
-  const { ruleId } = usePreviewPanelContext();
+export const RuleOverview = memo(() => {
+  const { ruleId } = useRuleOverviewPanelContext();
   const [rule, setRule] = useState<RuleResponse | null>(null);
   const {
     rule: maybeRule,
@@ -71,15 +71,10 @@ export const RulePreview = memo(() => {
   const hasActions = ruleActionsData != null && (hasNotificationActions || hasResponseActions);
 
   return ruleLoading ? (
-    <FlyoutLoading data-test-subj={RULE_PREVIEW_LOADING_TEST_ID} />
+    <FlyoutLoading data-test-subj={RULE_OVERVIEW_LOADING_TEST_ID} />
   ) : rule ? (
-    <EuiPanel
-      hasBorder={false}
-      hasShadow={false}
-      data-test-subj={RULE_PREVIEW_BODY_TEST_ID}
-      className="eui-yScroll"
-    >
-      <RulePreviewTitle rule={rule} isSuppressed={!isExistingRule} />
+    <EuiPanel hasBorder={false} hasShadow={false} data-test-subj={RULE_OVERVIEW_BODY_TEST_ID}>
+      <RuleTitle rule={rule} isSuppressed={!isExistingRule} />
       <EuiHorizontalRule margin="s" />
       <EuiSpacer size="s" />
       <ExpandableSection
@@ -90,7 +85,7 @@ export const RulePreview = memo(() => {
           />
         }
         expanded
-        data-test-subj={RULE_PREVIEW_ABOUT_TEST_ID}
+        data-test-subj={RULE_OVERVIEW_ABOUT_TEST_ID}
       >
         <EuiText size="s">{rule.description}</EuiText>
         <EuiSpacer size="s" />
@@ -112,7 +107,7 @@ export const RulePreview = memo(() => {
           />
         }
         expanded={false}
-        data-test-subj={RULE_PREVIEW_DEFINITION_TEST_ID}
+        data-test-subj={RULE_OVERVIEW_DEFINITION_TEST_ID}
       >
         <RuleDefinitionSection
           rule={rule}
@@ -130,7 +125,7 @@ export const RulePreview = memo(() => {
           />
         }
         expanded={false}
-        data-test-subj={RULE_PREVIEW_SCHEDULE_TEST_ID}
+        data-test-subj={RULE_OVERVIEW_SCHEDULE_TEST_ID}
       >
         <RuleScheduleSection rule={rule} type="row" rowGutterSize="s" className={panelViewStyle} />
       </ExpandableSection>
@@ -144,7 +139,7 @@ export const RulePreview = memo(() => {
             />
           }
           expanded={false}
-          data-test-subj={RULE_PREVIEW_ACTIONS_TEST_ID}
+          data-test-subj={RULE_OVERVIEW_ACTIONS_TEST_ID}
         >
           <StepRuleActionsReadOnly addPadding={false} defaultValues={ruleActionsData} />
         </ExpandableSection>
@@ -157,4 +152,4 @@ export const RulePreview = memo(() => {
   );
 });
 
-RulePreview.displayName = 'RulePreview';
+RuleOverview.displayName = 'RuleOverview';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.test.tsx
similarity index 50%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.test.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.test.tsx
index f40dbb964268f..9de5d568572e3 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.test.tsx
@@ -7,16 +7,16 @@
 
 import React from 'react';
 import { render } from '@testing-library/react';
-import type { RulePreviewTitleProps } from './rule_preview_title';
-import { RulePreviewTitle } from './rule_preview_title';
+import type { RuleTitleProps } from './rule_title';
+import { RuleTitle } from './rule_title';
 import { TestProvider as ExpandableFlyoutTestProvider } from '@kbn/expandable-flyout/src/test/provider';
 import { TestProviders } from '../../../../common/mock';
 import type { Rule } from '../../../../detection_engine/rule_management/logic';
 import {
-  RULE_PREVIEW_TITLE_TEST_ID,
-  RULE_PREVIEW_RULE_CREATED_BY_TEST_ID,
-  RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID,
-  RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID,
+  RULE_OVERVIEW_TITLE_TEST_ID,
+  RULE_OVERVIEW_RULE_CREATED_BY_TEST_ID,
+  RULE_OVERVIEW_RULE_UPDATED_BY_TEST_ID,
+  RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID,
 } from './test_ids';
 
 const defaultProps = {
@@ -24,23 +24,23 @@ const defaultProps = {
   isSuppressed: false,
 };
 
-const renderRulePreviewTitle = (props: RulePreviewTitleProps) =>
+const renderRuleOverviewTitle = (props: RuleTitleProps) =>
   render(
     <TestProviders>
       <ExpandableFlyoutTestProvider>
-        <RulePreviewTitle {...props} />
+        <RuleTitle {...props} />
       </ExpandableFlyoutTestProvider>
     </TestProviders>
   );
 
-describe('<RulePreviewTitle />', () => {
+describe('<RuleOverviewTitle />', () => {
   it('should render title and its components', () => {
-    const { getByTestId, queryByTestId } = renderRulePreviewTitle(defaultProps);
+    const { getByTestId, queryByTestId } = renderRuleOverviewTitle(defaultProps);
 
-    expect(getByTestId(RULE_PREVIEW_TITLE_TEST_ID)).toBeInTheDocument();
-    expect(getByTestId(RULE_PREVIEW_RULE_CREATED_BY_TEST_ID)).toBeInTheDocument();
-    expect(getByTestId(RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID)).toBeInTheDocument();
-    expect(queryByTestId(RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID)).not.toBeInTheDocument();
+    expect(getByTestId(RULE_OVERVIEW_TITLE_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(RULE_OVERVIEW_RULE_CREATED_BY_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(RULE_OVERVIEW_RULE_UPDATED_BY_TEST_ID)).toBeInTheDocument();
+    expect(queryByTestId(RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID)).not.toBeInTheDocument();
   });
 
   it('should render deleted rule badge', () => {
@@ -48,7 +48,7 @@ describe('<RulePreviewTitle />', () => {
       ...defaultProps,
       isSuppressed: true,
     };
-    const { getByTestId } = renderRulePreviewTitle(props);
-    expect(getByTestId(RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID)).toBeInTheDocument();
+    const { getByTestId } = renderRuleOverviewTitle(props);
+    expect(getByTestId(RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID)).toBeInTheDocument();
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.tsx
similarity index 69%
rename from x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.tsx
index c04dde6b82a45..780c8b15f7730 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/components/rule_preview_title.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/rule_title.tsx
@@ -10,14 +10,14 @@ import { EuiTitle, EuiText, EuiSpacer, EuiFlexGroup, EuiFlexItem, EuiBadge } fro
 import { DELETED_RULE } from '../../../../detection_engine/rule_details_ui/pages/rule_details/translations';
 import { CreatedBy, UpdatedBy } from '../../../../detections/components/rules/rule_info';
 import {
-  RULE_PREVIEW_TITLE_TEST_ID,
-  RULE_PREVIEW_RULE_CREATED_BY_TEST_ID,
-  RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID,
-  RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID,
+  RULE_OVERVIEW_TITLE_TEST_ID,
+  RULE_OVERVIEW_RULE_CREATED_BY_TEST_ID,
+  RULE_OVERVIEW_RULE_UPDATED_BY_TEST_ID,
+  RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID,
 } from './test_ids';
 import type { RuleResponse } from '../../../../../common/api/detection_engine';
 
-export interface RulePreviewTitleProps {
+export interface RuleTitleProps {
   /**
    * Rule object that represents relevant information about a rule
    */
@@ -29,30 +29,30 @@ export interface RulePreviewTitleProps {
 }
 
 /**
- * Title component that shows basic information of a rule. This is displayed above rule preview body in rule preview panel
+ * Title component that shows basic information of a rule. This is displayed above rule overview body
  */
-export const RulePreviewTitle: React.FC<RulePreviewTitleProps> = ({ rule, isSuppressed }) => {
+export const RuleTitle: React.FC<RuleTitleProps> = ({ rule, isSuppressed }) => {
   return (
-    <div data-test-subj={RULE_PREVIEW_TITLE_TEST_ID}>
+    <div data-test-subj={RULE_OVERVIEW_TITLE_TEST_ID}>
       <EuiTitle>
         <h6>{rule.name}</h6>
       </EuiTitle>
       {isSuppressed && (
         <>
           <EuiSpacer size="s" />
-          <EuiBadge data-test-subj={RULE_PREVIEW_RULE_TITLE_SUPPRESSED_TEST_ID} title="">
+          <EuiBadge data-test-subj={RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID} title="">
             {DELETED_RULE}
           </EuiBadge>
         </>
       )}
       <EuiSpacer size="s" />
       <EuiFlexGroup gutterSize="xs" direction="column">
-        <EuiFlexItem data-test-subj={RULE_PREVIEW_RULE_CREATED_BY_TEST_ID}>
+        <EuiFlexItem data-test-subj={RULE_OVERVIEW_RULE_CREATED_BY_TEST_ID}>
           <EuiText size="xs">
             <CreatedBy createdBy={rule?.created_by} createdAt={rule?.created_at} />
           </EuiText>
         </EuiFlexItem>
-        <EuiFlexItem data-test-subj={RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID}>
+        <EuiFlexItem data-test-subj={RULE_OVERVIEW_RULE_UPDATED_BY_TEST_ID}>
           <EuiText size="xs">
             <UpdatedBy updatedBy={rule?.updated_by} updatedAt={rule?.updated_at} />
           </EuiText>
@@ -62,4 +62,4 @@ export const RulePreviewTitle: React.FC<RulePreviewTitleProps> = ({ rule, isSupp
   );
 };
 
-RulePreviewTitle.displayName = 'RulePreviewTitle';
+RuleTitle.displayName = 'RuleTitle';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/test_ids.ts
new file mode 100644
index 0000000000000..b48e2c9300750
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/components/test_ids.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PREFIX } from '../../../shared/test_ids';
+import { CONTENT_TEST_ID, HEADER_TEST_ID } from '../../right/components/expandable_section';
+
+const RULE_OVERVIEW_TEST_ID = `${PREFIX}RuleOverview` as const;
+export const RULE_OVERVIEW_TITLE_TEST_ID = `${RULE_OVERVIEW_TEST_ID}RuleOverviewTitle` as const;
+export const RULE_OVERVIEW_RULE_TITLE_SUPPRESSED_TEST_ID =
+  `${RULE_OVERVIEW_TITLE_TEST_ID}Suppressed` as const;
+export const RULE_OVERVIEW_RULE_CREATED_BY_TEST_ID =
+  `${RULE_OVERVIEW_TEST_ID}CreatedByText` as const;
+export const RULE_OVERVIEW_RULE_UPDATED_BY_TEST_ID =
+  `${RULE_OVERVIEW_TEST_ID}UpdatedByText` as const;
+export const RULE_OVERVIEW_BODY_TEST_ID = `${RULE_OVERVIEW_TEST_ID}Body` as const;
+
+export const RULE_OVERVIEW_ABOUT_TEST_ID = `${RULE_OVERVIEW_TEST_ID}AboutSection` as const;
+export const RULE_OVERVIEW_ABOUT_HEADER_TEST_ID = RULE_OVERVIEW_ABOUT_TEST_ID + HEADER_TEST_ID;
+export const RULE_OVERVIEW_ABOUT_CONTENT_TEST_ID = RULE_OVERVIEW_ABOUT_TEST_ID + CONTENT_TEST_ID;
+
+export const RULE_OVERVIEW_DEFINITION_TEST_ID =
+  `${RULE_OVERVIEW_TEST_ID}DefinitionSection` as const;
+export const RULE_OVERVIEW_DEFINITION_HEADER_TEST_ID =
+  RULE_OVERVIEW_DEFINITION_TEST_ID + HEADER_TEST_ID;
+export const RULE_OVERVIEW_DEFINITION_CONTENT_TEST_ID =
+  RULE_OVERVIEW_DEFINITION_TEST_ID + CONTENT_TEST_ID;
+
+export const RULE_OVERVIEW_SCHEDULE_TEST_ID = `${RULE_OVERVIEW_TEST_ID}ScheduleSection` as const;
+export const RULE_OVERVIEW_SCHEDULE_HEADER_TEST_ID =
+  RULE_OVERVIEW_SCHEDULE_TEST_ID + HEADER_TEST_ID;
+export const RULE_OVERVIEW_SCHEDULE_CONTENT_TEST_ID =
+  RULE_OVERVIEW_SCHEDULE_TEST_ID + CONTENT_TEST_ID;
+
+export const RULE_OVERVIEW_ACTIONS_TEST_ID = `${RULE_OVERVIEW_TEST_ID}ActionsSection` as const;
+export const RULE_OVERVIEW_ACTIONS_HEADER_TEST_ID = RULE_OVERVIEW_ACTIONS_TEST_ID + HEADER_TEST_ID;
+export const RULE_OVERVIEW_ACTIONS_CONTENT_TEST_ID =
+  RULE_OVERVIEW_ACTIONS_TEST_ID + CONTENT_TEST_ID;
+
+export const RULE_OVERVIEW_LOADING_TEST_ID = `${RULE_OVERVIEW_TEST_ID}Loading` as const;
+export const RULE_OVERVIEW_FOOTER_TEST_ID = `${RULE_OVERVIEW_TEST_ID}Footer` as const;
+export const RULE_OVERVIEW_NAVIGATE_TO_RULE_TEST_ID =
+  `${RULE_OVERVIEW_FOOTER_TEST_ID}LinkToRuleDetails` as const;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/context.tsx
new file mode 100644
index 0000000000000..1b379b3c3ece8
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/context.tsx
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { createContext, memo, useContext, useMemo } from 'react';
+import { FlyoutError } from '../../shared/components/flyout_error';
+import type { RuleOverviewPanelProps } from '.';
+
+export interface RuleOverviewPanelContext {
+  /**
+   * Rule id if preview is rule details
+   */
+  ruleId: string;
+}
+
+export const RuleOverviewPanelContext = createContext<RuleOverviewPanelContext | undefined>(
+  undefined
+);
+
+export type RuleOverviewPanelProviderProps = {
+  /**
+   * React components to render
+   */
+  children: React.ReactNode;
+} & Partial<RuleOverviewPanelProps['params']>;
+
+export const RuleOverviewPanelProvider = memo(
+  ({ ruleId, children }: RuleOverviewPanelProviderProps) => {
+    const contextValue = useMemo(() => (ruleId ? { ruleId } : undefined), [ruleId]);
+
+    if (!contextValue) {
+      return <FlyoutError />;
+    }
+
+    return (
+      <RuleOverviewPanelContext.Provider value={contextValue}>
+        {children}
+      </RuleOverviewPanelContext.Provider>
+    );
+  }
+);
+
+RuleOverviewPanelProvider.displayName = 'RuleOverviewPanelProvider';
+
+export const useRuleOverviewPanelContext = (): RuleOverviewPanelContext => {
+  const contextValue = useContext(RuleOverviewPanelContext);
+
+  if (!contextValue) {
+    throw new Error(
+      'RuleOverviewPanelContext can only be used within RuleOverviewPanelContext provider'
+    );
+  }
+
+  return contextValue;
+};
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/index.tsx
new file mode 100644
index 0000000000000..c9a1a62114f73
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/index.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import type { FlyoutPanelProps } from '@kbn/expandable-flyout';
+import { EuiFlyoutBody } from '@elastic/eui';
+import type { DocumentDetailsRuleOverviewPanelKey } from '../shared/constants/panel_keys';
+import { RuleOverview } from './components/rule_overview';
+import { RuleFooter } from './components/footer';
+
+export interface RuleOverviewPanelProps extends FlyoutPanelProps {
+  key: typeof DocumentDetailsRuleOverviewPanelKey;
+  params: {
+    ruleId: string;
+  };
+}
+
+/**
+ * Displays a rule overview panel
+ */
+export const RuleOverviewPanel: React.FC = memo(() => {
+  return (
+    <>
+      <EuiFlyoutBody>
+        <div style={{ marginTop: '-15px' }}>
+          <RuleOverview />
+        </div>
+      </EuiFlyoutBody>
+      <RuleFooter />
+    </>
+  );
+});
+
+RuleOverviewPanel.displayName = 'RuleOverviewPanel';
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/mocks/mock_context.ts
new file mode 100644
index 0000000000000..4b800e338d85b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/rule_overview/mocks/mock_context.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { RuleOverviewPanelContext } from '../context';
+
+/**
+ * Mock contextValue for rule overview panel context
+ */
+export const mockContextValue: RuleOverviewPanelContext = {
+  ruleId: 'rule id',
+};
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts
index 94bf86ca9e078..a57cbf85fa784 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts
@@ -8,4 +8,7 @@
 export const DocumentDetailsRightPanelKey = 'document-details-right' as const;
 export const DocumentDetailsLeftPanelKey = 'document-details-left' as const;
 export const DocumentDetailsPreviewPanelKey = 'document-details-preview' as const;
+
 export const DocumentDetailsIsolateHostPanelKey = 'document-details-isolate-host' as const;
+export const DocumentDetailsAlertReasonPanelKey = 'document-details-alert-reason' as const;
+export const DocumentDetailsRuleOverviewPanelKey = 'document-details-rule-overview' as const;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx
similarity index 79%
rename from x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx
rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx
index 7311a030b2175..388706e4bd0b3 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx
@@ -9,17 +9,16 @@ import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-pl
 import React, { createContext, memo, useContext, useMemo } from 'react';
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { TableId } from '@kbn/securitysolution-data-table';
-
-import { useEventDetails } from '../shared/hooks/use_event_details';
+import { useEventDetails } from './hooks/use_event_details';
 import { FlyoutError } from '../../shared/components/flyout_error';
 import { FlyoutLoading } from '../../shared/components/flyout_loading';
 import type { SearchHit } from '../../../../common/search_strategy';
 import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers';
-import type { RightPanelProps } from '.';
+import type { DocumentDetailsProps } from './types';
 import type { GetFieldsData } from '../../../common/hooks/use_get_fields_data';
 import { useRuleWithFallback } from '../../../detection_engine/rule_management/logic/use_rule_with_fallback';
 
-export interface RightPanelContext {
+export interface DocumentDetailsContext {
   /**
    * Id of the document
    */
@@ -66,17 +65,17 @@ export interface RightPanelContext {
   isPreview: boolean;
 }
 
-export const RightPanelContext = createContext<RightPanelContext | undefined>(undefined);
+export const DocumentDetailsContext = createContext<DocumentDetailsContext | undefined>(undefined);
 
-export type RightPanelProviderProps = {
+export type DocumentDetailsProviderProps = {
   /**
    * React components to render
    */
   children: React.ReactNode;
-} & Partial<RightPanelProps['params']>;
+} & Partial<DocumentDetailsProps['params']>;
 
-export const RightPanelProvider = memo(
-  ({ id, indexName, scopeId, children }: RightPanelProviderProps) => {
+export const DocumentDetailsProvider = memo(
+  ({ id, indexName, scopeId, children }: DocumentDetailsProviderProps) => {
     const {
       browserFields,
       dataAsNestedObject,
@@ -134,17 +133,23 @@ export const RightPanelProvider = memo(
       return <FlyoutError />;
     }
 
-    return <RightPanelContext.Provider value={contextValue}>{children}</RightPanelContext.Provider>;
+    return (
+      <DocumentDetailsContext.Provider value={contextValue}>
+        {children}
+      </DocumentDetailsContext.Provider>
+    );
   }
 );
 
-RightPanelProvider.displayName = 'RightPanelProvider';
+DocumentDetailsProvider.displayName = 'DocumentDetailsProvider';
 
-export const useRightPanelContext = (): RightPanelContext => {
-  const contextValue = useContext(RightPanelContext);
+export const useDocumentDetailsContext = (): DocumentDetailsContext => {
+  const contextValue = useContext(DocumentDetailsContext);
 
   if (!contextValue) {
-    throw new Error('RightPanelContext can only be used within RightPanelContext provider');
+    throw new Error(
+      'DocumentDetailsContext can only be used within DocumentDetailsContext provider'
+    );
   }
 
   return contextValue;
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields.test.tsx
index c78e7313792c8..28a7277fa5318 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields.test.tsx
@@ -126,13 +126,13 @@ describe('useHighlightedFields', () => {
     const hookResult = renderHook(() =>
       useHighlightedFields({
         dataFormattedForFieldBrowser: dataFormattedForFieldBrowser.concat({
-          category: 'crowdstrike',
-          field: 'crowdstrike.event.DeviceId',
-          values: ['expectedCrowdstrikeAgentId'],
-          originalValue: ['expectedCrowdstrikeAgentId'],
+          category: 'device',
+          field: RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike,
+          values: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
+          originalValue: ['abfe4a35-d5b4-42a0-a539-bd054c791769'],
           isObjectArray: false,
         }),
-        investigationFields: ['agent.status', 'crowdstrike.event.DeviceId'],
+        investigationFields: ['agent.status', 'device.id'],
       })
     );
 
@@ -188,14 +188,14 @@ describe('useHighlightedFields', () => {
             isObjectArray: false,
           },
           {
-            category: 'crowdstrike',
-            field: 'crowdstrike.event.DeviceId',
+            category: 'device',
+            field: 'device.id',
             values: ['expectedCrowdstrikeAgentId'],
             originalValue: ['expectedCrowdstrikeAgentId'],
             isObjectArray: false,
           },
         ]),
-        investigationFields: ['agent.status', 'crowdstrike.event.DeviceId'],
+        investigationFields: ['agent.status', 'device.id'],
       })
     );
 
@@ -203,7 +203,7 @@ describe('useHighlightedFields', () => {
       'kibana.alert.rule.type': {
         values: ['query'],
       },
-      'crowdstrike.event.DeviceId': {
+      'device.id': {
         values: ['expectedCrowdstrikeAgentId'],
       },
     });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts
similarity index 54%
rename from x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts
rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts
index 4892d7d4dfa08..11148dc2e0993 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts
@@ -5,25 +5,26 @@
  * 2.0.
  */
 
-import { mockBrowserFields } from '../../shared/mocks/mock_browser_fields';
-import { mockSearchHit } from '../../shared/mocks/mock_search_hit';
-import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
-import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';
-import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object';
-import type { LeftPanelContext } from '../context';
+import { mockBrowserFields } from './mock_browser_fields';
+import { mockSearchHit } from './mock_search_hit';
+import { mockDataFormattedForFieldBrowser } from './mock_data_formatted_for_field_browser';
+import { mockGetFieldsData } from './mock_get_fields_data';
+import { mockDataAsNestedObject } from './mock_data_as_nested_object';
+import type { DocumentDetailsContext } from '../context';
 
 /**
  * Mock contextValue for left panel context
  */
-export const mockContextValue: LeftPanelContext = {
+export const mockContextValue: DocumentDetailsContext = {
   eventId: 'eventId',
   indexName: 'index',
   scopeId: 'scopeId',
-  browserFields: mockBrowserFields,
-  dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
   getFieldsData: mockGetFieldsData,
-  searchHit: mockSearchHit,
+  dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser,
+  browserFields: mockBrowserFields,
   dataAsNestedObject: mockDataAsNestedObject,
+  searchHit: mockSearchHit,
   investigationFields: [],
+  refetchFlyoutData: jest.fn(),
   isPreview: false,
 };
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx
new file mode 100644
index 0000000000000..e72220ae02ac3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout';
+import type {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from './constants/panel_keys';
+
+export interface DocumentDetailsProps extends FlyoutPanelProps {
+  key: typeof DocumentDetailsLeftPanelKey | typeof DocumentDetailsRightPanelKey;
+  path?: PanelPath;
+  params?: {
+    id: string;
+    indexName: string;
+    scopeId: string;
+  };
+}
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.test.tsx
new file mode 100644
index 0000000000000..8bfc575e5b573
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.test.tsx
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { render } from '@testing-library/react';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { HostPanelKey } from '../host_right';
+import { mockFlyoutApi } from '../../document_details/shared/mocks/mock_flyout_context';
+import type { HostPreviewPanelFooterProps } from './footer';
+import { HostPreviewPanelFooter } from './footer';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
+
+const mockProps: HostPreviewPanelFooterProps = {
+  hostName: 'test',
+  contextID: 'test-host-panel',
+  scopeId: 'test-scope-id',
+  isDraggable: false,
+};
+
+describe('<HostPreviewPanelFooter />', () => {
+  beforeAll(() => {
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+  });
+
+  it('should render footer', () => {
+    const { getByTestId } = render(<HostPreviewPanelFooter {...mockProps} />);
+    expect(getByTestId('host-preview-footer')).toBeInTheDocument();
+  });
+
+  it('should open host flyout when clicked', () => {
+    const { getByTestId } = render(<HostPreviewPanelFooter {...mockProps} />);
+
+    getByTestId('open-host-flyout').click();
+    expect(mockFlyoutApi.openFlyout).toHaveBeenCalledWith({
+      right: {
+        id: HostPanelKey,
+        params: mockProps,
+      },
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.tsx
new file mode 100644
index 0000000000000..4632c20e517af
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/footer.tsx
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { i18n } from '@kbn/i18n';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { FlyoutFooter } from '../../shared/components/flyout_footer';
+import { HostPanelKey } from '../host_right';
+
+export interface HostPreviewPanelFooterProps {
+  contextID: string;
+  scopeId: string;
+  hostName: string;
+  isDraggable?: boolean;
+}
+
+export const HostPreviewPanelFooter = ({
+  contextID,
+  scopeId,
+  hostName,
+  isDraggable,
+}: HostPreviewPanelFooterProps) => {
+  const { openFlyout } = useExpandableFlyoutApi();
+
+  const openHostFlyout = useCallback(() => {
+    openFlyout({
+      right: {
+        id: HostPanelKey,
+        params: {
+          contextID,
+          hostName,
+          scopeId,
+          isDraggable,
+        },
+      },
+    });
+  }, [openFlyout, hostName, contextID, isDraggable, scopeId]);
+
+  return (
+    <FlyoutFooter data-test-subj={'host-preview-footer'}>
+      <EuiFlexGroup justifyContent="center">
+        <EuiFlexItem grow={false}>
+          <EuiLink onClick={openHostFlyout} target="_blank" data-test-subj={'open-host-flyout'}>
+            {i18n.translate('xpack.securitySolution.flyout.host.preview.viewDetailsLabel', {
+              defaultMessage: 'Open host details flyout',
+            })}
+          </EuiLink>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </FlyoutFooter>
+  );
+};
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx
index a2d7b7b733ee0..26dcb462a1609 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx
@@ -24,10 +24,11 @@ interface HostPanelContentProps {
   contextID: string;
   scopeId: string;
   isDraggable: boolean;
-  openDetailsPanel: (tab: EntityDetailsLeftPanelTab) => void;
+  openDetailsPanel?: (tab: EntityDetailsLeftPanelTab) => void;
   hostName: string;
   onAssetCriticalityChange: () => void;
   recalculatingScore: boolean;
+  isPreviewMode?: boolean;
 }
 
 export const HostPanelContent = ({
@@ -40,6 +41,7 @@ export const HostPanelContent = ({
   isDraggable,
   openDetailsPanel,
   onAssetCriticalityChange,
+  isPreviewMode,
 }: HostPanelContentProps) => {
   const observedFields = useObservedHostFields(observedHost);
 
@@ -52,6 +54,7 @@ export const HostPanelContent = ({
             recalculatingScore={recalculatingScore}
             queryId={HOST_PANEL_RISK_SCORE_QUERY_ID}
             openDetailsPanel={openDetailsPanel}
+            isPreviewMode={isPreviewMode}
           />
           <EuiHorizontalRule />
         </>
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx
index a8ba12de451e3..690a2972c4a2e 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx
@@ -11,6 +11,8 @@ import React from 'react';
 import { mockObservedHostData } from '../../mocks';
 import { policyFields } from './endpoint_policy_fields';
 
+jest.mock('../../../../management/hooks/agents/use_get_agent_status');
+
 const TestWrapper = ({ el }: { el: JSX.Element | undefined }) => <>{el}</>;
 
 jest.mock(
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx
index 1b8897c73271b..1132b89563162 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx
@@ -10,7 +10,7 @@ import { EuiHealth } from '@elastic/eui';
 
 import type { EntityTableRows } from '../../shared/components/entity_table/types';
 import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import { EndpointAgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
+import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
 import { getEmptyTagValue } from '../../../../common/components/empty_value';
 import type { HostItem } from '../../../../../common/search_strategy';
 import { HostPolicyResponseActionStatus } from '../../../../../common/search_strategy';
@@ -57,8 +57,9 @@ export const policyFields: EntityTableRows<ObservedEntityData<HostItem>> = [
     label: i18n.FLEET_AGENT_STATUS,
     render: (hostData: ObservedEntityData<HostItem>) =>
       hostData.details.endpoint?.hostInfo ? (
-        <EndpointAgentStatus
-          endpointHostInfo={hostData.details.endpoint?.hostInfo}
+        <AgentStatus
+          agentId={hostData.details.endpoint?.hostInfo.metadata.agent.id}
+          agentType="endpoint"
           data-test-subj="endpointHostAgentStatus"
         />
       ) : (
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
index fb6c21b61f4c8..5933be6e1a1b7 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
@@ -11,13 +11,13 @@ import { inputsSelectors } from '../../../../common/store';
 import { useHostDetails } from '../../../../explore/hosts/containers/hosts/details';
 import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
 import { useGlobalTime } from '../../../../common/containers/use_global_time';
-import { useSourcererDataView } from '../../../../sourcerer/containers';
 import type { HostItem } from '../../../../../common/search_strategy';
 import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../common/search_strategy';
 import { HOST_PANEL_OBSERVED_HOST_QUERY_ID, HOST_PANEL_RISK_SCORE_QUERY_ID } from '..';
 import { useQueryInspector } from '../../../../common/components/page/manage_query';
 import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import { getSourcererScopeId, isActiveTimeline } from '../../../../helpers';
+import { isActiveTimeline } from '../../../../helpers';
+import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
 
 export const useObservedHost = (
   hostName: string,
@@ -31,7 +31,7 @@ export const useObservedHost = (
   const { to, from } = isActiveTimelines ? timelineTime : globalTime;
   const { isInitializing, setQuery, deleteQuery } = globalTime;
 
-  const { selectedPatterns } = useSourcererDataView(getSourcererScopeId(scopeId));
+  const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
 
   const [isLoading, { hostDetails, inspect: inspectObservedHost }, refetch] = useHostDetails({
     endDate: to,
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
index 1d81792c07e1d..14bc3d3bd35db 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
@@ -18,6 +18,7 @@ const mockProps: HostPanelProps = {
   contextID: 'test-host -panel',
   scopeId: 'test-scope-id',
   isDraggable: false,
+  isPreviewMode: false,
 };
 
 jest.mock('../../../common/components/visualization_actions/visualization_embeddable');
@@ -49,6 +50,7 @@ describe('HostPanel', () => {
     expect(getByTestId('host-panel-header')).toBeInTheDocument();
     expect(queryByTestId('securitySolutionFlyoutLoading')).not.toBeInTheDocument();
     expect(getByTestId('securitySolutionFlyoutNavigationExpandDetailButton')).toBeInTheDocument();
+    expect(queryByTestId('host-preview-footer')).not.toBeInTheDocument();
   });
 
   it('renders loading state when observed host is loading', () => {
@@ -65,4 +67,19 @@ describe('HostPanel', () => {
 
     expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument();
   });
+
+  it('renders preview panel', () => {
+    const { getByTestId, queryByTestId } = render(
+      <TestProviders>
+        <HostPanel {...mockProps} isPreviewMode />
+      </TestProviders>
+    );
+
+    expect(getByTestId('host-panel-header')).toBeInTheDocument();
+    expect(getByTestId('host-preview-footer')).toBeInTheDocument();
+    expect(queryByTestId('securitySolutionFlyoutLoading')).not.toBeInTheDocument();
+    expect(
+      queryByTestId('securitySolutionFlyoutNavigationExpandDetailButton')
+    ).not.toBeInTheDocument();
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
index 580d71e091370..518e423fe0077 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
@@ -30,20 +30,23 @@ import type { ObservedEntityData } from '../shared/components/observed_entity/ty
 import { useObservedHost } from './hooks/use_observed_host';
 import { HostDetailsPanelKey } from '../host_details_left';
 import type { EntityDetailsLeftPanelTab } from '../shared/components/left_panel/left_panel_header';
+import { HostPreviewPanelFooter } from '../host_preview/footer';
 
 export interface HostPanelProps extends Record<string, unknown> {
   contextID: string;
   scopeId: string;
   hostName: string;
   isDraggable?: boolean;
+  isPreviewMode?: boolean;
 }
 
 export interface HostPanelExpandableFlyoutProps extends FlyoutPanelProps {
-  key: 'host-panel';
+  key: 'host-panel' | 'host-preview-panel';
   params: HostPanelProps;
 }
 
 export const HostPanelKey: HostPanelExpandableFlyoutProps['key'] = 'host-panel';
+export const HostPreviewPanelKey: HostPanelExpandableFlyoutProps['key'] = 'host-preview-panel';
 export const HOST_PANEL_RISK_SCORE_QUERY_ID = 'HostPanelRiskScoreQuery';
 export const HOST_PANEL_OBSERVED_HOST_QUERY_ID = 'HostPanelObservedHostQuery';
 
@@ -52,7 +55,13 @@ const FIRST_RECORD_PAGINATION = {
   querySize: 1,
 };
 
-export const HostPanel = ({ contextID, scopeId, hostName, isDraggable }: HostPanelProps) => {
+export const HostPanel = ({
+  contextID,
+  scopeId,
+  hostName,
+  isDraggable,
+  isPreviewMode,
+}: HostPanelProps) => {
   const { telemetry } = useKibana().services;
   const { openLeftPanel } = useExpandableFlyoutApi();
   const { to, from, isInitializing, setQuery, deleteQuery } = useGlobalTime();
@@ -138,7 +147,7 @@ export const HostPanel = ({ contextID, scopeId, hostName, isDraggable }: HostPan
         return (
           <>
             <FlyoutNavigation
-              flyoutIsExpandable={isRiskScoreExist}
+              flyoutIsExpandable={!isPreviewMode && isRiskScoreExist}
               expandDetails={openDefaultPanel}
             />
             <HostPanelHeader hostName={hostName} observedHost={observedHostWithAnomalies} />
@@ -149,10 +158,19 @@ export const HostPanel = ({ contextID, scopeId, hostName, isDraggable }: HostPan
               contextID={contextID}
               scopeId={scopeId}
               isDraggable={!!isDraggable}
-              openDetailsPanel={openTabPanel}
+              openDetailsPanel={!isPreviewMode ? openTabPanel : undefined}
               recalculatingScore={recalculatingScore}
               onAssetCriticalityChange={calculateEntityRiskScore}
+              isPreviewMode={isPreviewMode}
             />
+            {isPreviewMode && (
+              <HostPreviewPanelFooter
+                hostName={hostName}
+                contextID={contextID}
+                scopeId={scopeId}
+                isDraggable={!!isDraggable}
+              />
+            )}
           </>
         );
       }}
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx
index e00d6bdd365c0..358dd5357ae2f 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx
@@ -17,7 +17,7 @@ import type {
 } from '../../../../common/search_strategy/security_solution/users/managed_details';
 import { ENTRA_TAB_TEST_ID, OKTA_TAB_TEST_ID } from './test_ids';
 import { AssetDocumentTab } from './tabs/asset_document';
-import { RightPanelProvider } from '../../document_details/right/context';
+import { DocumentDetailsProvider } from '../../document_details/shared/context';
 import { RiskScoreEntity } from '../../../../common/search_strategy';
 import type { LeftPanelTabsType } from '../shared/components/left_panel/left_panel_header';
 import { EntityDetailsLeftPanelTab } from '../shared/components/left_panel/left_panel_header';
@@ -62,13 +62,13 @@ const getOktaTab = (oktaManagedUser: ManagedUserHit) => ({
     />
   ),
   content: (
-    <RightPanelProvider
+    <DocumentDetailsProvider
       id={oktaManagedUser._id}
       indexName={oktaManagedUser._index}
       scopeId={UserAssetTableType.assetOkta}
     >
       <AssetDocumentTab />
-    </RightPanelProvider>
+    </DocumentDetailsProvider>
   ),
 });
 
@@ -83,13 +83,13 @@ const getEntraTab = (entraManagedUser: ManagedUserHit) => {
       />
     ),
     content: (
-      <RightPanelProvider
+      <DocumentDetailsProvider
         id={entraManagedUser._id}
         indexName={entraManagedUser._index}
         scopeId={UserAssetTableType.assetEntra}
       >
         <AssetDocumentTab />
-      </RightPanelProvider>
+      </DocumentDetailsProvider>
     ),
   };
 };
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx
index 6289fa0a66cd8..f7c46963ba201 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx
@@ -10,8 +10,8 @@ import { render } from '@testing-library/react';
 import { TestProviders } from '../../../../common/mock';
 import { AssetDocumentTab } from './asset_document';
 import { FLYOUT_BODY_TEST_ID } from './test_ids';
-import { RightPanelContext } from '../../../document_details/right/context';
-import { mockContextValue } from '../../../document_details/right/mocks/mock_context';
+import { DocumentDetailsContext } from '../../../document_details/shared/context';
+import { mockContextValue } from '../../../document_details/shared/mocks/mock_context';
 import userEvent from '@testing-library/user-event';
 import {
   JSON_TAB_CONTENT_TEST_ID,
@@ -22,9 +22,9 @@ describe('AssetDocumentTab', () => {
   it('renders', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={mockContextValue}>
+        <DocumentDetailsContext.Provider value={mockContextValue}>
           <AssetDocumentTab />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
@@ -34,9 +34,9 @@ describe('AssetDocumentTab', () => {
   it('should preselect the table tab', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={mockContextValue}>
+        <DocumentDetailsContext.Provider value={mockContextValue}>
           <AssetDocumentTab />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
@@ -46,9 +46,9 @@ describe('AssetDocumentTab', () => {
   it('should select json tab when clicked', async () => {
     const { getByTestId, getByTitle } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={mockContextValue}>
+        <DocumentDetailsContext.Provider value={mockContextValue}>
           <AssetDocumentTab />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
@@ -60,9 +60,9 @@ describe('AssetDocumentTab', () => {
   it('should select table tab when path tab is table', async () => {
     const { getByTestId, getByTitle } = render(
       <TestProviders>
-        <RightPanelContext.Provider value={mockContextValue}>
+        <DocumentDetailsContext.Provider value={mockContextValue}>
           <AssetDocumentTab path={{ tab: 'table' }} />
-        </RightPanelContext.Provider>
+        </DocumentDetailsContext.Provider>
       </TestProviders>
     );
 
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.test.tsx
new file mode 100644
index 0000000000000..52fcee31028e1
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.test.tsx
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { render } from '@testing-library/react';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { UserPanelKey } from '../user_right';
+import { mockFlyoutApi } from '../../document_details/shared/mocks/mock_flyout_context';
+import type { UserPreviewPanelFooterProps } from './footer';
+import { UserPreviewPanelFooter } from './footer';
+
+jest.mock('@kbn/expandable-flyout', () => ({
+  useExpandableFlyoutApi: jest.fn(),
+  ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>,
+}));
+
+const mockProps: UserPreviewPanelFooterProps = {
+  userName: 'test',
+  contextID: 'test-user-panel',
+  scopeId: 'test-scope-id',
+  isDraggable: false,
+};
+
+describe('<UserPreviewPanelFooter />', () => {
+  beforeAll(() => {
+    jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+  });
+
+  it('should render footer', () => {
+    const { getByTestId } = render(<UserPreviewPanelFooter {...mockProps} />);
+    expect(getByTestId('user-preview-footer')).toBeInTheDocument();
+  });
+
+  it('should open user flyout when clicked', () => {
+    const { getByTestId } = render(<UserPreviewPanelFooter {...mockProps} />);
+
+    getByTestId('open-user-flyout').click();
+    expect(mockFlyoutApi.openFlyout).toHaveBeenCalledWith({
+      right: {
+        id: UserPanelKey,
+        params: mockProps,
+      },
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.tsx
new file mode 100644
index 0000000000000..5fb1b73e1683b
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.tsx
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import { i18n } from '@kbn/i18n';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { FlyoutFooter } from '../../shared/components/flyout_footer';
+import { UserPanelKey } from '../user_right';
+
+export interface UserPreviewPanelFooterProps {
+  contextID: string;
+  scopeId: string;
+  userName: string;
+  isDraggable?: boolean;
+}
+
+export const UserPreviewPanelFooter = ({
+  contextID,
+  scopeId,
+  userName,
+  isDraggable,
+}: UserPreviewPanelFooterProps) => {
+  const { openFlyout } = useExpandableFlyoutApi();
+
+  const openUserFlyout = useCallback(() => {
+    openFlyout({
+      right: {
+        id: UserPanelKey,
+        params: {
+          contextID,
+          userName,
+          scopeId,
+          isDraggable,
+        },
+      },
+    });
+  }, [openFlyout, userName, contextID, isDraggable, scopeId]);
+
+  return (
+    <FlyoutFooter data-test-subj={'user-preview-footer'}>
+      <EuiFlexGroup justifyContent="center">
+        <EuiFlexItem grow={false}>
+          <EuiLink onClick={openUserFlyout} target="_blank" data-test-subj={'open-user-flyout'}>
+            {i18n.translate('xpack.securitySolution.flyout.user.preview.viewDetailsLabel', {
+              defaultMessage: 'Open user details flyout',
+            })}
+          </EuiLink>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </FlyoutFooter>
+  );
+};
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.tsx
index 46e5e9beaa3aa..d7b01fe8905d5 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.tsx
@@ -34,7 +34,8 @@ interface UserPanelContentProps {
   scopeId: string;
   isDraggable: boolean;
   onAssetCriticalityChange: () => void;
-  openDetailsPanel: (tab: EntityDetailsLeftPanelTab) => void;
+  openDetailsPanel?: (tab: EntityDetailsLeftPanelTab) => void;
+  isPreviewMode?: boolean;
 }
 
 export const UserPanelContent = ({
@@ -48,6 +49,7 @@ export const UserPanelContent = ({
   isDraggable,
   openDetailsPanel,
   onAssetCriticalityChange,
+  isPreviewMode,
 }: UserPanelContentProps) => {
   const observedFields = useObservedUserItems(observedUser);
   const isManagedUserEnable = useIsExperimentalFeatureEnabled('newUserDetailsFlyoutManagedUser');
@@ -61,6 +63,7 @@ export const UserPanelContent = ({
             recalculatingScore={recalculatingScore}
             queryId={USER_PANEL_RISK_SCORE_QUERY_ID}
             openDetailsPanel={openDetailsPanel}
+            isPreviewMode={isPreviewMode}
           />
           <EuiHorizontalRule />
         </>
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
index ec52e82c26e1a..7918a400bb074 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
@@ -13,10 +13,10 @@ import type { ObservedEntityData } from '../../shared/components/observed_entity
 import { useObservedUserDetails } from '../../../../explore/users/containers/users/observed_details';
 import type { UserItem } from '../../../../../common/search_strategy';
 import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../common/search_strategy';
-import { useSourcererDataView } from '../../../../sourcerer/containers';
 import { useGlobalTime } from '../../../../common/containers/use_global_time';
 import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
-import { getSourcererScopeId, isActiveTimeline } from '../../../../helpers';
+import { isActiveTimeline } from '../../../../helpers';
+import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
 
 export const useObservedUser = (
   userName: string,
@@ -30,7 +30,7 @@ export const useObservedUser = (
   const { to, from } = isActiveTimelines ? timelineTime : globalTime;
   const { isInitializing, setQuery, deleteQuery } = globalTime;
 
-  const { selectedPatterns } = useSourcererDataView(getSourcererScopeId(scopeId));
+  const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
 
   const [loadingObservedUser, { userDetails: observedUserDetails, inspect, refetch, id: queryId }] =
     useObservedUserDetails({
diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx
index 956f4e838ff8d..bdfc967fd1508 100644
--- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx
@@ -30,27 +30,36 @@ import { UserPanelHeader } from './header';
 import { UserDetailsPanelKey } from '../user_details_left';
 import { useObservedUser } from './hooks/use_observed_user';
 import type { EntityDetailsLeftPanelTab } from '../shared/components/left_panel/left_panel_header';
+import { UserPreviewPanelFooter } from '../user_preview/footer';
 
 export interface UserPanelProps extends Record<string, unknown> {
   contextID: string;
   scopeId: string;
   userName: string;
   isDraggable?: boolean;
+  isPreviewMode?: boolean;
 }
 
 export interface UserPanelExpandableFlyoutProps extends FlyoutPanelProps {
-  key: 'user-panel';
+  key: 'user-panel' | 'user-preview-panel';
   params: UserPanelProps;
 }
 
 export const UserPanelKey: UserPanelExpandableFlyoutProps['key'] = 'user-panel';
+export const UserPreviewPanelKey: UserPanelExpandableFlyoutProps['key'] = 'user-preview-panel';
 export const USER_PANEL_RISK_SCORE_QUERY_ID = 'userPanelRiskScoreQuery';
 const FIRST_RECORD_PAGINATION = {
   cursorStart: 0,
   querySize: 1,
 };
 
-export const UserPanel = ({ contextID, scopeId, userName, isDraggable }: UserPanelProps) => {
+export const UserPanel = ({
+  contextID,
+  scopeId,
+  userName,
+  isDraggable,
+  isPreviewMode,
+}: UserPanelProps) => {
   const { telemetry } = useKibana().services;
   const userNameFilterQuery = useMemo(
     () => (userName ? buildUserNamesFilter([userName]) : undefined),
@@ -147,7 +156,7 @@ export const UserPanel = ({ contextID, scopeId, userName, isDraggable }: UserPan
         return (
           <>
             <FlyoutNavigation
-              flyoutIsExpandable={hasUserDetailsData}
+              flyoutIsExpandable={!isPreviewMode && hasUserDetailsData}
               expandDetails={openPanelFirstTab}
             />
             <UserPanelHeader
@@ -165,8 +174,17 @@ export const UserPanel = ({ contextID, scopeId, userName, isDraggable }: UserPan
               contextID={contextID}
               scopeId={scopeId}
               isDraggable={!!isDraggable}
-              openDetailsPanel={openPanelTab}
+              openDetailsPanel={!isPreviewMode ? openPanelTab : undefined}
+              isPreviewMode={isPreviewMode}
             />
+            {isPreviewMode && (
+              <UserPreviewPanelFooter
+                userName={userName}
+                contextID={contextID}
+                scopeId={scopeId}
+                isDraggable={!!isDraggable}
+              />
+            )}
           </>
         );
       }}
diff --git a/x-pack/plugins/security_solution/public/flyout/index.tsx b/x-pack/plugins/security_solution/public/flyout/index.tsx
index f312125df0ab7..b9e6b06196b2a 100644
--- a/x-pack/plugins/security_solution/public/flyout/index.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/index.tsx
@@ -11,27 +11,29 @@ import { useEuiTheme } from '@elastic/eui';
 import {
   DocumentDetailsIsolateHostPanelKey,
   DocumentDetailsLeftPanelKey,
-  DocumentDetailsPreviewPanelKey,
   DocumentDetailsRightPanelKey,
+  DocumentDetailsAlertReasonPanelKey,
+  DocumentDetailsRuleOverviewPanelKey,
 } from './document_details/shared/constants/panel_keys';
 import type { IsolateHostPanelProps } from './document_details/isolate_host';
 import { IsolateHostPanel } from './document_details/isolate_host';
 import { IsolateHostPanelProvider } from './document_details/isolate_host/context';
-import type { RightPanelProps } from './document_details/right';
+import type { DocumentDetailsProps } from './document_details/shared/types';
+import { DocumentDetailsProvider } from './document_details/shared/context';
 import { RightPanel } from './document_details/right';
-import { RightPanelProvider } from './document_details/right/context';
-import type { LeftPanelProps } from './document_details/left';
 import { LeftPanel } from './document_details/left';
-import { LeftPanelProvider } from './document_details/left/context';
-import type { PreviewPanelProps } from './document_details/preview';
-import { PreviewPanel } from './document_details/preview';
-import { PreviewPanelProvider } from './document_details/preview/context';
+import type { AlertReasonPanelProps } from './document_details/alert_reason';
+import { AlertReasonPanel } from './document_details/alert_reason';
+import { AlertReasonPanelProvider } from './document_details/alert_reason/context';
+import type { RuleOverviewPanelProps } from './document_details/rule_overview';
+import { RuleOverviewPanel } from './document_details/rule_overview';
+import { RuleOverviewPanelProvider } from './document_details/rule_overview/context';
 import type { UserPanelExpandableFlyoutProps } from './entity_details/user_right';
-import { UserPanel, UserPanelKey } from './entity_details/user_right';
+import { UserPanel, UserPanelKey, UserPreviewPanelKey } from './entity_details/user_right';
 import type { UserDetailsPanelProps } from './entity_details/user_details_left';
 import { UserDetailsPanel, UserDetailsPanelKey } from './entity_details/user_details_left';
 import type { HostPanelExpandableFlyoutProps } from './entity_details/host_right';
-import { HostPanel, HostPanelKey } from './entity_details/host_right';
+import { HostPanel, HostPanelKey, HostPreviewPanelKey } from './entity_details/host_right';
 import type { HostDetailsExpandableFlyoutProps } from './entity_details/host_details_left';
 import { HostDetailsPanel, HostDetailsPanelKey } from './entity_details/host_details_left';
 
@@ -43,25 +45,33 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels']
   {
     key: DocumentDetailsRightPanelKey,
     component: (props) => (
-      <RightPanelProvider {...(props as RightPanelProps).params}>
-        <RightPanel path={props.path as RightPanelProps['path']} />
-      </RightPanelProvider>
+      <DocumentDetailsProvider {...(props as DocumentDetailsProps).params}>
+        <RightPanel path={props.path as DocumentDetailsProps['path']} />
+      </DocumentDetailsProvider>
     ),
   },
   {
     key: DocumentDetailsLeftPanelKey,
     component: (props) => (
-      <LeftPanelProvider {...(props as LeftPanelProps).params}>
-        <LeftPanel path={props.path as LeftPanelProps['path']} />
-      </LeftPanelProvider>
+      <DocumentDetailsProvider {...(props as DocumentDetailsProps).params}>
+        <LeftPanel path={props.path as DocumentDetailsProps['path']} />
+      </DocumentDetailsProvider>
     ),
   },
   {
-    key: DocumentDetailsPreviewPanelKey,
+    key: DocumentDetailsAlertReasonPanelKey,
     component: (props) => (
-      <PreviewPanelProvider {...(props as PreviewPanelProps).params}>
-        <PreviewPanel path={props.path as PreviewPanelProps['path']} />
-      </PreviewPanelProvider>
+      <AlertReasonPanelProvider {...(props as AlertReasonPanelProps).params}>
+        <AlertReasonPanel />
+      </AlertReasonPanelProvider>
+    ),
+  },
+  {
+    key: DocumentDetailsRuleOverviewPanelKey,
+    component: (props) => (
+      <RuleOverviewPanelProvider {...(props as RuleOverviewPanelProps).params}>
+        <RuleOverviewPanel />
+      </RuleOverviewPanelProvider>
     ),
   },
   {
@@ -82,6 +92,12 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels']
       <UserDetailsPanel {...({ ...props.params, path: props.path } as UserDetailsPanelProps)} />
     ),
   },
+  {
+    key: UserPreviewPanelKey,
+    component: (props) => (
+      <UserPanel {...(props as UserPanelExpandableFlyoutProps).params} isPreviewMode />
+    ),
+  },
   {
     key: HostPanelKey,
     component: (props) => <HostPanel {...(props as HostPanelExpandableFlyoutProps).params} />,
@@ -92,6 +108,12 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels']
       <HostDetailsPanel {...(props as HostDetailsExpandableFlyoutProps).params} />
     ),
   },
+  {
+    key: HostPreviewPanelKey,
+    component: (props) => (
+      <HostPanel {...(props as HostPanelExpandableFlyoutProps).params} isPreviewMode />
+    ),
+  },
 ];
 
 /**
diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.stories.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.stories.tsx
index 25b5243e82d3a..8b76ffd65ad3c 100644
--- a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.stories.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.stories.tsx
@@ -29,6 +29,11 @@ export const Default: Story<void> = () => {
   return <ExpandablePanel {...defaultProps}>{children}</ExpandablePanel>;
 };
 
+export const DefaultWithoutIcon: Story<void> = () => {
+  const props = { header: { title: 'title' } };
+  return <ExpandablePanel {...props}>{children}</ExpandablePanel>;
+};
+
 export const DefaultWithHeaderContent: Story<void> = () => {
   const props = {
     ...defaultProps,
diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.test.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.test.tsx
index 4889e4ebe005a..483ee3d378bbd 100644
--- a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.test.tsx
@@ -44,6 +44,30 @@ describe('<ExpandablePanel />', () => {
       expect(queryByTestId(EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument();
     });
 
+    it('should not render if iconType is not available', () => {
+      const props = {
+        ...defaultProps,
+        header: {
+          ...defaultProps.header,
+          iconType: undefined,
+          headerContent: <>{'test header content'}</>,
+        },
+      };
+      const { getByTestId, queryByTestId } = render(
+        <ThemeProvider theme={mockTheme}>
+          <ExpandablePanel {...props}>{children}</ExpandablePanel>
+        </ThemeProvider>
+      );
+
+      expect(getByTestId(EXPANDABLE_PANEL_CONTENT_TEST_ID(TEST_ID))).toHaveTextContent(
+        'test content'
+      );
+      expect(
+        queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_ICON_TEST_ID(TEST_ID))
+      ).not.toBeInTheDocument();
+      expect(queryByTestId(EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument();
+    });
+
     it('should only render left section of panel header when headerContent is not passed', () => {
       const { getByTestId, queryByTestId } = render(
         <ThemeProvider theme={mockTheme}>
diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.tsx
index 8f2fc863ad000..aa97446f701e1 100644
--- a/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/shared/components/expandable_panel.tsx
@@ -35,7 +35,7 @@ export interface ExpandablePanelPanelProps {
       /**
        * Callback function to be called when the title is clicked
        */
-      callback: () => void;
+      callback?: () => void;
       /**
        * Tooltip text to be displayed around the title link
        */
@@ -44,7 +44,7 @@ export interface ExpandablePanelPanelProps {
     /**
      * Icon string for displaying the specified icon in the header
      */
-    iconType: IconType;
+    iconType?: IconType;
     /**
      * Optional content and actions to be displayed next to header or on the right side of header
      */
@@ -121,7 +121,12 @@ export const ExpandablePanel: FC<PropsWithChildren<ExpandablePanelPanelProps>> =
 
   const headerLeftSection = useMemo(
     () => (
-      <EuiFlexItem grow={false}>
+      <EuiFlexItem
+        grow={false}
+        css={css`
+          min-height: ${euiTheme.size.xl};
+        `}
+      >
         <EuiFlexGroup
           alignItems="center"
           gutterSize="s"
@@ -129,16 +134,18 @@ export const ExpandablePanel: FC<PropsWithChildren<ExpandablePanelPanelProps>> =
           data-test-subj={`${dataTestSubj}LeftSection`}
         >
           <EuiFlexItem grow={false}>{expandable && children && toggleIcon}</EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiIcon
-              color={link?.callback ? 'primary' : 'text'}
-              type={iconType}
-              css={css`
-                margin: ${euiTheme.size.s} 0;
-              `}
-              data-test-subj={`${dataTestSubj}TitleIcon`}
-            />
-          </EuiFlexItem>
+          {iconType && (
+            <EuiFlexItem grow={false}>
+              <EuiIcon
+                color={link?.callback ? 'primary' : 'text'}
+                type={iconType}
+                css={css`
+                  margin: ${euiTheme.size.s} 0;
+                `}
+                data-test-subj={`${dataTestSubj}TitleIcon`}
+              />
+            </EuiFlexItem>
+          )}
           <EuiFlexItem grow={false}>
             {link?.callback ? (
               <EuiToolTip content={link?.tooltip}>
@@ -170,6 +177,7 @@ export const ExpandablePanel: FC<PropsWithChildren<ExpandablePanelPanelProps>> =
       link?.callback,
       iconType,
       euiTheme.size.s,
+      euiTheme.size.xl,
       link?.tooltip,
       title,
     ]
diff --git a/x-pack/plugins/security_solution/public/management/common/constants.ts b/x-pack/plugins/security_solution/public/management/common/constants.ts
index b362f696e9756..4b050266f3ac3 100644
--- a/x-pack/plugins/security_solution/public/management/common/constants.ts
+++ b/x-pack/plugins/security_solution/public/management/common/constants.ts
@@ -41,5 +41,5 @@ export const MANAGEMENT_DEFAULT_SORT_ORDER = 'desc';
 export const MANAGEMENT_DEFAULT_SORT_FIELD = 'created_at';
 
 // --[ DEFAULTS ]---------------------------------------------------------------------------
-/** The default polling interval to start all polling pages */
+/** The default polling interval for API calls that require a refresh interval */
 export const DEFAULT_POLL_INTERVAL = 10000;
diff --git a/x-pack/plugins/security_solution/public/management/common/utils.test.ts b/x-pack/plugins/security_solution/public/management/common/utils.test.ts
index 30354c141f833..b04500642d9a4 100644
--- a/x-pack/plugins/security_solution/public/management/common/utils.test.ts
+++ b/x-pack/plugins/security_solution/public/management/common/utils.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { parseQueryFilterToKQL } from './utils';
+import { getPolicyQuery, parseQueryFilterToKQL } from './utils';
 
 describe('utils', () => {
   const searchableFields = [`name`, `description`, `entries.value`, `entries.entries.value`];
@@ -39,4 +39,20 @@ describe('utils', () => {
       );
     });
   });
+
+  describe('getPolicyQuery', () => {
+    it('should translate policy ID to kuery', () => {
+      expect(getPolicyQuery('aaa')).toBe('exception-list-agnostic.attributes.tags:"policy:aaa"');
+    });
+
+    it('should translate global policy ID to kuery using `policy:all`', () => {
+      expect(getPolicyQuery('global')).toBe('exception-list-agnostic.attributes.tags:"policy:all"');
+    });
+
+    it('should translate unassigned policy ID to kuery using `policy:all`', () => {
+      expect(getPolicyQuery('unassigned')).toBe(
+        '(not exception-list-agnostic.attributes.tags:policy\\:*)'
+      );
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/management/common/utils.ts b/x-pack/plugins/security_solution/public/management/common/utils.ts
index 8b88fcaff8a78..1a1569bcb8b63 100644
--- a/x-pack/plugins/security_solution/public/management/common/utils.ts
+++ b/x-pack/plugins/security_solution/public/management/common/utils.ts
@@ -25,9 +25,9 @@ export const parseQueryFilterToKQL = (
   return `(${kuery})`;
 };
 
-const getPolicyQuery = (policyId: string): string => {
+export const getPolicyQuery = (policyId: string): string => {
   if (policyId === 'global') return 'exception-list-agnostic.attributes.tags:"policy:all"';
-  if (policyId === 'unassigned') return '(not exception-list-agnostic.attributes.tags:*)';
+  if (policyId === 'unassigned') return '(not exception-list-agnostic.attributes.tags:policy\\:*)';
   return `exception-list-agnostic.attributes.tags:"policy:${policyId}"`;
 };
 
diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/command_execution_result.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/command_execution_result.tsx
index 563c20e4317fd..79d208fbb3c57 100644
--- a/x-pack/plugins/security_solution/public/management/components/console/components/command_execution_result.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/console/components/command_execution_result.tsx
@@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n';
 import type { CommonProps } from '@elastic/eui';
 import { EuiPanel, EuiSpacer } from '@elastic/eui';
 import classNames from 'classnames';
+import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
 import { useDataTestSubj } from '../hooks/state_selectors/use_data_test_subj';
 import { useTestIdGenerator } from '../../../hooks/use_test_id_generator';
 import { ConsoleText } from './console_text';
@@ -19,6 +20,10 @@ const COMMAND_EXECUTION_RESULT_SUCCESS_TITLE = i18n.translate(
   'xpack.securitySolution.commandExecutionResult.successTitle',
   { defaultMessage: 'Action completed.' }
 );
+const COMMAND_EXECUTION_SUBMIT_RESULT_SUCCESS_TITLE = i18n.translate(
+  'xpack.securitySolution.commandExecutionSubmitResult.successTitle',
+  { defaultMessage: 'Action successfully submitted.' }
+);
 const COMMAND_EXECUTION_RESULT_FAILURE_TITLE = i18n.translate(
   'xpack.securitySolution.commandExecutionResult.failureTitle',
   { defaultMessage: 'Action failed.' }
@@ -47,6 +52,8 @@ export type CommandExecutionResultProps = PropsWithChildren<{
 
   className?: CommonProps['className'];
 
+  agentType?: ResponseActionAgentType;
+
   'data-test-subj'?: string;
 }>;
 
@@ -63,6 +70,7 @@ export const CommandExecutionResult = memo<CommandExecutionResultProps>(
     'data-test-subj': dataTestSubj,
     className,
     children,
+    agentType,
   }) => {
     const consoleDataTestSubj = useDataTestSubj();
     const getTestId = useTestIdGenerator(dataTestSubj ?? consoleDataTestSubj);
@@ -76,6 +84,19 @@ export const CommandExecutionResult = memo<CommandExecutionResultProps>(
       });
     }, [className, showAs]);
 
+    const titleMessage = useMemo(() => {
+      if (title) {
+        return title;
+      }
+      if (showAs === 'success') {
+        return agentType === 'crowdstrike'
+          ? COMMAND_EXECUTION_SUBMIT_RESULT_SUCCESS_TITLE
+          : COMMAND_EXECUTION_RESULT_SUCCESS_TITLE;
+      } else {
+        return COMMAND_EXECUTION_RESULT_FAILURE_TITLE;
+      }
+    }, [agentType, showAs, title]);
+
     return (
       <EuiPanel
         hasShadow={false}
@@ -92,11 +113,7 @@ export const CommandExecutionResult = memo<CommandExecutionResultProps>(
             {showTitle && (
               <>
                 <ConsoleText color={showAs === 'success' ? 'success' : 'danger'}>
-                  {title
-                    ? title
-                    : showAs === 'success'
-                    ? COMMAND_EXECUTION_RESULT_SUCCESS_TITLE
-                    : COMMAND_EXECUTION_RESULT_FAILURE_TITLE}
+                  {titleMessage}
                 </ConsoleText>
 
                 <EuiSpacer size="s" />
diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_header.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_header.tsx
index 7fbc0b53e5413..8c7d9116d3a35 100644
--- a/x-pack/plugins/security_solution/public/management/components/console/components/console_header.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_header.tsx
@@ -55,12 +55,13 @@ export const ConsoleHeader = memo<ConsoleHeaderProps>(({ TitleComponent }) => {
       <EuiFlexItem
         grow={1}
         className="eui-textTruncate noThemeOverrides"
+        css={{ maxWidth: '95%' }}
         data-test-subj={getTestId('titleComponentContainer')}
       >
         {TitleComponent ? <TitleComponent /> : ''}
       </EuiFlexItem>
       {!isHelpOpen && (
-        <EuiFlexItem grow={1}>
+        <EuiFlexItem grow={false}>
           <StyledEuiButtonEmpty
             style={{ marginLeft: 'auto' }}
             onClick={handleHelpButtonOnClick}
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx
new file mode 100644
index 0000000000000..747548fc2dac6
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx
@@ -0,0 +1,429 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type { ActionDetails, MaybeImmutable } from '../../../../common/endpoint/types';
+import type { AppContextTestRender } from '../../../common/mock/endpoint';
+import { createAppRootMockRenderer } from '../../../common/mock/endpoint';
+import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
+import { EndpointActionFailureMessage } from './endpoint_action_failure_message';
+
+describe('EndpointActionFailureMessage', () => {
+  const testPrefix = 'test';
+  const testId = `${testPrefix}-response-action-failure-info`;
+
+  let appTestContext: AppContextTestRender;
+  let render: () => ReturnType<AppContextTestRender['render']>;
+  let renderResult: ReturnType<typeof render>;
+  let action: MaybeImmutable<ActionDetails>;
+
+  beforeEach(() => {
+    appTestContext = createAppRootMockRenderer();
+    action = new EndpointActionGenerator('seed').generateActionDetails({});
+
+    render = () =>
+      (renderResult = appTestContext.render(
+        <EndpointActionFailureMessage action={action} data-test-subj={testPrefix} />
+      ));
+  });
+
+  it('should not render when action is not completed', () => {
+    action = { ...action, agents: ['agent-fails-a-lot'], isCompleted: false };
+    render();
+    expect(renderResult.queryByTestId(testId)).toBeNull();
+  });
+
+  it('should not render when action is successful', () => {
+    action = { ...action, agents: ['agent-fails-a-lot'], wasSuccessful: true };
+    render();
+    expect(renderResult.queryByTestId(testId)).toBeNull();
+  });
+
+  it('should render `unknown error` when no errors/outputs', () => {
+    action = {
+      ...action,
+      agents: ['agent-fails-a-lot'],
+      command: 'scan',
+      isCompleted: true,
+      wasSuccessful: false,
+      hosts: {
+        'agent-fails-a-lot': {
+          name: 'Fails-a-lot',
+        },
+      },
+      errors: undefined,
+      agentState: {
+        'agent-fails-a-lot': {
+          isCompleted: true,
+          wasSuccessful: false,
+          completedAt: new Date().toISOString(),
+          errors: undefined,
+        },
+      },
+      outputs: undefined,
+    };
+    render();
+    const { getByTestId } = renderResult;
+    const unknownErrorMessage = getByTestId(testId);
+
+    expect(unknownErrorMessage).not.toBeNull();
+    expect(unknownErrorMessage.textContent).toEqual(
+      'The following errors were encountered:An unknown error occurred'
+    );
+  });
+
+  describe('when there is a single agent for the action', () => {
+    it('should show errors and outputs for an agent', () => {
+      action = {
+        ...action,
+        agents: ['agent-fails-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-fails-a-lot': {
+            name: 'Fails-a-lot',
+          },
+        },
+        errors: ['Error info A', 'Error info B', 'Error info C'],
+        agentState: {
+          'agent-fails-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info A', 'Error info B', 'Error info C'],
+          },
+        },
+        outputs: {
+          'agent-fails-a-lot': {
+            type: 'json',
+            content: {
+              code: 'ra_scan_error_scan-queue-quota',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following errors were encountered:Too many scans are queued | Error info A | Error info B | Error info C'
+      );
+    });
+
+    it('should show errors for an agent when unknown output code', () => {
+      action = {
+        ...action,
+        agents: ['agent-fails-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-fails-a-lot': {
+            name: 'Fails-a-lot',
+          },
+        },
+        errors: ['Error info A', 'Error info B', 'Error info C'],
+        agentState: {
+          'agent-fails-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info A', 'Error info B', 'Error info C'],
+          },
+        },
+        outputs: {
+          'agent-fails-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following errors were encountered:Error info A | Error info B | Error info C'
+      );
+    });
+
+    it('should show single error for an agent when unknown output code', () => {
+      action = {
+        ...action,
+        agents: ['agent-fails-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-fails-a-lot': {
+            name: 'Fails-a-lot',
+          },
+        },
+        errors: ['Error info A'],
+        agentState: {
+          'agent-fails-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info A'],
+          },
+        },
+        outputs: {
+          'agent-fails-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following error was encountered:Error info A'
+      );
+    });
+  });
+
+  describe('when there are multiple agents for the action', () => {
+    it('should show errors and outputs for each agent grouped by Host/Errors', () => {
+      action = {
+        ...action,
+        agents: ['agent-fails-a-lot', 'agent-errs-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-fails-a-lot': {
+            name: 'Fails-a-lot',
+          },
+          'agent-errs-a-lot': {
+            name: 'Errs-a-lot',
+          },
+        },
+        errors: ['Error info A', 'Error info B', 'Error info C'],
+        agentState: {
+          'agent-fails-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info A', 'Error info B', 'Error info C'],
+          },
+          'agent-errs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info P', 'Error info Q', 'Error info R'],
+          },
+        },
+        outputs: {
+          'agent-fails-a-lot': {
+            type: 'json',
+            content: {
+              code: 'ra_scan_error_scan-queue-quota',
+            },
+          },
+          'agent-errs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'ra_scan_error_not-found',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following errors were encountered:Host: Fails-a-lotErrors: Too many scans are queued | Error info A | Error info B | Error info CHost: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R'
+      );
+    });
+
+    it('should show errors for each agent grouped by Host/Errors, when unknown output codes', () => {
+      action = {
+        ...action,
+        agents: ['agent-fails-a-lot', 'agent-errs-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-fails-a-lot': {
+            name: 'Fails-a-lot',
+          },
+          'agent-errs-a-lot': {
+            name: 'Errs-a-lot',
+          },
+        },
+        errors: [
+          'Error info A',
+          'Error info B',
+          'Error info C',
+          'Error info P',
+          'Error info Q',
+          'Error info R',
+        ],
+        agentState: {
+          'agent-fails-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info A', 'Error info B', 'Error info C'],
+          },
+          'agent-errs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info P', 'Error info Q', 'Error info R'],
+          },
+        },
+        outputs: {
+          'agent-fails-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+          'agent-errs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following errors were encountered:Host: Fails-a-lotErrors: Error info A | Error info B | Error info CHost: Errs-a-lotErrors: Error info P | Error info Q | Error info R'
+      );
+    });
+
+    it('should show errors and outputs for each agent grouped by Host/Errors for agents that have errors', () => {
+      action = {
+        ...action,
+        agents: ['agent-runs-a-lot', 'agent-errs-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-runs-a-lot': {
+            name: 'runs-a-lot',
+          },
+          'agent-errs-a-lot': {
+            name: 'Errs-a-lot',
+          },
+        },
+        errors: ['Error info P', 'Error info Q', 'Error info R'],
+        agentState: {
+          'agent-runs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: true,
+            completedAt: new Date().toISOString(),
+            errors: undefined,
+          },
+          'agent-errs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: ['Error info P', 'Error info Q', 'Error info R'],
+          },
+        },
+        outputs: {
+          'agent-runs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+          'agent-errs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'ra_scan_error_not-found',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following errors were encountered:Host: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R'
+      );
+    });
+
+    it('should show errors and outputs for each agent grouped by Host/Errors for agents that have a single error/output code', () => {
+      action = {
+        ...action,
+        agents: ['agent-runs-a-lot', 'agent-errs-a-lot'],
+        command: 'scan',
+        isCompleted: true,
+        wasSuccessful: false,
+        hosts: {
+          'agent-runs-a-lot': {
+            name: 'runs-a-lot',
+          },
+          'agent-errs-a-lot': {
+            name: 'Errs-a-lot',
+          },
+        },
+        errors: [],
+        agentState: {
+          'agent-runs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: true,
+            completedAt: new Date().toISOString(),
+            errors: undefined,
+          },
+          'agent-errs-a-lot': {
+            isCompleted: true,
+            wasSuccessful: false,
+            completedAt: new Date().toISOString(),
+            errors: [],
+          },
+        },
+        outputs: {
+          'agent-runs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'non_existent_code',
+            },
+          },
+          'agent-errs-a-lot': {
+            type: 'json',
+            content: {
+              code: 'ra_scan_error_not-found',
+            },
+          },
+        },
+      };
+      render();
+      const { getByTestId } = renderResult;
+
+      const errorMessages = getByTestId(testId);
+      expect(errorMessages).not.toBeNull();
+      expect(errorMessages.textContent).toContain(
+        'The following error was encountered:Host: Errs-a-lotErrors: File path or folder was not found (404)'
+      );
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
index f9f982188ffa4..44fc869a2d526 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
@@ -9,71 +9,123 @@ import React, { memo, useMemo } from 'react';
 import { EuiSpacer } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
+import { getEmptyValue } from '../../../common/components/empty_value';
 import { endpointActionResponseCodes } from '../endpoint_responder/lib/endpoint_action_response_codes';
 import type { ActionDetails, MaybeImmutable } from '../../../../common/endpoint/types';
+import { KeyValueDisplay } from '../key_value_display';
+import { useTestIdGenerator } from '../../hooks/use_test_id_generator';
+
+const emptyValue = getEmptyValue();
+
+const ERROR_INFO_LABELS = Object.freeze<Record<string, string>>({
+  errors: i18n.translate('xpack.securitySolution.endpointActionFailureMessage.errors', {
+    defaultMessage: 'Errors',
+  }),
+  host: i18n.translate('xpack.securitySolution.endpointActionFailureMessage.host', {
+    defaultMessage: 'Host',
+  }),
+});
 
 interface EndpointActionFailureMessageProps {
   action: MaybeImmutable<ActionDetails>;
   'data-test-subj'?: string;
 }
 
+// logic for determining agent host/errors info
+const getAgentErrors = (action: MaybeImmutable<ActionDetails>) => {
+  const allAgentErrors: Array<{ name: string; errors: string[] }> = [];
+
+  if (action.outputs || (action.errors && action.errors.length)) {
+    for (const agent of action.agents) {
+      const endpointAgentOutput = action.outputs?.[agent];
+
+      const agentState = action.agentState[agent];
+      const hasErrors = agentState && agentState.errors;
+      const hasOutputCode: boolean =
+        !!endpointAgentOutput &&
+        endpointAgentOutput.type === 'json' &&
+        !!endpointAgentOutput.content &&
+        !!endpointAgentOutput.content.code;
+
+      const agentErrorInfo: { name: string; errors: string[] } = { name: '', errors: [] };
+
+      if (
+        hasOutputCode &&
+        !!endpointAgentOutput &&
+        !!endpointActionResponseCodes[endpointAgentOutput.content.code]
+      ) {
+        agentErrorInfo.errors.push(endpointActionResponseCodes[endpointAgentOutput.content.code]);
+      }
+
+      if (hasErrors) {
+        const errorMessages: string[] = [...new Set(agentState.errors)];
+        agentErrorInfo.errors.push(...errorMessages);
+      }
+
+      if (agentErrorInfo.errors.length && action.hosts[agent]?.name) {
+        agentErrorInfo.name = action.hosts[agent].name;
+      }
+
+      if (agentErrorInfo.errors.length) {
+        allAgentErrors.push(agentErrorInfo);
+      }
+    }
+  }
+
+  return allAgentErrors;
+};
+
 export const EndpointActionFailureMessage = memo<EndpointActionFailureMessageProps>(
   ({ action, 'data-test-subj': dataTestSubj }) => {
+    const getTestId = useTestIdGenerator(dataTestSubj);
+
     return useMemo(() => {
       if (!action.isCompleted || action.wasSuccessful) {
         return null;
       }
 
-      const errors: string[] = [];
-
-      // Determine if each endpoint returned a response code and if so,
-      // see if we have a localized message for it
-      if (action.outputs) {
-        for (const agent of action.agents) {
-          const endpointAgentOutput = action.outputs[agent];
-
-          if (
-            endpointAgentOutput &&
-            endpointAgentOutput.type === 'json' &&
-            endpointAgentOutput.content.code &&
-            endpointActionResponseCodes[endpointAgentOutput.content.code]
-          ) {
-            errors.push(endpointActionResponseCodes[endpointAgentOutput.content.code]);
-          }
-        }
-      }
+      const allAgentErrors = getAgentErrors(action);
 
-      if (!errors.length) {
-        if (action.errors) {
-          errors.push(...action.errors);
-        } else {
-          errors.push(
-            i18n.translate('xpack.securitySolution.endpointActionFailureMessage.unknownFailure', {
-              defaultMessage: 'Action failed',
-            })
-          );
-        }
-      }
+      const errorCount = allAgentErrors
+        .map((agentErrorInfo) => agentErrorInfo.errors)
+        .flat().length;
+      const isMultiAgentAction = errorCount && action.agents.length > 1;
 
       return (
-        <div data-test-subj={dataTestSubj}>
+        <div data-test-subj={getTestId('response-action-failure-info')}>
           <FormattedMessage
             id="xpack.securitySolution.endpointResponseActions.actionError.errorMessage"
             defaultMessage="The following { errorCount, plural, =1 {error was} other {errors were}} encountered:"
-            values={{ errorCount: errors.length }}
+            values={{ errorCount }}
           />
           <EuiSpacer size="s" />
-          <div>{errors.join(' | ')}</div>
+          <>
+            {!errorCount ? (
+              <FormattedMessage
+                id="xpack.securitySolution.endpointActionFailureMessage.unknownFailure"
+                defaultMessage="An unknown error occurred"
+              />
+            ) : isMultiAgentAction ? (
+              allAgentErrors.map((agentErrorInfo) => (
+                <div key={agentErrorInfo.name}>
+                  <KeyValueDisplay
+                    name={ERROR_INFO_LABELS.host}
+                    value={agentErrorInfo.name.length ? agentErrorInfo.name : emptyValue}
+                  />
+                  <KeyValueDisplay
+                    name={ERROR_INFO_LABELS.errors}
+                    value={agentErrorInfo.errors.join(' | ')}
+                  />
+                  <EuiSpacer size="s" />
+                </div>
+              ))
+            ) : (
+              <>{allAgentErrors[0].errors.join(' | ')}</>
+            )}
+          </>
         </div>
       );
-    }, [
-      action.agents,
-      action.errors,
-      action.isCompleted,
-      action.outputs,
-      action.wasSuccessful,
-      dataTestSubj,
-    ]);
+    }, [action, getTestId]);
   }
 );
 EndpointActionFailureMessage.displayName = 'EndpointActionFailureMessage';
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.test.tsx
deleted file mode 100644
index 3b98fb46ecd28..0000000000000
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.test.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { AppContextTestRender } from '../../../common/mock/endpoint';
-import { createAppRootMockRenderer } from '../../../common/mock/endpoint';
-import type { EndpointAppliedPolicyStatusProps } from './endpoint_applied_policy_status';
-import { EndpointAppliedPolicyStatus } from './endpoint_applied_policy_status';
-import React from 'react';
-import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data';
-import { POLICY_STATUS_TO_TEXT } from '../../pages/endpoint_hosts/view/host_constants';
-
-describe('when using EndpointPolicyStatus component', () => {
-  let render: () => ReturnType<AppContextTestRender['render']>;
-  let renderResult: ReturnType<AppContextTestRender['render']>;
-  let renderProps: EndpointAppliedPolicyStatusProps;
-
-  beforeEach(() => {
-    const appTestContext = createAppRootMockRenderer();
-
-    renderProps = {
-      policyApplied: new EndpointDocGenerator('seed').generateHostMetadata().Endpoint.policy
-        .applied,
-    };
-
-    render = () => {
-      renderResult = appTestContext.render(<EndpointAppliedPolicyStatus {...renderProps} />);
-      return renderResult;
-    };
-  });
-
-  it('should display status from metadata `policy.applied` value', () => {
-    render();
-
-    expect(renderResult.getByTestId('policyStatus').textContent).toEqual(
-      POLICY_STATUS_TO_TEXT[renderProps.policyApplied.status]
-    );
-  });
-
-  it('should display status passed as `children`', () => {
-    renderProps.children = 'status goes here';
-    render();
-
-    expect(renderResult.getByTestId('policyStatus').textContent).toEqual('status goes here');
-  });
-});
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.tsx
deleted file mode 100644
index 22574fd2d8d10..0000000000000
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_applied_policy_status/endpoint_applied_policy_status.tsx
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { PropsWithChildren } from 'react';
-import React, { memo } from 'react';
-import { EuiHealth, EuiToolTip, EuiText, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
-import {
-  POLICY_STATUS_TO_HEALTH_COLOR,
-  POLICY_STATUS_TO_TEXT,
-} from '../../pages/endpoint_hosts/view/host_constants';
-import type { HostMetadata } from '../../../../common/endpoint/types';
-
-/**
- * Displays the status of an applied policy on the Endpoint (using the information provided
- * by the endpoint in the Metadata document `Endpoint.policy.applied`.
- * By default, the policy status is displayed as plain text, however, that can be overridden
- * by defining the `children` prop or passing a child component to this one.
- */
-export type EndpointAppliedPolicyStatusProps = PropsWithChildren<{
-  policyApplied: HostMetadata['Endpoint']['policy']['applied'];
-}>;
-
-/**
- * Display the status of the Policy applied on an endpoint
- */
-export const EndpointAppliedPolicyStatus = memo<EndpointAppliedPolicyStatusProps>(
-  ({ policyApplied, children }) => {
-    return (
-      <EuiToolTip
-        title={
-          <FormattedMessage
-            id="xpack.securitySolution.endpointPolicyStatus.tooltipTitleLabel"
-            defaultMessage="Policy applied"
-          />
-        }
-        anchorClassName="eui-textTruncate"
-        content={
-          <EuiFlexGroup
-            responsive={false}
-            gutterSize="s"
-            alignItems="center"
-            data-test-subj="endpointAppliedPolicyTooltipInfo"
-          >
-            <EuiFlexItem className="eui-textTruncate" grow>
-              <EuiText size="s" className="eui-textTruncate">
-                {policyApplied.name}
-              </EuiText>
-            </EuiFlexItem>
-
-            {policyApplied.endpoint_policy_version && (
-              <EuiFlexItem grow={false}>
-                <EuiText
-                  color="subdued"
-                  size="xs"
-                  style={{ whiteSpace: 'nowrap', paddingLeft: '6px' }}
-                  className="eui-textTruncate"
-                  data-test-subj="policyRevision"
-                >
-                  <FormattedMessage
-                    id="xpack.securitySolution.endpointPolicyStatus.revisionNumber"
-                    defaultMessage="rev. {revNumber}"
-                    values={{ revNumber: policyApplied.endpoint_policy_version }}
-                  />
-                </EuiText>
-              </EuiFlexItem>
-            )}
-          </EuiFlexGroup>
-        }
-      >
-        <EuiHealth
-          color={POLICY_STATUS_TO_HEALTH_COLOR[policyApplied.status]}
-          className="eui-textTruncate eui-fullWidth"
-          data-test-subj="policyStatus"
-        >
-          {children !== undefined ? children : POLICY_STATUS_TO_TEXT[policyApplied.status]}
-        </EuiHealth>
-      </EuiToolTip>
-    );
-  }
-);
-EndpointAppliedPolicyStatus.displayName = 'EndpointAppliedPolicyStatus';
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.test.tsx
new file mode 100644
index 0000000000000..37a9791c58837
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.test.tsx
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AppContextTestRender, UserPrivilegesMockSetter } from '../../common/mock/endpoint';
+import { createAppRootMockRenderer } from '../../common/mock/endpoint';
+import React from 'react';
+import type { EndpointPolicyLinkProps } from './endpoint_policy_link';
+import { EndpointPolicyLink, POLICY_NOT_FOUND_MESSAGE } from './endpoint_policy_link';
+import { useUserPrivileges as _useUserPrivileges } from '../../common/components/user_privileges';
+
+jest.mock('../../common/components/user_privileges');
+
+const useUserPrivilegesMock = _useUserPrivileges as jest.Mock;
+
+describe('EndpointPolicyLink component', () => {
+  let render: () => ReturnType<AppContextTestRender['render']>;
+  let renderResult: ReturnType<AppContextTestRender['render']>;
+  let props: EndpointPolicyLinkProps;
+  let authzSettter: UserPrivilegesMockSetter;
+
+  beforeEach(() => {
+    const appTestContext = createAppRootMockRenderer();
+
+    props = {
+      policyId: 'abc-123',
+      'data-test-subj': 'test',
+      children: 'policy name here',
+    };
+
+    authzSettter = appTestContext.getUserPrivilegesMockSetter(useUserPrivilegesMock);
+
+    render = () => {
+      renderResult = appTestContext.render(<EndpointPolicyLink {...props} />);
+      return renderResult;
+    };
+  });
+
+  afterEach(() => {
+    authzSettter.reset();
+  });
+
+  it('should display policy as a link to policy details page', () => {
+    const { getByTestId, queryByTestId } = render();
+
+    expect(getByTestId('test-displayContent')).toHaveTextContent(props.children as string);
+    expect(getByTestId('test-link')).toBeTruthy();
+    expect(queryByTestId('test-revision')).toBeNull();
+    expect(queryByTestId('test-outdatedMsg')).toBeNull();
+    expect(queryByTestId('test-policyNotFoundMsg')).toBeNull();
+  });
+
+  it('should display regular text (no link) if user has no authz to read policy details', () => {
+    authzSettter.set({ canReadPolicyManagement: false });
+    const { getByTestId, queryByTestId } = render();
+
+    expect(getByTestId('test-displayContent')).toHaveTextContent(props.children as string);
+    expect(queryByTestId('test-link')).toBeNull();
+  });
+
+  it('should display regular text (no link) if policy does not exist', () => {
+    props.policyExists = false;
+    const { getByTestId, queryByTestId } = render();
+
+    expect(getByTestId('test-displayContent')).toHaveTextContent(props.children as string);
+    expect(queryByTestId('test-link')).toBeNull();
+  });
+
+  it('should display regular text (no link) if policy id is empty string', () => {
+    props.policyId = '';
+    const { getByTestId, queryByTestId } = render();
+
+    expect(getByTestId('test-displayContent')).toHaveTextContent(props.children as string);
+    expect(queryByTestId('test-link')).toBeNull();
+  });
+
+  it('should display revision', () => {
+    props.revision = 10;
+    const { getByTestId } = render();
+
+    expect(getByTestId('test-revision')).toHaveTextContent('rev. 10');
+  });
+
+  it('should display out-of-date message', () => {
+    props.isOutdated = true;
+    const { getByTestId } = render();
+
+    expect(getByTestId('test-outdatedMsg')).toHaveTextContent('Out-of-date');
+  });
+
+  it('should display policy no longer available', () => {
+    props.policyExists = false;
+    const { getByTestId } = render();
+
+    expect(getByTestId('test-policyNotFoundMsg')).toHaveTextContent(POLICY_NOT_FOUND_MESSAGE);
+  });
+
+  it('should display all info. when policy is missing and out of date', () => {
+    props.revision = 10;
+    props.isOutdated = true;
+    props.policyExists = false;
+    const { getByTestId } = render();
+
+    expect(getByTestId('test').textContent).toEqual('policy name hererev. 10Out-of-date');
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.tsx
index dab1d5e98c722..f98e16a3ef137 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_policy_link.tsx
@@ -6,60 +6,200 @@
  */
 
 import React, { memo, useMemo } from 'react';
-import type { EuiLinkAnchorProps } from '@elastic/eui';
-import { EuiLink, EuiText, EuiIcon } from '@elastic/eui';
+import type { EuiLinkAnchorProps, EuiTextProps } from '@elastic/eui';
+import { EuiLink, EuiText, EuiIcon, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
+import { i18n } from '@kbn/i18n';
+import { useTestIdGenerator } from '../hooks/use_test_id_generator';
 import { getPolicyDetailPath } from '../common/routing';
 import { useNavigateByRouterEventHandler } from '../../common/hooks/endpoint/use_navigate_by_router_event_handler';
 import { useAppUrl } from '../../common/lib/kibana/hooks';
 import type { PolicyDetailsRouteState } from '../../../common/endpoint/types';
+import { useUserPrivileges } from '../../common/components/user_privileges';
+
+export const POLICY_NOT_FOUND_MESSAGE = i18n.translate(
+  'xpack.securitySolution.endpointPolicyLink.policyNotFound',
+  { defaultMessage: 'Policy no longer available!' }
+);
+
+export type EndpointPolicyLinkProps = Omit<EuiLinkAnchorProps, 'href'> & {
+  policyId: string;
+  /**
+   * If defined, then a tooltip will also be shown when a user hovers over the dispplayed value (`children`).
+   * When set to `true`, the tooltip content will be the same as the value that is
+   * displayed (`children`). The tooltip can also be customized by passing in the content to be shown.
+   */
+  tooltip?: boolean | React.ReactNode;
+  /**
+   * The revision of the policy that the Endpoint is running with (normally obtained from the host's metadata.
+   */
+  revision?: number;
+  /**
+   * Will display an "out of date" message.
+   */
+  isOutdated?: boolean;
+  /** Text size to be applied to the display content (`children`) */
+  textSize?: EuiTextProps['size'];
+  /**
+   * If policy still exists. In some cases, we could be displaying the policy name for a policy
+   * that no longer exists (ex. it was deleted, but we still have data in ES that references that deleted policy)
+   * When set to `true`, a link to the policy wil not be shown and the display value (`children`)
+   * will have a message appended to it indicating policy no longer available.
+   */
+  policyExists?: boolean;
+  backLink?: PolicyDetailsRouteState['backLink'];
+};
 
 /**
- * A policy link (to details) that first checks to see if the policy id exists against
- * the `nonExistingPolicies` value in the store. If it does not exist, then regular
- * text is returned.
+ * Will display the provided content (`children`) as a link that takes the user to the Endpoint
+ * Policy Details page. A link is only displayed if the user has Authz to that page, otherwise the
+ * provided display content will just be shown as is.
  */
-export const EndpointPolicyLink = memo<
-  Omit<EuiLinkAnchorProps, 'href'> & {
-    policyId: string;
-    missingPolicies?: Record<string, boolean>;
-    backLink?: PolicyDetailsRouteState['backLink'];
-  }
->(({ policyId, backLink, children, missingPolicies = {}, ...otherProps }) => {
-  const { getAppUrl } = useAppUrl();
-  const { toRoutePath, toRouteUrl } = useMemo(() => {
-    const path = policyId ? getPolicyDetailPath(policyId) : '';
-    return {
-      toRoutePath: backLink ? { pathname: path, state: { backLink } } : path,
-      toRouteUrl: getAppUrl({ path }),
-    };
-  }, [policyId, getAppUrl, backLink]);
-  const clickHandler = useNavigateByRouterEventHandler(toRoutePath);
+export const EndpointPolicyLink = memo<EndpointPolicyLinkProps>(
+  ({
+    policyId,
+    backLink,
+    children,
+    policyExists = true,
+    isOutdated = false,
+    tooltip = true,
+    revision,
+    textSize = 's',
+    ...euiLinkProps
+  }) => {
+    const { getAppUrl } = useAppUrl();
+    const { canReadPolicyManagement } = useUserPrivileges().endpointPrivileges;
+    const testId = useTestIdGenerator(euiLinkProps['data-test-subj']);
 
-  if (!policyId || missingPolicies[policyId]) {
-    return (
-      <span className={otherProps.className} data-test-subj={otherProps['data-test-subj']}>
-        {children}
-        {
-          <EuiText color="subdued" size="xs" className="eui-textNoWrap">
+    const { toRoutePath, toRouteUrl } = useMemo(() => {
+      const path = policyId ? getPolicyDetailPath(policyId) : '';
+      return {
+        toRoutePath: backLink ? { pathname: path, state: { backLink } } : path,
+        toRouteUrl: getAppUrl({ path }),
+      };
+    }, [policyId, getAppUrl, backLink]);
+
+    const clickHandler = useNavigateByRouterEventHandler(toRoutePath);
+
+    const displayAsLink = useMemo(() => {
+      return Boolean(canReadPolicyManagement && policyId && policyExists);
+    }, [canReadPolicyManagement, policyExists, policyId]);
+
+    const displayValue = useMemo(() => {
+      const content = (
+        <EuiText
+          className="eui-displayInline eui-textTruncate"
+          size={textSize}
+          data-test-subj={testId('displayContent')}
+        >
+          {children}
+        </EuiText>
+      );
+
+      return displayAsLink ? (
+        // eslint-disable-next-line @elastic/eui/href-or-on-click
+        <EuiLink
+          href={toRouteUrl}
+          onClick={clickHandler}
+          {...euiLinkProps}
+          data-test-subj={testId('link')}
+        >
+          {content}
+        </EuiLink>
+      ) : (
+        content
+      );
+    }, [children, clickHandler, displayAsLink, euiLinkProps, testId, textSize, toRouteUrl]);
+
+    const policyNoLongerAvailableMessage = useMemo(() => {
+      return (
+        ((!policyId || !policyExists) && (
+          <EuiText
+            color="subdued"
+            size="xs"
+            className="eui-textNoWrap"
+            data-test-subj={testId('policyNotFoundMsg')}
+          >
             <EuiIcon size="m" type="warning" color="warning" />
             &nbsp;
-            <FormattedMessage
-              id="xpack.securitySolution.endpoint.policyNotFound"
-              defaultMessage="Policy not found!"
-            />
+            {POLICY_NOT_FOUND_MESSAGE}
           </EuiText>
-        }
-      </span>
-    );
-  }
+        )) ||
+        null
+      );
+    }, [policyExists, policyId, testId]);
+
+    const tooltipContent: React.ReactNode | undefined = useMemo(() => {
+      const content = tooltip === true ? children : tooltip || undefined;
+      return content ? (
+        <div className="eui-textBreakAll" style={{ width: '100%' }}>
+          {content}
+          {policyNoLongerAvailableMessage && <>&nbsp;{`(${POLICY_NOT_FOUND_MESSAGE})`}</>}
+        </div>
+      ) : (
+        content
+      );
+    }, [children, policyNoLongerAvailableMessage, tooltip]);
+
+    return (
+      <div>
+        <EuiFlexGroup
+          wrap={false}
+          responsive={false}
+          gutterSize="xs"
+          alignItems="center"
+          data-test-subj={testId()}
+        >
+          <EuiFlexItem
+            data-test-subj={testId('policyName')}
+            className="eui-textTruncate"
+            grow={false}
+            style={{ minWidth: '40px' }}
+          >
+            {tooltipContent ? (
+              <EuiToolTip content={tooltipContent} anchorClassName="eui-textTruncate">
+                {displayValue}
+              </EuiToolTip>
+            ) : (
+              displayValue
+            )}
+          </EuiFlexItem>
+
+          {revision && (
+            <EuiFlexItem grow={false}>
+              <EuiText
+                color="subdued"
+                size="xs"
+                className="eui-textTruncate"
+                data-test-subj={testId('revision')}
+              >
+                <FormattedMessage
+                  id="xpack.securitySolution.endpointPolicyLink.policyVersion"
+                  defaultMessage="rev. {revision}"
+                  values={{ revision }}
+                />
+              </EuiText>
+            </EuiFlexItem>
+          )}
 
-  return (
-    // eslint-disable-next-line @elastic/eui/href-or-on-click
-    <EuiLink href={toRouteUrl} onClick={clickHandler} {...otherProps}>
-      {children}
-    </EuiLink>
-  );
-});
+          {isOutdated && (
+            <EuiFlexItem grow={false}>
+              <EuiText color="subdued" size="xs" className="eui-textTruncate">
+                <EuiIcon size="m" type="warning" color="warning" className="eui-alignTop" />
+                <span className="eui-displayInlineBlock" data-test-subj={testId('outdatedMsg')}>
+                  <FormattedMessage
+                    id="xpack.securitySolution.endpointPolicyLink.outdatedMessage"
+                    defaultMessage="Out-of-date"
+                  />
+                </span>
+              </EuiText>
+            </EuiFlexItem>
+          )}
+        </EuiFlexGroup>
 
+        {policyNoLongerAvailableMessage}
+      </div>
+    );
+  }
+);
 EndpointPolicyLink.displayName = 'EndpointPolicyLink';
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx
index 06148aed5b483..40ac509c6fdde 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx
@@ -189,11 +189,20 @@ describe('When using get-file action from response actions console', () => {
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/a.b.c',
     }) as ActionDetailsApiResponse<ResponseActionGetFileOutputContent>;
-    pendingDetailResponse.data.agents = ['a.b.c'];
+
+    pendingDetailResponse.data.command = 'get-file';
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['not found'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['not found'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     pendingDetailResponse.data.outputs = {
-      'a.b.c': {
+      'agent-a': {
         type: 'json',
         content: {
           code: outputCode,
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx
index e063aa1245900..08c9ffd673f5d 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx
@@ -134,7 +134,16 @@ describe('When using processes action from response actions console', () => {
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/1.2.3',
     });
+    pendingDetailResponse.data.command = 'running-processes';
     pendingDetailResponse.data.wasSuccessful = false;
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['error one', 'error two'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     pendingDetailResponse.data.errors = ['error one', 'error two'];
     apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
     await render();
@@ -194,6 +203,7 @@ describe('When using processes action from response actions console', () => {
       const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
         path: '/api/endpoint/action/1.2.3',
       });
+      pendingDetailResponse.data.command = 'running-processes';
       pendingDetailResponse.data.isCompleted = false;
       apiMocks.responseProvider.actionDetails.mockClear();
       apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx
index f5a20be31580a..b7f717e396d84 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx
@@ -135,6 +135,14 @@ describe('When using isolate action from response actions console', () => {
     });
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['error one', 'error two'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['error one', 'error two'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
     await render();
     enterConsoleCommand(renderResult, 'isolate');
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx
index 5b10bb38f8a42..517bd7101393b 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx
@@ -229,8 +229,17 @@ describe('When using the kill-process action from response actions console', ()
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/1.2.3',
     });
+    pendingDetailResponse.data.command = 'kill-process';
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['error one', 'error two'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['error one', 'error two'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
     await render();
     enterConsoleCommand(renderResult, 'kill-process --pid 123');
@@ -248,11 +257,19 @@ describe('When using the kill-process action from response actions console', ()
       const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
         path: '/api/endpoint/action/a.b.c',
       }) as ActionDetailsApiResponse<KillProcessActionOutputContent>;
-      pendingDetailResponse.data.agents = ['a.b.c'];
+      pendingDetailResponse.data.command = 'kill-process';
       pendingDetailResponse.data.wasSuccessful = false;
       pendingDetailResponse.data.errors = ['not found'];
+      pendingDetailResponse.data.agentState = {
+        'agent-a': {
+          isCompleted: true,
+          wasSuccessful: false,
+          errors: ['not found'],
+          completedAt: new Date().toISOString(),
+        },
+      };
       pendingDetailResponse.data.outputs = {
-        'a.b.c': {
+        'agent-a': {
           type: 'json',
           content: {
             code: outputCode,
@@ -318,6 +335,7 @@ describe('When using the kill-process action from response actions console', ()
         path: '/api/endpoint/action/1.2.3',
       });
 
+      pendingDetailResponse.data.command = 'kill-process';
       pendingDetailResponse.data.isCompleted = false;
       apiMocks.responseProvider.actionDetails.mockClear();
       apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx
index 2a4c7838e0219..64c9eb4c1c7bf 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx
@@ -134,8 +134,17 @@ describe('When using the release action from response actions console', () => {
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/1.2.3',
     });
+    pendingDetailResponse.data.command = 'unisolate';
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['error one', 'error two'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['error one', 'error two'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
     await render();
     enterConsoleCommand(renderResult, 'release');
@@ -202,6 +211,7 @@ describe('When using the release action from response actions console', () => {
       const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
         path: '/api/endpoint/action/1.2.3',
       });
+      pendingDetailResponse.data.command = 'unisolate';
       pendingDetailResponse.data.isCompleted = false;
       apiMocks.responseProvider.actionDetails.mockClear();
       apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx
index 7552b1c926d08..ed60cc734994c 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx
@@ -158,6 +158,26 @@ describe('When using scan action from response actions console', () => {
     );
   });
 
+  it('should work with a single `--comment` argument', async () => {
+    await render();
+    enterConsoleCommand(renderResult, 'scan --path="one/two" --comment "Scan folder"');
+
+    await waitFor(() => {
+      expect(renderResult.getByTestId('scan-pending').textContent).toEqual(
+        'File path scan is in progress.'
+      );
+    });
+  });
+
+  it('should work with `--help argument`', async () => {
+    await render();
+    enterConsoleCommand(renderResult, 'scan --help');
+
+    expect(renderResult.getByTestId('test-helpOutput').textContent).toEqual(
+      'AboutScan the host for malwareUsagescan --path [--comment]Examplescan --path "/full/path/to/folder" --comment "Scan folder for malware"Required parameters--path - The absolute path to a file or directory to be scannedOptional parameters--comment - A comment to go along with the action'
+    );
+  });
+
   it('should display pending message', async () => {
     await render();
     enterConsoleCommand(renderResult, 'scan --path="one/two"');
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx
index be2cd5327185b..b8184d9dc90bb 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx
@@ -21,7 +21,7 @@ import type { EndpointCapabilities } from '../../../../../../common/endpoint/ser
 import { ENDPOINT_CAPABILITIES } from '../../../../../../common/endpoint/service/response_actions/constants';
 import type {
   ActionDetailsApiResponse,
-  KillProcessActionOutputContent,
+  SuspendProcessActionOutputContent,
 } from '../../../../../../common/endpoint/types';
 import { endpointActionResponseCodes } from '../../lib/endpoint_action_response_codes';
 import { UPGRADE_AGENT_FOR_RESPONDER } from '../../../../../common/translations';
@@ -220,8 +220,17 @@ describe('When using the suspend-process action from response actions console',
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/1.2.3',
     });
+    pendingDetailResponse.data.command = 'suspend-process';
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['error one', 'error two'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['error one', 'error two'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
     await render();
     enterConsoleCommand(renderResult, 'suspend-process --pid 123');
@@ -233,7 +242,7 @@ describe('When using the suspend-process action from response actions console',
     });
   });
 
-  it('should show error if kill-process API fails', async () => {
+  it('should show error if suspend-process API fails', async () => {
     apiMocks.responseProvider.suspendProcess.mockRejectedValueOnce({
       status: 500,
       message: 'this is an error',
@@ -253,18 +262,28 @@ describe('When using the suspend-process action from response actions console',
     async (outputCode) => {
       const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
         path: '/api/endpoint/action/a.b.c',
-      }) as ActionDetailsApiResponse<KillProcessActionOutputContent>;
-      pendingDetailResponse.data.agents = ['a.b.c'];
+      }) as ActionDetailsApiResponse<SuspendProcessActionOutputContent>;
+
+      pendingDetailResponse.data.command = 'suspend-process';
       pendingDetailResponse.data.wasSuccessful = false;
-      pendingDetailResponse.data.errors = ['not found'];
+      pendingDetailResponse.data.errors = ['error one', 'error two'];
+      pendingDetailResponse.data.agentState = {
+        'agent-a': {
+          isCompleted: true,
+          wasSuccessful: false,
+          errors: ['error one', 'error two'],
+          completedAt: new Date().toISOString(),
+        },
+      };
       pendingDetailResponse.data.outputs = {
-        'a.b.c': {
+        'agent-a': {
           type: 'json',
           content: {
             code: outputCode,
           },
         },
       };
+
       apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse);
       await render();
       enterConsoleCommand(renderResult, 'suspend-process --pid 123');
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx
index 1f2065197bb31..a0f23c2bb427e 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx
@@ -220,11 +220,19 @@ describe('When using `upload` response action', () => {
     const pendingDetailResponse = apiMocks.responseProvider.actionDetails({
       path: '/api/endpoint/action/a.b.c',
     }) as ActionDetailsApiResponse<ResponseActionUploadOutputContent>;
-    pendingDetailResponse.data.agents = ['a.b.c'];
+    pendingDetailResponse.data.command = 'upload';
     pendingDetailResponse.data.wasSuccessful = false;
     pendingDetailResponse.data.errors = ['not found'];
+    pendingDetailResponse.data.agentState = {
+      'agent-a': {
+        isCompleted: true,
+        wasSuccessful: false,
+        errors: ['not found'],
+        completedAt: new Date().toISOString(),
+      },
+    };
     pendingDetailResponse.data.outputs = {
-      'a.b.c': {
+      'agent-a': {
         type: 'json',
         content: {
           code: outputCode,
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx
index 7ea0986a3e721..dff91fb21141d 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx
@@ -10,6 +10,7 @@ import { EuiDescriptionList } from '@elastic/eui';
 import { v4 as uuidV4 } from 'uuid';
 import { i18n } from '@kbn/i18n';
 import type { IHttpFetchError } from '@kbn/core-http-browser';
+import { getAgentStatusText } from '../../../../common/components/endpoint/agents/agent_status/translations';
 import type { HostInfo, PendingActionsResponse } from '../../../../../common/endpoint/types';
 import type { EndpointCommandDefinitionMeta } from '../types';
 import { useGetEndpointPendingActionsSummary } from '../../../hooks/response_actions/use_get_endpoint_pending_actions_summary';
@@ -19,7 +20,6 @@ import type { CommandExecutionComponentProps } from '../../console/types';
 import { FormattedError } from '../../formatted_error';
 import { ConsoleCodeBlock } from '../../console/components/console_code_block';
 import { POLICY_STATUS_TO_TEXT } from '../../../pages/endpoint_hosts/view/host_constants';
-import { getAgentStatusText } from '../../../../common/components/endpoint/agents/agent_status_text';
 
 export const EndpointStatusActionResult = memo<
   CommandExecutionComponentProps<
@@ -28,6 +28,7 @@ export const EndpointStatusActionResult = memo<
       apiCalled?: boolean;
       endpointDetails?: HostInfo;
       detailsFetchError?: IHttpFetchError;
+      // FIXME:PT remove this and use new API/TYpe (team issue: 9783)
       endpointPendingActions?: PendingActionsResponse;
     },
     EndpointCommandDefinitionMeta
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/action_success.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/action_success.tsx
index ff495096dcbf6..2806a99b3f590 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/action_success.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/action_success.tsx
@@ -31,7 +31,7 @@ export const ActionSuccess = memo<ActionSuccessProps>(
       return actionOutputCode ? endpointActionResponseCodes[actionOutputCode] : undefined;
     }, [_title, action.agents, action.outputs]);
 
-    return <ResultComponent {...props} title={title} />;
+    return <ResultComponent {...props} title={title} agentType={action.agentType} />;
   }
 );
 ActionSuccess.displayName = 'ActionSuccess';
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx
index 272c7bafce4d4..2e5d9a8b56014 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx
@@ -10,10 +10,7 @@ import React from 'react';
 import type { AppContextTestRender } from '../../../../../../common/mock/endpoint';
 import { createAppRootMockRenderer } from '../../../../../../common/mock/endpoint';
 import { AgentInfo } from './agent_info';
-import {
-  useAgentStatusHook,
-  useGetAgentStatus,
-} from '../../../../../hooks/agents/use_get_agent_status';
+import { useGetAgentStatus } from '../../../../../hooks/agents/use_get_agent_status';
 import type { ResponseActionAgentType } from '../../../../../../../common/endpoint/service/response_actions/constants';
 import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../../common/endpoint/service/response_actions/constants';
 import type { Platform } from '../platforms';
@@ -22,7 +19,6 @@ import { HostStatus } from '../../../../../../../common/endpoint/types';
 jest.mock('../../../../../hooks/agents/use_get_agent_status');
 
 const getAgentStatusMock = useGetAgentStatus as jest.Mock;
-const useAgentStatusHookMock = useAgentStatusHook as jest.Mock;
 
 describe('Responder header Agent Info', () => {
   let render: (
@@ -54,7 +50,6 @@ describe('Responder header Agent Info', () => {
       ));
 
     getAgentStatusMock.mockReturnValue({ data: {} });
-    useAgentStatusHookMock.mockImplementation(() => useGetAgentStatus);
   });
 
   afterEach(() => {
@@ -72,7 +67,7 @@ describe('Responder header Agent Info', () => {
       });
       render(agentType);
 
-      const name = await renderResult.findByTestId('responderHeaderHostName');
+      const name = await renderResult.findByTestId('responseConsole-hostName');
       expect(name.textContent).toBe('test-agent');
     });
 
@@ -107,7 +102,7 @@ describe('Responder header Agent Info', () => {
       });
       render(agentType);
 
-      const lastUpdated = await renderResult.findByTestId('responderHeaderLastSeen');
+      const lastUpdated = await renderResult.findByTestId('responseConsole-lastSeen');
       expect(lastUpdated).toBeTruthy();
     });
 
@@ -121,8 +116,21 @@ describe('Responder header Agent Info', () => {
       });
       render(agentType);
 
-      const platformIcon = await renderResult.findByTestId('responderHeaderHostPlatformIcon');
+      const platformIcon = await renderResult.findByTestId('responseConsole-platformIcon');
       expect(platformIcon).toBeTruthy();
     });
+
+    it('should show agent type integration info', async () => {
+      getAgentStatusMock.mockReturnValue({
+        data: {
+          [agentId]: { ...baseData, agentType, status: HostStatus.HEALTHY },
+        },
+        isLoading: false,
+        isFetched: true,
+      });
+      render(agentType);
+
+      expect(renderResult.getByTestId('responseConsole-integration'));
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx
index 7845b9d8b3efd..dc490a791693a 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx
@@ -6,22 +6,21 @@
  */
 
 import React, { memo } from 'react';
+import type { ResponseActionAgentType } from '../../../../../../../common/endpoint/service/response_actions/constants';
 import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status';
-import { useAgentStatusHook } from '../../../../../hooks/agents/use_get_agent_status';
-import type { ThirdPartyAgentInfo } from '../../../../../../../common/types';
+import { useGetAgentStatus } from '../../../../../hooks/agents/use_get_agent_status';
 import { HeaderAgentInfo } from '../header_agent_info';
 import type { Platform } from '../platforms';
 
 interface AgentInfoProps {
-  agentId: ThirdPartyAgentInfo['agent']['id'];
-  agentType: ThirdPartyAgentInfo['agent']['type'];
-  platform: ThirdPartyAgentInfo['host']['os']['family'];
-  hostName: ThirdPartyAgentInfo['host']['name'];
+  agentId: string;
+  agentType: ResponseActionAgentType;
+  platform: string;
+  hostName: string;
 }
 
 export const AgentInfo = memo<AgentInfoProps>(({ agentId, platform, hostName, agentType }) => {
-  const getAgentStatus = useAgentStatusHook();
-  const { data } = getAgentStatus([agentId], agentType);
+  const { data } = useGetAgentStatus(agentId, agentType);
   const agentStatus = data?.[agentId];
   const lastCheckin = agentStatus ? agentStatus.lastSeen : '';
 
@@ -30,6 +29,8 @@ export const AgentInfo = memo<AgentInfoProps>(({ agentId, platform, hostName, ag
       platform={platform.toLowerCase() as Platform}
       hostName={hostName}
       lastCheckin={lastCheckin}
+      agentType={agentType}
+      data-test-subj="responseConsole"
     >
       <AgentStatus
         agentId={agentId}
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx
index c6c79a503150c..c0ab621a3daa4 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx
@@ -10,15 +10,17 @@ import { EndpointActionGenerator } from '../../../../../../../common/endpoint/da
 import type { HostInfo } from '../../../../../../../common/endpoint/types';
 import type { AppContextTestRender } from '../../../../../../common/mock/endpoint';
 import { createAppRootMockRenderer } from '../../../../../../common/mock/endpoint';
-import { useGetEndpointDetails } from '../../../../../hooks/endpoint/use_get_endpoint_details';
+import { useGetEndpointDetails as _useGetEndpointDetails } from '../../../../../hooks/endpoint/use_get_endpoint_details';
 import { useGetEndpointPendingActionsSummary } from '../../../../../hooks/response_actions/use_get_endpoint_pending_actions_summary';
 import { mockEndpointDetailsApiResult } from '../../../../../pages/endpoint_hosts/store/mock_endpoint_result_list';
 import { HeaderEndpointInfo } from './header_endpoint_info';
+import { agentStatusGetHttpMock } from '../../../../../mocks';
+import { waitFor } from '@testing-library/react';
 
 jest.mock('../../../../../hooks/endpoint/use_get_endpoint_details');
 jest.mock('../../../../../hooks/response_actions/use_get_endpoint_pending_actions_summary');
 
-const getEndpointDetails = useGetEndpointDetails as jest.Mock;
+const useGetEndpointDetailsMock = _useGetEndpointDetails as jest.Mock;
 const getPendingActions = useGetEndpointPendingActionsSummary as jest.Mock;
 
 describe('Responder header endpoint info', () => {
@@ -27,12 +29,12 @@ describe('Responder header endpoint info', () => {
   let mockedContext: AppContextTestRender;
   let endpointDetails: HostInfo;
 
-  beforeEach(() => {
+  beforeEach(async () => {
     mockedContext = createAppRootMockRenderer();
     render = () =>
       (renderResult = mockedContext.render(<HeaderEndpointInfo endpointId={'1234'} />));
     endpointDetails = mockEndpointDetailsApiResult();
-    getEndpointDetails.mockReturnValue({ data: endpointDetails });
+    useGetEndpointDetailsMock.mockReturnValue({ data: endpointDetails });
     getPendingActions.mockReturnValue({
       data: {
         data: [
@@ -42,28 +44,32 @@ describe('Responder header endpoint info', () => {
         ],
       },
     });
+    const apiMock = agentStatusGetHttpMock(mockedContext.coreStart.http);
     render();
+    await waitFor(() => {
+      expect(apiMock.responseProvider.getAgentStatus).toHaveBeenCalled();
+    });
   });
 
   afterEach(() => {
     jest.clearAllMocks();
   });
   it('should show endpoint name', async () => {
-    const name = await renderResult.findByTestId('responderHeaderHostName');
+    const name = await renderResult.findByTestId('responseConsole-hostName');
     expect(name.textContent).toBe(`${endpointDetails.metadata.host.name}`);
   });
   it('should show agent and isolation status', async () => {
     const agentStatus = await renderResult.findByTestId(
       'responderHeaderEndpointAgentIsolationStatus'
     );
-    expect(agentStatus.textContent).toBe(`UnhealthyIsolating`);
+    expect(agentStatus.textContent).toBe(`Healthy`);
   });
   it('should show last checkin time', async () => {
-    const lastUpdated = await renderResult.findByTestId('responderHeaderLastSeen');
+    const lastUpdated = await renderResult.findByTestId('responseConsole-lastSeen');
     expect(lastUpdated).toBeTruthy();
   });
   it('should show platform icon', async () => {
-    const platformIcon = await renderResult.findByTestId('responderHeaderHostPlatformIcon');
+    const platformIcon = await renderResult.findByTestId('responseConsole-platformIcon');
     expect(platformIcon).toBeTruthy();
   });
 });
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx
index 28ac70e7c969d..f302a31c5f48e 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx
@@ -7,7 +7,7 @@
 
 import React, { memo } from 'react';
 import { EuiSkeletonText } from '@elastic/eui';
-import { EndpointAgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status';
+import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status';
 import { HeaderAgentInfo } from '../header_agent_info';
 import { useGetEndpointDetails } from '../../../../../hooks';
 import type { Platform } from '../platforms';
@@ -34,9 +34,12 @@ export const HeaderEndpointInfo = memo<HeaderEndpointInfoProps>(({ endpointId })
       platform={endpointDetails.metadata.host.os.name.toLowerCase() as Platform}
       hostName={endpointDetails.metadata.host.name}
       lastCheckin={endpointDetails.last_checkin}
+      agentType="endpoint"
+      data-test-subj="responseConsole"
     >
-      <EndpointAgentStatus
-        endpointHostInfo={endpointDetails}
+      <AgentStatus
+        agentId={endpointId}
+        agentType="endpoint"
         data-test-subj="responderHeaderEndpointAgentIsolationStatus"
       />
     </HeaderAgentInfo>
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/header_agent_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/header_agent_info.tsx
index d116cba56db03..4a1f38f28d20c 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/header_agent_info.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/header_agent_info.tsx
@@ -6,8 +6,11 @@
  */
 
 import React, { memo } from 'react';
-import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiToolTip } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiText, EuiToolTip, useEuiTheme } from '@elastic/eui';
 import { FormattedMessage, FormattedRelative } from '@kbn/i18n-react';
+import { AgentTypeIntegration } from '../../../../../common/components/endpoint/agents/agent_type_integration';
+import { useTestIdGenerator } from '../../../../hooks/use_test_id_generator';
+import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
 import type { Platform } from './platforms';
 import { PlatformIcon } from './platforms';
 
@@ -16,24 +19,36 @@ interface HeaderAgentInfoProps {
   hostName: string;
   lastCheckin: string;
   children: React.ReactNode;
+  agentType?: ResponseActionAgentType;
+  'data-test-subj'?: string;
 }
 
 export const HeaderAgentInfo = memo<HeaderAgentInfoProps>(
-  ({ platform, hostName, lastCheckin, children }) => {
+  ({ platform, hostName, lastCheckin, agentType, 'data-test-subj': dataTestSubj, children }) => {
+    const { euiTheme } = useEuiTheme();
+    const testId = useTestIdGenerator(dataTestSubj);
+
     return (
-      <EuiFlexGroup gutterSize="s">
+      <EuiFlexGroup
+        gutterSize="s"
+        responsive={false}
+        alignItems="center"
+        data-test-subj={testId('agentInfo')}
+      >
         <EuiFlexItem grow={false}>
-          <EuiFlexGroup alignItems="center" justifyContent="center">
-            <PlatformIcon data-test-subj="responderHeaderHostPlatformIcon" platform={platform} />
-          </EuiFlexGroup>
+          <PlatformIcon data-test-subj={testId('platformIcon')} platform={platform} />
         </EuiFlexItem>
-        <EuiFlexItem grow={false}>
-          <EuiFlexGroup direction="column" gutterSize="none">
+        <EuiFlexItem grow={false} className="eui-textTruncate">
+          <EuiFlexGroup direction="column" gutterSize="xs">
             <EuiFlexItem grow={false}>
               <EuiFlexGroup alignItems="center" gutterSize="xs">
                 <EuiFlexItem grow={false} className="eui-textTruncate">
                   <EuiToolTip content={hostName} anchorClassName="eui-textTruncate">
-                    <EuiText size="s" data-test-subj="responderHeaderHostName">
+                    <EuiText
+                      size="s"
+                      data-test-subj={testId('hostName')}
+                      className="eui-textTruncate"
+                    >
                       <h6 className="eui-textTruncate">{hostName}</h6>
                     </EuiText>
                   </EuiToolTip>
@@ -41,9 +56,9 @@ export const HeaderAgentInfo = memo<HeaderAgentInfoProps>(
                 <EuiFlexItem grow={false}>{children}</EuiFlexItem>
               </EuiFlexGroup>
             </EuiFlexItem>
+
             <EuiFlexItem grow={false}>
-              <EuiSpacer size="xs" />
-              <EuiText color="subdued" size="s" data-test-subj="responderHeaderLastSeen">
+              <EuiText color="subdued" size="s" data-test-subj={testId('lastSeen')}>
                 <FormattedMessage
                   id="xpack.securitySolution.responder.header.lastSeen"
                   defaultMessage="Last seen {date}"
@@ -55,6 +70,12 @@ export const HeaderAgentInfo = memo<HeaderAgentInfoProps>(
             </EuiFlexItem>
           </EuiFlexGroup>
         </EuiFlexItem>
+
+        {agentType && (
+          <EuiFlexItem grow={false} css={{ paddingLeft: euiTheme.size.l }}>
+            <AgentTypeIntegration agentType={agentType} data-test-subj={testId('integration')} />
+          </EuiFlexItem>
+        )}
       </EuiFlexGroup>
     );
   }
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx
deleted file mode 100644
index 72a155833f967..0000000000000
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React, { memo } from 'react';
-import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status';
-import { useAgentStatusHook } from '../../../../../hooks/agents/use_get_agent_status';
-import { useIsExperimentalFeatureEnabled } from '../../../../../../common/hooks/use_experimental_features';
-import type { ThirdPartyAgentInfo } from '../../../../../../../common/types';
-import { HeaderAgentInfo } from '../header_agent_info';
-import type { Platform } from '../platforms';
-
-interface HeaderSentinelOneInfoProps {
-  agentId: ThirdPartyAgentInfo['agent']['id'];
-  agentType: ThirdPartyAgentInfo['agent']['type'];
-  platform: ThirdPartyAgentInfo['host']['os']['family'];
-  hostName: ThirdPartyAgentInfo['host']['name'];
-}
-
-export const HeaderSentinelOneInfo = memo<HeaderSentinelOneInfoProps>(
-  ({ agentId, agentType, platform, hostName }) => {
-    const isSentinelOneV1Enabled = useIsExperimentalFeatureEnabled(
-      'sentinelOneManualHostActionsEnabled'
-    );
-    const getAgentStatus = useAgentStatusHook();
-    const { data } = getAgentStatus([agentId], 'sentinel_one', { enabled: isSentinelOneV1Enabled });
-    const agentStatus = data?.[agentId];
-    const lastCheckin = agentStatus ? agentStatus.lastSeen : '';
-
-    return (
-      <HeaderAgentInfo
-        platform={platform.toLowerCase() as Platform}
-        hostName={hostName}
-        lastCheckin={lastCheckin}
-      >
-        <AgentStatus
-          agentId={agentId}
-          agentType={agentType}
-          data-test-subj="responderHeaderSentinelOneAgentIsolationStatus"
-        />
-      </HeaderAgentInfo>
-    );
-  }
-);
-
-HeaderSentinelOneInfo.displayName = 'HeaderSentinelOneInfo';
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx
index ffa739ede735b..936d28296bea1 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx
@@ -8,101 +8,62 @@
 import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
 import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../common/endpoint/service/response_actions/constants';
 import React from 'react';
-import type { HostInfo } from '../../../../../common/endpoint/types';
 import { HostStatus } from '../../../../../common/endpoint/types';
 import type { AppContextTestRender } from '../../../../common/mock/endpoint';
 import { createAppRootMockRenderer } from '../../../../common/mock/endpoint';
-import {
-  useAgentStatusHook,
-  useGetAgentStatus,
-  useGetSentinelOneAgentStatus,
-} from '../../../hooks/agents/use_get_agent_status';
-import { useGetEndpointDetails } from '../../../hooks/endpoint/use_get_endpoint_details';
-import { mockEndpointDetailsApiResult } from '../../../pages/endpoint_hosts/store/mock_endpoint_result_list';
 import { OfflineCallout } from './offline_callout';
-
-jest.mock('../../../hooks/endpoint/use_get_endpoint_details');
-jest.mock('../../../hooks/agents/use_get_agent_status');
-
-const getEndpointDetails = useGetEndpointDetails as jest.Mock;
-const getSentinelOneAgentStatus = useGetSentinelOneAgentStatus as jest.Mock;
-const getAgentStatus = useGetAgentStatus as jest.Mock;
-const useAgentStatusHookMock = useAgentStatusHook as jest.Mock;
+import { agentStatusGetHttpMock } from '../../../mocks';
+import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
+import { waitFor } from '@testing-library/react';
 
 describe('Responder offline callout', () => {
-  // TODO: 8.15 remove the sentinelOneAgentStatus hook when `agentStatusClientEnabled` is enabled and removed
-  describe.each([
-    [useGetSentinelOneAgentStatus, getSentinelOneAgentStatus],
-    [useGetAgentStatus, getAgentStatus],
-  ])('works with %s hook', (hook, mockHook) => {
-    let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>;
-    let renderResult: ReturnType<typeof render>;
-    let mockedContext: AppContextTestRender;
-    let endpointDetails: HostInfo;
+  let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>;
+  let renderResult: ReturnType<typeof render>;
+  let mockedContext: AppContextTestRender;
+  let apiMocks: ReturnType<typeof agentStatusGetHttpMock>;
 
-    beforeEach(() => {
-      mockedContext = createAppRootMockRenderer();
-      render = (agentType?: ResponseActionAgentType) =>
-        (renderResult = mockedContext.render(
-          <OfflineCallout
-            endpointId={'1234'}
-            agentType={agentType || 'endpoint'}
-            hostName="Host name"
-          />
-        ));
-      endpointDetails = mockEndpointDetailsApiResult();
-      getEndpointDetails.mockReturnValue({ data: endpointDetails });
-      mockHook.mockReturnValue({ data: {} });
-      useAgentStatusHookMock.mockImplementation(() => hook);
-      render();
-    });
+  beforeEach(() => {
+    mockedContext = createAppRootMockRenderer();
+    apiMocks = agentStatusGetHttpMock(mockedContext.coreStart.http);
+    render = (agentType?: ResponseActionAgentType) =>
+      (renderResult = mockedContext.render(
+        <OfflineCallout
+          endpointId={'abfe4a35-d5b4-42a0-a539-bd054c791769'}
+          agentType={agentType || 'endpoint'}
+          hostName="Host name"
+        />
+      ));
+  });
 
-    afterEach(() => {
-      jest.clearAllMocks();
-    });
+  it.each(RESPONSE_ACTION_AGENT_TYPE)(
+    'should be visible when agent type is %s and host is offline',
+    async (agentType) => {
+      apiMocks.responseProvider.getAgentStatus.mockReturnValue({
+        data: {
+          'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({
+            agentType,
+            status: HostStatus.OFFLINE,
+          }),
+        },
+      });
+      render(agentType);
+      await waitFor(() => {
+        expect(apiMocks.responseProvider.getAgentStatus).toHaveBeenCalled();
+      });
 
-    it.each(RESPONSE_ACTION_AGENT_TYPE)(
-      'should be visible when agent type is %s and host is offline',
-      (agentType) => {
-        if (agentType === 'endpoint') {
-          getEndpointDetails.mockReturnValue({
-            data: { ...endpointDetails, host_status: HostStatus.OFFLINE },
-          });
-        } else {
-          mockHook.mockReturnValue({
-            data: {
-              '1234': {
-                status: HostStatus.OFFLINE,
-              },
-            },
-          });
-        }
-        render(agentType);
-        const callout = renderResult.queryByTestId('offlineCallout');
-        expect(callout).toBeTruthy();
-      }
-    );
+      expect(renderResult.getByTestId('offlineCallout')).toBeTruthy();
+    }
+  );
 
-    it.each(RESPONSE_ACTION_AGENT_TYPE)(
-      'should not be visible when agent type is %s and host is online',
-      (agentType) => {
-        if (agentType === 'endpoint') {
-          getEndpointDetails.mockReturnValue({
-            data: { ...endpointDetails, host_status: HostStatus.HEALTHY },
-          });
-        } else {
-          mockHook.mockReturnValue({
-            data: {
-              '1234': {
-                status: HostStatus.HEALTHY,
-              },
-            },
-          });
-        }
-        render(agentType);
-        const callout = renderResult.queryByTestId('offlineCallout');
-        expect(callout).toBeFalsy();
-      }
-    );
-  });
+  it.each(RESPONSE_ACTION_AGENT_TYPE)(
+    'should NOT be visible when agent type is %s and host is online',
+    async (agentType) => {
+      render(agentType);
+      await waitFor(() => {
+        expect(apiMocks.responseProvider.getAgentStatus).toHaveBeenCalled();
+      });
+
+      expect(renderResult.queryByTestId('offlineCallout')).toBeNull();
+    }
+  );
 });
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx
index 727d30a6c75b4..dab6ceb7c8c79 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx
@@ -5,15 +5,12 @@
  * 2.0.
  */
 
-import React, { memo, useMemo } from 'react';
+import React, { memo } from 'react';
 import { EuiCallOut, EuiSpacer } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
-import { isAgentTypeAndActionSupported } from '../../../../common/lib/endpoint';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
-import { useAgentStatusHook } from '../../../hooks/agents/use_get_agent_status';
+import { useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status';
 import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
-import { useGetEndpointDetails } from '../../../hooks';
 import { HostStatus } from '../../../../../common/endpoint/types';
 
 interface OfflineCalloutProps {
@@ -23,45 +20,9 @@ interface OfflineCalloutProps {
 }
 
 export const OfflineCallout = memo<OfflineCalloutProps>(({ agentType, endpointId, hostName }) => {
-  const isEndpointAgent = agentType === 'endpoint';
-  const isSentinelOneAgent = agentType === 'sentinel_one';
-  const isCrowdstrikeAgent = agentType === 'crowdstrike';
-  const getAgentStatus = useAgentStatusHook();
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
+  const { data } = useGetAgentStatus(endpointId, agentType);
 
-  const isAgentTypeEnabled = useMemo(() => {
-    return isAgentTypeAndActionSupported(agentType);
-  }, [agentType]);
-
-  const { data: endpointDetails } = useGetEndpointDetails(endpointId, {
-    refetchInterval: 10000,
-    enabled: isEndpointAgent && !agentStatusClientEnabled,
-  });
-
-  const { data } = getAgentStatus([endpointId], agentType, {
-    enabled:
-      (isEndpointAgent && agentStatusClientEnabled) || (!isEndpointAgent && isAgentTypeEnabled),
-  });
-  const showOfflineCallout = useMemo(
-    () =>
-      (isEndpointAgent && endpointDetails?.host_status === HostStatus.OFFLINE) ||
-      (isSentinelOneAgent && data?.[endpointId].status === HostStatus.OFFLINE) ||
-      (isCrowdstrikeAgent && data?.[endpointId].status === HostStatus.OFFLINE),
-    [
-      data,
-      endpointDetails?.host_status,
-      endpointId,
-      isEndpointAgent,
-      isCrowdstrikeAgent,
-      isSentinelOneAgent,
-    ]
-  );
-
-  if ((isEndpointAgent && !endpointDetails) || (isAgentTypeEnabled && !data)) {
-    return null;
-  }
-
-  if (showOfflineCallout) {
+  if (data?.[endpointId].status === HostStatus.OFFLINE) {
     return (
       <>
         <EuiCallOut
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx
index 5a44f6584520a..6d1a20a5d28f1 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx
@@ -6,9 +6,16 @@
  */
 
 import React, { memo, useMemo } from 'react';
-import { EuiCodeBlock, EuiDescriptionList, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import {
+  EuiCodeBlock,
+  EuiDescriptionList,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+} from '@elastic/eui';
 import { css, euiStyled } from '@kbn/kibana-react-plugin/common';
-import { map } from 'lodash';
+import { reduce } from 'lodash';
+import { i18n } from '@kbn/i18n';
 import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { getAgentTypeName } from '../../../../common/translations';
 import { RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP } from '../../../../../common/endpoint/service/response_actions/constants';
@@ -22,9 +29,9 @@ import { useUserPrivileges } from '../../../../common/components/user_privileges
 import { OUTPUT_MESSAGES } from '../translations';
 import { useTestIdGenerator } from '../../../hooks/use_test_id_generator';
 import { ResponseActionFileDownloadLink } from '../../response_action_file_download_link';
+import { EndpointActionFailureMessage } from '../../endpoint_action_failure_message';
 import { ExecuteActionHostResponse } from '../../endpoint_execute_action';
 import { getEmptyValue } from '../../../../common/components/empty_value';
-
 import { type ActionDetails, type MaybeImmutable } from '../../../../../common/endpoint/types';
 
 const emptyValue = getEmptyValue();
@@ -83,101 +90,123 @@ const StyledEuiFlexGroup = euiStyled(EuiFlexGroup).attrs({
   overflow-y: auto;
 `;
 
-const OutputContent = memo<{ action: MaybeImmutable<ActionDetails>; 'data-test-subj'?: string }>(
-  ({ action, 'data-test-subj': dataTestSubj }) => {
-    const getTestId = useTestIdGenerator(dataTestSubj);
-
-    const {
-      canWriteFileOperations,
-      canReadActionsLogManagement,
-      canAccessEndpointActionsLogManagement,
-    } = useUserPrivileges().endpointPrivileges;
+const OutputContent = memo<{
+  action: MaybeImmutable<ActionDetails>;
+  fromAlertWorkaround?: boolean;
+  'data-test-subj'?: string;
+}>(({ action, fromAlertWorkaround = false, 'data-test-subj': dataTestSubj }) => {
+  const getTestId = useTestIdGenerator(dataTestSubj);
 
-    const { command: _command, isCompleted, isExpired, wasSuccessful, errors } = action;
-    const command = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[_command];
+  const {
+    canWriteFileOperations,
+    canReadActionsLogManagement,
+    canAccessEndpointActionsLogManagement,
+  } = useUserPrivileges().endpointPrivileges;
 
-    if (errors?.length) {
-      return (
-        // TODO: temporary solution, waiting for UI
-        <>
-          {errors.map((error) => (
-            <EuiFlexItem>{error}</EuiFlexItem>
-          ))}
-        </>
-      );
-    }
+  const { command: _command, isCompleted, isExpired, wasSuccessful } = action;
+  const command = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[_command];
 
-    if (isExpired) {
-      return <>{OUTPUT_MESSAGES.hasExpired(command)}</>;
-    }
+  // FIXME:PT remove once automated response actions are corrected to use `ActionDetails` (team issue 9822)
+  if (fromAlertWorkaround && action.errors?.length) {
+    return (
+      <>
+        {(
+          action.errors ?? [
+            i18n.translate('xpack.securitySolution.actionLogExpandedTray.missingErrors', {
+              defaultMessage: 'Action did not specify any errors',
+            }),
+          ]
+        ).map((error) => (
+          <EuiFlexItem>{error}</EuiFlexItem>
+        ))}
+      </>
+    );
+  }
 
-    if (!isCompleted) {
-      return <>{OUTPUT_MESSAGES.isPending(command)}</>;
-    }
+  if (isExpired) {
+    return <>{OUTPUT_MESSAGES.hasExpired(command)}</>;
+  }
 
-    if (!wasSuccessful) {
-      return <>{OUTPUT_MESSAGES.hasFailed(command)}</>;
-    }
+  if (!isCompleted) {
+    return <>{OUTPUT_MESSAGES.isPending(command)}</>;
+  }
 
-    if (isGetFileAction(action)) {
-      return (
-        <>
-          {OUTPUT_MESSAGES.wasSuccessful(command)}
-          <ResponseActionFileDownloadLink
-            action={action}
-            canAccessFileDownloadLink={canWriteFileOperations}
-            textSize="xs"
-            data-test-subj={getTestId('getFileDownloadLink')}
-          />
-        </>
-      );
-    }
+  if (!wasSuccessful) {
+    return (
+      <>
+        {OUTPUT_MESSAGES.hasFailed(command)}
+        <EuiSpacer size="s" />
+        <EndpointActionFailureMessage
+          action={action}
+          data-test-subj={getTestId('failureMessage')}
+        />
+      </>
+    );
+  }
 
-    if (isExecuteAction(action)) {
-      return (
-        <EuiFlexGroup direction="column" data-test-subj={getTestId('executeDetails')}>
-          {action.agents.map((agentId) => (
-            <div key={agentId}>
-              {OUTPUT_MESSAGES.wasSuccessful(command)}
-              <ExecuteActionHostResponse
-                action={action}
-                agentId={agentId}
-                canAccessFileDownloadLink={
-                  canAccessEndpointActionsLogManagement || canReadActionsLogManagement
-                }
-                textSize="xs"
-                data-test-subj={getTestId('actionsLogTray')}
-              />
-            </div>
-          ))}
-        </EuiFlexGroup>
-      );
-    }
+  if (isGetFileAction(action)) {
+    return (
+      <>
+        {OUTPUT_MESSAGES.wasSuccessful(command)}
+        <ResponseActionFileDownloadLink
+          action={action}
+          canAccessFileDownloadLink={canWriteFileOperations}
+          textSize="xs"
+          data-test-subj={getTestId('getFileDownloadLink')}
+        />
+      </>
+    );
+  }
 
-    if (isUploadAction(action)) {
-      return (
-        <EuiFlexGroup direction="column" data-test-subj={getTestId('uploadDetails')}>
-          <p>{OUTPUT_MESSAGES.wasSuccessful(command)}</p>
+  if (isExecuteAction(action)) {
+    return (
+      <EuiFlexGroup direction="column" data-test-subj={getTestId('executeDetails')}>
+        {action.agents.map((agentId) => (
+          <div key={agentId}>
+            {OUTPUT_MESSAGES.wasSuccessful(command)}
+            <ExecuteActionHostResponse
+              action={action}
+              agentId={agentId}
+              canAccessFileDownloadLink={
+                canAccessEndpointActionsLogManagement || canReadActionsLogManagement
+              }
+              textSize="xs"
+              data-test-subj={getTestId('actionsLogTray')}
+            />
+          </div>
+        ))}
+      </EuiFlexGroup>
+    );
+  }
 
-          <EndpointUploadActionResult
-            action={action}
-            data-test-subj={getTestId('uploadOutput')}
-            textSize="xs"
-          />
-        </EuiFlexGroup>
-      );
-    }
+  if (isUploadAction(action)) {
+    return (
+      <EuiFlexGroup direction="column" data-test-subj={getTestId('uploadDetails')}>
+        <p>{OUTPUT_MESSAGES.wasSuccessful(command)}</p>
+
+        <EndpointUploadActionResult
+          action={action}
+          data-test-subj={getTestId('uploadOutput')}
+          textSize="xs"
+        />
+      </EuiFlexGroup>
+    );
+  }
 
-    return <>{OUTPUT_MESSAGES.wasSuccessful(command)}</>;
+  if (action.agentType === 'crowdstrike') {
+    return <>{OUTPUT_MESSAGES.submittedSuccessfully(command)}</>;
   }
-);
+  return <>{OUTPUT_MESSAGES.wasSuccessful(command)}</>;
+});
 
 OutputContent.displayName = 'OutputContent';
 
 export const ActionsLogExpandedTray = memo<{
   action: MaybeImmutable<ActionDetails>;
+  // Delete prop `fromAlert` once we refactor automated response actions
+  fromAlertWorkaround?: boolean;
   'data-test-subj'?: string;
-}>(({ action, 'data-test-subj': dataTestSubj }) => {
+}>(({ action, fromAlertWorkaround = false, 'data-test-subj': dataTestSubj }) => {
   const getTestId = useTestIdGenerator(dataTestSubj);
 
   const isSentinelOneV1Enabled = useIsExperimentalFeatureEnabled(
@@ -234,7 +263,19 @@ export const ActionsLogExpandedTray = memo<{
       },
       {
         title: OUTPUT_MESSAGES.expandSection.hostname,
-        description: map(hosts, (host) => host.name).join(', ') || emptyValue,
+        description:
+          reduce(
+            hosts,
+            (acc, host) => {
+              if (host.name.trim().length) {
+                acc.push(host.name);
+              } else {
+                acc.push(emptyValue);
+              }
+              return acc;
+            },
+            [] as string[]
+          ).join(', ') || emptyValue,
       },
     ];
 
@@ -248,7 +289,11 @@ export const ActionsLogExpandedTray = memo<{
     return list.map(({ title, description }) => {
       return {
         title: <StyledEuiCodeBlock>{title}</StyledEuiCodeBlock>,
-        description: <StyledEuiCodeBlock>{description}</StyledEuiCodeBlock>,
+        description: (
+          <StyledEuiCodeBlock data-test-subj={getTestId(`action-details-info-${title}`)}>
+            {description}
+          </StyledEuiCodeBlock>
+        ),
       };
     });
   }, [
@@ -256,6 +301,7 @@ export const ActionsLogExpandedTray = memo<{
     command,
     comment,
     completedAt,
+    getTestId,
     hosts,
     isSentinelOneV1Enabled,
     parametersList,
@@ -271,12 +317,16 @@ export const ActionsLogExpandedTray = memo<{
         description: (
           // codeblock for output
           <StyledEuiCodeBlock data-test-subj={getTestId('details-tray-output')}>
-            <OutputContent action={action} data-test-subj={dataTestSubj} />
+            <OutputContent
+              action={action}
+              data-test-subj={dataTestSubj}
+              fromAlertWorkaround={fromAlertWorkaround}
+            />
           </StyledEuiCodeBlock>
         ),
       },
     ],
-    [action, dataTestSubj, getTestId]
+    [action, dataTestSubj, fromAlertWorkaround, getTestId]
   );
 
   return (
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx
index c10b661124bd7..bf13fec9086b1 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx
@@ -983,7 +983,7 @@ describe('Response actions history', () => {
     });
   });
 
-  describe('Action status ', () => {
+  describe('Action status', () => {
     beforeEach(() => {
       apiMocks = responseActionsHttpMocks(mockedContext.coreStart.http);
     });
@@ -1001,8 +1001,51 @@ describe('Response actions history', () => {
       async (command) => {
         useGetEndpointActionListMock.mockReturnValue({
           ...getBaseMockedActionList(),
-          data: await getActionListMock({ actionCount: 2, commands: [command] }),
+          data: await getActionListMock({
+            actionCount: 2,
+            agentIds: ['agent-a', 'agent-b'],
+            hosts: {
+              'agent-a': { name: 'Host-agent-a' },
+              'agent-b': { name: 'Host-agent-b' },
+            },
+            commands: [command],
+            agentState: {
+              'agent-a': {
+                errors: undefined,
+                wasSuccessful: true,
+                isCompleted: true,
+                completedAt: '2023-05-10T20:09:25.824Z',
+              },
+              'agent-b': {
+                errors: undefined,
+                wasSuccessful: true,
+                isCompleted: true,
+                completedAt: '2023-05-10T20:09:25.824Z',
+              },
+            } as unknown as Pick<ActionDetails, 'agentState'>,
+            outputs: (command === 'upload'
+              ? {
+                  'agent-a': {
+                    type: 'json',
+                    content: {
+                      code: 'ra_upload_file-success',
+                      path: 'some/path/to/file',
+                      disk_free_space: 123445,
+                    },
+                  },
+                  'agent-b': {
+                    type: 'json',
+                    content: {
+                      code: 'ra_upload_file-success',
+                      path: 'some/path/to/file',
+                      disk_free_space: 123445,
+                    },
+                  },
+                }
+              : {}) as Pick<ActionDetails, 'outputs'>,
+          }),
         });
+
         if (command === 'get-file' || command === 'execute') {
           mockUseGetFileInfo = {
             isFetching: false,
@@ -1027,15 +1070,31 @@ describe('Response actions history', () => {
     );
 
     it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
-      'shows Failed status badge for failed %s actions',
+      'shows Failed status badge for failed %s action',
       async (command) => {
         useGetEndpointActionListMock.mockReturnValue({
           ...getBaseMockedActionList(),
           data: await getActionListMock({
+            agentIds: ['agent-a', 'agent-b'],
             actionCount: 2,
             commands: [command],
             wasSuccessful: false,
             status: 'failed',
+            errors: [],
+            outputs: {
+              'agent-a': {
+                type: 'json',
+                content: {
+                  code: 'non_existing_code_for_test',
+                },
+              },
+              'agent-b': {
+                type: 'json',
+                content: {
+                  code: 'non_existing_code_for_test',
+                },
+              },
+            } as ActionDetails['outputs'],
           }),
         });
         render();
@@ -1043,8 +1102,8 @@ describe('Response actions history', () => {
         const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command];
         const outputs = expandRows();
         expect(outputs.map((n) => n.textContent)).toEqual([
-          `${outputCommand} failed`,
-          `${outputCommand} failed`,
+          `${outputCommand} failedThe following errors were encountered:An unknown error occurred`,
+          `${outputCommand} failedThe following errors were encountered:An unknown error occurred`,
         ]);
         expect(
           renderResult.getAllByTestId(`${testPrefix}-column-status`).map((n) => n.textContent)
@@ -1053,7 +1112,7 @@ describe('Response actions history', () => {
     );
 
     it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
-      'shows Failed status badge for expired %s actions',
+      'shows Failed status badge for expired %s action',
       async (command) => {
         useGetEndpointActionListMock.mockReturnValue({
           ...getBaseMockedActionList(),
@@ -1097,6 +1156,339 @@ describe('Response actions history', () => {
     });
   });
 
+  describe('Action Outputs', () => {
+    beforeEach(() => {
+      apiMocks = responseActionsHttpMocks(mockedContext.coreStart.http);
+    });
+
+    const expandRows = () => {
+      const { getAllByTestId } = renderResult;
+
+      const expandButtons = getAllByTestId(`${testPrefix}-expand-button`);
+      expandButtons.map((button) => userEvent.click(button));
+      return getAllByTestId(`${testPrefix}-details-tray-output`);
+    };
+
+    describe('Single agents', () => {
+      it('should show hostname as - when no hostname is available', async () => {
+        const data = await getActionListMock({
+          agentIds: ['agent-a'],
+          hosts: { 'agent-a': { name: '' } },
+          actionCount: 1,
+          commands: ['isolate'],
+          wasSuccessful: true,
+          status: 'failed',
+          errors: [],
+          agentState: {
+            'agent-a': {
+              errors: [],
+              wasSuccessful: true,
+              isCompleted: true,
+              completedAt: '2023-05-10T20:09:25.824Z',
+            },
+          } as unknown as Pick<ActionDetails, 'agentState'>,
+          outputs: {},
+        });
+
+        useGetEndpointActionListMock.mockReturnValue({
+          ...getBaseMockedActionList(),
+          data,
+        });
+        render();
+
+        const { getAllByTestId, getByTestId } = renderResult;
+        const expandButtons = getAllByTestId(`${testPrefix}-expand-button`);
+        expandButtons.map((button) => userEvent.click(button));
+
+        const hostnameInfo = getByTestId(`${testPrefix}-action-details-info-Hostname`);
+        expect(hostnameInfo.textContent).toEqual('—');
+      });
+
+      describe('with `outputs` and `errors`', () => {
+        it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
+          'shows failed outputs and errors for %s action',
+          async (command) => {
+            const data = await getActionListMock({
+              agentIds: ['agent-a'],
+              actionCount: 1,
+              commands: [command],
+              wasSuccessful: false,
+              status: 'failed',
+              errors: ['Error here!'],
+              agentState: {
+                'agent-a': {
+                  errors: ['Error here!'],
+                  wasSuccessful: false,
+                  isCompleted: true,
+                  completedAt: '2023-05-10T20:09:25.824Z',
+                },
+              } as unknown as Pick<ActionDetails, 'agentState'>,
+              // just adding three commands for tests with respective error response codes
+              outputs: ['get-file', 'scan'].includes(command)
+                ? ({
+                    'agent-a': {
+                      type: 'json',
+                      content: {
+                        code:
+                          command === 'get-file'
+                            ? 'ra_get-file_error_not-found'
+                            : command === 'scan'
+                            ? 'ra_scan_error_scan_invalid-input'
+                            : 'non_existing_code_for_test',
+                      },
+                    },
+                  } as Pick<ActionDetails, 'outputs'>)
+                : undefined,
+            });
+
+            useGetEndpointActionListMock.mockReturnValue({
+              ...getBaseMockedActionList(),
+              data,
+            });
+            render();
+
+            const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command];
+            const outputs = expandRows();
+            if (command === 'get-file') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:The file specified was not found | Error here!`,
+              ]);
+            } else if (command === 'scan') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Invalid absolute file path provided | Error here!`,
+              ]);
+            } else {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following error was encountered:Error here!`,
+              ]);
+            }
+          }
+        );
+      });
+
+      describe('with `errors`', () => {
+        it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
+          'shows failed errors for %s action when no outputs',
+          async (command) => {
+            useGetEndpointActionListMock.mockReturnValue({
+              ...getBaseMockedActionList(),
+              data: await getActionListMock({
+                agentIds: ['agent-a'],
+                actionCount: 1,
+                commands: [command],
+                wasSuccessful: false,
+                status: 'failed',
+                errors: ['Error message w/o output'],
+                outputs: undefined,
+                agentState: {
+                  'agent-a': {
+                    errors: ['Error message w/o output'],
+                    wasSuccessful: false,
+                    isCompleted: true,
+                    completedAt: '2023-05-10T20:09:25.824Z',
+                  },
+                } as unknown as Pick<ActionDetails, 'agentState'>,
+              }),
+            });
+            render();
+
+            const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command];
+            const outputs = expandRows();
+            expect(outputs.map((n) => n.textContent)).toEqual([
+              `${outputCommand} failedThe following error was encountered:Error message w/o output`,
+            ]);
+          }
+        );
+      });
+    });
+
+    describe('Multiple agents', () => {
+      it('should show `—` concatenated hostnames when no hostname is available for an agent', async () => {
+        const data = await getActionListMock({
+          agentIds: ['agent-a', 'agent-b'],
+          hosts: {
+            'agent-a': { name: '' },
+            'agent-b': { name: 'Agent-B' },
+            'agent-c': { name: '' },
+          },
+          actionCount: 1,
+          commands: ['isolate'],
+          wasSuccessful: true,
+          status: 'failed',
+          errors: [''],
+          agentState: {
+            'agent-a': {
+              errors: [''],
+              wasSuccessful: true,
+              isCompleted: true,
+              completedAt: '2023-05-10T20:09:25.824Z',
+            },
+            'agent-b': {
+              errors: [''],
+              wasSuccessful: false,
+              isCompleted: true,
+              completedAt: '2023-05-10T20:09:25.824Z',
+            },
+            'agent-c': {
+              errors: [''],
+              isExpired: true,
+              wasSuccessful: false,
+              isCompleted: true,
+              completedAt: '2023-05-10T20:09:25.824Z',
+            },
+          } as unknown as Pick<ActionDetails, 'agentState'>,
+          outputs: {},
+        });
+
+        useGetEndpointActionListMock.mockReturnValue({
+          ...getBaseMockedActionList(),
+          data,
+        });
+        render();
+
+        const { getAllByTestId } = renderResult;
+        const expandButtons = getAllByTestId(`${testPrefix}-expand-button`);
+        expandButtons.map((button) => userEvent.click(button));
+
+        const hostnameInfo = getAllByTestId(`${testPrefix}-action-details-info-Hostname`);
+        expect(hostnameInfo.map((element) => element.textContent)).toEqual(['—, Agent-B, —']);
+      });
+
+      describe('with `outputs` and `errors`', () => {
+        it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
+          'shows failed outputs and errors for %s action on multiple agents',
+          async (command) => {
+            const data = await getActionListMock({
+              agentIds: ['agent-a', 'agent-b'],
+              hosts: { 'agent-a': { name: 'Host-agent-a' }, 'agent-b': { name: 'Host-agent-b' } },
+              actionCount: 1,
+              commands: [command],
+              wasSuccessful: false,
+              status: 'failed',
+              errors: ['Error with agent-a!', 'Error with agent-b!'],
+              agentState: {
+                'agent-a': {
+                  errors: ['Error with agent-a!'],
+                  wasSuccessful: false,
+                  isCompleted: true,
+                  completedAt: '2023-05-10T20:09:25.824Z',
+                },
+                'agent-b': {
+                  errors: ['Error with agent-b!'],
+                  wasSuccessful: false,
+                  isCompleted: true,
+                  completedAt: '2023-05-10T20:09:25.824Z',
+                },
+              } as unknown as Pick<ActionDetails, 'agentState'>,
+              outputs: {
+                'agent-a': {
+                  type: 'json',
+                  content: {
+                    code:
+                      command === 'get-file'
+                        ? 'ra_get-file_error_not-found'
+                        : command === 'scan'
+                        ? 'ra_scan_error_scan_invalid-input'
+                        : 'non_existing_code_for_test',
+                    content: undefined,
+                  },
+                },
+                'agent-b': {
+                  type: 'json',
+                  content: {
+                    code:
+                      command === 'get-file'
+                        ? 'ra_get-file_error_invalid-input'
+                        : command === 'scan'
+                        ? 'ra_scan_error_scan_invalid-input'
+                        : 'non_existing_code_for_test',
+                    content: undefined,
+                  },
+                },
+              } as Pick<ActionDetails, 'outputs'>,
+            });
+
+            useGetEndpointActionListMock.mockReturnValue({
+              ...getBaseMockedActionList(),
+              data,
+            });
+            render();
+
+            const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command];
+            const outputs = expandRows();
+            if (command === 'get-file') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: The file specified was not found | Error with agent-a!Host: Host-agent-bErrors: The path defined is not valid | Error with agent-b!`,
+              ]);
+            } else if (command === 'scan') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Invalid absolute file path provided | Error with agent-a!Host: Host-agent-bErrors: Invalid absolute file path provided | Error with agent-b!`,
+              ]);
+            } else {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`,
+              ]);
+            }
+          }
+        );
+      });
+
+      describe('with `errors`', () => {
+        it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)(
+          'shows failed errors for %s action on multiple agents',
+          async (command) => {
+            const data = await getActionListMock({
+              agentIds: ['agent-a', 'agent-b'],
+              hosts: { 'agent-a': { name: 'Host-agent-a' }, 'agent-b': { name: 'Host-agent-b' } },
+              actionCount: 1,
+              commands: [command],
+              wasSuccessful: false,
+              status: 'failed',
+              errors: ['Error with agent-a!', 'Error with agent-b!'],
+              agentState: {
+                'agent-a': {
+                  errors: ['Error with agent-a!'],
+                  wasSuccessful: false,
+                  isCompleted: true,
+                  completedAt: '2023-05-10T20:09:25.824Z',
+                },
+                'agent-b': {
+                  errors: ['Error with agent-b!'],
+                  wasSuccessful: false,
+                  isCompleted: true,
+                  completedAt: '2023-05-10T20:09:25.824Z',
+                },
+              } as unknown as Pick<ActionDetails, 'agentState'>,
+              outputs: {},
+            });
+
+            useGetEndpointActionListMock.mockReturnValue({
+              ...getBaseMockedActionList(),
+              data,
+            });
+            render();
+
+            const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command];
+            const outputs = expandRows();
+            if (command === 'get-file') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`,
+              ]);
+            } else if (command === 'scan') {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`,
+              ]);
+            } else {
+              expect(outputs.map((n) => n.textContent)).toEqual([
+                `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`,
+              ]);
+            }
+          }
+        );
+      });
+    });
+  });
+
   describe('Actions filter', () => {
     const filterPrefix = 'actions-filter';
 
@@ -1435,7 +1827,7 @@ describe('Response actions history', () => {
     });
   });
 
-  describe('Types  filter', () => {
+  describe('Types filter', () => {
     const filterPrefix = 'types-filter';
     it('should show a list of action types when opened', () => {
       render();
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx
index e98b009f686a4..5f90b08ba71b9 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx
@@ -6,7 +6,7 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import type { ActionListApiResponse } from '../../../../common/endpoint/types';
+import type { ActionDetails, ActionListApiResponse } from '../../../../common/endpoint/types';
 import type {
   ResponseActionAgentType,
   ResponseActionsApiCommandNames,
@@ -17,6 +17,8 @@ import { EndpointActionGenerator } from '../../../../common/endpoint/data_genera
 export const getActionListMock = async ({
   agentTypes = ['endpoint'] as ResponseActionAgentType[],
   agentIds: _agentIds,
+  hosts,
+  agentState,
   commands,
   actionCount = 0,
   endDate,
@@ -27,10 +29,14 @@ export const getActionListMock = async ({
   isCompleted = true,
   isExpired = false,
   wasSuccessful = true,
+  errors,
   status = 'successful',
+  outputs = {},
 }: {
   agentTypes?: ResponseActionAgentType[];
+  agentState?: Pick<ActionDetails, 'agentState'>;
   agentIds?: string[];
+  hosts?: Record<string, { name: string }>;
   commands?: string[];
   actionCount?: number;
   endDate?: string;
@@ -41,65 +47,36 @@ export const getActionListMock = async ({
   isCompleted?: boolean;
   isExpired?: boolean;
   wasSuccessful?: boolean;
+  errors?: string[];
   status?: ResponseActionStatus;
+  outputs?: Pick<ActionDetails, 'outputs'>;
 }): Promise<ActionListApiResponse> => {
   const endpointActionGenerator = new EndpointActionGenerator('seed');
 
   const agentIds = _agentIds ?? [uuidv4()];
 
-  const data: ActionListApiResponse['data'] = agentIds.map((id) => {
-    const actionIds = Array(actionCount)
-      .fill(1)
-      .map(() => uuidv4());
+  const actionIds = Array(actionCount)
+    .fill(1)
+    .map(() => uuidv4());
 
-    const actionDetails: ActionListApiResponse['data'] = actionIds.map((actionId) => {
-      const command = (commands?.[0] ?? 'isolate') as ResponseActionsApiCommandNames;
-      return endpointActionGenerator.generateActionDetails({
-        agents: [id],
-        command,
-        id: actionId,
-        isCompleted,
-        isExpired,
-        wasSuccessful,
-        status,
-        completedAt: isExpired ? undefined : new Date().toISOString(),
-        hosts: {
-          ...(command === 'upload'
-            ? {
-                [id]: { name: 'host name' },
-              }
-            : {}),
-        },
-        agentState: {
-          ...(command === 'upload'
-            ? {
-                [id]: {
-                  errors: undefined,
-                  wasSuccessful: true,
-                  isCompleted: true,
-                  completedAt: '2023-05-10T20:09:25.824Z',
-                },
-              }
-            : {}),
-        },
-        outputs: {
-          ...(command === 'upload'
-            ? {
-                [id]: {
-                  type: 'json',
-                  content: {
-                    code: 'ra_upload_file-success',
-                    path: 'some/path/to/file',
-                    disk_free_space: 123445,
-                  },
-                },
-              }
-            : {}),
-        },
-      });
-    });
-    return actionDetails;
-  })[0];
+  const actionDetails: ActionListApiResponse['data'] = actionIds.map((actionId) => {
+    const command = (commands?.[0] ?? 'isolate') as ResponseActionsApiCommandNames;
+    const actionDetailsOverrides = {
+      agents: agentIds,
+      hosts,
+      command,
+      id: actionId,
+      isCompleted,
+      isExpired,
+      wasSuccessful,
+      status,
+      completedAt: isExpired ? undefined : new Date().toISOString(),
+      agentState,
+      errors,
+      outputs,
+    };
+    return endpointActionGenerator.generateActionDetails(actionDetailsOverrides);
+  });
 
   return {
     page,
@@ -109,9 +86,9 @@ export const getActionListMock = async ({
     agentTypes,
     elasticAgentIds: agentIds,
     commands,
-    data,
+    data: actionDetails,
     userIds,
     statuses: undefined,
-    total: data.length ?? 0,
+    total: actionDetails.length ?? 0,
   };
 };
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/translations.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/translations.tsx
index e19f7cc19102e..633bfece6957c 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/translations.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/translations.tsx
@@ -18,6 +18,11 @@ export const OUTPUT_MESSAGES = Object.freeze({
       defaultMessage: `{command} completed successfully`,
       values: { command },
     }),
+  submittedSuccessfully: (command: string) =>
+    i18n.translate('xpack.securitySolution.responseActionsList.list.item.submittedSuccessfully', {
+      defaultMessage: `{command} submitted successfully`,
+      values: { command },
+    }),
   isPending: (command: string) =>
     i18n.translate('xpack.securitySolution.responseActionsList.list.item.isPending', {
       defaultMessage: `{command} is pending`,
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx
index 567f243cbbf61..726bcfd8daa00 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx
@@ -101,7 +101,7 @@ describe('Endpoint Upload Action Result component', () => {
     expect(getByTestId('test')).toHaveTextContent('Action pending.');
   });
 
-  it('should show error for agent responses that failed', () => {
+  it('should show error for agent responses that failed when multi-agent action', () => {
     addAgentToAction();
     // Set the second agent to be at error
     action.agentState['agent-b'].wasSuccessful = false;
@@ -112,7 +112,7 @@ describe('Endpoint Upload Action Result component', () => {
 
     expect(getByTestId('test')).toHaveTextContent(
       'Host: Host-agent-aFile saved to: /path/to/uploaded/fileFree disk space on drive: 1.18MB' +
-        'Host: agent-bThe following error was encountered:some error here'
+        'Host: agent-bThe following error was encountered:Host: agent-bErrors: some error here'
     );
   });
 });
diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx
index ee219ff5652e8..7f2f7111cbb37 100644
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx
@@ -12,7 +12,6 @@ import type { EuiTextProps } from '@elastic/eui';
 import { EuiSpacer, EuiText } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import numeral from '@elastic/numeral';
-import { css } from '@emotion/react';
 import { EndpointActionFailureMessage } from '../endpoint_action_failure_message';
 import type {
   ActionDetails,
@@ -23,6 +22,7 @@ import type {
   MaybeImmutable,
 } from '../../../../common/endpoint/types';
 import { useTestIdGenerator } from '../../hooks/use_test_id_generator';
+import { KeyValueDisplay } from '../key_value_display';
 
 const LABELS = Object.freeze<Record<string, string>>({
   path: i18n.translate('xpack.securitySolution.endpointUploadActionResult.savedTo', {
@@ -165,28 +165,6 @@ export const EndpointUploadActionResult = memo<EndpointUploadActionResultProps>(
 );
 EndpointUploadActionResult.displayName = 'EndpointUploadActionResult';
 
-export interface KeyValueDisplayProps {
-  name: string;
-  value: string;
-}
-const KeyValueDisplay = memo<KeyValueDisplayProps>(({ name, value }) => {
-  return (
-    <div
-      className="eui-textBreakWord"
-      css={css`
-        white-space: pre-wrap;
-      `}
-    >
-      <strong>
-        {name}
-        {': '}
-      </strong>
-      {value}
-    </div>
-  );
-});
-KeyValueDisplay.displayName = 'KeyValueDisplay';
-
 type HostUploadResultProps = PropsWithChildren<{
   name?: string;
   'data-test-subj'?: string;
diff --git a/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx b/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx
new file mode 100644
index 0000000000000..52629da6861b4
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { KeyValueDisplay } from './key_value_display';
diff --git a/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx b/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx
new file mode 100644
index 0000000000000..59d7a26e97580
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import { css } from '@emotion/react';
+
+export interface KeyValueDisplayProps {
+  name: string;
+  value: string;
+}
+export const KeyValueDisplay = memo<KeyValueDisplayProps>(({ name, value }) => {
+  return (
+    <div
+      className="eui-textBreakWord"
+      css={css`
+        white-space: pre-wrap;
+      `}
+    >
+      <strong>
+        {name}
+        {': '}
+      </strong>
+      {value}
+    </div>
+  );
+});
+KeyValueDisplay.displayName = 'KeyValueDisplay';
diff --git a/x-pack/plugins/security_solution/public/management/cypress/cypress.d.ts b/x-pack/plugins/security_solution/public/management/cypress/cypress.d.ts
index 4ac089c98e560..eb42649827908 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/cypress.d.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/cypress.d.ts
@@ -10,6 +10,11 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 
 import type { CasePostRequest } from '@kbn/cases-plugin/common/api';
+import type { UsageRecord } from '@kbn/security-solution-serverless/server/types';
+import type {
+  DeletedEndpointHeartbeats,
+  IndexedEndpointHeartbeats,
+} from '../../../common/endpoint/data_loaders/index_endpoint_hearbeats';
 import type { SecuritySolutionDescribeBlockFtrConfig } from '../../../scripts/run_cypress/utils';
 import type { DeleteAllEndpointDataResponse } from '../../../scripts/endpoint/common/delete_all_endpoint_data';
 import type { IndexedEndpointPolicyResponse } from '../../../common/endpoint/data_loaders/index_endpoint_policy_response';
@@ -119,6 +124,36 @@ declare global {
         options?: Partial<Loggable & Timeoutable>
       ): Chainable<IndexedCase['data']>;
 
+      task(
+        name: 'indexEndpointHeartbeats',
+        arg?: { count?: number },
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<IndexedEndpointHeartbeats['data']>;
+
+      task(
+        name: 'deleteIndexedEndpointHeartbeats',
+        arg: IndexedEndpointHeartbeats['data'],
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<DeletedEndpointHeartbeats>;
+
+      task(
+        name: 'startTransparentApiProxy',
+        arg?: { port?: number },
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<null>;
+
+      task(
+        name: 'getInterceptedRequestsFromTransparentApiProxy',
+        arg?: {},
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<UsageRecord[][]>;
+
+      task(
+        name: 'stopTransparentProxyApi',
+        arg?: {},
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<null>;
+
       task(
         name: 'deleteIndexedCase',
         arg: IndexedCase['data'],
diff --git a/x-pack/plugins/security_solution/public/management/cypress/cypress_base.config.ts b/x-pack/plugins/security_solution/public/management/cypress/cypress_base.config.ts
index a2755f360d833..c8aa2b347b82b 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/cypress_base.config.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/cypress_base.config.ts
@@ -8,6 +8,8 @@
 // @ts-expect-error
 import registerDataSession from 'cypress-data-session/src/plugin';
 import { merge } from 'lodash';
+
+import { transparentApiProxy } from './support/transparent_api_proxy';
 import { samlAuthentication } from './support/saml_authentication';
 import { getVideosForFailedSpecs } from './support/filter_videos';
 import { setupToolingLogLevel } from './support/setup_tooling_log_level';
@@ -75,7 +77,6 @@ export const getCypressBaseConfig = (
         // baseUrl: To override, set Env. variable `CYPRESS_BASE_URL`
         baseUrl: 'http://localhost:5601',
         supportFile: 'public/management/cypress/support/e2e.ts',
-        // TODO: undo before merge
         specPattern: 'public/management/cypress/e2e/**/*.cy.{js,jsx,ts,tsx}',
         experimentalRunAllSpecs: true,
         experimentalMemoryManagement: true,
@@ -100,6 +101,8 @@ export const getCypressBaseConfig = (
 
           dataLoaders(on, config);
 
+          transparentApiProxy(on, config);
+
           // Data loaders specific to "real" Endpoint testing
           dataLoadersForRealEndpoints(on, config);
 
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts
index 20bfa44d0f8f9..9da25023f0778 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts
@@ -100,7 +100,7 @@ describe(
         closeAllToasts();
 
         changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`);
-        cy.getByTestSubj('expand-event').eq(0).click();
+        cy.getByTestSubj('expand-event').first().click();
         cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click();
         cy.getByTestSubj('securitySolutionFlyoutResponseTab').click();
 
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints.cy.ts
index 217b13f96f934..12cdfcfa6e09c 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints.cy.ts
@@ -125,7 +125,7 @@ describe('Endpoints page', { tags: ['@ess', '@serverless'] }, () => {
 
     cy.get<number>('@originalPolicyRevision').then((originalRevision: number) => {
       const revisionRegex = new RegExp(`^rev\\. ${originalRevision + 1}$`);
-      cy.get('@endpointRow').findByTestSubj('policyListRevNo').contains(revisionRegex);
+      cy.get('@endpointRow').findByTestSubj('policyNameCellLink-revision').contains(revisionRegex);
     });
   });
 
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
index 59c6916f23fff..ba105aa8cbc0a 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
@@ -10,7 +10,6 @@ import {
   inputConsoleCommand,
   openResponseConsoleFromEndpointList,
   submitCommand,
-  // waitForCommandToBeExecuted,
   waitForEndpointListPageToBeLoaded,
 } from '../../../tasks/response_console';
 import type { IndexedFleetEndpointPolicyResponse } from '../../../../../../common/endpoint/data_loaders/index_fleet_endpoint_policy';
@@ -80,22 +79,40 @@ describe(
         }
       });
 
-      it('"scan --path" - should scan a folder', () => {
-        waitForEndpointListPageToBeLoaded(createdHost.hostname);
-        cy.task('createFileOnEndpoint', {
-          hostname: createdHost.hostname,
-          path: filePath,
-          content: fileContent,
+      [
+        ['file', filePath],
+        ['folder', homeFilePath],
+      ].forEach(([type, path]) => {
+        it(`"scan --path" - should scan a ${type}`, () => {
+          waitForEndpointListPageToBeLoaded(createdHost.hostname);
+          cy.task('createFileOnEndpoint', {
+            hostname: createdHost.hostname,
+            path: filePath,
+            content: fileContent,
+          });
+
+          cy.intercept('api/endpoint/action/scan').as('scanAction');
+          openResponseConsoleFromEndpointList();
+          inputConsoleCommand(`scan --path ${path}`);
+          submitCommand();
+          cy.wait('@scanAction', { timeout: 60000 });
+
+          cy.contains('Scan complete').click();
         });
+      });
+
+      it('"scan --path" - should scan a folder and report errors', () => {
+        waitForEndpointListPageToBeLoaded(createdHost.hostname);
 
-        // initiate get file action and wait for the API to complete
         cy.intercept('api/endpoint/action/scan').as('scanAction');
         openResponseConsoleFromEndpointList();
-        inputConsoleCommand(`scan --path ${homeFilePath}`);
+        inputConsoleCommand(`scan --path ${homeFilePath}/non_existent_folder`);
         submitCommand();
         cy.wait('@scanAction', { timeout: 60000 });
 
-        cy.contains('Scan complete').click();
+        cy.getByTestSubj('scan-actionFailure')
+          .should('exist')
+          .contains('File path or folder was not found (404)');
       });
     });
   }
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts
new file mode 100644
index 0000000000000..7a0533e85c1e4
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { recurse } from 'cypress-recurse';
+import type { UsageRecord } from '@kbn/security-solution-serverless/server/types';
+import { METERING_SERVICE_BATCH_SIZE } from '@kbn/security-solution-serverless/server/constants';
+import {
+  getInterceptedRequestsFromTransparentApiProxy,
+  startTransparentApiProxy,
+  stopTransparentApiProxy,
+} from '../../tasks/transparent_api_proxy';
+import type { ReturnTypeFromChainable } from '../../types';
+import { indexEndpointHeartbeats } from '../../tasks/index_endpoint_heartbeats';
+import { login, ROLE } from '../../tasks/login';
+
+describe(
+  'Metering',
+  {
+    tags: ['@serverless', '@skipInServerlessMKI'],
+    env: {
+      ftrConfig: {
+        kbnServerArgs: [
+          `--xpack.securitySolutionServerless.usageReportingTaskInterval=1m`,
+          `--xpack.securitySolutionServerless.usageReportingApiUrl=https://localhost:3623`,
+        ],
+      },
+    },
+  },
+  () => {
+    const HEARTBEAT_COUNT = 2001;
+
+    let endpointData: ReturnTypeFromChainable<typeof indexEndpointHeartbeats> | undefined;
+
+    before(() => {
+      login(ROLE.system_indices_superuser);
+      startTransparentApiProxy({ port: 3623 });
+      indexEndpointHeartbeats({
+        count: HEARTBEAT_COUNT,
+      }).then((indexedHeartbeats) => {
+        endpointData = indexedHeartbeats;
+      });
+    });
+
+    after(() => {
+      if (endpointData) {
+        endpointData.cleanup();
+        endpointData = undefined;
+      }
+      stopTransparentApiProxy();
+    });
+
+    // FLAKY: https://github.com/elastic/kibana/issues/187083
+    describe.skip('Usage Reporting Task', () => {
+      it('properly sends indexed heartbeats to the metering api', () => {
+        const expectedChunks = Math.ceil(HEARTBEAT_COUNT / METERING_SERVICE_BATCH_SIZE);
+
+        recurse(
+          getInterceptedRequestsFromTransparentApiProxy,
+          (res: UsageRecord[][]) => {
+            if (res.length === expectedChunks) {
+              expect(res).to.have.length(expectedChunks);
+
+              for (let i = 0; i < expectedChunks; i++) {
+                if (i < expectedChunks - 1) {
+                  expect(res[i]).to.have.length(METERING_SERVICE_BATCH_SIZE);
+                } else {
+                  // The last or only chunk
+                  expect(res[i]).to.have.length(
+                    HEARTBEAT_COUNT % METERING_SERVICE_BATCH_SIZE || METERING_SERVICE_BATCH_SIZE
+                  );
+                }
+              }
+
+              const allHeartbeats = res.flat();
+              expect(allHeartbeats).to.have.length(HEARTBEAT_COUNT);
+              expect(allHeartbeats[0].id).to.contain('agent-0');
+              expect(allHeartbeats[HEARTBEAT_COUNT - 1].id).to.contain(
+                `agent-${HEARTBEAT_COUNT - 1}`
+              );
+              return true;
+            }
+            return false;
+          },
+          {
+            delay: 15 * 1000,
+            timeout: 2 * 60 * 1000,
+          }
+        );
+      });
+    });
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/management/cypress/support/data_loaders.ts b/x-pack/plugins/security_solution/public/management/cypress/support/data_loaders.ts
index e96b3a057a21b..2ce2f8140184c 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/support/data_loaders.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/support/data_loaders.ts
@@ -11,6 +11,11 @@ import type { CasePostRequest } from '@kbn/cases-plugin/common';
 import execa from 'execa';
 import type { KbnClient } from '@kbn/test';
 import type { ToolingLog } from '@kbn/tooling-log';
+import type { IndexedEndpointHeartbeats } from '../../../../common/endpoint/data_loaders/index_endpoint_hearbeats';
+import {
+  deleteIndexedEndpointHeartbeats,
+  indexEndpointHeartbeats,
+} from '../../../../common/endpoint/data_loaders/index_endpoint_hearbeats';
 import {
   getHostVmClient,
   createVm,
@@ -226,6 +231,19 @@ export const dataLoaders = (
       return deleteIndexedHostsAndAlerts(esClient, kbnClient, indexedData);
     },
 
+    indexEndpointHeartbeats: async (options: { count?: number }) => {
+      const { esClient, log } = await setupStackServicesUsingCypressConfig(config);
+      return (await indexEndpointHeartbeats(esClient, log, options.count || 1)).data;
+    },
+
+    deleteIndexedEndpointHeartbeats: async (
+      data: IndexedEndpointHeartbeats['data']
+    ): Promise<null> => {
+      const { esClient } = await stackServicesPromise;
+      await deleteIndexedEndpointHeartbeats(esClient, data);
+      return null;
+    },
+
     indexEndpointRuleAlerts: async (options: { endpointAgentId: string; count?: number }) => {
       const { esClient, log } = await stackServicesPromise;
       return (
diff --git a/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts b/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts
index d0d9befddd6a1..1f4619695978d 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts
@@ -54,7 +54,8 @@ export const responseActionTasks = (
           data: tamperedDataString,
         },
       };
-      return updateActionDoc(esClient, newActionDoc._id, tamperedDoc);
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      return updateActionDoc(esClient, newActionDoc._id!, tamperedDoc);
     },
   });
 };
diff --git a/x-pack/plugins/security_solution/public/management/cypress/support/transparent_api_proxy.ts b/x-pack/plugins/security_solution/public/management/cypress/support/transparent_api_proxy.ts
new file mode 100644
index 0000000000000..2130924eb0583
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/cypress/support/transparent_api_proxy.ts
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// eslint-disable-next-line import/no-nodejs-modules
+import fs from 'fs';
+// eslint-disable-next-line import/no-nodejs-modules
+import type { IncomingMessage, ServerResponse } from 'http';
+import DebugProxy from '@cypress/debugging-proxy';
+import { ES_CERT_PATH, ES_KEY_PATH } from '@kbn/dev-utils';
+import type { UsageRecord } from '@kbn/security-solution-serverless/server/types';
+import { setupStackServicesUsingCypressConfig } from './common';
+
+export const transparentApiProxy = (
+  on: Cypress.PluginEvents,
+  config: Cypress.PluginConfigOptions
+): void => {
+  let proxy: { start: (port: number) => Promise<void>; stop: () => Promise<void> } | null = null;
+  const interceptedRequestBody: UsageRecord[][] = [];
+
+  on('task', {
+    startTransparentApiProxy: async (options) => {
+      const { log } = await setupStackServicesUsingCypressConfig(config);
+
+      const port = options?.port || 3623;
+
+      log.debug(`[Transparent API] Starting transparent API proxy on port ${port}`);
+
+      try {
+        proxy = new DebugProxy({
+          keepRequests: true,
+          https: {
+            key: fs.readFileSync(ES_KEY_PATH),
+            cert: fs.readFileSync(ES_CERT_PATH),
+          },
+          onRequest: (_: string, req: IncomingMessage, res: ServerResponse) => {
+            let body = '';
+
+            req.on('data', (chunk: string) => {
+              body += chunk;
+            });
+            req.on('end', () => {
+              try {
+                const parsedBody = JSON.parse(body);
+                interceptedRequestBody.push(parsedBody);
+              } catch (err) {
+                throw new Error(`[Transparent API] Failed to parse request body as JSON: ${err}`);
+              }
+              res.writeHead(201);
+              res.end();
+            });
+          },
+        });
+      } catch (e) {
+        log.error(`[Transparent API] Error starting transparent API proxy: ${e}`);
+        throw e;
+      }
+      if (!proxy) {
+        throw new Error('[Transparent API] Proxy was not initialized');
+      }
+
+      await proxy.start(port);
+      log.debug(`[Transparent API] proxy started on port ${port}`);
+      return null;
+    },
+    getInterceptedRequestsFromTransparentApiProxy: async (): Promise<UsageRecord[][]> => {
+      return interceptedRequestBody;
+    },
+    stopTransparentProxyApi: async () => {
+      if (proxy) {
+        await proxy.stop();
+      }
+      return null;
+    },
+  });
+};
diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/index_endpoint_heartbeats.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/index_endpoint_heartbeats.ts
new file mode 100644
index 0000000000000..090b664a12227
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/index_endpoint_heartbeats.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  DeletedEndpointHeartbeats,
+  IndexedEndpointHeartbeats,
+} from '../../../../common/endpoint/data_loaders/index_endpoint_hearbeats';
+
+export const indexEndpointHeartbeats = (options: {
+  count?: number;
+}): Cypress.Chainable<
+  Pick<IndexedEndpointHeartbeats, 'data'> & {
+    cleanup: () => Cypress.Chainable<DeletedEndpointHeartbeats>;
+  }
+> => {
+  return cy.task('indexEndpointHeartbeats', options).then((res) => {
+    return {
+      data: res,
+      cleanup: () => {
+        cy.log('Deleting Endpoint Host heartbeats');
+
+        return cy.task('deleteIndexedEndpointHeartbeats', res);
+      },
+    };
+  });
+};
diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/transparent_api_proxy.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/transparent_api_proxy.ts
new file mode 100644
index 0000000000000..6b1ba499ef2d4
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/transparent_api_proxy.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { UsageRecord } from '@kbn/security-solution-serverless/server/types';
+
+export const startTransparentApiProxy = (options: { port?: number }): Cypress.Chainable<null> => {
+  return cy.task('startTransparentApiProxy', options);
+};
+
+export const stopTransparentApiProxy = (): Cypress.Chainable<null> => {
+  return cy.task('stopTransparentProxyApi');
+};
+
+export const getInterceptedRequestsFromTransparentApiProxy = (): Cypress.Chainable<
+  UsageRecord[][]
+> => {
+  return cy.task('getInterceptedRequestsFromTransparentApiProxy');
+};
diff --git a/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json b/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json
index 20cb7534941b3..fcd96e1edd36b 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json
+++ b/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json
@@ -31,5 +31,7 @@
     "@kbn/test",
     "@kbn/repo-info",
     "@kbn/tooling-log",
+    "@kbn/security-solution-serverless",
+    "@kbn/dev-utils",
   ]
 }
diff --git a/x-pack/plugins/security_solution/public/management/cypress/typings.d.ts b/x-pack/plugins/security_solution/public/management/cypress/typings.d.ts
new file mode 100644
index 0000000000000..12e0bc324ee7e
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/cypress/typings.d.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+declare module '@cypress/debugging-proxy';
diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts
new file mode 100644
index 0000000000000..02190ff13ef09
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
+import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
+import type { AgentStatusRecords } from '../../../../../common/endpoint/types';
+
+const useGetAgentStatusMock = jest.fn(
+  (agentIds: string[] | string, agentType: ResponseActionAgentType) => {
+    const agentsIdList = Array.isArray(agentIds) ? agentIds : [agentIds];
+
+    return {
+      data: agentsIdList.reduce<AgentStatusRecords>((acc, agentId) => {
+        acc[agentId] = agentStatusMocks.generateAgentStatus({ agentType, agentId });
+
+        return acc;
+      }, {}),
+      isLoading: false,
+      isFetched: true,
+      isFetching: false,
+    };
+  }
+);
+
+export { useGetAgentStatusMock as useGetAgentStatus };
diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts
new file mode 100644
index 0000000000000..300fd11a700a3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts
@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AppContextTestRender } from '../../../common/mock/endpoint';
+import { createAppRootMockRenderer } from '../../../common/mock/endpoint';
+import { useGetAgentStatus } from './use_get_agent_status';
+import { agentStatusGetHttpMock } from '../../mocks';
+import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants';
+import type { RenderHookResult } from '@testing-library/react-hooks/src/types';
+
+describe('useGetAgentStatus hook', () => {
+  let httpMock: AppContextTestRender['coreStart']['http'];
+  let agentIdsProp: Parameters<typeof useGetAgentStatus>[0];
+  let optionsProp: Parameters<typeof useGetAgentStatus>[2];
+  let apiMock: ReturnType<typeof agentStatusGetHttpMock>;
+  let renderHook: () => RenderHookResult<unknown, ReturnType<typeof useGetAgentStatus>>;
+
+  beforeEach(() => {
+    const appTestContext = createAppRootMockRenderer();
+
+    httpMock = appTestContext.coreStart.http;
+    apiMock = agentStatusGetHttpMock(httpMock);
+    renderHook = () => {
+      return appTestContext.renderHook<unknown, ReturnType<typeof useGetAgentStatus>>(() =>
+        useGetAgentStatus(agentIdsProp, 'endpoint', optionsProp)
+      );
+    };
+    agentIdsProp = '1-2-3';
+    optionsProp = undefined;
+  });
+
+  it('should accept a single agent id (string)', () => {
+    renderHook();
+
+    expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, {
+      query: { agentIds: ['1-2-3'], agentType: 'endpoint' },
+      version: '1',
+    });
+  });
+
+  it('should accept multiple agent ids (array)', () => {
+    agentIdsProp = ['1', '2', '3'];
+    renderHook();
+
+    expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, {
+      query: { agentIds: ['1', '2', '3'], agentType: 'endpoint' },
+      version: '1',
+    });
+  });
+
+  it('should only use agentIds that are not empty strings', () => {
+    agentIdsProp = ['', '1', ''];
+    renderHook();
+
+    expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, {
+      query: { agentIds: ['1'], agentType: 'endpoint' },
+      version: '1',
+    });
+  });
+
+  it('should return expected data', async () => {
+    const { result, waitForValueToChange } = renderHook();
+    await waitForValueToChange(() => result.current);
+
+    expect(result.current.data).toEqual({
+      '1-2-3': {
+        agentId: '1-2-3',
+        agentType: 'endpoint',
+        found: true,
+        isolated: false,
+        lastSeen: expect.any(String),
+        pendingActions: {},
+        status: 'healthy',
+      },
+    });
+  });
+
+  it('should NOT call agent status api if list of agent ids is empty', async () => {
+    agentIdsProp = ['', '     '];
+    const { result, waitForValueToChange } = renderHook();
+    await waitForValueToChange(() => result.current);
+
+    expect(result.current.data).toEqual({});
+    expect(apiMock.responseProvider.getAgentStatus).not.toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts
new file mode 100644
index 0000000000000..4d45c95fbba79
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types';
+import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query';
+import { useQuery } from '@tanstack/react-query';
+import type { IHttpFetchError } from '@kbn/core-http-browser';
+import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common';
+import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants';
+import { DEFAULT_POLL_INTERVAL } from '../../common/constants';
+import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants';
+import type { AgentStatusRecords, AgentStatusApiResponse } from '../../../../common/endpoint/types';
+import { useHttp } from '../../../common/lib/kibana';
+
+interface ErrorType {
+  statusCode: number;
+  message: string;
+  meta: ActionTypeExecutorResult<SentinelOneGetAgentsResponse>;
+}
+
+/**
+ * Retrieve the status of a supported host's agent type
+ * @param agentIds
+ * @param agentType
+ * @param options
+ */
+export const useGetAgentStatus = (
+  agentIds: string[] | string,
+  agentType: ResponseActionAgentType,
+  options: Omit<UseQueryOptions<AgentStatusRecords, IHttpFetchError<ErrorType>>, 'queryFn'> = {}
+): UseQueryResult<AgentStatusRecords, IHttpFetchError<ErrorType>> => {
+  const http = useHttp();
+  const agentIdList = (Array.isArray(agentIds) ? agentIds : [agentIds]).filter(
+    (agentId) => agentId.trim().length
+  );
+
+  return useQuery<AgentStatusRecords, IHttpFetchError<ErrorType>>({
+    queryKey: ['get-agent-status', agentIdList],
+    refetchInterval: DEFAULT_POLL_INTERVAL,
+    ...options,
+    queryFn: () => {
+      if (agentIdList.length === 0) {
+        return {};
+      }
+
+      return http
+        .get<AgentStatusApiResponse>(AGENT_STATUS_ROUTE, {
+          version: '1',
+          query: {
+            agentIds: agentIdList,
+            agentType,
+          },
+        })
+        .then((response) => response.data);
+    },
+  });
+};
diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx
deleted file mode 100644
index 5aa1d6b5f6b21..0000000000000
--- a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types';
-import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query';
-import { useQuery } from '@tanstack/react-query';
-import type { IHttpFetchError } from '@kbn/core-http-browser';
-import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common';
-import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
-import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants';
-import type { AgentStatusInfo, AgentStatusRecords } from '../../../../common/endpoint/types';
-import { useHttp } from '../../../common/lib/kibana';
-
-interface ErrorType {
-  statusCode: number;
-  message: string;
-  meta: ActionTypeExecutorResult<SentinelOneGetAgentsResponse>;
-}
-
-// TODO: 8.15: Remove `useGetSentinelOneAgentStatus` function when `agentStatusClientEnabled` is enabled/removed
-export const useGetSentinelOneAgentStatus = (
-  agentIds: string[],
-  agentType?: string,
-  options: UseQueryOptions<AgentStatusInfo, IHttpFetchError<ErrorType>> = {}
-): UseQueryResult<AgentStatusInfo, IHttpFetchError<ErrorType>> => {
-  const http = useHttp();
-
-  return useQuery<AgentStatusInfo, IHttpFetchError<ErrorType>>({
-    queryKey: ['get-agent-status', agentIds],
-    refetchInterval: 5000,
-    ...options,
-    enabled: agentType === 'sentinel_one',
-    queryFn: () =>
-      http
-        .get<{ data: AgentStatusInfo }>(AGENT_STATUS_ROUTE, {
-          version: '1',
-          query: {
-            agentIds,
-            // 8.13 sentinel_one support via internal API
-            agentType: agentType ? agentType : 'sentinel_one',
-          },
-        })
-        .then((response) => response.data),
-  });
-};
-
-// 8.14, 8.15 used for fetching agent status
-export const useGetAgentStatus = (
-  agentIds: string[],
-  agentType: string,
-  options: UseQueryOptions<AgentStatusRecords, IHttpFetchError<ErrorType>> = {}
-): UseQueryResult<AgentStatusRecords, IHttpFetchError<ErrorType>> => {
-  const http = useHttp();
-
-  return useQuery<AgentStatusRecords, IHttpFetchError<ErrorType>>({
-    queryKey: ['get-agent-status', agentIds],
-    // TODO: remove this refetchInterval and instead override it where called, via options.
-    refetchInterval: 5000,
-    ...options,
-    queryFn: () =>
-      http
-        .get<{ data: AgentStatusRecords }>(AGENT_STATUS_ROUTE, {
-          version: '1',
-          query: {
-            agentIds: agentIds.filter((agentId) => agentId.trim().length),
-            agentType,
-          },
-        })
-        .then((response) => response.data),
-  });
-};
-
-export const useAgentStatusHook = ():
-  | typeof useGetAgentStatus
-  | typeof useGetSentinelOneAgentStatus => {
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
-  // 8.15 use agent status client hook if `agentStatusClientEnabled` FF enabled
-  return !agentStatusClientEnabled ? useGetSentinelOneAgentStatus : useGetAgentStatus;
-};
diff --git a/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx b/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx
index b820e75dad97c..bd348c77fde3e 100644
--- a/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx
+++ b/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx
@@ -18,7 +18,6 @@ import { useUserPrivileges } from '../../common/components/user_privileges';
 import {
   ActionLogButton,
   getEndpointConsoleCommands,
-  HeaderEndpointInfo,
   OfflineCallout,
 } from '../components/endpoint_responder';
 import { useConsoleManager } from '../components/console';
@@ -54,7 +53,6 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => {
   const responseActionsCrowdstrikeManualHostIsolationEnabled = useIsExperimentalFeatureEnabled(
     'responseActionsCrowdstrikeManualHostIsolationEnabled'
   );
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
 
   return useCallback(
     (props: ResponderInfoProps) => {
@@ -89,22 +87,14 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => {
           'data-test-subj': `${agentType}ResponseActionsConsole`,
           storagePrefix: 'xpack.securitySolution.Responder',
           TitleComponent: () => {
-            if (agentStatusClientEnabled || agentType !== 'endpoint') {
-              return (
-                <AgentInfo
-                  agentId={agentId}
-                  agentType={agentType}
-                  hostName={hostName}
-                  platform={platform}
-                />
-              );
-            }
-            // TODO: 8.15 remove this if block when agentStatusClientEnabled is enabled/removed
-            if (agentType === 'endpoint') {
-              return <HeaderEndpointInfo endpointId={agentId} />;
-            }
-
-            return null;
+            return (
+              <AgentInfo
+                agentId={agentId}
+                agentType={agentType}
+                hostName={hostName}
+                platform={platform}
+              />
+            );
           },
         };
 
@@ -157,7 +147,6 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => {
       endpointPrivileges,
       isEnterpriseLicense,
       consoleManager,
-      agentStatusClientEnabled,
     ]
   );
 };
diff --git a/x-pack/plugins/security_solution/public/management/links.ts b/x-pack/plugins/security_solution/public/management/links.ts
index 21a5fc69ca1d9..06d47e2936115 100644
--- a/x-pack/plugins/security_solution/public/management/links.ts
+++ b/x-pack/plugins/security_solution/public/management/links.ts
@@ -233,7 +233,7 @@ export const links: LinkItem = {
       path: NOTES_MANAGEMENT_PATH,
       skipUrlState: true,
       hideTimeline: true,
-      experimentalKey: 'notesEnabled',
+      experimentalKey: 'securitySolutionNotesEnabled',
     },
   ],
 };
diff --git a/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts b/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts
new file mode 100644
index 0000000000000..94fe0623d26f2
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { HttpFetchOptionsWithPath } from '@kbn/core-http-browser';
+import type { Mutable } from 'utility-types';
+import { agentStatusMocks } from '../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
+import type { EndpointAgentStatusRequestQueryParams } from '../../../common/api/endpoint/agent/get_agent_status_route';
+import type { ResponseProvidersInterface } from '../../common/mock/endpoint';
+import { httpHandlerMockFactory } from '../../common/mock/endpoint/http_handler_mock_factory';
+import type { AgentStatusApiResponse, AgentStatusRecords } from '../../../common/endpoint/types';
+import { AGENT_STATUS_ROUTE } from '../../../common/endpoint/constants';
+
+export type AgentStatusHttpMocksInterface = ResponseProvidersInterface<{
+  getAgentStatus: (options: HttpFetchOptionsWithPath) => AgentStatusApiResponse;
+}>;
+
+export const agentStatusGetHttpMock = httpHandlerMockFactory<AgentStatusHttpMocksInterface>([
+  {
+    id: 'getAgentStatus',
+    method: 'get',
+    path: AGENT_STATUS_ROUTE,
+    handler: (options): AgentStatusApiResponse => {
+      const queryOptions = options.query as Mutable<EndpointAgentStatusRequestQueryParams>;
+      const agentType = queryOptions.agentType || 'endpoint';
+      const agentIds = Array.isArray(queryOptions.agentIds)
+        ? queryOptions.agentIds
+        : [queryOptions.agentIds];
+
+      return {
+        data: agentIds.reduce<AgentStatusRecords>((acc, agentId) => {
+          acc[agentId] = agentStatusMocks.generateAgentStatus({ agentId, agentType });
+          return acc;
+        }, {}),
+      };
+    },
+  },
+]);
diff --git a/x-pack/plugins/security_solution/public/management/mocks/index.ts b/x-pack/plugins/security_solution/public/management/mocks/index.ts
index 5368872e207af..6e5c9d72478f2 100644
--- a/x-pack/plugins/security_solution/public/management/mocks/index.ts
+++ b/x-pack/plugins/security_solution/public/management/mocks/index.ts
@@ -8,3 +8,4 @@
 export * from './fleet_mocks';
 export * from './trusted_apps_http_mocks';
 export * from './exceptions_list_http_mocks';
+export * from './agent_status_http_mocks';
diff --git a/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts b/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts
index 4ca4004ce89b1..256484f8d0e92 100644
--- a/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts
+++ b/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts
@@ -39,7 +39,7 @@ import type {
   ResponseActionGetFileParameters,
   ResponseActionScanOutputContent,
   ResponseActionsExecuteParameters,
-  ResponseActionsScanParameters,
+  ResponseActionScanParameters,
   ResponseActionUploadOutputContent,
   ResponseActionUploadParameters,
 } from '../../../common/endpoint/types';
@@ -263,12 +263,12 @@ export const responseActionsHttpMocks = httpHandlerMockFactory<ResponseActionsHt
     method: 'post',
     handler: (): ActionDetailsApiResponse<
       ResponseActionScanOutputContent,
-      ResponseActionsScanParameters
+      ResponseActionScanParameters
     > => {
       const generator = new EndpointActionGenerator('seed');
       const response = generator.generateActionDetails<
         ResponseActionScanOutputContent,
-        ResponseActionsScanParameters
+        ResponseActionScanParameters
       >({
         command: 'scan',
       });
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
index 5837578063526..01b9b3455dea9 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
@@ -141,10 +141,6 @@ export type EndpointIsolationRequestStateChange = Action<'endpointIsolationReque
   payload: EndpointState['isolationRequestState'];
 };
 
-export type EndpointPendingActionsStateChanged = Action<'endpointPendingActionsStateChanged'> & {
-  payload: EndpointState['endpointPendingActions'];
-};
-
 export type LoadMetadataTransformStats = Action<'loadMetadataTransformStats'>;
 
 export type MetadataTransformStatsChanged = Action<'metadataTransformStatsChanged'> & {
@@ -173,7 +169,6 @@ export type EndpointAction =
   | ServerFailedToReturnEndpointsTotal
   | EndpointIsolationRequest
   | EndpointIsolationRequestStateChange
-  | EndpointPendingActionsStateChanged
   | LoadMetadataTransformStats
   | MetadataTransformStatsChanged
   | ServerFinishedInitialization;
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts
index fe8255960dea4..a47590023dbc3 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts
@@ -11,7 +11,7 @@ import {
 } from '../../../../../common/endpoint/constants';
 import type { Immutable } from '../../../../../common/endpoint/types';
 import { DEFAULT_POLL_INTERVAL } from '../../../common/constants';
-import { createLoadedResourceState, createUninitialisedResourceState } from '../../../state';
+import { createUninitialisedResourceState } from '../../../state';
 import type { EndpointState } from '../types';
 
 export const initialEndpointPageState = (): Immutable<EndpointState> => {
@@ -41,7 +41,6 @@ export const initialEndpointPageState = (): Immutable<EndpointState> => {
     endpointsTotal: 0,
     endpointsTotalError: undefined,
     isolationRequestState: createUninitialisedResourceState(),
-    endpointPendingActions: createLoadedResourceState(new Map()),
     metadataTransformStats: createUninitialisedResourceState(),
     isInitialized: false,
   };
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
index dd81b3d2759a3..ea2e82ac864e1 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
@@ -72,10 +72,6 @@ describe('EndpointList store concerns', () => {
         isolationRequestState: {
           type: 'UninitialisedResourceState',
         },
-        endpointPendingActions: {
-          data: new Map(),
-          type: 'LoadedResourceState',
-        },
         metadataTransformStats: createUninitialisedResourceState(),
       });
     });
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts
index 763bc15dace43..a737ccd77884c 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts
@@ -138,7 +138,6 @@ describe('endpoint list middleware', () => {
 
     await Promise.all([
       waitForAction('serverReturnedEndpointList'),
-      waitForAction('endpointPendingActionsStateChanged'),
       waitForAction('serverReturnedMetadataPatterns'),
       waitForAction('serverCancelledPolicyItemsLoading'),
       waitForAction('serverReturnedEndpointExistValue'),
@@ -236,42 +235,6 @@ describe('endpoint list middleware', () => {
     });
   });
 
-  describe('handle Endpoint Pending Actions state actions', () => {
-    let mockedApis: ReturnType<typeof endpointPageHttpMock>;
-
-    beforeEach(() => {
-      mockedApis = endpointPageHttpMock(fakeHttpServices);
-    });
-
-    it('should include all agents ids from the list when calling API', async () => {
-      const loadingPendingActions = waitForAction('endpointPendingActionsStateChanged', {
-        validate: (action) => isLoadedResourceState(action.payload),
-      });
-
-      dispatchUserChangedUrlToEndpointList();
-      await loadingPendingActions;
-
-      expect(mockedApis.responseProvider.pendingActions).toHaveBeenCalledWith({
-        path: expect.any(String),
-        version: '2023-10-31',
-        query: {
-          agent_ids: [
-            '0dc3661d-6e67-46b0-af39-6f12b025fcb0',
-            'fe16dda9-7f34-434c-9824-b4844880f410',
-            'f412728b-929c-48d5-bdb6-5a1298e3e607',
-            'd0405ddc-1e7c-48f0-93d7-d55f954bd745',
-            '46d78dd2-aedf-4d3f-b3a9-da445f1fd25f',
-            '5aafa558-26b8-4bb4-80e2-ac0644d77a3f',
-            'edac2c58-1748-40c3-853c-8fab48c333d7',
-            '06b7223a-bb2a-428a-9021-f1c0d2267ada',
-            'b8daa43b-7f73-4684-9221-dbc8b769405e',
-            'fbc06310-7d41-46b8-a5ea-ceed8a993b1a',
-          ],
-        },
-      });
-    });
-  });
-
   describe('handles metadata transform stats actions', () => {
     const dispatchLoadTransformStats = () => {
       dispatch({
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
index 215a789a8b4ed..fce262052220e 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
@@ -30,7 +30,6 @@ import type {
   ResponseActionApiResponse,
 } from '../../../../../common/endpoint/types';
 import { isolateHost, unIsolateHost } from '../../../../common/lib/endpoint/endpoint_isolation';
-import { fetchPendingActionsByAgentId } from '../../../../common/lib/endpoint/endpoint_pending_actions';
 import type { ImmutableMiddlewareAPI, ImmutableMiddlewareFactory } from '../../../../common/store';
 import type { AppAction } from '../../../../common/store/actions';
 import { sendGetEndpointSpecificPackagePolicies } from '../../../services/policies/policies';
@@ -45,13 +44,7 @@ import {
   sendGetEndpointSecurityPackage,
 } from '../../../services/policies/ingest';
 import type { GetPolicyListResponse } from '../../policy/types';
-import type {
-  AgentIdsPendingActions,
-  EndpointState,
-  PolicyIds,
-  TransformStats,
-  TransformStatsResponse,
-} from '../types';
+import type { EndpointState, PolicyIds, TransformStats, TransformStatsResponse } from '../types';
 import type { EndpointPackageInfoStateChanged } from './action';
 import {
   endpointPackageInfo,
@@ -62,7 +55,6 @@ import {
   getMetadataTransformStats,
   isMetadataTransformStatsLoading,
   isOnEndpointPage,
-  listData,
   nonExistingPolicies,
   patterns,
   searchBarQuery,
@@ -301,47 +293,6 @@ async function getEndpointPackageInfo(
   }
 }
 
-/**
- * retrieves the Endpoint pending actions for all the existing endpoints being displayed on the list
- * or the details tab.
- *
- * @param store
- */
-const loadEndpointsPendingActions = async ({
-  getState,
-  dispatch,
-}: EndpointPageStore): Promise<void> => {
-  const state = getState();
-  const listEndpoints = listData(state);
-  const agentsIds = new Set<string>();
-
-  for (const endpointInfo of listEndpoints) {
-    agentsIds.add(endpointInfo.metadata.elastic.agent.id);
-  }
-
-  if (agentsIds.size === 0) {
-    return;
-  }
-
-  try {
-    const { data: pendingActions } = await fetchPendingActionsByAgentId(Array.from(agentsIds));
-    const agentIdToPendingActions: AgentIdsPendingActions = new Map();
-
-    for (const pendingAction of pendingActions) {
-      agentIdToPendingActions.set(pendingAction.agent_id, pendingAction.pending_actions);
-    }
-
-    dispatch({
-      type: 'endpointPendingActionsStateChanged',
-      payload: createLoadedResourceState(agentIdToPendingActions),
-    });
-  } catch (error) {
-    // TODO should handle the error instead of logging it to the browser
-    // Also this is an anti-pattern we shouldn't use
-    logError(error);
-  }
-};
-
 async function endpointListMiddleware({
   store,
   coreStart,
@@ -380,8 +331,6 @@ async function endpointListMiddleware({
       payload: endpointResponse,
     });
 
-    loadEndpointsPendingActions(store);
-
     dispatchIngestPolicies({ http: coreStart.http, hosts: endpointResponse.data, store });
   } catch (error) {
     dispatch({
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
index dab1961ac0e8e..806f66654ca6d 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
@@ -5,11 +5,7 @@
  * 2.0.
  */
 
-import type {
-  EndpointPackageInfoStateChanged,
-  EndpointPendingActionsStateChanged,
-  MetadataTransformStatsChanged,
-} from './action';
+import type { EndpointPackageInfoStateChanged, MetadataTransformStatsChanged } from './action';
 import {
   getCurrentIsolationRequestState,
   hasSelectedEndpoint,
@@ -29,19 +25,6 @@ type CaseReducer<T extends AppAction> = (
   action: Immutable<T>
 ) => Immutable<EndpointState>;
 
-const handleEndpointPendingActionsStateChanged: CaseReducer<EndpointPendingActionsStateChanged> = (
-  state,
-  action
-) => {
-  if (isOnEndpointPage(state)) {
-    return {
-      ...state,
-      endpointPendingActions: action.payload,
-    };
-  }
-  return state;
-};
-
 const handleEndpointPackageInfoStateChanged: CaseReducer<EndpointPackageInfoStateChanged> = (
   state,
   action
@@ -109,8 +92,6 @@ export const endpointListReducer: StateReducer = (state = initialEndpointPageSta
       ...state,
       patternsError: action.payload,
     };
-  } else if (action.type === 'endpointPendingActionsStateChanged') {
-    return handleEndpointPendingActionsStateChanged(state, action);
   } else if (action.type === 'serverReturnedPoliciesForOnboarding') {
     return {
       ...state,
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
index 612c7f770dffa..bd8cff1495be9 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
@@ -11,11 +11,7 @@ import { createSelector } from 'reselect';
 import { matchPath } from 'react-router-dom';
 import { decode } from '@kbn/rison';
 import type { Query } from '@kbn/es-query';
-import type {
-  EndpointPendingActions,
-  EndpointSortableField,
-  Immutable,
-} from '../../../../../common/endpoint/types';
+import type { EndpointSortableField, Immutable } from '../../../../../common/endpoint/types';
 import type { EndpointIndexUIQueryParams, EndpointState } from '../types';
 import { extractListPaginationParams } from '../../../common/routing';
 import {
@@ -31,7 +27,6 @@ import {
 } from '../../../state';
 
 import type { ServerApiError } from '../../../../common/types';
-import { EndpointDetailsTabsTypes } from '../view/details/components/endpoint_details_tabs';
 
 export const listData = (state: Immutable<EndpointState>) => state.hosts;
 
@@ -234,17 +229,6 @@ export const getIsolationRequestError: (
   }
 });
 
-export const getIsOnEndpointDetailsActivityLog: (state: Immutable<EndpointState>) => boolean =
-  createSelector(uiQueryParams, (searchParams) => {
-    return searchParams.show === EndpointDetailsTabsTypes.activityLog;
-  });
-
-export const getEndpointPendingActionsState = (
-  state: Immutable<EndpointState>
-): Immutable<EndpointState['endpointPendingActions']> => {
-  return state.endpointPendingActions;
-};
-
 export const getMetadataTransformStats = (state: Immutable<EndpointState>) =>
   state.metadataTransformStats;
 
@@ -253,24 +237,3 @@ export const metadataTransformStats = (state: Immutable<EndpointState>) =>
 
 export const isMetadataTransformStatsLoading = (state: Immutable<EndpointState>) =>
   isLoadingResourceState(state.metadataTransformStats);
-
-/**
- * Returns a function (callback) that can be used to retrieve the list of pending actions against
- * an endpoint currently displayed in the endpoint list
- */
-export const getEndpointPendingActionsCallback: (
-  state: Immutable<EndpointState>
-) => (endpointId: string) => EndpointPendingActions['pending_actions'] = createSelector(
-  getEndpointPendingActionsState,
-  (pendingActionsState) => {
-    return (endpointId: string) => {
-      let response: EndpointPendingActions['pending_actions'] = {};
-
-      if (isLoadedResourceState(pendingActionsState)) {
-        response = pendingActionsState.data.get(endpointId) ?? {};
-      }
-
-      return response;
-    };
-  }
-);
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
index dddccede82536..37e01860d262a 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
@@ -71,12 +71,6 @@ export interface EndpointState {
   endpointsTotalError?: ServerApiError;
   /** Host isolation request state for a single endpoint */
   isolationRequestState: AsyncResourceState<ResponseActionApiResponse>;
-  /**
-   * Holds a map of `agentId` to `EndpointPendingActions` that is used by both the list and details view
-   * Getting pending endpoint actions is "supplemental" data, so there is no need to show other Async
-   * states other than Loaded
-   */
-  endpointPendingActions: AsyncResourceState<AgentIdsPendingActions>;
   // Metadata transform stats to checking transform state
   metadataTransformStats: AsyncResourceState<TransformStats[]>;
   isInitialized: boolean;
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/out_of_date.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/out_of_date.tsx
deleted file mode 100644
index 87abd4bbb9225..0000000000000
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/out_of_date.tsx
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React from 'react';
-import { EuiText, EuiIcon } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
-
-export const OutOfDate = React.memo<{ style?: React.CSSProperties }>(({ style, ...otherProps }) => {
-  return (
-    <EuiText
-      color="subdued"
-      size="xs"
-      className="eui-textNoWrap eui-displayInlineBlock"
-      style={style}
-      {...otherProps}
-    >
-      <EuiIcon className={'eui-alignTop'} size="m" type="warning" color="warning" />
-      <FormattedMessage id="xpack.securitySolution.outOfDateLabel" defaultMessage="Out-of-date" />
-    </EuiText>
-  );
-});
-
-OutOfDate.displayName = 'OutOfDate';
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx
index 0140cba0780ed..454b85ad32238 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import styled from 'styled-components';
 import {
   EuiDescriptionList,
   EuiFlexGroup,
@@ -17,31 +16,16 @@ import {
 } from '@elastic/eui';
 import React, { memo, useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
-import {
-  AgentStatus,
-  EndpointAgentStatus,
-} from '../../../../../common/components/endpoint/agents/agent_status';
 import { isPolicyOutOfDate } from '../../utils';
+import { AgentStatus } from '../../../../../common/components/endpoint/agents/agent_status';
 import type { HostInfo } from '../../../../../../common/endpoint/types';
 import { useEndpointSelector } from '../hooks';
-import {
-  getEndpointPendingActionsCallback,
-  nonExistingPolicies,
-  uiQueryParams,
-} from '../../store/selectors';
+import { nonExistingPolicies, uiQueryParams } from '../../store/selectors';
 import { POLICY_STATUS_TO_BADGE_COLOR } from '../host_constants';
 import { FormattedDate } from '../../../../../common/components/formatted_date';
 import { useNavigateByRouterEventHandler } from '../../../../../common/hooks/endpoint/use_navigate_by_router_event_handler';
 import { getEndpointDetailsPath } from '../../../../common/routing';
 import { EndpointPolicyLink } from '../../../../components/endpoint_policy_link';
-import { OutOfDate } from '../components/out_of_date';
-
-const EndpointDetailsContentStyled = styled.div`
-  .policyLineText {
-    padding-right: 5px;
-  }
-`;
 
 const ColumnTitle = ({ children }: { children: React.ReactNode }) => {
   return (
@@ -58,13 +42,11 @@ interface EndpointDetailsContentProps {
 
 export const EndpointDetailsContent = memo<EndpointDetailsContentProps>(
   ({ hostInfo, policyInfo }) => {
-    const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
     const queryParams = useEndpointSelector(uiQueryParams);
     const policyStatus = useMemo(
       () => hostInfo.metadata.Endpoint.policy.applied.status,
       [hostInfo]
     );
-    const getHostPendingActions = useEndpointSelector(getEndpointPendingActionsCallback);
     const missingPolicies = useEndpointSelector(nonExistingPolicies);
 
     const policyResponseRoutePath = useMemo(() => {
@@ -100,15 +82,7 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>(
               />
             </ColumnTitle>
           ),
-          // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed
-          description: agentStatusClientEnabled ? (
-            <AgentStatus agentId={hostInfo.metadata.agent.id} agentType="endpoint" />
-          ) : (
-            <EndpointAgentStatus
-              pendingActions={getHostPendingActions(hostInfo.metadata.agent.id)}
-              endpointHostInfo={hostInfo}
-            />
-          ),
+          description: <AgentStatus agentId={hostInfo.metadata.agent.id} agentType="endpoint" />,
         },
         {
           title: (
@@ -138,35 +112,15 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>(
             </ColumnTitle>
           ),
           description: (
-            <EuiText size="xs" className={'eui-textBreakWord'}>
-              <EndpointPolicyLink
-                policyId={hostInfo.metadata.Endpoint.policy.applied.id}
-                data-test-subj="policyDetailsValue"
-                className={'policyLineText'}
-                missingPolicies={missingPolicies}
-              >
-                {hostInfo.metadata.Endpoint.policy.applied.name}
-              </EndpointPolicyLink>
-              {hostInfo.metadata.Endpoint.policy.applied.endpoint_policy_version && (
-                <EuiText
-                  color="subdued"
-                  size="xs"
-                  className={'eui-displayInlineBlock eui-textNoWrap policyLineText'}
-                  data-test-subj="policyDetailsRevNo"
-                >
-                  <FormattedMessage
-                    id="xpack.securitySolution.endpoint.details.policy.revisionNumber"
-                    defaultMessage="rev. {revNumber}"
-                    values={{
-                      revNumber: hostInfo.metadata.Endpoint.policy.applied.endpoint_policy_version,
-                    }}
-                  />
-                </EuiText>
-              )}
-              {isPolicyOutOfDate(hostInfo.metadata.Endpoint.policy.applied, policyInfo) && (
-                <OutOfDate />
-              )}
-            </EuiText>
+            <EndpointPolicyLink
+              policyId={hostInfo.metadata.Endpoint.policy.applied.id}
+              revision={hostInfo.metadata.Endpoint.policy.applied.endpoint_policy_version}
+              isOutdated={isPolicyOutOfDate(hostInfo.metadata.Endpoint.policy.applied, policyInfo)}
+              policyExists={!missingPolicies[hostInfo.metadata.Endpoint.policy.applied.id]}
+              data-test-subj="policyDetailsValue"
+            >
+              {hostInfo.metadata.Endpoint.policy.applied.name}
+            </EndpointPolicyLink>
           ),
         },
         {
@@ -226,18 +180,10 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>(
           ),
         },
       ];
-    }, [
-      agentStatusClientEnabled,
-      hostInfo,
-      getHostPendingActions,
-      missingPolicies,
-      policyInfo,
-      policyStatus,
-      policyStatusClickHandler,
-    ]);
+    }, [hostInfo, policyInfo, missingPolicies, policyStatus, policyStatusClickHandler]);
 
     return (
-      <EndpointDetailsContentStyled>
+      <div>
         <EuiSpacer size="s" />
         <EuiDescriptionList
           columnWidths={[1, 3]}
@@ -247,7 +193,7 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>(
           listItems={detailsResults}
           data-test-subj="endpointDetailsList"
         />
-      </EndpointDetailsContentStyled>
+      </div>
     );
   }
 );
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
index ceb9f1ce10e86..0d3fd2004b1c8 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
@@ -55,6 +55,8 @@ import { getUserPrivilegesMockDefaultValue } from '../../../../common/components
 import { ENDPOINT_CAPABILITIES } from '../../../../../common/endpoint/service/response_actions/constants';
 import { getEndpointPrivilegesInitialStateMock } from '../../../../common/components/user_privileges/endpoint/mocks';
 import { useGetEndpointDetails } from '../../../hooks/endpoint/use_get_endpoint_details';
+import { useGetAgentStatus as _useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status';
+import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
 
 const mockUserPrivileges = useUserPrivileges as jest.Mock;
 // not sure why this can't be imported from '../../../../common/mock/formatted_relative';
@@ -80,6 +82,9 @@ jest.mock('../../../services/policies/ingest', () => {
   };
 });
 
+jest.mock('../../../hooks/agents/use_get_agent_status');
+const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock;
+
 const mockUseUiSetting$ = useUiSetting$ as jest.Mock;
 const timepickerRanges = [
   {
@@ -325,6 +330,18 @@ describe('when on the endpoint list page', () => {
             endpointsResults: hostListData,
             endpointPackagePolicies: ingestPackagePolicies,
           });
+
+          useGetAgentStatusMock.mockImplementation((agentId, agentType) => {
+            return {
+              data: {
+                [agentId]: agentStatusMocks.generateAgentStatus({
+                  agentType,
+                }),
+              },
+              isLoading: false,
+              isFetched: true,
+            };
+          });
         });
       });
       afterEach(() => {
@@ -347,18 +364,19 @@ describe('when on the endpoint list page', () => {
         const total = await renderResult.findByTestId('endpointListTableTotal');
         expect(total.textContent).toEqual('Showing 5 endpoints');
       });
-      it('should display correct status', async () => {
+      it('should agent status', async () => {
         const renderResult = render();
         await reactTestingLibrary.act(async () => {
           await middlewareSpy.waitForAction('serverReturnedEndpointList');
         });
+
         const hostStatuses = await renderResult.findAllByTestId('rowHostStatus');
 
-        expect(hostStatuses[0].textContent).toEqual('Unhealthy');
+        expect(hostStatuses[0].textContent).toEqual('Healthy');
         expect(hostStatuses[1].textContent).toEqual('Healthy');
-        expect(hostStatuses[2].textContent).toEqual('Offline');
-        expect(hostStatuses[3].textContent).toEqual('Updating');
-        expect(hostStatuses[4].textContent).toEqual('Inactive');
+        expect(hostStatuses[2].textContent).toEqual('Healthy');
+        expect(hostStatuses[3].textContent).toEqual('Healthy');
+        expect(hostStatuses[4].textContent).toEqual('Healthy');
       });
 
       it('should display correct policy status', async () => {
@@ -385,12 +403,11 @@ describe('when on the endpoint list page', () => {
         await reactTestingLibrary.act(async () => {
           await middlewareSpy.waitForAction('serverReturnedEndpointList');
         });
-        const outOfDates = await renderResult.findAllByTestId('rowPolicyOutOfDate');
+        const outOfDates = await renderResult.findAllByTestId('policyNameCellLink-outdatedMsg');
         expect(outOfDates).toHaveLength(4);
 
         outOfDates.forEach((item) => {
           expect(item.textContent).toEqual('Out-of-date');
-          expect(item.querySelector(`[data-euiicon-type][color=warning]`)).not.toBeNull();
         });
       });
 
@@ -399,7 +416,7 @@ describe('when on the endpoint list page', () => {
         await reactTestingLibrary.act(async () => {
           await middlewareSpy.waitForAction('serverReturnedEndpointList');
         });
-        const firstPolicyName = (await renderResult.findAllByTestId('policyNameCellLink'))[0];
+        const firstPolicyName = (await renderResult.findAllByTestId('policyNameCellLink-link'))[0];
         expect(firstPolicyName).not.toBeNull();
         expect(firstPolicyName.getAttribute('href')).toEqual(
           `${APP_PATH}${MANAGEMENT_PATH}/policy/${firstPolicyID}/settings`
@@ -452,7 +469,9 @@ describe('when on the endpoint list page', () => {
         await reactTestingLibrary.act(async () => {
           await middlewareSpy.waitForAction('serverReturnedEndpointList');
         });
-        const firstPolicyRevElement = (await renderResult.findAllByTestId('policyListRevNo'))[0];
+        const firstPolicyRevElement = (
+          await renderResult.findAllByTestId('policyNameCellLink-revision')
+        )[0];
         expect(firstPolicyRevElement).not.toBeNull();
         expect(firstPolicyRevElement.textContent).toEqual(`rev. ${firstPolicyRev}`);
       });
@@ -589,7 +608,7 @@ describe('when on the endpoint list page', () => {
 
     it('should display policy name value as a link', async () => {
       const renderResult = render();
-      const policyDetailsLink = await renderResult.findByTestId('policyDetailsValue');
+      const policyDetailsLink = await renderResult.findByTestId('policyNameCellLink-link');
       expect(policyDetailsLink).not.toBeNull();
       expect(policyDetailsLink.getAttribute('href')).toEqual(
         `${APP_PATH}${MANAGEMENT_PATH}/policy/${hostInfo.metadata.Endpoint.policy.applied.id}/settings`
@@ -598,7 +617,9 @@ describe('when on the endpoint list page', () => {
 
     it('should display policy revision number', async () => {
       const renderResult = render();
-      const policyDetailsRevElement = await renderResult.findByTestId('policyDetailsRevNo');
+      const policyDetailsRevElement = await renderResult.findByTestId(
+        'policyNameCellLink-revision'
+      );
       expect(policyDetailsRevElement).not.toBeNull();
       expect(policyDetailsRevElement.textContent).toEqual(
         `rev. ${hostInfo.metadata.Endpoint.policy.applied.endpoint_policy_version}`
@@ -607,7 +628,7 @@ describe('when on the endpoint list page', () => {
 
     it('should update the URL when policy name link is clicked', async () => {
       const renderResult = render();
-      const policyDetailsLink = await renderResult.findByTestId('policyDetailsValue');
+      const policyDetailsLink = await renderResult.findByTestId('policyNameCellLink-link');
       const userChangedUrlChecker = middlewareSpy.waitForAction('userChangedUrl');
       reactTestingLibrary.act(() => {
         reactTestingLibrary.fireEvent.click(policyDetailsLink);
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
index 89473ece661a3..3c0d08821f6e7 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { type CSSProperties, useCallback, useMemo } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
 import type { CriteriaWithPagination } from '@elastic/eui';
 import {
@@ -32,22 +32,20 @@ import type {
   AgentPolicyDetailsDeployAgentAction,
   CreatePackagePolicyRouteState,
 } from '@kbn/fleet-plugin/public';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { isPolicyOutOfDate } from '../utils';
+import { useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status';
 import { TransformFailedCallout } from './components/transform_failed_callout';
 import type { EndpointIndexUIQueryParams } from '../types';
 import { EndpointListNavLink } from './components/endpoint_list_nav_link';
-import {
-  AgentStatus,
-  EndpointAgentStatus,
-} from '../../../../common/components/endpoint/agents/agent_status';
+import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
 import { EndpointDetailsFlyout } from './details';
 import * as selectors from '../store/selectors';
-import { getEndpointPendingActionsCallback } from '../store/selectors';
+import { nonExistingPolicies } from '../store/selectors';
 import { useEndpointSelector } from './hooks';
-import { isPolicyOutOfDate } from '../utils';
 import { POLICY_STATUS_TO_HEALTH_COLOR, POLICY_STATUS_TO_TEXT } from './host_constants';
 import type { CreateStructuredSelector } from '../../../../common/store';
 import type {
+  AgentStatusRecords,
   HostInfo,
   HostInfoInterface,
   Immutable,
@@ -64,7 +62,6 @@ import { getEndpointDetailsPath, getEndpointListPath } from '../../../common/rou
 import { useFormatUrl } from '../../../../common/components/link_to';
 import { useAppUrl } from '../../../../common/lib/kibana/hooks';
 import type { EndpointAction } from '../store/action';
-import { OutOfDate } from './components/out_of_date';
 import { AdminSearchBar } from './components/search_bar';
 import { AdministrationListPage } from '../../../components/administration_list_page';
 import { TableRowActions } from './components/table_row_actions';
@@ -82,13 +79,12 @@ const StyledDatePicker = styled.div`
 `;
 
 interface GetEndpointListColumnsProps {
-  agentStatusClientEnabled: boolean;
-  canReadPolicyManagement: boolean;
+  missingPolicies: ReturnType<typeof nonExistingPolicies>;
   backToEndpointList: PolicyDetailsRouteState['backLink'];
-  getHostPendingActions: ReturnType<typeof getEndpointPendingActionsCallback>;
   queryParams: Immutable<EndpointIndexUIQueryParams>;
   search: string;
   getAppUrl: ReturnType<typeof useAppUrl>['getAppUrl'];
+  agentStatusRecords: AgentStatusRecords;
 }
 
 const columnWidths: Record<
@@ -107,18 +103,16 @@ const columnWidths: Record<
 };
 
 const getEndpointListColumns = ({
-  agentStatusClientEnabled,
-  canReadPolicyManagement,
+  missingPolicies,
   backToEndpointList,
-  getHostPendingActions,
   queryParams,
   search,
   getAppUrl,
+  agentStatusRecords,
 }: GetEndpointListColumnsProps): Array<EuiBasicTableColumn<Immutable<HostInfo>>> => {
   const lastActiveColumnName = i18n.translate('xpack.securitySolution.endpoint.list.lastActive', {
     defaultMessage: 'Last active',
   });
-  const padLeft: CSSProperties = { paddingLeft: '6px' };
 
   return [
     {
@@ -158,13 +152,10 @@ const getEndpointListColumns = ({
       }),
       sortable: true,
       render: (hostStatus: HostInfo['host_status'], endpointInfo) => {
-        // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed
-        return agentStatusClientEnabled ? (
-          <AgentStatus agentId={endpointInfo.metadata.agent.id} agentType="endpoint" />
-        ) : (
-          <EndpointAgentStatus
-            endpointHostInfo={endpointInfo}
-            pendingActions={getHostPendingActions(endpointInfo.metadata.agent.id)}
+        return (
+          <AgentStatus
+            statusInfo={agentStatusRecords[endpointInfo.metadata.agent.id]}
+            agentType="endpoint"
             data-test-subj="rowHostStatus"
           />
         );
@@ -183,42 +174,17 @@ const getEndpointListColumns = ({
         item: HostInfo
       ) => {
         const policy = item.metadata.Endpoint.policy.applied;
-
         return (
-          <>
-            <EuiToolTip content={policyName} anchorClassName="eui-textTruncate">
-              {canReadPolicyManagement ? (
-                <EndpointPolicyLink
-                  policyId={policy.id}
-                  className="eui-textTruncate"
-                  data-test-subj="policyNameCellLink"
-                  backLink={backToEndpointList}
-                >
-                  {policyName}
-                </EndpointPolicyLink>
-              ) : (
-                <>{policyName}</>
-              )}
-            </EuiToolTip>
-            {policy.endpoint_policy_version && (
-              <EuiText
-                color="subdued"
-                size="xs"
-                style={{ whiteSpace: 'nowrap', ...padLeft }}
-                className="eui-textTruncate"
-                data-test-subj="policyListRevNo"
-              >
-                <FormattedMessage
-                  id="xpack.securitySolution.endpoint.list.policy.revisionNumber"
-                  defaultMessage="rev. {revNumber}"
-                  values={{ revNumber: policy.endpoint_policy_version }}
-                />
-              </EuiText>
-            )}
-            {isPolicyOutOfDate(policy, item.policy_info) && (
-              <OutOfDate style={padLeft} data-test-subj="rowPolicyOutOfDate" />
-            )}
-          </>
+          <EndpointPolicyLink
+            policyId={policy.id}
+            revision={policy.endpoint_policy_version}
+            isOutdated={isPolicyOutOfDate(policy, item.policy_info)}
+            policyExists={!missingPolicies[policy.id]}
+            data-test-subj="policyNameCellLink"
+            backLink={backToEndpointList}
+          >
+            {policyName}
+          </EndpointPolicyLink>
         );
       },
     },
@@ -350,8 +316,6 @@ const stateHandleDeployEndpointsClick: AgentPolicyDetailsDeployAgentAction = {
 };
 
 export const EndpointList = () => {
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
-
   const history = useHistory();
   const {
     listData,
@@ -375,11 +339,10 @@ export const EndpointList = () => {
     metadataTransformStats,
     isInitialized,
   } = useEndpointSelector(selector);
-  const getHostPendingActions = useEndpointSelector(getEndpointPendingActionsCallback);
+  const missingPolicies = useEndpointSelector(nonExistingPolicies);
   const {
     canReadEndpointList,
     canAccessFleet,
-    canReadPolicyManagement,
     loading: endpointPrivilegesLoading,
   } = useUserPrivileges().endpointPrivileges;
   const { search } = useFormatUrl(SecurityPageName.administration);
@@ -536,26 +499,23 @@ export const EndpointList = () => {
     };
   }, []);
 
+  const { data: agentStatusRecords } = useGetAgentStatus(
+    listData.map((rowItem) => rowItem.metadata.agent.id),
+    'endpoint',
+    { enabled: hasListData }
+  );
+
   const columns = useMemo(
     () =>
       getEndpointListColumns({
-        agentStatusClientEnabled,
-        canReadPolicyManagement,
         backToEndpointList,
         getAppUrl,
-        getHostPendingActions,
+        missingPolicies,
         queryParams,
         search,
+        agentStatusRecords: agentStatusRecords ?? {},
       }),
-    [
-      agentStatusClientEnabled,
-      backToEndpointList,
-      canReadPolicyManagement,
-      getAppUrl,
-      getHostPendingActions,
-      queryParams,
-      search,
-    ]
+    [agentStatusRecords, backToEndpointList, getAppUrl, missingPolicies, queryParams, search]
   );
 
   const sorting = useMemo(
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
index ca5375e61d70b..05ea215f65c50 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@@ -662,6 +662,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.kernel.network_report_loopback',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.network_report_loopback',
+      {
+        defaultMessage:
+          'Controls whether the kernel reports loopback network events. Default: true.',
+      }
+    ),
+  },
   {
     key: 'windows.advanced.kernel.fileopen',
     first_supported_version: '7.9',
@@ -1274,6 +1285,72 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.events.process_ancestry_length',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.process_ancestry_length',
+      {
+        defaultMessage:
+          'Maximum number of process ancestry entries to include in process events. Default: 5',
+      }
+    ),
+  },
+  {
+    key: 'mac.advanced.events.process_ancestry_length',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.process_ancestry_length',
+      {
+        defaultMessage:
+          'Maximum number of process ancestry entries to include in process events. Default: 5',
+      }
+    ),
+  },
+  {
+    key: 'linux.advanced.events.process_ancestry_length',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.process_ancestry_length',
+      {
+        defaultMessage:
+          'Maximum number of process ancestry entries to include in process events. Default: 5',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.events.ancestry_in_all_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.ancestry_in_all_events',
+      {
+        defaultMessage:
+          'Include ancestor process entity IDs in all event types, by default it is only included in alerts and process events. Default: false',
+      }
+    ),
+  },
+  {
+    key: 'mac.advanced.events.ancestry_in_all_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.ancestry_in_all_events',
+      {
+        defaultMessage:
+          'Include ancestor process entity IDs in all event types, by default it is only included in alerts and process events. Default: false',
+      }
+    ),
+  },
+  {
+    key: 'linux.advanced.events.ancestry_in_all_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.ancestry_in_all_events',
+      {
+        defaultMessage:
+          'Include ancestor process entity IDs in all event types, by default it is only included in alerts and process events. Default: false',
+      }
+    ),
+  },
   {
     key: 'windows.advanced.artifacts.global.proxy_url',
     first_supported_version: '8.8',
@@ -1768,4 +1845,67 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'mac.advanced.events.deduplicate_network_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.deduplicate_network_events',
+      {
+        defaultMessage: "A value of 'false' disables network events deduplication. Default: true",
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.events.deduplicate_network_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.deduplicate_network_events',
+      {
+        defaultMessage: "A value of 'false' disables network events deduplication. Default: true",
+      }
+    ),
+  },
+  {
+    key: 'linux.advanced.events.deduplicate_network_events',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.deduplicate_network_events',
+      {
+        defaultMessage: "A value of 'false' disables network events deduplication. Default: true",
+      }
+    ),
+  },
+  {
+    key: 'mac.advanced.events.deduplicate_network_events_below_bytes',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.deduplicate_network_events_below_bytes',
+      {
+        defaultMessage:
+          "Deduplication transfer threshold in bytes. Events exceeding the transfer will not be deduplicated. A value '0' means disabled. Default: 1048576 (1MB)",
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.events.deduplicate_network_events_below_bytes',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.deduplicate_network_events_below_bytes',
+      {
+        defaultMessage:
+          "Deduplication transfer threshold in bytes. Events exceeding the transfer will not be deduplicated. A value '0' means disabled. Default: 1048576 (1MB)",
+      }
+    ),
+  },
+  {
+    key: 'linux.advanced.events.deduplicate_network_events_below_bytes',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.deduplicate_network_events_below_bytes',
+      {
+        defaultMessage:
+          "Deduplication transfer threshold in bytes. Events exceeding the transfer will not be deduplicated. A value '0' means disabled. Default: 1048576 (1MB)",
+      }
+    ),
+  },
 ];
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
index 3511b61be97c9..57154ea39a3d5 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
@@ -279,6 +279,7 @@ describe('policy details: ', () => {
                     cluster_name: '',
                     cluster_uuid: '',
                     serverless: false,
+                    billable: false,
                   },
                   windows: {
                     events: {
@@ -324,8 +325,8 @@ describe('policy details: ', () => {
                     },
                     logging: { file: 'info' },
                     antivirus_registration: {
-                      enabled: false,
-                      mode: 'disabled',
+                      enabled: true,
+                      mode: 'sync_with_malware_prevent',
                     },
                   },
                   mac: {
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx
index 7d29148aeccb6..b9e563ec7e6e1 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx
@@ -41,7 +41,7 @@ describe('Policy Form Antivirus Registration Card', () => {
     getRadioButton = (testSubject) => renderResult.getByTestId(testSubject).querySelector('input')!;
   });
 
-  it('should render in edit mode', () => {
+  it('should render in edit mode with default value selected', () => {
     render();
 
     expect(renderResult.getByTestId(antivirusTestSubj.radioButtons)).toBeTruthy();
@@ -49,6 +49,10 @@ describe('Policy Form Antivirus Registration Card', () => {
     expect(getRadioButton(antivirusTestSubj.disabledRadioButton)).not.toHaveAttribute('disabled');
     expect(getRadioButton(antivirusTestSubj.enabledRadioButton)).not.toHaveAttribute('disabled');
     expect(getRadioButton(antivirusTestSubj.syncRadioButton)).not.toHaveAttribute('disabled');
+
+    expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(false);
+    expect(getRadioButton(antivirusTestSubj.enabledRadioButton).checked).toBe(false);
+    expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(true);
   });
 
   it('should check `disabled` radio button if `antivirus_registration.mode` is disabled', () => {
@@ -144,9 +148,9 @@ describe('Policy Form Antivirus Registration Card', () => {
       render();
 
       expectIsViewOnly(renderResult.getByTestId(antivirusTestSubj.card));
-      expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(true);
+      expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(false);
       expect(getRadioButton(antivirusTestSubj.enabledRadioButton).checked).toBe(false);
-      expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(false);
+      expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(true);
     });
 
     it('should render in view mode (option enabled)', () => {
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx
index db1074f031953..bdaeb561e6c5f 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx
@@ -74,7 +74,7 @@ describe('Policy Malware Protections Card', () => {
     (feature: { name: 'blocklist' | 'onWriteScan'; config: string; deafult: boolean }) => {
       it(`should set ${feature.name} to disabled  if malware is turned off`, () => {
         const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-        setMalwareMode(expectedUpdatedPolicy, true);
+        setMalwareMode({ policy: expectedUpdatedPolicy, turnOff: true });
         render();
         userEvent.click(renderResult.getByTestId(testSubj.enableDisableSwitch));
 
@@ -86,9 +86,9 @@ describe('Policy Malware Protections Card', () => {
 
       it(`should set ${feature.name} to enabled if malware is turned on`, () => {
         const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-        setMalwareMode(expectedUpdatedPolicy);
+        setMalwareMode({ policy: expectedUpdatedPolicy });
         const initialPolicy = cloneDeep(formProps.policy);
-        setMalwareMode(initialPolicy, true);
+        setMalwareMode({ policy: initialPolicy, turnOff: true });
         render(initialPolicy);
 
         userEvent.click(renderResult.getByTestId(testSubj.enableDisableSwitch));
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx
index 1c57d6d20163b..ab1b88a64d105 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx
@@ -69,7 +69,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
 
   it('should be able to disable it', () => {
     const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-    setMalwareMode(expectedUpdatedPolicy, true, true, false);
+    setMalwareMode({
+      policy: expectedUpdatedPolicy,
+      turnOff: true,
+      includeSubfeatures: false,
+    });
     render();
     userEvent.click(renderResult.getByTestId('test'));
 
@@ -80,9 +84,17 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
   });
 
   it('should be able to enable it', () => {
-    setMalwareMode(formProps.policy, true, true, false);
+    setMalwareMode({
+      policy: formProps.policy,
+      turnOff: true,
+      includeSubfeatures: false,
+    });
     const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-    setMalwareMode(expectedUpdatedPolicy, false, true, false);
+    setMalwareMode({
+      policy: expectedUpdatedPolicy,
+      turnOff: false,
+      includeSubfeatures: false,
+    });
     render();
     userEvent.click(renderResult.getByTestId('test'));
 
@@ -100,7 +112,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
     });
 
     const expectedPolicyDataBeforeAdditionalCallback = cloneDeep(formProps.policy);
-    setMalwareMode(expectedPolicyDataBeforeAdditionalCallback, true, true, false);
+    setMalwareMode({
+      policy: expectedPolicyDataBeforeAdditionalCallback,
+      turnOff: true,
+      includeSubfeatures: false,
+    });
 
     const expectedUpdatedPolicy = cloneDeep(expectedPolicyDataBeforeAdditionalCallback);
     expectedUpdatedPolicy.windows.popup.malware.message = 'foo';
@@ -134,7 +150,12 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
 
     it('should NOT update notification settings when disabling', () => {
       const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-      setMalwareMode(expectedUpdatedPolicy, true, false, false);
+      setMalwareMode({
+        policy: expectedUpdatedPolicy,
+        turnOff: true,
+        includePopup: false,
+        includeSubfeatures: false,
+      });
       render();
       userEvent.click(renderResult.getByTestId('test'));
 
@@ -146,7 +167,12 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
 
     it('should NOT update notification settings when enabling', () => {
       const expectedUpdatedPolicy = cloneDeep(formProps.policy);
-      setMalwareMode(formProps.policy, true, false, false);
+      setMalwareMode({
+        policy: formProps.policy,
+        turnOff: true,
+        includePopup: false,
+        includeSubfeatures: false,
+      });
       render();
       userEvent.click(renderResult.getByTestId('test'));
 
@@ -176,7 +202,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => {
     });
 
     it('should show option when unchecked', () => {
-      setMalwareMode(formProps.policy, true, true, false);
+      setMalwareMode({
+        policy: formProps.policy,
+        turnOff: true,
+        includeSubfeatures: false,
+      });
       render();
 
       expect(renderResult.getByTestId('test-label')).toHaveTextContent(exactMatchText('Malware'));
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts
index c2af340726de8..b2ef180dd4bfd 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts
@@ -201,13 +201,21 @@ export const exactMatchText = (text: string): RegExp => {
  * @param turnOff
  * @param includePopup
  * @param includeSubfeatures
+ * @param includeAntivirus
  */
-export const setMalwareMode = (
-  policy: PolicyConfig,
-  turnOff: boolean = false,
-  includePopup: boolean = true,
-  includeSubfeatures: boolean = true
-) => {
+export const setMalwareMode = ({
+  policy,
+  turnOff = false,
+  includePopup = true,
+  includeSubfeatures = true,
+  includeAntivirus = false,
+}: {
+  policy: PolicyConfig;
+  turnOff?: boolean;
+  includePopup?: boolean;
+  includeSubfeatures?: boolean;
+  includeAntivirus?: boolean;
+}) => {
   const mode = turnOff ? ProtectionModes.off : ProtectionModes.prevent;
   const enableValue = mode !== ProtectionModes.off;
 
@@ -215,6 +223,10 @@ export const setMalwareMode = (
   set(policy, 'mac.malware.mode', mode);
   set(policy, 'linux.malware.mode', mode);
 
+  if (includeAntivirus) {
+    set(policy, 'windows.antivirus_registration.enabled', !turnOff);
+  }
+
   if (includePopup) {
     set(policy, 'windows.popup.malware.enabled', enableValue);
     set(policy, 'mac.popup.malware.enabled', enableValue);
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx
index 76928a8de4179..9607e5949d9a0 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx
@@ -119,13 +119,13 @@ describe('Endpoint Policy Settings Form', () => {
       describe('changing malware when antivirus registration is synced with malware', () => {
         it('should enable antivirus registration when malware is enabled', () => {
           setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.sync, false);
-          setMalwareMode(formProps.policy, true);
+          setMalwareMode({ policy: formProps.policy, turnOff: true });
           render();
 
           userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch));
 
           const expectedPolicy = cloneDeep(formProps.policy);
-          setMalwareMode(expectedPolicy);
+          setMalwareMode({ policy: expectedPolicy });
           setAntivirusRegistration(expectedPolicy, AntivirusRegistrationModes.sync, true);
           expectOnChangeToBeCalledWith(expectedPolicy);
         });
@@ -137,14 +137,14 @@ describe('Endpoint Policy Settings Form', () => {
           userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch));
 
           const expectedPolicy = cloneDeep(formProps.policy);
-          setMalwareMode(expectedPolicy, true);
+          setMalwareMode({ policy: expectedPolicy, turnOff: true });
           setAntivirusRegistration(expectedPolicy, AntivirusRegistrationModes.sync, false);
           expectOnChangeToBeCalledWith(expectedPolicy);
         });
 
         it('should disable antivirus registration when malware is set to detect only', () => {
           setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.sync, true);
-          setMalwareMode(formProps.policy);
+          setMalwareMode({ policy: formProps.policy });
           render();
 
           clickOnRadio(testSubj.malware.protectionDetectRadio);
@@ -159,13 +159,13 @@ describe('Endpoint Policy Settings Form', () => {
       describe('changing malware when antivirus registration is NOT synced with malware', () => {
         it('should not change antivirus registration when malware is enabled', () => {
           setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.disabled, false);
-          setMalwareMode(formProps.policy, true);
+          setMalwareMode({ policy: formProps.policy, turnOff: true });
           render();
 
           userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch));
 
           const expectedPolicy = cloneDeep(formProps.policy);
-          setMalwareMode(expectedPolicy);
+          setMalwareMode({ policy: expectedPolicy });
           expectOnChangeToBeCalledWith(expectedPolicy);
         });
 
@@ -176,13 +176,13 @@ describe('Endpoint Policy Settings Form', () => {
           userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch));
 
           const expectedPolicy = cloneDeep(formProps.policy);
-          setMalwareMode(expectedPolicy, true);
+          setMalwareMode({ policy: expectedPolicy, turnOff: true });
           expectOnChangeToBeCalledWith(expectedPolicy);
         });
 
         it('should not change antivirus registration when malware is set to detect only', () => {
           setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.enabled, true);
-          setMalwareMode(formProps.policy);
+          setMalwareMode({ policy: formProps.policy });
           render();
 
           clickOnRadio(testSubj.malware.protectionDetectRadio);
@@ -219,7 +219,7 @@ describe('Endpoint Policy Settings Form', () => {
 
       describe('changing antivirus registration mode when malware is disabled', () => {
         beforeEach(() => {
-          setMalwareMode(formProps.policy, true);
+          setMalwareMode({ policy: formProps.policy, turnOff: true });
         });
 
         it('should disable antivirus registration when set to sync', () => {
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx
index bfc0ec3691363..4a685bb475810 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx
@@ -93,7 +93,11 @@ describe('When rendering PolicySettingsLayout', () => {
 
       // Turn off malware
       userEvent.click(getByTestId(testSubj.malware.enableDisableSwitch));
-      setMalwareMode(policySettings, true);
+      setMalwareMode({
+        policy: policySettings,
+        turnOff: true,
+        includeAntivirus: true,
+      });
 
       // Turn off Behaviour Protection
       userEvent.click(getByTestId(testSubj.behaviour.enableDisableSwitch));
diff --git a/x-pack/plugins/security_solution/public/notes/api/api.ts b/x-pack/plugins/security_solution/public/notes/api/api.ts
new file mode 100644
index 0000000000000..91455d71a8d17
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/notes/api/api.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BareNote, Note } from '../../../common/api/timeline';
+import { KibanaServices } from '../../common/lib/kibana';
+import { NOTE_URL } from '../../../common/constants';
+
+/**
+ * Adds a new note.
+ * This code is very close to the persistNote found in x-pack/plugins/security_solution/public/timelines/containers/notes/api.ts.
+ * // TODO remove the old method when the transition to the new notes system is complete
+ */
+export const createNote = async ({ note }: { note: BareNote }) => {
+  try {
+    const response = await KibanaServices.get().http.patch<{
+      data: { persistNote: { code: number; message: string; note: Note } };
+    }>(NOTE_URL, {
+      method: 'PATCH',
+      body: JSON.stringify({ note }),
+      version: '2023-10-31',
+    });
+    return response.data.persistNote.note;
+  } catch (err) {
+    throw new Error(`Failed to stringify query: ${JSON.stringify(err)}`);
+  }
+};
+
+/**
+ * Fetches all the notes for an array of document ids
+ */
+export const fetchNotesByDocumentIds = async (documentIds: string[]) => {
+  const response = await KibanaServices.get().http.get<{ notes: Note[]; totalCount: number }>(
+    NOTE_URL,
+    {
+      query: { documentIds },
+      version: '2023-10-31',
+    }
+  );
+  return response;
+};
+
+/**
+ * Deletes a note
+ */
+export const deleteNote = async (noteId: string) => {
+  const response = await KibanaServices.get().http.delete<{ data: unknown }>(NOTE_URL, {
+    body: JSON.stringify({ noteId }),
+    version: '2023-10-31',
+  });
+  return response;
+};
diff --git a/x-pack/plugins/security_solution/public/notes/jest.config.js b/x-pack/plugins/security_solution/public/notes/jest.config.js
new file mode 100644
index 0000000000000..7a19d2648f6be
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/notes/jest.config.js
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../../..',
+  roots: ['<rootDir>/x-pack/plugins/security_solution/public/notes'],
+  coverageDirectory:
+    '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/security_solution/public/notes',
+  coverageReporters: ['text', 'html'],
+  collectCoverageFrom: ['<rootDir>/x-pack/plugins/security_solution/public/notes/**/*.{ts,tsx}'],
+  moduleNameMapper: require('../../server/__mocks__/module_name_map'),
+};
diff --git a/x-pack/plugins/security_solution/public/notes/store/normalize.ts b/x-pack/plugins/security_solution/public/notes/store/normalize.ts
new file mode 100644
index 0000000000000..2b433a35d7c86
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/notes/store/normalize.ts
@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Note } from '../../../common/api/timeline';
+
+/**
+ * Interface to represent a normalized entity
+ */
+export interface NormalizedEntity<T> {
+  entities: {
+    [entity: string]: {
+      [id: string]: T;
+    };
+  };
+  result: string;
+}
+
+/**
+ * Interface to represent normalized entities
+ */
+export interface NormalizedEntities<T> {
+  entities: {
+    [entity: string]: {
+      [id: string]: T;
+    };
+  };
+  result: string[];
+}
+
+/**
+ * Normalizes a single note
+ */
+export const normalizeEntity = (res: Note): NormalizedEntity<Note> => ({
+  entities: {
+    notes: {
+      [res.noteId]: res,
+    },
+  },
+  result: res.noteId,
+});
+
+/**
+ * Normalizes an array of notes
+ */
+export const normalizeEntities = (res: Note[]): NormalizedEntities<Note> => ({
+  entities: {
+    notes: res.reduce((obj, item) => Object.assign(obj, { [item.noteId]: item }), {}),
+  },
+  result: res.map((note) => note.noteId),
+});
diff --git a/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts b/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts
new file mode 100644
index 0000000000000..59f196b6a5af5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts
@@ -0,0 +1,329 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import * as uuid from 'uuid';
+import {
+  createNote,
+  deleteNote,
+  fetchNotesByDocumentIds,
+  initialNotesState,
+  notesReducer,
+  ReqStatus,
+  selectAllNotes,
+  selectCreateNoteError,
+  selectCreateNoteStatus,
+  selectDeleteNoteError,
+  selectDeleteNoteStatus,
+  selectFetchNotesByDocumentIdsError,
+  selectFetchNotesByDocumentIdsStatus,
+  selectNoteById,
+  selectNoteIds,
+  selectNotesByDocumentId,
+} from './notes.slice';
+import { mockGlobalState } from '../../common/mock';
+
+const initalEmptyState = initialNotesState;
+
+export const generateNoteMock = (documentIds: string[]) =>
+  documentIds.map((documentId: string) => ({
+    noteId: uuid.v4(),
+    version: 'WzU1MDEsMV0=',
+    timelineId: '',
+    eventId: documentId,
+    note: 'This is a mocked note',
+    created: new Date().getTime(),
+    createdBy: 'elastic',
+    updated: new Date().getTime(),
+    updatedBy: 'elastic',
+  }));
+
+const mockNote = { ...generateNoteMock(['1'])[0] };
+const initialNonEmptyState = {
+  entities: {
+    [mockNote.noteId]: mockNote,
+  },
+  ids: [mockNote.noteId],
+  status: {
+    fetchNotesByDocumentIds: ReqStatus.Idle,
+    createNote: ReqStatus.Idle,
+    deleteNote: ReqStatus.Idle,
+  },
+  error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+};
+
+describe('notesSlice', () => {
+  describe('notesReducer', () => {
+    it('should handle an unknown action and return the initial state', () => {
+      expect(notesReducer(initalEmptyState, { type: 'unknown' })).toEqual({
+        entities: {},
+        ids: [],
+        status: {
+          fetchNotesByDocumentIds: ReqStatus.Idle,
+          createNote: ReqStatus.Idle,
+          deleteNote: ReqStatus.Idle,
+        },
+        error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+      });
+    });
+
+    describe('fetchNotesByDocumentIds', () => {
+      it('should set correct status state when fetching notes by document id', () => {
+        const action = { type: fetchNotesByDocumentIds.pending.type };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Loading,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct state when success on fetch notes by document id on an empty state', () => {
+        const action = {
+          type: fetchNotesByDocumentIds.fulfilled.type,
+          payload: {
+            entities: {
+              notes: {
+                [mockNote.noteId]: mockNote,
+              },
+            },
+            result: [mockNote.noteId],
+          },
+        };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: action.payload.entities.notes,
+          ids: action.payload.result,
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Succeeded,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should replace notes when success on fetch notes by document id on a non-empty state', () => {
+        const newMockNote = { ...mockNote, timelineId: 'timelineId' };
+        const action = {
+          type: fetchNotesByDocumentIds.fulfilled.type,
+          payload: {
+            entities: {
+              notes: {
+                [newMockNote.noteId]: newMockNote,
+              },
+            },
+            result: [newMockNote.noteId],
+          },
+        };
+
+        expect(notesReducer(initialNonEmptyState, action)).toEqual({
+          entities: action.payload.entities.notes,
+          ids: action.payload.result,
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Succeeded,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct error state when failing to fetch notes by document id', () => {
+        const action = { type: fetchNotesByDocumentIds.rejected.type, error: 'error' };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Failed,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: {
+            fetchNotesByDocumentIds: 'error',
+            createNote: null,
+            deleteNote: null,
+          },
+        });
+      });
+    });
+
+    describe('createNote', () => {
+      it('should set correct status state when creating a note by document id', () => {
+        const action = { type: createNote.pending.type };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Loading,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct state when success on create a note by document id on an empty state', () => {
+        const action = {
+          type: createNote.fulfilled.type,
+          payload: {
+            entities: {
+              notes: {
+                [mockNote.noteId]: mockNote,
+              },
+            },
+            result: mockNote.noteId,
+          },
+        };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: action.payload.entities.notes,
+          ids: [action.payload.result],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Succeeded,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct error state when failing to create a note by document id', () => {
+        const action = { type: createNote.rejected.type, error: 'error' };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Failed,
+            deleteNote: ReqStatus.Idle,
+          },
+          error: {
+            fetchNotesByDocumentIds: null,
+            createNote: 'error',
+            deleteNote: null,
+          },
+        });
+      });
+    });
+
+    describe('deleteNote', () => {
+      it('should set correct status state when deleting a note', () => {
+        const action = { type: deleteNote.pending.type };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Loading,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct state when success on deleting a note', () => {
+        const action = {
+          type: deleteNote.fulfilled.type,
+          payload: mockNote.noteId,
+        };
+
+        expect(notesReducer(initialNonEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Succeeded,
+          },
+          error: { fetchNotesByDocumentIds: null, createNote: null, deleteNote: null },
+        });
+      });
+
+      it('should set correct state when failing to create a note by document id', () => {
+        const action = { type: deleteNote.rejected.type, error: 'error' };
+
+        expect(notesReducer(initalEmptyState, action)).toEqual({
+          entities: {},
+          ids: [],
+          status: {
+            fetchNotesByDocumentIds: ReqStatus.Idle,
+            createNote: ReqStatus.Idle,
+            deleteNote: ReqStatus.Failed,
+          },
+          error: {
+            fetchNotesByDocumentIds: null,
+            createNote: null,
+            deleteNote: 'error',
+          },
+        });
+      });
+    });
+  });
+
+  describe('selectors', () => {
+    it('should return all notes', () => {
+      const state = mockGlobalState;
+      state.notes.entities = initialNonEmptyState.entities;
+      state.notes.ids = initialNonEmptyState.ids;
+      expect(selectAllNotes(state)).toEqual([mockNote]);
+    });
+
+    it('should return note by id', () => {
+      const state = mockGlobalState;
+      state.notes.entities = initialNonEmptyState.entities;
+      state.notes.ids = initialNonEmptyState.ids;
+      expect(selectNoteById(state, mockNote.noteId)).toEqual(mockNote);
+    });
+
+    it('should return note ids', () => {
+      const state = mockGlobalState;
+      state.notes.entities = initialNonEmptyState.entities;
+      state.notes.ids = initialNonEmptyState.ids;
+      expect(selectNoteIds(state)).toEqual([mockNote.noteId]);
+    });
+
+    it('should return fetch notes by document id status', () => {
+      expect(selectFetchNotesByDocumentIdsStatus(mockGlobalState)).toEqual(ReqStatus.Idle);
+    });
+
+    it('should return fetch notes by document id error', () => {
+      expect(selectFetchNotesByDocumentIdsError(mockGlobalState)).toEqual(null);
+    });
+
+    it('should return create note by document id status', () => {
+      expect(selectCreateNoteStatus(mockGlobalState)).toEqual(ReqStatus.Idle);
+    });
+
+    it('should return create note by document id error', () => {
+      expect(selectCreateNoteError(mockGlobalState)).toEqual(null);
+    });
+
+    it('should return delete note status', () => {
+      expect(selectDeleteNoteStatus(mockGlobalState)).toEqual(ReqStatus.Idle);
+    });
+
+    it('should return delete note error', () => {
+      expect(selectDeleteNoteError(mockGlobalState)).toEqual(null);
+    });
+
+    it('should return all notes for an existing document id', () => {
+      expect(selectNotesByDocumentId(mockGlobalState, '1')).toEqual([mockNote]);
+    });
+
+    it('should return no notes if document id does not exist', () => {
+      expect(selectNotesByDocumentId(mockGlobalState, '2')).toHaveLength(0);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts b/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts
new file mode 100644
index 0000000000000..303313d180306
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts
@@ -0,0 +1,158 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { EntityState, SerializedError } from '@reduxjs/toolkit';
+import { createAsyncThunk, createEntityAdapter, createSlice } from '@reduxjs/toolkit';
+import { createSelector } from 'reselect';
+import type { State } from '../../common/store';
+import {
+  createNote as createNoteApi,
+  deleteNote as deleteNoteApi,
+  fetchNotesByDocumentIds as fetchNotesByDocumentIdsApi,
+} from '../api/api';
+import type { NormalizedEntities, NormalizedEntity } from './normalize';
+import { normalizeEntities, normalizeEntity } from './normalize';
+import type { BareNote, Note } from '../../../common/api/timeline';
+
+export enum ReqStatus {
+  Idle = 'idle',
+  Loading = 'loading',
+  Succeeded = 'succeeded',
+  Failed = 'failed',
+}
+
+interface HttpError {
+  type: 'http';
+  status: number;
+}
+
+export interface NotesState extends EntityState<Note> {
+  status: {
+    fetchNotesByDocumentIds: ReqStatus;
+    createNote: ReqStatus;
+    deleteNote: ReqStatus;
+  };
+  error: {
+    fetchNotesByDocumentIds: SerializedError | HttpError | null;
+    createNote: SerializedError | HttpError | null;
+    deleteNote: SerializedError | HttpError | null;
+  };
+}
+
+const notesAdapter = createEntityAdapter<Note>({
+  selectId: (note: Note) => note.noteId,
+});
+
+export const initialNotesState: NotesState = notesAdapter.getInitialState({
+  status: {
+    fetchNotesByDocumentIds: ReqStatus.Idle,
+    createNote: ReqStatus.Idle,
+    deleteNote: ReqStatus.Idle,
+  },
+  error: {
+    fetchNotesByDocumentIds: null,
+    createNote: null,
+    deleteNote: null,
+  },
+});
+
+export const fetchNotesByDocumentIds = createAsyncThunk<
+  NormalizedEntities<Note>,
+  { documentIds: string[] },
+  {}
+>('notes/fetchNotesByDocumentIds', async (args) => {
+  const { documentIds } = args;
+  const res = await fetchNotesByDocumentIdsApi(documentIds);
+  return normalizeEntities(res.notes);
+});
+
+export const createNote = createAsyncThunk<NormalizedEntity<Note>, { note: BareNote }, {}>(
+  'notes/createNote',
+  async (args) => {
+    const { note } = args;
+    const res = await createNoteApi({ note });
+    return normalizeEntity(res);
+  }
+);
+
+export const deleteNote = createAsyncThunk<string, { id: string }, {}>(
+  'notes/deleteNote',
+  async (args) => {
+    const { id } = args;
+    await deleteNoteApi(id);
+    return id;
+  }
+);
+
+const notesSlice = createSlice({
+  name: 'notes',
+  initialState: initialNotesState,
+  reducers: {},
+  extraReducers(builder) {
+    builder
+      .addCase(fetchNotesByDocumentIds.pending, (state) => {
+        state.status.fetchNotesByDocumentIds = ReqStatus.Loading;
+      })
+      .addCase(fetchNotesByDocumentIds.fulfilled, (state, action) => {
+        notesAdapter.upsertMany(state, action.payload.entities.notes);
+        state.status.fetchNotesByDocumentIds = ReqStatus.Succeeded;
+      })
+      .addCase(fetchNotesByDocumentIds.rejected, (state, action) => {
+        state.status.fetchNotesByDocumentIds = ReqStatus.Failed;
+        state.error.fetchNotesByDocumentIds = action.payload ?? action.error;
+      })
+      .addCase(createNote.pending, (state) => {
+        state.status.createNote = ReqStatus.Loading;
+      })
+      .addCase(createNote.fulfilled, (state, action) => {
+        notesAdapter.addMany(state, action.payload.entities.notes);
+        state.status.createNote = ReqStatus.Succeeded;
+      })
+      .addCase(createNote.rejected, (state, action) => {
+        state.status.createNote = ReqStatus.Failed;
+        state.error.createNote = action.payload ?? action.error;
+      })
+      .addCase(deleteNote.pending, (state) => {
+        state.status.deleteNote = ReqStatus.Loading;
+      })
+      .addCase(deleteNote.fulfilled, (state, action) => {
+        notesAdapter.removeOne(state, action.payload);
+        state.status.deleteNote = ReqStatus.Succeeded;
+      })
+      .addCase(deleteNote.rejected, (state, action) => {
+        state.status.deleteNote = ReqStatus.Failed;
+        state.error.deleteNote = action.payload ?? action.error;
+      });
+  },
+});
+
+export const notesReducer = notesSlice.reducer;
+
+export const {
+  selectAll: selectAllNotes,
+  selectById: selectNoteById,
+  selectIds: selectNoteIds,
+} = notesAdapter.getSelectors((state: State) => state.notes);
+
+export const selectFetchNotesByDocumentIdsStatus = (state: State) =>
+  state.notes.status.fetchNotesByDocumentIds;
+
+export const selectFetchNotesByDocumentIdsError = (state: State) =>
+  state.notes.error.fetchNotesByDocumentIds;
+
+export const selectCreateNoteStatus = (state: State) => state.notes.status.createNote;
+
+export const selectCreateNoteError = (state: State) => state.notes.error.createNote;
+
+export const selectDeleteNoteStatus = (state: State) => state.notes.status.deleteNote;
+
+export const selectDeleteNoteError = (state: State) => state.notes.error.deleteNote;
+
+export const selectNotesByDocumentId = createSelector(
+  [selectAllNotes, (state, documentId) => documentId],
+  (notes, documentId) => notes.filter((note) => note.eventId === documentId)
+);
diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx
index ee1148f4bd93c..1c24cb51facf4 100644
--- a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx
@@ -14,9 +14,12 @@ import { TestProviders } from '../../../../common/mock';
 import { EndpointOverview } from '.';
 import type { EndpointFields } from '../../../../../common/search_strategy/security_solution/hosts';
 import { EndpointMetadataGenerator } from '../../../../../common/endpoint/data_generators/endpoint_metadata_generator';
-import { set } from 'lodash';
+import { useGetAgentStatus as _useGetAgentStatus } from '../../../../management/hooks/agents/use_get_agent_status';
 
 jest.mock('../../../../common/lib/kibana');
+jest.mock('../../../../management/hooks/agents/use_get_agent_status');
+
+const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock;
 
 describe('EndpointOverview Component', () => {
   let endpointData: EndpointFields;
@@ -59,7 +62,7 @@ describe('EndpointOverview Component', () => {
       endpointData?.hostInfo?.metadata.Endpoint.policy.applied.status
     );
     expect(findData.at(2).text()).toContain(endpointData?.hostInfo?.metadata.agent.version); // contain because drag adds a space
-    expect(findData.at(3).text()).toEqual('HealthyIsolated');
+    expect(findData.at(3).text()).toEqual('Healthy');
   });
 
   test('it renders with null data', () => {
@@ -71,19 +74,10 @@ describe('EndpointOverview Component', () => {
   });
 
   test('it shows isolation status', () => {
-    set(endpointData.hostInfo ?? {}, 'metadata.Endpoint.state.isolation', true);
+    const status = useGetAgentStatusMock(endpointData.hostInfo?.metadata.agent.id, 'endpoint');
+    status.data[endpointData.hostInfo!.metadata.agent.id].isolated = true;
+    useGetAgentStatusMock.mockReturnValue(status);
     render();
     expect(findData.at(3).text()).toEqual('HealthyIsolated');
   });
-
-  // FIXME: un-skip once pending isolation status are supported again
-  test.skip.each([
-    ['isolate', 'Isolating'],
-    ['unisolate', 'Releasing'],
-  ])('it shows pending %s status', (action, expectedLabel) => {
-    set(endpointData.hostInfo ?? {}, 'metadata.Endpoint.state.isolation', true);
-    endpointData.pendingActions![action] = 1;
-    render();
-    expect(findData.at(3).text()).toEqual(`Healthy${expectedLabel}`);
-  });
 });
diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx
index 99eb2ed17e6b6..76b3f45d93875 100644
--- a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx
+++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx
@@ -9,11 +9,7 @@ import { EuiHealth } from '@elastic/eui';
 import { getOr } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
-import {
-  AgentStatus,
-  EndpointAgentStatus,
-} from '../../../../common/components/endpoint/agents/agent_status';
+import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
 import { OverviewDescriptionList } from '../../../../common/components/overview_description_list';
 import type { DescriptionList } from '../../../../../common/utility_types';
 import { getEmptyTagValue } from '../../../../common/components/empty_value';
@@ -29,7 +25,6 @@ interface Props {
 }
 
 export const EndpointOverview = React.memo<Props>(({ contextID, data, scopeId }) => {
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
   const getDefaultRenderer = useCallback(
     (fieldName: string, fieldData: EndpointFields, attrName: string) => (
       <DefaultFieldRenderer
@@ -82,23 +77,15 @@ export const EndpointOverview = React.memo<Props>(({ contextID, data, scopeId })
         {
           title: i18n.FLEET_AGENT_STATUS,
           description:
-            // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed
             data != null && data.hostInfo ? (
-              agentStatusClientEnabled ? (
-                <AgentStatus agentId={data.hostInfo.metadata.agent.id} agentType="endpoint" />
-              ) : (
-                <EndpointAgentStatus
-                  endpointHostInfo={data.hostInfo}
-                  data-test-subj="endpointHostAgentStatus"
-                />
-              )
+              <AgentStatus agentId={data.hostInfo.metadata.agent.id} agentType="endpoint" />
             ) : (
               getEmptyTagValue()
             ),
         },
       ],
     ];
-  }, [agentStatusClientEnabled, data, getDefaultRenderer]);
+  }, [data, getDefaultRenderer]);
 
   return (
     <>
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts
index 66a04acaca439..9e960f34b9a36 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts
@@ -40,10 +40,12 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       entityID,
       timeRange,
       indexPatterns,
+      agentId,
     }: {
       entityID: string;
       timeRange?: TimeRange;
       indexPatterns: string[];
+      agentId: string;
     }): Promise<ResolverRelatedEvents> {
       const response: ResolverPaginatedEvents = await context.http.post(
         '/api/endpoint/resolver/events',
@@ -51,6 +53,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
           query: {},
           body: JSON.stringify({
             indexPatterns,
+            agentId,
             ...getRangeFilter(timeRange),
             filter: JSON.stringify({
               bool: {
@@ -77,12 +80,14 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       after,
       timeRange,
       indexPatterns,
+      agentId,
     }: {
       entityID: string;
       category: string;
       after?: string;
       timeRange?: TimeRange;
       indexPatterns: string[];
+      agentId: string;
     }): Promise<ResolverPaginatedEvents> {
       const commonFields = {
         query: { afterEvent: after, limit: 25 },
@@ -98,6 +103,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
             ...commonFields.body,
             entityType: 'alerts',
             eventID: entityID,
+            agentId,
           }),
         });
       } else {
@@ -105,6 +111,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
           query: commonFields.query,
           body: JSON.stringify({
             ...commonFields.body,
+            agentId,
             filter: JSON.stringify({
               bool: {
                 filter: [
@@ -127,16 +134,19 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       timeRange,
       indexPatterns,
       limit,
+      agentId,
     }: {
       ids: string[];
       timeRange?: TimeRange;
       indexPatterns: string[];
       limit: number;
+      agentId: string;
     }): Promise<SafeResolverEvent[]> {
       const query = {
         query: { limit },
         body: JSON.stringify({
           indexPatterns,
+          agentId,
           ...getRangeFilter(timeRange),
           filter: JSON.stringify({
             bool: {
@@ -166,6 +176,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       winlogRecordID,
       timeRange,
       indexPatterns,
+      agentId,
     }: {
       nodeID: string;
       eventCategory: string[];
@@ -174,6 +185,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       winlogRecordID: string;
       timeRange?: TimeRange;
       indexPatterns: string[];
+      agentId: string;
     }): Promise<SafeResolverEvent | null> {
       /** @description - eventID isn't provided by winlog. This can be removed once runtime fields are available */
       const filter =
@@ -199,6 +211,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
           {
             query: { limit: 1 },
             body: JSON.stringify({
+              agentId,
               indexPatterns,
               ...getRangeFilter(timeRange),
               filter: JSON.stringify(filter),
@@ -217,6 +230,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
               ...getRangeFilter(timeRange),
               entityType: 'alertDetail',
               eventID,
+              agentId,
             }),
           }
         );
@@ -241,6 +255,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       indices,
       ancestors,
       descendants,
+      agentId,
     }: {
       dataId: string;
       schema: ResolverSchema;
@@ -248,6 +263,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
       indices: string[];
       ancestors: number;
       descendants: number;
+      agentId: string;
     }): Promise<ResolverNode[]> {
       return context.http.post('/api/endpoint/resolver/tree', {
         body: JSON.stringify({
@@ -257,6 +273,7 @@ export function dataAccessLayerFactory(context: CoreStart): DataAccessLayer {
           schema,
           nodes: [dataId],
           indexPatterns: indices,
+          agentId,
         }),
       });
     },
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/generator_tree.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/generator_tree.ts
index 6b833c93704b4..170bfe3c6797d 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/generator_tree.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/generator_tree.ts
@@ -160,6 +160,7 @@ export function generateTreeWithDAL(
       indices,
       ancestors,
       descendants,
+      agentId,
     }: {
       dataId: string;
       schema: ResolverSchema;
@@ -167,6 +168,7 @@ export function generateTreeWithDAL(
       indices: string[];
       ancestors: number;
       descendants: number;
+      agentId: string;
     }): Promise<ResolverNode[]> {
       return formattedTree.nodes;
     },
@@ -183,8 +185,10 @@ export function generateTreeWithDAL(
             parent: 'process.parent.entity_id',
             ancestry: 'process.Ext.ancestry',
             name: 'process.name',
+            agentId: 'agent.id',
           },
           id: generatedTree.origin.id,
+          agentId: 'mockedAgentId',
         },
       ];
     },
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children.ts
index e883a96b162e8..d8b2836879194 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children.ts
@@ -121,11 +121,13 @@ export function noAncestorsTwoChildren(): { dataAccessLayer: DataAccessLayer; me
         timeRange,
         indexPatterns,
         limit,
+        agentId,
       }: {
         ids: string[];
         timeRange: TimeRange;
         indexPatterns: string[];
         limit: number;
+        agentId: string;
       }): Promise<SafeResolverEvent[]> {
         return [];
       },
@@ -140,6 +142,7 @@ export function noAncestorsTwoChildren(): { dataAccessLayer: DataAccessLayer; me
         indices,
         ancestors,
         descendants,
+        agentId,
       }: {
         dataId: string;
         schema: ResolverSchema;
@@ -147,6 +150,7 @@ export function noAncestorsTwoChildren(): { dataAccessLayer: DataAccessLayer; me
         indices: string[];
         ancestors: number;
         descendants: number;
+        agentId: string;
       }): Promise<ResolverNode[]> {
         const { treeResponse } = mockTreeWithNoAncestorsAnd2Children({
           originID: metadata.entityIDs.origin,
@@ -169,8 +173,10 @@ export function noAncestorsTwoChildren(): { dataAccessLayer: DataAccessLayer; me
               parent: 'process.parent.entity_id',
               ancestry: 'process.Ext.ancestry',
               name: 'process.name',
+              agentId: 'agent.id',
             },
             id: metadata.entityIDs.origin,
+            agentId: 'mockedAgentId',
           },
         ]);
       },
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_in_index_called_awesome_index.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_in_index_called_awesome_index.ts
index c4c7fda097e8f..3f45246b3b99a 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_in_index_called_awesome_index.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_in_index_called_awesome_index.ts
@@ -138,11 +138,13 @@ export function noAncestorsTwoChildenInIndexCalledAwesomeIndex(): {
         timeRange,
         indexPatterns,
         limit,
+        agentId,
       }: {
         ids: string[];
         timeRange: TimeRange;
         indexPatterns: string[];
         limit: number;
+        agentId: string;
       }): Promise<SafeResolverEvent[]> {
         return ids.map((id: string) =>
           mockEndpointEvent({
@@ -161,6 +163,7 @@ export function noAncestorsTwoChildenInIndexCalledAwesomeIndex(): {
         indices,
         ancestors,
         descendants,
+        agentId,
       }: {
         dataId: string;
         schema: ResolverSchema;
@@ -168,6 +171,7 @@ export function noAncestorsTwoChildenInIndexCalledAwesomeIndex(): {
         indices: string[];
         ancestors: number;
         descendants: number;
+        agentId: string;
       }): Promise<ResolverNode[]> {
         const { treeResponse } = mockTreeWithNoAncestorsAnd2Children({
           originID: metadata.entityIDs.origin,
@@ -192,8 +196,10 @@ export function noAncestorsTwoChildenInIndexCalledAwesomeIndex(): {
                 parent: 'process.parent.entity_id',
                 ancestry: 'process.Ext.ancestry',
                 name: 'process.name',
+                agentId: 'agent.id',
               },
               id: metadata.entityIDs.origin,
+              agentId: 'mockedAgentId',
             },
           ]);
         }
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_on_origin.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_on_origin.ts
index 30f7e07bf041a..c697e719f9d0f 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_on_origin.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_on_origin.ts
@@ -140,11 +140,13 @@ export function noAncestorsTwoChildrenWithRelatedEventsOnOrigin(): {
         timeRange,
         indexPatterns,
         limit,
+        agentId,
       }: {
         ids: string[];
         timeRange: TimeRange;
         indexPatterns: string[];
         limit: number;
+        agentId: string;
       }): Promise<SafeResolverEvent[]> {
         return nodeDataResponse;
       },
@@ -159,6 +161,7 @@ export function noAncestorsTwoChildrenWithRelatedEventsOnOrigin(): {
         indices,
         ancestors,
         descendants,
+        agentId,
       }: {
         dataId: string;
         schema: ResolverSchema;
@@ -166,6 +169,7 @@ export function noAncestorsTwoChildrenWithRelatedEventsOnOrigin(): {
         indices: string[];
         ancestors: number;
         descendants: number;
+        agentId: string;
       }): Promise<ResolverNode[]> {
         return tree.nodes;
       },
@@ -182,8 +186,10 @@ export function noAncestorsTwoChildrenWithRelatedEventsOnOrigin(): {
               parent: 'process.parent.entity_id',
               ancestry: 'process.Ext.ancestry',
               name: 'process.name',
+              agentId: 'agent.id',
             },
             id: metadata.entityIDs.origin,
+            agentId: 'mockedAgentId',
           },
         ];
       },
diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/one_node_with_paginated_related_events.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/one_node_with_paginated_related_events.ts
index dc7031acdbd91..464478c0d507c 100644
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/one_node_with_paginated_related_events.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/one_node_with_paginated_related_events.ts
@@ -31,6 +31,7 @@ interface Metadata {
     origin: 'origin';
   };
 }
+
 export function oneNodeWithPaginatedEvents(): {
   dataAccessLayer: DataAccessLayer;
   metadata: Metadata;
@@ -132,11 +133,13 @@ export function oneNodeWithPaginatedEvents(): {
         timeRange,
         indexPatterns,
         limit,
+        agentId,
       }: {
         ids: string[];
         timeRange: TimeRange;
         indexPatterns: string[];
         limit: number;
+        agentId: string;
       }): Promise<SafeResolverEvent[]> {
         return [];
       },
@@ -151,6 +154,7 @@ export function oneNodeWithPaginatedEvents(): {
         indices,
         ancestors,
         descendants,
+        agentId,
       }: {
         dataId: string;
         schema: ResolverSchema;
@@ -158,6 +162,7 @@ export function oneNodeWithPaginatedEvents(): {
         indices: string[];
         ancestors: number;
         descendants: number;
+        agentId: string;
       }): Promise<ResolverNode[]> {
         return mockTree.nodes;
       },
@@ -174,8 +179,10 @@ export function oneNodeWithPaginatedEvents(): {
               parent: 'process.parent.entity_id',
               ancestry: 'process.Ext.ancestry',
               name: 'process.name',
+              agentId: 'agent.id',
             },
             id: metadata.entityIDs.origin,
+            agentId: 'mockedAgentId',
           },
         ];
       },
diff --git a/x-pack/plugins/security_solution/public/resolver/mocks/tree_fetcher_parameters.ts b/x-pack/plugins/security_solution/public/resolver/mocks/tree_fetcher_parameters.ts
index daffa1c5e0b09..d80d07996d62d 100644
--- a/x-pack/plugins/security_solution/public/resolver/mocks/tree_fetcher_parameters.ts
+++ b/x-pack/plugins/security_solution/public/resolver/mocks/tree_fetcher_parameters.ts
@@ -15,5 +15,6 @@ export function mockTreeFetcherParameters(): TreeFetcherParameters {
     databaseDocumentID: '',
     indices: [],
     filters: {},
+    agentId: '',
   };
 }
diff --git a/x-pack/plugins/security_solution/public/resolver/mocks/tree_schema.ts b/x-pack/plugins/security_solution/public/resolver/mocks/tree_schema.ts
index e2d20cb6d5c23..201df86aeb654 100644
--- a/x-pack/plugins/security_solution/public/resolver/mocks/tree_schema.ts
+++ b/x-pack/plugins/security_solution/public/resolver/mocks/tree_schema.ts
@@ -16,6 +16,7 @@ const defaultProcessSchema = {
   id: 'process.entity_id',
   name: 'process.name',
   parent: 'process.parent.entity_id',
+  agentId: 'agent.id',
 };
 
 /* Factory function returning the source and schema for the endpoint data source  */
diff --git a/x-pack/plugins/security_solution/public/resolver/models/tree_fetcher_parameters.test.ts b/x-pack/plugins/security_solution/public/resolver/models/tree_fetcher_parameters.test.ts
index 81ceda82157bd..6563d95d71417 100644
--- a/x-pack/plugins/security_solution/public/resolver/models/tree_fetcher_parameters.test.ts
+++ b/x-pack/plugins/security_solution/public/resolver/models/tree_fetcher_parameters.test.ts
@@ -8,61 +8,64 @@
 import type { TreeFetcherParameters } from '../types';
 
 import { equal } from './tree_fetcher_parameters';
+
 describe('TreeFetcherParameters#equal:', () => {
   const cases: Array<[TreeFetcherParameters, TreeFetcherParameters, boolean]> = [
     // different databaseDocumentID
     [
-      { databaseDocumentID: 'a', indices: [], filters: {} },
-      { databaseDocumentID: 'b', indices: [], filters: {} },
+      { databaseDocumentID: 'a', indices: [], filters: {}, agentId: '' },
+      { databaseDocumentID: 'b', indices: [], filters: {}, agentId: '' },
       false,
     ],
     // different indices length
     [
-      { databaseDocumentID: 'a', indices: [''], filters: {} },
-      { databaseDocumentID: 'a', indices: [], filters: {} },
+      { databaseDocumentID: 'a', indices: [''], filters: {}, agentId: '' },
+      { databaseDocumentID: 'a', indices: [], filters: {}, agentId: '' },
       false,
     ],
     // same indices length, different databaseDocumentID
     [
-      { databaseDocumentID: 'a', indices: [''], filters: {} },
-      { databaseDocumentID: 'b', indices: [''], filters: {} },
+      { databaseDocumentID: 'a', indices: [''], filters: {}, agentId: '' },
+      { databaseDocumentID: 'b', indices: [''], filters: {}, agentId: '' },
       false,
     ],
     // 1 item in `indices`
     [
-      { databaseDocumentID: 'b', indices: [''], filters: {} },
-      { databaseDocumentID: 'b', indices: [''], filters: {} },
+      { databaseDocumentID: 'b', indices: [''], filters: {}, agentId: '' },
+      { databaseDocumentID: 'b', indices: [''], filters: {}, agentId: '' },
       true,
     ],
     // 2 item in `indices`
     [
-      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {} },
-      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {} },
+      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {}, agentId: '' },
+      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {}, agentId: '' },
       true,
     ],
     // 2 item in `indices`, but order inversed
     [
-      { databaseDocumentID: 'b', indices: ['2', '1'], filters: {} },
-      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {} },
+      { databaseDocumentID: 'b', indices: ['2', '1'], filters: {}, agentId: '' },
+      { databaseDocumentID: 'b', indices: ['1', '2'], filters: {}, agentId: '' },
       true,
     ],
     // all parameters the same, except for the filters
     [
-      { databaseDocumentID: 'b', indices: [], filters: {} },
+      { databaseDocumentID: 'b', indices: [], filters: {}, agentId: '' },
       {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to', from: 'from' },
+        agentId: '',
       },
       false,
     ],
     // all parameters the same, except for the filters.to
     [
-      { databaseDocumentID: 'b', indices: [], filters: { to: '100' } },
+      { databaseDocumentID: 'b', indices: [], filters: { to: '100' }, agentId: '' },
       {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to' },
+        agentId: '',
       },
       false,
     ],
@@ -72,8 +75,9 @@ describe('TreeFetcherParameters#equal:', () => {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to' },
+        agentId: '',
       },
-      { databaseDocumentID: 'b', indices: [], filters: { to: '100' } },
+      { databaseDocumentID: 'b', indices: [], filters: { to: '100' }, agentId: '' },
       false,
     ],
     // all parameters the same
@@ -82,11 +86,13 @@ describe('TreeFetcherParameters#equal:', () => {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to', from: 'from' },
+        agentId: '',
       },
       {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to', from: 'from' },
+        agentId: '',
       },
       true,
     ],
@@ -96,11 +102,13 @@ describe('TreeFetcherParameters#equal:', () => {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to' },
+        agentId: '',
       },
       {
         databaseDocumentID: 'b',
         indices: [],
         filters: { to: 'to' },
+        agentId: '',
       },
       true,
     ],
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/action.ts b/x-pack/plugins/security_solution/public/resolver/store/data/action.ts
index dc86fb810dee5..05f9efd748bd4 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/action.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/action.ts
@@ -133,6 +133,8 @@ export const serverReturnedNodeEventsInCategory = actionCreator<{
    * The category that `events` have in common.
    */
   readonly eventCategory: string;
+
+  readonly agentId: string;
 }>('SERVER_RETURNED_NODE_EVENTS_IN_CATEGORY');
 
 /**
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/node_events_in_category_model.ts b/x-pack/plugins/security_solution/public/resolver/store/data/node_events_in_category_model.ts
index cddab8babd12d..5dabbd376c4c1 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/node_events_in_category_model.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/node_events_in_category_model.ts
@@ -42,6 +42,7 @@ export function updatedWith(
       events: [...first.events, ...second.events],
       cursor: second.cursor,
       lastCursorRequested: null,
+      agentId: first.agentId,
     };
   } else {
     return undefined;
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/reducer.test.ts b/x-pack/plugins/security_solution/public/resolver/store/data/reducer.test.ts
index a55a0cfd7fee5..d99ca6a808031 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/reducer.test.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/reducer.test.ts
@@ -73,6 +73,7 @@ describe('Resolver Data Middleware', () => {
             databaseDocumentID: '',
             indices: [],
             filters: {},
+            agentId: '',
           },
           detectedBounds,
         })
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/reducer.ts b/x-pack/plugins/security_solution/public/resolver/store/data/reducer.ts
index 4c289efd76b45..12733affeeb06 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/reducer.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/reducer.ts
@@ -48,6 +48,7 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
             databaseDocumentID,
             indices,
             filters,
+            agentId: state.tree?.lastResponse?.parameters?.agentId || '',
           },
         };
         state.resolverComponentInstanceID = resolverComponentInstanceID;
@@ -78,6 +79,7 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
           databaseDocumentID: parameters.databaseDocumentID,
           indices: parameters.indices,
           filters: parameters.filters,
+          agentId: parameters.agentId,
         },
       };
       return draft;
@@ -104,6 +106,14 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
         /** Only handle this if we are expecting a response */
         state.tree = {
           ...state.tree,
+          ...(state.tree?.currentParameters
+            ? {
+                currentParameters: {
+                  ...state.tree.currentParameters,
+                  agentId: parameters.agentId,
+                },
+              }
+            : {}),
           /**
            * Store the last received data, as well as the databaseDocumentID it relates to.
            */
@@ -143,12 +153,12 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
   .withHandling(
     immerCase(
       serverReturnedNodeEventsInCategory,
-      (draft, { id, events, cursor, nodeID, eventCategory }) => {
+      (draft, { id, events, cursor, nodeID, eventCategory, agentId }) => {
         // The data in the action could be irrelevant if the panel view or parameters have changed since the corresponding request was made. In that case, ignore this action.
         const state: Draft<DataState> = draft[id].data;
         if (
           nodeEventsInCategoryModel.isRelevantToPanelViewAndParameters(
-            { events, cursor, nodeID, eventCategory },
+            { events, cursor, nodeID, eventCategory, agentId },
             selectors.panelViewAndParameters(state)
           )
         ) {
@@ -159,6 +169,7 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
               cursor,
               nodeID,
               eventCategory,
+              agentId,
             });
             // The 'updatedWith' method will fail if the old and new data don't represent events from the same node and event category
             if (updated) {
@@ -171,7 +182,7 @@ export const dataReducer = reducerWithInitialState(initialAnalyzerState)
             }
           } else {
             // There is no existing data, use the new data.
-            state.nodeEventsInCategory = { events, cursor, nodeID, eventCategory };
+            state.nodeEventsInCategory = { events, cursor, nodeID, eventCategory, agentId };
           }
           // else the action is stale, ignore it
         }
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.test.ts b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.test.ts
index cfa0e752f6fea..8034bf361fddf 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.test.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.test.ts
@@ -174,7 +174,7 @@ describe('data state', () => {
         has an error: false
         has more children: false
         has more ancestors: false
-        parameters to fetch: {\\"databaseDocumentID\\":\\"databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{}}
+        parameters to fetch: {\\"databaseDocumentID\\":\\"databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{},\\"agentId\\":\\"\\"}
         requires a pending request to be aborted: null"
       `);
     });
@@ -185,7 +185,7 @@ describe('data state', () => {
       actions = [
         appRequestedResolverData({
           id,
-          parameters: { databaseDocumentID, indices: [], filters: {} },
+          parameters: { databaseDocumentID, indices: [], filters: {}, agentId: '' },
         }),
       ];
     });
@@ -204,7 +204,7 @@ describe('data state', () => {
         has more children: false
         has more ancestors: false
         parameters to fetch: null
-        requires a pending request to be aborted: {\\"databaseDocumentID\\":\\"databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{}}"
+        requires a pending request to be aborted: {\\"databaseDocumentID\\":\\"databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{},\\"agentId\\":\\"\\"}"
       `);
     });
   });
@@ -226,7 +226,7 @@ describe('data state', () => {
         }),
         appRequestedResolverData({
           id,
-          parameters: { databaseDocumentID, indices: [], filters: {} },
+          parameters: { databaseDocumentID, indices: [], filters: {}, agentId: '' },
         }),
       ];
     });
@@ -251,7 +251,7 @@ describe('data state', () => {
         actions.push(
           serverFailedToReturnResolverData({
             id,
-            parameters: { databaseDocumentID, indices: [], filters: {} },
+            parameters: { databaseDocumentID, indices: [], filters: {}, agentId: '' },
           })
         );
       });
@@ -294,7 +294,12 @@ describe('data state', () => {
         // this happens when the middleware starts the request
         appRequestedResolverData({
           id,
-          parameters: { databaseDocumentID: firstDatabaseDocumentID, indices: [], filters: {} },
+          parameters: {
+            databaseDocumentID: firstDatabaseDocumentID,
+            indices: [],
+            filters: {},
+            agentId: '',
+          },
         }),
         // receive a different databaseDocumentID. this should cause the middleware to abort the existing request and start a new one
         appReceivedNewExternalProperties({
@@ -331,8 +336,8 @@ describe('data state', () => {
         has an error: false
         has more children: false
         has more ancestors: false
-        parameters to fetch: {\\"databaseDocumentID\\":\\"second databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{}}
-        requires a pending request to be aborted: {\\"databaseDocumentID\\":\\"first databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{}}"
+        parameters to fetch: {\\"databaseDocumentID\\":\\"second databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{},\\"agentId\\":\\"\\"}
+        requires a pending request to be aborted: {\\"databaseDocumentID\\":\\"first databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{},\\"agentId\\":\\"\\"}"
       `);
     });
     describe('and when the old request was aborted', () => {
@@ -340,7 +345,12 @@ describe('data state', () => {
         actions.push(
           appAbortedResolverDataRequest({
             id,
-            parameters: { databaseDocumentID: firstDatabaseDocumentID, indices: [], filters: {} },
+            parameters: {
+              databaseDocumentID: firstDatabaseDocumentID,
+              indices: [],
+              filters: {},
+              agentId: '',
+            },
           })
         );
       });
@@ -361,7 +371,7 @@ describe('data state', () => {
           has an error: false
           has more children: false
           has more ancestors: false
-          parameters to fetch: {\\"databaseDocumentID\\":\\"second databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{}}
+          parameters to fetch: {\\"databaseDocumentID\\":\\"second databaseDocumentID\\",\\"indices\\":[],\\"filters\\":{},\\"agentId\\":\\"\\"}
           requires a pending request to be aborted: null"
         `);
       });
@@ -374,6 +384,7 @@ describe('data state', () => {
                 databaseDocumentID: secondDatabaseDocumentID,
                 indices: [],
                 filters: {},
+                agentId: '',
               },
             })
           );
@@ -423,14 +434,14 @@ describe('data state', () => {
           }),
           appRequestedResolverData({
             id,
-            parameters: { databaseDocumentID, indices: [], filters: {} },
+            parameters: { databaseDocumentID, indices: [], filters: {}, agentId: '' },
           }),
           serverReturnedResolverData({
             id,
             result: resolverTree,
             dataSource,
             schema,
-            parameters: { databaseDocumentID, indices: [], filters: {} },
+            parameters: { databaseDocumentID, indices: [], filters: {}, agentId: '' },
           }),
         ];
       });
@@ -461,6 +472,7 @@ describe('data state', () => {
                 databaseDocumentID,
                 indices: [],
                 filters: timeRangeFilters,
+                agentId: '',
               },
             }),
             serverReturnedResolverData({
@@ -472,6 +484,7 @@ describe('data state', () => {
                 databaseDocumentID,
                 indices: [],
                 filters: timeRangeFilters,
+                agentId: '',
               },
             }),
           ];
@@ -680,6 +693,7 @@ describe('data state', () => {
             databaseDocumentID: '',
             indices: ['someNonDefaultIndex'],
             filters: {},
+            agentId: '',
           },
         }),
       ];
@@ -709,6 +723,7 @@ describe('data state', () => {
             databaseDocumentID: '',
             indices: ['defaultIndex'],
             filters: {},
+            agentId: '',
           },
         }),
         appReceivedNewExternalProperties({
@@ -726,6 +741,7 @@ describe('data state', () => {
             databaseDocumentID: '',
             indices: ['someNonDefaultIndex', 'someOtherIndex'],
             filters: {},
+            agentId: '',
           },
         }),
       ];
diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts
index 9be9f28034b61..cda77c97d1ded 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts
@@ -54,6 +54,10 @@ export function overriddenTimeBounds(state: DataState) {
   return state.overriddenTimeBounds;
 }
 
+export function agentId(state: DataState): string {
+  return state.tree?.lastResponse?.parameters.agentId || '';
+}
+
 /**
  * If a request was made and it threw an error or returned a failure response code.
  */
diff --git a/x-pack/plugins/security_solution/public/resolver/store/middleware/current_related_event_fetcher.ts b/x-pack/plugins/security_solution/public/resolver/store/middleware/current_related_event_fetcher.ts
index 78d45fa5fcc74..cd6d3594ba8b0 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/middleware/current_related_event_fetcher.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/middleware/current_related_event_fetcher.ts
@@ -54,6 +54,7 @@ export function CurrentRelatedEventFetcher(
 
       api.dispatch(appRequestedCurrentRelatedEventData({ id }));
       const detectedBounds = selectors.detectedBounds(state.analyzer[id]);
+      const agentId = selectors.agentId(state.analyzer[id]);
       const timeRangeFilters =
         detectedBounds !== undefined ? undefined : selectors.timeRangeFilters(state.analyzer[id]);
       let result: SafeResolverEvent | null = null;
@@ -66,6 +67,7 @@ export function CurrentRelatedEventFetcher(
           winlogRecordID,
           indexPatterns: indices,
           timeRange: timeRangeFilters,
+          agentId,
         });
       } catch (error) {
         api.dispatch(serverFailedToReturnCurrentRelatedEventData({ id }));
diff --git a/x-pack/plugins/security_solution/public/resolver/store/middleware/node_data_fetcher.ts b/x-pack/plugins/security_solution/public/resolver/store/middleware/node_data_fetcher.ts
index 532d8a0e4b6f9..5574a4c746226 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/middleware/node_data_fetcher.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/middleware/node_data_fetcher.ts
@@ -61,6 +61,7 @@ export function NodeDataFetcher(
     let results: SafeResolverEvent[] | undefined;
     try {
       const detectedBounds = selectors.detectedBounds(state.analyzer[id]);
+      const agentId = selectors.agentId(state.analyzer[id]);
       const timeRangeFilters =
         detectedBounds !== undefined ? undefined : selectors.timeRangeFilters(state.analyzer[id]);
       results = await dataAccessLayer.nodeData({
@@ -68,6 +69,7 @@ export function NodeDataFetcher(
         timeRange: timeRangeFilters,
         indexPatterns: indices,
         limit: nodeDataLimit,
+        agentId,
       });
     } catch (error) {
       /**
diff --git a/x-pack/plugins/security_solution/public/resolver/store/middleware/related_events_fetcher.ts b/x-pack/plugins/security_solution/public/resolver/store/middleware/related_events_fetcher.ts
index 8d468eff9f3f0..55f5958e0df53 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/middleware/related_events_fetcher.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/middleware/related_events_fetcher.ts
@@ -37,6 +37,7 @@ export function RelatedEventsFetcher(
 
     const oldParams = last[id];
     const detectedBounds = selectors.detectedBounds(state.analyzer[id]);
+    const agentId = selectors.agentId(state.analyzer[id]);
     const timeRangeFilters =
       detectedBounds !== undefined ? undefined : selectors.timeRangeFilters(state.analyzer[id]);
     // Update this each time before fetching data (or even if we don't fetch data) so that subsequent actions that call this (concurrently) will have up to date info.
@@ -61,6 +62,7 @@ export function RelatedEventsFetcher(
             after: cursor,
             indexPatterns: indices,
             timeRange: timeRangeFilters,
+            agentId,
           });
         } else {
           result = await dataAccessLayer.eventsWithEntityIDAndCategory({
@@ -68,6 +70,7 @@ export function RelatedEventsFetcher(
             category: eventCategory,
             indexPatterns: indices,
             timeRange: timeRangeFilters,
+            agentId,
           });
         }
       } catch (error) {
@@ -84,6 +87,7 @@ export function RelatedEventsFetcher(
             eventCategory,
             cursor: result.nextEvent,
             nodeID,
+            agentId,
           })
         );
       }
diff --git a/x-pack/plugins/security_solution/public/resolver/store/middleware/resolver_tree_fetcher.ts b/x-pack/plugins/security_solution/public/resolver/store/middleware/resolver_tree_fetcher.ts
index 08e57529bc6df..110185b1e7584 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/middleware/resolver_tree_fetcher.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/middleware/resolver_tree_fetcher.ts
@@ -24,6 +24,7 @@ import {
   serverReturnedResolverData,
 } from '../data/action';
 import type { State } from '../../../common/store/types';
+
 /**
  * A function that handles syncing ResolverTree data w/ the current entity ID.
  * This will make a request anytime the entityID changes (to something other than undefined.)
@@ -42,7 +43,7 @@ export function ResolverTreeFetcher(
   return async (id: string) => {
     // const id = 'alerts-page';
     const state = api.getState();
-    const databaseParameters = selectors.treeParametersToFetch(state.analyzer[id]);
+    let databaseParameters = selectors.treeParametersToFetch(state.analyzer[id]);
     if (selectors.treeRequestParametersToAbort(state.analyzer[id]) && lastRequestAbortController) {
       lastRequestAbortController.abort();
       // calling abort will cause an action to be fired
@@ -51,9 +52,9 @@ export function ResolverTreeFetcher(
       let entityIDToFetch: string | undefined;
       let dataSource: string | undefined;
       let dataSourceSchema: ResolverSchema | undefined;
+      let dataSourceAgentId: string | undefined;
       let result: ResolverNode[] | undefined;
       const timeRangeFilters = selectors.timeRangeFilters(state.analyzer[id]);
-
       // Inform the state that we've made the request. Without this, the middleware will try to make the request again
       // immediately.
       api.dispatch(appRequestedResolverData({ id, parameters: databaseParameters }));
@@ -63,6 +64,7 @@ export function ResolverTreeFetcher(
           indices: databaseParameters.indices,
           signal: lastRequestAbortController.signal,
         });
+
         if (matchingEntities.length < 1) {
           // If no entity_id could be found for the _id, bail out with a failure.
           api.dispatch(
@@ -73,8 +75,17 @@ export function ResolverTreeFetcher(
           );
           return;
         }
-        ({ id: entityIDToFetch, schema: dataSourceSchema, name: dataSource } = matchingEntities[0]);
+        ({
+          id: entityIDToFetch,
+          schema: dataSourceSchema,
+          name: dataSource,
+          agentId: dataSourceAgentId,
+        } = matchingEntities[0]);
 
+        databaseParameters = {
+          ...databaseParameters,
+          agentId: dataSourceAgentId ?? '',
+        };
         result = await dataAccessLayer.resolverTree({
           dataId: entityIDToFetch,
           schema: dataSourceSchema,
@@ -82,6 +93,7 @@ export function ResolverTreeFetcher(
           indices: databaseParameters.indices,
           ancestors: ancestorsRequestAmount(dataSourceSchema),
           descendants: descendantsRequestAmount(),
+          agentId: databaseParameters.agentId,
         });
 
         const resolverTree: NewResolverTree = {
@@ -96,6 +108,7 @@ export function ResolverTreeFetcher(
             indices: databaseParameters.indices,
             ancestors: ancestorsRequestAmount(dataSourceSchema),
             descendants: descendantsRequestAmount(),
+            agentId: databaseParameters.agentId,
           });
           if (unboundedTree.length > 0) {
             const timestamps = unboundedTree
@@ -143,9 +156,19 @@ export function ResolverTreeFetcher(
       } catch (error) {
         // https://developer.mozilla.org/en-US/docs/Web/API/DOMException#exception-AbortError
         if (error instanceof DOMException && error.name === 'AbortError') {
-          api.dispatch(appAbortedResolverDataRequest({ id, parameters: databaseParameters }));
+          api.dispatch(
+            appAbortedResolverDataRequest({
+              id,
+              parameters: databaseParameters,
+            })
+          );
         } else {
-          api.dispatch(serverFailedToReturnResolverData({ id, parameters: databaseParameters }));
+          api.dispatch(
+            serverFailedToReturnResolverData({
+              id,
+              parameters: databaseParameters,
+            })
+          );
         }
       }
     }
diff --git a/x-pack/plugins/security_solution/public/resolver/store/selectors.ts b/x-pack/plugins/security_solution/public/resolver/store/selectors.ts
index 93843d9d0b6ae..3deccbe674d96 100644
--- a/x-pack/plugins/security_solution/public/resolver/store/selectors.ts
+++ b/x-pack/plugins/security_solution/public/resolver/store/selectors.ts
@@ -43,6 +43,8 @@ export const translation = composeSelectors(cameraStateSelector, cameraSelectors
 
 export const detectedBounds = composeSelectors(dataStateSelector, dataSelectors.detectedBounds);
 
+export const agentId = composeSelectors(dataStateSelector, dataSelectors.agentId);
+
 export const overriddenTimeBounds = composeSelectors(
   dataStateSelector,
   dataSelectors.overriddenTimeBounds
diff --git a/x-pack/plugins/security_solution/public/resolver/types.ts b/x-pack/plugins/security_solution/public/resolver/types.ts
index 7c21667df34bf..60ad9cec4c843 100644
--- a/x-pack/plugins/security_solution/public/resolver/types.ts
+++ b/x-pack/plugins/security_solution/public/resolver/types.ts
@@ -28,6 +28,7 @@ export interface AnalyzerState {
 export interface AnalyzerById {
   [id: string]: ResolverState;
 }
+
 /**
  * Redux state for the Resolver feature. Properties on this interface are populated via multiple reducers using redux's `combineReducers`.
  */
@@ -200,6 +201,8 @@ export interface TreeFetcherParameters {
   indices: string[];
 
   filters: TimeFilters;
+
+  agentId: string;
 }
 
 /**
@@ -236,6 +239,8 @@ export interface NodeEventsInCategoryState {
     parameters: PanelViewAndParameters;
   };
 
+  agentId: string;
+
   /**
    * Flag for showing an error message when fetching additional related events.
    */
@@ -520,6 +525,7 @@ export interface DurationDetails {
   duration: number | '<1';
   durationType: DurationTypes;
 }
+
 /**
  * Values shared between two vertices joined by an edge line.
  */
@@ -574,6 +580,7 @@ export type ProcessWithWidthMetadata = {
  */
 interface ResizeObserverConstructor {
   prototype: ResizeObserver;
+
   new (callback: ResizeObserverCallback): ResizeObserver;
 }
 
@@ -597,10 +604,12 @@ export interface SideEffectors {
    * Use instead of the `ResizeObserver` global.
    */
   ResizeObserver: ResizeObserverConstructor;
+
   /**
    * Use this instead of the Clipboard API's `writeText` method.
    */
   writeTextToClipboard(text: string): Promise<void>;
+
   /**
    * Use this instead of `Element.prototype.getBoundingClientRect` .
    */
@@ -698,10 +707,12 @@ export interface DataAccessLayer {
     entityID,
     timeRange,
     indexPatterns,
+    agentId,
   }: {
     entityID: string;
     timeRange?: TimeRange;
     indexPatterns: string[];
+    agentId: string;
   }) => Promise<ResolverRelatedEvents>;
 
   /**
@@ -714,12 +725,14 @@ export interface DataAccessLayer {
     after,
     timeRange,
     indexPatterns,
+    agentId,
   }: {
     entityID: string;
     category: string;
     after?: string;
     timeRange?: TimeRange;
     indexPatterns: string[];
+    agentId: string;
   }) => Promise<ResolverPaginatedEvents>;
 
   /**
@@ -731,11 +744,13 @@ export interface DataAccessLayer {
     timeRange,
     indexPatterns,
     limit,
+    agentId,
   }: {
     ids: string[];
     timeRange?: TimeRange;
     indexPatterns: string[];
     limit: number;
+    agentId: string;
   }): Promise<SafeResolverEvent[]>;
 
   /**
@@ -749,6 +764,7 @@ export interface DataAccessLayer {
     timeRange,
     indexPatterns,
     winlogRecordID,
+    agentId,
   }: {
     nodeID: string;
     eventCategory: string[];
@@ -757,6 +773,7 @@ export interface DataAccessLayer {
     winlogRecordID: string;
     timeRange?: TimeRange;
     indexPatterns: string[];
+    agentId: string;
   }) => Promise<SafeResolverEvent | null>;
 
   /**
@@ -769,6 +786,7 @@ export interface DataAccessLayer {
     indices,
     ancestors,
     descendants,
+    agentId,
   }: {
     dataId: string;
     schema: ResolverSchema;
@@ -776,6 +794,7 @@ export interface DataAccessLayer {
     indices: string[];
     ancestors: number;
     descendants: number;
+    agentId: string;
   }): Promise<ResolverNode[]>;
 
   /**
diff --git a/x-pack/plugins/security_solution/public/resolver/view/clickthrough.test.tsx b/x-pack/plugins/security_solution/public/resolver/view/clickthrough.test.tsx
index 8c53ebaf53307..afa016bb03b79 100644
--- a/x-pack/plugins/security_solution/public/resolver/view/clickthrough.test.tsx
+++ b/x-pack/plugins/security_solution/public/resolver/view/clickthrough.test.tsx
@@ -279,11 +279,13 @@ describe.skip('Resolver, when using a generated tree with 20 generations, 4 chil
         timeRange,
         indexPatterns,
         limit,
+        agentId,
       }: {
         ids: string[];
         timeRange: TimeRange;
         indexPatterns: string[];
         limit: number;
+        agentId: string;
       }): Promise<SafeResolverEvent[]> => {
         if (throwError) {
           throw new Error(
@@ -291,7 +293,7 @@ describe.skip('Resolver, when using a generated tree with 20 generations, 4 chil
           );
         }
 
-        return generatorDAL.nodeData({ ids, timeRange, indexPatterns, limit });
+        return generatorDAL.nodeData({ ids, timeRange, indexPatterns, limit, agentId });
       };
 
       // create a simulator using most of the generator's data access layer, but let's use our nodeDataError
diff --git a/x-pack/plugins/security_solution/public/sourcerer/components/index.test.tsx b/x-pack/plugins/security_solution/public/sourcerer/components/index.test.tsx
index 4b1977eaf689e..99209f44cfbef 100644
--- a/x-pack/plugins/security_solution/public/sourcerer/components/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/sourcerer/components/index.test.tsx
@@ -13,7 +13,7 @@ import { SourcererScopeName } from '../store/model';
 import { Sourcerer } from '.';
 import { sourcererActions, sourcererModel } from '../store';
 import { createMockStore, mockGlobalState, TestProviders } from '../../common/mock';
-import type { EuiSuperSelectOption } from '@elastic/eui/src/components/form/super_select/super_select_control';
+import type { EuiSuperSelectOption } from '@elastic/eui';
 import { fireEvent, waitFor, render } from '@testing-library/react';
 import { useSourcererDataView } from '../containers';
 import { useSignalHelpers } from '../containers/use_signal_helpers';
diff --git a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts
index 08e992c76aac6..a763383f4a731 100644
--- a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts
+++ b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts
@@ -28,10 +28,7 @@ export const mockSourcererScope: SelectedDataView = {
       fields: {
         _id: {
           aggregatable: false,
-          category: '_id',
-          description: 'Each document has an _id that uniquely identifies it',
           esTypes: undefined,
-          example: 'Y-6TfmcB0WOhS6qyMv3s',
           format: undefined,
           indexes: mockPatterns,
           name: '_id',
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.test.tsx b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.test.tsx
new file mode 100644
index 0000000000000..3aee25657fb0e
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.test.tsx
@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render, screen, fireEvent } from '@testing-library/react';
+import '@testing-library/jest-dom';
+import { useKibana } from '../../../../common/lib/kibana/kibana_react';
+import { useDispatch, useSelector } from 'react-redux';
+import { selectDataView } from '../../redux/actions';
+import { DataViewPicker } from '.';
+
+// Mock the required hooks and dependencies
+jest.mock('../../../../common/lib/kibana/kibana_react', () => ({
+  useKibana: jest.fn(),
+}));
+
+jest.mock('react-redux', () => ({
+  useDispatch: jest.fn(),
+  useSelector: jest.fn(),
+}));
+
+jest.mock('../../redux/actions', () => ({
+  selectDataView: jest.fn(),
+}));
+
+jest.mock('@kbn/unified-search-plugin/public', () => ({
+  DataViewPicker: jest.fn((props) => (
+    <div>
+      <div>{props.trigger.label}</div>
+      <button
+        type="button"
+        onClick={() => props.onChangeDataView('new-id')}
+      >{`Change DataView`}</button>
+      <button type="button" onClick={props.onAddField}>
+        {`Add Field`}
+      </button>
+      <button type="button" onClick={props.onDataViewCreated}>
+        {`Create New DataView`}
+      </button>
+    </div>
+  )),
+}));
+
+describe('DataViewPicker', () => {
+  const mockDispatch = jest.fn();
+  const mockDataViewEditor = {
+    openEditor: jest.fn(),
+  };
+  const mockDataViewFieldEditor = {
+    openEditor: jest.fn(),
+  };
+  const mockData = {
+    dataViews: {
+      get: jest.fn().mockResolvedValue({}),
+    },
+  };
+
+  beforeEach(() => {
+    (useDispatch as jest.Mock).mockReturnValue(mockDispatch);
+    (useKibana as jest.Mock).mockReturnValue({
+      services: {
+        dataViewEditor: mockDataViewEditor,
+        data: mockData,
+        dataViewFieldEditor: mockDataViewFieldEditor,
+      },
+    });
+    (useSelector as jest.Mock).mockReturnValue({ dataViewId: 'test-id' });
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('renders the DataviewPicker component', () => {
+    render(<DataViewPicker />);
+    expect(screen.getByText('Dataview')).toBeInTheDocument();
+  });
+
+  test('calls dispatch on data view change', () => {
+    render(<DataViewPicker />);
+    fireEvent.click(screen.getByText('Change DataView'));
+    expect(mockDispatch).toHaveBeenCalledWith(selectDataView('new-id'));
+  });
+
+  test('opens data view editor when creating a new data view', () => {
+    render(<DataViewPicker />);
+    fireEvent.click(screen.getByText('Create New DataView'));
+    expect(mockDataViewEditor.openEditor).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.tsx b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.tsx
new file mode 100644
index 0000000000000..59bfcc9ec98eb
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/index.tsx
@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DataViewPicker as USDataViewPicker } from '@kbn/unified-search-plugin/public';
+import React, { useCallback, useRef, useMemo, memo } from 'react';
+import { useDispatch, useSelector } from 'react-redux';
+
+import { useKibana } from '../../../../common/lib/kibana/kibana_react';
+import { DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID } from '../../constants';
+import { selectDataView } from '../../redux/actions';
+import { sourcererAdapterSelector } from '../../redux/selectors';
+
+const TRIGGER_CONFIG = {
+  label: 'Dataview',
+  color: 'danger',
+  title: 'Experimental data view picker',
+  iconType: 'beaker',
+} as const;
+
+export const DataViewPicker = memo(() => {
+  const dispatch = useDispatch();
+
+  const {
+    services: { dataViewEditor, data, dataViewFieldEditor },
+  } = useKibana();
+
+  const closeDataViewEditor = useRef<() => void | undefined>();
+  const closeFieldEditor = useRef<() => void | undefined>();
+
+  // TODO: should this be implemented like that? If yes, we need to source dataView somehow or implement the same thing based on the existing state value.
+  // const canEditDataView =
+  // Boolean(dataViewEditor?.userPermissions.editDataView()) || !dataView.isPersisted();
+  const canEditDataView = true;
+
+  const { dataViewId } = useSelector(sourcererAdapterSelector);
+
+  const createNewDataView = useCallback(async () => {
+    closeDataViewEditor.current = await dataViewEditor.openEditor({
+      // eslint-disable-next-line no-console
+      onSave: () => console.log('new data view saved'),
+      allowAdHocDataView: true,
+    });
+  }, [dataViewEditor]);
+
+  const onFieldEdited = useCallback(() => {}, []);
+
+  const editField = useMemo(() => {
+    if (!canEditDataView) {
+      return;
+    }
+    return async (fieldName?: string, _uiAction: 'edit' | 'add' = 'edit') => {
+      if (!dataViewId) {
+        return;
+      }
+
+      const dataViewInstance = await data.dataViews.get(dataViewId);
+      closeFieldEditor.current = await dataViewFieldEditor.openEditor({
+        ctx: {
+          dataView: dataViewInstance,
+        },
+        fieldName,
+        onSave: async () => {
+          onFieldEdited();
+        },
+      });
+    };
+  }, [canEditDataView, dataViewId, data.dataViews, dataViewFieldEditor, onFieldEdited]);
+
+  const addField = useMemo(
+    () => (canEditDataView && editField ? () => editField(undefined, 'add') : undefined),
+    [editField, canEditDataView]
+  );
+
+  const handleChangeDataView = useCallback(
+    (id: string) => {
+      dispatch(selectDataView(id));
+    },
+    [dispatch]
+  );
+
+  const handleEditDataView = useCallback(() => {}, []);
+
+  return (
+    <USDataViewPicker
+      currentDataViewId={dataViewId || DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID}
+      trigger={TRIGGER_CONFIG}
+      onChangeDataView={handleChangeDataView}
+      onEditDataView={handleEditDataView}
+      onAddField={addField}
+      onDataViewCreated={createNewDataView}
+    />
+  );
+});
+
+DataViewPicker.displayName = 'DataviewPicker';
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/readme.md b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/readme.md
new file mode 100644
index 0000000000000..1ce2de83ccc05
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/components/dataview_picker/readme.md
@@ -0,0 +1,3 @@
+# Dataview Picker
+
+A replacement for the Sourcerer component, based on the Discover implementation.
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/constants.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/constants.ts
new file mode 100644
index 0000000000000..357e38c11c906
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/constants.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID = 'security-solution-default';
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.test.tsx b/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.test.tsx
new file mode 100644
index 0000000000000..183d03bc02007
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.test.tsx
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import '@testing-library/jest-dom';
+import { useDispatch } from 'react-redux';
+import { useKibana } from '../../../common/lib/kibana';
+import { DataViewPickerProvider } from './dataview_picker_provider';
+import {
+  startAppListening,
+  listenerMiddleware,
+  createChangeDataviewListener,
+  createInitDataviewListener,
+} from '../redux/listeners';
+import { init } from '../redux/actions';
+import { DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID } from '../constants';
+import type { DataViewsServicePublic } from '@kbn/data-views-plugin/public';
+
+jest.mock('../../../common/lib/kibana', () => ({
+  useKibana: jest.fn(),
+}));
+
+jest.mock('react-redux', () => ({
+  useDispatch: jest.fn(),
+}));
+
+jest.mock('../redux/listeners', () => ({
+  listenerMiddleware: {
+    clearListeners: jest.fn(),
+  },
+  startAppListening: jest.fn(),
+  createChangeDataviewListener: jest.fn(),
+  createInitDataviewListener: jest.fn(),
+}));
+
+describe('DataviewPickerProvider', () => {
+  const mockDispatch = jest.fn();
+  const mockServices = {
+    dataViews: {} as unknown as DataViewsServicePublic,
+  };
+
+  beforeEach(() => {
+    (useDispatch as jest.Mock).mockReturnValue(mockDispatch);
+    (useKibana as jest.Mock).mockReturnValue({ services: mockServices });
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('starts listeners and dispatches init action on mount', () => {
+    render(
+      <DataViewPickerProvider>
+        <div>{`Test Child`}</div>
+      </DataViewPickerProvider>
+    );
+
+    expect(startAppListening).toHaveBeenCalledWith(createInitDataviewListener({}));
+    expect(startAppListening).toHaveBeenCalledWith(
+      createChangeDataviewListener({ dataViewsService: mockServices.dataViews })
+    );
+    expect(mockDispatch).toHaveBeenCalledWith(init(DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID));
+  });
+
+  test('clears listeners on unmount', () => {
+    const { unmount } = render(
+      <DataViewPickerProvider>
+        <div>{`Test Child`}</div>
+      </DataViewPickerProvider>
+    );
+
+    unmount();
+
+    expect(listenerMiddleware.clearListeners).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.tsx b/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.tsx
new file mode 100644
index 0000000000000..dd6d01f21e73a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/containers/dataview_picker_provider.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useEffect, type FC, type PropsWithChildren } from 'react';
+import { useDispatch } from 'react-redux';
+
+import { useKibana } from '../../../common/lib/kibana';
+import {
+  createChangeDataviewListener,
+  createInitDataviewListener,
+  listenerMiddleware,
+  startAppListening,
+} from '../redux/listeners';
+import { init } from '../redux/actions';
+import { DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID } from '../constants';
+
+// NOTE: this can be spawned multiple times, eq. when you need something like a separate data view picker for a subsection of the app -
+// for example, in the timeline.
+export const DataViewPickerProvider: FC<PropsWithChildren<{}>> = memo(({ children }) => {
+  const { services } = useKibana();
+
+  const dispatch = useDispatch();
+
+  useEffect(() => {
+    // NOTE: the goal here is to move all side effects and business logic to Redux,
+    // so that we only do presentation layer things on React side - for performance reasons and
+    // to make the state easier to predict.
+    // see: https://redux-toolkit.js.org/api/createListenerMiddleware#overview
+    startAppListening(createInitDataviewListener({}));
+    startAppListening(createChangeDataviewListener({ dataViewsService: services.dataViews }));
+
+    // NOTE: this can be dispatched at any point, with any data view id
+    dispatch(init(DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID));
+
+    // NOTE: Clear existing listeners when services change for some reason (they should not)
+    return () => listenerMiddleware.clearListeners();
+  }, [services, dispatch]);
+
+  return <>{children}</>;
+});
+
+DataViewPickerProvider.displayName = 'DataviewPickerProvider';
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/is_enabled.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/is_enabled.ts
index efdc2c7468847..caf4b92c1d5d2 100644
--- a/x-pack/plugins/security_solution/public/sourcerer/experimental/is_enabled.ts
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/is_enabled.ts
@@ -11,6 +11,5 @@
  * - display the experimental component instead of the stable one
  * - use experimental data views hook instead of the stable one
  */
-export const IS_EXPERIMENTAL_SOURCERER_ENABLED = !!window.localStorage.getItem(
-  'EXPERIMENTAL_SOURCERER_ENABLED'
-);
+export const isExperimentalSourcererEnabled = () =>
+  !!window.localStorage.getItem('EXPERIMENTAL_SOURCERER_ENABLED');
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/readme.md b/x-pack/plugins/security_solution/public/sourcerer/experimental/readme.md
index 077bef147cbed..26894153f2e90 100644
--- a/x-pack/plugins/security_solution/public/sourcerer/experimental/readme.md
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/readme.md
@@ -15,4 +15,7 @@ using the same Kibana instance deployed locally (for now).
 
 ## Architecture
 
-TODO
+- Redux based 
+- Limited use of useEffect or stateful hooks - in favor of thunks and redux middleware (supporting request cancellation and caching)
+- Allows multiple instances of the picker - just wrap the subsection of the app with its own DataviewPickerProvider
+- Data exposed back to Security Solution is memoized with `reselect` for performance
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/actions.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/actions.ts
new file mode 100644
index 0000000000000..f1b490f1cf734
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/actions.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { type DataViewSpec } from '@kbn/data-views-plugin/common';
+import { createAction } from '@reduxjs/toolkit';
+
+type DataViewId = string;
+
+export const init = createAction<DataViewId>('init');
+export const selectDataView = createAction<DataViewId>('changeDataView');
+export const setDataViewData = createAction<DataViewSpec>('setDataView');
+export const setPatternList = createAction<string[]>('setPatternList');
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.test.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.test.ts
new file mode 100644
index 0000000000000..099fbb9dbcf3c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.test.ts
@@ -0,0 +1,101 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  init,
+  selectDataView,
+  setDataViewData as setDataViewSpec,
+  setPatternList,
+} from './actions';
+import { createInitDataviewListener, createChangeDataviewListener } from './listeners';
+import { isExperimentalSourcererEnabled } from '../is_enabled';
+import type { DataViewsServicePublic } from '@kbn/data-views-plugin/public';
+import { type ListenerEffectAPI } from '@reduxjs/toolkit';
+import type { AppDispatch } from './listeners';
+import { type State } from '../../../common/store/types';
+
+jest.mock('../is_enabled', () => ({
+  isExperimentalSourcererEnabled: jest.fn().mockReturnValue(true),
+}));
+
+type ListenerApi = ListenerEffectAPI<State, AppDispatch>;
+
+describe('Listeners', () => {
+  describe('createInitDataviewListener', () => {
+    let listenerOptions: ReturnType<typeof createInitDataviewListener>;
+    let listenerApi: ListenerApi;
+
+    beforeEach(() => {
+      listenerOptions = createInitDataviewListener({});
+      listenerApi = {
+        dispatch: jest.fn(),
+        getState: jest.fn(() => ({ dataViewPicker: { state: 'pristine' } })),
+      } as unknown as ListenerApi;
+    });
+
+    afterEach(() => {
+      jest.clearAllMocks();
+    });
+
+    test('does not dispatch if experimental feature is disabled', async () => {
+      jest.mocked(isExperimentalSourcererEnabled).mockReturnValue(false);
+
+      await listenerOptions.effect(init('test-view'), listenerApi);
+      expect(listenerApi.dispatch).not.toHaveBeenCalled();
+    });
+
+    test('does not dispatch if state is not pristine', async () => {
+      jest.mocked(isExperimentalSourcererEnabled).mockReturnValue(true);
+      listenerApi.getState = jest.fn(() => ({
+        dataViewPicker: { state: 'not_pristine' },
+      })) as unknown as ListenerApi['getState'];
+
+      await listenerOptions.effect(init('test-view'), listenerApi);
+      expect(listenerApi.dispatch).not.toHaveBeenCalled();
+    });
+
+    test('dispatches selectDataView action if state is pristine and experimental feature is enabled', async () => {
+      jest.mocked(isExperimentalSourcererEnabled).mockReturnValue(true);
+      await listenerOptions.effect(init('test-id'), listenerApi);
+      expect(listenerApi.dispatch).toHaveBeenCalledWith(selectDataView('test-id'));
+    });
+  });
+
+  describe('createChangeDataviewListener', () => {
+    let listenerOptions: ReturnType<typeof createChangeDataviewListener>;
+    let listenerApi: ListenerApi;
+    let dataViewsServiceMock: DataViewsServicePublic;
+
+    beforeEach(() => {
+      dataViewsServiceMock = {
+        get: jest.fn(async () => ({
+          toSpec: jest.fn(() => ({ id: 'test_spec' })),
+          getIndexPattern: jest.fn(() => 'index_pattern'),
+        })),
+        getExistingIndices: jest.fn(async () => ['pattern1', 'pattern2']),
+      } as unknown as DataViewsServicePublic;
+
+      listenerOptions = createChangeDataviewListener({ dataViewsService: dataViewsServiceMock });
+      listenerApi = {
+        dispatch: jest.fn(),
+      } as unknown as ListenerApi;
+    });
+
+    afterEach(() => {
+      jest.clearAllMocks();
+    });
+
+    test('fetches data view and dispatches setDataViewSpec and setPatternList actions', async () => {
+      await listenerOptions.effect(selectDataView('test_id'), listenerApi);
+
+      expect(dataViewsServiceMock.get).toHaveBeenCalledWith('test_id', true, false);
+      expect(listenerApi.dispatch).toHaveBeenCalledWith(setDataViewSpec({ id: 'test_spec' }));
+      expect(dataViewsServiceMock.getExistingIndices).toHaveBeenCalledWith(['index_pattern']);
+      expect(listenerApi.dispatch).toHaveBeenCalledWith(setPatternList(['pattern1', 'pattern2']));
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.ts
new file mode 100644
index 0000000000000..359794eca331a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/listeners.ts
@@ -0,0 +1,102 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DataViewsServicePublic } from '@kbn/data-views-plugin/public';
+import {
+  createListenerMiddleware,
+  type ActionCreator,
+  type ListenerEffectAPI,
+} from '@reduxjs/toolkit';
+import type { ListenerPredicate } from '@reduxjs/toolkit/dist/listenerMiddleware/types';
+import type { Action, Store } from 'redux';
+
+import { ensurePatternFormat } from '../../../../common/utils/sourcerer';
+import { isExperimentalSourcererEnabled } from '../is_enabled';
+import {
+  init,
+  selectDataView,
+  setDataViewData as setDataViewSpec,
+  setPatternList,
+} from './actions';
+import { type State } from '../../../common/store/types';
+
+export type AppDispatch = Store<State, Action>['dispatch'];
+
+export type DatapickerActions = ReturnType<typeof selectDataView>;
+
+// NOTE: types below exist because we are using redux-toolkit version lower than 2.x
+// in v2, there are TS helpers that make it easy to setup overrides that are necessary here.
+export interface ListenerOptions {
+  // Match with a function accepting action and state. This is broken in v1.x,
+  // the predicate is always required
+  predicate?: ListenerPredicate<DatapickerActions, State>;
+  // Match action by type
+  type?: string;
+  // Exact action type match based on the RTK action creator
+  actionCreator?: ActionCreator<DatapickerActions>;
+  // An effect to call
+  effect: (action: DatapickerActions, api: ListenerEffectAPI<State, AppDispatch>) => Promise<void>;
+}
+
+/**
+ * This is the proposed way of handling side effects within sourcerer code. We will no longer rely on useEffect for doing things like
+ * enriching the store with data fetched asynchronously in response to user doing something.
+ * Thunks are also considered for simpler flows but this has the advantage of cancellation support through `listnerApi` below.
+ */
+
+export type ListenerCreator<TDependencies> = (
+  // Only specify a subset of required services here, so that it is easier to mock and therefore test the listener
+  dependencies: TDependencies
+) => ListenerOptions;
+
+// NOTE: this should only be executed once in the application lifecycle, to LAZILY setup the component data
+export const createInitDataviewListener: ListenerCreator<{}> = (): ListenerOptions => {
+  return {
+    actionCreator: init,
+    effect: async (action, listenerApi) => {
+      // WARN:  Skip the init call if the experimental implementation is disabled
+      if (!isExperimentalSourcererEnabled()) {
+        return;
+      }
+      // NOTE: We should only run this once, when particular sourcerer instance is in pristine state (not touched by the user)
+      if (listenerApi.getState().dataViewPicker.state !== 'pristine') {
+        return;
+      }
+
+      // NOTE: dispatch the regular change listener
+      listenerApi.dispatch(selectDataView(action.payload));
+    },
+  };
+};
+
+// NOTE: this listener is executed whenever user decides to select dataview from the picker
+export const createChangeDataviewListener: ListenerCreator<{
+  dataViewsService: DataViewsServicePublic;
+}> = ({ dataViewsService }): ListenerOptions => {
+  return {
+    actionCreator: selectDataView,
+    effect: async (action, listenerApi) => {
+      const dataViewId = action.payload;
+      const refreshFields = false;
+
+      const dataView = await dataViewsService.get(dataViewId, true, refreshFields);
+      const dataViewData = dataView.toSpec();
+      listenerApi.dispatch(setDataViewSpec(dataViewData));
+
+      const defaultPatternsList = ensurePatternFormat(dataView.getIndexPattern().split(','));
+      const patternList = await dataViewsService.getExistingIndices(defaultPatternsList);
+      listenerApi.dispatch(setPatternList(patternList));
+    },
+  };
+};
+
+export const listenerMiddleware = createListenerMiddleware();
+
+// NOTE: register side effect listeners
+export const startAppListening = listenerMiddleware.startListening as unknown as (
+  options: ListenerOptions
+) => void;
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/reducer.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/reducer.ts
new file mode 100644
index 0000000000000..d8d626a1141ce
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/reducer.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DataViewSpec } from '@kbn/data-views-plugin/common';
+import { createReducer } from '@reduxjs/toolkit';
+
+import { DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID } from '../constants';
+
+import { selectDataView, setDataViewData, setPatternList } from './actions';
+
+export interface SelectedDataViewState {
+  dataView: DataViewSpec;
+  patternList: string[];
+  /**
+   * There are several states the picker can be in internally:
+   * - pristine - not initialized yet
+   * - loading
+   * - error - some kind of a problem during data init
+   * - ready - ready to provide index information to the client
+   */
+  state: 'pristine' | 'loading' | 'error' | 'ready';
+}
+
+export const initialDataView: DataViewSpec = {
+  id: DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID,
+  title: '',
+  fields: {},
+};
+
+export const initialState: SelectedDataViewState = {
+  dataView: initialDataView,
+  state: 'pristine',
+  patternList: [],
+};
+
+export const reducer = createReducer(initialState, (builder) => {
+  builder.addCase(selectDataView, (state) => {
+    state.state = 'loading';
+  });
+
+  builder.addCase(setDataViewData, (state, action) => {
+    state.dataView = action.payload;
+  });
+
+  builder.addCase(setPatternList, (state, action) => {
+    state.patternList = action.payload;
+    state.state = 'ready';
+  });
+});
+
+export type DataviewPickerState = ReturnType<typeof reducer>;
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/selectors.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/selectors.ts
new file mode 100644
index 0000000000000..cdfc3a9882b0d
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/redux/selectors.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createSelector } from '@reduxjs/toolkit';
+import type { SelectedDataView } from '../../store/model';
+import { type State } from '../../../common/store/types';
+
+/**
+ * Compatibility layer / adapter for legacy selector consumers.
+ * It is used in useSecuritySolutionDataView hook as alternative data source (behind a flag)
+ */
+export const sourcererAdapterSelector = createSelector(
+  [(state: State) => state.dataViewPicker],
+  (dataViewPicker): SelectedDataView => {
+    return {
+      loading: dataViewPicker.state === 'loading',
+      dataViewId: dataViewPicker.dataView.id || '',
+      patternList: dataViewPicker.patternList,
+      indicesExist: true,
+      browserFields: {},
+      activePatterns: dataViewPicker.patternList,
+      runtimeMappings: {},
+      selectedPatterns: dataViewPicker.patternList,
+      indexPattern: { fields: [], title: dataViewPicker.dataView.title || '' },
+      sourcererDataView: {},
+    };
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/sourcerer/experimental/use_unstable_security_solution_data_view.ts b/x-pack/plugins/security_solution/public/sourcerer/experimental/use_unstable_security_solution_data_view.ts
index a841834a8b1fe..4bca209b8e50a 100644
--- a/x-pack/plugins/security_solution/public/sourcerer/experimental/use_unstable_security_solution_data_view.ts
+++ b/x-pack/plugins/security_solution/public/sourcerer/experimental/use_unstable_security_solution_data_view.ts
@@ -5,12 +5,16 @@
  * 2.0.
  */
 
+import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
+
 import { type SourcererScopeName, type SelectedDataView } from '../store/model';
 
-import { IS_EXPERIMENTAL_SOURCERER_ENABLED } from './is_enabled';
+import { isExperimentalSourcererEnabled } from './is_enabled';
+import { sourcererAdapterSelector } from './redux/selectors';
 
 /**
- * FOR INTERNAL USE ONLY
+ * WARN: FOR INTERNAL USE ONLY
  * This hook provides data for experimental Sourcerer replacement in Security Solution.
  * Do not use in client code as the API will change frequently.
  * It will be extended in the future, covering more and more functionality from the current sourcerer.
@@ -19,6 +23,16 @@ export const useUnstableSecuritySolutionDataView = (
   _scopeId: SourcererScopeName,
   fallbackDataView: SelectedDataView
 ): SelectedDataView => {
-  // TODO: extend the fallback state with values computed using new logic
-  return IS_EXPERIMENTAL_SOURCERER_ENABLED ? fallbackDataView : fallbackDataView;
+  const dataView: SelectedDataView = useSelector(sourcererAdapterSelector);
+
+  const dataViewWithFallbacks: SelectedDataView = useMemo(() => {
+    return {
+      ...dataView,
+      // NOTE: temporary values sourced from the fallback. Will be replaced in the near future.
+      browserFields: fallbackDataView.browserFields,
+      sourcererDataView: fallbackDataView.sourcererDataView,
+    };
+  }, [dataView, fallbackDataView.browserFields, fallbackDataView.sourcererDataView]);
+
+  return isExperimentalSourcererEnabled() ? dataViewWithFallbacks : fallbackDataView;
 };
diff --git a/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.test.tsx
index 4e0eefa7703fb..a5a22fd70f563 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.test.tsx
@@ -164,7 +164,7 @@ describe('useFieldBrowserOptions', () => {
   it('should dispatch the proper action when a new field is saved', async () => {
     let onSave: ((field: DataViewField[]) => void) | undefined;
     useKibanaMock().services.data.dataViews.get = () => Promise.resolve({} as DataView);
-    useKibanaMock().services.dataViewFieldEditor.openEditor = (options) => {
+    useKibanaMock().services.dataViewFieldEditor.openEditor = async (options) => {
       onSave = options.onSave;
       return () => {};
     };
@@ -198,7 +198,7 @@ describe('useFieldBrowserOptions', () => {
   it('should dispatch the proper actions when a field is edited', async () => {
     let onSave: ((field: DataViewField[]) => void) | undefined;
     useKibanaMock().services.data.dataViews.get = () => Promise.resolve({} as DataView);
-    useKibanaMock().services.dataViewFieldEditor.openEditor = (options) => {
+    useKibanaMock().services.dataViewFieldEditor.openEditor = async (options) => {
       onSave = options.onSave;
       return () => {};
     };
@@ -266,7 +266,7 @@ describe('useFieldBrowserOptions', () => {
   it("should store 'closeEditor' in the actions ref when editor is open by create button", async () => {
     const mockCloseEditor = jest.fn();
     useKibanaMock().services.data.dataViews.get = () => Promise.resolve({} as DataView);
-    useKibanaMock().services.dataViewFieldEditor.openEditor = () => mockCloseEditor;
+    useKibanaMock().services.dataViewFieldEditor.openEditor = async () => mockCloseEditor;
 
     const editorActionsRef: FieldEditorActionsRef = React.createRef();
 
@@ -280,6 +280,7 @@ describe('useFieldBrowserOptions', () => {
     expect(editorActionsRef?.current).toBeNull();
 
     getByRole('button').click();
+    await runAllPromises();
 
     expect(mockCloseEditor).not.toHaveBeenCalled();
     expect(editorActionsRef?.current?.closeEditor).toBeDefined();
@@ -293,7 +294,7 @@ describe('useFieldBrowserOptions', () => {
   it("should store 'closeEditor' in the actions ref when editor is open by edit button", async () => {
     const mockCloseEditor = jest.fn();
     useKibanaMock().services.data.dataViews.get = () => Promise.resolve({} as DataView);
-    useKibanaMock().services.dataViewFieldEditor.openEditor = () => mockCloseEditor;
+    useKibanaMock().services.dataViewFieldEditor.openEditor = async () => mockCloseEditor;
 
     const editorActionsRef: FieldEditorActionsRef = React.createRef();
 
@@ -311,6 +312,7 @@ describe('useFieldBrowserOptions', () => {
     expect(editorActionsRef?.current).toBeNull();
 
     getByTestId('actionEditRuntimeField').click();
+    await runAllPromises();
 
     expect(mockCloseEditor).not.toHaveBeenCalled();
     expect(editorActionsRef?.current?.closeEditor).toBeDefined();
diff --git a/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
index 6757cd88bd7e7..435168ba5fbaf 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
@@ -81,9 +81,9 @@ export const useFieldBrowserOptions: UseFieldBrowserOptions = ({
   }, [selectedDataViewId, missingPatterns, dataViews]);
 
   const openFieldEditor = useCallback<OpenFieldEditor>(
-    (fieldName) => {
+    async (fieldName) => {
       if (dataView && selectedDataViewId) {
-        const closeFieldEditor = dataViewFieldEditor.openEditor({
+        const closeFieldEditor = await dataViewFieldEditor.openEditor({
           ctx: { dataView },
           fieldName,
           onSave: async (savedFields: DataViewField[]) => {
diff --git a/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap
index ce3d8e7f58936..2f8eb7d1fbb57 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap
@@ -2,12 +2,7 @@
 
 exports[`Netflow renders correctly against snapshot 1`] = `
 <DocumentFragment>
-  .c12 svg {
-  position: relative;
-  top: -1px;
-}
-
-.c10,
+  .c10,
 .c10 * {
   display: inline-block;
   max-width: 100%;
@@ -111,6 +106,11 @@ tr:hover .c2:focus::before {
   vertical-align: top;
 }
 
+.c12 svg {
+  position: relative;
+  top: -1px;
+}
+
 .c21 {
   margin-right: 5px;
 }
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx
index 635cf6a2868fd..882f4d5291abe 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx
@@ -47,7 +47,7 @@ export const ManagedUser = ({
   managedUser: ManagedUserData;
   contextID: string;
   isDraggable: boolean;
-  openDetailsPanel: (tab: EntityDetailsLeftPanelTab) => void;
+  openDetailsPanel?: (tab: EntityDetailsLeftPanelTab) => void;
 }) => {
   const entraManagedUser = managedUser.data?.[ManagedUserDatasetKey.ENTRA];
   const oktaManagedUser = managedUser.data?.[ManagedUserDatasetKey.OKTA];
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user_accordion.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user_accordion.tsx
index 6de3c45fc5786..356d7cefd0b11 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user_accordion.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user_accordion.tsx
@@ -23,7 +23,7 @@ interface ManagedUserAccordionProps {
   title: string;
   managedUser: ManagedUserFields;
   tableType: UserAssetTableType;
-  openDetailsPanel: (tab: EntityDetailsLeftPanelTab) => void;
+  openDetailsPanel?: (tab: EntityDetailsLeftPanelTab) => void;
 }
 
 export const ManagedUserAccordion: React.FC<ManagedUserAccordionProps> = ({
@@ -64,12 +64,14 @@ export const ManagedUserAccordion: React.FC<ManagedUserAccordionProps> = ({
           </span>
         ),
         link: {
-          callback: () =>
-            openDetailsPanel(
-              tableType === UserAssetTableType.assetOkta
-                ? EntityDetailsLeftPanelTab.OKTA
-                : EntityDetailsLeftPanelTab.ENTRA
-            ),
+          callback: openDetailsPanel
+            ? () =>
+                openDetailsPanel(
+                  tableType === UserAssetTableType.assetOkta
+                    ? EntityDetailsLeftPanelTab.OKTA
+                    : EntityDetailsLeftPanelTab.ENTRA
+                )
+            : undefined,
           tooltip: (
             <FormattedMessage
               id="xpack.securitySolution.flyout.entityDetails.showAssetDocument"
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap
index dc31ad380635b..6844342e8b2f0 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap
@@ -9,12 +9,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "agent.ephemeral_id": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "8a4f500f",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -27,12 +24,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "agent.hostname": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -45,12 +39,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "agent.id": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "8a4f500d",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -63,12 +54,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "agent.name": Object {
             "aggregatable": true,
-            "category": "agent",
-            "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "foo",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -85,12 +73,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "auditd.data.a0": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -101,12 +86,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "auditd.data.a1": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -117,12 +99,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "auditd.data.a2": Object {
             "aggregatable": true,
-            "category": "auditd",
-            "description": null,
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -137,12 +116,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "@timestamp": Object {
             "aggregatable": true,
-            "category": "base",
-            "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.",
             "esTypes": Array [
               "date",
             ],
-            "example": "2016-05-23T08:05:34.853Z",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -156,10 +132,7 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "_id": Object {
             "aggregatable": false,
-            "category": "base",
-            "description": "Each document has an _id that uniquely identifies it",
             "esTypes": Array [],
-            "example": "Y-6TfmcB0WOhS6qyMv3s",
             "indexes": Array [
               "auditbeat",
               "filebeat",
@@ -171,12 +144,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "message": Object {
             "aggregatable": false,
-            "category": "base",
-            "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.",
             "esTypes": Array [
               "text",
             ],
-            "example": "Hello World",
             "format": "string",
             "indexes": Array [
               "auditbeat",
@@ -193,12 +163,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "client.address": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -211,12 +178,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "client.bytes": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Bytes sent from the client to the server.",
             "esTypes": Array [
               "long",
             ],
-            "example": "184",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -229,12 +193,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "client.domain": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Client domain.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -247,12 +208,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "client.geo.country_iso_code": Object {
             "aggregatable": true,
-            "category": "client",
-            "description": "Country ISO code.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "CA",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -269,12 +227,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "cloud.account.id": Object {
             "aggregatable": true,
-            "category": "cloud",
-            "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "666777888999",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -287,12 +242,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "cloud.availability_zone": Object {
             "aggregatable": true,
-            "category": "cloud",
-            "description": "Availability zone in which this host is running.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "us-east-1c",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -309,12 +261,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "container.id": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Unique container id.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -327,12 +276,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "container.image.name": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Name of the image the container was built on.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -345,12 +291,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "container.image.tag": Object {
             "aggregatable": true,
-            "category": "container",
-            "description": "Container image tag.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -367,12 +310,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "destination.address": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -385,12 +325,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "destination.bytes": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Bytes sent from the destination to the source.",
             "esTypes": Array [
               "long",
             ],
-            "example": "184",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -403,12 +340,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "destination.domain": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Destination domain.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -421,12 +355,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "destination.ip": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.",
             "esTypes": Array [
               "ip",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -439,12 +370,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "destination.port": Object {
             "aggregatable": true,
-            "category": "destination",
-            "description": "Port of the destination.",
             "esTypes": Array [
               "long",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -461,12 +389,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "event.action": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "user-password-change",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -485,12 +410,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "event.category": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "authentication",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -509,12 +431,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "event.end": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "event.end contains the date when the event ended or when the activity was last observed.",
             "esTypes": Array [
               "date",
             ],
-            "example": null,
             "format": "",
             "indexes": Array [
               "apm-*-transaction*",
@@ -533,12 +452,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "event.kind": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "This defined the type of event eg. alerts",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "signal",
             "format": "string",
             "indexes": Array [
               "apm-*-transaction*",
@@ -557,12 +473,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "event.severity": Object {
             "aggregatable": true,
-            "category": "event",
-            "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.",
             "esTypes": Array [
               "long",
             ],
-            "example": 7,
             "format": "number",
             "indexes": Array [
               "apm-*-transaction*",
@@ -585,8 +498,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "host.name": Object {
             "aggregatable": true,
-            "category": "host",
-            "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.",
             "esTypes": Array [
               "keyword",
             ],
@@ -612,9 +523,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "nestedField.firstAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -632,9 +540,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "nestedField.secondAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -652,9 +557,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "nestedField.thirdAttributes": Object {
             "aggregatable": false,
-            "category": "nestedField",
-            "description": "",
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -691,12 +593,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "source.ip": Object {
             "aggregatable": true,
-            "category": "source",
-            "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.",
             "esTypes": Array [
               "ip",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -709,12 +608,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
           },
           "source.port": Object {
             "aggregatable": true,
-            "category": "source",
-            "description": "Port of the source.",
             "esTypes": Array [
               "long",
             ],
-            "example": "",
             "format": "",
             "indexes": Array [
               "auditbeat",
@@ -731,12 +627,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = `
         "fields": Object {
           "user.name": Object {
             "aggregatable": true,
-            "category": "user",
-            "description": "Short name or login of the user.",
             "esTypes": Array [
               "keyword",
             ],
-            "example": "albert",
             "format": "string",
             "indexes": Array [
               "auditbeat",
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts
index 519c8d21ab70e..b205f7c73a94e 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts
@@ -105,11 +105,7 @@ describe('helpers', () => {
       const expectedData = [
         {
           aggregatable: true,
-          category: 'base',
           columnHeaderType: 'not-filtered',
-          description:
-            'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-          example: '2016-05-23T08:05:34.853Z',
           format: '',
           id: '@timestamp',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -122,10 +118,7 @@ describe('helpers', () => {
         },
         {
           aggregatable: true,
-          category: 'source',
           columnHeaderType: 'not-filtered',
-          description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
-          example: '',
           format: '',
           id: 'source.ip',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -137,11 +130,7 @@ describe('helpers', () => {
         },
         {
           aggregatable: true,
-          category: 'destination',
           columnHeaderType: 'not-filtered',
-          description:
-            'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
-          example: '',
           format: '',
           id: 'destination.ip',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
@@ -170,11 +159,8 @@ describe('helpers', () => {
       expect(getColumnHeaders(headers, mockBrowserFields)).toEqual([
         {
           aggregatable: false,
-          category: 'base',
           columnHeaderType: 'not-filtered',
-          description: 'Each document has an _id that uniquely identifies it',
           esTypes: [],
-          example: 'Y-6TfmcB0WOhS6qyMv3s',
           id: '_id',
           indexes: ['auditbeat', 'filebeat', 'packetbeat'],
           initialWidth: 180,
@@ -199,7 +185,6 @@ describe('helpers', () => {
           fields: {
             test_field_1: {
               aggregatable: true,
-              category: 'test_field_1',
               esTypes: ['keyword'],
               format: 'string',
               indexes: [
@@ -226,7 +211,6 @@ describe('helpers', () => {
       expect(getColumnHeaders(headers, oneLevelDeep)).toEqual([
         {
           aggregatable: true,
-          category: 'test_field_1',
           columnHeaderType: 'not-filtered',
           esTypes: ['keyword'],
           format: 'string',
@@ -266,7 +250,6 @@ describe('helpers', () => {
           fields: {
             'foo.bar': {
               aggregatable: true,
-              category: 'foo',
               esTypes: ['keyword'],
               format: 'string',
               indexes: [
@@ -293,7 +276,6 @@ describe('helpers', () => {
       expect(getColumnHeaders(headers, twoLevelsDeep)).toEqual([
         {
           aggregatable: true,
-          category: 'foo',
           columnHeaderType: 'not-filtered',
           esTypes: ['keyword'],
           format: 'string',
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx
index 8d46d5438dcbc..0e100d9a25bc3 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx
@@ -11,8 +11,12 @@ import React, { useCallback, useMemo, useRef, useState } from 'react';
 import { useDispatch } from 'react-redux';
 import { isEventBuildingBlockType } from '@kbn/securitysolution-data-table';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { LeftPanelNotesTab } from '../../../../../flyout/document_details/left';
 import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
-import { DocumentDetailsRightPanelKey } from '../../../../../flyout/document_details/shared/constants/panel_keys';
+import {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from '../../../../../flyout/document_details/shared/constants/panel_keys';
 import { useDeepEqualSelector } from '../../../../../common/hooks/use_selector';
 import type {
   ColumnHeaderOptions,
@@ -111,6 +115,9 @@ const StatefulEventComponent: React.FC<Props> = ({
 
   const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
   const { openFlyout } = useExpandableFlyoutApi();
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
 
   // Store context in state rather than creating object in provider value={} to prevent re-renders caused by a new object being created
   const [activeStatefulEventContext] = useState({
@@ -178,26 +185,57 @@ const StatefulEventComponent: React.FC<Props> = ({
     [event.ecs, rowRenderers]
   );
 
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+  const indexName = event._index!;
+
   const onToggleShowNotes = useCallback(() => {
-    setShowNotes((prevShowNotes) => {
-      if (prevShowNotes[eventId]) {
-        // notes are closing, so focus the notes button on the next tick, after escaping the EuiFocusTrap
-        setTimeout(() => {
-          const notesButtonElement = trGroupRef.current?.querySelector<HTMLButtonElement>(
-            `.${NOTES_BUTTON_CLASS_NAME}`
-          );
-          notesButtonElement?.focus();
-        }, 0);
-      }
+    if (!expandableFlyoutDisabled && securitySolutionNotesEnabled) {
+      openFlyout({
+        right: {
+          id: DocumentDetailsRightPanelKey,
+          params: {
+            id: eventId,
+            indexName,
+            scopeId: timelineId,
+          },
+        },
+        left: {
+          id: DocumentDetailsLeftPanelKey,
+          path: {
+            tab: LeftPanelNotesTab,
+          },
+          params: {
+            id: eventId,
+            indexName,
+            scopeId: timelineId,
+          },
+        },
+      });
+    } else {
+      setShowNotes((prevShowNotes) => {
+        if (prevShowNotes[eventId]) {
+          // notes are closing, so focus the notes button on the next tick, after escaping the EuiFocusTrap
+          setTimeout(() => {
+            const notesButtonElement = trGroupRef.current?.querySelector<HTMLButtonElement>(
+              `.${NOTES_BUTTON_CLASS_NAME}`
+            );
+            notesButtonElement?.focus();
+          }, 0);
+        }
 
-      return { ...prevShowNotes, [eventId]: !prevShowNotes[eventId] };
-    });
-  }, [eventId]);
+        return { ...prevShowNotes, [eventId]: !prevShowNotes[eventId] };
+      });
+    }
+  }, [
+    eventId,
+    expandableFlyoutDisabled,
+    indexName,
+    securitySolutionNotesEnabled,
+    openFlyout,
+    timelineId,
+  ]);
 
   const handleOnEventDetailPanelOpened = useCallback(() => {
-    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-    const indexName = event._index!;
-
     const updatedExpandedDetail: ExpandedDetailType = {
       panelView: 'eventDetail',
       params: {
@@ -229,14 +267,14 @@ const StatefulEventComponent: React.FC<Props> = ({
       );
     }
   }, [
-    dispatch,
     eventId,
-    event._index,
+    indexName,
+    refetch,
     expandableFlyoutDisabled,
     openFlyout,
-    refetch,
-    tabType,
     timelineId,
+    dispatch,
+    tabType,
   ]);
 
   const associateNote = useCallback(
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx
index 28b60305b3f23..36233fcc3a391 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx
@@ -13,16 +13,12 @@ import { isEmpty, isNumber } from 'lodash/fp';
 import React from 'react';
 import { css } from '@emotion/css';
 
-import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 import type { BrowserField } from '../../../../../common/containers/source';
 import {
   ALERT_HOST_CRITICALITY,
   ALERT_USER_CRITICALITY,
 } from '../../../../../../common/field_maps/field_names';
-import {
-  AgentStatus,
-  EndpointAgentStatusById,
-} from '../../../../../common/components/endpoint/agents/agent_status';
+import { AgentStatus } from '../../../../../common/components/endpoint/agents/agent_status';
 import { INDICATOR_REFERENCE } from '../../../../../../common/cti/constants';
 import { DefaultDraggable } from '../../../../../common/components/draggables';
 import { Bytes, BYTES_FORMAT } from './bytes';
@@ -107,8 +103,6 @@ const FormattedFieldValueComponent: React.FC<{
   value,
   linkValue,
 }) => {
-  const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled');
-
   if (isObjectArray || asPlainText) {
     return <span data-test-subj={`formatted-field-${fieldName}`}>{value}</span>;
   } else if (fieldType === IP_FIELD_TYPE) {
@@ -292,17 +286,12 @@ const FormattedFieldValueComponent: React.FC<{
       />
     );
   } else if (fieldName === AGENT_STATUS_FIELD_NAME) {
-    return agentStatusClientEnabled ? (
+    return (
       <AgentStatus
         agentId={String(value ?? '')}
         agentType="endpoint"
         data-test-subj="endpointHostAgentStatus"
       />
-    ) : (
-      <EndpointAgentStatusById
-        endpointAgentId={String(value ?? '')}
-        data-test-subj="endpointHostAgentStatus"
-      />
     );
   } else if (
     [
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap
index 9d2956c56d588..9ed6e85196639 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap
@@ -16,11 +16,6 @@ exports[`netflowRowRenderer renders correctly against snapshot 1`] = `
   border-radius: 4px;
 }
 
-.c14 svg {
-  position: relative;
-  top: -1px;
-}
-
 .c12,
 .c12 * {
   display: inline-block;
@@ -125,6 +120,11 @@ tr:hover .c4:focus::before {
   vertical-align: top;
 }
 
+.c14 svg {
+  position: relative;
+  top: -1px;
+}
+
 .c23 {
   margin-right: 5px;
 }
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/helpers.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/helpers.tsx
index a0293d3941279..1a217abd674e0 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/helpers.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { EuiBadge, EuiButtonIcon, EuiToolTip } from '@elastic/eui';
+import { EuiBadge, EuiButtonIcon, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/eui';
 import React, { useCallback } from 'react';
 import styled from 'styled-components';
 
@@ -20,15 +20,22 @@ const NotesCountBadge = styled(EuiBadge)`
 
 NotesCountBadge.displayName = 'NotesCountBadge';
 
-interface NotesButtonProps {
-  ariaLabel?: string;
-  isDisabled?: boolean;
-  showNotes: boolean;
-  toggleShowNotes: () => void | ((eventId: string) => void);
-  toolTip?: string;
-  timelineType: TimelineTypeLiteral;
-  eventId?: string;
-}
+export const NotificationDot = styled.span`
+  position: absolute;
+  display: block;
+  width: 6px;
+  height: 6px;
+  border-radius: 50%;
+  background-color: ${({ theme }) => theme.eui.euiColorDanger};
+  top: 17%;
+  left: 52%;
+`;
+
+const NotesButtonContainer = styled(EuiFlexGroup)`
+  position: relative;
+`;
+
+export const NOTES_BUTTON_CLASS_NAME = 'notes-button';
 
 interface SmallNotesButtonProps {
   ariaLabel?: string;
@@ -36,12 +43,14 @@ interface SmallNotesButtonProps {
   toggleShowNotes: (eventId?: string) => void;
   timelineType: TimelineTypeLiteral;
   eventId?: string;
+  /**
+   * Number of notes. If > 0, then a red dot is shown in the top right corner of the icon.
+   */
+  notesCount: number;
 }
 
-export const NOTES_BUTTON_CLASS_NAME = 'notes-button';
-
 const SmallNotesButton = React.memo<SmallNotesButtonProps>(
-  ({ ariaLabel = i18n.NOTES, isDisabled, toggleShowNotes, timelineType, eventId }) => {
+  ({ ariaLabel = i18n.NOTES, isDisabled, toggleShowNotes, timelineType, eventId, notesCount }) => {
     const isTemplate = timelineType === TimelineType.template;
     const onClick = useCallback(() => {
       if (eventId != null) {
@@ -52,23 +61,52 @@ const SmallNotesButton = React.memo<SmallNotesButtonProps>(
     }, [toggleShowNotes, eventId]);
 
     return (
-      <EuiButtonIcon
-        aria-label={ariaLabel}
-        className={NOTES_BUTTON_CLASS_NAME}
-        data-test-subj="timeline-notes-button-small"
-        disabled={isDisabled}
-        iconType="editorComment"
-        onClick={onClick}
-        size="s"
-        isDisabled={isTemplate}
-      />
+      <NotesButtonContainer>
+        <EuiFlexItem grow={false}>
+          {notesCount > 0 ? <NotificationDot /> : null}
+          <EuiButtonIcon
+            aria-label={ariaLabel}
+            className={NOTES_BUTTON_CLASS_NAME}
+            data-test-subj="timeline-notes-button-small"
+            disabled={isDisabled}
+            iconType="editorComment"
+            onClick={onClick}
+            size="s"
+            isDisabled={isTemplate}
+          />
+        </EuiFlexItem>
+      </NotesButtonContainer>
     );
   }
 );
 SmallNotesButton.displayName = 'SmallNotesButton';
 
+interface NotesButtonProps {
+  ariaLabel?: string;
+  isDisabled?: boolean;
+  showNotes: boolean;
+  toggleShowNotes: () => void | ((eventId: string) => void);
+  toolTip?: string;
+  timelineType: TimelineTypeLiteral;
+  eventId?: string;
+  /**
+   * Number of notes associated with the event.
+   * Defaults to 0
+   */
+  notesCount?: number;
+}
+
 export const NotesButton = React.memo<NotesButtonProps>(
-  ({ ariaLabel, isDisabled, showNotes, timelineType, toggleShowNotes, toolTip, eventId }) =>
+  ({
+    ariaLabel,
+    isDisabled,
+    showNotes,
+    timelineType,
+    toggleShowNotes,
+    toolTip,
+    eventId,
+    notesCount = 0,
+  }) =>
     showNotes ? (
       <SmallNotesButton
         ariaLabel={ariaLabel}
@@ -76,6 +114,7 @@ export const NotesButton = React.memo<NotesButtonProps>(
         toggleShowNotes={toggleShowNotes}
         timelineType={timelineType}
         eventId={eventId}
+        notesCount={notesCount}
       />
     ) : (
       <EuiToolTip content={toolTip || ''} data-test-subj="timeline-notes-tool-tip">
@@ -85,6 +124,7 @@ export const NotesButton = React.memo<NotesButtonProps>(
           toggleShowNotes={toggleShowNotes}
           timelineType={timelineType}
           eventId={eventId}
+          notesCount={notesCount}
         />
       </EuiToolTip>
     )
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/eql/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/eql/index.tsx
index 469c5ae1be458..59373b5d790f5 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/eql/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/eql/index.tsx
@@ -83,14 +83,17 @@ export const EqlQueryBarTimeline = memo(({ timelineId }: { timelineId: string })
     selectedPatterns,
   } = useSourcererDataView(SourcererScopeName.timeline);
 
-  const initialState = {
-    ...defaultValues,
-    index: selectedPatterns.sort(),
-    eqlQueryBar: {
-      ...defaultValues.eqlQueryBar,
-      query: { query: optionsSelected.query ?? '', language: 'eql' },
-    },
-  };
+  const initialState = useMemo(
+    () => ({
+      ...defaultValues,
+      index: [...selectedPatterns].sort(),
+      eqlQueryBar: {
+        ...defaultValues.eqlQueryBar,
+        query: { query: optionsSelected.query ?? '', language: 'eql' },
+      },
+    }),
+    [optionsSelected.query, selectedPatterns]
+  );
 
   const { form } = useForm<TimelineEqlQueryBar>({
     defaultValue: initialState,
@@ -144,7 +147,7 @@ export const EqlQueryBarTimeline = memo(({ timelineId }: { timelineId: string })
 
   useEffect(() => {
     const { index: indexField } = getFields();
-    const newIndexValue = selectedPatterns.sort();
+    const newIndexValue = [...selectedPatterns].sort();
     const indexFieldValue = (indexField.value as string[]).sort();
     if (!isEqual(indexFieldValue, newIndexValue)) {
       indexField.setValue(newIndexValue);
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/search_or_filter.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/search_or_filter.tsx
index ed948b450c4e1..7fccbd9103ae9 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/search_or_filter.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/search_or_filter.tsx
@@ -11,6 +11,8 @@ import styled from 'styled-components';
 import type { Filter } from '@kbn/es-query';
 
 import type { FilterManager } from '@kbn/data-plugin/public';
+import { DataViewPicker } from '../../../../sourcerer/experimental/components/dataview_picker';
+import { isExperimentalSourcererEnabled } from '../../../../sourcerer/experimental/is_enabled';
 import { TimelineType } from '../../../../../common/api/timeline';
 import { InputsModelId } from '../../../../common/store/inputs/constants';
 import type { KqlMode } from '../../../store/model';
@@ -103,6 +105,12 @@ export const SearchOrFilter = React.memo<Props>(
       [isDataProviderEmpty, isDataProviderVisible]
     );
 
+    const dataviewPicker = isExperimentalSourcererEnabled() ? (
+      <DataViewPicker />
+    ) : (
+      <Sourcerer scope={SourcererScopeName.timeline} />
+    );
+
     return (
       <>
         <SearchOrFilterContainer>
@@ -113,7 +121,7 @@ export const SearchOrFilter = React.memo<Props>(
             responsive={false}
           >
             <EuiFlexItem grow={false} id={TIMELINE_TOUR_CONFIG_ANCHORS.DATA_VIEW}>
-              <Sourcerer scope={SourcererScopeName.timeline} />
+              {dataviewPicker}
             </EuiFlexItem>
             <EuiFlexItem data-test-subj="timeline-search-or-filter-search-container" grow={1}>
               <QueryBarTimeline
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_super_select/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_super_select/index.tsx
index c1927579f8019..6dfb17c7c4065 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_super_select/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_super_select/index.tsx
@@ -8,7 +8,6 @@
 import type { EuiSelectableOption, EuiFieldTextProps } from '@elastic/eui';
 import { EuiInputPopover, EuiFieldText, htmlIdGenerator, keys } from '@elastic/eui';
 import React, { memo, useCallback, useMemo, useState } from 'react';
-import styled from 'styled-components';
 
 import type { OpenTimelineResult } from '../../open_timeline/types';
 import { SelectableTimeline } from '../selectable_timeline';
@@ -16,38 +15,6 @@ import * as i18n from '../translations';
 import type { TimelineTypeLiteral } from '../../../../../common/api/timeline';
 import { TimelineType } from '../../../../../common/api/timeline';
 
-const StyledEuiInputPopover = styled(EuiInputPopover)`
-  .rightArrowIcon {
-    .euiFieldText {
-      padding-left: 12px;
-      padding-right: 40px;
-
-      &[readonly] {
-        cursor: pointer;
-        background-size: 0 100%;
-        background-repeat: no-repeat;
-
-        // To match EuiFieldText focus state
-        &:focus {
-          background-color: ${({ theme }) => theme.eui.euiFormBackgroundColor};
-          background-image: linear-gradient(
-            to top,
-            ${({ theme }) => theme.eui.euiFocusRingColor},
-            ${({ theme }) => theme.eui.euiFocusRingColor} 2px,
-            transparent 2px,
-            transparent 100%
-          );
-          background-size: 100% 100%;
-        }
-      }
-    }
-    .euiFormControlLayoutIcons {
-      left: unset;
-      right: 12px;
-    }
-  }
-`;
-
 interface SearchTimelineSuperSelectProps {
   isDisabled: boolean;
   hideUntitled?: boolean;
@@ -105,7 +72,7 @@ const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProp
         onClick={handleOpenPopover}
         onKeyDown={handleKeyboardOpen}
         value={timelineTitle ?? i18n.DEFAULT_TIMELINE_TITLE}
-        icon="arrowDown"
+        icon={!isDisabled ? { type: 'arrowDown', side: 'right' } : undefined}
         aria-label={ariaLabel}
         aria-controls={popoverId}
         aria-expanded={isPopoverOpen}
@@ -149,7 +116,7 @@ const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProp
   );
 
   return (
-    <StyledEuiInputPopover
+    <EuiInputPopover
       id={popoverId}
       input={superSelect}
       isOpen={isPopoverOpen}
@@ -164,7 +131,7 @@ const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProp
         timelineType={timelineType}
         placeholder={placeholder}
       />
-    </StyledEuiInputPopover>
+    </EuiInputPopover>
   );
 };
 
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx
index b9c8fd9edada5..38d2ade2d985c 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx
@@ -16,6 +16,11 @@ import { InPortal } from 'react-reverse-portal';
 import type { EuiDataGridControlColumn } from '@elastic/eui';
 
 import { DataLoadingState } from '@kbn/unified-data-table';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from '../../../../../flyout/document_details/shared/constants/panel_keys';
 import { InputsModelId } from '../../../../../common/store/inputs/constants';
 import type { ControlColumnProps } from '../../../../../../common/types';
 import { useDeepEqualSelector } from '../../../../../common/hooks/use_selector';
@@ -57,6 +62,7 @@ import { UnifiedTimelineBody } from '../../body/unified_timeline_body';
 import { EqlTabHeader } from './header';
 import { useTimelineColumns } from '../shared/use_timeline_columns';
 import { useTimelineControlColumn } from '../shared/use_timeline_control_columns';
+import { LeftPanelNotesTab } from '../../../../../flyout/document_details/left';
 
 export type Props = TimelineTabCommonProps & PropsFromRedux;
 
@@ -135,12 +141,54 @@ export const EqlTabContentComponent: React.FC<Props> = ({
     timerangeKind,
   });
 
+  const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+  const { openFlyout } = useExpandableFlyoutApi();
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
+  const onToggleShowNotes = useCallback(
+    (eventId?: string) => {
+      const indexName = selectedPatterns.join(',');
+      if (eventId && !expandableFlyoutDisabled && securitySolutionNotesEnabled) {
+        openFlyout({
+          right: {
+            id: DocumentDetailsRightPanelKey,
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+          left: {
+            id: DocumentDetailsLeftPanelKey,
+            path: {
+              tab: LeftPanelNotesTab,
+            },
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+        });
+      }
+    },
+    [
+      expandableFlyoutDisabled,
+      openFlyout,
+      securitySolutionNotesEnabled,
+      selectedPatterns,
+      timelineId,
+    ]
+  );
+
   const leadingControlColumns = useTimelineControlColumn({
     columns,
     sort: TIMELINE_NO_SORTING,
     timelineId,
     activeTab: TimelineTabs.eql,
     refetch,
+    onToggleShowNotes,
   });
 
   const isQueryLoading = useMemo(
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx
index 27074cceb45b1..a49b63a5e57fb 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx
@@ -14,6 +14,11 @@ import { connect } from 'react-redux';
 import deepEqual from 'fast-deep-equal';
 import type { EuiDataGridControlColumn } from '@elastic/eui';
 import { DataLoadingState } from '@kbn/unified-data-table';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from '../../../../../flyout/document_details/shared/constants/panel_keys';
 import type { ControlColumnProps } from '../../../../../../common/types';
 import { timelineActions, timelineSelectors } from '../../../../store';
 import type { Direction } from '../../../../../../common/search_strategy';
@@ -46,6 +51,7 @@ import {
 import type { TimelineTabCommonProps } from '../shared/types';
 import { useTimelineColumns } from '../shared/use_timeline_columns';
 import { useTimelineControlColumn } from '../shared/use_timeline_control_columns';
+import { LeftPanelNotesTab } from '../../../../../flyout/document_details/left';
 
 const ExitFullScreenContainer = styled.div`
   width: 180px;
@@ -171,12 +177,54 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
       timerangeKind: undefined,
     });
 
+  const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+  const { openFlyout } = useExpandableFlyoutApi();
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
+  const onToggleShowNotes = useCallback(
+    (eventId?: string) => {
+      const indexName = selectedPatterns.join(',');
+      if (eventId && !expandableFlyoutDisabled && securitySolutionNotesEnabled) {
+        openFlyout({
+          right: {
+            id: DocumentDetailsRightPanelKey,
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+          left: {
+            id: DocumentDetailsLeftPanelKey,
+            path: {
+              tab: LeftPanelNotesTab,
+            },
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+        });
+      }
+    },
+    [
+      expandableFlyoutDisabled,
+      openFlyout,
+      securitySolutionNotesEnabled,
+      selectedPatterns,
+      timelineId,
+    ]
+  );
+
   const leadingControlColumns = useTimelineControlColumn({
     columns,
     sort,
     timelineId,
     activeTab: TimelineTabs.pinned,
     refetch,
+    onToggleShowNotes,
   });
 
   const isQueryLoading = useMemo(
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/index.tsx
index 745cd04daaee5..443b290a53021 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/index.tsx
@@ -14,6 +14,12 @@ import deepEqual from 'fast-deep-equal';
 import type { EuiDataGridControlColumn } from '@elastic/eui';
 import { getEsQueryConfig } from '@kbn/data-plugin/common';
 import { DataLoadingState } from '@kbn/unified-data-table';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import {
+  DocumentDetailsLeftPanelKey,
+  DocumentDetailsRightPanelKey,
+} from '../../../../../flyout/document_details/shared/constants/panel_keys';
+import { LeftPanelNotesTab } from '../../../../../flyout/document_details/left';
 import { useDeepEqualSelector } from '../../../../../common/hooks/use_selector';
 import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 import { useTimelineDataFilters } from '../../../../containers/use_timeline_data_filters';
@@ -203,12 +209,54 @@ export const QueryTabContentComponent: React.FC<Props> = ({
     timerangeKind,
   });
 
+  const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled');
+  const { openFlyout } = useExpandableFlyoutApi();
+  const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled(
+    'securitySolutionNotesEnabled'
+  );
+  const onToggleShowNotes = useCallback(
+    (eventId?: string) => {
+      const indexName = selectedPatterns.join(',');
+      if (eventId && !expandableFlyoutDisabled && securitySolutionNotesEnabled) {
+        openFlyout({
+          right: {
+            id: DocumentDetailsRightPanelKey,
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+          left: {
+            id: DocumentDetailsLeftPanelKey,
+            path: {
+              tab: LeftPanelNotesTab,
+            },
+            params: {
+              id: eventId,
+              indexName,
+              scopeId: timelineId,
+            },
+          },
+        });
+      }
+    },
+    [
+      expandableFlyoutDisabled,
+      openFlyout,
+      securitySolutionNotesEnabled,
+      selectedPatterns,
+      timelineId,
+    ]
+  );
+
   const leadingControlColumns = useTimelineControlColumn({
     columns,
     sort,
     timelineId,
     activeTab: TimelineTabs.query,
     refetch,
+    onToggleShowNotes,
   });
 
   useEffect(() => {
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/query_tab_unified_components.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/query_tab_unified_components.test.tsx
index 1edb154db295c..13a7e9045f20f 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/query_tab_unified_components.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/query/query_tab_unified_components.test.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { ComponentProps, FunctionComponent } from 'react';
+import type { ComponentProps, FunctionComponent, PropsWithChildren } from 'react';
 import React, { useEffect } from 'react';
 import QueryTabContent from '.';
 import { defaultRowRenderers } from '../../body/renderers';
@@ -86,6 +86,16 @@ jest.mock('../../../../../common/lib/kibana');
 // unified-field-list is reporting multiple analytics events
 jest.mock(`@kbn/ebt/client`);
 
+const mockOpenFlyout = jest.fn();
+jest.mock('@kbn/expandable-flyout', () => {
+  return {
+    useExpandableFlyoutApi: () => ({
+      openFlyout: mockOpenFlyout,
+    }),
+    TestProvider: ({ children }: PropsWithChildren<{}>) => <>{children}</>,
+  };
+});
+
 const TestComponent = (props: Partial<ComponentProps<typeof QueryTabContent>>) => {
   const testComponentDefaultProps: ComponentProps<typeof QueryTabContent> = {
     timelineId: TimelineId.test,
@@ -765,9 +775,19 @@ describe('query tab with unified timeline', () => {
   });
 
   describe('row leading actions', () => {
-    it(
-      'should be able to add notes',
+    // fix this with the new EUI flyout implementation for notes
+    it.skip(
+      'should be able to add notes using EuiFlyout',
       async () => {
+        (useIsExperimentalFeatureEnabled as jest.Mock).mockImplementation(
+          jest.fn((feature: keyof ExperimentalFeatures) => {
+            if (feature === 'unifiedComponentsInTimelineEnabled') {
+              return true;
+            }
+            return allowedExperimentalValues[feature];
+          })
+        );
+
         renderTestComponents();
         expect(await screen.findByTestId('discoverDocTable')).toBeVisible();
 
@@ -785,6 +805,38 @@ describe('query tab with unified timeline', () => {
     );
 
     it(
+      'should be able to add notes through expandable flyout',
+      async () => {
+        (useIsExperimentalFeatureEnabled as jest.Mock).mockImplementation(
+          jest.fn((feature: keyof ExperimentalFeatures) => {
+            if (feature === 'unifiedComponentsInTimelineEnabled') {
+              return true;
+            }
+            if (feature === 'securitySolutionNotesEnabled') {
+              return true;
+            }
+            return allowedExperimentalValues[feature];
+          })
+        );
+
+        renderTestComponents();
+        expect(await screen.findByTestId('discoverDocTable')).toBeVisible();
+
+        await waitFor(() => {
+          expect(screen.getByTestId('timeline-notes-button-small')).not.toBeDisabled();
+        });
+
+        fireEvent.click(screen.getByTestId('timeline-notes-button-small'));
+
+        await waitFor(() => {
+          expect(mockOpenFlyout).toHaveBeenCalled();
+        });
+      },
+      SPECIAL_TEST_TIMEOUT
+    );
+
+    // once the new EUI flyout for notes is implemented this test should be removed
+    it.skip(
       'should be cancel adding notes',
       async () => {
         renderTestComponents();
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap
index afcc519bfe10e..709438a5fcb74 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap
@@ -4,13 +4,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the default col
 Array [
   Object {
     "aggregatable": true,
-    "category": "base",
     "columnHeaderType": "not-filtered",
-    "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.",
     "esTypes": Array [
       "date",
     ],
-    "example": "2016-05-23T08:05:34.853Z",
     "format": "",
     "id": "@timestamp",
     "indexes": Array [
@@ -26,13 +23,10 @@ Array [
   },
   Object {
     "aggregatable": false,
-    "category": "base",
     "columnHeaderType": "not-filtered",
-    "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.",
     "esTypes": Array [
       "text",
     ],
-    "example": "Hello World",
     "format": "string",
     "id": "message",
     "indexes": Array [
@@ -47,13 +41,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "event",
     "columnHeaderType": "not-filtered",
-    "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "authentication",
     "format": "string",
     "id": "event.category",
     "indexes": Array [
@@ -74,13 +65,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "event",
     "columnHeaderType": "not-filtered",
-    "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "user-password-change",
     "format": "string",
     "id": "event.action",
     "indexes": Array [
@@ -101,9 +89,7 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "host",
     "columnHeaderType": "not-filtered",
-    "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.",
     "esTypes": Array [
       "keyword",
     ],
@@ -127,13 +113,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "source",
     "columnHeaderType": "not-filtered",
-    "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.",
     "esTypes": Array [
       "ip",
     ],
-    "example": "",
     "format": "",
     "id": "source.ip",
     "indexes": Array [
@@ -148,13 +131,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "destination",
     "columnHeaderType": "not-filtered",
-    "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.",
     "esTypes": Array [
       "ip",
     ],
-    "example": "",
     "format": "",
     "id": "destination.ip",
     "indexes": Array [
@@ -169,13 +149,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "user",
     "columnHeaderType": "not-filtered",
-    "description": "Short name or login of the user.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "albert",
     "format": "string",
     "id": "user.name",
     "indexes": Array [
@@ -195,13 +172,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the default uni
 Array [
   Object {
     "aggregatable": true,
-    "category": "base",
     "columnHeaderType": "not-filtered",
-    "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.",
     "esTypes": Array [
       "date",
     ],
-    "example": "2016-05-23T08:05:34.853Z",
     "format": "",
     "id": "@timestamp",
     "indexes": Array [
@@ -217,13 +191,10 @@ Array [
   },
   Object {
     "aggregatable": false,
-    "category": "base",
     "columnHeaderType": "not-filtered",
-    "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.",
     "esTypes": Array [
       "text",
     ],
-    "example": "Hello World",
     "format": "string",
     "id": "message",
     "indexes": Array [
@@ -238,13 +209,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "event",
     "columnHeaderType": "not-filtered",
-    "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "authentication",
     "format": "string",
     "id": "event.category",
     "indexes": Array [
@@ -264,13 +232,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "event",
     "columnHeaderType": "not-filtered",
-    "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "user-password-change",
     "format": "string",
     "id": "event.action",
     "indexes": Array [
@@ -290,9 +255,7 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "host",
     "columnHeaderType": "not-filtered",
-    "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.",
     "esTypes": Array [
       "keyword",
     ],
@@ -315,13 +278,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "source",
     "columnHeaderType": "not-filtered",
-    "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.",
     "esTypes": Array [
       "ip",
     ],
-    "example": "",
     "format": "",
     "id": "source.ip",
     "indexes": Array [
@@ -335,13 +295,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "destination",
     "columnHeaderType": "not-filtered",
-    "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.",
     "esTypes": Array [
       "ip",
     ],
-    "example": "",
     "format": "",
     "id": "destination.ip",
     "indexes": Array [
@@ -355,13 +312,10 @@ Array [
   },
   Object {
     "aggregatable": true,
-    "category": "user",
     "columnHeaderType": "not-filtered",
-    "description": "Short name or login of the user.",
     "esTypes": Array [
       "keyword",
     ],
-    "example": "albert",
     "format": "string",
     "id": "user.name",
     "indexes": Array [
@@ -380,13 +334,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the provided co
 Array [
   Object {
     "aggregatable": true,
-    "category": "source",
     "columnHeaderType": "not-filtered",
-    "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.",
     "esTypes": Array [
       "ip",
     ],
-    "example": "",
     "format": "",
     "id": "source.ip",
     "indexes": Array [
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.test.tsx
index 7befceacb5449..ea6490bf18dd9 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.test.tsx
@@ -51,6 +51,7 @@ describe('useTimelineColumns', () => {
             timelineId: TimelineId.test,
             activeTab: TimelineTabs.query,
             refetch: refetchMock,
+            onToggleShowNotes: jest.fn(),
           }),
         {
           wrapper: TestProviders,
@@ -70,6 +71,7 @@ describe('useTimelineColumns', () => {
             timelineId: TimelineId.test,
             activeTab: TimelineTabs.query,
             refetch: refetchMock,
+            onToggleShowNotes: jest.fn(),
           }),
         {
           wrapper: TestProviders,
@@ -90,6 +92,7 @@ describe('useTimelineColumns', () => {
             timelineId: TimelineId.test,
             activeTab: TimelineTabs.query,
             refetch: refetchMock,
+            onToggleShowNotes: jest.fn(),
           }),
         {
           wrapper: TestProviders,
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx
index 02791d85de022..f6d583572c937 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx
@@ -27,6 +27,7 @@ interface UseTimelineControlColumnArgs {
   timelineId: string;
   activeTab: TimelineTabs;
   refetch: () => void;
+  onToggleShowNotes: (eventId?: string) => void;
 }
 
 const EMPTY_STRING_ARRAY: string[] = [];
@@ -39,6 +40,7 @@ export const useTimelineControlColumn = ({
   timelineId,
   activeTab,
   refetch,
+  onToggleShowNotes,
 }: UseTimelineControlColumnArgs) => {
   const { browserFields } = useSourcererDataView(SourcererScopeName.timeline);
 
@@ -95,6 +97,7 @@ export const useTimelineControlColumn = ({
               showCheckboxes={false}
               setEventsLoading={noOp}
               setEventsDeleted={noOp}
+              onToggleShowNotes={onToggleShowNotes}
             />
           );
         },
@@ -106,14 +109,15 @@ export const useTimelineControlColumn = ({
       })) as unknown as ColumnHeaderOptions[];
     }
   }, [
-    ACTION_BUTTON_COUNT,
+    unifiedComponentsInTimelineEnabled,
     UNIFIED_COMPONENTS_ACTION_BUTTON_COUNT,
     browserFields,
     localColumns,
     sort,
-    unifiedComponentsInTimelineEnabled,
-    timelineId,
     activeTab,
+    timelineId,
     refetch,
+    onToggleShowNotes,
+    ACTION_BUTTON_COUNT,
   ]);
 };
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap
index 2c8c9d593b775..d11a5f23cbda6 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap
@@ -28,6 +28,7 @@ exports[`CustomTimelineDataGridBody should render exactly as snapshots 1`] = `
 
 .c0 . euiDataGridRowCell--controlColumn {
   height: 40px;
+  min-height: 40px;
 }
 
 .c0 .udt--customRow {
@@ -57,12 +58,28 @@ exports[`CustomTimelineDataGridBody should render exactly as snapshots 1`] = `
   -webkit-box-align: center;
   -ms-flex-align: center;
   align-items: center;
-  height: 36px;
+  height: 40px;
 }
 
 .c1 .euiDataGridRowCell,
 .c1 .euiDataGridRowCell__content {
+  -webkit-align-items: flex-start;
+  -webkit-box-align: flex-start;
+  -ms-flex-align: flex-start;
+  align-items: flex-start;
+  display: -webkit-box;
+  display: -webkit-flex;
+  display: -ms-flexbox;
+  display: flex;
+  -webkit-flex-direction: column;
+  -ms-flex-direction: column;
+  flex-direction: column;
+  -webkit-box-pack: center;
+  -webkit-justify-content: center;
+  -ms-flex-pack: center;
+  justify-content: center;
   height: 100%;
+  min-height: 40px;
 }
 
 .c1 .euiDataGridRowCell .unifiedDataTable__rowControl,
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/control_column_cell_render.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/control_column_cell_render.tsx
index c662a06cb0dc1..1dcd3ccd9db25 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/control_column_cell_render.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/control_column_cell_render.tsx
@@ -35,6 +35,7 @@ export const ControlColumnCellRender = memo(function ControlColumnCellRender(
       {...props}
       ariaRowindex={rowIndex}
       columnValues="columnValues"
+      disableExpandAction
       eventIdToNoteIds={eventIdToNoteIds}
       isEventPinned={isPinned}
       isEventViewer={false}
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx
index 7002360f5a346..fecfb56f87b14 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx
@@ -31,11 +31,15 @@ export type CustomTimelineDataGridBodyProps = EuiDataGridCustomBodyProps & {
   eventIdToNoteIds?: Record<string, string[]> | null;
   eventIdsAddingNotes?: Set<string>;
   onToggleShowNotes: (eventId?: string) => void;
+  rowHeight?: number;
   refetch?: () => void;
 };
 
 const emptyNotes: string[] = [];
 
+// THE DataGrid Row default is 34px, but we make ours 40 to account for our row actions
+const DEFAULT_UDT_ROW_HEIGHT = 40;
+
 /**
  *
  * In order to render the additional row with every event ( which displays the row-renderer, notes and notes editor)
@@ -56,6 +60,7 @@ export const CustomTimelineDataGridBody: FC<CustomTimelineDataGridBodyProps> = m
       visibleColumns,
       visibleRowData,
       rows,
+      rowHeight,
       enabledRowRenderers,
       events = [],
       eventIdToNoteIds = {},
@@ -98,6 +103,7 @@ export const CustomTimelineDataGridBody: FC<CustomTimelineDataGridBodyProps> = m
               rowIndex={rowIndex}
               key={rowIndex}
               visibleColumns={visibleColumns}
+              rowHeight={rowHeight}
               Cell={Cell}
               enabledRowRenderers={enabledRowRenderers}
               notes={notes}
@@ -127,7 +133,8 @@ const CustomGridRow = styled.div.attrs<{
   width: fit-content;
   border-bottom: 1px solid ${(props) => (props.theme as EuiTheme).eui.euiBorderThin};
   . euiDataGridRowCell--controlColumn {
-    height: 40px;
+    height: ${(props: { $cssRowHeight: string }) => props.$cssRowHeight};
+    min-height: ${DEFAULT_UDT_ROW_HEIGHT}px;
   }
   .udt--customRow {
     border-radius: 0;
@@ -160,10 +167,15 @@ const CustomGridRowCellWrapper = styled.div.attrs<{
 }))`
   display: flex;
   align-items: center;
-  height: 36px;
+  height: ${(props: { $cssRowHeight: string }) => props.$cssRowHeight};
   .euiDataGridRowCell,
   .euiDataGridRowCell__content {
+    align-items: flex-start;
+    display: flex;
+    flex-direction: column;
+    justify-content: center;
     height: 100%;
+    min-height: ${DEFAULT_UDT_ROW_HEIGHT}px;
     .unifiedDataTable__rowControl {
       margin-top: 0;
     }
@@ -182,9 +194,19 @@ type CustomTimelineDataGridSingleRowProps = {
   onToggleShowNotes: (eventId?: string) => void;
 } & Pick<
   CustomTimelineDataGridBodyProps,
-  'visibleColumns' | 'Cell' | 'enabledRowRenderers' | 'refetch'
+  'visibleColumns' | 'Cell' | 'enabledRowRenderers' | 'refetch' | 'rowHeight'
 >;
 
+const calculateRowHeightInPixels = (lineHeightMultiple: number): string => {
+  // The line height multiple can be negative to indicate "auto" in the unified data table
+  if (lineHeightMultiple < 0) return 'auto';
+  // The base line-height in pixels is 16px. This would be calculated default by the datagird and we could use
+  // the `configRowHeight` prop, but since we own control of our rows via `customGridBody` we have to calculate it ourselves.
+  const baseRowLineHeightInPx = 16;
+  const rowHeightInPixels = DEFAULT_UDT_ROW_HEIGHT + baseRowLineHeightInPx * lineHeightMultiple;
+  return `${rowHeightInPixels}px`;
+};
+
 /**
  *
  * RenderCustomBody component above uses this component to display a single row.
@@ -204,6 +226,7 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow(
     eventId = '',
     onToggleShowNotes,
     refetch,
+    rowHeight: rowHeightMultiple = 0,
   } = props;
   const dispatch = useDispatch();
   const { canShowRowRenderer } = useStatefulRowRenderer({
@@ -211,6 +234,7 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow(
     rowRenderers: enabledRowRenderers,
   });
 
+  const cssRowHeight: string = calculateRowHeightInPixels(rowHeightMultiple);
   /**
    * removes the border between the actual row ( timelineEvent) and `TimelineEventDetail` row
    * which renders the row-renderer, notes and notes editor
@@ -250,9 +274,10 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow(
   return (
     <CustomGridRow
       className={`${rowIndex % 2 === 0 ? 'euiDataGridRow--striped' : ''}`}
+      $cssRowHeight={cssRowHeight}
       key={rowIndex}
     >
-      <CustomGridRowCellWrapper className={eventTypeRowClassName}>
+      <CustomGridRowCellWrapper className={eventTypeRowClassName} $cssRowHeight={cssRowHeight}>
         {visibleColumns.map((column, colIndex) => {
           // Skip the expanded row cell - we'll render it manually outside of the flex wrapper
           if (column.id !== TIMELINE_EVENT_DETAIL_ROW_ID) {
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx
index d7e22f116511a..f512fcbe04a0c 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx
@@ -390,6 +390,7 @@ export const TimelineDataTableComponent: React.FC<DataTableProps> = memo(
           visibleColumns={visibleColumns}
           visibleRowData={visibleRowData}
           eventIdToNoteIds={eventIdToNoteIds}
+          rowHeight={rowHeight}
           setCustomGridBodyProps={setCustomGridBodyProps}
           events={events}
           enabledRowRenderers={enabledRowRenderers}
@@ -405,6 +406,7 @@ export const TimelineDataTableComponent: React.FC<DataTableProps> = memo(
         eventIdToNoteIds,
         cellContext?.eventIdsAddingNotes,
         cellContext?.onToggleShowNotes,
+        rowHeight,
         refetch,
       ]
     );
diff --git a/x-pack/plugins/security_solution/scripts/endpoint/api_emulator/emulator_plugins/crowdstrike/mocks.ts b/x-pack/plugins/security_solution/scripts/endpoint/api_emulator/emulator_plugins/crowdstrike/mocks.ts
index cab12ebaeac1a..e915a16c250b0 100644
--- a/x-pack/plugins/security_solution/scripts/endpoint/api_emulator/emulator_plugins/crowdstrike/mocks.ts
+++ b/x-pack/plugins/security_solution/scripts/endpoint/api_emulator/emulator_plugins/crowdstrike/mocks.ts
@@ -30,7 +30,7 @@ export const createCrowdstrikeAgentDetailsMock = (
 ): CrowdstrikeGetAgentsResponse['resources'][number] => {
   return merge(
     {
-      device_id: '0eec3717b2eb472195bbb3964c05cfd3',
+      device_id: '5f4ed7ec2690431f8fa79213268779cb',
       cid: '234567890',
       agent_load_flags: '0',
       agent_local_time: '2024-03-18T22:21:00.173Z',
@@ -141,7 +141,7 @@ export const createCrowdstrikeGetAgentOnlineStatusDetailsMock: (
   return merge(
     {
       state: 'online',
-      id: 'ae86ad7402404048ac9b8d94db8f7ba2',
+      id: '5f4ed7ec2690431f8fa79213268779cb',
     },
     overrides
   );
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts
new file mode 100644
index 0000000000000..6b7526870eb9f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+
+import { getAnonymizedAlerts } from './get_anonymized_alerts';
+import { mockOpenAndAcknowledgedAlertsQueryResults } from '../mock/mock_open_and_acknowledged_alerts_query_results';
+import { getOpenAndAcknowledgedAlertsQuery } from '../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query';
+import { MIN_SIZE } from '../open_and_acknowledged_alerts/helpers';
+
+jest.mock('../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query', () => {
+  const original = jest.requireActual(
+    '../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query'
+  );
+
+  return {
+    getOpenAndAcknowledgedAlertsQuery: jest.fn(() => original),
+  };
+});
+
+describe('getAnonymizedAlerts', () => {
+  const alertsIndexPattern = '.alerts-security.alerts-default';
+  const mockAnonymizationFields = [
+    {
+      id: '9f95b649-f20e-4edf-bd76-1d21ab6f8e2e',
+      timestamp: '2024-05-06T22:16:48.489Z',
+      field: '_id',
+      allowed: true,
+      anonymized: false,
+      createdAt: '2024-05-06T22:16:48.489Z',
+      namespace: 'default',
+    },
+    {
+      id: '22f23471-4f6a-4cec-9b2a-cf270ffb53d5',
+      timestamp: '2024-05-06T22:16:48.489Z',
+      field: 'host.name',
+      allowed: true,
+      anonymized: true,
+      createdAt: '2024-05-06T22:16:48.489Z',
+      namespace: 'default',
+    },
+  ];
+  const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+  const mockReplacements = {
+    replacement1: 'SRVMAC08',
+    replacement2: 'SRVWIN01',
+    replacement3: 'SRVWIN02',
+  };
+  const size = 10;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    (mockEsClient.search as unknown as jest.Mock).mockResolvedValue(
+      mockOpenAndAcknowledgedAlertsQueryResults
+    );
+  });
+
+  it('returns an empty array when alertsIndexPattern is not provided', async () => {
+    const result = await getAnonymizedAlerts({
+      esClient: mockEsClient,
+      size,
+    });
+
+    expect(result).toEqual([]);
+  });
+
+  it('should return an empty array when size is not provided', async () => {
+    const result = await getAnonymizedAlerts({
+      alertsIndexPattern,
+      esClient: mockEsClient,
+    });
+
+    expect(result).toEqual([]);
+  });
+
+  it('should return an empty array when size is out of range', async () => {
+    const outOfRange = MIN_SIZE - 1;
+
+    const result = await getAnonymizedAlerts({
+      alertsIndexPattern,
+      esClient: mockEsClient,
+      size: outOfRange,
+    });
+
+    expect(result).toEqual([]);
+  });
+
+  it('calls getOpenAndAcknowledgedAlertsQuery with the provided anonymizationFields', async () => {
+    await getAnonymizedAlerts({
+      alertsIndexPattern,
+      anonymizationFields: mockAnonymizationFields,
+      esClient: mockEsClient,
+      replacements: mockReplacements,
+      size,
+    });
+
+    expect(getOpenAndAcknowledgedAlertsQuery).toHaveBeenCalledWith({
+      alertsIndexPattern,
+      anonymizationFields: mockAnonymizationFields,
+      size,
+    });
+  });
+
+  it('calls getOpenAndAcknowledgedAlertsQuery with empty anonymizationFields when they are NOT provided', async () => {
+    await getAnonymizedAlerts({
+      alertsIndexPattern,
+      esClient: mockEsClient,
+      replacements: mockReplacements,
+      size,
+    });
+
+    expect(getOpenAndAcknowledgedAlertsQuery).toHaveBeenCalledWith({
+      alertsIndexPattern,
+      anonymizationFields: [],
+      size,
+    });
+  });
+
+  it('returns the expected transformed (anonymized) raw data', async () => {
+    const result = await getAnonymizedAlerts({
+      alertsIndexPattern,
+      anonymizationFields: mockAnonymizationFields,
+      esClient: mockEsClient,
+      replacements: mockReplacements,
+      size,
+    });
+
+    expect(result).toEqual([
+      '_id,b6e883c29b32571aaa667fa13e65bbb4f95172a2b84bdfb85d6f16c72b2d2560\nhost.name,replacement1',
+      '_id,0215a6c5cc9499dd0290cd69a4947efb87d3ddd8b6385a766d122c2475be7367\nhost.name,replacement1',
+      '_id,600eb9eca925f4c5b544b4e9d3cf95d83b7829f8f74c5bd746369cb4c2968b9a\nhost.name,replacement1',
+      '_id,e1f4a4ed70190eb4bd256c813029a6a9101575887cdbfa226ac330fbd3063f0c\nhost.name,replacement1',
+      '_id,2a7a4809ca625dfe22ccd35fbef7a7ba8ed07f109e5cbd17250755cfb0bc615f\nhost.name,replacement1',
+      '_id,2a9f7602de8656d30dda0ddcf79e78037ac2929780e13d5b2047b3bedc40bb69\nhost.name,replacement1',
+      '_id,4615c3a90e8057ae5cc9b358bbbf4298e346277a2f068dda052b0b43ef6d5bbd\nhost.name,replacement1',
+      '_id,449322a72d3f19efbdf983935a1bdd21ebd6b9c761ce31e8b252003017d7e5db\nhost.name,replacement1',
+      '_id,f465ca9fbfc8bc3b1871e965c9e111cac76ff3f4076fed6bc9da88d49fb43014\nhost.name,replacement3',
+      '_id,aa283e6a13be77b533eceffb09e48254c8f91feeccc39f7eed80fd3881d053f4\nhost.name,replacement3',
+      '_id,dd9e4ea23961ccfdb7a9c760ee6bedd19a013beac3b0d38227e7ae77ba4ce515\nhost.name,replacement3',
+      '_id,f30d55e503b1d848b34ee57741b203d8052360dd873ea34802f3fa7a9ef34d0a\nhost.name,replacement3',
+      '_id,6f8cd5e8021dbb64598f2b7ec56bee21fd00d1e62d4e08905f86bf234873ee66\nhost.name,replacement3',
+      '_id,ce110da958fe0cf0c07599a21c68d90a64c93b7607aa27970a614c7f49598316\nhost.name,replacement3',
+      '_id,0866787b0027b4d908767ac16e35a1da00970c83632ba85be65f2ad371132b4f\nhost.name,replacement3',
+      '_id,b0fdf96721e361e1137d49a67e26d92f96b146392d7f44322bddc3d660abaef1\nhost.name,replacement3',
+      '_id,7b4f49f21cf141e67856d3207fb4ea069c8035b41f0ea501970694cf8bd43cbe\nhost.name,replacement3',
+      '_id,ea81d79104cbd442236b5bcdb7a3331de897aa4ce1523e622068038d048d0a9e\nhost.name,replacement3',
+      '_id,cdf3b5510bb5ed622e8cefd1ce6bedc52bdd99a4c1ead537af0603469e713c8b\nhost.name,replacement2',
+      '_id,6abe81eb6350fb08031761be029e7ab19f7e577a7c17a9c5ea1ed010ba1620e3\nhost.name,replacement2',
+    ]);
+  });
+
+  it('calls onNewReplacements for every alert', async () => {
+    const onNewReplacements = jest.fn();
+
+    await getAnonymizedAlerts({
+      alertsIndexPattern,
+      anonymizationFields: mockAnonymizationFields,
+      esClient: mockEsClient,
+      onNewReplacements,
+      replacements: mockReplacements,
+      size,
+    });
+
+    expect(onNewReplacements).toHaveBeenCalledTimes(20); // 20 alerts in mockOpenAndAcknowledgedAlertsQueryResults
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts
index 933a7ab55b924..5989caf439518 100644
--- a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts
+++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts
@@ -28,7 +28,7 @@ export const getAnonymizedAlerts = async ({
   onNewReplacements?: (replacements: Replacements) => void;
   replacements?: Replacements;
   size?: number;
-}) => {
+}): Promise<string[]> => {
   if (alertsIndexPattern == null || size == null || sizeIsOutOfRange(size)) {
     return [];
   }
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts
new file mode 100644
index 0000000000000..bc290bf172382
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { getAttackDiscoveryPrompt } from './get_attack_discovery_prompt';
+
+describe('getAttackDiscoveryPrompt', () => {
+  it('should generate the correct attack discovery prompt', () => {
+    const anonymizedAlerts = ['Alert 1', 'Alert 2', 'Alert 3'];
+
+    const expected = `You are a cyber security analyst tasked with analyzing security events from Elastic Security to identify and report on potential cyber attacks or progressions. Your report should focus on high-risk incidents that could severely impact the organization, rather than isolated alerts. Present your findings in a way that can be easily understood by anyone, regardless of their technical expertise, as if you were briefing the CISO. Break down your response into sections based on timing, hosts, and users involved. When correlating alerts, use kibana.alert.original_time when it's available, otherwise use @timestamp. Include appropriate context about the affected hosts and users. Describe how the attack progression might have occurred and, if feasible, attribute it to known threat groups. Prioritize high and critical alerts, but include lower-severity alerts if desired. In the description field, provide as much detail as possible, in a bulleted list explaining any attack progressions. Accuracy is of utmost importance. Escape backslashes to respect JSON validation. New lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON. Only return JSON output, as described above. Do not add any additional text to describe your output.
+
+Use context from the following open and acknowledged alerts to provide insights:
+
+"""
+Alert 1
+
+Alert 2
+
+Alert 3
+"""
+`;
+
+    const prompt = getAttackDiscoveryPrompt({ anonymizedAlerts });
+
+    expect(prompt).toEqual(expected);
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts
new file mode 100644
index 0000000000000..5ad2cd11f817a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { getOutputParser } from './get_output_parser';
+
+describe('getOutputParser', () => {
+  it('returns a structured output parser with the expected format instructions', () => {
+    const outputParser = getOutputParser();
+
+    const expected = `You must format your output as a JSON value that adheres to a given \"JSON Schema\" instance.
+
+\"JSON Schema\" is a declarative language that allows you to annotate and validate JSON documents.
+
+For example, the example \"JSON Schema\" instance {{\"properties\": {{\"foo\": {{\"description\": \"a list of test words\", \"type\": \"array\", \"items\": {{\"type\": \"string\"}}}}}}, \"required\": [\"foo\"]}}}}
+would match an object with one required property, \"foo\". The \"type\" property specifies \"foo\" must be an \"array\", and the \"description\" property semantically describes it as \"a list of test words\". The items within \"foo\" must be strings.
+Thus, the object {{\"foo\": [\"bar\", \"baz\"]}} is a well-formatted instance of this example \"JSON Schema\". The object {{\"properties\": {{\"foo\": [\"bar\", \"baz\"]}}}} is not well-formatted.
+
+Your output will be parsed and type-checked according to the provided schema instance, so make sure all fields in your output match the schema exactly and there are no trailing commas!
+
+Here is the JSON Schema instance your output must adhere to. Include the enclosing markdown codeblock:
+\`\`\`json
+{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"alertIds\":{\"type\":\"array\",\"items\":{\"type\":\"string\"},\"description\":\"The alert IDs that the insight is based on.\"},\"detailsMarkdown\":{\"type\":\"string\",\"description\":\"A detailed insight with markdown, where each markdown bullet contains a description of what happened that reads like a story of the attack as it played out and always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}\"},\"entitySummaryMarkdown\":{\"type\":\"string\",\"description\":\"A short (no more than a sentence) summary of the insight featuring only the host.name and user.name fields (when they are applicable), using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax\"},\"mitreAttackTactics\":{\"type\":\"array\",\"items\":{\"type\":\"string\"},\"description\":\"An array of MITRE ATT&CK tactic for the insight, using one of the following values: Reconnaissance,Initial Access,Execution,Persistence,Privilege Escalation,Discovery,Lateral Movement,Command and Control,Exfiltration\"},\"summaryMarkdown\":{\"type\":\"string\",\"description\":\"A markdown summary of insight, using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax\"},\"title\":{\"type\":\"string\",\"description\":\"A short, no more than 7 words, title for the insight, NOT formatted with special syntax or markdown. This must be as brief as possible.\"}},\"required\":[\"alertIds\",\"detailsMarkdown\",\"summaryMarkdown\",\"title\"],\"additionalProperties\":false},\"description\":\"Insights with markdown that always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}\",\"$schema\":\"http://json-schema.org/draft-07/schema#\"}
+\`\`\`
+`;
+
+    expect(outputParser.getFormatInstructions()).toEqual(expected);
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.ts
index 1c839ffc64522..6a1893612c1fd 100644
--- a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.ts
+++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.ts
@@ -47,7 +47,7 @@ export const getOutputParser = () =>
           detailsMarkdown: z
             .string()
             .describe(
-              `A detailed insight with markdown that always uses special ${SYNTAX} syntax for field names and values from the source data. ${GOOD_SYNTAX_EXAMPLES} ${BAD_SYNTAX_EXAMPLES}`
+              `A detailed insight with markdown, where each markdown bullet contains a description of what happened that reads like a story of the attack as it played out and always uses special ${SYNTAX} syntax for field names and values from the source data. ${GOOD_SYNTAX_EXAMPLES} ${BAD_SYNTAX_EXAMPLES}`
             ),
           entitySummaryMarkdown: z
             .string()
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts
deleted file mode 100644
index fd5d4cc668df8..0000000000000
--- a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Replacements } from '@kbn/elastic-assistant-common';
-
-export const getReplacementsRecords = (
-  replacements: Array<{ value: string; uuid: string }>
-): Replacements =>
-  replacements.reduce<Record<string, string>>(
-    (acc, { value, uuid }) => ({ ...acc, [uuid]: value }),
-    {}
-  );
-
-export const getReplacementsArray = (
-  replacements: Replacements
-): Array<{ value: string; uuid: string }> =>
-  Object.entries(replacements).map(([uuid, value]) => ({ uuid, value }));
diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts
index 1fbfeef9382e5..3cd77526942ff 100644
--- a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts
@@ -48,6 +48,7 @@ import { createCasesClientMock } from '@kbn/cases-plugin/server/client/mocks';
 import type { AddVersionOpts, VersionedRouteConfig } from '@kbn/core-http-server';
 import { unsecuredActionsClientMock } from '@kbn/actions-plugin/server/unsecured_actions_client/unsecured_actions_client.mock';
 import type { PluginStartContract } from '@kbn/actions-plugin/server';
+import type { Mutable } from 'utility-types';
 import { responseActionsClientMock } from '../services/actions/clients/mocks';
 import { getEndpointAuthzInitialStateMock } from '../../../common/endpoint/service/authz/mocks';
 import { createMockConfig, requestContextMock } from '../../lib/detection_engine/routes/__mocks__';
@@ -264,7 +265,7 @@ export interface HttpApiTestSetupMock<P = any, Q = any, B = any> {
   httpResponseMock: ReturnType<typeof httpServerMock.createResponseFactory>;
   httpHandlerContextMock: ReturnType<typeof requestContextMock.convertContext>;
   getEsClientMock: (type?: 'internalUser' | 'currentUser') => ElasticsearchClientMock;
-  createRequestMock: (options?: RequestFixtureOptions<P, Q, B>) => KibanaRequest<P, Q, B>;
+  createRequestMock: (options?: RequestFixtureOptions<P, Q, B>) => Mutable<KibanaRequest<P, Q, B>>;
   /** Retrieves the handler that was registered with the `router` for a given `method` and `path` */
   getRegisteredRouteHandler: (method: RouterMethod, path: string) => RequestHandler;
   /** Retrieves the route handler configuration that was registered with the router */
@@ -334,7 +335,9 @@ export const createHttpApiTestSetupMock = <P = any, Q = any, B = any>(): HttpApi
     httpHandlerContextMock,
     httpResponseMock,
 
-    createRequestMock: (options: RequestFixtureOptions<P, Q, B> = {}): KibanaRequest<P, Q, B> => {
+    createRequestMock: (
+      options: RequestFixtureOptions<P, Q, B> = {}
+    ): Mutable<KibanaRequest<P, Q, B>> => {
       return httpServerMock.createKibanaRequest<P, Q, B>(options);
     },
 
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
index 09512b7cbc5ed..cf8a5325b9f9a 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
@@ -50,7 +50,7 @@ import type {
   KillOrSuspendProcessRequestBody,
   ResponseActionParametersWithPidOrEntityId,
   ResponseActionsExecuteParameters,
-  ResponseActionsScanParameters,
+  ResponseActionScanParameters,
 } from '../../../../common/endpoint/types';
 import type { ResponseActionsApiCommandNames } from '../../../../common/endpoint/service/response_actions/constants';
 import type {
@@ -301,7 +301,7 @@ export function registerResponseActionRoutes(
         withEndpointAuthz(
           { all: ['canWriteScanOperations'] },
           logger,
-          responseActionRequestHandler<ResponseActionsScanParameters>(endpointContext, 'scan')
+          responseActionRequestHandler<ResponseActionScanParameters>(endpointContext, 'scan')
         )
       );
   }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts
index d60c04b58886b..ff34ff6d66d1e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts
@@ -12,12 +12,33 @@ import { registerAgentStatusRoute } from './agent_status_handler';
 import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants';
 import { CustomHttpRequestError } from '../../../utils/custom_http_request_error';
 import type { EndpointAgentStatusRequestQueryParams } from '../../../../common/api/endpoint/agent/get_agent_status_route';
+import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants';
 import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../common/endpoint/service/response_actions/constants';
+import type { ExperimentalFeatures } from '../../../../common';
+import { agentServiceMocks as mockAgentService } from '../../services/agent/mocks';
+import { getAgentStatusClient as _getAgentStatusClient } from '../../services';
+import type { DeepMutable } from '../../../../common/endpoint/types';
+
+jest.mock('../../services', () => {
+  const realModule = jest.requireActual('../../services');
+
+  return {
+    ...realModule,
+    getAgentStatusClient: jest.fn((agentType: ResponseActionAgentType) => {
+      return mockAgentService.createClient(agentType);
+    }),
+  };
+});
+
+const getAgentStatusClientMock = _getAgentStatusClient as jest.Mock;
 
 describe('Agent Status API route handler', () => {
-  let apiTestSetup: HttpApiTestSetupMock<never, EndpointAgentStatusRequestQueryParams>;
+  let apiTestSetup: HttpApiTestSetupMock<never, DeepMutable<EndpointAgentStatusRequestQueryParams>>;
   let httpRequestMock: ReturnType<
-    HttpApiTestSetupMock<never, EndpointAgentStatusRequestQueryParams>['createRequestMock']
+    HttpApiTestSetupMock<
+      never,
+      DeepMutable<EndpointAgentStatusRequestQueryParams>
+    >['createRequestMock']
   >;
   let httpHandlerContextMock: HttpApiTestSetupMock<
     never,
@@ -43,60 +64,55 @@ describe('Agent Status API route handler', () => {
     apiTestSetup.endpointAppContextMock.experimentalFeatures = {
       ...apiTestSetup.endpointAppContextMock.experimentalFeatures,
       responseActionsSentinelOneV1Enabled: true,
-      responseActionsCrowdstrikeManualHostIsolationEnabled: false,
-      agentStatusClientEnabled: false,
+      responseActionsCrowdstrikeManualHostIsolationEnabled: true,
     };
 
     registerAgentStatusRoute(apiTestSetup.routerMock, apiTestSetup.endpointAppContextMock);
   });
 
-  it('should error if the sentinel_one feature flag is turned off', async () => {
-    apiTestSetup.endpointAppContextMock.experimentalFeatures = {
-      ...apiTestSetup.endpointAppContextMock.experimentalFeatures,
-      responseActionsSentinelOneV1Enabled: false,
-      responseActionsCrowdstrikeManualHostIsolationEnabled: false,
-    };
+  it.each`
+    agentType         | featureFlag
+    ${'sentinel_one'} | ${'responseActionsSentinelOneV1Enabled'}
+    ${'crowdstrike'}  | ${'responseActionsCrowdstrikeManualHostIsolationEnabled'}
+  `(
+    'should error if the $agentType feature flag ($featureFlag) is turned off',
+    async ({
+      agentType,
+      featureFlag,
+    }: {
+      agentType: ResponseActionAgentType;
+      featureFlag: keyof ExperimentalFeatures;
+    }) => {
+      apiTestSetup.endpointAppContextMock.experimentalFeatures = {
+        ...apiTestSetup.endpointAppContextMock.experimentalFeatures,
+        [featureFlag]: false,
+      };
+      httpRequestMock.query.agentType = agentType;
 
-    await apiTestSetup
-      .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1')
-      .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock);
-
-    expect(httpResponseMock.customError).toHaveBeenCalledWith({
-      statusCode: 400,
-      body: expect.any(CustomHttpRequestError),
-    });
-  });
-
-  it.each(RESPONSE_ACTION_AGENT_TYPE)('should accept agent type of %s', async (agentType) => {
-    // @ts-expect-error `query.*` is not mutable
-    httpRequestMock.query.agentType = agentType;
-    // TODO TC: Temporary workaround to catch thrown error while Crowdstrike status is not yet supported
-    try {
       await apiTestSetup
         .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1')
         .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock);
-    } catch (error) {
-      if (agentType === 'crowdstrike') {
-        expect(error.message).toBe('Agent type [crowdstrike] does not support agent status');
-      }
-    }
-    if (agentType !== 'crowdstrike') {
-      expect(httpResponseMock.ok).toHaveBeenCalled();
+
+      expect(httpResponseMock.customError).toHaveBeenCalledWith({
+        statusCode: 400,
+        body: expect.any(CustomHttpRequestError),
+      });
     }
-  });
+  );
 
-  it('should accept agent type of `endpoint` when FF is disabled', async () => {
-    apiTestSetup.endpointAppContextMock.experimentalFeatures = {
-      ...apiTestSetup.endpointAppContextMock.experimentalFeatures,
-      responseActionsSentinelOneV1Enabled: false,
-    };
-    // @ts-expect-error `query.*` is not mutable
-    httpRequestMock.query.agentType = 'endpoint';
+  it.each(RESPONSE_ACTION_AGENT_TYPE)('should accept agent type of %s', async (agentType) => {
+    httpRequestMock.query.agentType = agentType;
     await apiTestSetup
       .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1')
       .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock);
 
     expect(httpResponseMock.ok).toHaveBeenCalled();
+    expect(getAgentStatusClientMock).toHaveBeenCalledWith(agentType, {
+      esClient: (await httpHandlerContextMock.core).elasticsearch.client.asInternalUser,
+      soClient: (await httpHandlerContextMock.core).savedObjects.client,
+      connectorActionsClient: (await httpHandlerContextMock.actions).getActionsClient(),
+      endpointService: apiTestSetup.endpointAppContextMock.service,
+    });
   });
 
   it('should return status code 200 with expected payload', async () => {
@@ -109,43 +125,21 @@ describe('Agent Status API route handler', () => {
         data: {
           one: {
             agentType: 'sentinel_one',
-            found: false,
+            found: true,
             agentId: 'one',
-            isUninstalled: false,
-            isPendingUninstall: false,
             isolated: false,
-            lastSeen: '',
-            pendingActions: {
-              execute: 0,
-              'get-file': 0,
-              isolate: 0,
-              'kill-process': 0,
-              'running-processes': 0,
-              'suspend-process': 0,
-              unisolate: 0,
-              upload: 0,
-            },
-            status: 'unenrolled',
+            lastSeen: expect.any(String),
+            pendingActions: {},
+            status: 'healthy',
           },
           two: {
             agentType: 'sentinel_one',
-            found: false,
+            found: true,
             agentId: 'two',
-            isUninstalled: false,
-            isPendingUninstall: false,
             isolated: false,
-            lastSeen: '',
-            pendingActions: {
-              execute: 0,
-              'get-file': 0,
-              isolate: 0,
-              'kill-process': 0,
-              'running-processes': 0,
-              'suspend-process': 0,
-              unisolate: 0,
-              upload: 0,
-            },
-            status: 'unenrolled',
+            lastSeen: expect.any(String),
+            pendingActions: {},
+            status: 'healthy',
           },
         },
       },
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts
index 25f281facb848..0a9bdbde9876e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts
@@ -6,7 +6,6 @@
  */
 
 import type { RequestHandler } from '@kbn/core/server';
-import { getSentinelOneAgentStatus } from '../../services/agent/agent_status';
 import { errorHandler } from '../error_handler';
 import type { EndpointAgentStatusRequestQueryParams } from '../../../../common/api/endpoint/agent/get_agent_status_route';
 import { EndpointAgentStatusRequestSchema } from '../../../../common/api/endpoint/agent/get_agent_status_route';
@@ -59,6 +58,10 @@ export const getAgentStatusRouteHandler = (
     const { agentType = 'endpoint', agentIds: _agentIds } = request.query;
     const agentIds = Array.isArray(_agentIds) ? _agentIds : [_agentIds];
 
+    logger.debug(
+      `Retrieving status for: agentType [${agentType}], agentIds: [${agentIds.join(', ')}]`
+    );
+
     // Note: because our API schemas are defined as module static variables (as opposed to a
     //        `getter` function), we need to include this additional validation here, since
     //        `agent_type` is included in the schema independent of the feature flag
@@ -77,36 +80,17 @@ export const getAgentStatusRouteHandler = (
 
     const esClient = (await context.core).elasticsearch.client.asInternalUser;
     const soClient = (await context.core).savedObjects.client;
+    const connectorActionsClient = (await context.actions).getActionsClient();
     const agentStatusClient = getAgentStatusClient(agentType, {
       esClient,
       soClient,
+      connectorActionsClient,
       endpointService: endpointContext.service,
-      connectorActionsClient:
-        agentType === 'crowdstrike' ? (await context.actions).getActionsClient() : undefined,
     });
-
-    // 8.15: use the new `agentStatusClientEnabled` FF enabled
-    const data = endpointContext.experimentalFeatures.agentStatusClientEnabled
-      ? await agentStatusClient.getAgentStatuses(agentIds)
-      : agentType === 'sentinel_one'
-      ? await getSentinelOneAgentStatus({
-          agentType,
-          agentIds,
-          logger,
-          connectorActionsClient: (await context.actions).getActionsClient(),
-        })
-      : [];
-
-    logger.debug(
-      `Retrieving status for: agentType [${agentType}], agentIds: [${agentIds.join(', ')}]`
-    );
+    const data = await agentStatusClient.getAgentStatuses(agentIds);
 
     try {
-      return response.ok({
-        body: {
-          data,
-        },
-      });
+      return response.ok({ body: { data } });
     } catch (e) {
       return errorHandler(logger, response, e);
     }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/build_resolver_entity.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/build_resolver_entity.ts
index c1195aa11c400..7f8e4cbeb381a 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/build_resolver_entity.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/build_resolver_entity.ts
@@ -23,6 +23,9 @@ export function resolverEntity(
       let foundSchema = true;
       // check that the constraint and id fields are defined and that the id field is not an empty string
       const id = getFieldAsString(hit._source, supportedSchema.schema.id);
+      const agentId =
+        supportedSchema.schema.agentId &&
+        getFieldAsString(hit._source, supportedSchema.schema.agentId);
       for (const constraint of supportedSchema.constraints) {
         const fieldValue = getFieldAsString(hit._source, constraint.field);
         // track that all the constraints are true, if one of them is false then this schema is not valid so mark it
@@ -40,6 +43,7 @@ export function resolverEntity(
           name: supportedSchema.name,
           schema: supportedSchema.schema,
           id,
+          ...(agentId ? { agentId } : {}),
         });
       }
     }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/supported_schemas.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/supported_schemas.ts
index ba3c9b64ea32c..fa50d587b99d4 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/supported_schemas.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/entity/utils/supported_schemas.ts
@@ -64,6 +64,7 @@ export const getSupportedSchemas = (
         parent: 'process.parent.entity_id',
         ancestry: 'process.Ext.ancestry',
         name: 'process.name',
+        agentId: 'agent.id',
       },
     },
     {
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/events.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/events.ts
index 7d6e4865c9160..8964b70df0c71 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/events.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/events.ts
@@ -55,6 +55,7 @@ export function handleEvents(
       indexPatterns: body.indexPatterns,
       timeRange: body.timeRange,
       shouldExcludeColdAndFrozenTiers,
+      agentId: body.agentId,
     });
     const results = await eventsQuery.search(eventsClient, body, alertsClient);
     return res.ok({
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts
index 3b8d95fa1aa9e..bf0d04a19e753 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts
@@ -19,14 +19,22 @@ import type { ResolverQueryParams } from '../tree/queries/base';
  */
 export class EventsQuery extends BaseResolverQuery {
   readonly pagination: PaginationBuilder;
+
   constructor({
     indexPatterns,
     timeRange,
     isInternalRequest,
     pagination,
     shouldExcludeColdAndFrozenTiers,
+    agentId,
   }: ResolverQueryParams & { pagination: PaginationBuilder }) {
-    super({ indexPatterns, timeRange, isInternalRequest, shouldExcludeColdAndFrozenTiers });
+    super({
+      indexPatterns,
+      timeRange,
+      isInternalRequest,
+      shouldExcludeColdAndFrozenTiers,
+      agentId,
+    });
     this.pagination = pagination;
   }
 
@@ -66,7 +74,10 @@ export class EventsQuery extends BaseResolverQuery {
     };
   }
 
-  private alertsForProcessQuery(id?: JsonValue): { query: object; index: string } {
+  private alertsForProcessQuery(
+    id?: JsonValue,
+    agentId?: string
+  ): { query: object; index: string } {
     return {
       query: {
         bool: {
@@ -74,6 +85,7 @@ export class EventsQuery extends BaseResolverQuery {
             {
               term: { 'process.entity_id': id },
             },
+            ...(this.schema.agentId && agentId ? [{ term: { 'agent.id': agentId } }] : []),
             ...this.getRangeFilter(),
           ],
         },
@@ -108,7 +120,7 @@ export class EventsQuery extends BaseResolverQuery {
    */
   async search(
     client: IScopedClusterClient,
-    body: { filter?: string; eventID?: string; entityType?: string },
+    body: { filter?: string; eventID?: string; entityType?: string; agentId?: string },
     alertsClient: AlertsClient
   ): Promise<SafeResolverEvent[]> {
     if (body.filter) {
@@ -119,13 +131,13 @@ export class EventsQuery extends BaseResolverQuery {
       // @ts-expect-error @elastic/elasticsearch _source is optional
       return response.hits.hits.map((hit) => hit._source);
     } else {
-      const { eventID, entityType } = body;
+      const { eventID, entityType, agentId } = body;
       if (entityType === 'alertDetail') {
         const response = await alertsClient.find(this.alertDetailQuery(eventID));
         // @ts-expect-error @elastic/elasticsearch _source is optional
         return response.hits.hits.map((hit) => hit._source);
       } else {
-        const response = await alertsClient.find(this.alertsForProcessQuery(eventID));
+        const response = await alertsClient.find(this.alertsForProcessQuery(eventID, agentId));
         // @ts-expect-error @elastic/elasticsearch _source is optional
         return response.hits.hits.map((hit) => hit._source);
       }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/base.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/base.ts
index 34e8c463dc779..37a03bc170199 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/base.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/base.ts
@@ -13,6 +13,7 @@ import { resolverFields } from '../utils';
 
 export interface ResolverQueryParams {
   readonly schema?: ResolverSchema;
+  readonly agentId?: string;
   readonly indexPatterns: string | string[];
   readonly isInternalRequest?: boolean;
   readonly shouldExcludeColdAndFrozenTiers?: boolean;
@@ -25,6 +26,7 @@ export interface ResolverQueryParams {
 
 export class BaseResolverQuery implements ResolverQueryParams {
   readonly schema: ResolverSchema;
+  readonly agentId: string | undefined;
   readonly indexPatterns: string | string[];
   readonly isInternalRequest?: boolean;
   readonly shouldExcludeColdAndFrozenTiers?: boolean;
@@ -37,6 +39,7 @@ export class BaseResolverQuery implements ResolverQueryParams {
     timeRange,
     isInternalRequest,
     shouldExcludeColdAndFrozenTiers,
+    agentId,
   }: ResolverQueryParams) {
     const schemaOrDefault = schema
       ? schema
@@ -50,6 +53,7 @@ export class BaseResolverQuery implements ResolverQueryParams {
     this.timeRange = timeRange;
     this.isInternalRequest = isInternalRequest;
     this.shouldExcludeColdAndFrozenTiers = shouldExcludeColdAndFrozenTiers;
+    this.agentId = agentId;
   }
 
   getColdAndFrozenTierFilter() {
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
index 58eda02ee9289..5f19beba4e71d 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts
@@ -26,8 +26,16 @@ export class DescendantsQuery extends BaseResolverQuery {
     timeRange,
     isInternalRequest,
     shouldExcludeColdAndFrozenTiers,
+    agentId,
   }: ResolverQueryParams) {
-    super({ schema, indexPatterns, timeRange, isInternalRequest, shouldExcludeColdAndFrozenTiers });
+    super({
+      schema,
+      indexPatterns,
+      timeRange,
+      isInternalRequest,
+      shouldExcludeColdAndFrozenTiers,
+      agentId,
+    });
   }
 
   private query(nodes: NodeID[], size: number): JsonObject {
@@ -47,6 +55,9 @@ export class DescendantsQuery extends BaseResolverQuery {
             {
               terms: { [this.schema.parent]: nodes },
             },
+            ...(this.schema.agentId && this.agentId
+              ? [{ term: { 'agent.id': this.agentId } }]
+              : []),
             {
               exists: {
                 field: this.schema.id,
@@ -128,6 +139,9 @@ export class DescendantsQuery extends BaseResolverQuery {
                 [ancestryField]: nodes,
               },
             },
+            ...(this.schema.agentId && this.agentId
+              ? [{ term: { 'agent.id': this.agentId } }]
+              : []),
             {
               exists: {
                 field: this.schema.id,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
index ca1578e071626..8154c79ba621c 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts
@@ -18,14 +18,23 @@ import { BaseResolverQuery } from './base';
  */
 export class LifecycleQuery extends BaseResolverQuery {
   declare readonly resolverFields: JsonValue[];
+
   constructor({
     schema,
     indexPatterns,
     timeRange,
     isInternalRequest,
     shouldExcludeColdAndFrozenTiers,
+    agentId,
   }: ResolverQueryParams) {
-    super({ schema, indexPatterns, timeRange, isInternalRequest, shouldExcludeColdAndFrozenTiers });
+    super({
+      schema,
+      indexPatterns,
+      timeRange,
+      isInternalRequest,
+      shouldExcludeColdAndFrozenTiers,
+      agentId,
+    });
   }
 
   private query(nodes: NodeID[]): JsonObject {
@@ -45,6 +54,9 @@ export class LifecycleQuery extends BaseResolverQuery {
             {
               terms: { [this.schema.id]: nodes },
             },
+            ...(this.schema.agentId && this.agentId
+              ? [{ term: { 'agent.id': this.agentId } }]
+              : []),
             {
               exists: {
                 field: this.schema.id,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts
index d73acb5a86fe2..2fcdfae9eb958 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts
@@ -32,8 +32,14 @@ interface CategoriesAgg extends AggBucket {
  * Builds a query for retrieving descendants of a node.
  */
 export class StatsQuery extends BaseResolverQuery {
-  constructor({ schema, indexPatterns, timeRange, isInternalRequest }: ResolverQueryParams) {
-    super({ schema, indexPatterns, timeRange, isInternalRequest });
+  constructor({
+    schema,
+    indexPatterns,
+    timeRange,
+    isInternalRequest,
+    agentId,
+  }: ResolverQueryParams) {
+    super({ schema, indexPatterns, timeRange, isInternalRequest, agentId });
   }
 
   private query(nodes: NodeID[]): JsonObject {
@@ -46,6 +52,9 @@ export class StatsQuery extends BaseResolverQuery {
             {
               terms: { [this.schema.id]: nodes },
             },
+            ...(this.schema.agentId && this.agentId
+              ? [{ term: { 'agent.id': this.agentId } }]
+              : []),
             {
               term: { 'event.kind': 'event' },
             },
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.test.ts
index 13a10fc5f40a3..34e348a6132df 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.test.ts
@@ -48,18 +48,21 @@ describe('fetcher test', () => {
   const schemaIDParent = {
     id: 'id',
     parent: 'parent',
+    agentId: 'agent.id',
   };
 
   const schemaIDParentAncestry = {
     id: 'id',
     parent: 'parent',
     ancestry: 'ancestry',
+    agentId: 'agent.id',
   };
 
   const schemaIDParentName = {
     id: 'id',
     parent: 'parent',
     name: 'name',
+    agentId: 'agent.id',
   };
 
   let client: jest.Mocked<IScopedClusterClient>;
@@ -78,6 +81,7 @@ describe('fetcher test', () => {
         return [];
       });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 1,
         descendants: 5,
         ancestors: 0,
@@ -88,6 +92,7 @@ describe('fetcher test', () => {
         schema: {
           id: '',
           parent: '',
+          agentId: '',
         },
         indexPatterns: [''],
         nodes: ['a'],
@@ -98,6 +103,7 @@ describe('fetcher test', () => {
 
     it('exists the loop when the options specify no descendants', async () => {
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 0,
@@ -108,6 +114,7 @@ describe('fetcher test', () => {
         schema: {
           id: '',
           parent: '',
+          agentId: '',
         },
         indexPatterns: [''],
         nodes: ['a'],
@@ -119,14 +126,14 @@ describe('fetcher test', () => {
 
     it('returns the correct results without the ancestry defined', async () => {
       /**
-        .
-        └── 0
-            ├── 1
-            │   └── 2
-            └── 3
-                ├── 4
-                └── 5
-        */
+       .
+       └── 0
+       ├── 1
+       │   └── 2
+       └── 3
+       ├── 4
+       └── 5
+       */
       const level1 = [
         {
           id: '1',
@@ -161,6 +168,7 @@ describe('fetcher test', () => {
           return level2;
         });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 2,
         descendants: 5,
         ancestors: 0,
@@ -186,6 +194,7 @@ describe('fetcher test', () => {
         return [];
       });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 5,
@@ -196,6 +205,7 @@ describe('fetcher test', () => {
         schema: {
           id: '',
           parent: '',
+          agentId: '',
         },
         indexPatterns: [''],
         nodes: ['a'],
@@ -209,6 +219,7 @@ describe('fetcher test', () => {
         throw new Error('should not have called this');
       });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 0,
@@ -219,6 +230,7 @@ describe('fetcher test', () => {
         schema: {
           id: '',
           parent: '',
+          agentId: '',
         },
         indexPatterns: [''],
         nodes: ['a'],
@@ -247,6 +259,7 @@ describe('fetcher test', () => {
           ];
         });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 2,
@@ -290,6 +303,7 @@ describe('fetcher test', () => {
           ];
         });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 2,
@@ -340,6 +354,7 @@ describe('fetcher test', () => {
           return [node1, node2];
         });
       const options: TreeOptions = {
+        agentId: 'agent-1',
         descendantLevels: 0,
         descendants: 0,
         ancestors: 3,
@@ -361,11 +376,11 @@ describe('fetcher test', () => {
   describe('retrieving leaf nodes', () => {
     it('correctly identifies the leaf nodes in a response without the ancestry field', () => {
       /**
-        .
-        └── 0
-            ├── 1
-            ├── 2
-            └── 3
+       .
+       └── 0
+       ├── 1
+       ├── 2
+       └── 3
        */
       const results = [
         {
@@ -381,16 +396,20 @@ describe('fetcher test', () => {
           parent: '0',
         },
       ];
-      const leaves = getLeafNodes(results, ['0'], { id: 'id', parent: 'parent' });
+      const leaves = getLeafNodes(results, ['0'], {
+        id: 'id',
+        parent: 'parent',
+        agentId: 'agent.id',
+      });
       expect(leaves).toStrictEqual(['1', '2', '3']);
     });
 
     it('correctly ignores nodes without the proper fields', () => {
       /**
-        .
-        └── 0
-            ├── 1
-            ├── 2
+       .
+       └── 0
+       ├── 1
+       ├── 2
        */
       const results = [
         {
@@ -406,7 +425,11 @@ describe('fetcher test', () => {
           parentNotReal: '0',
         },
       ];
-      const leaves = getLeafNodes(results, ['0'], { id: 'id', parent: 'parent' });
+      const leaves = getLeafNodes(results, ['0'], {
+        id: 'id',
+        parent: 'parent',
+        agentId: 'agent.id',
+      });
       expect(leaves).toStrictEqual(['1', '2']);
     });
 
@@ -425,17 +448,21 @@ describe('fetcher test', () => {
           parent: '0',
         },
       ];
-      const leaves = getLeafNodes(results, ['0'], { id: 'id', parent: 'parent' });
+      const leaves = getLeafNodes(results, ['0'], {
+        id: 'id',
+        parent: 'parent',
+        agentId: 'agent.id',
+      });
       expect(leaves).toStrictEqual([]);
     });
 
     describe('with the ancestry field defined', () => {
       it('correctly identifies the leaf nodes in a response with the ancestry field', () => {
         /**
-          .
-          ├── 1
-          │   └── 2
-          └── 3
+         .
+         ├── 1
+         │   └── 2
+         └── 3
          */
         const results = [
           {
@@ -458,16 +485,17 @@ describe('fetcher test', () => {
           id: 'id',
           parent: 'parent',
           ancestry: 'ancestry',
+          agentId: 'agent.id',
         });
         expect(leaves).toStrictEqual(['2']);
       });
 
       it('falls back to using parent field if it cannot find the ancestry field', () => {
         /**
-          .
-          ├── 1
-          │   └── 2
-          └── 3
+         .
+         ├── 1
+         │   └── 2
+         └── 3
          */
         const results = [
           {
@@ -488,19 +516,20 @@ describe('fetcher test', () => {
           id: 'id',
           parent: 'parent',
           ancestry: 'ancestry',
+          agentId: 'agent.id',
         });
         expect(leaves).toStrictEqual(['1', '3']);
       });
 
       it('correctly identifies the leaf nodes with a tree with multiple leaves', () => {
         /**
-          .
-          └── 0
-              ├── 1
-              │   └── 2
-              └── 3
-                  ├── 4
-                  └── 5
+         .
+         └── 0
+         ├── 1
+         │   └── 2
+         └── 3
+         ├── 4
+         └── 5
          */
         const results = [
           {
@@ -533,23 +562,24 @@ describe('fetcher test', () => {
           id: 'id',
           parent: 'parent',
           ancestry: 'ancestry',
+          agentId: 'agent.id',
         });
         expect(leaves).toStrictEqual(['2', '4', '5']);
       });
 
       it('correctly identifies the leaf nodes with multiple queried nodes', () => {
         /**
-          .
-          ├── 0
-          │   ├── 1
-          │   │   └── 2
-          │   └── 3
-          │       ├── 4
-          │       └── 5
-          └── a
-              └── b
-                  ├── c
-                  └── d
+         .
+         ├── 0
+         │   ├── 1
+         │   │   └── 2
+         │   └── 3
+         │       ├── 4
+         │       └── 5
+         └── a
+         └── b
+         ├── c
+         └── d
          */
         const results = [
           {
@@ -597,21 +627,22 @@ describe('fetcher test', () => {
           id: 'id',
           parent: 'parent',
           ancestry: 'ancestry',
+          agentId: 'agent.id',
         });
         expect(leaves).toStrictEqual(['2', '4', '5', 'c', 'd']);
       });
 
       it('correctly identifies the leaf nodes with an unbalanced tree', () => {
         /**
-          .
-          ├── 0
-          │   ├── 1
-          │   │   └── 2
-          │   └── 3
-          │       ├── 4
-          │       └── 5
-          └── a
-              └── b
+         .
+         ├── 0
+         │   ├── 1
+         │   │   └── 2
+         │   └── 3
+         │       ├── 4
+         │       └── 5
+         └── a
+         └── b
          */
         const results = [
           {
@@ -649,6 +680,7 @@ describe('fetcher test', () => {
           id: 'id',
           parent: 'parent',
           ancestry: 'ancestry',
+          agentId: 'agent.id',
         });
         // the reason b is not identified here is because the ancestry array
         // size is 2, which means that if b had a descendant, then it would have been found
@@ -661,32 +693,41 @@ describe('fetcher test', () => {
 
   describe('getIDField', () => {
     it('returns undefined if the field does not exist', () => {
-      expect(getIDField({}, { id: 'a', parent: 'b' })).toBeUndefined();
+      expect(getIDField({}, { id: 'a', parent: 'b', agentId: 'c' })).toBeUndefined();
     });
 
     it('returns the first value if the field is an array', () => {
-      expect(getIDField({ 'a.b': ['1', '2'] }, { id: 'a.b', parent: 'b' })).toStrictEqual('1');
+      expect(
+        getIDField({ 'a.b': ['1', '2'] }, { id: 'a.b', parent: 'b', agentId: 'c' })
+      ).toStrictEqual('1');
     });
   });
 
   describe('getParentField', () => {
     it('returns undefined if the field does not exist', () => {
-      expect(getParentField({}, { id: 'a', parent: 'b' })).toBeUndefined();
+      expect(getParentField({}, { id: 'a', parent: 'b', agentId: 'c' })).toBeUndefined();
     });
 
     it('returns the first value if the field is an array', () => {
-      expect(getParentField({ 'a.b': ['1', '2'] }, { id: 'z', parent: 'a.b' })).toStrictEqual('1');
+      expect(
+        getParentField({ 'a.b': ['1', '2'] }, { id: 'z', parent: 'a.b', agentId: 'c' })
+      ).toStrictEqual('1');
     });
   });
 
   describe('getAncestryAsArray', () => {
     it('returns an empty array if the field does not exist', () => {
-      expect(getAncestryAsArray({}, { id: 'a', parent: 'b', ancestry: 'z' })).toStrictEqual([]);
+      expect(
+        getAncestryAsArray({}, { id: 'a', parent: 'b', ancestry: 'z', agentId: 'c' })
+      ).toStrictEqual([]);
     });
 
     it('returns the full array if the field exists', () => {
       expect(
-        getAncestryAsArray({ 'a.b': ['1', '2'] }, { id: 'z', parent: 'f', ancestry: 'a.b' })
+        getAncestryAsArray(
+          { 'a.b': ['1', '2'] },
+          { id: 'z', parent: 'f', ancestry: 'a.b', agentId: 'c' }
+        )
       ).toStrictEqual(['1', '2']);
     });
 
@@ -694,7 +735,7 @@ describe('fetcher test', () => {
       expect(
         getAncestryAsArray(
           { 'aParent.bParent': ['1', '2'], ancestry: [] },
-          { id: 'z', parent: 'aParent.bParent', ancestry: 'ancestry' }
+          { id: 'z', parent: 'aParent.bParent', ancestry: 'ancestry', agentId: 'agent.id' }
         )
       ).toStrictEqual(['1']);
     });
@@ -703,9 +744,107 @@ describe('fetcher test', () => {
       expect(
         getAncestryAsArray(
           { 'aParent.bParent': '1' },
-          { id: 'z', parent: 'aParent.bParent', ancestry: 'ancestry' }
+          { id: 'z', parent: 'aParent.bParent', ancestry: 'ancestry', agentId: 'agent.id' }
         )
       ).toStrictEqual(['1']);
     });
   });
+
+  describe('agentIds', () => {
+    it('returns the correct results with different agentIds', async () => {
+      /**
+       .
+       └── 0 (agent-1)
+       │   ├── 1 (agent-1)
+       │   │   └── 2 (agent-1)
+       │   └── 3 (agent-2)
+       │       ├── 4 (agent-2)
+       │       └── 5 (agent-2)
+       */
+      const level1Agent1 = [
+        {
+          id: '1',
+          parent: '0',
+          'agent.id': 'agent-1',
+        },
+      ];
+      const level1Agent2 = [
+        {
+          id: '3',
+          parent: '0',
+          'agent.id': 'agent-2',
+        },
+      ];
+      const level2Agent1 = [
+        {
+          id: '2',
+          parent: '1',
+          'agent.id': 'agent-1',
+        },
+      ];
+      const level2Agent2 = [
+        {
+          id: '4',
+          parent: '3',
+          'agent.id': 'agent-2',
+        },
+        {
+          id: '5',
+          parent: '3',
+          'agent.id': 'agent-2',
+        },
+      ];
+
+      DescendantsQuery.prototype.search = jest
+        .fn()
+        .mockImplementationOnce(async () => {
+          return level1Agent1;
+        })
+        .mockImplementationOnce(async () => {
+          return level2Agent1;
+        })
+        .mockImplementationOnce(async () => {
+          return level1Agent2;
+        })
+        .mockImplementationOnce(async () => {
+          return level2Agent2;
+        });
+
+      const optionsAgent1: TreeOptions = {
+        agentId: 'agent-1',
+        descendantLevels: 2,
+        descendants: 5,
+        ancestors: 0,
+        timeRange: {
+          from: '',
+          to: '',
+        },
+        schema: schemaIDParent,
+        indexPatterns: [''],
+        nodes: ['0'],
+      };
+
+      const optionsAgent2: TreeOptions = {
+        agentId: 'agent-2',
+        descendantLevels: 2,
+        descendants: 5,
+        ancestors: 0,
+        timeRange: {
+          from: '',
+          to: '',
+        },
+        schema: schemaIDParent,
+        indexPatterns: [''],
+        nodes: ['0'],
+      };
+
+      const fetcher = new Fetcher(client);
+      expect(await fetcher.tree(optionsAgent1)).toEqual(
+        formatResponse([...level1Agent1, ...level2Agent1], schemaIDParent)
+      );
+      expect(await fetcher.tree(optionsAgent2)).toEqual(
+        formatResponse([...level1Agent2, ...level2Agent2], schemaIDParent)
+      );
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.ts
index 42757767b944e..d9f3d26bf5c56 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/fetch.ts
@@ -27,6 +27,7 @@ import { StatsQuery } from '../queries/stats';
  * resolver tree.
  */
 export interface TreeOptions {
+  agentId?: string;
   descendantLevels: number;
   descendants: number;
   ancestors: number;
@@ -96,6 +97,7 @@ export class Fetcher {
       schema: options.schema,
       timeRange: options.timeRange,
       isInternalRequest,
+      agentId: options.agentId,
     });
 
     const { eventStats, alertIds } = await query.search(
@@ -171,6 +173,7 @@ export class Fetcher {
       timeRange: options.timeRange,
       isInternalRequest,
       shouldExcludeColdAndFrozenTiers: !!options.shouldExcludeColdAndFrozenTiers,
+      agentId: options.agentId,
     });
 
     let nodes = options.nodes;
@@ -222,6 +225,7 @@ export class Fetcher {
       timeRange: options.timeRange,
       isInternalRequest,
       shouldExcludeColdAndFrozenTiers: !!options.shouldExcludeColdAndFrozenTiers,
+      agentId: options.agentId,
     });
 
     let nodes: NodeID[] = options.nodes;
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
index bbc70c5e6f711..4ad645ba339c8 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/utils/index.ts
@@ -43,5 +43,8 @@ export function resolverFields(schema: ResolverSchema): Array<{ field: string }>
   if (schema.name) {
     filter.push({ field: schema.name });
   }
+  if (schema.agentId) {
+    filter.push({ field: schema.agentId });
+  }
   return filter;
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts
index 99274f83240c2..fd1f597cf3ef1 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts
@@ -13,9 +13,13 @@ import { ResponseActionsNotSupportedError } from '../errors';
 import type { CrowdstrikeActionsClientOptionsMock } from './mocks';
 import { CrowdstrikeMock } from './mocks';
 
-import { ENDPOINT_ACTIONS_INDEX } from '../../../../../../common/endpoint/constants';
+import {
+  ENDPOINT_ACTION_RESPONSES_INDEX,
+  ENDPOINT_ACTIONS_INDEX,
+} from '../../../../../../common/endpoint/constants';
 import { SUB_ACTION } from '@kbn/stack-connectors-plugin/common/crowdstrike/constants';
 import type { NormalizedExternalConnectorClient } from '../../..';
+
 jest.mock('../../action_details_by_id', () => {
   const originalMod = jest.requireActual('../../action_details_by_id');
 
@@ -75,6 +79,48 @@ describe('CrowdstrikeActionsClient class', () => {
     });
   });
 
+  it('should save response with error in case of actionResponse containing errors', async () => {
+    // mock execute of CS action to return error
+    const actionResponse = {
+      data: {
+        errors: [{ message: 'error message' }],
+      },
+    };
+    (connectorActionsMock.execute as jest.Mock).mockResolvedValueOnce(actionResponse);
+
+    await crowdstrikeActionsClient.isolate(
+      createCrowdstrikeIsolationOptions({ actionId: '123-345-567' })
+    );
+    expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({
+      document: {
+        '@timestamp': expect.any(String),
+        agent: { id: ['1-2-3'] },
+        EndpointActions: {
+          action_id: expect.any(String),
+          completed_at: expect.any(String),
+          started_at: expect.any(String),
+          data: {
+            command: 'isolate',
+            comment: 'test comment',
+            hosts: {
+              '1-2-3': {
+                name: 'Crowdstrike-1460',
+              },
+            },
+          },
+          input_type: 'crowdstrike',
+        },
+        error: {
+          code: '500',
+          message: 'Crowdstrike action failed: error message',
+        },
+        meta: undefined,
+      },
+      index: ENDPOINT_ACTION_RESPONSES_INDEX,
+      refresh: 'wait_for',
+    });
+  });
+
   describe(`#isolate()`, () => {
     it('should send action to Crowdstrike', async () => {
       await crowdstrikeActionsClient.isolate(
@@ -99,40 +145,61 @@ describe('CrowdstrikeActionsClient class', () => {
     it('should write action request to endpoint indexes', async () => {
       await crowdstrikeActionsClient.isolate(createCrowdstrikeIsolationOptions());
 
-      // we do not write response to es yet
-      expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(1);
-      expect(classConstructorOptions.esClient.index).toHaveBeenNthCalledWith(
-        1,
-        {
-          document: {
-            '@timestamp': expect.any(String),
-            EndpointActions: {
-              action_id: expect.any(String),
-              data: {
-                command: 'isolate',
-                comment: 'test comment',
-                parameters: undefined,
-                hosts: {
-                  '1-2-3': {
-                    name: 'Crowdstrike-1460',
-                  },
+      expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(2);
+      expect(classConstructorOptions.esClient.index.mock.calls[0][0]).toEqual({
+        document: {
+          '@timestamp': expect.any(String),
+          EndpointActions: {
+            action_id: expect.any(String),
+            data: {
+              command: 'isolate',
+              comment: 'test comment',
+              parameters: undefined,
+              hosts: {
+                '1-2-3': {
+                  name: 'Crowdstrike-1460',
                 },
               },
-              expiration: expect.any(String),
-              input_type: 'crowdstrike',
-              type: 'INPUT_ACTION',
             },
-            agent: { id: ['1-2-3'] },
-            meta: {
-              hostName: 'Crowdstrike-1460',
+            expiration: expect.any(String),
+            input_type: 'crowdstrike',
+            type: 'INPUT_ACTION',
+          },
+          agent: { id: ['1-2-3'] },
+          meta: {
+            hostName: 'Crowdstrike-1460',
+          },
+          user: { id: 'foo' },
+        },
+        index: ENDPOINT_ACTIONS_INDEX,
+        refresh: 'wait_for',
+      });
+      expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({
+        document: {
+          '@timestamp': expect.any(String),
+          agent: { id: ['1-2-3'] },
+          EndpointActions: {
+            action_id: expect.any(String),
+            completed_at: expect.any(String),
+            started_at: expect.any(String),
+            data: {
+              command: 'isolate',
+              comment: 'test comment',
+              hosts: {
+                '1-2-3': {
+                  name: 'Crowdstrike-1460',
+                },
+                parameters: undefined,
+              },
             },
-            user: { id: 'foo' },
+            input_type: 'crowdstrike',
+            error: undefined,
+            meta: undefined,
           },
-          index: ENDPOINT_ACTIONS_INDEX,
-          refresh: 'wait_for',
         },
-        { meta: true }
-      );
+        index: ENDPOINT_ACTION_RESPONSES_INDEX,
+        refresh: 'wait_for',
+      });
     });
 
     it('should return action details', async () => {
@@ -174,40 +241,61 @@ describe('CrowdstrikeActionsClient class', () => {
     it('should write action request to endpoint indexes', async () => {
       await crowdstrikeActionsClient.release(createCrowdstrikeIsolationOptions());
 
-      // we do not write response to es yet
-      expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(1);
-      expect(classConstructorOptions.esClient.index).toHaveBeenNthCalledWith(
-        1,
-        {
-          document: {
-            '@timestamp': expect.any(String),
-            EndpointActions: {
-              action_id: expect.any(String),
-              data: {
-                command: 'unisolate',
-                comment: 'test comment',
-                parameters: undefined,
-                hosts: {
-                  '1-2-3': {
-                    name: 'Crowdstrike-1460',
-                  },
+      expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(2);
+      expect(classConstructorOptions.esClient.index.mock.calls[0][0]).toEqual({
+        document: {
+          '@timestamp': expect.any(String),
+          EndpointActions: {
+            action_id: expect.any(String),
+            data: {
+              command: 'unisolate',
+              comment: 'test comment',
+              parameters: undefined,
+              hosts: {
+                '1-2-3': {
+                  name: 'Crowdstrike-1460',
                 },
               },
-              expiration: expect.any(String),
-              input_type: 'crowdstrike',
-              type: 'INPUT_ACTION',
             },
-            agent: { id: ['1-2-3'] },
-            meta: {
-              hostName: 'Crowdstrike-1460',
+            expiration: expect.any(String),
+            input_type: 'crowdstrike',
+            type: 'INPUT_ACTION',
+          },
+          agent: { id: ['1-2-3'] },
+          meta: {
+            hostName: 'Crowdstrike-1460',
+          },
+          user: { id: 'foo' },
+        },
+        index: ENDPOINT_ACTIONS_INDEX,
+        refresh: 'wait_for',
+      });
+      expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({
+        document: {
+          '@timestamp': expect.any(String),
+          agent: { id: ['1-2-3'] },
+          EndpointActions: {
+            action_id: expect.any(String),
+            completed_at: expect.any(String),
+            started_at: expect.any(String),
+            data: {
+              command: 'unisolate',
+              comment: 'test comment',
+              hosts: {
+                '1-2-3': {
+                  name: 'Crowdstrike-1460',
+                },
+              },
+              parameters: undefined,
             },
-            user: { id: 'foo' },
+            input_type: 'crowdstrike',
           },
-          index: ENDPOINT_ACTIONS_INDEX,
-          refresh: 'wait_for',
+          error: undefined,
+          meta: undefined,
         },
-        { meta: true }
-      );
+        index: ENDPOINT_ACTION_RESPONSES_INDEX,
+        refresh: 'wait_for',
+      });
     });
 
     it('should return action details', async () => {
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts
index 3e90ee30572c3..b4b11610e5c02 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts
@@ -11,6 +11,7 @@ import {
   CROWDSTRIKE_CONNECTOR_ID,
 } from '@kbn/stack-connectors-plugin/common/crowdstrike/constants';
 import type { SearchResponse } from '@elastic/elasticsearch/lib/api/types';
+import type { CrowdstrikeBaseApiResponse } from '@kbn/stack-connectors-plugin/common/crowdstrike/types';
 import type { CrowdstrikeActionRequestCommonMeta } from '../../../../../../common/endpoint/types/crowdstrike';
 import type {
   CommonResponseActionMethodOptions,
@@ -68,7 +69,7 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
     const agentId = actionRequest.endpoint_ids[0];
     const eventDetails = await this.getEventDetailsById(agentId);
 
-    const hostname = eventDetails.crowdstrike.event.HostName;
+    const hostname = eventDetails.host.name;
     return super.writeActionRequestToEndpointIndex({
       ...actionRequest,
       hosts: {
@@ -120,74 +121,44 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
   }
 
   private async getEventDetailsById(agentId: string): Promise<{
-    crowdstrike: { event: { HostName: string } };
+    host: { name: string };
   }> {
     const search = {
       index: ['logs-crowdstrike.fdr*', 'logs-crowdstrike.falcon*'],
       size: 1,
-      _source: ['crowdstrike.event.HostName'],
+      _source: ['host.name'],
       body: {
         query: {
           bool: {
-            filter: [{ term: { 'crowdstrike.event.DeviceId': agentId } }],
+            filter: [{ term: { 'device.id': agentId } }],
           },
         },
       },
     };
-    const result: SearchResponse<{ crowdstrike: { event: { HostName: string } } }> =
-      await this.options.esClient
-        .search<{ crowdstrike: { event: { HostName: string } } }>(search, {
+    try {
+      const result: SearchResponse<{ host: { name: string } }> =
+        await this.options.esClient.search<{ host: { name: string } }>(search, {
           ignore: [404],
-        })
-        .catch((err) => {
-          throw new ResponseActionsClientError(
-            `Failed to fetch event document: ${err.message}`,
-            err.statusCode ?? 500,
-            err
-          );
         });
 
-    return result.hits.hits?.[0]?._source as { crowdstrike: { event: { HostName: string } } };
-  }
+      // Check if host name exists
+      const hostName = result.hits.hits?.[0]?._source?.host?.name;
+      if (!hostName) {
+        throw new ResponseActionsClientError(
+          `Host name not found in the event document for agentId: ${agentId}`,
+          404
+        );
+      }
 
-  // TODO TC: uncomment when working on agent status support
-  // private async getAgentDetails(
-  //   id: string
-  // ): Promise<CrowdstrikeGetAgentsResponse['resources'][number]> {
-  //   const executeOptions: NormalizedExternalConnectorClientExecuteOptions<
-  //     CrowdstrikeGetAgentsParams,
-  //     SUB_ACTION
-  //   > = {
-  //     params: {
-  //       subAction: SUB_ACTION.GET_AGENT_DETAILS,
-  //       subActionParams: {
-  //         ids: [id],
-  //       },
-  //     },
-  //   };
-
-  //   let crowdstrikeApiResponse: CrowdstrikeGetAgentsResponse | undefined;
-
-  //   try {
-  //     const response = await this.connectorActionsClient.execute(executeOptions);
-
-  //     this.log.debug(`Response for Crowdstrike agent id [${id}] returned:\n${stringify(response)}`);
-
-  //     crowdstrikeApiResponse = response.data;
-  //   } catch (err) {
-  //     throw new ResponseActionsClientError(
-  //       `Error while attempting to retrieve Crowdstrike host with agent id [${id}]`,
-  //       500,
-  //       err
-  //     );
-  //   }
-
-  //   if (!crowdstrikeApiResponse || !crowdstrikeApiResponse.resources[0]) {
-  //     throw new ResponseActionsClientError(`Crowdstrike agent id [${id}] not found`, 404);
-  //   }
-
-  //   return crowdstrikeApiResponse.resources[0];
-  // }
+      return result.hits.hits[0]._source as { host: { name: string } };
+    } catch (err) {
+      throw new ResponseActionsClientError(
+        `Failed to fetch event document: ${err.message}`,
+        err.statusCode ?? 500,
+        err
+      );
+    }
+  }
 
   protected async validateRequest(
     payload: ResponseActionsClientWriteActionRequestToEndpointIndexOptions
@@ -215,17 +186,16 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
       ...this.getMethodOptions(options),
       command: 'isolate',
     };
-
+    let actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined;
     if (!reqIndexOptions.error) {
       let error = (await this.validateRequest(reqIndexOptions)).error;
       const actionCommentMessage = ELASTIC_RESPONSE_ACTION_MESSAGE(
         this.options.username,
         reqIndexOptions.actionId
       );
-
       if (!error) {
         try {
-          await this.sendAction(SUB_ACTION.HOST_ACTIONS, {
+          actionResponse = (await this.sendAction(SUB_ACTION.HOST_ACTIONS, {
             ids: actionRequest.endpoint_ids,
             actionParameters: {
               comment: reqIndexOptions.comment
@@ -233,7 +203,7 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
                 : actionCommentMessage,
             },
             command: 'contain',
-          });
+          })) as ActionTypeExecutorResult<CrowdstrikeBaseApiResponse>;
         } catch (err) {
           error = err;
         }
@@ -248,6 +218,11 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
 
     const actionRequestDoc = await this.writeActionRequestToEndpointIndex(reqIndexOptions);
 
+    // Ensure actionResponse is assigned before using it
+    if (actionResponse) {
+      await this.completeCrowdstrikeAction(actionResponse, actionRequestDoc);
+    }
+
     await this.updateCases({
       command: reqIndexOptions.command,
       caseIds: reqIndexOptions.case_ids,
@@ -275,6 +250,7 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
       command: 'unisolate',
     };
 
+    let actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined;
     if (!reqIndexOptions.error) {
       let error = (await this.validateRequest(reqIndexOptions)).error;
       const actionCommentMessage = ELASTIC_RESPONSE_ACTION_MESSAGE(
@@ -283,13 +259,13 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
       );
       if (!error) {
         try {
-          await this.sendAction(SUB_ACTION.HOST_ACTIONS, {
+          actionResponse = (await this.sendAction(SUB_ACTION.HOST_ACTIONS, {
             ids: actionRequest.endpoint_ids,
             command: 'lift_containment',
             comment: reqIndexOptions.comment
               ? `${actionCommentMessage}: ${reqIndexOptions.comment}`
               : actionCommentMessage,
-          });
+          })) as ActionTypeExecutorResult<CrowdstrikeBaseApiResponse>;
         } catch (err) {
           error = err;
         }
@@ -304,6 +280,11 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
 
     const actionRequestDoc = await this.writeActionRequestToEndpointIndex(reqIndexOptions);
 
+    // Ensure actionResponse is assigned before using it
+    if (actionResponse) {
+      await this.completeCrowdstrikeAction(actionResponse, actionRequestDoc);
+    }
+
     await this.updateCases({
       command: reqIndexOptions.command,
       caseIds: reqIndexOptions.case_ids,
@@ -321,6 +302,27 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl {
     return this.fetchActionDetails(actionRequestDoc.EndpointActions.action_id);
   }
 
+  private async completeCrowdstrikeAction(
+    actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined,
+    doc: LogsEndpointAction
+  ): Promise<void> {
+    const options = {
+      actionId: doc.EndpointActions.action_id,
+      agentId: doc.agent.id,
+      data: doc.EndpointActions.data,
+      ...(actionResponse?.data?.errors?.length
+        ? {
+            error: {
+              code: '500',
+              message: `Crowdstrike action failed: ${actionResponse.data.errors[0].message}`,
+            },
+          }
+        : {}),
+    };
+
+    await this.writeActionResponseToEndpointIndex(options);
+  }
+
   async processPendingActions({
     abortSignal,
     addToQueue,
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/mocks.ts
index 8ee3dcd51aeda..d1c0734e90909 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/mocks.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/mocks.ts
@@ -89,10 +89,8 @@ const createEventSearchResponseMock = (): CrowdstrikeEventSearchResponseMock =>
         _id: '1-2-3',
         _index: 'logs-crowdstrike.fdr-default',
         _source: {
-          crowdstrike: {
-            event: {
-              HostName: 'Crowdstrike-1460',
-            },
+          host: {
+            name: 'Crowdstrike-1460',
           },
         },
       },
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.test.ts
index 858a1f53a10d6..1fa046496f231 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.test.ts
@@ -27,7 +27,7 @@ describe('EndpointActionsClient', () => {
     'endpoint_ids' | 'case_ids'
   > => {
     return {
-      endpoint_ids: ['1-2-3', 'invalid-id'],
+      endpoint_ids: ['1-2-3', 'invalid-id', '1-2-3'],
       case_ids: ['case-a'],
     };
   };
@@ -42,8 +42,8 @@ describe('EndpointActionsClient', () => {
       responseActionsClientMock.createIsolateOptions(getCommonResponseActionOptions())
     );
 
-    expect(classConstructorOptions.endpointService.createLogger().debug).toHaveBeenCalledWith(
-      'The following agent ids are not valid: ["invalid-id"]'
+    expect(classConstructorOptions.endpointService.createLogger().warn).toHaveBeenCalledWith(
+      'The following agent ids are not valid: ["invalid-id"] and will not be included in action request'
     );
   });
 
@@ -85,11 +85,87 @@ describe('EndpointActionsClient', () => {
     });
   });
 
-  it('should write action request document', async () => {
+  it('should write action request document to endpoint action request index with given set of valid/invalid agent ids', async () => {
     await endpointActionsClient.isolate(
       responseActionsClientMock.createIsolateOptions(getCommonResponseActionOptions())
     );
 
+    expect(classConstructorOptions.esClient.index).toHaveBeenCalledWith(
+      {
+        index: ENDPOINT_ACTIONS_INDEX,
+        document: {
+          '@timestamp': expect.any(String),
+          EndpointActions: {
+            action_id: expect.any(String),
+            data: {
+              command: 'isolate',
+              comment:
+                'test comment. (WARNING: The following agent ids are not valid: ["invalid-id"] and will not be included in action request)',
+              parameters: undefined,
+            },
+            expiration: expect.any(String),
+            input_type: 'endpoint',
+            type: 'INPUT_ACTION',
+          },
+          agent: {
+            id: ['1-2-3'],
+          },
+          user: {
+            id: 'foo',
+          },
+        },
+        refresh: 'wait_for',
+      },
+      expect.anything()
+    );
+  });
+
+  it('should write correct comment when invalid agent ids', async () => {
+    await endpointActionsClient.isolate(
+      responseActionsClientMock.createIsolateOptions({
+        ...getCommonResponseActionOptions(),
+        comment: '',
+      })
+    );
+
+    expect(classConstructorOptions.esClient.index).toHaveBeenCalledWith(
+      {
+        index: ENDPOINT_ACTIONS_INDEX,
+        document: {
+          '@timestamp': expect.any(String),
+          EndpointActions: {
+            action_id: expect.any(String),
+            data: {
+              command: 'isolate',
+              comment:
+                '(WARNING: The following agent ids are not valid: ["invalid-id"] and will not be included in action request)',
+              parameters: undefined,
+            },
+            expiration: expect.any(String),
+            input_type: 'endpoint',
+            type: 'INPUT_ACTION',
+          },
+          agent: {
+            id: ['1-2-3'],
+          },
+          user: {
+            id: 'foo',
+          },
+        },
+        refresh: 'wait_for',
+      },
+      expect.anything()
+    );
+  });
+
+  it('should write action request document to endpoint action request index with given valid agent ids', async () => {
+    await endpointActionsClient.isolate(
+      responseActionsClientMock.createIsolateOptions({
+        endpoint_ids: ['1-2-3'],
+        case_ids: ['case-a'],
+      })
+    );
+
     expect(classConstructorOptions.esClient.index).toHaveBeenCalledWith(
       {
         index: ENDPOINT_ACTIONS_INDEX,
@@ -107,7 +183,7 @@ describe('EndpointActionsClient', () => {
             type: 'INPUT_ACTION',
           },
           agent: {
-            id: ['1-2-3', 'invalid-id'],
+            id: ['1-2-3'],
           },
           user: {
             id: 'foo',
@@ -119,9 +195,12 @@ describe('EndpointActionsClient', () => {
     );
   });
 
-  it('should update cases', async () => {
+  it('should update cases for valid agent ids', async () => {
     await endpointActionsClient.isolate(
-      responseActionsClientMock.createIsolateOptions(getCommonResponseActionOptions())
+      responseActionsClientMock.createIsolateOptions({
+        endpoint_ids: ['1-2-3'],
+        case_ids: ['case-a'],
+      })
     );
 
     expect(classConstructorOptions.casesClient?.attachments.bulkCreate).toHaveBeenCalledWith({
@@ -138,10 +217,38 @@ describe('EndpointActionsClient', () => {
                 endpointId: '1-2-3',
                 hostname: 'Host-ku5jy6j0pw',
               },
+            ],
+          },
+          externalReferenceStorage: {
+            type: 'elasticSearchDoc',
+          },
+          owner: 'securitySolution',
+          type: 'externalReference',
+        },
+      ],
+      caseId: 'case-a',
+    });
+  });
+
+  it('should update cases for valid/invalid agent ids', async () => {
+    await endpointActionsClient.isolate(
+      responseActionsClientMock.createIsolateOptions(getCommonResponseActionOptions())
+    );
+
+    expect(classConstructorOptions.casesClient?.attachments.bulkCreate).toHaveBeenCalledWith({
+      attachments: [
+        {
+          externalReferenceAttachmentTypeId: 'endpoint',
+          externalReferenceId: expect.any(String),
+          externalReferenceMetadata: {
+            command: 'isolate',
+            comment:
+              'test comment. (WARNING: The following agent ids are not valid: ["invalid-id"] and will not be included in action request)',
+            targets: [
               {
                 agentType: 'endpoint',
-                endpointId: 'invalid-id',
-                hostname: '',
+                endpointId: '1-2-3',
+                hostname: 'Host-ku5jy6j0pw',
               },
             ],
           },
@@ -175,6 +282,7 @@ describe('EndpointActionsClient', () => {
       { meta: true }
     );
   });
+
   it('should create an action with error when agents are invalid', async () => {
     // @ts-expect-error mocking this for testing purposes
     endpointActionsClient.checkAgentIds = jest.fn().mockResolvedValueOnce({
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts
index 690dd6d84730c..2c908bd1a3f30 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts
@@ -43,7 +43,7 @@ import type {
   LogsEndpointAction,
   EndpointActionDataParameterTypes,
   UploadedFileInfo,
-  ResponseActionsScanParameters,
+  ResponseActionScanParameters,
   ResponseActionScanOutputContent,
 } from '../../../../../../common/endpoint/types';
 import type {
@@ -52,6 +52,13 @@ import type {
 } from '../lib/types';
 import { DEFAULT_EXECUTE_ACTION_TIMEOUT } from '../../../../../../common/endpoint/service/response_actions/constants';
 
+const getInvalidAgentsWarning = (invalidAgents: string[]) =>
+  invalidAgents.length
+    ? `The following agent ids are not valid: ${JSON.stringify(
+        invalidAgents
+      )} and will not be included in action request`
+    : '';
+
 export class EndpointActionsClient extends ResponseActionsClientImpl {
   protected readonly agentType: ResponseActionAgentType = 'endpoint';
 
@@ -61,14 +68,15 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
     allValid: boolean;
     hosts: HostMetadata[];
   }> {
+    const uniqueIds = [...new Set(ids)];
     const foundEndpointHosts = await this.options.endpointService
       .getEndpointMetadataService()
-      .getMetadataForEndpoints(this.options.esClient, [...new Set(ids)]);
+      .getMetadataForEndpoints(this.options.esClient, uniqueIds);
     const validIds = foundEndpointHosts.map((endpoint: HostMetadata) => endpoint.elastic.agent.id);
     const invalidIds = ids.filter((id) => !validIds.includes(id));
 
     if (invalidIds.length) {
-      this.log.debug(`The following agent ids are not valid: ${JSON.stringify(invalidIds)}`);
+      this.log.warn(getInvalidAgentsWarning(invalidIds));
     }
 
     return {
@@ -88,12 +96,12 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
     actionReq: TOptions,
     options?: TMethodOptions
   ): Promise<TResponse> {
-    const agentIds = await this.checkAgentIds(actionReq.endpoint_ids);
+    const validatedAgents = await this.checkAgentIds(actionReq.endpoint_ids);
     const actionId = uuidv4();
     const { error: validationError } = await this.validateRequest({
       ...actionReq,
       command,
-      endpoint_ids: agentIds.valid || [],
+      endpoint_ids: validatedAgents.valid || [],
     });
 
     const { hosts, ruleName, ruleId, error } = this.getMethodOptions<TMethodOptions>(options);
@@ -104,7 +112,7 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
       try {
         await this.dispatchActionViaFleet({
           actionId,
-          agents: agentIds.valid,
+          agents: validatedAgents.valid,
           data: {
             command,
             comment: actionReq.comment,
@@ -122,29 +130,40 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
       }
     }
 
+    // Append warning message to comment if there are invalid agents
+    const commentMessage = actionReq.comment ? actionReq.comment : '';
+    const warningMessage = `(WARNING: ${getInvalidAgentsWarning(validatedAgents.invalid)})`;
+    const comment = validatedAgents.invalid.length
+      ? commentMessage
+        ? `${commentMessage}. ${warningMessage}`
+        : warningMessage
+      : actionReq.comment;
+
     // Write action to endpoint index
     await this.writeActionRequestToEndpointIndex({
       ...actionReq,
+      endpoint_ids: validatedAgents.valid,
       error: actionError,
       ruleId,
       ruleName,
       hosts,
       actionId,
       command,
+      comment,
     });
 
     // Update cases
     await this.updateCases({
       command,
       actionId,
-      comment: actionReq.comment,
+      comment,
       caseIds: actionReq.case_ids,
       alertIds: actionReq.alert_ids,
-      hosts: actionReq.endpoint_ids.map((hostId) => {
+      hosts: validatedAgents.valid.map((hostId) => {
         return {
           hostId,
           hostname:
-            agentIds.hosts.find((host) => host.agent.id === hostId)?.host.hostname ??
+            validatedAgents.hosts.find((host) => host.agent.id === hostId)?.host.hostname ??
             hosts?.[hostId].name ??
             '',
         };
@@ -292,10 +311,10 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
   async scan(
     actionRequest: ScanActionRequestBody,
     options: CommonResponseActionMethodOptions = {}
-  ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>> {
+  ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>> {
     return this.handleResponseAction<
       ScanActionRequestBody,
-      ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>
+      ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>
     >('scan', actionRequest, options);
   }
 
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts
index 09180f97b72d6..163ea887da398 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts
@@ -59,7 +59,7 @@ import type {
   ResponseActionParametersWithPidOrEntityId,
   ResponseActionScanOutputContent,
   ResponseActionsExecuteParameters,
-  ResponseActionsScanParameters,
+  ResponseActionScanParameters,
   ResponseActionUploadOutputContent,
   ResponseActionUploadParameters,
   SuspendProcessActionOutputContent,
@@ -698,7 +698,7 @@ export abstract class ResponseActionsClientImpl implements ResponseActionsClient
   public async scan(
     actionRequest: ScanActionRequestBody,
     options?: CommonResponseActionMethodOptions
-  ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>> {
+  ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>> {
     throw new ResponseActionsNotSupportedError('scan');
   }
 
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts
index fa20bc9ec6895..f95d0b7144a54 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts
@@ -23,7 +23,7 @@ import type {
   LogsEndpointActionResponse,
   UploadedFileInfo,
   ResponseActionScanOutputContent,
-  ResponseActionsScanParameters,
+  ResponseActionScanParameters,
 } from '../../../../../../common/endpoint/types';
 import type {
   IsolationRouteRequestBody,
@@ -152,5 +152,5 @@ export interface ResponseActionsClient {
   scan: (
     actionRequest: OmitUnsupportedAttributes<ScanActionRequestBody>,
     options?: CommonResponseActionMethodOptions
-  ) => Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>>;
+  ) => Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>>;
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts
index be612c3f2864d..470bb8f4d4914 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts
@@ -792,7 +792,8 @@ export class SentinelOneActionsClient extends ResponseActionsClientImpl {
         if (isolateActivityResponseDoc && isolateActivityResponseDoc._source) {
           const s1ActivityData = isolateActivityResponseDoc._source.sentinel_one.activity;
 
-          const elasticDocId = isolateActivityResponseDoc._id;
+          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+          const elasticDocId = isolateActivityResponseDoc._id!;
           const s1AgentId = s1ActivityData.agent.id;
           const activityLogEntryId = s1ActivityData.id;
           const activityLogEntryType = s1ActivityData.type;
@@ -987,7 +988,8 @@ export class SentinelOneActionsClient extends ResponseActionsClientImpl {
                 error,
                 meta: {
                   activityLogEntryId,
-                  elasticDocId: s1Hit._id,
+                  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+                  elasticDocId: s1Hit._id!,
                   downloadUrl,
                   createdAt: s1ActivityDoc?.sentinel_one.activity.updated_at ?? '',
                   filename: s1ActivityDoc?.sentinel_one.activity.data.flattened.filename ?? '',
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts
index cd7680d3bd3ac..f5087b18e03d6 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts
@@ -487,11 +487,13 @@ export const categorizeResponseResults = ({
         return isResponseDoc
           ? {
               type: ActivityLogItemTypes.RESPONSE,
-              item: { id: e._id, data: e._source as LogsEndpointActionResponse },
+              // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+              item: { id: e._id!, data: e._source as LogsEndpointActionResponse },
             }
           : {
               type: ActivityLogItemTypes.FLEET_RESPONSE,
-              item: { id: e._id, data: e._source as EndpointActionResponse },
+              // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+              item: { id: e._id!, data: e._source as EndpointActionResponse },
             };
       })
     : [];
@@ -511,11 +513,13 @@ export const categorizeActionResults = ({
         return isActionDoc
           ? {
               type: ActivityLogItemTypes.ACTION,
-              item: { id: e._id, data: e._source as LogsEndpointAction },
+              // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+              item: { id: e._id!, data: e._source as LogsEndpointAction },
             }
           : {
               type: ActivityLogItemTypes.FLEET_ACTION,
-              item: { id: e._id, data: e._source as EndpointAction },
+              // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+              item: { id: e._id!, data: e._source as EndpointAction },
             };
       })
     : [];
@@ -530,7 +534,8 @@ export const formatEndpointActionResults = (
     ? results?.map((e) => {
         return {
           type: ActivityLogItemTypes.ACTION,
-          item: { id: e._id, data: e._source as LogsEndpointAction },
+          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+          item: { id: e._id!, data: e._source as LogsEndpointAction },
         };
       })
     : [];
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts
deleted file mode 100644
index d0cbb85001637..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { GetAgentStatusOptions } from './agent_status';
-import { getSentinelOneAgentStatus, SENTINEL_ONE_NETWORK_STATUS } from './agent_status';
-import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
-import { sentinelOneMock } from '../actions/clients/sentinelone/mocks';
-import { responseActionsClientMock } from '../actions/clients/mocks';
-
-describe('Endpoint Get Agent Status service', () => {
-  let agentStatusOptions: GetAgentStatusOptions;
-
-  beforeEach(() => {
-    agentStatusOptions = {
-      agentType: 'sentinel_one',
-      agentIds: ['1', '2'],
-      logger: loggingSystemMock.create().get('getSentinelOneAgentStatus'),
-      connectorActionsClient: sentinelOneMock.createConnectorActionsClient(),
-    };
-  });
-
-  it('should throw error if unable to access stack connectors', async () => {
-    (agentStatusOptions.connectorActionsClient.getAll as jest.Mock).mockImplementation(async () => {
-      throw new Error('boom');
-    });
-    const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions);
-
-    await expect(getStatusResponsePromise).rejects.toHaveProperty(
-      'message',
-      'Unable to retrieve list of stack connectors: boom'
-    );
-    await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 400);
-  });
-
-  it('should throw error if no SentinelOne connector is registered', async () => {
-    (agentStatusOptions.connectorActionsClient.getAll as jest.Mock).mockResolvedValue([]);
-    const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions);
-
-    await expect(getStatusResponsePromise).rejects.toHaveProperty(
-      'message',
-      'No SentinelOne stack connector found'
-    );
-    await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 400);
-  });
-
-  it('should send api request to SentinelOne', async () => {
-    await getSentinelOneAgentStatus(agentStatusOptions);
-
-    expect(agentStatusOptions.connectorActionsClient.execute).toHaveBeenCalledWith({
-      actionId: 's1-connector-instance-id',
-      params: {
-        subAction: 'getAgents',
-        subActionParams: {
-          uuids: '1,2',
-        },
-      },
-    });
-  });
-
-  it('should throw if api call to SentinelOne failed', async () => {
-    (agentStatusOptions.connectorActionsClient.execute as jest.Mock).mockResolvedValue(
-      responseActionsClientMock.createConnectorActionExecuteResponse({
-        status: 'error',
-        serviceMessage: 'boom',
-      })
-    );
-    const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions);
-
-    await expect(getStatusResponsePromise).rejects.toHaveProperty(
-      'message',
-      'Attempt retrieve agent information from to SentinelOne failed: boom'
-    );
-    await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 500);
-  });
-
-  it('should return expected output', async () => {
-    agentStatusOptions.agentIds = ['aaa', 'bbb', 'ccc', 'invalid'];
-    (agentStatusOptions.connectorActionsClient.execute as jest.Mock).mockResolvedValue(
-      responseActionsClientMock.createConnectorActionExecuteResponse({
-        data: sentinelOneMock.createGetAgentsResponse([
-          sentinelOneMock.createSentinelOneAgentDetails({
-            networkStatus: SENTINEL_ONE_NETWORK_STATUS.DISCONNECTED, // Isolated
-            uuid: 'aaa',
-          }),
-          sentinelOneMock.createSentinelOneAgentDetails({
-            networkStatus: SENTINEL_ONE_NETWORK_STATUS.DISCONNECTING, // Releasing
-            uuid: 'bbb',
-          }),
-          sentinelOneMock.createSentinelOneAgentDetails({
-            networkStatus: SENTINEL_ONE_NETWORK_STATUS.CONNECTING, // isolating
-            uuid: 'ccc',
-          }),
-        ]),
-      })
-    );
-
-    await expect(getSentinelOneAgentStatus(agentStatusOptions)).resolves.toEqual({
-      aaa: {
-        agentType: 'sentinel_one',
-        found: true,
-        agentId: 'aaa',
-        isUninstalled: false,
-        isPendingUninstall: false,
-        isolated: true,
-        lastSeen: '2023-12-26T21:35:35.986596Z',
-        pendingActions: {
-          execute: 0,
-          'get-file': 0,
-          isolate: 0,
-          'kill-process': 0,
-          'running-processes': 0,
-          'suspend-process': 0,
-          unisolate: 0,
-          upload: 0,
-        },
-        status: 'healthy',
-      },
-      bbb: {
-        agentType: 'sentinel_one',
-        found: true,
-        agentId: 'bbb',
-        isUninstalled: false,
-        isPendingUninstall: false,
-        isolated: false,
-        lastSeen: '2023-12-26T21:35:35.986596Z',
-        pendingActions: {
-          execute: 0,
-          'get-file': 0,
-          isolate: 1,
-          'kill-process': 0,
-          'running-processes': 0,
-          'suspend-process': 0,
-          unisolate: 0,
-          upload: 0,
-        },
-        status: 'healthy',
-      },
-      ccc: {
-        agentType: 'sentinel_one',
-        found: true,
-        agentId: 'ccc',
-        isUninstalled: false,
-        isPendingUninstall: false,
-        isolated: false,
-        lastSeen: '2023-12-26T21:35:35.986596Z',
-        pendingActions: {
-          execute: 0,
-          'get-file': 0,
-          isolate: 0,
-          'kill-process': 0,
-          'running-processes': 0,
-          'suspend-process': 0,
-          unisolate: 1,
-          upload: 0,
-        },
-        status: 'healthy',
-      },
-      invalid: {
-        agentType: 'sentinel_one',
-        found: false,
-        agentId: 'invalid',
-        isUninstalled: false,
-        isPendingUninstall: false,
-        isolated: false,
-        lastSeen: '',
-        pendingActions: {
-          execute: 0,
-          'get-file': 0,
-          isolate: 0,
-          'kill-process': 0,
-          'running-processes': 0,
-          'suspend-process': 0,
-          unisolate: 0,
-          upload: 0,
-        },
-        status: 'unenrolled',
-      },
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts
deleted file mode 100644
index 1f5141b2bb0f7..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { ActionsClient } from '@kbn/actions-plugin/server';
-import type { ConnectorWithExtraFindData } from '@kbn/actions-plugin/server/application/connector/types';
-import {
-  SENTINELONE_CONNECTOR_ID,
-  SUB_ACTION,
-} from '@kbn/stack-connectors-plugin/common/sentinelone/constants';
-import type { Logger } from '@kbn/core/server';
-import { keyBy, merge } from 'lodash';
-import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common';
-import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types';
-import { stringify } from '../../utils/stringify';
-import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants';
-import type { AgentStatusInfo } from '../../../../common/endpoint/types';
-import { HostStatus } from '../../../../common/endpoint/types';
-import { CustomHttpRequestError } from '../../../utils/custom_http_request_error';
-
-export interface GetAgentStatusOptions {
-  // NOTE: only sentinel_one currently supported
-  agentType: ResponseActionAgentType;
-  agentIds: string[];
-  connectorActionsClient: ActionsClient;
-  logger: Logger;
-}
-export const getSentinelOneAgentStatus = async ({
-  agentType,
-  agentIds,
-  connectorActionsClient,
-  logger,
-}: GetAgentStatusOptions): Promise<AgentStatusInfo> => {
-  let connectorList: ConnectorWithExtraFindData[] = [];
-
-  try {
-    connectorList = await connectorActionsClient.getAll();
-  } catch (err) {
-    throw new CustomHttpRequestError(
-      `Unable to retrieve list of stack connectors: ${err.message}`,
-      // failure here is likely due to Authz, but because we don't have a good way to determine that,
-      // the `statusCode` below is set to `400` instead of `401`.
-      400,
-      err
-    );
-  }
-  const connector = connectorList.find(({ actionTypeId, isDeprecated, isMissingSecrets }) => {
-    return actionTypeId === SENTINELONE_CONNECTOR_ID && !isDeprecated && !isMissingSecrets;
-  });
-
-  if (!connector) {
-    throw new CustomHttpRequestError(`No SentinelOne stack connector found`, 400, connectorList);
-  }
-
-  logger.debug(`Using SentinelOne stack connector: ${connector.name} (${connector.id})`);
-
-  const agentDetailsResponse = (await connectorActionsClient.execute({
-    actionId: connector.id,
-    params: {
-      subAction: SUB_ACTION.GET_AGENTS,
-      subActionParams: {
-        uuids: agentIds.filter((agentId) => agentId.trim().length).join(','),
-      },
-    },
-  })) as ActionTypeExecutorResult<SentinelOneGetAgentsResponse>;
-
-  if (agentDetailsResponse.status === 'error') {
-    logger.error(stringify(agentDetailsResponse));
-
-    throw new CustomHttpRequestError(
-      `Attempt retrieve agent information from to SentinelOne failed: ${
-        agentDetailsResponse.serviceMessage || agentDetailsResponse.message
-      }`,
-      500,
-      agentDetailsResponse
-    );
-  }
-
-  const agentDetailsById = keyBy(agentDetailsResponse.data?.data, 'uuid');
-
-  logger.debug(`Response from SentinelOne API:\n${stringify(agentDetailsById)}`);
-
-  return agentIds.reduce<AgentStatusInfo>((acc, agentId) => {
-    const thisAgentDetails = agentDetailsById[agentId];
-    const thisAgentStatus = {
-      agentType,
-      agentId,
-      found: false,
-      isolated: false,
-      isPendingUninstall: false,
-      isUninstalled: false,
-      lastSeen: '',
-      pendingActions: {
-        execute: 0,
-        upload: 0,
-        unisolate: 0,
-        isolate: 0,
-        'get-file': 0,
-        'kill-process': 0,
-        'suspend-process': 0,
-        'running-processes': 0,
-      },
-      status: HostStatus.UNENROLLED,
-    };
-
-    if (thisAgentDetails) {
-      merge(thisAgentStatus, {
-        found: true,
-        lastSeen: thisAgentDetails.updatedAt,
-        isPendingUninstall: thisAgentDetails.isPendingUninstall,
-        isUninstalled: thisAgentDetails.isUninstalled,
-        isolated: thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.DISCONNECTED,
-        status: !thisAgentDetails.isActive ? HostStatus.OFFLINE : HostStatus.HEALTHY,
-        pendingActions: {
-          isolate:
-            thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.DISCONNECTING ? 1 : 0,
-          unisolate:
-            thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.CONNECTING ? 1 : 0,
-        },
-      });
-    }
-
-    acc[agentId] = thisAgentStatus;
-
-    return acc;
-  }, {});
-};
-
-export enum SENTINEL_ONE_NETWORK_STATUS {
-  CONNECTING = 'connecting',
-  CONNECTED = 'connected',
-  DISCONNECTING = 'disconnecting',
-  DISCONNECTED = 'disconnected',
-}
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts
index 61d0ae9a7ef5e..61f746dbf4e55 100644
--- a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts
@@ -135,7 +135,7 @@ export class CrowdstrikeAgentStatusClient extends AgentStatusClient {
       const agentStatuses = await this.getAgentStatusFromConnectorAction(agentIds);
 
       return agentIds.reduce<AgentStatusRecords>((acc, agentId) => {
-        const agentInfo = mostRecentAgentInfosByAgentId[agentId].crowdstrike;
+        const agentInfo = mostRecentAgentInfosByAgentId[agentId]?.crowdstrike;
 
         const agentStatus = agentStatuses[agentId];
         const pendingActions = allPendingActions.find(
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts
new file mode 100644
index 0000000000000..66e6498a47514
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants';
+import type { AgentStatusRecords } from '../../../../common/endpoint/types';
+import { agentStatusMocks } from '../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks';
+import type { AgentStatusClientInterface } from '..';
+
+const createClientMock = (
+  agentType: ResponseActionAgentType = 'endpoint'
+): jest.Mocked<AgentStatusClientInterface> => {
+  return {
+    getAgentStatuses: jest.fn(async (agentIds) => {
+      return agentIds.reduce<AgentStatusRecords>((acc, agentId) => {
+        acc[agentId] = agentStatusMocks.generateAgentStatus({ agentId, agentType });
+        return acc;
+      }, {});
+    }),
+  };
+};
+
+export const agentServiceMocks = Object.freeze({
+  ...agentStatusMocks,
+  createClient: createClientMock,
+});
diff --git a/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.test.ts b/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.test.ts
index f28f6abb737ca..c4e32f050c1d7 100644
--- a/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.test.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.test.ts
@@ -67,6 +67,7 @@ import type {
 import { createMockPolicyData } from '../endpoint/services/feature_usage/mocks';
 import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../common/endpoint/service/artifacts/constants';
 import { ENDPOINT_EVENT_FILTERS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import * as PolicyConfigHelpers from '../../common/endpoint/models/policy_config_helpers';
 import { disableProtections } from '../../common/endpoint/models/policy_config_helpers';
 import type { ProductFeaturesService } from '../lib/product_features_service/product_features_service';
 import { createProductFeaturesServiceMock } from '../lib/product_features_service/mocks';
@@ -322,6 +323,24 @@ describe('ingest_integration tests ', () => {
       expect(manifestManager.pushArtifacts).not.toHaveBeenCalled();
       expect(manifestManager.commit).not.toHaveBeenCalled();
     });
+
+    it('should correctly set meta.billable', async () => {
+      const isBillablePolicySpy = jest.spyOn(PolicyConfigHelpers, 'isBillablePolicy');
+      isBillablePolicySpy.mockReturnValue(false);
+      const manifestManager = buildManifestManagerMock();
+
+      let packagePolicy = await invokeCallback(manifestManager);
+      expect(isBillablePolicySpy).toHaveBeenCalled();
+      expect(packagePolicy.inputs[0].config!.policy.value.meta.billable).toBe(false);
+
+      isBillablePolicySpy.mockReset();
+      isBillablePolicySpy.mockReturnValue(true);
+      packagePolicy = await invokeCallback(manifestManager);
+      expect(isBillablePolicySpy).toHaveBeenCalled();
+      expect(packagePolicy.inputs[0].config!.policy.value.meta.billable).toBe(true);
+
+      isBillablePolicySpy.mockRestore();
+    });
   });
 
   describe('package policy post create callback', () => {
@@ -844,6 +863,7 @@ describe('ingest_integration tests ', () => {
         mockPolicy.meta.cluster_uuid = 'updated-uuid';
         mockPolicy.meta.license_uuid = 'updated-uid';
         mockPolicy.meta.serverless = false;
+        mockPolicy.meta.billable = false;
         const logger = loggingSystemMock.create().get('ingest_integration.test');
         const callback = getPackagePolicyUpdateCallback(
           logger,
@@ -863,6 +883,7 @@ describe('ingest_integration tests ', () => {
         policyConfig.inputs[0]!.config!.policy.value.meta.cluster_uuid = 'original-uuid';
         policyConfig.inputs[0]!.config!.policy.value.meta.license_uuid = 'original-uid';
         policyConfig.inputs[0]!.config!.policy.value.meta.serverless = true;
+        policyConfig.inputs[0]!.config!.policy.value.meta.billable = true;
         const updatedPolicyConfig = await callback(
           policyConfig,
           soClient,
@@ -881,6 +902,7 @@ describe('ingest_integration tests ', () => {
         mockPolicy.meta.cluster_uuid = 'updated-uuid';
         mockPolicy.meta.license_uuid = 'updated-uid';
         mockPolicy.meta.serverless = false;
+        mockPolicy.meta.billable = false;
         const logger = loggingSystemMock.create().get('ingest_integration.test');
         const callback = getPackagePolicyUpdateCallback(
           logger,
@@ -899,6 +921,7 @@ describe('ingest_integration tests ', () => {
         policyConfig.inputs[0]!.config!.policy.value.meta.cluster_uuid = 'updated-uuid';
         policyConfig.inputs[0]!.config!.policy.value.meta.license_uuid = 'updated-uid';
         policyConfig.inputs[0]!.config!.policy.value.meta.serverless = false;
+        policyConfig.inputs[0]!.config!.policy.value.meta.billable = false;
         const updatedPolicyConfig = await callback(
           policyConfig,
           soClient,
@@ -1015,6 +1038,51 @@ describe('ingest_integration tests ', () => {
         expect(antivirusRegistrationIn(updatedPolicyConfig)).toBe(false);
       });
     });
+
+    it('should correctly set meta.billable', async () => {
+      const isBillablePolicySpy = jest.spyOn(PolicyConfigHelpers, 'isBillablePolicy');
+
+      const soClient = savedObjectsClientMock.create();
+      const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+      const logger = loggingSystemMock.create().get('ingest_integration.test');
+      licenseEmitter.next(Enterprise);
+
+      const callback = getPackagePolicyUpdateCallback(
+        logger,
+        licenseService,
+        endpointAppContextMock.featureUsageService,
+        endpointAppContextMock.endpointMetadataService,
+        cloudService,
+        esClient,
+        productFeaturesService
+      );
+      const policyConfig = generator.generatePolicyPackagePolicy();
+
+      isBillablePolicySpy.mockReturnValue(false);
+      let updatedPolicyConfig = await callback(
+        policyConfig,
+        soClient,
+        esClient,
+        requestContextMock.convertContext(ctx),
+        req
+      );
+      expect(isBillablePolicySpy).toHaveBeenCalled();
+      expect(updatedPolicyConfig.inputs[0]!.config!.policy.value.meta.billable).toEqual(false);
+
+      isBillablePolicySpy.mockReset();
+      isBillablePolicySpy.mockReturnValue(true);
+      updatedPolicyConfig = await callback(
+        policyConfig,
+        soClient,
+        esClient,
+        requestContextMock.convertContext(ctx),
+        req
+      );
+      expect(isBillablePolicySpy).toHaveBeenCalled();
+      expect(updatedPolicyConfig.inputs[0]!.config!.policy.value.meta.billable).toEqual(true);
+
+      isBillablePolicySpy.mockRestore();
+    });
   });
 
   describe('package policy delete callback', () => {
diff --git a/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts b/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts
index 4e5a1e2f44ff2..71c935e720511 100644
--- a/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts
@@ -35,6 +35,7 @@ import { validateEndpointPackagePolicy } from './handlers/validate_endpoint_pack
 import {
   isPolicySetToEventCollectionOnly,
   ensureOnlyEventCollectionIsAllowed,
+  isBillablePolicy,
 } from '../../common/endpoint/models/policy_config_helpers';
 import type { NewPolicyData, PolicyConfig } from '../../common/endpoint/types';
 import type { LicenseService } from '../../common/license';
@@ -272,6 +273,8 @@ export const getPackagePolicyUpdateCallback = (
 
     updateAntivirusRegistrationEnabled(newEndpointPackagePolicy);
 
+    newEndpointPackagePolicy.meta.billable = isBillablePolicy(newEndpointPackagePolicy);
+
     return endpointIntegrationData;
   };
 };
diff --git a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
index 50dfa63e16e7a..c67ad9e6aff93 100644
--- a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
@@ -14,6 +14,7 @@ import { createDefaultPolicy } from './create_default_policy';
 import { ProtectionModes } from '../../../common/endpoint/types';
 import type { PolicyConfig } from '../../../common/endpoint/types';
 import { policyFactory } from '../../../common/endpoint/models/policy_config';
+import * as PolicyConfigHelpers from '../../../common/endpoint/models/policy_config_helpers';
 import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
 import type {
   AnyPolicyCreateConfig,
@@ -238,6 +239,21 @@ describe('Create Default Policy tests ', () => {
         },
       });
     });
+
+    it('should set meta.billable', async () => {
+      const isBillablePolicySpy = jest.spyOn(PolicyConfigHelpers, 'isBillablePolicy');
+      const config = createEndpointConfig({ preset: 'DataCollection' });
+
+      isBillablePolicySpy.mockReturnValue(false);
+      let policy = await createDefaultPolicyCallback(config);
+      expect(policy.meta.billable).toBe(false);
+
+      isBillablePolicySpy.mockReturnValue(true);
+      policy = await createDefaultPolicyCallback(config);
+      expect(policy.meta.billable).toBe(true);
+
+      isBillablePolicySpy.mockRestore();
+    });
   });
 
   describe('When cloud config is set', () => {
diff --git a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
index 78ae42fce5b1a..3a348eb26bbcd 100644
--- a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
@@ -24,6 +24,7 @@ import {
 import {
   disableProtections,
   ensureOnlyEventCollectionIsAllowed,
+  isBillablePolicy,
 } from '../../../common/endpoint/models/policy_config_helpers';
 import type { ProductFeaturesService } from '../../lib/product_features_service/product_features_service';
 
@@ -61,6 +62,8 @@ export const createDefaultPolicy = (
     defaultPolicyPerType = ensureOnlyEventCollectionIsAllowed(defaultPolicyPerType);
   }
 
+  defaultPolicyPerType.meta.billable = isBillablePolicy(defaultPolicyPerType);
+
   return defaultPolicyPerType;
 };
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts
index fb27d2dfd71aa..30e4eb0b4e276 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts
@@ -37,7 +37,6 @@ export const createMigrationIndex = async ({
     body: {
       settings: {
         index: {
-          // @ts-expect-error `name` is required on IndicesIndexSettingsLifecycle
           lifecycle: {
             indexing_complete: true,
           },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
index 33968f6e56fc9..0d1693a69806e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
@@ -21,7 +21,6 @@ import type { SecuritySolutionPluginRouter } from '../../../../../types';
 import { buildRouteValidation } from '../../../../../utils/build_validation/route_validation';
 import type { PromisePoolError } from '../../../../../utils/promise_pool';
 import { buildSiemResponse } from '../../../routes/utils';
-import { internalRuleToAPIResponse } from '../../../rule_management/normalization/rule_converters';
 import { aggregatePrebuiltRuleErrors } from '../../logic/aggregate_prebuilt_rule_errors';
 import { performTimelinesInstallation } from '../../logic/perform_timelines_installation';
 import { createPrebuiltRuleAssetsClient } from '../../logic/rule_assets/prebuilt_rule_assets_client';
@@ -182,7 +181,7 @@ export const performRuleUpgradeRoute = (router: SecuritySolutionPluginRouter) =>
               failed: ruleErrors.length,
             },
             results: {
-              updated: updatedRules.map(({ result }) => internalRuleToAPIResponse(result)),
+              updated: updatedRules.map(({ result }) => result),
               skipped: skippedRules,
             },
             errors: allErrors,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts
index 7053c913e4a3e..b5c61bb82c29e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts
@@ -15,12 +15,12 @@ import {
   setPolicy,
   createBootstrapIndex,
 } from '@kbn/securitysolution-es-utils';
+import type { CreateAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management';
 import type {
   SecuritySolutionApiRequestHandlerContext,
   SecuritySolutionPluginRouter,
 } from '../../../../types';
 import { DETECTION_ENGINE_INDEX_URL } from '../../../../../common/constants';
-import type { CreateIndexResponse } from '../../../../../common/api/detection_engine';
 import { buildSiemResponse } from '../utils';
 import {
   getSignalsTemplate,
@@ -49,7 +49,7 @@ export const createIndexRoute = (router: SecuritySolutionPluginRouter) => {
         version: '2023-10-31',
         validate: false,
       },
-      async (context, _, response): Promise<IKibanaResponse<CreateIndexResponse>> => {
+      async (context, _, response): Promise<IKibanaResponse<CreateAlertsIndexResponse>> => {
         const siemResponse = buildSiemResponse(response);
 
         try {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts
index 4bad93c04edc0..49b14944633cc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts
@@ -14,10 +14,10 @@ import {
 } from '@kbn/securitysolution-es-utils';
 
 import type { IKibanaResponse } from '@kbn/core/server';
+import type { DeleteAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management';
 import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { DETECTION_ENGINE_INDEX_URL } from '../../../../../common/constants';
 import { buildSiemResponse } from '../utils';
-import type { DeleteIndexResponse } from '../../../../../common/api/detection_engine';
 
 /**
  * Deletes all of the indexes, template, ilm policies, and aliases. You can check
@@ -44,7 +44,7 @@ export const deleteIndexRoute = (router: SecuritySolutionPluginRouter) => {
         version: '2023-10-31',
         validate: false,
       },
-      async (context, _, response): Promise<IKibanaResponse<DeleteIndexResponse>> => {
+      async (context, _, response): Promise<IKibanaResponse<DeleteAlertsIndexResponse>> => {
         const siemResponse = buildSiemResponse(response);
 
         try {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts
index 27adbd71be823..1f7b62ee5209f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts
@@ -8,6 +8,7 @@
 import { transformError, getBootstrapIndexExists } from '@kbn/securitysolution-es-utils';
 import type { RuleDataPluginService } from '@kbn/rule-registry-plugin/server';
 import type { IKibanaResponse } from '@kbn/core/server';
+import type { GetAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management';
 import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { DETECTION_ENGINE_INDEX_URL } from '../../../../../common/constants';
 
@@ -16,7 +17,6 @@ import { fieldAliasesOutdated } from './check_template_version';
 import { getIndexVersion } from './get_index_version';
 import { isOutdated } from '../../migrations/helpers';
 import { SIGNALS_TEMPLATE_VERSION } from './get_signals_template';
-import type { ReadIndexResponse } from '../../../../../common/api/detection_engine';
 
 export const readIndexRoute = (
   router: SecuritySolutionPluginRouter,
@@ -35,7 +35,7 @@ export const readIndexRoute = (
         version: '2023-10-31',
         validate: false,
       },
-      async (context, _, response): Promise<IKibanaResponse<ReadIndexResponse>> => {
+      async (context, _, response): Promise<IKibanaResponse<GetAlertsIndexResponse>> => {
         const siemResponse = buildSiemResponse(response);
 
         try {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_actions_response.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_actions_response.ts
index 5485c06cc4a27..2bf14ccbf085e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_actions_response.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_actions_response.ts
@@ -16,7 +16,11 @@ import type {
   NormalizedRuleError,
   RuleDetailsInError,
 } from '../../../../../../../common/api/detection_engine';
-import type { BulkEditActionResponse } from '../../../../../../../common/api/detection_engine/rule_management';
+import type {
+  BulkActionType,
+  BulkEditActionResponse,
+} from '../../../../../../../common/api/detection_engine/rule_management';
+import { BulkActionTypeEnum } from '../../../../../../../common/api/detection_engine/rule_management';
 import type { BulkActionsDryRunErrCode } from '../../../../../../../common/constants';
 import type { PromisePoolError } from '../../../../../../utils/promise_pool';
 import type { RuleAlertType } from '../../../../rule_schema';
@@ -33,6 +37,7 @@ export type BulkActionError =
 export const buildBulkResponse = (
   response: KibanaResponseFactory,
   {
+    bulkAction,
     isDryRun = false,
     errors = [],
     updated = [],
@@ -40,6 +45,7 @@ export const buildBulkResponse = (
     deleted = [],
     skipped = [],
   }: {
+    bulkAction?: BulkActionType;
     isDryRun?: boolean;
     errors?: BulkActionError[];
     updated?: RuleAlertType[];
@@ -76,10 +82,17 @@ export const buildBulkResponse = (
       };
 
   if (numFailed > 0) {
+    let message = summary.succeeded > 0 ? 'Bulk edit partially failed' : 'Bulk edit failed';
+    if (bulkAction === BulkActionTypeEnum.run) {
+      message =
+        summary.succeeded > 0
+          ? 'Bulk manual rule run partially failed'
+          : 'Bulk manual rule run failed';
+    }
     return response.custom<BulkEditActionResponse>({
       headers: { 'content-type': 'application/json' },
       body: {
-        message: summary.succeeded > 0 ? 'Bulk edit partially failed' : 'Bulk edit failed',
+        message,
         status_code: 500,
         attributes: {
           errors: normalizeErrorResponse(errors),
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_schedule_rule_run.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_schedule_rule_run.ts
new file mode 100644
index 0000000000000..ec82056ac4e4c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/bulk_schedule_rule_run.ts
@@ -0,0 +1,101 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BulkOperationError, RulesClient } from '@kbn/alerting-plugin/server';
+import type { ScheduleBackfillParams } from '@kbn/alerting-plugin/server/application/backfill/methods/schedule/types';
+import type { BulkManualRuleRun } from '../../../../../../../common/api/detection_engine';
+import type { ExperimentalFeatures } from '../../../../../../../common';
+import type { PromisePoolError } from '../../../../../../utils/promise_pool';
+import type { MlAuthz } from '../../../../../machine_learning/authz';
+import type { RuleAlertType } from '../../../../rule_schema';
+import { validateBulkScheduleBackfill } from '../../../logic/bulk_actions/validations';
+
+interface BulkScheduleBackfillArgs {
+  rules: RuleAlertType[];
+  isDryRun?: boolean;
+  rulesClient: RulesClient;
+  mlAuthz: MlAuthz;
+  runPayload: BulkManualRuleRun['run'];
+  experimentalFeatures: ExperimentalFeatures;
+}
+
+interface BulkScheduleBackfillOutcome {
+  backfilled: RuleAlertType[];
+  errors: Array<PromisePoolError<RuleAlertType, Error> | BulkOperationError>;
+}
+
+export const bulkScheduleBackfill = async ({
+  rules,
+  isDryRun,
+  rulesClient,
+  mlAuthz,
+  runPayload,
+  experimentalFeatures,
+}: BulkScheduleBackfillArgs): Promise<BulkScheduleBackfillOutcome> => {
+  const errors: Array<PromisePoolError<RuleAlertType, Error> | BulkOperationError> = [];
+
+  // In the first step, we validate if it is possible to schedule backfill for the rules
+  const validatedRules: RuleAlertType[] = [];
+  await Promise.all(
+    rules.map(async (rule) => {
+      try {
+        await validateBulkScheduleBackfill({
+          mlAuthz,
+          rule,
+          experimentalFeatures,
+        });
+        validatedRules.push(rule);
+      } catch (error) {
+        errors.push({ item: rule, error });
+      }
+    })
+  );
+
+  if (isDryRun || validatedRules.length === 0) {
+    return {
+      backfilled: validatedRules,
+      errors,
+    };
+  }
+
+  // Then if it's not a dry run, we schedule backfill for the rules that passed the validation
+  const params: ScheduleBackfillParams = validatedRules.map(({ id }) => ({
+    ruleId: id,
+    start: runPayload.start_date,
+    end: runPayload.end_date,
+  }));
+
+  // Perform actual schedule using the rulesClient
+  const results = await rulesClient.scheduleBackfill(params);
+  return results.reduce(
+    (acc, backfillResult) => {
+      if ('error' in backfillResult) {
+        const ruleName = validatedRules.find(
+          (rule) => rule.id === backfillResult.error.rule.id
+        )?.name;
+        const backfillError = backfillResult.error;
+        const backfillRule = backfillError.rule;
+        const error = {
+          message: backfillError.message,
+          status: backfillError.status,
+          rule: { id: backfillRule.id, name: backfillRule.name ?? ruleName ?? '' },
+        };
+        acc.errors.push(error);
+      } else {
+        const backfillRule = validatedRules.find((rule) => rule.id === backfillResult.rule.id);
+        if (backfillRule) {
+          acc.backfilled.push(backfillRule);
+        }
+      }
+      return acc;
+    },
+    { backfilled: [], errors } as {
+      backfilled: RuleAlertType[];
+      errors: Array<PromisePoolError<RuleAlertType, Error> | BulkOperationError>;
+    }
+  );
+};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.test.ts
index 37ad3dc7d8487..fdacf11f683b1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.test.ts
@@ -518,7 +518,7 @@ describe('Perform bulk action route', () => {
       });
       const result = server.validate(request);
       expect(result.badRequest).toHaveBeenCalledWith(
-        'action: Invalid literal value, expected "delete", action: Invalid literal value, expected "disable", action: Invalid literal value, expected "enable", action: Invalid literal value, expected "export", action: Invalid literal value, expected "duplicate", and 2 more'
+        'action: Invalid literal value, expected "delete", action: Invalid literal value, expected "disable", action: Invalid literal value, expected "enable", action: Invalid literal value, expected "export", action: Invalid literal value, expected "duplicate", and 4 more'
       );
     });
 
@@ -530,7 +530,7 @@ describe('Perform bulk action route', () => {
       });
       const result = server.validate(request);
       expect(result.badRequest).toHaveBeenCalledWith(
-        'action: Invalid literal value, expected "delete", action: Invalid literal value, expected "disable", action: Invalid literal value, expected "enable", action: Invalid literal value, expected "export", action: Invalid literal value, expected "duplicate", and 2 more'
+        'action: Invalid literal value, expected "delete", action: Invalid literal value, expected "disable", action: Invalid literal value, expected "enable", action: Invalid literal value, expected "export", action: Invalid literal value, expected "duplicate", and 4 more'
       );
     });
 
@@ -564,7 +564,7 @@ describe('Perform bulk action route', () => {
       });
       const result = server.validate(request);
       expect(result.badRequest).toHaveBeenCalledWith(
-        'ids: Expected array, received string, action: Invalid literal value, expected "delete", ids: Expected array, received string, ids: Expected array, received string, action: Invalid literal value, expected "enable", and 7 more'
+        'ids: Expected array, received string, action: Invalid literal value, expected "delete", ids: Expected array, received string, ids: Expected array, received string, action: Invalid literal value, expected "enable", and 10 more'
       );
     });
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
index 1177d4363fe29..b2c6ae6e04468 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
@@ -41,6 +41,7 @@ import type { BulkActionError } from './bulk_actions_response';
 import { buildBulkResponse } from './bulk_actions_response';
 import { bulkEnableDisableRules } from './bulk_enable_disable_rules';
 import { fetchRulesByQueryOrIds } from './fetch_rules_by_query_or_ids';
+import { bulkScheduleBackfill } from './bulk_schedule_rule_run';
 
 export const MAX_RULES_TO_PROCESS_TOTAL = 10000;
 const MAX_ROUTE_CONCURRENCY = 5;
@@ -322,6 +323,19 @@ export const performBulkActionRoute = (
                 .filter((rule): rule is RuleAlertType => rule !== null);
               break;
             }
+
+            case BulkActionTypeEnum.run: {
+              const { backfilled, errors: bulkActionErrors } = await bulkScheduleBackfill({
+                rules,
+                isDryRun,
+                rulesClient,
+                mlAuthz,
+                runPayload: body.run,
+                experimentalFeatures: config.experimentalFeatures,
+              });
+              errors.push(...bulkActionErrors);
+              updated = backfilled.filter((rule): rule is RuleAlertType => rule !== null);
+            }
           }
 
           if (abortController.signal.aborted === true) {
@@ -329,6 +343,7 @@ export const performBulkActionRoute = (
           }
 
           return buildBulkResponse(response, {
+            bulkAction: body.action,
             updated,
             deleted,
             created,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.test.ts
index 7bda64e6a30d8..c6a2ef1b83d8c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.test.ts
@@ -17,6 +17,10 @@ import {
   typicalMlRulePayload,
 } from '../../../../routes/__mocks__/request_responses';
 import { serverMock, requestContextMock, requestMock } from '../../../../routes/__mocks__';
+import {
+  getRulesSchemaMock,
+  getRulesMlSchemaMock,
+} from '../../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
 import { bulkPatchRulesRoute } from './route';
 import { getCreateRulesSchemaMock } from '../../../../../../../common/api/detection_engine/model/rule_schema/mocks';
 import { getMlRuleParams, getQueryRuleParams } from '../../../../rule_schema/mocks';
@@ -34,7 +38,7 @@ describe('Bulk patch rules route', () => {
 
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit()); // rule exists
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams())); // update succeeds
-    clients.detectionRulesClient.patchRule.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    clients.detectionRulesClient.patchRule.mockResolvedValue(getRulesSchemaMock());
 
     bulkPatchRulesRoute(server.router, logger);
   });
@@ -72,14 +76,11 @@ describe('Bulk patch rules route', () => {
         ...getFindResultWithSingleHit(),
         data: [getRuleMock(getMlRuleParams())],
       });
-      clients.detectionRulesClient.patchRule.mockResolvedValueOnce(
-        getRuleMock(
-          getMlRuleParams({
-            anomalyThreshold,
-            machineLearningJobId: [machineLearningJobId],
-          })
-        )
-      );
+      clients.detectionRulesClient.patchRule.mockResolvedValueOnce({
+        ...getRulesMlSchemaMock(),
+        anomaly_threshold: anomalyThreshold,
+        machine_learning_job_id: [machineLearningJobId],
+      });
 
       const request = requestMock.create({
         method: 'patch',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
index aa06c04db0619..3b16ba5fa4742 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
@@ -17,7 +17,6 @@ import {
 import type { SecuritySolutionPluginRouter } from '../../../../../../types';
 import { transformBulkError, buildSiemResponse } from '../../../../routes/utils';
 import { getIdBulkError } from '../../../utils/utils';
-import { transformValidateBulkError } from '../../../utils/validate';
 import { readRules } from '../../../logic/detection_rules_client/read_rules';
 import { getDeprecatedBulkEndpointHeader, logDeprecatedBulkEndpoint } from '../../deprecation';
 import { validateRuleDefaultExceptionList } from '../../../logic/exceptions/validate_rule_default_exception_list';
@@ -86,11 +85,11 @@ export const bulkPatchRulesRoute = (router: SecuritySolutionPluginRouter, logger
                   ruleId: payloadRule.id,
                 });
 
-                const rule = await detectionRulesClient.patchRule({
+                const patchedRule = await detectionRulesClient.patchRule({
                   nextParams: payloadRule,
                 });
 
-                return transformValidateBulkError(rule.id, rule);
+                return patchedRule;
               } catch (err) {
                 return transformBulkError(idOrRuleIdOrUnknown, err);
               }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.test.ts
index 5f2a89df6b7dd..ebdc1604346b5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.test.ts
@@ -14,6 +14,7 @@ import {
   typicalMlRulePayload,
 } from '../../../../routes/__mocks__/request_responses';
 import { serverMock, requestContextMock, requestMock } from '../../../../routes/__mocks__';
+import { getRulesSchemaMock } from '../../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
 import { bulkUpdateRulesRoute } from './route';
 import type { BulkError } from '../../../../routes/utils';
 import { getCreateRulesSchemaMock } from '../../../../../../../common/api/detection_engine/model/rule_schema/mocks';
@@ -32,7 +33,7 @@ describe('Bulk update rules route', () => {
 
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit());
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams()));
-    clients.detectionRulesClient.updateRule.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    clients.detectionRulesClient.updateRule.mockResolvedValue(getRulesSchemaMock());
     clients.appClient.getSignalsIndex.mockReturnValue('.siem-signals-test-index');
 
     bulkUpdateRulesRoute(server.router, logger);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
index bae89a74ab0b1..fb95e7e452afd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
@@ -16,7 +16,6 @@ import {
 import type { SecuritySolutionPluginRouter } from '../../../../../../types';
 import { DETECTION_ENGINE_RULES_BULK_UPDATE } from '../../../../../../../common/constants';
 import { getIdBulkError } from '../../../utils/utils';
-import { transformValidateBulkError } from '../../../utils/validate';
 import {
   transformBulkError,
   buildSiemResponse,
@@ -97,11 +96,11 @@ export const bulkUpdateRulesRoute = (router: SecuritySolutionPluginRouter, logge
                   ruleId: payloadRule.id,
                 });
 
-                const rule = await detectionRulesClient.updateRule({
+                const updatedRule = await detectionRulesClient.updateRule({
                   ruleUpdate: payloadRule,
                 });
 
-                return transformValidateBulkError(rule.id, rule);
+                return updatedRule;
               } catch (err) {
                 return transformBulkError(idOrRuleIdOrUnknown, err);
               }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts
index 182e9bb8d92b7..123b39a588c59 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts
@@ -12,6 +12,7 @@ import {
   ruleIdsToNdJsonString,
   rulesToNdJsonString,
 } from '../../../../../../../common/api/detection_engine/rule_management/mocks';
+import { getRulesSchemaMock } from '../../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
 
 import type { requestMock } from '../../../../routes/__mocks__';
 import { createMockConfig, requestContextMock, serverMock } from '../../../../routes/__mocks__';
@@ -47,7 +48,8 @@ describe('Import rules route', () => {
 
     clients.rulesClient.find.mockResolvedValue(getEmptyFindResult()); // no extant rules
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams()));
-    clients.detectionRulesClient.importRule.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    clients.detectionRulesClient.createCustomRule.mockResolvedValue(getRulesSchemaMock());
+    clients.detectionRulesClient.importRule.mockResolvedValue(getRulesSchemaMock());
     clients.actionsClient.getAll.mockResolvedValue([]);
     context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue(
       elasticsearchClientMock.createSuccessTransportRequestPromise(getBasicEmptySearchResponse())
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.test.ts
index c09eebec7689d..6352005acaca5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.test.ts
@@ -20,6 +20,11 @@ import {
 
 import { getMlRuleParams, getQueryRuleParams } from '../../../../rule_schema/mocks';
 
+import {
+  getRulesSchemaMock,
+  getRulesMlSchemaMock,
+} from '../../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
+
 import { patchRuleRoute } from './route';
 import { HttpAuthzError } from '../../../../../machine_learning/validation';
 
@@ -34,7 +39,7 @@ describe('Patch rule route', () => {
     clients.rulesClient.get.mockResolvedValue(getRuleMock(getQueryRuleParams())); // existing rule
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit()); // existing rule
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams())); // successful update
-    clients.detectionRulesClient.patchRule.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    clients.detectionRulesClient.patchRule.mockResolvedValue(getRulesSchemaMock());
 
     patchRuleRoute(server.router);
   });
@@ -99,14 +104,11 @@ describe('Patch rule route', () => {
 
       const anomalyThreshold = 4;
       const machineLearningJobId = 'some_job_id';
-      clients.detectionRulesClient.patchRule.mockResolvedValueOnce(
-        getRuleMock(
-          getMlRuleParams({
-            anomalyThreshold,
-            machineLearningJobId: [machineLearningJobId],
-          })
-        )
-      );
+      clients.detectionRulesClient.patchRule.mockResolvedValueOnce({
+        ...getRulesMlSchemaMock(),
+        anomaly_threshold: anomalyThreshold,
+        machine_learning_job_id: [machineLearningJobId],
+      });
 
       const request = requestMock.create({
         method: 'patch',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
index 506b36d4441dc..0e508f43103d6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
@@ -20,7 +20,6 @@ import { readRules } from '../../../logic/detection_rules_client/read_rules';
 import { checkDefaultRuleExceptionListReferences } from '../../../logic/exceptions/check_for_default_rule_exception_list';
 import { validateRuleDefaultExceptionList } from '../../../logic/exceptions/validate_rule_default_exception_list';
 import { getIdError } from '../../../utils/utils';
-import { transformValidate } from '../../../utils/validate';
 
 export const patchRuleRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
@@ -76,12 +75,12 @@ export const patchRuleRoute = (router: SecuritySolutionPluginRouter) => {
             ruleId: params.id,
           });
 
-          const rule = await detectionRulesClient.patchRule({
+          const patchedRule = await detectionRulesClient.patchRule({
             nextParams: params,
           });
 
           return response.ok({
-            body: transformValidate(rule),
+            body: patchedRule,
           });
         } catch (err) {
           const error = transformError(err);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.test.ts
index ff34f1a4c3e56..80db9f68a853b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.test.ts
@@ -13,6 +13,7 @@ import {
   typicalMlRulePayload,
 } from '../../../../routes/__mocks__/request_responses';
 import { requestContextMock, serverMock, requestMock } from '../../../../routes/__mocks__';
+import { getRulesSchemaMock } from '../../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
 import { DETECTION_ENGINE_RULES_URL } from '../../../../../../../common/constants';
 import { updateRuleRoute } from './route';
 import {
@@ -34,7 +35,7 @@ describe('Update rule route', () => {
     clients.rulesClient.get.mockResolvedValue(getRuleMock(getQueryRuleParams())); // existing rule
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit()); // rule exists
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams())); // successful update
-    clients.detectionRulesClient.updateRule.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    clients.detectionRulesClient.updateRule.mockResolvedValue(getRulesSchemaMock());
     clients.appClient.getSignalsIndex.mockReturnValue('.siem-signals-test-index');
 
     updateRuleRoute(server.router);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
index 5e77fa64e1fb9..fb7a7a9e3197d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
@@ -20,7 +20,7 @@ import { readRules } from '../../../logic/detection_rules_client/read_rules';
 import { checkDefaultRuleExceptionListReferences } from '../../../logic/exceptions/check_for_default_rule_exception_list';
 import { validateRuleDefaultExceptionList } from '../../../logic/exceptions/validate_rule_default_exception_list';
 import { getIdError } from '../../../utils/utils';
-import { transformValidate, validateResponseActionsPermissions } from '../../../utils/validate';
+import { validateResponseActionsPermissions } from '../../../utils/validate';
 
 export const updateRuleRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
@@ -80,12 +80,12 @@ export const updateRuleRoute = (router: SecuritySolutionPluginRouter) => {
             existingRule
           );
 
-          const rule = await detectionRulesClient.updateRule({
+          const updatedRule = await detectionRulesClient.updateRule({
             ruleUpdate: request.body,
           });
 
           return response.ok({
-            body: transformValidate(rule),
+            body: updatedRule,
           });
         } catch (err) {
           const error = transformError(err);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts
index 092808cf1cc5c..c1614df4c299d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts
@@ -41,6 +41,10 @@ interface DryRunBulkEditBulkActionsValidationArgs {
   experimentalFeatures: ExperimentalFeatures;
 }
 
+interface DryRunManualRuleRunBulkActionsValidationArgs extends BulkActionsValidationArgs {
+  experimentalFeatures: ExperimentalFeatures;
+}
+
 /**
  * throws ML authorization error wrapped with MACHINE_LEARNING_AUTH error code
  * @param mlAuthz - {@link MlAuthz}
@@ -76,6 +80,27 @@ export const validateBulkDuplicateRule = async ({ rule, mlAuthz }: BulkActionsVa
   await throwMlAuthError(mlAuthz, rule.params.type);
 };
 
+/**
+ * runs validation for bulk schedule backfill for a single rule
+ * @param params - {@link DryRunManualRuleRunBulkActionsValidationArgs}
+ */
+export const validateBulkScheduleBackfill = async ({
+  rule,
+  experimentalFeatures,
+}: DryRunManualRuleRunBulkActionsValidationArgs) => {
+  // check whether "manual rule run" feature is enabled
+  await throwDryRunError(
+    () =>
+      invariant(experimentalFeatures?.manualRuleRunEnabled, 'Manual rule run feature is disabled.'),
+    BulkActionsDryRunErrCode.MANUAL_RULE_RUN_FEATURE
+  );
+
+  await throwDryRunError(
+    () => invariant(rule.enabled, 'Cannot schedule manual rule run for a disabled rule'),
+    BulkActionsDryRunErrCode.MANUAL_RULE_RUN_DISABLED_RULE
+  );
+};
+
 /**
  * runs validation for bulk edit for a single rule
  * @param params - {@link BulkActionsValidationArgs}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.create_custom_rule.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.create_custom_rule.test.ts
index 1cf4afecedb26..7aab6640a1b52 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.create_custom_rule.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.create_custom_rule.test.ts
@@ -19,8 +19,6 @@ import { buildMlAuthz } from '../../../../machine_learning/authz';
 import { throwAuthzError } from '../../../../machine_learning/validation';
 import { createDetectionRulesClient } from './detection_rules_client';
 import type { IDetectionRulesClient } from './detection_rules_client_interface';
-import { RuleResponseValidationError } from './utils';
-import type { RuleAlertType } from '../../../rule_schema';
 
 jest.mock('../../../../machine_learning/authz');
 jest.mock('../../../../machine_learning/validation');
@@ -70,20 +68,6 @@ describe('DetectionRulesClient.createCustomRule', () => {
     expect(rulesClient.create).not.toHaveBeenCalled();
   });
 
-  it('throws if RuleResponse validation fails', async () => {
-    const internalRuleMock: RuleAlertType = getRuleMock({
-      ...getQueryRuleParams(),
-      /* Casting as 'query' suppress to TS error */
-      type: 'fake-non-existent-type' as 'query',
-    });
-
-    rulesClient.create.mockResolvedValueOnce(internalRuleMock);
-
-    await expect(
-      detectionRulesClient.createCustomRule({ params: getCreateMachineLearningRulesSchemaMock() })
-    ).rejects.toThrow(RuleResponseValidationError);
-  });
-
   it('calls the rulesClient with legacy ML params', async () => {
     await detectionRulesClient.createCustomRule({
       params: getCreateMachineLearningRulesSchemaMock(),
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.import_rule.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.import_rule.test.ts
index 4d2cb0ee65519..474fecc186519 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.import_rule.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.import_rule.test.ts
@@ -42,6 +42,8 @@ describe('DetectionRulesClient.importRule', () => {
 
   beforeEach(() => {
     rulesClient = rulesClientMock.create();
+    rulesClient.create.mockResolvedValue(getRuleMock(getQueryRuleParams()));
+    rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams()));
     detectionRulesClient = createDetectionRulesClient(rulesClient, mlAuthz);
   });
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.ts
index c26649604b282..ce6043a420907 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.ts
@@ -8,7 +8,6 @@
 import type { RulesClient } from '@kbn/alerting-plugin/server';
 import type { MlAuthz } from '../../../../machine_learning/authz';
 
-import type { RuleAlertType } from '../../../rule_schema';
 import type { RuleResponse } from '../../../../../../common/api/detection_engine/model/rule_schema';
 import type {
   IDetectionRulesClient,
@@ -47,13 +46,13 @@ export const createDetectionRulesClient = (
     });
   },
 
-  async updateRule(args: UpdateRuleArgs): Promise<RuleAlertType> {
+  async updateRule(args: UpdateRuleArgs): Promise<RuleResponse> {
     return withSecuritySpan('DetectionRulesClient.updateRule', async () => {
       return updateRule(rulesClient, args, mlAuthz);
     });
   },
 
-  async patchRule(args: PatchRuleArgs): Promise<RuleAlertType> {
+  async patchRule(args: PatchRuleArgs): Promise<RuleResponse> {
     return withSecuritySpan('DetectionRulesClient.patchRule', async () => {
       return patchRule(rulesClient, args, mlAuthz);
     });
@@ -65,13 +64,13 @@ export const createDetectionRulesClient = (
     });
   },
 
-  async upgradePrebuiltRule(args: UpgradePrebuiltRuleArgs): Promise<RuleAlertType> {
+  async upgradePrebuiltRule(args: UpgradePrebuiltRuleArgs): Promise<RuleResponse> {
     return withSecuritySpan('DetectionRulesClient.upgradePrebuiltRule', async () => {
       return upgradePrebuiltRule(rulesClient, args, mlAuthz);
     });
   },
 
-  async importRule(args: ImportRuleArgs): Promise<RuleAlertType> {
+  async importRule(args: ImportRuleArgs): Promise<RuleResponse> {
     return withSecuritySpan('DetectionRulesClient.importRule', async () => {
       return importRule(rulesClient, args, mlAuthz);
     });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.upgrade_prebuilt_rule.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.upgrade_prebuilt_rule.test.ts
index 97a564cbf86e6..38f3507d2f7ae 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.upgrade_prebuilt_rule.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.upgrade_prebuilt_rule.test.ts
@@ -99,10 +99,12 @@ describe('DetectionRulesClient.upgradePrebuiltRule', () => {
       ruleId: 'rule-id',
     });
     beforeEach(() => {
+      jest.resetAllMocks();
+      rulesClient.create.mockResolvedValue(getRuleMock(getQueryRuleParams()));
       (readRules as jest.Mock).mockResolvedValue(installedRule);
     });
 
-    it('deletes the old rule ', async () => {
+    it('deletes the old rule', async () => {
       await detectionRulesClient.upgradePrebuiltRule({ ruleAsset });
       expect(rulesClient.delete).toHaveBeenCalled();
     });
@@ -153,6 +155,8 @@ describe('DetectionRulesClient.upgradePrebuiltRule', () => {
     });
 
     it('patches the existing rule with the new params from the rule asset', async () => {
+      rulesClient.update.mockResolvedValue(getRuleMock(getEqlRuleParams()));
+
       await detectionRulesClient.upgradePrebuiltRule({ ruleAsset });
       expect(rulesClient.update).toHaveBeenCalledWith(
         expect.objectContaining({
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client_interface.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client_interface.ts
index 2d9c787119cdf..34c39153206b1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client_interface.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client_interface.ts
@@ -13,17 +13,16 @@ import type {
   RuleToImport,
   RuleResponse,
 } from '../../../../../../common/api/detection_engine';
-import type { RuleAlertType } from '../../../rule_schema';
 import type { PrebuiltRuleAsset } from '../../../prebuilt_rules';
 
 export interface IDetectionRulesClient {
   createCustomRule: (args: CreateCustomRuleArgs) => Promise<RuleResponse>;
   createPrebuiltRule: (args: CreatePrebuiltRuleArgs) => Promise<RuleResponse>;
-  updateRule: (args: UpdateRuleArgs) => Promise<RuleAlertType>;
-  patchRule: (args: PatchRuleArgs) => Promise<RuleAlertType>;
+  updateRule: (args: UpdateRuleArgs) => Promise<RuleResponse>;
+  patchRule: (args: PatchRuleArgs) => Promise<RuleResponse>;
   deleteRule: (args: DeleteRuleArgs) => Promise<void>;
-  upgradePrebuiltRule: (args: UpgradePrebuiltRuleArgs) => Promise<RuleAlertType>;
-  importRule: (args: ImportRuleArgs) => Promise<RuleAlertType>;
+  upgradePrebuiltRule: (args: UpgradePrebuiltRuleArgs) => Promise<RuleResponse>;
+  importRule: (args: ImportRuleArgs) => Promise<RuleResponse>;
 }
 
 export interface CreateCustomRuleArgs {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_custom_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_custom_rule.ts
index c77446f5baf63..963cac7e10dd1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_custom_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_custom_rule.ts
@@ -11,8 +11,10 @@ import type { CreateCustomRuleArgs } from '../detection_rules_client_interface';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
 import type { RuleParams } from '../../../../rule_schema';
 import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
-import { convertCreateAPIToInternalSchema } from '../../../normalization/rule_converters';
-import { transform } from '../../../utils/utils';
+import {
+  convertCreateAPIToInternalSchema,
+  internalRuleToAPIResponse,
+} from '../../../normalization/rule_converters';
 import { validateMlAuth, RuleResponseValidationError } from '../utils';
 
 export const createCustomRule = async (
@@ -29,7 +31,7 @@ export const createCustomRule = async (
   });
 
   /* Trying to convert the rule to a RuleResponse object */
-  const parseResult = RuleResponse.safeParse(transform(rule));
+  const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(rule));
 
   if (!parseResult.success) {
     throw new RuleResponseValidationError({
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_prebuilt_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_prebuilt_rule.ts
index db510d9071c4f..0f0a4aea12d7b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_prebuilt_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_prebuilt_rule.ts
@@ -11,8 +11,10 @@ import type { CreatePrebuiltRuleArgs } from '../detection_rules_client_interface
 import type { MlAuthz } from '../../../../../machine_learning/authz';
 import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
 import type { RuleParams } from '../../../../rule_schema';
-import { convertCreateAPIToInternalSchema } from '../../../normalization/rule_converters';
-import { transform } from '../../../utils/utils';
+import {
+  convertCreateAPIToInternalSchema,
+  internalRuleToAPIResponse,
+} from '../../../normalization/rule_converters';
 import { validateMlAuth, RuleResponseValidationError } from '../utils';
 
 export const createPrebuiltRule = async (
@@ -34,7 +36,7 @@ export const createPrebuiltRule = async (
   });
 
   /* Trying to convert the rule to a RuleResponse object */
-  const parseResult = RuleResponse.safeParse(transform(rule));
+  const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(rule));
 
   if (!parseResult.success) {
     throw new RuleResponseValidationError({
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rule.ts
index 8761478e30eda..55a0399f1a528 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rule.ts
@@ -6,6 +6,7 @@
  */
 
 import type { RulesClient } from '@kbn/alerting-plugin/server';
+import { stringifyZodError } from '@kbn/zod-helpers';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
 import type { ImportRuleArgs } from '../detection_rules_client_interface';
 import type { RuleAlertType, RuleParams } from '../../../../rule_schema';
@@ -13,9 +14,11 @@ import { createBulkErrorObject } from '../../../../routes/utils';
 import {
   convertCreateAPIToInternalSchema,
   convertUpdateAPIToInternalSchema,
+  internalRuleToAPIResponse,
 } from '../../../normalization/rule_converters';
+import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
 
-import { validateMlAuth } from '../utils';
+import { validateMlAuth, RuleResponseValidationError } from '../utils';
 
 import { readRules } from '../read_rules';
 
@@ -23,7 +26,7 @@ export const importRule = async (
   rulesClient: RulesClient,
   importRulePayload: ImportRuleArgs,
   mlAuthz: MlAuthz
-): Promise<RuleAlertType> => {
+): Promise<RuleResponse> => {
   const { ruleToImport, overwriteRules, allowMissingConnectorSecrets } = importRulePayload;
 
   await validateMlAuth(mlAuthz, ruleToImport.type);
@@ -34,30 +37,47 @@ export const importRule = async (
     id: undefined,
   });
 
-  if (!existingRule) {
-    const internalRule = convertCreateAPIToInternalSchema(ruleToImport, {
-      immutable: false,
+  if (existingRule && !overwriteRules) {
+    throw createBulkErrorObject({
+      ruleId: existingRule.params.ruleId,
+      statusCode: 409,
+      message: `rule_id: "${existingRule.params.ruleId}" already exists`,
     });
+  }
 
-    return rulesClient.create<RuleParams>({
-      data: internalRule,
-      allowMissingConnectorSecrets,
-    });
-  } else if (existingRule && overwriteRules) {
-    const newInternalRule = convertUpdateAPIToInternalSchema({
+  let importedInternalRule: RuleAlertType;
+
+  if (existingRule && overwriteRules) {
+    const ruleUpdateParams = convertUpdateAPIToInternalSchema({
       existingRule,
       ruleUpdate: ruleToImport,
     });
 
-    return rulesClient.update({
+    importedInternalRule = await rulesClient.update({
       id: existingRule.id,
-      data: newInternalRule,
+      data: ruleUpdateParams,
     });
   } else {
-    throw createBulkErrorObject({
-      ruleId: existingRule.params.ruleId,
-      statusCode: 409,
-      message: `rule_id: "${existingRule.params.ruleId}" already exists`,
+    /* Rule does not exist, so we'll create it */
+    const ruleCreateParams = convertCreateAPIToInternalSchema(ruleToImport, {
+      immutable: false,
+    });
+
+    importedInternalRule = await rulesClient.create<RuleParams>({
+      data: ruleCreateParams,
+      allowMissingConnectorSecrets,
     });
   }
+
+  /* Trying to convert an internal rule to a RuleResponse object */
+  const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(importedInternalRule));
+
+  if (!parseResult.success) {
+    throw new RuleResponseValidationError({
+      message: stringifyZodError(parseResult.error),
+      ruleId: importedInternalRule.params.ruleId,
+    });
+  }
+
+  return parseResult.data;
 };
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
index b7c8c1539d664..ce9956c5eec84 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
@@ -6,13 +6,22 @@
  */
 
 import type { RulesClient } from '@kbn/alerting-plugin/server';
+import { stringifyZodError } from '@kbn/zod-helpers';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
 import type { PatchRuleArgs } from '../detection_rules_client_interface';
-import type { RuleAlertType } from '../../../../rule_schema';
 import { getIdError } from '../../../utils/utils';
-import { convertPatchAPIToInternalSchema } from '../../../normalization/rule_converters';
+import {
+  convertPatchAPIToInternalSchema,
+  internalRuleToAPIResponse,
+} from '../../../normalization/rule_converters';
+import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
 
-import { validateMlAuth, ClientError, toggleRuleEnabledOnUpdate } from '../utils';
+import {
+  validateMlAuth,
+  ClientError,
+  toggleRuleEnabledOnUpdate,
+  RuleResponseValidationError,
+} from '../utils';
 
 import { readRules } from '../read_rules';
 
@@ -20,7 +29,7 @@ export const patchRule = async (
   rulesClient: RulesClient,
   args: PatchRuleArgs,
   mlAuthz: MlAuthz
-): Promise<RuleAlertType> => {
+): Promise<RuleResponse> => {
   const { nextParams } = args;
   const { rule_id: ruleId, id } = nextParams;
 
@@ -39,16 +48,28 @@ export const patchRule = async (
 
   const patchedRule = convertPatchAPIToInternalSchema(nextParams, existingRule);
 
-  const update = await rulesClient.update({
+  const patchedInternalRule = await rulesClient.update({
     id: existingRule.id,
     data: patchedRule,
   });
 
-  await toggleRuleEnabledOnUpdate(rulesClient, existingRule, nextParams.enabled);
+  const { enabled } = await toggleRuleEnabledOnUpdate(
+    rulesClient,
+    existingRule,
+    nextParams.enabled
+  );
+
+  /* Trying to convert the internal rule to a RuleResponse object */
+  const parseResult = RuleResponse.safeParse(
+    internalRuleToAPIResponse({ ...patchedInternalRule, enabled })
+  );
 
-  if (nextParams.enabled != null) {
-    return { ...update, enabled: nextParams.enabled };
-  } else {
-    return update;
+  if (!parseResult.success) {
+    throw new RuleResponseValidationError({
+      message: stringifyZodError(parseResult.error),
+      ruleId: patchedInternalRule.params.ruleId,
+    });
   }
+
+  return parseResult.data;
 };
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
index a37b5eaddcee0..8684a7ccd2c61 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
@@ -6,13 +6,22 @@
  */
 
 import type { RulesClient } from '@kbn/alerting-plugin/server';
+import { stringifyZodError } from '@kbn/zod-helpers';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
-import type { RuleAlertType } from '../../../../rule_schema';
 import type { UpdateRuleArgs } from '../detection_rules_client_interface';
 import { getIdError } from '../../../utils/utils';
-import { convertUpdateAPIToInternalSchema } from '../../../normalization/rule_converters';
+import {
+  convertUpdateAPIToInternalSchema,
+  internalRuleToAPIResponse,
+} from '../../../normalization/rule_converters';
+import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
 
-import { validateMlAuth, ClientError, toggleRuleEnabledOnUpdate } from '../utils';
+import {
+  validateMlAuth,
+  ClientError,
+  toggleRuleEnabledOnUpdate,
+  RuleResponseValidationError,
+} from '../utils';
 
 import { readRules } from '../read_rules';
 
@@ -20,7 +29,7 @@ export const updateRule = async (
   rulesClient: RulesClient,
   args: UpdateRuleArgs,
   mlAuthz: MlAuthz
-): Promise<RuleAlertType> => {
+): Promise<RuleResponse> => {
   const { ruleUpdate } = args;
   const { rule_id: ruleId, id } = ruleUpdate;
 
@@ -42,12 +51,28 @@ export const updateRule = async (
     ruleUpdate,
   });
 
-  const update = await rulesClient.update({
+  const updatedInternalRule = await rulesClient.update({
     id: existingRule.id,
     data: newInternalRule,
   });
 
-  await toggleRuleEnabledOnUpdate(rulesClient, existingRule, ruleUpdate.enabled);
+  const { enabled } = await toggleRuleEnabledOnUpdate(
+    rulesClient,
+    existingRule,
+    ruleUpdate.enabled
+  );
+
+  /* Trying to convert the internal rule to a RuleResponse object */
+  const parseResult = RuleResponse.safeParse(
+    internalRuleToAPIResponse({ ...updatedInternalRule, enabled })
+  );
+
+  if (!parseResult.success) {
+    throw new RuleResponseValidationError({
+      message: stringifyZodError(parseResult.error),
+      ruleId: updatedInternalRule.params.ruleId,
+    });
+  }
 
-  return { ...update, enabled: ruleUpdate.enabled ?? existingRule.enabled };
+  return parseResult.data;
 };
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts
index 528f81ac9c57b..8c1079f5716db 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts
@@ -6,16 +6,19 @@
  */
 
 import type { RulesClient } from '@kbn/alerting-plugin/server';
+import { stringifyZodError } from '@kbn/zod-helpers';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
-import type { RuleAlertType, RuleParams } from '../../../../rule_schema';
+import type { RuleParams } from '../../../../rule_schema';
 import type { UpgradePrebuiltRuleArgs } from '../detection_rules_client_interface';
 import {
   convertPatchAPIToInternalSchema,
   convertCreateAPIToInternalSchema,
+  internalRuleToAPIResponse,
 } from '../../../normalization/rule_converters';
 import { transformAlertToRuleAction } from '../../../../../../../common/detection_engine/transform_actions';
+import { RuleResponse } from '../../../../../../../common/api/detection_engine/model/rule_schema';
 
-import { validateMlAuth, ClientError } from '../utils';
+import { validateMlAuth, ClientError, RuleResponseValidationError } from '../utils';
 
 import { readRules } from '../read_rules';
 
@@ -23,7 +26,7 @@ export const upgradePrebuiltRule = async (
   rulesClient: RulesClient,
   upgradePrebuiltRulePayload: UpgradePrebuiltRuleArgs,
   mlAuthz: MlAuthz
-): Promise<RuleAlertType> => {
+): Promise<RuleResponse> => {
   const { ruleAsset } = upgradePrebuiltRulePayload;
 
   await validateMlAuth(mlAuthz, ruleAsset.type);
@@ -56,29 +59,41 @@ export const upgradePrebuiltRule = async (
       { immutable: true, defaultEnabled: existingRule.enabled }
     );
 
-    return rulesClient.create<RuleParams>({
+    const createdRule = await rulesClient.create<RuleParams>({
       data: internalRule,
       options: { id: existingRule.id },
     });
+
+    /* Trying to convert the rule to a RuleResponse object */
+    const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(createdRule));
+
+    if (!parseResult.success) {
+      throw new RuleResponseValidationError({
+        message: stringifyZodError(parseResult.error),
+        ruleId: createdRule.params.ruleId,
+      });
+    }
+
+    return parseResult.data;
   }
 
   // Else, simply patch it.
   const patchedRule = convertPatchAPIToInternalSchema(ruleAsset, existingRule);
 
-  await rulesClient.update({
+  const patchedInternalRule = await rulesClient.update({
     id: existingRule.id,
     data: patchedRule,
   });
 
-  const updatedRule = await readRules({
-    rulesClient,
-    ruleId: ruleAsset.rule_id,
-    id: undefined,
-  });
+  /* Trying to convert the internal rule to a RuleResponse object */
+  const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(patchedInternalRule));
 
-  if (!updatedRule) {
-    throw new ClientError(`Rule ${ruleAsset.rule_id} not found after upgrade`, 500);
+  if (!parseResult.success) {
+    throw new RuleResponseValidationError({
+      message: stringifyZodError(parseResult.error),
+      ruleId: patchedInternalRule.params.ruleId,
+    });
   }
 
-  return updatedRule;
+  return parseResult.data;
 };
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/utils.ts
index 624f86a49422a..4f25497b30564 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/utils.ts
@@ -20,12 +20,18 @@ export const toggleRuleEnabledOnUpdate = async (
   rulesClient: RulesClient,
   existingRule: RuleAlertType,
   updatedRuleEnabled?: boolean
-) => {
+): Promise<{ enabled: boolean }> => {
   if (existingRule.enabled && updatedRuleEnabled === false) {
     await rulesClient.disable({ id: existingRule.id });
-  } else if (!existingRule.enabled && updatedRuleEnabled === true) {
+    return { enabled: false };
+  }
+
+  if (!existingRule.enabled && updatedRuleEnabled === true) {
     await rulesClient.enable({ id: existingRule.id });
+    return { enabled: true };
   }
+
+  return { enabled: existingRule.enabled };
 };
 
 export const validateMlAuth = async (mlAuthz: MlAuthz, ruleType: Type) => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts
index 5fef4d40a22e5..6537dfed3a169 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts
@@ -6,28 +6,21 @@
  */
 
 import { getImportRulesSchemaMock } from '../../../../../../common/api/detection_engine/rule_management/mocks';
-import { getQueryRuleParams } from '../../../rule_schema/mocks';
-
+import { getRulesSchemaMock } from '../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock';
 import { requestContextMock } from '../../../routes/__mocks__';
-import { getRuleMock, getEmptyFindResult } from '../../../routes/__mocks__/request_responses';
 
 import { importRules } from './import_rules_utils';
 import { createBulkErrorObject } from '../../../routes/utils';
 
 describe('importRules', () => {
   const { clients, context } = requestContextMock.createTools();
-  const importedRule = getRuleMock(getQueryRuleParams());
+  const ruleToImport = getImportRulesSchemaMock();
 
   beforeEach(() => {
-    clients.rulesClient.find.mockResolvedValue(getEmptyFindResult());
-    clients.rulesClient.update.mockResolvedValue(importedRule);
-    clients.detectionRulesClient.importRule.mockResolvedValue(importedRule);
-    clients.actionsClient.getAll.mockResolvedValue([]);
-
     jest.clearAllMocks();
   });
 
-  it('returns rules response if no rules to import', async () => {
+  it('returns an empty rules response if no rules to import', async () => {
     const result = await importRules({
       ruleChunks: [],
       rulesResponseAcc: [],
@@ -62,12 +55,13 @@ describe('importRules', () => {
   it('returns 409 error if DetectionRulesClient throws with 409 - existing rule', async () => {
     clients.detectionRulesClient.importRule.mockImplementationOnce(async () => {
       throw createBulkErrorObject({
-        ruleId: importedRule.params.ruleId,
+        ruleId: ruleToImport.rule_id,
         statusCode: 409,
-        message: `rule_id: "${importedRule.params.ruleId}" already exists`,
+        message: `rule_id: "${ruleToImport.rule_id}" already exists`,
       });
     });
-    const ruleChunk = [getImportRulesSchemaMock({ rule_id: importedRule.params.ruleId })];
+
+    const ruleChunk = [ruleToImport];
     const result = await importRules({
       ruleChunks: [ruleChunk],
       rulesResponseAcc: [],
@@ -79,15 +73,21 @@ describe('importRules', () => {
     expect(result).toEqual([
       {
         error: {
-          message: `rule_id: "${importedRule.params.ruleId}" already exists`,
+          message: `rule_id: "${ruleToImport.rule_id}" already exists`,
           status_code: 409,
         },
-        rule_id: importedRule.params.ruleId,
+        rule_id: ruleToImport.rule_id,
       },
     ]);
   });
+
   it('creates rule if no matching existing rule found', async () => {
-    const ruleChunk = [getImportRulesSchemaMock({ rule_id: importedRule.params.ruleId })];
+    clients.detectionRulesClient.importRule.mockResolvedValue({
+      ...getRulesSchemaMock(),
+      rule_id: ruleToImport.rule_id,
+    });
+
+    const ruleChunk = [ruleToImport];
     const result = await importRules({
       ruleChunks: [ruleChunk],
       rulesResponseAcc: [],
@@ -96,6 +96,6 @@ describe('importRules', () => {
       existingLists: {},
     });
 
-    expect(result).toEqual([{ rule_id: importedRule.params.ruleId, status_code: 200 }]);
+    expect(result).toEqual([{ rule_id: ruleToImport.rule_id, status_code: 200 }]);
   });
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.ts
index 5c64a2a6f9a33..5fc57a7a91e45 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.ts
@@ -98,7 +98,7 @@ export const importRules = async ({
               });
 
               resolve({
-                rule_id: importedRule.params.ruleId,
+                rule_id: importedRule.rule_id,
                 status_code: 200,
               });
             } catch (err) {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.test.ts
index 8fa275c7ba59f..f11e31691d25b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { transformValidate, transformValidateBulkError } from './validate';
+import { transformValidateBulkError } from './validate';
 import type { BulkError } from '../../routes/utils';
 import { getRuleMock } from '../../routes/__mocks__/request_responses';
 import { getListArrayMock } from '../../../../../common/detection_engine/schemas/types/lists.mock';
@@ -82,23 +82,6 @@ export const ruleOutput = (): RuleResponse => ({
 });
 
 describe('validate', () => {
-  describe('transformValidate', () => {
-    test('it should do a validation correctly of a partial alert', () => {
-      const ruleAlert = getRuleMock(getQueryRuleParams());
-      const validated = transformValidate(ruleAlert);
-      expect(validated).toEqual(ruleOutput());
-    });
-
-    test('it should do an in-validation correctly of a partial alert', () => {
-      const ruleAlert = getRuleMock(getQueryRuleParams());
-      // @ts-expect-error
-      delete ruleAlert.name;
-      expect(() => {
-        transformValidate(ruleAlert);
-      }).toThrowError('Required');
-    });
-  });
-
   describe('transformValidateBulkError', () => {
     test('it should do a validation correctly of a rule id', () => {
       const ruleAlert = getRuleMock(getQueryRuleParams());
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
index bd66139529cb3..298b7f62d2973 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
@@ -31,14 +31,8 @@ import {
   type UnifiedQueryRuleParams,
 } from '../../rule_schema';
 import { type BulkError, createBulkErrorObject } from '../../routes/utils';
-import { transform } from './utils';
 import { internalRuleToAPIResponse } from '../normalization/rule_converters';
 
-export const transformValidate = (rule: PartialRule<RuleParams>): RuleResponse => {
-  const transformed = transform(rule);
-  return RuleResponse.parse(transformed);
-};
-
 export const transformValidateBulkError = (
   ruleId: string,
   rule: PartialRule<RuleParams>
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts
index 8d134ad215396..57892d65da35f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts
@@ -121,7 +121,10 @@ export const sampleDocWithSortId = (
 export const sampleDocNoSortId = (
   someUuid: string = sampleIdGuid,
   ip?: string
-): SignalSourceHit & { _source: Required<SignalSourceHit>['_source'] } => ({
+): SignalSourceHit & {
+  _source: Required<SignalSourceHit>['_source'];
+  _id: Required<SignalSourceHit>['_id'];
+} => ({
   _index: 'myFakeSignalIndex',
   _score: 100,
   _version: 1,
@@ -144,7 +147,10 @@ export const sampleDocNoSortId = (
 export const sampleAlertDocNoSortId = (
   someUuid: string = sampleIdGuid,
   ip?: string
-): SignalSourceHit & { _source: Required<SignalSourceHit>['_source'] } => ({
+): SignalSourceHit & {
+  _id: Required<SignalSourceHit>['_id'];
+  _source: Required<SignalSourceHit>['_source'];
+} => ({
   ...sampleDocNoSortId(someUuid, ip),
   _source: {
     event: {
@@ -173,7 +179,10 @@ export const sampleAlertDocNoSortId = (
 export const sampleAlertDocAADNoSortId = (
   someUuid: string = sampleIdGuid,
   ip?: string
-): AlertSourceHit & { _source: Required<AlertSourceHit>['_source'] } => ({
+): AlertSourceHit & {
+  _id: Required<AlertSourceHit>['_id'];
+  _source: Required<AlertSourceHit>['_source'];
+} => ({
   _index: 'myFakeSignalIndex',
   _score: 100,
   _version: 1,
@@ -337,6 +346,7 @@ export const sampleDocNoSortIdWithTimestamp = (
   someUuid: string = sampleIdGuid,
   ip?: string
 ): SignalSourceHit & {
+  _id: Required<SignalSourceHit>['_id'];
   _source: Required<SignalSourceHit>['_source'] & { '@timestamp': string };
 } => {
   const doc = sampleDocNoSortId(someUuid, ip);
@@ -353,6 +363,7 @@ export const sampleAlertDocNoSortIdWithTimestamp = (
   someUuid: string = sampleIdGuid,
   ip?: string
 ): SignalSourceHit & {
+  _id: Required<SignalSourceHit>['_id'];
   _source: Required<SignalSourceHit>['_source'] & { '@timestamp': string };
 } => {
   const doc = sampleAlertDocNoSortId(someUuid, ip);
@@ -369,6 +380,7 @@ export const sampleAlertDocAADNoSortIdWithTimestamp = (
   someUuid: string = sampleIdGuid,
   ip?: string
 ): AlertSourceHit & {
+  _id: Required<AlertSourceHit>['_id'];
   _source: Required<AlertSourceHit>['_source'] & { '@timestamp': string };
 } => {
   const doc = sampleAlertDocAADNoSortId(someUuid, ip);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts
index 204953552a329..13828c0ed6770 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts
@@ -59,7 +59,8 @@ export const fetchSourceDocuments = async ({
 
   return response.hits.hits.reduce<Record<string, { fields: estypes.SearchHit['fields'] }>>(
     (acc, hit) => {
-      acc[hit._id] = { fields: hit.fields };
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      acc[hit._id!] = { fields: hit.fields };
       return acc;
     },
     {}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
index 4cf64c60de22e..ffb5f6ee45170 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
@@ -47,6 +47,7 @@ import {
 import { getCompleteRuleMock, getQueryRuleParams } from '../../../rule_schema/mocks';
 
 type SignalDoc = SignalSourceHit & {
+  _id: Required<SignalSourceHit>['_id'];
   _source: Required<SignalSourceHit>['_source'] & { [TIMESTAMP]: string };
 };
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
index 4e7c72f7dbf50..6b21ed226c165 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
@@ -45,7 +45,8 @@ export const wrapHitsFactory =
     const wrappedDocs = events.map((event): WrappedFieldsLatest<BaseFieldsLatest> => {
       const id = generateId(
         event._index,
-        event._id,
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        event._id!,
         String(event._version),
         `${spaceId}:${completeRule.alertId}`
       );
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts
index 303b7fa9eebfe..8f98eab1a93e9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts
@@ -13,7 +13,8 @@ import type { ThreatEnrichment, ThreatListItem, ThreatMatchNamedQuery } from './
 
 export const MAX_NUMBER_OF_SIGNAL_MATCHES = 200;
 
-const getSignalId = (signal: SignalSourceHit): string => signal._id;
+// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+const getSignalId = (signal: SignalSourceHit): string => signal._id!;
 
 export const groupAndMergeSignalMatches = (signalHits: SignalSourceHit[]): SignalSourceHit[] => {
   const dedupedHitsMap = signalHits.reduce<Record<string, SignalSourceHit>>((acc, signalHit) => {
@@ -84,7 +85,8 @@ const enrichSignalWithThreatMatches = (
   // new issues.
   const existingEnrichmentValue = get(signalHit._source, 'threat.enrichments') ?? [];
   const existingEnrichments = [existingEnrichmentValue].flat(); // ensure enrichments is an array
-  const newEnrichmentsWithoutAtomic = enrichmentsWithoutAtomic[signalHit._id] ?? [];
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+  const newEnrichmentsWithoutAtomic = enrichmentsWithoutAtomic[signalHit._id!] ?? [];
   const newEnrichments = newEnrichmentsWithoutAtomic.map((enrichment) => ({
     ...enrichment,
     matched: {
@@ -124,9 +126,11 @@ export const enrichSignalThreatMatchesFromSignalsMap = async (
   const enrichmentsWithoutAtomic: Record<string, ThreatEnrichment[]> = {};
 
   uniqueHits.forEach((hit) => {
-    enrichmentsWithoutAtomic[hit._id] = buildEnrichments({
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    enrichmentsWithoutAtomic[hit._id!] = buildEnrichments({
       indicatorPath,
-      queries: signalsMap.get(hit._id) ?? [],
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      queries: signalsMap.get(hit._id!) ?? [],
       threats: matchedThreats,
     });
   });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts
index 7d0f49b548f37..309516a57335c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts
@@ -66,7 +66,8 @@ export async function getSignalsQueryMapFromThreatIndex(
     const signalMatch = signalsQueryMap.get(signalId);
 
     const threatQuery = {
-      id: threatHit._id,
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      id: threatHit._id!,
       index: threatHit._index,
       field: decodedQuery.field,
       value: decodedQuery.value,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts
index 1bf61512135e0..df1b0080d3bef 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts
@@ -30,7 +30,8 @@ export const threatEnrichmentFactory = ({
   const threatEnrichment = (signals: SignalSourceHit[]): Promise<SignalSourceHit[]> => {
     const getThreats = async () => {
       const threatIds = signals
-        .map((s) => s._id)
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        .map((s) => s._id!)
         .reduce<string[]>((acc, id) => {
           return [
             ...new Set([
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts
index 2c1f74e99e925..da72d121c371c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts
@@ -243,7 +243,8 @@ export const getSignalValueMap = ({
       if (!acc[field][fieldValue]) {
         acc[field][fieldValue] = [];
       }
-      acc[field][fieldValue].push(event._id);
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      acc[field][fieldValue].push(event._id!);
     });
     return acc;
   }, {});
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts
index 3268c78dd8ab3..89328f176567d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts
@@ -62,7 +62,8 @@ export const wrapSuppressedAlerts = ({
 
     const id = generateId(
       event._index,
-      event._id,
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      event._id!,
       String(event._version),
       `${spaceId}:${completeRule.alertId}`
     );
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts
deleted file mode 100644
index 9ef1cc8bc2106..0000000000000
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { riskScoreCalculationRoute } from './calculation';
-
-import { loggerMock } from '@kbn/logging-mocks';
-import { RISK_SCORE_CALCULATION_URL } from '../../../../../common/constants';
-import {
-  serverMock,
-  requestContextMock,
-  requestMock,
-} from '../../../detection_engine/routes/__mocks__';
-import { riskScoreServiceFactory } from '../risk_score_service';
-import { riskScoreServiceMock } from '../risk_score_service.mock';
-import { getRiskInputsIndex } from '../get_risk_inputs_index';
-import { calculateAndPersistRiskScoresMock } from '../calculate_and_persist_risk_scores.mock';
-
-jest.mock('../get_risk_inputs_index');
-jest.mock('../risk_score_service');
-
-describe('risk score calculation route', () => {
-  let server: ReturnType<typeof serverMock.create>;
-  let { clients, context } = requestContextMock.createTools();
-  let logger: ReturnType<typeof loggerMock.create>;
-  let mockRiskScoreService: ReturnType<typeof riskScoreServiceMock.create>;
-
-  beforeEach(() => {
-    jest.resetAllMocks();
-
-    server = serverMock.create();
-    logger = loggerMock.create();
-    ({ clients, context } = requestContextMock.createTools());
-    mockRiskScoreService = riskScoreServiceMock.create();
-
-    (getRiskInputsIndex as jest.Mock).mockResolvedValue({
-      index: 'default-dataview-index',
-      runtimeMappings: {},
-    });
-    clients.appClient.getAlertsIndex.mockReturnValue('default-alerts-index');
-    (riskScoreServiceFactory as jest.Mock).mockReturnValue(mockRiskScoreService);
-
-    riskScoreCalculationRoute(server.router, logger);
-  });
-
-  const buildRequest = (overrides: object = {}) => {
-    const defaults = {
-      data_view_id: 'default-dataview-id',
-      range: { start: 'now-30d', end: 'now' },
-      identifier_type: 'host',
-    };
-
-    return requestMock.create({
-      method: 'post',
-      path: RISK_SCORE_CALCULATION_URL,
-      body: { ...defaults, ...overrides },
-    });
-  };
-
-  it('should return 200 when risk score calculation is successful', async () => {
-    mockRiskScoreService.calculateAndPersistScores.mockResolvedValue(
-      calculateAndPersistRiskScoresMock.buildResponse()
-    );
-    const request = buildRequest();
-
-    const response = await server.inject(request, requestContextMock.convertContext(context));
-
-    expect(response.status).toEqual(200);
-  });
-
-  describe('parameters', () => {
-    it('accepts a parameter for the dataview', async () => {
-      const request = buildRequest({ data_view_id: 'custom-dataview-id' });
-
-      const response = await server.inject(request, requestContextMock.convertContext(context));
-
-      expect(response.status).toEqual(200);
-      expect(getRiskInputsIndex).toHaveBeenCalledWith(
-        expect.objectContaining({ dataViewId: 'custom-dataview-id' })
-      );
-    });
-
-    it('accepts a parameter for the range', async () => {
-      const request = buildRequest({ range: { start: 'now-30d', end: 'now-20d' } });
-      const response = await server.inject(request, requestContextMock.convertContext(context));
-
-      expect(response.status).toEqual(200);
-      expect(mockRiskScoreService.calculateAndPersistScores).toHaveBeenCalledWith(
-        expect.objectContaining({ range: { start: 'now-30d', end: 'now-20d' } })
-      );
-    });
-  });
-
-  describe('validation', () => {
-    describe('required parameters', () => {
-      it('requires a parameter for the dataview', async () => {
-        const request = buildRequest({ data_view_id: undefined });
-        const result = await server.validate(request);
-
-        expect(result.badRequest).toHaveBeenCalledWith('data_view_id: Required');
-      });
-
-      it('requires a parameter for the date range', async () => {
-        const request = buildRequest({ range: undefined });
-        const result = await server.validate(request);
-
-        expect(result.badRequest).toHaveBeenCalledWith('range: Required');
-      });
-
-      it('requires a parameter for the identifier type', async () => {
-        const request = buildRequest({ identifier_type: undefined });
-        const result = await server.validate(request);
-
-        expect(result.badRequest).toHaveBeenCalledWith('identifier_type: Required');
-      });
-    });
-
-    it('uses an unknown dataview as index pattern', async () => {
-      const request = buildRequest({ data_view_id: 'unknown-dataview' });
-      (getRiskInputsIndex as jest.Mock).mockResolvedValue({
-        index: 'unknown-dataview',
-        runtimeMappings: {},
-      });
-
-      const response = await server.inject(request, requestContextMock.convertContext(context));
-
-      expect(response.status).toEqual(200);
-      expect(mockRiskScoreService.calculateAndPersistScores).toHaveBeenCalledWith(
-        expect.objectContaining({ index: 'unknown-dataview', runtimeMappings: {} })
-      );
-    });
-
-    it('rejects an invalid date range', async () => {
-      const request = buildRequest({ range: 'bad range' });
-      const result = await server.validate(request);
-
-      expect(result.badRequest).toHaveBeenCalledWith('range: Expected object, received string');
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts
deleted file mode 100644
index 1602e724db227..0000000000000
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Logger } from '@kbn/core/server';
-import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
-import { transformError } from '@kbn/securitysolution-es-utils';
-import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
-import { RiskScoresCalculationRequest } from '../../../../../common/api/entity_analytics/risk_engine/calculation_route.gen';
-import {
-  APP_ID,
-  DEFAULT_RISK_SCORE_PAGE_SIZE,
-  RISK_SCORE_CALCULATION_URL,
-} from '../../../../../common/constants';
-import { getRiskInputsIndex } from '../get_risk_inputs_index';
-import type { EntityAnalyticsRoutesDeps } from '../../types';
-import { RiskScoreAuditActions } from '../audit';
-import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
-import { buildRiskScoreServiceForRequest } from './helpers';
-
-export const riskScoreCalculationRoute = (
-  router: EntityAnalyticsRoutesDeps['router'],
-  logger: Logger
-) => {
-  router.versioned
-    .post({
-      path: RISK_SCORE_CALCULATION_URL,
-      access: 'internal',
-      options: {
-        tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`],
-      },
-    })
-    .addVersion(
-      {
-        version: '1',
-        validate: { request: { body: buildRouteValidationWithZod(RiskScoresCalculationRequest) } },
-      },
-      async (context, request, response) => {
-        const securityContext = await context.securitySolution;
-
-        securityContext.getAuditLogger()?.log({
-          message: 'User triggered custom manual scoring',
-          event: {
-            action: RiskScoreAuditActions.RISK_ENGINE_MANUAL_SCORING,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.CHANGE,
-            outcome: AUDIT_OUTCOME.UNKNOWN,
-          },
-        });
-
-        const siemResponse = buildSiemResponse(response);
-        const coreContext = await context.core;
-        const soClient = coreContext.savedObjects.client;
-        const securityConfig = await securityContext.getConfig();
-
-        const riskScoreService = buildRiskScoreServiceForRequest(
-          securityContext,
-          coreContext,
-          logger
-        );
-
-        const {
-          after_keys: userAfterKeys,
-          data_view_id: dataViewId,
-          debug,
-          page_size: userPageSize,
-          identifier_type: identifierType,
-          filter,
-          range,
-          weights,
-        } = request.body;
-
-        try {
-          const { index, runtimeMappings } = await getRiskInputsIndex({
-            dataViewId,
-            logger,
-            soClient,
-          });
-
-          const afterKeys = userAfterKeys ?? {};
-          const pageSize = userPageSize ?? DEFAULT_RISK_SCORE_PAGE_SIZE;
-          const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults(
-            securityConfig.entityAnalytics
-          );
-
-          const alertSampleSizePerShard = entityAnalyticsConfig?.alertSampleSizePerShard;
-
-          const result = await riskScoreService.calculateAndPersistScores({
-            afterKeys,
-            debug,
-            pageSize,
-            identifierType,
-            index,
-            filter,
-            range,
-            runtimeMappings,
-            weights,
-            alertSampleSizePerShard,
-          });
-
-          return response.ok({ body: result });
-        } catch (e) {
-          const error = transformError(e);
-
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: { message: error.message, full_error: JSON.stringify(e) },
-            bypassErrorFormat: true,
-          });
-        }
-      }
-    );
-};
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
index eeb773b41a180..c521d11d19704 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
@@ -6,10 +6,16 @@
  */
 
 import { isEmpty } from 'lodash/fp';
-import type { Logger } from '@kbn/core/server';
+import type {
+  IKibanaResponse,
+  KibanaRequest,
+  KibanaResponseFactory,
+  Logger,
+} from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
+import type { SecuritySolutionRequestHandlerContext } from '../../../../types';
 import type { RiskScoresCalculationResponse } from '../../../../../common/api/entity_analytics/risk_engine/calculation_route.gen';
 import type { AfterKeys } from '../../../../../common/api/entity_analytics/common';
 import { RiskScoresEntityCalculationRequest } from '../../../../../common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
@@ -23,6 +29,160 @@ import { buildRiskScoreServiceForRequest } from './helpers';
 import { getFieldForIdentifier } from '../helpers';
 import { withRiskEnginePrivilegeCheck } from '../../risk_engine/risk_engine_privileges';
 
+type Handler = (
+  context: SecuritySolutionRequestHandlerContext,
+  request: KibanaRequest<unknown, unknown, RiskScoresEntityCalculationRequest>,
+  response: KibanaResponseFactory
+) => Promise<IKibanaResponse>;
+
+const handler: (logger: Logger) => Handler = (logger) => async (context, request, response) => {
+  const securityContext = await context.securitySolution;
+
+  securityContext.getAuditLogger()?.log({
+    message: 'User triggered custom manual scoring',
+    event: {
+      action: RiskScoreAuditActions.RISK_ENGINE_ENTITY_MANUAL_SCORING,
+      category: AUDIT_CATEGORY.DATABASE,
+      type: AUDIT_TYPE.CHANGE,
+      outcome: AUDIT_OUTCOME.UNKNOWN,
+    },
+  });
+
+  const coreContext = await context.core;
+  const securityConfig = await securityContext.getConfig();
+  const siemResponse = buildSiemResponse(response);
+  const soClient = coreContext.savedObjects.client;
+
+  const riskScoreService = buildRiskScoreServiceForRequest(securityContext, coreContext, logger);
+
+  const { identifier_type: identifierType, identifier, refresh } = request.body;
+
+  try {
+    const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults(
+      securityConfig.entityAnalytics
+    );
+
+    if (entityAnalyticsConfig == null) {
+      return siemResponse.error({
+        statusCode: 400,
+        body: 'No Risk engine configuration found',
+      });
+    }
+
+    const {
+      dataViewId,
+      enabled,
+      range: configuredRange,
+      pageSize,
+      alertSampleSizePerShard,
+      filter: userFilter,
+    } = entityAnalyticsConfig;
+
+    if (!enabled) {
+      return siemResponse.error({
+        statusCode: 400,
+        body: 'Risk engine is disabled',
+      });
+    }
+
+    const { index, runtimeMappings } = await getRiskInputsIndex({
+      dataViewId,
+      logger,
+      soClient,
+    });
+
+    const range = convertRangeToISO(configuredRange);
+
+    const afterKeys: AfterKeys = {};
+
+    const identifierFilter = {
+      term: { [getFieldForIdentifier(identifierType)]: identifier },
+    };
+
+    const filter = isEmpty(userFilter) ? [identifierFilter] : [userFilter, identifierFilter];
+
+    const result: RiskScoresCalculationResponse = await riskScoreService.calculateAndPersistScores({
+      pageSize,
+      identifierType,
+      index,
+      filter: {
+        bool: {
+          filter,
+        },
+      },
+      range,
+      runtimeMappings,
+      weights: [],
+      alertSampleSizePerShard,
+      afterKeys,
+      returnScores: true,
+      refresh,
+    });
+
+    if (result.errors.length) {
+      return siemResponse.error({
+        statusCode: 500,
+        body: {
+          message: 'Error calculating the risk score for an entity.',
+          full_error: JSON.stringify(result.errors),
+        },
+        bypassErrorFormat: true,
+      });
+    }
+
+    if (result.scores_written > 0) {
+      await riskScoreService.scheduleLatestTransformNow();
+    }
+
+    const score = result.scores_written === 1 ? result.scores?.[identifierType]?.[0] : undefined;
+
+    return response.ok({
+      body: {
+        success: true,
+        score,
+      },
+    });
+  } catch (e) {
+    const error = transformError(e);
+
+    return siemResponse.error({
+      statusCode: error.statusCode,
+      body: { message: error.message, full_error: JSON.stringify(e) },
+      bypassErrorFormat: true,
+    });
+  }
+};
+
+/**
+ * @deprecated
+ * It will be deleted on a future Serverless release.
+ */
+export const deprecatedRiskScoreEntityCalculationRoute = (
+  router: EntityAnalyticsRoutesDeps['router'],
+  getStartServices: EntityAnalyticsRoutesDeps['getStartServices'],
+  logger: Logger
+) => {
+  router.versioned
+    .post({
+      path: '/api/risk_scores/calculation/entity',
+      access: 'internal',
+      options: {
+        tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`],
+      },
+    })
+    .addVersion(
+      {
+        version: '1',
+        validate: {
+          request: {
+            body: buildRouteValidationWithZod(RiskScoresEntityCalculationRequest),
+          },
+        },
+      },
+      withRiskEnginePrivilegeCheck(getStartServices, handler(logger))
+    );
+};
+
 export const riskScoreEntityCalculationRoute = (
   router: EntityAnalyticsRoutesDeps['router'],
   getStartServices: EntityAnalyticsRoutesDeps['getStartServices'],
@@ -45,128 +205,6 @@ export const riskScoreEntityCalculationRoute = (
           },
         },
       },
-      withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => {
-        const securityContext = await context.securitySolution;
-
-        securityContext.getAuditLogger()?.log({
-          message: 'User triggered custom manual scoring',
-          event: {
-            action: RiskScoreAuditActions.RISK_ENGINE_ENTITY_MANUAL_SCORING,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.CHANGE,
-            outcome: AUDIT_OUTCOME.UNKNOWN,
-          },
-        });
-
-        const coreContext = await context.core;
-        const securityConfig = await securityContext.getConfig();
-        const siemResponse = buildSiemResponse(response);
-        const soClient = coreContext.savedObjects.client;
-
-        const riskScoreService = buildRiskScoreServiceForRequest(
-          securityContext,
-          coreContext,
-          logger
-        );
-
-        const { identifier_type: identifierType, identifier, refresh } = request.body;
-
-        try {
-          const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults(
-            securityConfig.entityAnalytics
-          );
-
-          if (entityAnalyticsConfig == null) {
-            return siemResponse.error({
-              statusCode: 400,
-              body: 'No Risk engine configuration found',
-            });
-          }
-
-          const {
-            dataViewId,
-            enabled,
-            range: configuredRange,
-            pageSize,
-            alertSampleSizePerShard,
-            filter: userFilter,
-          } = entityAnalyticsConfig;
-
-          if (!enabled) {
-            return siemResponse.error({
-              statusCode: 400,
-              body: 'Risk engine is disabled',
-            });
-          }
-
-          const { index, runtimeMappings } = await getRiskInputsIndex({
-            dataViewId,
-            logger,
-            soClient,
-          });
-
-          const range = convertRangeToISO(configuredRange);
-
-          const afterKeys: AfterKeys = {};
-
-          const identifierFilter = {
-            term: { [getFieldForIdentifier(identifierType)]: identifier },
-          };
-
-          const filter = isEmpty(userFilter) ? [identifierFilter] : [userFilter, identifierFilter];
-
-          const result: RiskScoresCalculationResponse =
-            await riskScoreService.calculateAndPersistScores({
-              pageSize,
-              identifierType,
-              index,
-              filter: {
-                bool: {
-                  filter,
-                },
-              },
-              range,
-              runtimeMappings,
-              weights: [],
-              alertSampleSizePerShard,
-              afterKeys,
-              returnScores: true,
-              refresh,
-            });
-
-          if (result.errors.length) {
-            return siemResponse.error({
-              statusCode: 500,
-              body: {
-                message: 'Error calculating the risk score for an entity.',
-                full_error: JSON.stringify(result.errors),
-              },
-              bypassErrorFormat: true,
-            });
-          }
-
-          if (result.scores_written > 0) {
-            await riskScoreService.scheduleLatestTransformNow();
-          }
-
-          const score =
-            result.scores_written === 1 ? result.scores?.[identifierType]?.[0] : undefined;
-
-          return response.ok({
-            body: {
-              success: true,
-              score,
-            },
-          });
-        } catch (e) {
-          const error = transformError(e);
-
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: { message: error.message, full_error: JSON.stringify(e) },
-            bypassErrorFormat: true,
-          });
-        }
-      })
+      withRiskEnginePrivilegeCheck(getStartServices, handler(logger))
     );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts
index 015b12c5d8ee1..1b32ce0bf52b0 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts
@@ -5,9 +5,11 @@
  * 2.0.
  */
 import { riskScorePreviewRoute } from './preview';
-import { riskScoreCalculationRoute } from './calculation';
 import type { EntityAnalyticsRoutesDeps } from '../../types';
-import { riskScoreEntityCalculationRoute } from './entity_calculation';
+import {
+  deprecatedRiskScoreEntityCalculationRoute,
+  riskScoreEntityCalculationRoute,
+} from './entity_calculation';
 
 export const registerRiskScoreRoutes = ({
   router,
@@ -15,6 +17,6 @@ export const registerRiskScoreRoutes = ({
   logger,
 }: EntityAnalyticsRoutesDeps) => {
   riskScorePreviewRoute(router, logger);
-  riskScoreCalculationRoute(router, logger);
   riskScoreEntityCalculationRoute(router, getStartServices, logger);
+  deprecatedRiskScoreEntityCalculationRoute(router, getStartServices, logger);
 };
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/helpers.ts b/x-pack/plugins/security_solution/server/lib/telemetry/helpers.ts
index d04731cf09f55..cb33d608ea0c9 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/helpers.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/helpers.ts
@@ -399,7 +399,8 @@ export class TelemetryTimelineFetcher {
       entities[0].id,
       entities[0].schema,
       this.timeFrame.startOfDay,
-      this.timeFrame.endOfDay
+      this.timeFrame.endOfDay,
+      entities[0].agentId || ''
     );
 
     const nodeIds = Array.isArray(tree) ? tree.map((node) => node?.id.toString()) : [];
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts b/x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts
index 96734963a687c..2209c6f9dda9b 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts
@@ -218,7 +218,8 @@ export interface ITelemetryReceiver {
     entityId: string,
     resolverSchema: ResolverSchema,
     startOfDay: string,
-    endOfDay: string
+    endOfDay: string,
+    agentId: string
   ): TreeResponse;
 
   fetchTimelineEvents(
@@ -232,6 +233,7 @@ export interface ITelemetryReceiver {
   getExperimentalFeatures(): ExperimentalFeatures | undefined;
 
   setMaxPageSizeBytes(bytes: number): void;
+
   setNumDocsToSample(n: number): void;
 }
 
@@ -1034,7 +1036,8 @@ export class TelemetryReceiver implements ITelemetryReceiver {
     entityId: string,
     resolverSchema: ResolverSchema,
     startOfDay: string,
-    endOfDay: string
+    endOfDay: string,
+    agentId: string
   ): TreeResponse {
     if (this.processTreeFetcher === undefined || this.processTreeFetcher === null) {
       throw Error(
@@ -1053,6 +1056,7 @@ export class TelemetryReceiver implements ITelemetryReceiver {
       nodes: [entityId],
       indexPatterns: [`${this.alertsIndex}*`, 'logs-*'],
       descendantLevels: 20,
+      agentId,
     };
 
     return this.processTreeFetcher.tree(request, true);
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/index.ts
index 33a0b6f09d3e6..8fa7e7a8f31d6 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/index.ts
@@ -24,7 +24,7 @@ import { getDraftTimelinesRoute } from './draft_timelines/get_draft_timelines';
 import { cleanDraftTimelinesRoute } from './draft_timelines/clean_draft_timelines';
 import { installPrepackedTimelinesRoute } from './prepackaged_timelines/install_prepackaged_timelines';
 
-import { persistNoteRoute, deleteNoteRoute } from './notes';
+import { persistNoteRoute, deleteNoteRoute, getNotesRoute } from './notes';
 
 import { persistPinnedEventRoute } from './pinned_events';
 
@@ -51,5 +51,7 @@ export function registerTimelineRoutes(
 
   persistNoteRoute(router, config, security);
   deleteNoteRoute(router, config, security);
+  getNotesRoute(router, config, security);
+
   persistPinnedEventRoute(router, config, security);
 }
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
index d54df1c7830d0..f9476a14c2a08 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
@@ -46,15 +46,26 @@ export const deleteNoteRoute = (
         try {
           const frameworkRequest = await buildFrameworkRequest(context, security, request);
           const noteId = request.body?.noteId ?? '';
+          const noteIds = request.body?.noteIds ?? null;
+          if (noteIds != null) {
+            const res = await deleteNote({
+              request: frameworkRequest,
+              noteIds,
+            });
 
-          const res = await deleteNote({
-            request: frameworkRequest,
-            noteId,
-          });
+            return response.ok({
+              body: { data: { persistNote: res } },
+            });
+          } else {
+            const res = await deleteNote({
+              request: frameworkRequest,
+              noteIds: [noteId],
+            });
 
-          return response.ok({
-            body: { data: { persistNote: res } },
-          });
+            return response.ok({
+              body: { data: { persistNote: res } },
+            });
+          }
         } catch (err) {
           const error = transformError(err);
           return siemResponse.error({
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.test.ts
new file mode 100644
index 0000000000000..93d7794c059d1
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.test.ts
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
+import {
+  serverMock,
+  requestContextMock,
+  createMockConfig,
+  requestMock,
+} from '../../../detection_engine/routes/__mocks__';
+import { NOTE_URL } from '../../../../../common/constants';
+import type { getNotesPaginated } from '../../utils/common';
+import { mockGetCurrentUser } from '../../__mocks__/import_timelines';
+
+const getAllNotesRequest = (query?: typeof getNotesPaginated) =>
+  requestMock.create({
+    method: 'get',
+    path: NOTE_URL,
+    query,
+  });
+
+const createMockedNotes = (numberOfNotes: number) => {
+  return Array.from({ length: numberOfNotes }, (_, index) => {
+    return {
+      id: index + 1,
+      timelineId: 'timeline',
+      eventId: 'event',
+      note: `test note ${index}`,
+      created: 1280120812453,
+      createdBy: 'test',
+      updated: 108712801280,
+      updatedBy: 'test',
+    };
+  });
+};
+
+describe('get notes route', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let securitySetup: SecurityPluginSetup;
+  let { context } = requestContextMock.createTools();
+  let mockGetAllSavedNote: jest.Mock;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    server = serverMock.create();
+    context = requestContextMock.createTools().context;
+
+    securitySetup = {
+      authc: {
+        getCurrentUser: jest.fn().mockReturnValue(mockGetCurrentUser),
+      },
+      authz: {},
+    } as unknown as SecurityPluginSetup;
+
+    mockGetAllSavedNote = jest.fn();
+    jest.doMock('../../saved_object/notes', () => ({
+      getAllSavedNote: mockGetAllSavedNote,
+    }));
+    const getNotesRoute = jest.requireActual('.').getNotesRoute;
+    getNotesRoute(server.router, createMockConfig(), securitySetup);
+  });
+
+  test('should return a list of notes and the count by default', async () => {
+    mockGetAllSavedNote.mockResolvedValue({
+      notes: createMockedNotes(5),
+      totalCount: 5,
+    });
+
+    const response = await server.inject(
+      getAllNotesRequest(),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      totalCount: 5,
+      notes: createMockedNotes(5),
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts
new file mode 100644
index 0000000000000..97aecc06ef198
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts
@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { transformError } from '@kbn/securitysolution-es-utils';
+import type { SecuritySolutionPluginRouter } from '../../../../types';
+import { NOTE_URL } from '../../../../../common/constants';
+
+import type { ConfigType } from '../../../..';
+import type { SetupPlugins } from '../../../../plugin';
+
+import { buildSiemResponse } from '../../../detection_engine/routes/utils';
+import { buildFrameworkRequest, getNotesPaginated } from '../../utils/common';
+import { getAllSavedNote, MAX_UNASSOCIATED_NOTES } from '../../saved_object/notes';
+import { noteSavedObjectType } from '../../saved_object_mappings/notes';
+
+export const getNotesRoute = (
+  router: SecuritySolutionPluginRouter,
+  _: ConfigType,
+  security: SetupPlugins['security']
+) => {
+  router.versioned
+    .get({
+      path: NOTE_URL,
+      options: {
+        tags: ['access:securitySolution'],
+      },
+      access: 'public',
+    })
+    .addVersion(
+      {
+        validate: {
+          request: { query: getNotesPaginated },
+        },
+        version: '2023-10-31',
+      },
+      async (context, request, response) => {
+        try {
+          const queryParams = request.query;
+          const frameworkRequest = await buildFrameworkRequest(context, security, request);
+          const documentIds = queryParams.documentIds ?? null;
+          if (documentIds != null) {
+            if (Array.isArray(documentIds)) {
+              const docIdSearchString = documentIds?.join(' | ');
+              const options = {
+                type: noteSavedObjectType,
+                search: docIdSearchString,
+                page: 1,
+                perPage: MAX_UNASSOCIATED_NOTES,
+              };
+              const res = await getAllSavedNote(frameworkRequest, options);
+
+              return response.ok({ body: res ?? {} });
+            } else {
+              const options = {
+                type: noteSavedObjectType,
+                search: documentIds,
+                page: 1,
+                perPage: MAX_UNASSOCIATED_NOTES,
+              };
+              const res = await getAllSavedNote(frameworkRequest, options);
+
+              return response.ok({ body: res ?? {} });
+            }
+          } else {
+            const perPage = queryParams?.perPage ? parseInt(queryParams.perPage, 10) : 10;
+            const page = queryParams?.page ? parseInt(queryParams.page, 10) : 1;
+            const search = queryParams?.search;
+            const sortField = queryParams?.sortField;
+            const sortOrder = queryParams?.sortOrder;
+            const filter = queryParams?.filter;
+            const options = {
+              type: noteSavedObjectType,
+              perPage,
+              page,
+              search,
+              sortField,
+              sortOrder,
+              filter,
+            };
+            const res = await getAllSavedNote(frameworkRequest, options);
+            return response.ok({ body: res ?? {} });
+          }
+        } catch (err) {
+          const error = transformError(err);
+          const siemResponse = buildSiemResponse(response);
+
+          return siemResponse.error({
+            body: error.message,
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/index.ts
index 43d32c173ab1f..1b83f1eb6b465 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/index.ts
@@ -7,3 +7,4 @@
 
 export { persistNoteRoute } from './persist_note';
 export { deleteNoteRoute } from './delete_note';
+export { getNotesRoute } from './get_notes';
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
index a6b502111f7cc..e4cf4b8a9c777 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
@@ -11,13 +11,13 @@ import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { NOTE_URL } from '../../../../../common/constants';
 
 import type { SetupPlugins } from '../../../../plugin';
-import { buildRouteValidationWithExcess } from '../../../../utils/build_validation/route_validation';
+import { buildRouteValidation } from '../../../../utils/build_validation/route_validation';
 import type { ConfigType } from '../../../..';
 
 import { buildSiemResponse } from '../../../detection_engine/routes/utils';
 
 import { buildFrameworkRequest } from '../../utils/common';
-import { persistNoteSchema } from '../../../../../common/api/timeline';
+import { persistNoteWithoutRefSchema } from '../../../../../common/api/timeline';
 import { persistNote } from '../../saved_object/notes';
 
 export const persistNoteRoute = (
@@ -36,7 +36,7 @@ export const persistNoteRoute = (
     .addVersion(
       {
         validate: {
-          request: { body: buildRouteValidationWithExcess(persistNoteSchema) },
+          request: { body: buildRouteValidation(persistNoteWithoutRefSchema) },
         },
         version: '2023-10-31',
       },
@@ -51,10 +51,7 @@ export const persistNoteRoute = (
           const res = await persistNote({
             request: frameworkRequest,
             noteId,
-            note: {
-              ...note,
-              timelineId: note.timelineId,
-            },
+            note,
             overrideOwner: true,
           });
 
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts
index fef377a91450d..ed5b198932768 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts
@@ -6,11 +6,39 @@
  */
 
 import type { AuthenticatedUser } from '@kbn/security-plugin/common';
+import { coreMock, httpServerMock, savedObjectsClientMock } from '@kbn/core/server/mocks';
+import type { KibanaRequest, RequestHandlerContext, SavedObject } from '@kbn/core/server';
+import type { SavedObjectNoteWithoutExternalRefs } from '../../../../../common/types/timeline/note/saved_object';
+import type { FrameworkRequest } from '../../../framework';
+import { internalFrameworkRequest } from '../../../framework';
 import type { Note } from '../../../../../common/api/timeline';
+import { requestContextMock } from '../../../detection_engine/routes/__mocks__/request_context';
+import { noteFieldsMigrator } from './field_migrator';
+import { pickSavedNote, persistNote, createNote, updateNote } from './saved_object';
 
-import { pickSavedNote } from './saved_object';
+jest.mock('uuid', () => ({
+  v1: jest.fn().mockReturnValue('7ba7a520-03f4-11eb-9d9d-ffba20fabba8'),
+}));
 
-describe('saved_object', () => {
+jest.mock('./saved_object', () => {
+  const originalModule = jest.requireActual('./saved_object');
+  return {
+    ...originalModule,
+    createNote: jest.fn(originalModule.createNote),
+    updateNote: jest.fn(originalModule.updateNote),
+    persistNote: jest.fn(originalModule.persistNote),
+  };
+});
+
+jest.mock('./field_migrator', () => ({
+  noteFieldsMigrator: {
+    extractFieldsToReferences: jest.fn(),
+    populateFieldsFromReferences: jest.fn(),
+    populateFieldsFromReferencesForPatch: jest.fn(),
+  },
+}));
+
+describe('saved_object pick', () => {
   const mockDateNow = new Date('2020-04-03T23:00:00.000Z').valueOf();
   const getMockSavedNote = (): Note => ({
     noteId: '7ba7a520-03f4-11eb-9d9d-ffba20fabba8',
@@ -125,3 +153,166 @@ describe('saved_object', () => {
     });
   });
 });
+
+describe('persistNote', () => {
+  const mockDateNow = new Date('2020-04-03T23:00:00.000Z').valueOf();
+  const mockMigratedAttributes = {
+    eventId: 'event1',
+    note: 'Test note',
+    created: 112089832019,
+    createdBy: 'user1',
+    updated: 120812001801,
+    updatedBy: 'user1',
+  };
+  const mockReferences = [{ id: '', name: 'timeline', type: 'timeline' }];
+
+  const mockNoteSavedObject: SavedObject<SavedObjectNoteWithoutExternalRefs> = {
+    attributes: mockMigratedAttributes,
+    type: 'siem-ui-timeline-note',
+    id: 'test-id',
+    references: [
+      {
+        id: '',
+        name: 'timelineId',
+        type: 'siem-ui-timeline',
+      },
+    ],
+    managed: false,
+    version: 'WzQ0ODEsMV0=',
+    namespaces: ['default'],
+    coreMigrationVersion: '8.8.0',
+    typeMigrationVersion: '8.0.0',
+    updated_at: '2024-06-25T22:56:01.354Z',
+    updated_by: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+    created_at: '2024-06-25T22:56:01.354Z',
+    created_by: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+  };
+  const mockSavedObjectClient = savedObjectsClientMock.create();
+  const core = coreMock.createRequestHandlerContext();
+  const context = {
+    ...requestContextMock.create(),
+    core: {
+      ...core,
+      savedObjects: {
+        ...core.savedObjects,
+        client: mockSavedObjectClient,
+      },
+    },
+    resolve: jest.fn(),
+  } as unknown as RequestHandlerContext;
+  const mockNote = { eventId: 'id', note: 'test note', timelineId: '' };
+  const mockRequest: FrameworkRequest = {
+    ...httpServerMock.createKibanaRequest<
+      KibanaRequest<
+        unknown,
+        unknown,
+        { note: { eventId: string; note: string; timelineId: string | null } }
+      >,
+      RequestHandlerContext,
+      AuthenticatedUser
+    >({
+      body: {
+        note: mockNote,
+      },
+    }),
+    [internalFrameworkRequest]: httpServerMock.createKibanaRequest(),
+    context,
+    user: {
+      username: 'test',
+      authentication_provider: { type: 'test', name: 'test' },
+      full_name: 'test',
+      authentication_type: 'test',
+      authentication_realm: { type: 'test', name: 'test' },
+      lookup_realm: { type: 'test', name: 'test' },
+      enabled: true,
+      elastic_cloud_user: false,
+      roles: ['superuser'],
+    },
+  };
+  const mockNoteResponse = {
+    ...mockNote,
+    ...mockMigratedAttributes,
+    noteId: 'test-id',
+    version: 'WzQ0ODEsMV0=',
+  };
+  beforeAll(() => {
+    Date = jest.fn(() => ({
+      valueOf: jest.fn().mockReturnValue(mockDateNow),
+    })) as unknown as DateConstructor;
+  });
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockSavedObjectClient.get.mockResolvedValue(mockNoteSavedObject);
+    mockSavedObjectClient.create.mockResolvedValue(mockNoteSavedObject);
+    (noteFieldsMigrator.extractFieldsToReferences as jest.Mock).mockReturnValue({
+      transformedFields: mockMigratedAttributes,
+      references: mockReferences,
+    });
+    (noteFieldsMigrator.populateFieldsFromReferences as jest.Mock).mockReturnValue({
+      ...mockNoteSavedObject,
+      attributes: { ...mockNoteSavedObject.attributes, timelineId: '' },
+    });
+    (noteFieldsMigrator.populateFieldsFromReferencesForPatch as jest.Mock).mockReturnValue({
+      ...mockNoteSavedObject,
+      attributes: { ...mockNoteSavedObject.attributes, timelineId: '' },
+    });
+  });
+  it('should call createNote when noteId is null', async () => {
+    mockSavedObjectClient.find.mockResolvedValue({
+      total: 0,
+      saved_objects: [],
+      per_page: 0,
+      page: 0,
+    });
+
+    (createNote as jest.Mock).mockResolvedValue({ code: 200, message: 'success', note: mockNote });
+
+    const result = await persistNote({ request: mockRequest, noteId: null, note: mockNote });
+
+    expect(result).toEqual({
+      code: 200,
+      message: 'success',
+      note: mockNoteResponse,
+    });
+  });
+
+  it('should call updateNote when noteId is provided', async () => {
+    const noteId = 'test-id';
+    mockSavedObjectClient.find.mockResolvedValue({
+      total: 0,
+      saved_objects: [],
+      per_page: 0,
+      page: 0,
+    });
+
+    (updateNote as jest.Mock).mockResolvedValue({ code: 200, message: 'success', note: mockNote });
+
+    const result = await persistNote({ request: mockRequest, noteId, note: mockNote });
+
+    expect(result).toEqual({ code: 200, message: 'success', note: mockNoteResponse });
+  });
+
+  it('should handle 403 errors', async () => {
+    mockSavedObjectClient.find.mockResolvedValue({
+      total: 1001,
+      saved_objects: [],
+      per_page: 0,
+      page: 0,
+    });
+    (createNote as jest.Mock).mockResolvedValue({
+      code: 403,
+      message: 'Cannot create more than 1000 notes without associating them to a timeline',
+      note: mockNote,
+    });
+
+    const result = await persistNote({ request: mockRequest, noteId: null, note: mockNote });
+
+    expect(result.code).toBe(403);
+    expect(result.message).toBe(
+      'Cannot create more than 1000 notes without associating them to a timeline'
+    );
+    expect(result.note).toHaveProperty('noteId');
+    expect(result.note).toHaveProperty('version', '');
+    expect(result.note).toHaveProperty('timelineId', '');
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts
index 18b6e19dfcb00..ff277a4bea9e0 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts
@@ -30,6 +30,8 @@ import { noteSavedObjectType } from '../../saved_object_mappings/notes';
 import { timelineSavedObjectType } from '../../saved_object_mappings';
 import { noteFieldsMigrator } from './field_migrator';
 
+export const MAX_UNASSOCIATED_NOTES = 1000;
+
 export const deleteNotesByTimelineId = async (request: FrameworkRequest, timelineId: string) => {
   const options: SavedObjectsFindOptions = {
     type: noteSavedObjectType,
@@ -49,14 +51,19 @@ export const deleteNotesByTimelineId = async (request: FrameworkRequest, timelin
 
 export const deleteNote = async ({
   request,
-  noteId,
+  noteIds,
 }: {
   request: FrameworkRequest;
-  noteId: string;
+  noteIds: string[];
 }) => {
   const savedObjectsClient = (await request.context.core).savedObjects.client;
-
-  await savedObjectsClient.delete(noteSavedObjectType, noteId);
+  const noteObjects = noteIds.map((id) => {
+    return {
+      id,
+      type: noteSavedObjectType,
+    };
+  });
+  await savedObjectsClient.bulkDelete(noteObjects);
 };
 
 export const getNote = async (request: FrameworkRequest, noteId: string): Promise<Note> => {
@@ -83,7 +90,7 @@ export const persistNote = async ({
 }: {
   request: FrameworkRequest;
   noteId: string | null;
-  note: BareNote;
+  note: BareNote | BareNoteWithoutExternalRefs;
   overrideOwner?: boolean;
 }): Promise<ResponseNote> => {
   try {
@@ -116,7 +123,7 @@ export const persistNote = async ({
   }
 };
 
-const createNote = async ({
+export const createNote = async ({
   request,
   noteId,
   note,
@@ -124,7 +131,7 @@ const createNote = async ({
 }: {
   request: FrameworkRequest;
   noteId: string | null;
-  note: BareNote;
+  note: BareNote | BareNoteWithoutExternalRefs;
   overrideOwner?: boolean;
 }) => {
   const savedObjectsClient = (await request.context.core).savedObjects.client;
@@ -136,7 +143,25 @@ const createNote = async ({
     noteFieldsMigrator.extractFieldsToReferences<BareNoteWithoutExternalRefs>({
       data: noteWithCreator,
     });
-
+  if (references.length === 1 && references[0].id === '') {
+    // Limit unassociated events to 1000
+    const notesCount = await savedObjectsClient.find<SavedObjectNoteWithoutExternalRefs>({
+      type: noteSavedObjectType,
+      hasReference: { type: timelineSavedObjectType, id: '' },
+    });
+    if (notesCount.total >= MAX_UNASSOCIATED_NOTES) {
+      return {
+        code: 403,
+        message: `Cannot create more than ${MAX_UNASSOCIATED_NOTES} notes without associating them to a timeline`,
+        note: {
+          ...note,
+          noteId: uuidv1(),
+          version: '',
+          timelineId: '',
+        },
+      };
+    }
+  }
   const noteAttributes: SavedObjectNoteWithoutExternalRefs = {
     eventId: migratedAttributes.eventId,
     note: migratedAttributes.note,
@@ -166,7 +191,7 @@ const createNote = async ({
   };
 };
 
-const updateNote = async ({
+export const updateNote = async ({
   request,
   noteId,
   note,
@@ -174,7 +199,7 @@ const updateNote = async ({
 }: {
   request: FrameworkRequest;
   noteId: string;
-  note: BareNote;
+  note: BareNote | BareNoteWithoutExternalRefs;
   overrideOwner?: boolean;
 }) => {
   const savedObjectsClient = (await request.context.core).savedObjects.client;
@@ -233,7 +258,10 @@ const getSavedNote = async (request: FrameworkRequest, NoteId: string) => {
   return convertSavedObjectToSavedNote(populatedNote);
 };
 
-const getAllSavedNote = async (request: FrameworkRequest, options: SavedObjectsFindOptions) => {
+export const getAllSavedNote = async (
+  request: FrameworkRequest,
+  options: SavedObjectsFindOptions
+) => {
   const savedObjectsClient = (await request.context.core).savedObjects.client;
   const savedObjects = await savedObjectsClient.find<SavedObjectNoteWithoutExternalRefs>(options);
 
@@ -247,14 +275,14 @@ const getAllSavedNote = async (request: FrameworkRequest, options: SavedObjectsF
   };
 };
 
-export const convertSavedObjectToSavedNote = (savedObject: unknown): Note =>
-  pipe(
+export const convertSavedObjectToSavedNote = (savedObject: unknown): Note => {
+  return pipe(
     SavedObjectNoteRuntimeType.decode(savedObject),
     map((savedNote) => {
       return {
         noteId: savedNote.id,
         version: savedNote.version,
-        timelineId: savedNote.attributes.timelineId,
+        timelineId: savedNote.attributes.timelineId ?? '',
         eventId: savedNote.attributes.eventId,
         note: savedNote.attributes.note,
         created: savedNote.attributes.created,
@@ -267,10 +295,11 @@ export const convertSavedObjectToSavedNote = (savedObject: unknown): Note =>
       throw new Error(failure(errors).join('\n'));
     }, identity)
   );
+};
 
 export const pickSavedNote = (
   noteId: string | null,
-  savedNote: BareNote,
+  savedNote: BareNote | BareNoteWithoutExternalRefs,
   userInfo: AuthenticatedUser | null
 ) => {
   if (noteId == null) {
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts
index 1cad9d3b2672f..d9b770c258319 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts
@@ -17,6 +17,7 @@ import type { AuthenticatedUser } from '@kbn/security-plugin/server';
 import { UNAUTHENTICATED_USER } from '../../../../../common/constants';
 import type {
   Note,
+  BareNote,
   PinnedEvent,
   AllTimelinesResponse,
   ExportTimelineNotFoundError,
@@ -610,13 +611,14 @@ export const copyTimeline = async (
 
   const copiedNotes = Promise.all(
     notes.map((_note) => {
+      const newNote: BareNote = {
+        ..._note,
+        timelineId: newTimelineId,
+      };
       return note.persistNote({
         request,
         noteId: null,
-        note: {
-          ..._note,
-          timelineId: newTimelineId,
-        },
+        note: newNote,
         overrideOwner: false,
       });
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts b/x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts
index 97b6ec743d109..b9f1aaafbf969 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts
@@ -39,6 +39,16 @@ export const buildFrameworkRequest = async (
 
 export const escapeHatch = schema.object({}, { unknowns: 'allow' });
 
+export const getNotesPaginated = schema.object({
+  documentIds: schema.maybe(schema.oneOf([schema.arrayOf(schema.string()), schema.string()])),
+  page: schema.maybe(schema.string()),
+  perPage: schema.maybe(schema.string()),
+  search: schema.maybe(schema.string()),
+  sortField: schema.maybe(schema.string()),
+  sortOrder: schema.maybe(schema.oneOf([schema.literal('asc'), schema.literal('desc')])),
+  filter: schema.maybe(schema.string()),
+});
+
 type ErrorFactory = (message: string) => Error;
 
 export const throwErrors = (createError: ErrorFactory) => (errors: rt.Errors) => {
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts
index 18d20b5080352..7ae8371152dde 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts
@@ -9,6 +9,8 @@ import { getOr } from 'lodash/fp';
 
 import type { IEsSearchResponse } from '@kbn/search-types';
 import type { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
+import _ from 'lodash';
 import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants';
 
 import { inspectStringifyObject } from '../../../../../utils/build_query';
@@ -28,6 +30,9 @@ import {
   RiskScoreEntity,
   RiskQueries,
 } from '../../../../../../common/search_strategy';
+import { buildAssetCriticalityQuery } from '../../asset_criticality/query.asset_criticality.dsl';
+import { getAssetCriticalityIndex } from '../../../../../../common/entity_analytics/asset_criticality';
+import type { AssetCriticalityRecord } from '../../../../../../common/api/entity_analytics';
 
 export const allUsers: SecuritySolutionFactory<UsersQueries.users> = {
   buildDsl: (options) => {
@@ -103,29 +108,22 @@ async function enhanceEdges(
   esClient: IScopedClusterClient,
   isNewRiskScoreModuleInstalled: boolean
 ): Promise<User[]> {
-  const userRiskData = await getUserRiskData(
-    esClient,
-    spaceId,
-    userNames,
-    isNewRiskScoreModuleInstalled
-  );
-  const usersRiskByUserName: Record<string, RiskSeverity> | undefined =
-    userRiskData?.hits.hits.reduce(
-      (acc, hit) => ({
-        ...acc,
-        [hit._source?.user.name ?? '']: hit._source?.user?.risk?.calculated_level,
-      }),
-      {}
-    );
+  const [riskByUserName, criticalityByUserName] = await Promise.all([
+    getUserRiskData(esClient, spaceId, userNames, isNewRiskScoreModuleInstalled).then(
+      buildRecordFromAggs('user.name', 'user.risk.calculated_level')
+    ),
+    getUserCriticalityData(esClient, userNames).then(
+      buildRecordFromAggs('id_value', 'criticality_level')
+    ),
+  ]);
 
-  return usersRiskByUserName
-    ? edges.map(({ name, lastSeen, domain }) => ({
-        name,
-        lastSeen,
-        domain,
-        risk: usersRiskByUserName[name ?? ''],
-      }))
-    : edges;
+  return edges.map(({ name, lastSeen, domain }) => ({
+    name,
+    lastSeen,
+    domain,
+    risk: riskByUserName?.[name ?? ''] as RiskSeverity,
+    criticality: criticalityByUserName?.[name ?? ''],
+  }));
 }
 
 export async function getUserRiskData(
@@ -151,3 +149,33 @@ export async function getUserRiskData(
     return undefined;
   }
 }
+
+export async function getUserCriticalityData(esClient: IScopedClusterClient, hostNames: string[]) {
+  try {
+    const criticalityResponse = await esClient.asCurrentUser.search<AssetCriticalityRecord>(
+      buildAssetCriticalityQuery({
+        defaultIndex: [getAssetCriticalityIndex('default')], // TODO:(@tiansivive) move to constant or import from somewhere else
+        filterQuery: { terms: { id_value: hostNames } },
+      })
+    );
+    return criticalityResponse;
+  } catch (error) {
+    if (error?.meta?.body?.error?.type !== 'index_not_found_exception') {
+      throw error;
+    }
+    return undefined;
+  }
+}
+
+const buildRecordFromAggs =
+  (key: string, path: string) =>
+  <T>(
+    data: SearchResponse<T, Record<string, AggregationsAggregate>> | undefined
+  ): Record<string, string> | undefined =>
+    data?.hits.hits.reduce(
+      (acc, hit) => ({
+        ...acc,
+        [_.get(hit._source, key) || '']: _.get(hit._source, path),
+      }),
+      {}
+    );
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts
index c46d3bd027873..ede67662e2398 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts
@@ -15,6 +15,7 @@ import { buildManagedUserDetailsQuery } from './query.managed_user_details.dsl';
 
 import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users';
 import type {
+  ManagedUserHit,
   ManagedUserHits,
   ManagedUserDetailsStrategyResponse,
   ManagedUserFields,
@@ -43,7 +44,7 @@ export const managedUserDetails: SecuritySolutionFactory<UsersQueries.managedDet
     );
 
     const managedUsers = buckets.reduce<ManagedUserHits>((acc, bucket) => {
-      acc[bucket.key] = bucket.latest_hit.hits.hits[0];
+      acc[bucket.key] = bucket.latest_hit.hits.hits[0] as ManagedUserHit;
       return acc;
     }, {});
 
diff --git a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts
index 4f5daeae034b9..994cbfe273304 100644
--- a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts
+++ b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts
@@ -15,8 +15,11 @@ import type { UsageRecord } from '../../types';
 // TODO remove once we have the CA available
 const agent = new https.Agent({ rejectUnauthorized: false });
 export class UsageReportingService {
-  public async reportUsage(records: UsageRecord[]): Promise<Response> {
-    return fetch(USAGE_SERVICE_USAGE_URL, {
+  public async reportUsage(
+    records: UsageRecord[],
+    url = USAGE_SERVICE_USAGE_URL
+  ): Promise<Response> {
+    return fetch(url, {
       method: 'post',
       body: JSON.stringify(records),
       headers: { 'Content-Type': 'application/json' },
diff --git a/x-pack/plugins/security_solution_serverless/server/config.ts b/x-pack/plugins/security_solution_serverless/server/config.ts
index f10c1d0f2c3c6..60336c6f6e5f3 100644
--- a/x-pack/plugins/security_solution_serverless/server/config.ts
+++ b/x-pack/plugins/security_solution_serverless/server/config.ts
@@ -8,6 +8,7 @@
 import { schema, type TypeOf } from '@kbn/config-schema';
 import type { PluginConfigDescriptor, PluginInitializerContext } from '@kbn/core/server';
 import type { SecuritySolutionPluginSetup } from '@kbn/security-solution-plugin/server/plugin_contract';
+import { USAGE_SERVICE_USAGE_URL } from './constants';
 import { productTypes } from '../common/config';
 import type { ExperimentalFeatures } from '../common/experimental_features';
 import { parseExperimentalConfigValue } from '../common/experimental_features';
@@ -15,6 +16,21 @@ import { parseExperimentalConfigValue } from '../common/experimental_features';
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
   productTypes,
+  /**
+   * Usage Reporting: the interval between runs of the task
+   */
+
+  usageReportingTaskInterval: schema.string({ defaultValue: '5m' }),
+
+  /**
+   * Usage Reporting: timeout value for how long the task should run.
+   */
+  usageReportingTaskTimeout: schema.string({ defaultValue: '1m' }),
+
+  /**
+   * Usage Reporting: the URL to send usage data to
+   */
+  usageReportingApiUrl: schema.string({ defaultValue: USAGE_SERVICE_USAGE_URL }),
   /**
    * For internal use. A list of string values (comma delimited) that will enable experimental
    * type of functionality that is not yet released. Valid values for this settings need to
diff --git a/x-pack/plugins/security_solution_serverless/server/constants.ts b/x-pack/plugins/security_solution_serverless/server/constants.ts
index c648276abeeba..f4fcad6b760c6 100644
--- a/x-pack/plugins/security_solution_serverless/server/constants.ts
+++ b/x-pack/plugins/security_solution_serverless/server/constants.ts
@@ -9,3 +9,4 @@ const namespace = 'elastic-system';
 const USAGE_SERVICE_BASE_API_URL = `https://usage-api.${namespace}/api`;
 const USAGE_SERVICE_BASE_API_URL_V1 = `${USAGE_SERVICE_BASE_API_URL}/v1`;
 export const USAGE_SERVICE_USAGE_URL = `${USAGE_SERVICE_BASE_API_URL_V1}/usage`;
+export const METERING_SERVICE_BATCH_SIZE = 1000;
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/index.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/index.ts
index d39a8ed11d24b..3340046ebc2dc 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/index.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/index.ts
@@ -6,4 +6,4 @@
  */
 
 export { endpointMeteringService } from './metering_service';
-export { setEndpointPackagePolicyServerlessFlag } from './set_package_policy_flag';
+export { setEndpointPackagePolicyServerlessBillingFlags } from './set_package_policy_flag';
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
index 73b03554bad66..2d253633b7231 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
@@ -10,6 +10,7 @@ import type { ElasticsearchClient } from '@kbn/core/server';
 import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants';
 import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types';
 
+import { METERING_SERVICE_BATCH_SIZE } from '../../constants';
 import { ProductLine, ProductTier } from '../../../common/product';
 
 import type { UsageRecord, MeteringCallbackInput, MeteringCallBackResponse } from '../../types';
@@ -17,8 +18,6 @@ import type { ServerlessSecurityConfig } from '../../config';
 
 import { METERING_TASK } from '../constants/metering';
 
-const BATCH_SIZE = 1000;
-
 export class EndpointMeteringService {
   private type: ProductLine.endpoint | `${ProductLine.cloud}_${ProductLine.endpoint}` | undefined;
   private tier: ProductTier | undefined;
@@ -73,7 +72,7 @@ export class EndpointMeteringService {
     }, [] as UsageRecord[]);
 
     const latestTimestamp = new Date(records[records.length - 1].usage_timestamp);
-    const shouldRunAgain = heartbeatsResponse.hits.hits.length === BATCH_SIZE;
+    const shouldRunAgain = heartbeatsResponse.hits.hits.length === METERING_SERVICE_BATCH_SIZE;
     return { latestTimestamp, records, shouldRunAgain };
   };
 
@@ -86,16 +85,42 @@ export class EndpointMeteringService {
       {
         index: ENDPOINT_HEARTBEAT_INDEX,
         sort: 'event.ingested',
-        size: BATCH_SIZE,
+        size: METERING_SERVICE_BATCH_SIZE,
         query: {
-          range: {
-            'event.ingested': {
-              gt: since.toISOString(),
+          bool: {
+            must: {
+              range: {
+                'event.ingested': {
+                  gt: since.toISOString(),
+                },
+              },
             },
+            should: [
+              {
+                term: {
+                  billable: true,
+                },
+              },
+              {
+                bool: {
+                  must_not: [
+                    {
+                      exists: {
+                        field: 'billable',
+                      },
+                    },
+                  ],
+                },
+              },
+            ],
+            minimum_should_match: 1,
           },
         },
       },
-      { signal: abortController.signal, ignore: [404] }
+      {
+        signal: abortController.signal,
+        ignore: [404],
+      }
     );
   }
 
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.test.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.test.ts
index fad1317af898b..dc5c4deed31ef 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.test.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.test.ts
@@ -19,10 +19,11 @@ import type { PackagePolicy } from '@kbn/fleet-plugin/common';
 import type { PackagePolicyClient } from '@kbn/fleet-plugin/server';
 import { createPackagePolicyServiceMock } from '@kbn/fleet-plugin/server/mocks';
 import { policyFactory } from '@kbn/security-solution-plugin/common/endpoint/models/policy_config';
+import { ensureOnlyEventCollectionIsAllowed } from '@kbn/security-solution-plugin/common/endpoint/models/policy_config_helpers';
 
-import { setEndpointPackagePolicyServerlessFlag } from './set_package_policy_flag';
+import { setEndpointPackagePolicyServerlessBillingFlags } from './set_package_policy_flag';
 
-describe('setEndpointPackagePolicyServerlessFlag', () => {
+describe('setEndpointPackagePolicyServerlessBillingFlags', () => {
   let esClientMock: ElasticsearchClientMock;
   let soClientMock: jest.Mocked<SavedObjectsClientContract>;
   let packagePolicyServiceMock: jest.Mocked<PackagePolicyClient>;
@@ -59,7 +60,7 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
     });
     packagePolicyServiceMock.bulkCreate.mockImplementation();
 
-    await setEndpointPackagePolicyServerlessFlag(
+    await setEndpointPackagePolicyServerlessBillingFlags(
       soClientMock,
       esClientMock,
       packagePolicyServiceMock
@@ -67,8 +68,10 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
 
     const expectedPolicy1 = cloneDeep(packagePolicy1);
     expectedPolicy1!.inputs[0]!.config!.policy.value.meta.serverless = true;
+    expectedPolicy1!.inputs[0]!.config!.policy.value.meta.billable = true;
     const expectedPolicy2 = cloneDeep(packagePolicy2);
     expectedPolicy2!.inputs[0]!.config!.policy.value.meta.serverless = true;
+    expectedPolicy2!.inputs[0]!.config!.policy.value.meta.billable = true;
     const expectedPolicies = [expectedPolicy1, expectedPolicy2];
     expect(packagePolicyServiceMock.list).toBeCalledWith(soClientMock, {
       page: 1,
@@ -82,7 +85,7 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
     );
   });
 
-  it('updates serverless flag for endpoint policies with the flag already set', async () => {
+  it('does NOT update serverless flag for endpoint policies with the flag already set', async () => {
     const packagePolicy1 = generatePackagePolicy(
       policyFactory(undefined, undefined, undefined, undefined, undefined, true)
     );
@@ -97,7 +100,7 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
     });
     packagePolicyServiceMock.bulkCreate.mockImplementation();
 
-    await setEndpointPackagePolicyServerlessFlag(
+    await setEndpointPackagePolicyServerlessBillingFlags(
       soClientMock,
       esClientMock,
       packagePolicyServiceMock
@@ -111,6 +114,55 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
     expect(packagePolicyServiceMock.bulkUpdate).not.toBeCalled();
   });
 
+  it('correctly updates billable flag for endpoint policies', async () => {
+    // billable: false - serverless false
+    const packagePolicy1 = generatePackagePolicy(
+      policyFactory(undefined, undefined, undefined, undefined, undefined, false)
+    );
+    // billable: true - serverless + protections
+    const packagePolicy2 = generatePackagePolicy(
+      policyFactory(undefined, undefined, undefined, undefined, undefined, true)
+    );
+    // billable: false - serverless true but event collection only
+    const packagePolicy3 = generatePackagePolicy(
+      ensureOnlyEventCollectionIsAllowed(
+        policyFactory(undefined, undefined, undefined, undefined, undefined, true)
+      )
+    );
+    // ignored since flag already set
+    const packagePolicy4 = generatePackagePolicy(
+      policyFactory(undefined, undefined, undefined, undefined, undefined, true)
+    );
+    packagePolicyServiceMock.list.mockResolvedValue({
+      items: [packagePolicy1, packagePolicy2, packagePolicy3, packagePolicy4],
+      page: 1,
+      perPage: SO_SEARCH_LIMIT,
+      total: 4,
+    });
+    packagePolicyServiceMock.bulkCreate.mockImplementation();
+
+    await setEndpointPackagePolicyServerlessBillingFlags(
+      soClientMock,
+      esClientMock,
+      packagePolicyServiceMock
+    );
+
+    expect(packagePolicyServiceMock.list).toBeCalledWith(soClientMock, {
+      page: 1,
+      perPage: SO_SEARCH_LIMIT,
+      kuery: `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name:${FLEET_ENDPOINT_PACKAGE}`,
+    });
+
+    const expectedPolicy2 = cloneDeep(packagePolicy2);
+    expectedPolicy2!.inputs[0]!.config!.policy.value.meta.billable = true;
+    const expectedPolicies = [expectedPolicy2];
+    expect(packagePolicyServiceMock.bulkUpdate).toBeCalledWith(
+      soClientMock,
+      esClientMock,
+      expectedPolicies
+    );
+  });
+
   it('batches properly when over perPage', async () => {
     packagePolicyServiceMock.list
       .mockResolvedValueOnce({
@@ -127,7 +179,7 @@ describe('setEndpointPackagePolicyServerlessFlag', () => {
       });
     packagePolicyServiceMock.bulkCreate.mockImplementation();
 
-    await setEndpointPackagePolicyServerlessFlag(
+    await setEndpointPackagePolicyServerlessBillingFlags(
       soClientMock,
       esClientMock,
       packagePolicyServiceMock
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.ts
index 8e41dba3502d1..39464b9568a61 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/set_package_policy_flag.ts
@@ -13,10 +13,12 @@ import {
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,
   SO_SEARCH_LIMIT,
 } from '@kbn/fleet-plugin/common';
+import { isBillablePolicy } from '@kbn/security-solution-plugin/common/endpoint/models/policy_config_helpers';
 
-// set all endpoint policies serverless flag to true
+// set all endpoint policies serverless flag to true and
+// billable flag depending on policy configuration
 // required so that endpoint will write heartbeats
-export async function setEndpointPackagePolicyServerlessFlag(
+export async function setEndpointPackagePolicyServerlessBillingFlags(
   soClient: SavedObjectsClientContract,
   esClient: ElasticsearchClient,
   packagePolicyService: PackagePolicyClient
@@ -63,11 +65,10 @@ async function processBatch(
   const updatedEndpointPackages = endpointPackagesResult.items
     .filter(
       (endpointPackage) =>
-        !(
-          endpointPackage?.inputs.every(
-            (input) => input.config?.policy?.value?.meta?.serverless ?? false
-          ) ?? false
-        )
+        endpointPackage?.inputs.some((input) => {
+          const configMeta = input.config?.policy?.value?.meta ?? {};
+          return !configMeta.serverless || configMeta.billable === undefined;
+        }) ?? false
     )
     .map((endpointPackage) => ({
       ...endpointPackage,
@@ -76,7 +77,8 @@ async function processBatch(
         const policy = config.policy || {};
         const policyValue = policy?.value || {};
         const meta = policyValue?.meta || {};
-        return {
+
+        const updatedInput = {
           ...input,
           config: {
             ...config,
@@ -87,11 +89,17 @@ async function processBatch(
                 meta: {
                   ...meta,
                   serverless: true,
+                  billable: false,
                 },
               },
             },
           },
         };
+        updatedInput.config.policy.value.meta.billable = isBillablePolicy(
+          updatedInput.config.policy.value
+        );
+
+        return updatedInput;
       }),
     }));
 
diff --git a/x-pack/plugins/security_solution_serverless/server/plugin.ts b/x-pack/plugins/security_solution_serverless/server/plugin.ts
index 749118b22a0ba..a7783ad37d53c 100644
--- a/x-pack/plugins/security_solution_serverless/server/plugin.ts
+++ b/x-pack/plugins/security_solution_serverless/server/plugin.ts
@@ -30,7 +30,7 @@ import { getProductProductFeaturesConfigurator, getSecurityProductTier } from '.
 import { METERING_TASK as ENDPOINT_METERING_TASK } from './endpoint/constants/metering';
 import {
   endpointMeteringService,
-  setEndpointPackagePolicyServerlessFlag,
+  setEndpointPackagePolicyServerlessBillingFlags,
 } from './endpoint/services';
 import { enableRuleActions } from './rules/enable_rule_actions';
 import { NLPCleanupTask } from './task_manager/nlp_cleanup_task/nlp_cleanup_task';
@@ -132,13 +132,13 @@ export class SecuritySolutionServerlessPlugin
     this.endpointUsageReportingTask
       ?.start({
         taskManager: pluginsSetup.taskManager,
-        interval: ENDPOINT_METERING_TASK.INTERVAL,
+        interval: this.config.usageReportingTaskInterval,
       })
       .catch(() => {});
 
     this.nlpCleanupTask?.start({ taskManager: pluginsSetup.taskManager }).catch(() => {});
 
-    setEndpointPackagePolicyServerlessFlag(
+    setEndpointPackagePolicyServerlessBillingFlags(
       internalSOClient,
       internalESClient,
       pluginsSetup.fleet.packagePolicyService
diff --git a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts
index 5d5a8524b5733..56c971e5d1df8 100644
--- a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts
+++ b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts
@@ -26,6 +26,9 @@ import type { ServerlessSecurityConfig } from '../config';
 import type { SecurityUsageReportingTaskSetupContract, UsageRecord } from '../types';
 
 import { SecurityUsageReportingTask } from './usage_reporting_task';
+import { endpointMeteringService } from '../endpoint/services';
+import type { SearchResponse } from '@elastic/elasticsearch/lib/api/types';
+import { USAGE_SERVICE_USAGE_URL } from '../constants';
 
 describe('SecurityUsageReportingTask', () => {
   const TITLE = 'test-task-title';
@@ -120,136 +123,222 @@ describe('SecurityUsageReportingTask', () => {
     );
   }
 
-  async function setupMocks() {
+  async function runTask(taskInstance = buildMockTaskInstance(), callNum: number = 0) {
+    const mockTaskManagerStart = tmStartMock();
+    await mockTask.start({ taskManager: mockTaskManagerStart, interval: '5m' });
+    const createTaskRunner =
+      mockTaskManagerSetup.registerTaskDefinitions.mock.calls[callNum][0][TYPE].createTaskRunner;
+    const taskRunner = createTaskRunner({ taskInstance });
+    return taskRunner.run();
+  }
+
+  async function setupBaseMocks() {
     mockCore = coreSetupMock();
     mockEsClient = (await mockCore.getStartServices())[0].elasticsearch.client
       .asInternalUser as jest.Mocked<ElasticsearchClient>;
     mockTaskManagerSetup = tmSetupMock();
     usageRecord = buildUsageRecord();
     reportUsageSpy = jest.spyOn(usageReportingService, 'reportUsage');
-    meteringCallbackMock = jest.fn().mockResolvedValueOnce({
-      latestRecordTimestamp: usageRecord.usage_timestamp,
-      records: [usageRecord],
-      shouldRunAgain: false,
-    });
-    taskArgs = buildTaskArgs();
-    mockTask = new SecurityUsageReportingTask(taskArgs);
   }
 
-  beforeEach(async () => {
-    await setupMocks();
-  });
-
-  afterEach(() => {
-    jest.restoreAllMocks();
-  });
-
-  describe('task lifecycle', () => {
-    it('should create task', () => {
-      expect(mockTask).toBeInstanceOf(SecurityUsageReportingTask);
+  describe('meteringCallback integration', () => {
+    async function setupMocks() {
+      await setupBaseMocks();
+      taskArgs = buildTaskArgs({
+        meteringCallback: endpointMeteringService.getUsageRecords,
+        config: {
+          productTypes: [
+            { product_line: ProductLine.endpoint, product_tier: ProductTier.complete },
+          ],
+          usageReportingApiUrl: USAGE_SERVICE_USAGE_URL,
+        } as ServerlessSecurityConfig,
+      });
+      mockTask = new SecurityUsageReportingTask(taskArgs);
+    }
+    beforeEach(async () => {
+      await setupMocks();
     });
 
-    it('should register task', () => {
-      expect(mockTaskManagerSetup.registerTaskDefinitions).toHaveBeenCalled();
+    afterEach(() => {
+      jest.restoreAllMocks();
     });
 
-    it('should schedule task', async () => {
-      const mockTaskManagerStart = tmStartMock();
-      await mockTask.start({ taskManager: mockTaskManagerStart, interval: '5m' });
-      expect(mockTaskManagerStart.ensureScheduled).toHaveBeenCalled();
+    describe('Multiple batches', () => {
+      async function runTasksUntilNoRunAt() {
+        let task = await runTask();
+        while (task?.runAt !== undefined) {
+          task = await runTask({ ...buildMockTaskInstance({ runAt: task.runAt }) });
+        }
+      }
+
+      const heartBeats = Array.from({ length: 2001 }, (_, i) => ({
+        _source: {
+          agent: {
+            id: `test-${i}`,
+          },
+          event: {
+            ingested: '2021-09-01T00:00:00.000Z',
+          },
+        },
+      }));
+
+      const batches = [
+        heartBeats.slice(0, 1000),
+        heartBeats.slice(1000, 2000),
+        heartBeats.slice(2000),
+      ];
+
+      it('properly reports multiple batches', async () => {
+        batches.forEach((batch) => {
+          mockEsClient.search.mockResolvedValueOnce({
+            hits: {
+              hits: batch,
+            },
+          } as SearchResponse);
+        });
+
+        await runTasksUntilNoRunAt();
+
+        expect(reportUsageSpy).toHaveBeenCalledTimes(3);
+        batches.forEach((batch, i) => {
+          expect(reportUsageSpy).toHaveBeenNthCalledWith(
+            i + 1,
+            expect.arrayContaining(
+              batch.map(({ _source }) =>
+                expect.objectContaining({
+                  id: `endpoint-${_source.agent.id}-2021-09-01T00:00:00.000Z`,
+                })
+              )
+            ),
+            USAGE_SERVICE_USAGE_URL
+          );
+        });
+      });
     });
   });
 
-  describe('task logic', () => {
-    async function runTask(taskInstance = buildMockTaskInstance(), callNum: number = 0) {
-      const mockTaskManagerStart = tmStartMock();
-      await mockTask.start({ taskManager: mockTaskManagerStart, interval: '5m' });
-      const createTaskRunner =
-        mockTaskManagerSetup.registerTaskDefinitions.mock.calls[callNum][0][TYPE].createTaskRunner;
-      const taskRunner = createTaskRunner({ taskInstance });
-      return taskRunner.run();
+  describe('Mocked meteringCallback', () => {
+    async function setupMocks() {
+      await setupBaseMocks();
+      meteringCallbackMock = jest.fn().mockResolvedValueOnce({
+        latestRecordTimestamp: usageRecord.usage_timestamp,
+        records: [usageRecord],
+        shouldRunAgain: false,
+      });
+      taskArgs = buildTaskArgs({
+        config: {
+          usageReportingApiUrl: USAGE_SERVICE_USAGE_URL,
+        } as ServerlessSecurityConfig,
+      });
+      mockTask = new SecurityUsageReportingTask(taskArgs);
     }
 
-    it('should call metering callback', async () => {
-      const task = await runTask();
-      expect(meteringCallbackMock).toHaveBeenCalledWith(
-        expect.objectContaining({
-          esClient: mockEsClient,
-          cloudSetup: taskArgs.cloudSetup,
-          taskId: TASK_ID,
-          config: taskArgs.config,
-          lastSuccessfulReport: new Date(task?.state.lastSuccessfulReport as string),
-        })
-      );
+    beforeEach(async () => {
+      await setupMocks();
     });
 
-    it('should report metering records', async () => {
-      await runTask();
-      expect(reportUsageSpy).toHaveBeenCalledWith(
-        expect.arrayContaining([
-          expect.objectContaining({
-            creation_timestamp: usageRecord.creation_timestamp,
-            id: usageRecord.id,
-            source: {
-              id: TASK_ID,
-              instance_group_id: PROJECT_ID,
-              metadata: { tier: ProductTier.complete },
-            },
-            usage: { period_seconds: 3600, quantity: 1, type: USAGE_TYPE },
-            usage_timestamp: usageRecord.usage_timestamp,
-          }),
-        ])
-      );
+    afterEach(() => {
+      jest.restoreAllMocks();
     });
 
-    it('should do nothing if task instance id is outdated', async () => {
-      const result = await runTask({ ...buildMockTaskInstance(), id: 'old-id' });
+    describe('task lifecycle', () => {
+      it('should create task', () => {
+        expect(mockTask).toBeInstanceOf(SecurityUsageReportingTask);
+      });
 
-      expect(result).toEqual(getDeleteTaskRunResult());
+      it('should register task', () => {
+        expect(mockTaskManagerSetup.registerTaskDefinitions).toHaveBeenCalled();
+      });
 
-      expect(reportUsageSpy).not.toHaveBeenCalled();
-      expect(meteringCallbackMock).not.toHaveBeenCalled();
+      it('should schedule task', async () => {
+        const mockTaskManagerStart = tmStartMock();
+        await mockTask.start({ taskManager: mockTaskManagerStart, interval: '5m' });
+        expect(mockTaskManagerStart.ensureScheduled).toHaveBeenCalled();
+      });
     });
 
-    describe('lastSuccessfulReport', () => {
-      it('should set lastSuccessfulReport correctly if report success', async () => {
-        reportUsageSpy.mockResolvedValueOnce({ status: 201 });
-        const taskInstance = buildMockTaskInstance();
-        const task = await runTask(taskInstance);
-        const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
-        expect(newLastSuccessfulReport).toEqual(expect.any(String));
-        expect(newLastSuccessfulReport).not.toEqual(taskInstance.state.lastSuccessfulReport);
+    describe('task logic', () => {
+      it('should call metering callback', async () => {
+        const task = await runTask();
+        expect(meteringCallbackMock).toHaveBeenCalledWith(
+          expect.objectContaining({
+            esClient: mockEsClient,
+            cloudSetup: taskArgs.cloudSetup,
+            taskId: TASK_ID,
+            config: taskArgs.config,
+            lastSuccessfulReport: new Date(task?.state.lastSuccessfulReport as string),
+          })
+        );
       });
 
-      it('should set lastSuccessfulReport correctly if no usage records found', async () => {
-        meteringCallbackMock.mockResolvedValueOnce([]);
-        const taskInstance = buildMockTaskInstance({ state: { lastSuccessfulReport: null } });
-        const task = await runTask(taskInstance);
-        const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
-        expect(newLastSuccessfulReport).toEqual(expect.any(String));
-        expect(newLastSuccessfulReport).not.toEqual(taskInstance.state.lastSuccessfulReport);
+      it('should report metering records', async () => {
+        await runTask();
+        expect(reportUsageSpy).toHaveBeenCalledWith(
+          expect.arrayContaining([
+            expect.objectContaining({
+              creation_timestamp: usageRecord.creation_timestamp,
+              id: usageRecord.id,
+              source: {
+                id: TASK_ID,
+                instance_group_id: PROJECT_ID,
+                metadata: { tier: ProductTier.complete },
+              },
+              usage: { period_seconds: 3600, quantity: 1, type: USAGE_TYPE },
+              usage_timestamp: usageRecord.usage_timestamp,
+            }),
+          ]),
+          USAGE_SERVICE_USAGE_URL
+        );
       });
 
-      describe('and response is NOT 201', () => {
-        beforeEach(() => {
-          reportUsageSpy.mockResolvedValueOnce({ status: 500 });
-        });
+      it('should do nothing if task instance id is outdated', async () => {
+        const result = await runTask({ ...buildMockTaskInstance(), id: 'old-id' });
 
-        it('should set lastSuccessfulReport correctly', async () => {
-          const lastSuccessfulReport = new Date(new Date().setMinutes(-15)).toISOString();
-          const taskInstance = buildMockTaskInstance({ state: { lastSuccessfulReport } });
+        expect(result).toEqual(getDeleteTaskRunResult());
+
+        expect(reportUsageSpy).not.toHaveBeenCalled();
+        expect(meteringCallbackMock).not.toHaveBeenCalled();
+      });
+      describe('lastSuccessfulReport', () => {
+        it('should set lastSuccessfulReport correctly if report success', async () => {
+          reportUsageSpy.mockResolvedValueOnce({ status: 201 });
+          const taskInstance = buildMockTaskInstance();
           const task = await runTask(taskInstance);
           const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
-
-          expect(newLastSuccessfulReport).toEqual(taskInstance.state.lastSuccessfulReport);
+          expect(newLastSuccessfulReport).toEqual(expect.any(String));
+          expect(newLastSuccessfulReport).not.toEqual(taskInstance.state.lastSuccessfulReport);
         });
 
-        it('should set lastSuccessfulReport correctly if previously null', async () => {
+        it('should set lastSuccessfulReport correctly if no usage records found', async () => {
+          meteringCallbackMock.mockResolvedValueOnce([]);
           const taskInstance = buildMockTaskInstance({ state: { lastSuccessfulReport: null } });
           const task = await runTask(taskInstance);
           const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
-
           expect(newLastSuccessfulReport).toEqual(expect.any(String));
+          expect(newLastSuccessfulReport).not.toEqual(taskInstance.state.lastSuccessfulReport);
+        });
+
+        describe('and response is NOT 201', () => {
+          beforeEach(() => {
+            reportUsageSpy.mockResolvedValueOnce({ status: 500 });
+          });
+
+          it('should set lastSuccessfulReport correctly', async () => {
+            const lastSuccessfulReport = new Date(new Date().setMinutes(-15)).toISOString();
+            const taskInstance = buildMockTaskInstance({ state: { lastSuccessfulReport } });
+            const task = await runTask(taskInstance);
+            const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
+
+            expect(newLastSuccessfulReport).toEqual(taskInstance.state.lastSuccessfulReport);
+          });
+
+          it('should set lastSuccessfulReport correctly if previously null', async () => {
+            const taskInstance = buildMockTaskInstance({ state: { lastSuccessfulReport: null } });
+            const task = await runTask(taskInstance);
+            const newLastSuccessfulReport = task?.state.lastSuccessfulReport;
+
+            expect(newLastSuccessfulReport).toEqual(expect.any(String));
+          });
         });
       });
     });
diff --git a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts
index eb36adc77874e..86c94674828ad 100644
--- a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts
+++ b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts
@@ -23,18 +23,17 @@ import type { ServerlessSecurityConfig } from '../config';
 import { stateSchemaByVersion, emptyState } from './task_state';
 
 const SCOPE = ['serverlessSecurity'];
-const TIMEOUT = '1m';
 
 export const VERSION = '1.0.0';
 
 export class SecurityUsageReportingTask {
   private wasStarted: boolean = false;
-  private cloudSetup: CloudSetup;
-  private taskType: string;
-  private version: string;
-  private logger: Logger;
   private abortController = new AbortController();
-  private config: ServerlessSecurityConfig;
+  private readonly cloudSetup: CloudSetup;
+  private readonly taskType: string;
+  private readonly version: string;
+  private readonly logger: Logger;
+  private readonly config: ServerlessSecurityConfig;
 
   constructor(setupContract: SecurityUsageReportingTaskSetupContract) {
     const {
@@ -59,7 +58,7 @@ export class SecurityUsageReportingTask {
       taskManager.registerTaskDefinitions({
         [taskType]: {
           title: taskTitle,
-          timeout: TIMEOUT,
+          timeout: this.config.usageReportingTaskTimeout,
           stateSchemaByVersion,
           createTaskRunner: ({ taskInstance }: { taskInstance: ConcreteTaskInstance }) => {
             return {
@@ -79,7 +78,7 @@ export class SecurityUsageReportingTask {
 
   public start = async ({ taskManager, interval }: SecurityUsageReportingTaskStartContract) => {
     if (!taskManager) {
-      this.logger.error(`missing required taskmanager service during start of ${this.taskType}`);
+      this.logger.error(`missing required task manager service during start of ${this.taskType}`);
       return;
     }
 
@@ -133,7 +132,7 @@ export class SecurityUsageReportingTask {
     let usageRecords: UsageRecord[] = [];
     let latestRecordTimestamp: Date | undefined;
     let shouldRunAgain = false;
-    // save usage record query time so we can use it to know where
+    // save usage record query time, so we can use it to know where
     // the next query range should start
     const meteringCallbackTime = new Date();
     try {
@@ -162,7 +161,12 @@ export class SecurityUsageReportingTask {
 
     if (usageRecords.length !== 0) {
       try {
-        usageReportResponse = await usageReportingService.reportUsage(usageRecords);
+        this.logger.debug(`Sending ${usageRecords.length} usage records to the API`);
+
+        usageReportResponse = await usageReportingService.reportUsage(
+          usageRecords,
+          this.config.usageReportingApiUrl
+        );
 
         if (!usageReportResponse.ok) {
           const errorResponse = await usageReportResponse.json();
@@ -170,7 +174,7 @@ export class SecurityUsageReportingTask {
           return { state: taskInstance.state, runAt: new Date() };
         }
 
-        this.logger.info(
+        this.logger.debug(
           `(${
             usageRecords.length
           }) usage records starting from ${lastSuccessfulReport.toISOString()} were sent successfully: ${
diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx
index e79926fd4c970..849b54c01de8a 100644
--- a/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx
+++ b/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx
@@ -8,7 +8,6 @@
 import {
   EuiBadge,
   EuiButton,
-  EuiCodeBlock,
   EuiFlexGroup,
   EuiFlexItem,
   EuiIcon,
@@ -21,14 +20,27 @@ import {
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { css } from '@emotion/react';
-import { ApiKey } from '@kbn/security-plugin/common';
+import { ApiKey } from '@kbn/security-plugin-types-common';
 import { useQuery } from '@tanstack/react-query';
-import React, { useState } from 'react';
+import React, { useEffect, useState } from 'react';
+import { ApiKeySelectableTokenField } from '@kbn/security-api-key-management';
+import {
+  SecurityCreateApiKeyResponse,
+  SecurityUpdateApiKeyResponse,
+} from '@elastic/elasticsearch/lib/api/types';
 import { useKibanaServices } from '../../hooks/use_kibana';
 import { MANAGEMENT_API_KEYS } from '../../../../common/routes';
 import { CreateApiKeyFlyout } from './create_api_key_flyout';
 import './api_key.scss';
-import { CreateApiKeyResponse } from '../../hooks/api/use_create_api_key';
+
+function isCreatedResponse(
+  value: SecurityCreateApiKeyResponse | SecurityUpdateApiKeyResponse
+): value is SecurityCreateApiKeyResponse {
+  if ((value as SecurityCreateApiKeyResponse).id) {
+    return true;
+  }
+  return false;
+}
 
 export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: string) => void }) => {
   const { http, user } = useKibanaServices();
@@ -37,19 +49,30 @@ export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: stri
     queryKey: ['apiKey'],
     queryFn: () => http.fetch<{ apiKeys: ApiKey[] }>('/internal/serverless_search/api_keys'),
   });
-  const [apiKey, setApiKey] = useState<CreateApiKeyResponse | undefined>(undefined);
-  const saveApiKey = (value: CreateApiKeyResponse) => {
+  const [apiKey, setApiKey] = useState<SecurityCreateApiKeyResponse | undefined>(undefined);
+  const saveApiKey = (value: SecurityCreateApiKeyResponse) => {
     setApiKey(value);
-    if (value.encoded) setClientApiKey(value.encoded);
   };
 
+  useEffect(() => {
+    if (apiKey) {
+      setClientApiKey(apiKey.encoded);
+      setIsFlyoutOpen(false);
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [apiKey]);
+
   return (
     <>
       {isFlyoutOpen && (
         <CreateApiKeyFlyout
           onClose={() => setIsFlyoutOpen(false)}
-          setApiKey={saveApiKey}
-          username={user?.full_name || user?.username || ''}
+          setApiKey={(value) => {
+            if (isCreatedResponse(value)) {
+              saveApiKey(value);
+            }
+          }}
+          user={user}
         />
       )}
       {apiKey ? (
@@ -74,9 +97,7 @@ export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: stri
               })}
             </EuiText>
             <EuiSpacer size="s" />
-            <EuiCodeBlock isCopyable data-test-subj="api-key-created-key-codeblock">
-              {JSON.stringify(apiKey, undefined, 2)}
-            </EuiCodeBlock>
+            <ApiKeySelectableTokenField createdApiKey={apiKey} />
           </EuiStep>
         </EuiPanel>
       ) : (
diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx
deleted file mode 100644
index c6ec0469168f3..0000000000000
--- a/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  EuiIcon,
-  EuiText,
-  EuiForm,
-  EuiFieldText,
-  EuiFormRow,
-  EuiFieldNumber,
-  EuiRadioGroup,
-  EuiFlexGroup,
-  EuiFlexItem,
-} from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import { FormattedDate, FormattedMessage } from '@kbn/i18n-react';
-import React from 'react';
-
-interface BasicSetupFormProps {
-  isLoading: boolean;
-  name: string;
-  user: string;
-  expires: string | null;
-  onChangeName: (name: string) => void;
-  onChangeExpires: (expires: string | null) => void;
-}
-export const DEFAULT_EXPIRES_VALUE = '60';
-
-export const BasicSetupForm: React.FC<BasicSetupFormProps> = ({
-  isLoading,
-  name,
-  user,
-  expires,
-  onChangeName,
-  onChangeExpires,
-}) => {
-  let expirationDate: Date | undefined;
-  if (expires) {
-    expirationDate = new Date();
-    expirationDate.setDate(expirationDate.getDate() + parseInt(expires, 10));
-  }
-  return (
-    <EuiForm>
-      <EuiFormRow
-        fullWidth
-        isInvalid={!name}
-        helpText={i18n.translate('xpack.serverlessSearch.apiKey.nameFieldHelpText', {
-          defaultMessage: 'A good name makes it clear what your API key does.',
-        })}
-        label={i18n.translate('xpack.serverlessSearch.apiKey.nameFieldLabel', {
-          defaultMessage: 'Name',
-        })}
-      >
-        <EuiFieldText
-          fullWidth
-          isLoading={isLoading}
-          value={name}
-          onChange={(e) => onChangeName(e.currentTarget.value)}
-          data-test-subj="create-api-key-name"
-        />
-      </EuiFormRow>
-      <EuiFormRow
-        fullWidth
-        helpText={i18n.translate('xpack.serverlessSearch.apiKey.userFieldHelpText', {
-          defaultMessage: 'ID of the user creating the API key.',
-        })}
-        label={i18n.translate('xpack.serverlessSearch.apiKey.userFieldLabel', {
-          defaultMessage: 'User',
-        })}
-      >
-        <EuiFieldText
-          data-test-subj="serverlessSearchBasicSetupFormFieldText"
-          fullWidth
-          disabled={true}
-          value={user}
-          onChange={() => {}}
-        />
-      </EuiFormRow>
-      <EuiFormRow
-        fullWidth
-        labelAppend={
-          <EuiFlexGroup gutterSize="s" justifyContent="flexEnd" alignItems="center">
-            <EuiFlexItem grow={false}>
-              <EuiIcon type="warning" size="s" color="subdued" />
-            </EuiFlexItem>
-            <EuiFlexItem grow={false}>
-              <EuiText color="subdued" size="xs">
-                {i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldHelpText', {
-                  defaultMessage: 'API keys should be rotated regularly.',
-                })}
-              </EuiText>
-            </EuiFlexItem>
-          </EuiFlexGroup>
-        }
-        label={i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldLabel', {
-          defaultMessage: 'Expires',
-        })}
-      >
-        <EuiRadioGroup
-          options={[
-            {
-              id: 'never',
-              label: i18n.translate('xpack.serverlessSearch.apiKey.expiresField.neverLabel', {
-                defaultMessage: 'Never',
-              }),
-              'data-test-subj': 'create-api-key-expires-never-radio',
-            },
-            {
-              id: 'days',
-              label: i18n.translate('xpack.serverlessSearch.apiKey.expiresField.daysLabel', {
-                defaultMessage: 'in days',
-              }),
-              'data-test-subj': 'create-api-key-expires-days-radio',
-            },
-          ]}
-          idSelected={expires === null ? 'never' : 'days'}
-          onChange={(id) => onChangeExpires(id === 'never' ? null : DEFAULT_EXPIRES_VALUE)}
-          data-test-subj="create-api-key-expires-radio"
-        />
-      </EuiFormRow>
-      {expires !== null && (
-        <EuiFormRow
-          fullWidth
-          helpText={
-            <FormattedMessage
-              id="xpack.serverlessSearch.apiKey.expiresHelpText"
-              defaultMessage="This API Key will expire on {expirationDate}"
-              values={{
-                expirationDate: (
-                  <strong>
-                    <FormattedDate
-                      year="numeric"
-                      month="long"
-                      day="numeric"
-                      value={expirationDate!}
-                    />
-                  </strong>
-                ),
-              }}
-            />
-          }
-        >
-          <EuiFieldNumber
-            fullWidth
-            disabled={isLoading}
-            append={i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldUnit', {
-              defaultMessage: 'days',
-            })}
-            placeholder="1"
-            defaultValue={expires}
-            min={1}
-            onChange={(e) => onChangeExpires(e.currentTarget.value)}
-            data-test-subj="create-api-key-expires-days-number-field"
-          />
-        </EuiFormRow>
-      )}
-    </EuiForm>
-  );
-};
diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx
index 04d8e366df858..3af41e709aff9 100644
--- a/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx
+++ b/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx
@@ -4,44 +4,14 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import React, { useEffect, useState } from 'react';
-import { css } from '@emotion/react';
+import React from 'react';
 
+import { ApiKeyFlyout } from '@kbn/security-api-key-management';
 import {
-  useEuiTheme,
-  EuiAccordion,
-  EuiBadge,
-  EuiButton,
-  EuiButtonEmpty,
-  EuiCallOut,
-  EuiFlexGroup,
-  EuiFlexItem,
-  EuiFlyout,
-  EuiFlyoutBody,
-  EuiFlyoutFooter,
-  EuiFlyoutHeader,
-  EuiIcon,
-  EuiPanel,
-  EuiSpacer,
-  EuiSwitch,
-  EuiSwitchEvent,
-  EuiText,
-  EuiTitle,
-} from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-
-import {
-  CANCEL_LABEL,
-  DISABLED_LABEL,
-  ENABLED_LABEL,
-  INVALID_JSON_ERROR,
-  REQUIRED_LABEL,
-} from '../../../../common/i18n_string';
-import { isApiError } from '../../../utils/api';
-import { BasicSetupForm, DEFAULT_EXPIRES_VALUE } from './basic_setup_form';
-import { MetadataForm } from './metadata_form';
-import { SecurityPrivilegesForm } from './security_privileges_form';
-import { CreateApiKeyResponse, useCreateApiKey } from '../../hooks/api/use_create_api_key';
+  SecurityCreateApiKeyResponse,
+  SecurityUpdateApiKeyResponse,
+} from '@elastic/elasticsearch/lib/api/types';
+import { AuthenticatedUser } from '@kbn/core/public';
 
 const DEFAULT_ROLE_DESCRIPTORS = `{
   "serverless_search": {
@@ -59,308 +29,24 @@ const DEFAULT_METADATA = `{
 
 interface CreateApiKeyFlyoutProps {
   onClose: () => void;
-  setApiKey: (apiKey: CreateApiKeyResponse) => void;
-  username: string;
+  setApiKey: (apiKey: SecurityCreateApiKeyResponse | SecurityUpdateApiKeyResponse) => void;
+  user?: AuthenticatedUser;
 }
 
-const parseCreateError = (error: unknown): string | undefined => {
-  if (!error) return undefined;
-  if (isApiError(error)) {
-    return error.body.message;
-  }
-  if (error instanceof Error) {
-    return error.message;
-  }
-  return JSON.stringify(error);
-};
-
 export const CreateApiKeyFlyout: React.FC<CreateApiKeyFlyoutProps> = ({
   onClose,
-  username,
   setApiKey,
+  user,
 }) => {
-  const { euiTheme } = useEuiTheme();
-  const [name, setName] = useState('');
-  const [expires, setExpires] = useState<string | null>(DEFAULT_EXPIRES_VALUE);
-  const [roleDescriptors, setRoleDescriptors] = useState(DEFAULT_ROLE_DESCRIPTORS);
-  const [roleDescriptorsError, setRoleDescriptorsError] = useState<string | undefined>(undefined);
-  const [metadata, setMetadata] = useState(DEFAULT_METADATA);
-  const [metadataError, setMetadataError] = useState<string | undefined>(undefined);
-  const [privilegesEnabled, setPrivilegesEnabled] = useState<boolean>(false);
-  const [privilegesOpen, setPrivilegesOpen] = useState<'open' | 'closed'>('closed');
-  const [metadataEnabled, setMetadataEnabled] = useState<boolean>(false);
-  const [metadataOpen, setMetadataOpen] = useState<'open' | 'closed'>('closed');
-
-  const togglePrivileges = (e: EuiSwitchEvent) => {
-    const enabled = e.target.checked;
-    setPrivilegesEnabled(enabled);
-    setPrivilegesOpen(enabled ? 'open' : 'closed');
-    // Reset role descriptors to default
-    if (enabled) setRoleDescriptors(DEFAULT_ROLE_DESCRIPTORS);
-  };
-  const toggleMetadata = (e: EuiSwitchEvent) => {
-    const enabled = e.target.checked;
-    setMetadataEnabled(enabled);
-    setMetadataOpen(enabled ? 'open' : 'closed');
-    // Reset metadata to default
-    if (enabled) setMetadata(DEFAULT_METADATA);
-  };
-  const onCreateClick = () => {
-    let parsedRoleDescriptors: Record<string, any> | undefined;
-    if (privilegesEnabled) {
-      try {
-        parsedRoleDescriptors =
-          roleDescriptors.length > 0 ? JSON.parse(roleDescriptors) : undefined;
-      } catch (e) {
-        setRoleDescriptorsError(INVALID_JSON_ERROR);
-        return;
-      }
-    }
-    if (roleDescriptorsError) setRoleDescriptorsError(undefined);
-    let parsedMetadata: Record<string, any> | undefined;
-    if (metadataEnabled) {
-      try {
-        parsedMetadata = metadata.length > 0 ? JSON.parse(metadata) : undefined;
-      } catch (e) {
-        setMetadataError(INVALID_JSON_ERROR);
-        return;
-      }
-    }
-    if (metadataError) setMetadataError(undefined);
-    const expiration = expires !== null ? `${expires}d` : undefined;
-
-    mutate({
-      expiration,
-      metadata: parsedMetadata,
-      name,
-      role_descriptors: parsedRoleDescriptors,
-    });
-  };
-
-  const { data, isLoading, isError, isSuccess, error, mutate } = useCreateApiKey();
-
-  useEffect(() => {
-    if (isSuccess) {
-      setApiKey(data);
-      onClose();
-    }
-  });
-
-  const createError = parseCreateError(error);
   return (
-    <EuiFlyout
-      onClose={onClose}
-      css={css`
-        max-width: calc(${euiTheme.size.xxxxl} * 10);
-      `}
-    >
-      <EuiFlyoutHeader hasBorder={true}>
-        <EuiTitle size="m">
-          <h2>
-            {i18n.translate('xpack.serverlessSearch.apiKey.flyoutTitle', {
-              defaultMessage: 'Create an API key',
-            })}
-          </h2>
-        </EuiTitle>
-      </EuiFlyoutHeader>
-      <EuiFlyoutBody>
-        {isError && createError && (
-          <EuiCallOut
-            color="danger"
-            iconType="warning"
-            title={i18n.translate('xpack.serverlessSearch.apiKey.flyout.errorTitle', {
-              defaultMessage: 'Error creating API key',
-            })}
-            data-test-subj="create-api-key-error-callout"
-          >
-            {createError}
-          </EuiCallOut>
-        )}
-        <EuiPanel hasBorder>
-          <EuiAccordion
-            id="apiKey.setup"
-            paddingSize="l"
-            initialIsOpen
-            buttonContent={
-              <div>
-                <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s">
-                  <EuiFlexItem grow={false}>
-                    <EuiIcon type="gear" />
-                  </EuiFlexItem>
-                  <EuiFlexItem>
-                    <EuiTitle size="xs">
-                      <h4>
-                        {i18n.translate('xpack.serverlessSearch.apiKey.setup.title', {
-                          defaultMessage: 'Setup',
-                        })}
-                      </h4>
-                    </EuiTitle>
-                  </EuiFlexItem>
-                </EuiFlexGroup>
-                <EuiSpacer size="xs" />
-                <EuiText color="subdued" size="xs">
-                  <p>
-                    {i18n.translate('xpack.serverlessSearch.apiKey.setup.description', {
-                      defaultMessage: 'Basic configuration details to create your API key.',
-                    })}
-                  </p>
-                </EuiText>
-              </div>
-            }
-            extraAction={<EuiBadge color="hollow">{REQUIRED_LABEL}</EuiBadge>}
-          >
-            <EuiSpacer size="s" />
-            <BasicSetupForm
-              isLoading={isLoading}
-              name={name}
-              user={username}
-              expires={expires}
-              onChangeName={(newName: string) => setName(newName)}
-              onChangeExpires={(newExpires: string | null) => setExpires(newExpires)}
-            />
-          </EuiAccordion>
-        </EuiPanel>
-        <EuiSpacer size="l" />
-        <EuiPanel hasBorder>
-          <EuiAccordion
-            id="apiKey.privileges"
-            paddingSize="l"
-            buttonContent={
-              <div style={{ paddingRight: euiTheme.size.s }}>
-                <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s">
-                  <EuiFlexItem grow={false}>
-                    <EuiIcon type="lock" />
-                  </EuiFlexItem>
-                  <EuiFlexItem>
-                    <EuiTitle size="xs">
-                      <h4>
-                        {i18n.translate('xpack.serverlessSearch.apiKey.privileges.title', {
-                          defaultMessage: 'Security Privileges',
-                        })}
-                      </h4>
-                    </EuiTitle>
-                  </EuiFlexItem>
-                </EuiFlexGroup>
-                <EuiSpacer size="xs" />
-                <EuiText color="subdued" size="xs">
-                  <p>
-                    {i18n.translate('xpack.serverlessSearch.apiKey.privileges.description', {
-                      defaultMessage:
-                        'Control access to specific Elasticsearch APIs and resources using predefined roles or custom privileges per API key.',
-                    })}
-                  </p>
-                </EuiText>
-              </div>
-            }
-            extraAction={
-              <EuiSwitch
-                label={privilegesEnabled ? ENABLED_LABEL : DISABLED_LABEL}
-                checked={privilegesEnabled}
-                onChange={togglePrivileges}
-                data-test-subj="create-api-role-descriptors-switch"
-              />
-            }
-            forceState={privilegesOpen}
-            onToggle={(isOpen) => {
-              if (privilegesEnabled) {
-                setPrivilegesOpen(isOpen ? 'open' : 'closed');
-              }
-            }}
-          >
-            <EuiSpacer size="s" />
-            <SecurityPrivilegesForm
-              roleDescriptors={roleDescriptors}
-              onChangeRoleDescriptors={setRoleDescriptors}
-              error={roleDescriptorsError}
-            />
-          </EuiAccordion>
-        </EuiPanel>
-        <EuiSpacer size="l" />
-        <EuiPanel hasBorder>
-          <EuiAccordion
-            id="apiKey.metadata"
-            paddingSize="l"
-            buttonContent={
-              <div style={{ paddingRight: euiTheme.size.s }}>
-                <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s">
-                  <EuiFlexItem grow={false}>
-                    <EuiIcon type="visVega" />
-                  </EuiFlexItem>
-                  <EuiFlexItem>
-                    <EuiTitle size="xs">
-                      <h4>
-                        {i18n.translate('xpack.serverlessSearch.apiKey.metadata.title', {
-                          defaultMessage: 'Metadata',
-                        })}
-                      </h4>
-                    </EuiTitle>
-                  </EuiFlexItem>
-                </EuiFlexGroup>
-                <EuiSpacer size="xs" />
-                <EuiText color="subdued" size="xs">
-                  <p>
-                    {i18n.translate('xpack.serverlessSearch.apiKey.metadata.description', {
-                      defaultMessage:
-                        'Use configurable key-value pairs to add information about the API key or customize Elasticsearch resource access.',
-                    })}
-                  </p>
-                </EuiText>
-              </div>
-            }
-            extraAction={
-              <EuiSwitch
-                label={metadataEnabled ? ENABLED_LABEL : DISABLED_LABEL}
-                checked={metadataEnabled}
-                onChange={toggleMetadata}
-                data-test-subj="create-api-metadata-switch"
-              />
-            }
-            forceState={metadataOpen}
-            onToggle={(isOpen) => {
-              if (metadataEnabled) {
-                setMetadataOpen(isOpen ? 'open' : 'closed');
-              }
-            }}
-          >
-            <EuiSpacer size="s" />
-            <MetadataForm
-              metadata={metadata}
-              onChangeMetadata={setMetadata}
-              error={metadataError}
-            />
-          </EuiAccordion>
-        </EuiPanel>
-      </EuiFlyoutBody>
-      <EuiFlyoutFooter>
-        <EuiFlexGroup justifyContent="spaceBetween">
-          <EuiFlexItem grow={false}>
-            <EuiButtonEmpty
-              isDisabled={isLoading}
-              onClick={onClose}
-              data-test-subj="create-api-key-cancel"
-            >
-              {CANCEL_LABEL}
-            </EuiButtonEmpty>
-          </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiFlexGroup justifyContent="flexEnd">
-              <EuiFlexItem>
-                <EuiButton
-                  fill
-                  disabled={!name}
-                  isLoading={isLoading}
-                  onClick={onCreateClick}
-                  data-test-subj="create-api-key-submit"
-                >
-                  {i18n.translate('xpack.serverlessSearch.apiKey.flyOutCreateLabel', {
-                    defaultMessage: 'Create API Key',
-                  })}
-                </EuiButton>
-              </EuiFlexItem>
-            </EuiFlexGroup>
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      </EuiFlyoutFooter>
-    </EuiFlyout>
+    <ApiKeyFlyout
+      onCancel={onClose}
+      onSuccess={setApiKey}
+      apiKey={undefined}
+      currentUser={user}
+      defaultRoleDescriptors={DEFAULT_ROLE_DESCRIPTORS}
+      defaultMetadata={DEFAULT_METADATA}
+      defaultExpiration="60"
+    />
   );
 };
diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx
deleted file mode 100644
index ef6705c90b0a0..0000000000000
--- a/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EuiText, EuiLink, EuiSpacer } from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import { CodeEditorField } from '@kbn/code-editor';
-import React from 'react';
-import { docLinks } from '../../../../common/doc_links';
-
-interface MetadataFormProps {
-  metadata: string;
-  onChangeMetadata: (metadata: string) => void;
-  error?: React.ReactNode | React.ReactNode[];
-}
-
-export const MetadataForm: React.FC<MetadataFormProps> = ({
-  metadata,
-  onChangeMetadata,
-  error,
-}) => {
-  return (
-    <div data-test-subj="create-api-metadata-code-editor-container">
-      <EuiLink
-        data-test-subj="serverlessSearchMetadataFormLearnHowToStructureRoleMetadataLink"
-        href={docLinks.metadata}
-        target="_blank"
-      >
-        {i18n.translate('xpack.serverlessSearch.apiKey.metadataLinkLabel', {
-          defaultMessage: 'Learn how to structure role metadata',
-        })}
-      </EuiLink>
-      <EuiSpacer />
-      {error && (
-        <EuiText size="s" color="danger">
-          <p>{error}</p>
-        </EuiText>
-      )}
-      <CodeEditorField
-        allowFullScreen
-        fullWidth
-        height="600px"
-        languageId="json"
-        isCopyable
-        onChange={(e) => onChangeMetadata(e)}
-        value={metadata}
-      />
-    </div>
-  );
-};
diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx
deleted file mode 100644
index c647471f90e71..0000000000000
--- a/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  EuiText,
-  EuiLink,
-  EuiSpacer,
-  EuiPanel,
-  EuiFlexItem,
-  EuiFlexGroup,
-  EuiButtonEmpty,
-} from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import { CodeEditorField } from '@kbn/code-editor';
-import React from 'react';
-import { docLinks } from '../../../../common/doc_links';
-const READ_ONLY_BOILERPLATE = `{
-  "read-only-role": {
-    "cluster": [],
-    "indices": [
-      {
-        "names": ["*"],
-        "privileges": ["read"]
-      }
-    ]
-  }
-}`;
-const WRITE_ONLY_BOILERPLATE = `{
-  "write-only-role": {
-    "cluster": [],
-    "indices": [
-      {
-        "names": ["*"],
-        "privileges": ["write"]
-      }
-    ]
-  }
-}`;
-interface SecurityPrivilegesFormProps {
-  onChangeRoleDescriptors: (roleDescriptors: string) => void;
-  error?: React.ReactNode | React.ReactNode[];
-  roleDescriptors: string;
-}
-
-export const SecurityPrivilegesForm: React.FC<SecurityPrivilegesFormProps> = ({
-  onChangeRoleDescriptors,
-  error,
-  roleDescriptors,
-}) => {
-  return (
-    <div data-test-subj="create-api-role-descriptors-code-editor-container">
-      <EuiLink
-        data-test-subj="serverlessSearchSecurityPrivilegesFormLearnHowToStructureRoleDescriptorsLink"
-        href={docLinks.roleDescriptors}
-        target="_blank"
-      >
-        {i18n.translate('xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel', {
-          defaultMessage: 'Learn how to structure role descriptors',
-        })}
-      </EuiLink>
-      <EuiSpacer />
-      {error && (
-        <EuiText size="s" color="danger">
-          <p>{error}</p>
-        </EuiText>
-      )}
-      <EuiPanel hasShadow={false} color="subdued">
-        <EuiFlexGroup gutterSize="none" justifyContent="flexEnd" alignItems="baseline">
-          <EuiFlexItem grow={false}>
-            <EuiText size="xs">
-              <h4>
-                {i18n.translate('xpack.serverlessSearch.apiKey.privileges.boilerplate.label', {
-                  defaultMessage: 'Replace with boilerplate:',
-                })}
-              </h4>
-            </EuiText>
-          </EuiFlexItem>
-
-          <EuiFlexItem grow={false}>
-            <EuiButtonEmpty
-              data-test-subj="serverlessSearchSecurityPrivilegesFormReadOnlyButton"
-              onClick={() => onChangeRoleDescriptors(READ_ONLY_BOILERPLATE)}
-            >
-              {i18n.translate(
-                'xpack.serverlessSearch.apiKey.privileges.boilerplate.readOnlyLabel',
-                {
-                  defaultMessage: 'Read-only',
-                }
-              )}
-            </EuiButtonEmpty>
-          </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiButtonEmpty
-              data-test-subj="serverlessSearchSecurityPrivilegesFormWriteOnlyButton"
-              onClick={() => onChangeRoleDescriptors(WRITE_ONLY_BOILERPLATE)}
-            >
-              {i18n.translate(
-                'xpack.serverlessSearch.apiKey.privileges.boilerplate.writeOnlyLabel',
-                {
-                  defaultMessage: 'Write-only',
-                }
-              )}
-            </EuiButtonEmpty>
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      </EuiPanel>
-      <CodeEditorField
-        allowFullScreen
-        fullWidth
-        height="600px"
-        languageId="json"
-        isCopyable
-        onChange={(e) => onChangeRoleDescriptors(e)}
-        value={roleDescriptors}
-      />
-    </div>
-  );
-};
diff --git a/x-pack/plugins/serverless_search/tsconfig.json b/x-pack/plugins/serverless_search/tsconfig.json
index 418dcb5fc6f5c..c19ec3af2f4fc 100644
--- a/x-pack/plugins/serverless_search/tsconfig.json
+++ b/x-pack/plugins/serverless_search/tsconfig.json
@@ -40,7 +40,6 @@
     "@kbn/index-management-plugin",
     "@kbn/usage-collection-plugin",
     "@kbn/es-types",
-    "@kbn/code-editor",
     "@kbn/console-plugin",
     "@kbn/core-chrome-browser",
     "@kbn/core-logging-server-mocks",
@@ -49,7 +48,9 @@
     "@kbn/index-management",
     "@kbn/react-kibana-context-render",
     "@kbn/search-playground",
+    "@kbn/security-api-key-management",
     "@kbn/search-inference-endpoints",
     "@kbn/search-homepage",
+    "@kbn/security-plugin-types-common",
   ]
 }
diff --git a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
index d312d02a30981..4167c0d972a48 100644
--- a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
+++ b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
@@ -53,8 +53,8 @@ export const snapshotListSchema = schema.object({
 });
 
 export const policySchema = schema.object({
-  name: schema.string(),
-  snapshotName: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
+  snapshotName: schema.string({ maxLength: 1000 }),
   schedule: schema.string(),
   repository: schema.string(),
   config: schema.maybe(snapshotConfigSchema),
@@ -66,7 +66,7 @@ export const policySchema = schema.object({
 const fsRepositorySettings = schema.object({ location: schema.string() }, { unknowns: 'allow' });
 
 const fsRepositorySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: fsRepositorySettings,
 });
@@ -76,7 +76,7 @@ const readOnlyRepositorySettings = schema.object({
 });
 
 const readOnlyRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: readOnlyRepositorySettings,
 });
@@ -85,7 +85,7 @@ const readOnlyRepository = schema.object({
 const s3RepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' });
 
 const s3Repository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: s3RepositorySettings,
 });
@@ -100,7 +100,7 @@ const hdsRepositorySettings = schema.object(
 );
 
 const hdsfRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: hdsRepositorySettings,
 });
@@ -108,7 +108,7 @@ const hdsfRepository = schema.object({
 const azureRepositorySettings = schema.object({}, { unknowns: 'allow' });
 
 const azureRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: azureRepositorySettings,
 });
@@ -117,13 +117,13 @@ const azureRepository = schema.object({
 const gcsRepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' });
 
 const gcsRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: gcsRepositorySettings,
 });
 
 const sourceRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: schema.oneOf([
     fsRepositorySettings,
diff --git a/x-pack/plugins/spaces/public/constants.ts b/x-pack/plugins/spaces/public/constants.ts
index 27c6f04225d4f..64781228d4f43 100644
--- a/x-pack/plugins/spaces/public/constants.ts
+++ b/x-pack/plugins/spaces/public/constants.ts
@@ -22,5 +22,3 @@ export const getSpacesFeatureDescription = () => {
 export const DEFAULT_OBJECT_NOUN = i18n.translate('xpack.spaces.shareToSpace.objectNoun', {
   defaultMessage: 'object',
 });
-
-export const SOLUTION_NAV_FEATURE_FLAG_NAME = 'solutionNavEnabled';
diff --git a/x-pack/plugins/spaces/public/experiments/index.ts b/x-pack/plugins/spaces/public/experiments/index.ts
new file mode 100644
index 0000000000000..454fb8980a6d7
--- /dev/null
+++ b/x-pack/plugins/spaces/public/experiments/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { isSolutionNavEnabled } from './is_solution_nav_enabled';
diff --git a/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts b/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts
new file mode 100644
index 0000000000000..5351c20c99d0f
--- /dev/null
+++ b/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CloudExperimentsPluginStart } from '@kbn/cloud-experiments-plugin/common';
+import type { CloudStart } from '@kbn/cloud-plugin/public';
+
+const SOLUTION_NAV_FEATURE_FLAG_NAME = 'solutionNavEnabled';
+
+export const isSolutionNavEnabled = (
+  cloud?: CloudStart,
+  cloudExperiments?: CloudExperimentsPluginStart
+) => {
+  return Boolean(cloud?.isCloudEnabled) && cloudExperiments
+    ? cloudExperiments.getVariation(SOLUTION_NAV_FEATURE_FLAG_NAME, false)
+    : Promise.resolve(false);
+};
diff --git a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx
index 68e8421449cf8..2bcf35ccc6cc4 100644
--- a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx
+++ b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx
@@ -10,7 +10,6 @@ import { EuiButton } from '@elastic/eui';
 import { waitFor } from '@testing-library/react';
 import type { ReactWrapper } from 'enzyme';
 import React from 'react';
-import { of } from 'rxjs';
 
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core/public';
 import { notificationServiceMock, scopedHistoryMock } from '@kbn/core/public/mocks';
@@ -124,7 +123,7 @@ describe('ManageSpacePage', () => {
           spaces: { manage: true },
         }}
         allowFeatureVisibility
-        isSolutionNavEnabled$={of(true)}
+        solutionNavExperiment={Promise.resolve(true)}
       />
     );
 
@@ -180,7 +179,7 @@ describe('ManageSpacePage', () => {
             spaces: { manage: true },
           }}
           allowFeatureVisibility
-          isSolutionNavEnabled$={of(false)}
+          solutionNavExperiment={Promise.resolve(false)}
         />
       );
 
diff --git a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx
index 8ea38d4fcc316..86d1c13884321 100644
--- a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx
+++ b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx
@@ -18,7 +18,6 @@ import {
 } from '@elastic/eui';
 import { difference } from 'lodash';
 import React, { Component } from 'react';
-import type { Observable, Subscription } from 'rxjs';
 
 import type { Capabilities, NotificationsStart, ScopedHistory } from '@kbn/core/public';
 import { SectionLoading } from '@kbn/es-ui-shared-plugin/public';
@@ -56,7 +55,7 @@ interface Props {
   capabilities: Capabilities;
   history: ScopedHistory;
   allowFeatureVisibility: boolean;
-  isSolutionNavEnabled$?: Observable<boolean>;
+  solutionNavExperiment?: Promise<boolean>;
 }
 
 interface State {
@@ -76,7 +75,6 @@ interface State {
 export class ManageSpacePage extends Component<Props, State> {
   private readonly validator: SpaceValidator;
   private initialSpaceState: State['space'] | null = null;
-  private subscription: Subscription | null = null;
 
   constructor(props: Props) {
     super(props);
@@ -115,11 +113,9 @@ export class ManageSpacePage extends Component<Props, State> {
       });
     }
 
-    if (this.props.isSolutionNavEnabled$) {
-      this.subscription = this.props.isSolutionNavEnabled$.subscribe((isEnabled) => {
-        this.setState({ isSolutionNavEnabled: isEnabled });
-      });
-    }
+    this.props.solutionNavExperiment?.then((isEnabled) => {
+      this.setState({ isSolutionNavEnabled: isEnabled });
+    });
   }
 
   public async componentDidUpdate(previousProps: Props) {
@@ -128,12 +124,6 @@ export class ManageSpacePage extends Component<Props, State> {
     }
   }
 
-  public componentWillUnmount() {
-    if (this.subscription) {
-      this.subscription.unsubscribe();
-    }
-  }
-
   public render() {
     if (!this.props.capabilities.spaces.manage) {
       return (
diff --git a/x-pack/plugins/spaces/public/management/management_service.test.ts b/x-pack/plugins/spaces/public/management/management_service.test.ts
index 23c669ded0f4b..2eaacfda7c3a9 100644
--- a/x-pack/plugins/spaces/public/management/management_service.test.ts
+++ b/x-pack/plugins/spaces/public/management/management_service.test.ts
@@ -38,6 +38,7 @@ describe('ManagementService', () => {
         spacesManager: spacesManagerMock.create(),
         config,
         getRolesAPIClient: getRolesAPIClientMock,
+        solutionNavExperiment: Promise.resolve(false),
       });
 
       expect(mockKibanaSection.registerApp).toHaveBeenCalledTimes(1);
@@ -58,6 +59,7 @@ describe('ManagementService', () => {
         spacesManager: spacesManagerMock.create(),
         config,
         getRolesAPIClient: getRolesAPIClientMock,
+        solutionNavExperiment: Promise.resolve(false),
       });
     });
   });
@@ -79,6 +81,7 @@ describe('ManagementService', () => {
         spacesManager: spacesManagerMock.create(),
         config,
         getRolesAPIClient: jest.fn(),
+        solutionNavExperiment: Promise.resolve(false),
       });
 
       service.stop();
diff --git a/x-pack/plugins/spaces/public/management/management_service.tsx b/x-pack/plugins/spaces/public/management/management_service.tsx
index e4836da797182..143aebba39d96 100644
--- a/x-pack/plugins/spaces/public/management/management_service.tsx
+++ b/x-pack/plugins/spaces/public/management/management_service.tsx
@@ -20,6 +20,7 @@ interface SetupDeps {
   spacesManager: SpacesManager;
   config: ConfigType;
   getRolesAPIClient: () => Promise<RolesAPIClient>;
+  solutionNavExperiment: Promise<boolean>;
 }
 
 export class ManagementService {
@@ -31,9 +32,16 @@ export class ManagementService {
     spacesManager,
     config,
     getRolesAPIClient,
+    solutionNavExperiment,
   }: SetupDeps) {
     this.registeredSpacesManagementApp = management.sections.section.kibana.registerApp(
-      spacesManagementApp.create({ getStartServices, spacesManager, config, getRolesAPIClient })
+      spacesManagementApp.create({
+        getStartServices,
+        spacesManager,
+        config,
+        getRolesAPIClient,
+        solutionNavExperiment,
+      })
     );
   }
 
diff --git a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx
index 59d4f1414e03a..ee0bda60373a7 100644
--- a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx
+++ b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx
@@ -88,6 +88,72 @@ describe('SpacesGridPage', () => {
     wrapper.update();
 
     expect(wrapper.find('EuiInMemoryTable').prop('items')).toBe(spaces);
+    expect(wrapper.find('EuiInMemoryTable').prop('columns')).not.toContainEqual({
+      field: 'solution',
+      name: 'Solution View',
+      sortable: true,
+      render: expect.any(Function),
+    });
+  });
+
+  it('renders the list of spaces with solution column', async () => {
+    const httpStart = httpServiceMock.createStartContract();
+    httpStart.get.mockResolvedValue([]);
+    const spacesWithSolution = [
+      {
+        id: 'default',
+        name: 'Default',
+        disabledFeatures: [],
+        _reserved: true,
+      },
+      {
+        id: 'custom-1',
+        name: 'Custom 1',
+        disabledFeatures: [],
+        solution: 'es',
+      },
+      {
+        id: 'custom-2',
+        name: 'Custom 2',
+        initials: 'LG',
+        color: '#ABCDEF',
+        description: 'my description here',
+        disabledFeatures: [],
+        solution: 'security',
+      },
+    ];
+
+    spacesManager.getSpaces = jest.fn().mockResolvedValue(spacesWithSolution);
+
+    const wrapper = shallowWithIntl(
+      <SpacesGridPage
+        spacesManager={spacesManager as unknown as SpacesManager}
+        getFeatures={featuresStart.getFeatures}
+        notifications={notificationServiceMock.createStartContract()}
+        getUrlForApp={getUrlForApp}
+        history={history}
+        capabilities={{
+          navLinks: {},
+          management: {},
+          catalogue: {},
+          spaces: { manage: true },
+        }}
+        maxSpaces={1000}
+        solutionNavExperiment={Promise.resolve(true)}
+      />
+    );
+
+    // allow spacesManager to load spaces and lazy-load SpaceAvatar
+    await act(async () => {});
+    wrapper.update();
+
+    expect(wrapper.find('EuiInMemoryTable').prop('items')).toBe(spacesWithSolution);
+    expect(wrapper.find('EuiInMemoryTable').prop('columns')).toContainEqual({
+      field: 'solution',
+      name: 'Solution View',
+      sortable: true,
+      render: expect.any(Function),
+    });
   });
 
   it('renders a create spaces button', async () => {
diff --git a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx
index 6d2cd1a9bd05d..c6a321b3bf484 100644
--- a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx
+++ b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import type { EuiBasicTableColumn } from '@elastic/eui';
 import {
   EuiButton,
   EuiButtonIcon,
@@ -35,6 +36,7 @@ import { isReservedSpace } from '../../../common';
 import { DEFAULT_SPACE_ID } from '../../../common/constants';
 import { getSpacesFeatureDescription } from '../../constants';
 import { getSpaceAvatarComponent } from '../../space_avatar';
+import { SpaceSolutionBadge } from '../../space_solution_badge';
 import type { SpacesManager } from '../../spaces_manager';
 import { ConfirmDeleteModal, UnauthorizedPrompt } from '../components';
 import { getEnabledFeatures } from '../lib/feature_utils';
@@ -52,6 +54,7 @@ interface Props {
   history: ScopedHistory;
   getUrlForApp: ApplicationStart['getUrlForApp'];
   maxSpaces: number;
+  solutionNavExperiment?: Promise<boolean>;
 }
 
 interface State {
@@ -60,6 +63,7 @@ interface State {
   loading: boolean;
   showConfirmDeleteModal: boolean;
   selectedSpace: Space | null;
+  isSolutionNavEnabled: boolean;
 }
 
 export class SpacesGridPage extends Component<Props, State> {
@@ -71,6 +75,7 @@ export class SpacesGridPage extends Component<Props, State> {
       loading: true,
       showConfirmDeleteModal: false,
       selectedSpace: null,
+      isSolutionNavEnabled: false,
     };
   }
 
@@ -78,6 +83,10 @@ export class SpacesGridPage extends Component<Props, State> {
     if (this.props.capabilities.spaces.manage) {
       this.loadGrid();
     }
+
+    this.props.solutionNavExperiment?.then((isEnabled) => {
+      this.setState({ isSolutionNavEnabled: isEnabled });
+    });
   }
 
   public render() {
@@ -233,7 +242,7 @@ export class SpacesGridPage extends Component<Props, State> {
   };
 
   public getColumnConfig() {
-    return [
+    const config: Array<EuiBasicTableColumn<Space>> = [
       {
         field: 'initials',
         name: '',
@@ -320,49 +329,65 @@ export class SpacesGridPage extends Component<Props, State> {
           return id;
         },
       },
-      {
-        name: i18n.translate('xpack.spaces.management.spacesGridPage.actionsColumnName', {
-          defaultMessage: 'Actions',
-        }),
-        actions: [
-          {
-            render: (record: Space) => (
-              <EuiButtonIcon
-                data-test-subj={`${record.name}-editSpace`}
-                aria-label={i18n.translate(
-                  'xpack.spaces.management.spacesGridPage.editSpaceActionName',
-                  {
-                    defaultMessage: `Edit {spaceName}.`,
-                    values: { spaceName: record.name },
-                  }
-                )}
-                color={'primary'}
-                iconType={'pencil'}
-                {...reactRouterNavigate(this.props.history, this.getEditSpacePath(record))}
-              />
-            ),
-          },
-          {
-            available: (record: Space) => !isReservedSpace(record),
-            render: (record: Space) => (
-              <EuiButtonIcon
-                data-test-subj={`${record.name}-deleteSpace`}
-                aria-label={i18n.translate(
-                  'xpack.spaces.management.spacesGridPage.deleteActionName',
-                  {
-                    defaultMessage: `Delete {spaceName}.`,
-                    values: { spaceName: record.name },
-                  }
-                )}
-                color={'danger'}
-                iconType={'trash'}
-                onClick={() => this.onDeleteSpaceClick(record)}
-              />
-            ),
-          },
-        ],
-      },
     ];
+
+    if (this.state.isSolutionNavEnabled) {
+      config.push({
+        field: 'solution',
+        name: i18n.translate('xpack.spaces.management.spacesGridPage.solutionColumnName', {
+          defaultMessage: 'Solution View',
+        }),
+        sortable: true,
+        render: (solution: Space['solution'], record: Space) => (
+          <SpaceSolutionBadge solution={solution} data-test-subj={`${record.id}-solution`} />
+        ),
+      });
+    }
+
+    config.push({
+      name: i18n.translate('xpack.spaces.management.spacesGridPage.actionsColumnName', {
+        defaultMessage: 'Actions',
+      }),
+      actions: [
+        {
+          render: (record: Space) => (
+            <EuiButtonIcon
+              data-test-subj={`${record.name}-editSpace`}
+              aria-label={i18n.translate(
+                'xpack.spaces.management.spacesGridPage.editSpaceActionName',
+                {
+                  defaultMessage: `Edit {spaceName}.`,
+                  values: { spaceName: record.name },
+                }
+              )}
+              color={'primary'}
+              iconType={'pencil'}
+              {...reactRouterNavigate(this.props.history, this.getEditSpacePath(record))}
+            />
+          ),
+        },
+        {
+          available: (record: Space) => !isReservedSpace(record),
+          render: (record: Space) => (
+            <EuiButtonIcon
+              data-test-subj={`${record.name}-deleteSpace`}
+              aria-label={i18n.translate(
+                'xpack.spaces.management.spacesGridPage.deleteActionName',
+                {
+                  defaultMessage: `Delete {spaceName}.`,
+                  values: { spaceName: record.name },
+                }
+              )}
+              color={'danger'}
+              iconType={'trash'}
+              onClick={() => this.onDeleteSpaceClick(record)}
+            />
+          ),
+        },
+      ],
+    });
+
+    return config;
   }
 
   private getEditSpacePath = (space: Space) => `edit/${encodeURIComponent(space.id)}`;
diff --git a/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx b/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx
index b29d13bbd51a2..e953c324be285 100644
--- a/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx
+++ b/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx
@@ -53,6 +53,7 @@ async function mountApp(basePath: string, pathname: string, spaceId?: string) {
       getStartServices: async () => [coreStart, pluginsStart as PluginsStart, {}],
       config,
       getRolesAPIClient: jest.fn(),
+      solutionNavExperiment: Promise.resolve(false),
     })
     .mount({
       basePath,
@@ -74,6 +75,7 @@ describe('spacesManagementApp', () => {
         getStartServices: coreMock.createSetup().getStartServices as any,
         config,
         getRolesAPIClient: jest.fn(),
+        solutionNavExperiment: Promise.resolve(false),
       })
     ).toMatchInlineSnapshot(`
       Object {
@@ -98,7 +100,7 @@ describe('spacesManagementApp', () => {
           css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)."
           data-test-subj="kbnRedirectAppLink"
         >
-          Spaces Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/","search":"","hash":""}},"maxSpaces":1000}
+          Spaces Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/","search":"","hash":""}},"maxSpaces":1000,"solutionNavExperiment":{}}
         </div>
       </div>
     `);
@@ -125,7 +127,7 @@ describe('spacesManagementApp', () => {
           css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)."
           data-test-subj="kbnRedirectAppLink"
         >
-          Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/create","search":"","hash":""}},"allowFeatureVisibility":true,"isSolutionNavEnabled$":{}}
+          Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/create","search":"","hash":""}},"allowFeatureVisibility":true,"solutionNavExperiment":{}}
         </div>
       </div>
     `);
@@ -158,7 +160,7 @@ describe('spacesManagementApp', () => {
           css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)."
           data-test-subj="kbnRedirectAppLink"
         >
-          Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"spaceId":"some-space","history":{"action":"PUSH","length":1,"location":{"pathname":"/edit/some-space","search":"","hash":""}},"allowFeatureVisibility":true,"isSolutionNavEnabled$":{}}
+          Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"spaceId":"some-space","history":{"action":"PUSH","length":1,"location":{"pathname":"/edit/some-space","search":"","hash":""}},"allowFeatureVisibility":true,"solutionNavExperiment":{}}
         </div>
       </div>
     `);
diff --git a/x-pack/plugins/spaces/public/management/spaces_management_app.tsx b/x-pack/plugins/spaces/public/management/spaces_management_app.tsx
index eafefd93f4464..c551b47cde9c6 100644
--- a/x-pack/plugins/spaces/public/management/spaces_management_app.tsx
+++ b/x-pack/plugins/spaces/public/management/spaces_management_app.tsx
@@ -8,7 +8,6 @@
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
 import { useParams } from 'react-router-dom';
-import { from, of, shareReplay } from 'rxjs';
 
 import type { StartServicesAccessor } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
@@ -21,7 +20,6 @@ import { Route, Router, Routes } from '@kbn/shared-ux-router';
 
 import type { Space } from '../../common';
 import type { ConfigType } from '../config';
-import { SOLUTION_NAV_FEATURE_FLAG_NAME } from '../constants';
 import type { PluginsStart } from '../plugin';
 import type { SpacesManager } from '../spaces_manager';
 
@@ -30,11 +28,12 @@ interface CreateParams {
   spacesManager: SpacesManager;
   config: ConfigType;
   getRolesAPIClient: () => Promise<RolesAPIClient>;
+  solutionNavExperiment: Promise<boolean>;
 }
 
 export const spacesManagementApp = Object.freeze({
   id: 'spaces',
-  create({ getStartServices, spacesManager, config }: CreateParams) {
+  create({ getStartServices, spacesManager, config, solutionNavExperiment }: CreateParams) {
     const title = i18n.translate('xpack.spaces.displayName', {
       defaultMessage: 'Spaces',
     });
@@ -45,15 +44,8 @@ export const spacesManagementApp = Object.freeze({
       title,
 
       async mount({ element, setBreadcrumbs, history }) {
-        const [
-          [coreStart, { features, cloud, cloudExperiments }],
-          { SpacesGridPage },
-          { ManageSpacePage },
-        ] = await Promise.all([
-          getStartServices(),
-          import('./spaces_grid'),
-          import('./edit_space'),
-        ]);
+        const [[coreStart, { features }], { SpacesGridPage }, { ManageSpacePage }] =
+          await Promise.all([getStartServices(), import('./spaces_grid'), import('./edit_space')]);
 
         const spacesFirstBreadcrumb = {
           text: title,
@@ -63,17 +55,6 @@ export const spacesManagementApp = Object.freeze({
 
         chrome.docTitle.change(title);
 
-        const onCloud = Boolean(cloud?.isCloudEnabled);
-        const isSolutionNavEnabled$ =
-          // Only available on Cloud and if the Launch Darkly flag is turned on
-          onCloud && cloudExperiments
-            ? from(
-                cloudExperiments
-                  .getVariation(SOLUTION_NAV_FEATURE_FLAG_NAME, false)
-                  .catch(() => false)
-              ).pipe(shareReplay(1))
-            : of(false);
-
         const SpacesGridPageWithBreadcrumbs = () => {
           setBreadcrumbs([{ ...spacesFirstBreadcrumb, href: undefined }]);
           return (
@@ -85,6 +66,7 @@ export const spacesManagementApp = Object.freeze({
               history={history}
               getUrlForApp={application.getUrlForApp}
               maxSpaces={config.maxSpaces}
+              solutionNavExperiment={solutionNavExperiment}
             />
           );
         };
@@ -107,7 +89,7 @@ export const spacesManagementApp = Object.freeze({
               spacesManager={spacesManager}
               history={history}
               allowFeatureVisibility={config.allowFeatureVisibility}
-              isSolutionNavEnabled$={isSolutionNavEnabled$}
+              solutionNavExperiment={solutionNavExperiment}
             />
           );
         };
@@ -134,7 +116,7 @@ export const spacesManagementApp = Object.freeze({
               onLoadSpace={onLoadSpace}
               history={history}
               allowFeatureVisibility={config.allowFeatureVisibility}
-              isSolutionNavEnabled$={isSolutionNavEnabled$}
+              solutionNavExperiment={solutionNavExperiment}
             />
           );
         };
diff --git a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
index 337e7373618c4..fab2158cb1c7d 100644
--- a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
@@ -31,6 +31,7 @@ import { ManageSpacesButton } from './manage_spaces_button';
 import type { Space } from '../../../common';
 import { addSpaceIdToPath, ENTER_SPACE_PATH, SPACE_SEARCH_COUNT_THRESHOLD } from '../../../common';
 import { getSpaceAvatarComponent } from '../../space_avatar';
+import { SpaceSolutionBadge } from '../../space_solution_badge';
 
 const LazySpaceAvatar = lazy(() =>
   getSpaceAvatarComponent().then((component) => ({ default: component }))
@@ -46,6 +47,7 @@ interface Props {
   navigateToApp: ApplicationStart['navigateToApp'];
   navigateToUrl: ApplicationStart['navigateToUrl'];
   readonly activeSpace: Space | null;
+  isSolutionNavEnabled: boolean;
 }
 class SpacesMenuUI extends Component<Props> {
   public render() {
@@ -99,7 +101,7 @@ class SpacesMenuUI extends Component<Props> {
           noMatchesMessage={noSpacesMessage}
           options={spaceOptions}
           singleSelection={'always'}
-          style={{ width: 300 }}
+          style={{ minWidth: 300, maxWidth: 320 }}
           onChange={this.spaceSelectionChange}
           listProps={{
             rowHeight: 40,
@@ -136,6 +138,9 @@ class SpacesMenuUI extends Component<Props> {
             <LazySpaceAvatar space={space} size={'s'} announceSpaceName={false} />
           </Suspense>
         ),
+        ...(this.props.isSolutionNavEnabled && {
+          append: <SpaceSolutionBadge solution={space.solution} />,
+        }),
         checked: this.props.activeSpace?.id === space.id ? 'on' : undefined,
         'data-test-subj': `${space.id}-selectableSpaceItem`,
         className: 'selectableSpaceItem',
diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control.tsx
index 732be89eacd7b..7e104e56c6548 100644
--- a/x-pack/plugins/spaces/public/nav_control/nav_control.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/nav_control.tsx
@@ -14,7 +14,11 @@ import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render';
 
 import type { SpacesManager } from '../spaces_manager';
 
-export function initSpacesNavControl(spacesManager: SpacesManager, core: CoreStart) {
+export function initSpacesNavControl(
+  spacesManager: SpacesManager,
+  core: CoreStart,
+  solutionNavExperiment: Promise<boolean>
+) {
   core.chrome.navControls.registerLeft({
     order: 1000,
     mount(targetDomElement: HTMLElement) {
@@ -38,6 +42,7 @@ export function initSpacesNavControl(spacesManager: SpacesManager, core: CoreSta
               capabilities={core.application.capabilities}
               navigateToApp={core.application.navigateToApp}
               navigateToUrl={core.application.navigateToUrl}
+              solutionNavExperiment={solutionNavExperiment}
             />
           </Suspense>
         </KibanaRenderContextProvider>,
diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx
index 420730ea696ac..528103c5ccbc2 100644
--- a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx
@@ -21,6 +21,7 @@ import { mountWithIntl } from '@kbn/test-jest-helpers';
 import { NavControlPopover } from './nav_control_popover';
 import type { Space } from '../../common';
 import { SpaceAvatarInternal } from '../space_avatar/space_avatar_internal';
+import { SpaceSolutionBadge } from '../space_solution_badge';
 import type { SpacesManager } from '../spaces_manager';
 import { spacesManagerMock } from '../spaces_manager/mocks';
 
@@ -44,7 +45,7 @@ const mockSpaces = [
 ];
 
 describe('NavControlPopover', () => {
-  async function setup(spaces: Space[]) {
+  async function setup(spaces: Space[], isSolutionNavEnabled = false) {
     const spacesManager = spacesManagerMock.create();
     spacesManager.getSpaces = jest.fn().mockResolvedValue(spaces);
 
@@ -56,6 +57,7 @@ describe('NavControlPopover', () => {
         capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }}
         navigateToApp={jest.fn()}
         navigateToUrl={jest.fn()}
+        solutionNavExperiment={Promise.resolve(isSolutionNavEnabled)}
       />
     );
 
@@ -77,6 +79,7 @@ describe('NavControlPopover', () => {
         capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }}
         navigateToApp={jest.fn()}
         navigateToUrl={jest.fn()}
+        solutionNavExperiment={Promise.resolve(false)}
       />
     );
     expect(baseElement).toMatchSnapshot();
@@ -101,6 +104,7 @@ describe('NavControlPopover', () => {
         capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }}
         navigateToApp={jest.fn()}
         navigateToUrl={jest.fn()}
+        solutionNavExperiment={Promise.resolve(false)}
       />
     );
 
@@ -222,4 +226,31 @@ describe('NavControlPopover', () => {
 
     expect(wrapper.find(EuiPopover).props().isOpen).toEqual(false);
   });
+
+  it('should render solution for spaces', async () => {
+    const spaces: Space[] = [
+      {
+        id: 'space-1',
+        name: 'Space-1',
+        disabledFeatures: [],
+        solution: 'classic',
+      },
+      {
+        id: 'space-2',
+        name: 'Space 2',
+        disabledFeatures: [],
+        solution: 'security',
+      },
+    ];
+
+    const wrapper = await setup(spaces, true /** isSolutionEnabled **/);
+
+    await act(async () => {
+      wrapper.find(EuiHeaderSectionItemButton).find('button').simulate('click');
+    });
+
+    wrapper.update();
+
+    expect(wrapper.find(SpaceSolutionBadge)).toHaveLength(2);
+  });
 });
diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
index ceedb99c60d18..6f40db60bfd4f 100644
--- a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
@@ -37,6 +37,7 @@ interface Props {
   navigateToUrl: ApplicationStart['navigateToUrl'];
   serverBasePath: string;
   theme: WithEuiThemeProps['theme'];
+  solutionNavExperiment: Promise<boolean>;
 }
 
 interface State {
@@ -44,6 +45,7 @@ interface State {
   loading: boolean;
   activeSpace: Space | null;
   spaces: Space[];
+  isSolutionNavEnabled: boolean;
 }
 
 const popoutContentId = 'headerSpacesMenuContent';
@@ -58,6 +60,7 @@ class NavControlPopoverUI extends Component<Props, State> {
       loading: false,
       activeSpace: null,
       spaces: [],
+      isSolutionNavEnabled: false,
     };
   }
 
@@ -69,12 +72,14 @@ class NavControlPopoverUI extends Component<Props, State> {
         });
       },
     });
+
+    this.props.solutionNavExperiment.then((isEnabled) => {
+      this.setState({ isSolutionNavEnabled: isEnabled });
+    });
   }
 
   public componentWillUnmount() {
-    if (this.activeSpace$) {
-      this.activeSpace$.unsubscribe();
-    }
+    this.activeSpace$?.unsubscribe();
   }
 
   public render() {
@@ -103,6 +108,7 @@ class NavControlPopoverUI extends Component<Props, State> {
           navigateToApp={this.props.navigateToApp}
           navigateToUrl={this.props.navigateToUrl}
           activeSpace={this.state.activeSpace}
+          isSolutionNavEnabled={this.state.isSolutionNavEnabled}
         />
       );
     }
diff --git a/x-pack/plugins/spaces/public/plugin.tsx b/x-pack/plugins/spaces/public/plugin.tsx
index 01e9eacaddaea..268daa47c6678 100644
--- a/x-pack/plugins/spaces/public/plugin.tsx
+++ b/x-pack/plugins/spaces/public/plugin.tsx
@@ -15,6 +15,7 @@ import type { SecurityPluginStart } from '@kbn/security-plugin-types-public';
 
 import type { ConfigType } from './config';
 import { createSpacesFeatureCatalogueEntry } from './create_feature_catalogue_entry';
+import { isSolutionNavEnabled } from './experiments';
 import { ManagementService } from './management';
 import { initSpacesNavControl } from './nav_control';
 import { spaceSelectorApp } from './space_selector';
@@ -52,6 +53,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart
   private managementService?: ManagementService;
   private readonly config: ConfigType;
   private readonly isServerless: boolean;
+  private solutionNavExperiment = Promise.resolve(false);
 
   constructor(private readonly initializerContext: PluginInitializerContext) {
     this.config = this.initializerContext.config.get<ConfigType>();
@@ -71,6 +73,15 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart
       hasOnlyDefaultSpace,
     };
 
+    this.solutionNavExperiment = core
+      .getStartServices()
+      .then(([, { cloud, cloudExperiments }]) => isSolutionNavEnabled(cloud, cloudExperiments))
+      .catch((err) => {
+        this.initializerContext.logger.get().error(`Failed to retrieve cloud experiment: ${err}`);
+
+        return false;
+      });
+
     if (!this.isServerless) {
       const getRolesAPIClient = async () => {
         const { security } = await core.plugins.onSetup<{ security: SecurityPluginStart }>(
@@ -96,6 +107,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart
           spacesManager: this.spacesManager,
           config: this.config,
           getRolesAPIClient,
+          solutionNavExperiment: this.solutionNavExperiment,
         });
       }
 
@@ -111,7 +123,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart
 
   public start(core: CoreStart) {
     if (!this.isServerless) {
-      initSpacesNavControl(this.spacesManager, core);
+      initSpacesNavControl(this.spacesManager, core, this.solutionNavExperiment);
     }
 
     return this.spacesApi;
diff --git a/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap b/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap
new file mode 100644
index 0000000000000..f12741ed8700b
--- /dev/null
+++ b/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap
@@ -0,0 +1,247 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`it renders without crashing with solution provided 1`] = `
+<EuiBadge
+  color="hollow"
+  iconType="logoSecurity"
+  intl={
+    Object {
+      "$t": [Function],
+      "defaultFormats": Object {
+        "date": Object {
+          "full": Object {
+            "day": "numeric",
+            "month": "long",
+            "weekday": "long",
+            "year": "numeric",
+          },
+          "long": Object {
+            "day": "numeric",
+            "month": "long",
+            "year": "numeric",
+          },
+          "medium": Object {
+            "day": "numeric",
+            "month": "short",
+            "year": "numeric",
+          },
+          "short": Object {
+            "day": "numeric",
+            "month": "numeric",
+            "year": "2-digit",
+          },
+        },
+        "number": Object {
+          "currency": Object {
+            "style": "currency",
+          },
+          "percent": Object {
+            "style": "percent",
+          },
+        },
+        "relative": Object {
+          "days": Object {
+            "style": "long",
+          },
+          "hours": Object {
+            "style": "long",
+          },
+          "minutes": Object {
+            "style": "long",
+          },
+          "months": Object {
+            "style": "long",
+          },
+          "seconds": Object {
+            "style": "long",
+          },
+          "years": Object {
+            "style": "long",
+          },
+        },
+        "time": Object {
+          "full": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "long": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "medium": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+          },
+          "short": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+          },
+        },
+      },
+      "defaultLocale": "en",
+      "fallbackOnEmptyString": true,
+      "formatDate": [Function],
+      "formatDateTimeRange": [Function],
+      "formatDateToParts": [Function],
+      "formatDisplayName": [Function],
+      "formatList": [Function],
+      "formatListToParts": [Function],
+      "formatMessage": [Function],
+      "formatNumber": [Function],
+      "formatNumberToParts": [Function],
+      "formatPlural": [Function],
+      "formatRelativeTime": [Function],
+      "formatTime": [Function],
+      "formatTimeToParts": [Function],
+      "formats": Object {},
+      "formatters": Object {
+        "getDateTimeFormat": [Function],
+        "getDisplayNames": [Function],
+        "getListFormat": [Function],
+        "getMessageFormat": [Function],
+        "getNumberFormat": [Function],
+        "getPluralRules": [Function],
+        "getRelativeTimeFormat": [Function],
+      },
+      "locale": "en",
+      "messages": Object {},
+      "onError": [Function],
+      "onWarn": [Function],
+      "timeZone": undefined,
+    }
+  }
+>
+  <MemoizedFormattedMessage
+    defaultMessage="Security"
+    id="xpack.spaces.spaceSolutionBadge.security"
+  />
+</EuiBadge>
+`;
+
+exports[`it renders without crashing without solution 1`] = `
+<EuiBadge
+  color="hollow"
+  iconType="logoElasticStack"
+  intl={
+    Object {
+      "$t": [Function],
+      "defaultFormats": Object {
+        "date": Object {
+          "full": Object {
+            "day": "numeric",
+            "month": "long",
+            "weekday": "long",
+            "year": "numeric",
+          },
+          "long": Object {
+            "day": "numeric",
+            "month": "long",
+            "year": "numeric",
+          },
+          "medium": Object {
+            "day": "numeric",
+            "month": "short",
+            "year": "numeric",
+          },
+          "short": Object {
+            "day": "numeric",
+            "month": "numeric",
+            "year": "2-digit",
+          },
+        },
+        "number": Object {
+          "currency": Object {
+            "style": "currency",
+          },
+          "percent": Object {
+            "style": "percent",
+          },
+        },
+        "relative": Object {
+          "days": Object {
+            "style": "long",
+          },
+          "hours": Object {
+            "style": "long",
+          },
+          "minutes": Object {
+            "style": "long",
+          },
+          "months": Object {
+            "style": "long",
+          },
+          "seconds": Object {
+            "style": "long",
+          },
+          "years": Object {
+            "style": "long",
+          },
+        },
+        "time": Object {
+          "full": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "long": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "medium": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+          },
+          "short": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+          },
+        },
+      },
+      "defaultLocale": "en",
+      "fallbackOnEmptyString": true,
+      "formatDate": [Function],
+      "formatDateTimeRange": [Function],
+      "formatDateToParts": [Function],
+      "formatDisplayName": [Function],
+      "formatList": [Function],
+      "formatListToParts": [Function],
+      "formatMessage": [Function],
+      "formatNumber": [Function],
+      "formatNumberToParts": [Function],
+      "formatPlural": [Function],
+      "formatRelativeTime": [Function],
+      "formatTime": [Function],
+      "formatTimeToParts": [Function],
+      "formats": Object {},
+      "formatters": Object {
+        "getDateTimeFormat": [Function],
+        "getDisplayNames": [Function],
+        "getListFormat": [Function],
+        "getMessageFormat": [Function],
+        "getNumberFormat": [Function],
+        "getPluralRules": [Function],
+        "getRelativeTimeFormat": [Function],
+      },
+      "locale": "en",
+      "messages": Object {},
+      "onError": [Function],
+      "onWarn": [Function],
+      "timeZone": undefined,
+    }
+  }
+>
+  <MemoizedFormattedMessage
+    defaultMessage="Classic"
+    id="xpack.spaces.spaceSolutionBadge.classic"
+  />
+</EuiBadge>
+`;
diff --git a/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx b/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx
new file mode 100644
index 0000000000000..21d57ebf2e219
--- /dev/null
+++ b/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { shallowWithIntl } from '@kbn/test-jest-helpers';
+
+import { SpaceSolutionBadge } from './badge';
+
+test('it renders without crashing with solution provided', () => {
+  const component = shallowWithIntl(<SpaceSolutionBadge solution="security" />);
+  expect(component).toMatchSnapshot();
+});
+
+test('it renders without crashing without solution', () => {
+  const component = shallowWithIntl(<SpaceSolutionBadge />);
+  expect(component).toMatchSnapshot();
+});
diff --git a/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx b/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx
new file mode 100644
index 0000000000000..e9c6a15d3bd90
--- /dev/null
+++ b/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { EuiBadgeProps } from '@elastic/eui';
+import { EuiBadge } from '@elastic/eui';
+import React, { useMemo } from 'react';
+
+import { FormattedMessage } from '@kbn/i18n-react';
+
+import type { Space } from '../../common';
+
+const SolutionOptions: Record<
+  NonNullable<Space['solution']>,
+  { iconType: string; label: JSX.Element }
+> = {
+  es: {
+    iconType: 'logoElasticsearch',
+    label: (
+      <FormattedMessage
+        id="xpack.spaces.spaceSolutionBadge.elasticsearch"
+        defaultMessage="Search"
+      />
+    ),
+  },
+  security: {
+    iconType: 'logoSecurity',
+    label: (
+      <FormattedMessage id="xpack.spaces.spaceSolutionBadge.security" defaultMessage="Security" />
+    ),
+  },
+  oblt: {
+    iconType: 'logoObservability',
+    label: (
+      <FormattedMessage
+        id="xpack.spaces.spaceSolutionBadge.observability"
+        defaultMessage="Observability"
+      />
+    ),
+  },
+  classic: {
+    iconType: 'logoElasticStack',
+    label: (
+      <FormattedMessage id="xpack.spaces.spaceSolutionBadge.classic" defaultMessage="Classic" />
+    ),
+  },
+};
+
+export type SpaceSolutionBadgeProps = Omit<EuiBadgeProps, 'iconType'> & {
+  solution?: Space['solution'];
+};
+
+export const SpaceSolutionBadge = ({ solution, ...badgeProps }: SpaceSolutionBadgeProps) => {
+  const { iconType, label } = useMemo(() => {
+    if (!solution || !SolutionOptions[solution]) {
+      return SolutionOptions.classic;
+    }
+
+    return SolutionOptions[solution];
+  }, [solution]);
+
+  return (
+    <EuiBadge {...(badgeProps as EuiBadgeProps)} iconType={iconType} color="hollow">
+      {label}
+    </EuiBadge>
+  );
+};
diff --git a/x-pack/plugins/spaces/public/space_solution_badge/index.ts b/x-pack/plugins/spaces/public/space_solution_badge/index.ts
new file mode 100644
index 0000000000000..50f037f508f66
--- /dev/null
+++ b/x-pack/plugins/spaces/public/space_solution_badge/index.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { SpaceSolutionBadge } from './badge';
diff --git a/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts b/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts
index 54931a524d4e6..e2626b565dcda 100644
--- a/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts
+++ b/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts
@@ -92,7 +92,7 @@ export async function getShapeFilters(
   const filters: Record<string, unknown> = {};
   const shapesIdsNamesMap: Record<string, unknown> = {};
   for (let i = 0; i < hits.length; i++) {
-    const boundaryHit: BoundaryHit = hits[i];
+    const boundaryHit = hits[i] as BoundaryHit;
     filters[boundaryHit._id] = {
       geo_shape: {
         [geoField]: {
diff --git a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts
index 053ca82e0e274..e2414f46dd985 100644
--- a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts
+++ b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts
@@ -24,6 +24,6 @@ export enum SUB_ACTION {
 
 export const DEFAULT_TIMEOUT_MS = 120000;
 export const DEFAULT_TOKEN_LIMIT = 8191;
-export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-3-sonnet-20240229-v1:0';
+export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-3-5-sonnet-20240620-v1:0';
 
 export const DEFAULT_BEDROCK_URL = `https://bedrock-runtime.us-east-1.amazonaws.com` as const;
diff --git a/x-pack/plugins/stack_connectors/common/experimental_features.ts b/x-pack/plugins/stack_connectors/common/experimental_features.ts
index dc4940d6dbd6a..495921a95c60e 100644
--- a/x-pack/plugins/stack_connectors/common/experimental_features.ts
+++ b/x-pack/plugins/stack_connectors/common/experimental_features.ts
@@ -14,7 +14,7 @@ export type ExperimentalFeatures = typeof allowedExperimentalValues;
 export const allowedExperimentalValues = Object.freeze({
   isMustacheAutocompleteOn: false,
   sentinelOneConnectorOn: true,
-  crowdstrikeConnectorOn: false,
+  crowdstrikeConnectorOn: true,
 });
 
 export type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
diff --git a/x-pack/plugins/stack_connectors/common/gemini/constants.ts b/x-pack/plugins/stack_connectors/common/gemini/constants.ts
index e0c1c6f56c65a..bbad177547033 100644
--- a/x-pack/plugins/stack_connectors/common/gemini/constants.ts
+++ b/x-pack/plugins/stack_connectors/common/gemini/constants.ts
@@ -25,5 +25,5 @@ export enum SUB_ACTION {
 export const DEFAULT_TOKEN_LIMIT = 8192;
 export const DEFAULT_TIMEOUT_MS = 60000;
 export const DEFAULT_GCP_REGION = 'us-central1';
-export const DEFAULT_GEMINI_MODEL = 'gemini-1.5-pro-preview-0409';
+export const DEFAULT_GEMINI_MODEL = 'gemini-1.5-pro-001';
 export const DEFAULT_GEMINI_URL = `https://us-central1-aiplatform.googleapis.com` as const;
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx
index 33f4fe3923b88..b7a6d4e914168 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx
@@ -36,32 +36,16 @@ describe('Credentials', () => {
     expect(await screen.findByText(value)).toBeInTheDocument();
   });
 
-  /**
-   * Test for the intermediate release process
-   */
-  it('does not show the component if the value is undefined', async () => {
-    render(
-      <IntlProvider locale="en">
-        <AdditionalFields {...props} value={undefined} />
-      </IntlProvider>
-    );
-
-    expect(screen.queryByTestId('additional_fieldsJsonEditor')).not.toBeInTheDocument();
-  });
-
   it('changes the value correctly', async () => {
     const newValue = JSON.stringify({ bar: 'test' });
 
     render(
       <IntlProvider locale="en">
-        <AdditionalFields {...props} />
+        <AdditionalFields {...props} value={undefined} />
       </IntlProvider>
     );
 
-    const editor = await screen.findByTestId('additional_fieldsJsonEditor');
-
-    userEvent.clear(editor);
-    userEvent.paste(editor, newValue);
+    userEvent.paste(await screen.findByTestId('additional_fieldsJsonEditor'), newValue);
 
     await waitFor(() => {
       expect(onChange).toHaveBeenCalledWith(newValue);
@@ -75,7 +59,7 @@ describe('Credentials', () => {
 
     render(
       <IntlProvider locale="en">
-        <AdditionalFields {...props} />
+        <AdditionalFields {...props} value={undefined} />
       </IntlProvider>
     );
 
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx
index b9d3602112c53..7b14dbca7462e 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx
@@ -25,16 +25,6 @@ export const AdditionalFieldsComponent: React.FC<AdditionalFieldsProps> = ({
   messageVariables,
   onChange,
 }) => {
-  /**
-   * Hide the component if the value is not defined.
-   * This is needed for the intermediate release process.
-   * Users will not be able to use the field if they have never set it.
-   * On the next Serverless release the check will be removed.
-   */
-  if (value === undefined) {
-    return null;
-  }
-
   return (
     <JsonEditorWithMessageVariables
       messageVariables={messageVariables}
diff --git a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
index 24564488ddf57..ce85e27a8eb43 100644
--- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
@@ -94,7 +94,7 @@ describe('BedrockConnector', () => {
               'Content-Type': 'application/json',
             },
             host: 'bedrock-runtime.us-east-1.amazonaws.com',
-            path: '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke',
+            path: '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke',
             service: 'bedrock',
           },
           { accessKeyId: '123', secretAccessKey: 'secret' }
@@ -181,7 +181,7 @@ describe('BedrockConnector', () => {
               'x-amzn-bedrock-accept': '*/*',
             },
             host: 'bedrock-runtime.us-east-1.amazonaws.com',
-            path: '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke-with-response-stream',
+            path: '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke-with-response-stream',
             service: 'bedrock',
           },
           { accessKeyId: '123', secretAccessKey: 'secret' }
diff --git a/x-pack/plugins/stack_connectors/server/plugin.test.ts b/x-pack/plugins/stack_connectors/server/plugin.test.ts
index cd8d59f3a9f60..ee99a4e4be297 100644
--- a/x-pack/plugins/stack_connectors/server/plugin.test.ts
+++ b/x-pack/plugins/stack_connectors/server/plugin.test.ts
@@ -131,7 +131,7 @@ describe('Stack Connectors Plugin', () => {
           name: 'Torq',
         })
       );
-      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(8);
+      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(9);
       expect(actionsSetup.registerSubActionConnectorType).toHaveBeenNthCalledWith(
         1,
         expect.objectContaining({
@@ -181,6 +181,20 @@ describe('Stack Connectors Plugin', () => {
           name: 'IBM Resilient',
         })
       );
+      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenNthCalledWith(
+        8,
+        expect.objectContaining({
+          id: '.sentinelone',
+          name: 'Sentinel One',
+        })
+      );
+      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenNthCalledWith(
+        9,
+        expect.objectContaining({
+          id: '.crowdstrike',
+          name: 'CrowdStrike',
+        })
+      );
     });
   });
 });
diff --git a/x-pack/plugins/task_manager/server/integration_tests/lib/setup_test_servers.ts b/x-pack/plugins/task_manager/server/integration_tests/lib/setup_test_servers.ts
index 7ded9629eb31e..5ec8e724ae819 100644
--- a/x-pack/plugins/task_manager/server/integration_tests/lib/setup_test_servers.ts
+++ b/x-pack/plugins/task_manager/server/integration_tests/lib/setup_test_servers.ts
@@ -8,19 +8,8 @@
 import deepmerge from 'deepmerge';
 import { createTestServers, createRootWithCorePlugins } from '@kbn/core-test-helpers-kbn-server';
 
-export async function setupTestServers(settings = {}) {
-  const { startES } = createTestServers({
-    adjustTimeout: (t) => jest.setTimeout(t),
-    settings: {
-      es: {
-        license: 'trial',
-      },
-    },
-  });
-
-  const esServer = await startES();
-
-  const root = createRootWithCorePlugins(
+function createRoot(settings = {}) {
+  return createRootWithCorePlugins(
     deepmerge(
       {
         logging: {
@@ -32,6 +21,14 @@ export async function setupTestServers(settings = {}) {
               name: 'plugins.taskManager',
               level: 'all',
             },
+            {
+              name: 'plugins.taskManager.metrics-debugger',
+              level: 'warn',
+            },
+            {
+              name: 'plugins.taskManager.metrics-subscribe-debugger',
+              level: 'warn',
+            },
           ],
         },
       },
@@ -39,6 +36,20 @@ export async function setupTestServers(settings = {}) {
     ),
     { oss: false }
   );
+}
+export async function setupTestServers(settings = {}) {
+  const { startES } = createTestServers({
+    adjustTimeout: (t) => jest.setTimeout(t),
+    settings: {
+      es: {
+        license: 'trial',
+      },
+    },
+  });
+
+  const esServer = await startES();
+
+  const root = createRoot(settings);
 
   await root.preboot();
   const coreSetup = await root.setup();
@@ -54,3 +65,20 @@ export async function setupTestServers(settings = {}) {
     },
   };
 }
+
+export async function setupKibanaServer(settings = {}) {
+  const root = createRoot(settings);
+
+  await root.preboot();
+  const coreSetup = await root.setup();
+  const coreStart = await root.start();
+
+  return {
+    kibanaServer: {
+      root,
+      coreSetup,
+      coreStart,
+      stop: async () => await root.shutdown(),
+    },
+  };
+}
diff --git a/x-pack/plugins/task_manager/server/integration_tests/task_manager_switch_task_claimers.test.ts b/x-pack/plugins/task_manager/server/integration_tests/task_manager_switch_task_claimers.test.ts
new file mode 100644
index 0000000000000..46450a93df30a
--- /dev/null
+++ b/x-pack/plugins/task_manager/server/integration_tests/task_manager_switch_task_claimers.test.ts
@@ -0,0 +1,369 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { v4 as uuidV4 } from 'uuid';
+import { schema } from '@kbn/config-schema';
+import { SerializedConcreteTaskInstance, TaskStatus } from '../task';
+import type { TaskClaimingOpts } from '../queries/task_claiming';
+import { injectTask, setupTestServers, retry } from './lib';
+import { setupKibanaServer } from './lib/setup_test_servers';
+
+const mockTaskTypeRunFn = jest.fn();
+const mockCreateTaskRunner = jest.fn();
+const mockTaskType = {
+  title: '',
+  description: '',
+  stateSchemaByVersion: {
+    1: {
+      up: (state: Record<string, unknown>) => ({ ...state, baz: state.baz || '' }),
+      schema: schema.object({
+        foo: schema.string(),
+        bar: schema.string(),
+        baz: schema.string(),
+      }),
+    },
+  },
+  createTaskRunner: mockCreateTaskRunner.mockImplementation(() => ({
+    run: mockTaskTypeRunFn,
+  })),
+};
+const { TaskClaiming: TaskClaimingMock } = jest.requireMock('../queries/task_claiming');
+jest.mock('../queries/task_claiming', () => {
+  const actual = jest.requireActual('../queries/task_claiming');
+  return {
+    ...actual,
+    TaskClaiming: jest.fn().mockImplementation((opts: TaskClaimingOpts) => {
+      // We need to register here because once the class is instantiated, adding
+      // definitions won't get claimed because of "partitionIntoClaimingBatches".
+      opts.definitions.registerTaskDefinitions({
+        fooType: mockTaskType,
+      });
+      return new actual.TaskClaiming(opts);
+    }),
+  };
+});
+
+describe('switch task claiming strategies', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should switch from default to mget and still claim tasks', async () => {
+    const setupResultDefault = await setupTestServers();
+    const esServer = setupResultDefault.esServer;
+    let kibanaServer = setupResultDefault.kibanaServer;
+    let taskClaimingOpts: TaskClaimingOpts = TaskClaimingMock.mock.calls[0][0];
+
+    expect(taskClaimingOpts.strategy).toBe('default');
+
+    mockTaskTypeRunFn.mockImplementation(() => {
+      return { state: {} };
+    });
+
+    // inject a task to run and ensure it is claimed and run
+    const id1 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id1,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(1);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+
+    const setupResultMget = await setupKibanaServer({
+      xpack: {
+        task_manager: {
+          claim_strategy: 'unsafe_mget',
+        },
+      },
+    });
+    kibanaServer = setupResultMget.kibanaServer;
+
+    taskClaimingOpts = TaskClaimingMock.mock.calls[1][0];
+    expect(taskClaimingOpts.strategy).toBe('unsafe_mget');
+
+    // inject a task to run and ensure it is claimed and run
+    const id2 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id2,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(2);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+  });
+
+  it('should switch from mget to default and still claim tasks', async () => {
+    const setupResultMget = await setupTestServers({
+      xpack: {
+        task_manager: {
+          claim_strategy: 'unsafe_mget',
+        },
+      },
+    });
+    const esServer = setupResultMget.esServer;
+    let kibanaServer = setupResultMget.kibanaServer;
+    let taskClaimingOpts: TaskClaimingOpts = TaskClaimingMock.mock.calls[0][0];
+
+    expect(taskClaimingOpts.strategy).toBe('unsafe_mget');
+
+    mockTaskTypeRunFn.mockImplementation(() => {
+      return { state: {} };
+    });
+
+    // inject a task to run and ensure it is claimed and run
+    const id1 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id1,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(1);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+
+    const setupResultDefault = await setupKibanaServer();
+    kibanaServer = setupResultDefault.kibanaServer;
+
+    taskClaimingOpts = TaskClaimingMock.mock.calls[1][0];
+    expect(taskClaimingOpts.strategy).toBe('default');
+
+    // inject a task to run and ensure it is claimed and run
+    const id2 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id2,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(2);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+  });
+
+  it('should switch from default to mget and claim tasks that were running during shutdown', async () => {
+    const setupResultDefault = await setupTestServers();
+    const esServer = setupResultDefault.esServer;
+    let kibanaServer = setupResultDefault.kibanaServer;
+    let taskClaimingOpts: TaskClaimingOpts = TaskClaimingMock.mock.calls[0][0];
+
+    expect(taskClaimingOpts.strategy).toBe('default');
+
+    mockTaskTypeRunFn.mockImplementation(async () => {
+      await new Promise((resolve) => setTimeout(resolve, 2000));
+      return { state: {} };
+    });
+
+    // inject a task to run and ensure it is claimed and run
+    const id1 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id1,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      timeoutOverride: '5s',
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(1);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+
+    const setupResultMget = await setupKibanaServer({
+      xpack: {
+        task_manager: {
+          claim_strategy: 'unsafe_mget',
+        },
+      },
+    });
+    kibanaServer = setupResultMget.kibanaServer;
+
+    taskClaimingOpts = TaskClaimingMock.mock.calls[1][0];
+    expect(taskClaimingOpts.strategy).toBe('unsafe_mget');
+
+    // task doc should still exist and be running
+    const task = await kibanaServer.coreStart.elasticsearch.client.asInternalUser.get<{
+      task: SerializedConcreteTaskInstance;
+    }>({
+      id: `task:${id1}`,
+      index: '.kibana_task_manager',
+    });
+
+    expect(task._source?.task?.status).toBe(TaskStatus.Running);
+
+    // task manager should pick up and claim the task that was running during shutdown
+    await retry(
+      async () => {
+        expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(2);
+      },
+      { times: 60, intervalMs: 1000 }
+    );
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+  });
+
+  it('should switch from mget to default and claim tasks that were running during shutdown', async () => {
+    const setupResultMget = await setupTestServers({
+      xpack: {
+        task_manager: {
+          claim_strategy: 'unsafe_mget',
+        },
+      },
+    });
+    const esServer = setupResultMget.esServer;
+    let kibanaServer = setupResultMget.kibanaServer;
+    let taskClaimingOpts: TaskClaimingOpts = TaskClaimingMock.mock.calls[0][0];
+
+    expect(taskClaimingOpts.strategy).toBe('unsafe_mget');
+
+    mockTaskTypeRunFn.mockImplementation(async () => {
+      await new Promise((resolve) => setTimeout(resolve, 2000));
+      return { state: {} };
+    });
+
+    // inject a task to run and ensure it is claimed and run
+    const id1 = uuidV4();
+    await injectTask(kibanaServer.coreStart.elasticsearch.client.asInternalUser, {
+      id: id1,
+      taskType: 'fooType',
+      params: { foo: true },
+      state: { foo: 'test', bar: 'test', baz: 'test' },
+      stateVersion: 4,
+      runAt: new Date(),
+      enabled: true,
+      scheduledAt: new Date(),
+      attempts: 0,
+      status: TaskStatus.Idle,
+      startedAt: null,
+      timeoutOverride: '5s',
+      retryAt: null,
+      ownerId: null,
+    });
+
+    await retry(async () => {
+      expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(1);
+    });
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+
+    const setupResultDefault = await setupKibanaServer();
+    kibanaServer = setupResultDefault.kibanaServer;
+
+    taskClaimingOpts = TaskClaimingMock.mock.calls[1][0];
+    expect(taskClaimingOpts.strategy).toBe('default');
+
+    // task doc should still exist and be running
+    const task = await kibanaServer.coreStart.elasticsearch.client.asInternalUser.get<{
+      task: SerializedConcreteTaskInstance;
+    }>({
+      id: `task:${id1}`,
+      index: '.kibana_task_manager',
+    });
+
+    expect(task._source?.task?.status).toBe(TaskStatus.Running);
+
+    await retry(
+      async () => {
+        expect(mockTaskTypeRunFn).toHaveBeenCalledTimes(2);
+      },
+      { times: 60, intervalMs: 1000 }
+    );
+
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+  });
+});
diff --git a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts
index 9fa41b0c45665..6c372ce0fc453 100644
--- a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts
@@ -173,7 +173,9 @@ export function createWorkloadAggregator(
                   field: 'task.runAt',
                   ranges: [
                     {
+                      // @ts-expect-error type regression introduced by https://github.com/elastic/elasticsearch-specification/pull/2552
                       from: `now`,
+                      // @ts-expect-error type regression introduced by https://github.com/elastic/elasticsearch-specification/pull/2552
                       to: `now+${asInterval(scheduleDensityBuckets * pollInterval)}`,
                     },
                   ],
diff --git a/x-pack/plugins/task_manager/server/task_store.ts b/x-pack/plugins/task_manager/server/task_store.ts
index 3cc50a05259a5..b922d10ee5cf1 100644
--- a/x-pack/plugins/task_manager/server/task_store.ts
+++ b/x-pack/plugins/task_manager/server/task_store.ts
@@ -504,9 +504,9 @@ export class TaskStore {
       for (const task of tasks) {
         if (task._seq_no == null || task._primary_term == null) continue;
 
-        const esId = task._id.startsWith('task:') ? task._id.slice(5) : task._id;
+        const esId = task._id!.startsWith('task:') ? task._id!.slice(5) : task._id!;
         versionMap.set(esId, {
-          esId: task._id,
+          esId: task._id!,
           seqNo: task._seq_no,
           primaryTerm: task._primary_term,
         });
diff --git a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
index 32b5ec4e4162e..81b681dfd812b 100644
--- a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
+++ b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts
@@ -76,17 +76,14 @@ export interface IndexFieldsStrategyResponse extends IEsSearchResponse {
  */
 export interface BrowserField {
   aggregatable: boolean;
-  category: string;
-  description: string | null;
-  example: string | number | null;
-  fields: Record<string, Partial<BrowserField>>;
+  fields: Record<string, Partial<BrowserField>>; // FIXME: missing in FieldSpec
   format: string;
-  indexes: string[];
+  indexes: string[]; // FIXME: missing in FieldSpec
   name: string;
   searchable: boolean;
   type: string;
   esTypes?: string[];
-  subType?: IFieldSubType;
+  subType?: IFieldSubType; // not sure
   readFromDocValues: boolean;
   runtimeField?: RuntimeField;
 }
diff --git a/x-pack/plugins/timelines/public/mock/browser_fields.ts b/x-pack/plugins/timelines/public/mock/browser_fields.ts
index d852c0002e83b..eb7acfd9484c0 100644
--- a/x-pack/plugins/timelines/public/mock/browser_fields.ts
+++ b/x-pack/plugins/timelines/public/mock/browser_fields.ts
@@ -23,9 +23,6 @@ export const mocksSource = {
   indexFields: [
     {
       category: 'base',
-      description:
-        'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-      example: '2016-05-23T08:05:34.853Z',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: '@timestamp',
@@ -35,9 +32,6 @@ export const mocksSource = {
     },
     {
       category: 'agent',
-      description:
-        'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.',
-      example: '8a4f500f',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'agent.ephemeral_id',
@@ -47,8 +41,6 @@ export const mocksSource = {
     },
     {
       category: 'agent',
-      description: null,
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'agent.hostname',
@@ -58,9 +50,6 @@ export const mocksSource = {
     },
     {
       category: 'agent',
-      description:
-        'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.',
-      example: '8a4f500d',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'agent.id',
@@ -70,9 +59,6 @@ export const mocksSource = {
     },
     {
       category: 'agent',
-      description:
-        'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
-      example: 'foo',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'agent.name',
@@ -82,8 +68,6 @@ export const mocksSource = {
     },
     {
       category: 'auditd',
-      description: null,
-      example: null,
       format: '',
       indexes: ['auditbeat'],
       name: 'auditd.data.a0',
@@ -93,8 +77,6 @@ export const mocksSource = {
     },
     {
       category: 'auditd',
-      description: null,
-      example: null,
       format: '',
       indexes: ['auditbeat'],
       name: 'auditd.data.a1',
@@ -104,8 +86,6 @@ export const mocksSource = {
     },
     {
       category: 'auditd',
-      description: null,
-      example: null,
       format: '',
       indexes: ['auditbeat'],
       name: 'auditd.data.a2',
@@ -115,9 +95,6 @@ export const mocksSource = {
     },
     {
       category: 'client',
-      description:
-        'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'client.address',
@@ -127,8 +104,6 @@ export const mocksSource = {
     },
     {
       category: 'client',
-      description: 'Bytes sent from the client to the server.',
-      example: '184',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'client.bytes',
@@ -138,8 +113,6 @@ export const mocksSource = {
     },
     {
       category: 'client',
-      description: 'Client domain.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'client.domain',
@@ -149,8 +122,6 @@ export const mocksSource = {
     },
     {
       category: 'client',
-      description: 'Country ISO code.',
-      example: 'CA',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'client.geo.country_iso_code',
@@ -160,9 +131,6 @@ export const mocksSource = {
     },
     {
       category: 'cloud',
-      description:
-        'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.',
-      example: '666777888999',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'cloud.account.id',
@@ -172,8 +140,6 @@ export const mocksSource = {
     },
     {
       category: 'cloud',
-      description: 'Availability zone in which this host is running.',
-      example: 'us-east-1c',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'cloud.availability_zone',
@@ -183,8 +149,6 @@ export const mocksSource = {
     },
     {
       category: 'container',
-      description: 'Unique container id.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'container.id',
@@ -194,8 +158,6 @@ export const mocksSource = {
     },
     {
       category: 'container',
-      description: 'Name of the image the container was built on.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'container.image.name',
@@ -205,8 +167,6 @@ export const mocksSource = {
     },
     {
       category: 'container',
-      description: 'Container image tag.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'container.image.tag',
@@ -216,9 +176,6 @@ export const mocksSource = {
     },
     {
       category: 'destination',
-      description:
-        'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'destination.address',
@@ -228,8 +185,6 @@ export const mocksSource = {
     },
     {
       category: 'destination',
-      description: 'Bytes sent from the destination to the source.',
-      example: '184',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'destination.bytes',
@@ -239,8 +194,6 @@ export const mocksSource = {
     },
     {
       category: 'destination',
-      description: 'Destination domain.',
-      example: null,
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'destination.domain',
@@ -251,8 +204,6 @@ export const mocksSource = {
     {
       aggregatable: true,
       category: 'destination',
-      description: 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'destination.ip',
@@ -262,8 +213,6 @@ export const mocksSource = {
     {
       aggregatable: true,
       category: 'destination',
-      description: 'Port of the destination.',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'destination.port',
@@ -273,8 +222,6 @@ export const mocksSource = {
     {
       aggregatable: true,
       category: 'source',
-      description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'source.ip',
@@ -284,8 +231,6 @@ export const mocksSource = {
     {
       aggregatable: true,
       category: 'source',
-      description: 'Port of the source.',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'source.port',
@@ -295,9 +240,6 @@ export const mocksSource = {
     {
       aggregatable: true,
       category: 'event',
-      description:
-        'event.end contains the date when the event ended or when the activity was last observed.',
-      example: null,
       format: '',
       indexes: DEFAULT_INDEX_PATTERN,
       name: 'event.end',
@@ -307,8 +249,6 @@ export const mocksSource = {
     {
       aggregatable: false,
       category: 'nestedField',
-      description: '',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'nestedField.firstAttributes',
@@ -323,8 +263,6 @@ export const mocksSource = {
     {
       aggregatable: false,
       category: 'nestedField',
-      description: '',
-      example: '',
       format: '',
       indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       name: 'nestedField.secondAttributes',
@@ -372,10 +310,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'agent.ephemeral_id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.',
-        example: '8a4f500f',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.ephemeral_id',
@@ -384,9 +318,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.hostname': {
         aggregatable: true,
-        category: 'agent',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.hostname',
@@ -395,10 +326,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.id': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.',
-        example: '8a4f500d',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.id',
@@ -407,10 +334,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'agent.name': {
         aggregatable: true,
-        category: 'agent',
-        description:
-          'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
-        example: 'foo',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'agent.name',
@@ -423,9 +346,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'auditd.data.a0': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a0',
@@ -434,9 +354,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a1': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a1',
@@ -445,9 +362,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'auditd.data.a2': {
         aggregatable: true,
-        category: 'auditd',
-        description: null,
-        example: null,
         format: '',
         indexes: ['auditbeat'],
         name: 'auditd.data.a2',
@@ -460,10 +374,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       '@timestamp': {
         aggregatable: true,
-        category: 'base',
-        description:
-          'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
-        example: '2016-05-23T08:05:34.853Z',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: '@timestamp',
@@ -471,9 +381,6 @@ export const mockBrowserFields: BrowserFields = {
         type: 'date',
       },
       _id: {
-        category: 'base',
-        description: 'Each document has an _id that uniquely identifies it',
-        example: 'Y-6TfmcB0WOhS6qyMv3s',
         name: '_id',
         type: 'string',
         searchable: true,
@@ -481,10 +388,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
       },
       message: {
-        category: 'base',
-        description:
-          'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.',
-        example: 'Hello World',
         name: 'message',
         type: 'string',
         searchable: true,
@@ -498,10 +401,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'client.address': {
         aggregatable: true,
-        category: 'client',
-        description:
-          'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.address',
@@ -510,9 +409,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.bytes': {
         aggregatable: true,
-        category: 'client',
-        description: 'Bytes sent from the client to the server.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.bytes',
@@ -521,9 +417,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.domain': {
         aggregatable: true,
-        category: 'client',
-        description: 'Client domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.domain',
@@ -532,9 +425,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'client.geo.country_iso_code': {
         aggregatable: true,
-        category: 'client',
-        description: 'Country ISO code.',
-        example: 'CA',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'client.geo.country_iso_code',
@@ -547,10 +437,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'cloud.account.id': {
         aggregatable: true,
-        category: 'cloud',
-        description:
-          'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.',
-        example: '666777888999',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.account.id',
@@ -559,9 +445,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'cloud.availability_zone': {
         aggregatable: true,
-        category: 'cloud',
-        description: 'Availability zone in which this host is running.',
-        example: 'us-east-1c',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'cloud.availability_zone',
@@ -574,9 +457,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'container.id': {
         aggregatable: true,
-        category: 'container',
-        description: 'Unique container id.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.id',
@@ -585,9 +465,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.name': {
         aggregatable: true,
-        category: 'container',
-        description: 'Name of the image the container was built on.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.name',
@@ -596,9 +473,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'container.image.tag': {
         aggregatable: true,
-        category: 'container',
-        description: 'Container image tag.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'container.image.tag',
@@ -611,10 +485,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'destination.address': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.address',
@@ -623,9 +493,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.bytes': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Bytes sent from the destination to the source.',
-        example: '184',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.bytes',
@@ -634,9 +501,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.domain': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Destination domain.',
-        example: null,
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.domain',
@@ -645,10 +509,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.ip': {
         aggregatable: true,
-        category: 'destination',
-        description:
-          'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.ip',
@@ -657,9 +517,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'destination.port': {
         aggregatable: true,
-        category: 'destination',
-        description: 'Port of the destination.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'destination.port',
@@ -671,10 +528,6 @@ export const mockBrowserFields: BrowserFields = {
   event: {
     fields: {
       'event.end': {
-        category: 'event',
-        description:
-          'event.end contains the date when the event ended or when the activity was last observed.',
-        example: null,
         format: '',
         indexes: DEFAULT_INDEX_PATTERN,
         name: 'event.end',
@@ -683,10 +536,6 @@ export const mockBrowserFields: BrowserFields = {
         aggregatable: true,
       },
       'event.action': {
-        category: 'event',
-        description:
-          'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.',
-        example: 'user-password-change',
         name: 'event.action',
         type: 'string',
         searchable: true,
@@ -695,10 +544,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.category': {
-        category: 'event',
-        description:
-          'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.',
-        example: 'authentication',
         name: 'event.category',
         type: 'string',
         searchable: true,
@@ -707,10 +552,6 @@ export const mockBrowserFields: BrowserFields = {
         indexes: DEFAULT_INDEX_PATTERN,
       },
       'event.severity': {
-        category: 'event',
-        description:
-          "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.",
-        example: 7,
         name: 'event.severity',
         type: 'number',
         format: 'number',
@@ -723,9 +564,6 @@ export const mockBrowserFields: BrowserFields = {
   host: {
     fields: {
       'host.name': {
-        category: 'host',
-        description:
-          'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.',
         name: 'host.name',
         type: 'string',
         searchable: true,
@@ -739,9 +577,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'source.ip': {
         aggregatable: true,
-        category: 'source',
-        description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.ip',
@@ -750,9 +585,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'source.port': {
         aggregatable: true,
-        category: 'source',
-        description: 'Port of the source.',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'source.port',
@@ -764,9 +596,6 @@ export const mockBrowserFields: BrowserFields = {
   user: {
     fields: {
       'user.name': {
-        category: 'user',
-        description: 'Short name or login of the user.',
-        example: 'albert',
         name: 'user.name',
         type: 'string',
         searchable: true,
@@ -780,9 +609,6 @@ export const mockBrowserFields: BrowserFields = {
     fields: {
       'nestedField.firstAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.firstAttributes',
@@ -796,9 +622,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.secondAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.secondAttributes',
@@ -812,9 +635,6 @@ export const mockBrowserFields: BrowserFields = {
       },
       'nestedField.thirdAttributes': {
         aggregatable: false,
-        category: 'nestedField',
-        description: '',
-        example: '',
         format: '',
         indexes: ['auditbeat', 'filebeat', 'packetbeat'],
         name: 'nestedField.thirdAttributes',
diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts
index 0f24be8526d05..3b9891e79d9ab 100644
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts
@@ -27,6 +27,7 @@ export const buildEcsObjects = (hit: EventHit): Ecs => {
       }
       return acc;
     },
-    { _id: hit._id, timestamp: getTimestamp(hit), _index: hit._index }
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    { _id: hit._id!, timestamp: getTimestamp(hit), _index: hit._index }
   );
 };
diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts
index 6899222946fb3..f56cfd32391d4 100644
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts
@@ -22,9 +22,11 @@ export const formatTimelineData = async (
   uniq([...ecsFields, ...dataFields]).reduce<Promise<TimelineEdges>>(
     async (acc, fieldName) => {
       const flattenedFields: TimelineEdges = await acc;
-      flattenedFields.node._id = hit._id;
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      flattenedFields.node._id = hit._id!;
       flattenedFields.node._index = hit._index;
-      flattenedFields.node.ecs._id = hit._id;
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      flattenedFields.node.ecs._id = hit._id!;
       flattenedFields.node.ecs.timestamp = getTimestamp(hit);
       flattenedFields.node.ecs._index = hit._index;
       if (hit.sort && hit.sort.length > 1) {
diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_pivot_editor/advanced_pivot_editor.tsx b/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_pivot_editor/advanced_pivot_editor.tsx
index 4e2f6796a72c6..e0379ea26366a 100644
--- a/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_pivot_editor/advanced_pivot_editor.tsx
+++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/advanced_pivot_editor/advanced_pivot_editor.tsx
@@ -5,16 +5,14 @@
  * 2.0.
  */
 
+import { EuiFormRow } from '@elastic/eui';
+import { monaco } from '@kbn/monaco';
 import { isEqual } from 'lodash';
 import type { FC } from 'react';
 import React, { memo } from 'react';
-
-import { EuiFormRow } from '@elastic/eui';
-
 import { i18n } from '@kbn/i18n';
-
 import { CodeEditor } from '@kbn/code-editor';
-
+import pivotJsonSchema from '@kbn/json-schemas/src/put___transform__transform_id___pivot_schema.json';
 import type { StepDefineFormHook } from '../step_define';
 
 export const AdvancedPivotEditor: FC<StepDefineFormHook['advancedPivotEditor']> = memo(
@@ -66,6 +64,22 @@ export const AdvancedPivotEditor: FC<StepDefineFormHook['advancedPivotEditor']>
             wrappingIndent: 'indent',
           }}
           value={advancedEditorConfig}
+          editorDidMount={(editor: monaco.editor.IStandaloneCodeEditor) => {
+            const editorModelUri: string = editor.getModel()?.uri.toString()!;
+            monaco.languages.json.jsonDefaults.setDiagnosticsOptions({
+              validate: true,
+              enableSchemaRequest: false,
+              schemaValidation: 'error',
+              schemas: [
+                ...(monaco.languages.json.jsonDefaults.diagnosticsOptions.schemas ?? []),
+                {
+                  uri: editorModelUri,
+                  fileMatch: [editorModelUri],
+                  schema: pivotJsonSchema,
+                },
+              ],
+            });
+          }}
         />
       </EuiFormRow>
     );
diff --git a/x-pack/plugins/transform/tsconfig.json b/x-pack/plugins/transform/tsconfig.json
index 05d3320efadb0..2faedae945810 100644
--- a/x-pack/plugins/transform/tsconfig.json
+++ b/x-pack/plugins/transform/tsconfig.json
@@ -78,7 +78,9 @@
     "@kbn/react-kibana-context-render",
     "@kbn/search-types",
     "@kbn/core-elasticsearch-server-mocks",
-    "@kbn/test-jest-helpers"
+    "@kbn/test-jest-helpers",
+    "@kbn/monaco",
+    "@kbn/json-schemas"
   ],
   "exclude": [
     "target/**/*",
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index 21b3f6e83ac6c..a1871e039fbb3 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -1192,8 +1192,6 @@
     "dashboard.actions.downloadOptionsUnsavedFilename": "sans titre",
     "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "Minimiser",
     "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "Maximiser le panneau",
-    "dashboard.addPanelMenuTrigger.description": "Une nouvelle action apparaîtra dans le menu Ajouter un panneau du tableau de bord",
-    "dashboard.addPanelMenuTrigger.title": "Menu Ajouter un panneau",
     "dashboard.appLeaveConfirmModal.cancelButtonLabel": "Annuler",
     "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "Quitter Dashboard sans enregistrer ?",
     "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "Modifications non enregistrées",
@@ -1215,7 +1213,6 @@
     "dashboard.editingToolbar.controlsButtonTitle": "Contrôles",
     "dashboard.editingToolbar.editControlGroupButtonTitle": "Paramètres",
     "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "Le groupe de contrôle contient déjà un contrôle de curseur temporel.",
-    "dashboard.editorMenu.aggBasedGroupTitle": "Basé sur une agrégation",
     "dashboard.editorMenu.deprecatedTag": "Déclassé",
     "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "Appliquer",
     "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "Annuler",
@@ -2396,12 +2393,7 @@
     "discover.fieldChooser.discoverField.removeFieldTooltip": "Supprimer le champ du tableau",
     "discover.globalSearch.esqlSearchTitle": "Créer des recherches ES|QL",
     "discover.goToDiscoverButtonText": "Aller à Discover",
-    "unifiedDocViewer.flyout.documentNavigation": "Navigation dans le document",
-    "unifiedDocViewer.flyout.toastColumnAdded": "La colonne \"{columnName}\" a été ajoutée.",
-    "unifiedDocViewer.flyout.toastColumnRemoved": "La colonne \"{columnName}\" a été supprimée.",
     "discover.grid.tableRow.actionsLabel": "Actions",
-    "unifiedDocViewer.flyout.docViewerDetailHeading": "Document",
-    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "Ligne",
     "discover.grid.tableRow.mobileFlyoutActionsButton": "Actions",
     "discover.grid.tableRow.moreFlyoutActionsButton": "Plus d'actions",
     "discover.grid.tableRow.esqlDetailHeading": "Ligne développée",
@@ -2494,6 +2486,46 @@
     "discover.viewAlert.searchSourceErrorTitle": "Erreur lors de la récupération de la source de recherche",
     "discover.viewModes.document.label": "Documents",
     "discover.viewModes.fieldStatistics.label": "Statistiques de champ",
+    "unifiedDocViewer.flyout.documentNavigation": "Navigation dans le document",
+    "unifiedDocViewer.flyout.toastColumnAdded": "La colonne \"{columnName}\" a été ajoutée.",
+    "unifiedDocViewer.flyout.toastColumnRemoved": "La colonne \"{columnName}\" a été supprimée.",
+    "unifiedDocViewer.flyout.docViewerDetailHeading": "Document",
+    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "Ligne",
+    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "Une ou plusieurs valeurs dans ce champ sont trop longues et ne peuvent pas être recherchées ni filtrées.",
+    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "Ce champ comporte une ou plusieurs valeurs mal formées qui ne peuvent pas être recherchées ni filtrées.",
+    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "Une ou plusieurs valeurs dans ce champ ont été ignorées par Elasticsearch et ne peuvent pas être recherchées ni filtrées.",
+    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "La valeur dans ce champ est trop longue et ne peut pas être recherchée ni filtrée.",
+    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "La valeur dans ce champ est mal formée et ne peut pas être recherchée ni filtrée.",
+    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "La valeur dans ce champ a été ignorée par Elasticsearch et ne peut pas être recherchée ni filtrée.",
+    "unifiedDocViewer.docView.table.searchPlaceHolder": "Rechercher les noms de champs",
+    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "Filtrer sur le champ",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "Filtrer sur le champ",
+    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "Filtrer sur la valeur",
+    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "Filtrer sur la valeur",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "Exclure la valeur",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "Exclure la valeur",
+    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "Contient des valeurs ignorées",
+    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "Valeur ignorée",
+    "unifiedDocViewer.docViews.table.pinFieldLabel": "Épingler le champ",
+    "unifiedDocViewer.docViews.table.tableTitle": "Tableau",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "Afficher/Masquer la colonne dans le tableau",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "Afficher/Masquer la colonne dans le tableau",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "Impossible de filtrer sur les champs méta",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "Impossible de filtrer sur les champs scriptés",
+    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "Les champs non indexés ou les valeurs ignorées ne peuvent pas être recherchés",
+    "unifiedDocViewer.docViews.table.unpinFieldLabel": "Désépingler le champ",
+    "unifiedDocViewer.fieldChooser.discoverField.actions": "Actions",
+    "unifiedDocViewer.fieldChooser.discoverField.multiField": "champ multiple",
+    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "Les champs multiples peuvent avoir plusieurs valeurs.",
+    "unifiedDocViewer.fieldChooser.discoverField.name": "Champ",
+    "unifiedDocViewer.fieldChooser.discoverField.value": "Valeur",
+    "unifiedDocViewer.json.codeEditorAriaLabel": "Affichage JSON en lecture seule d’un document Elasticsearch",
+    "unifiedDocViewer.json.copyToClipboardLabel": "Copier dans le presse-papiers",
+    "unifiedDocViewer.loadingJSON": "Chargement de JSON",
+    "unifiedDocViewer.sourceViewer.errorMessage": "Impossible de récupérer les données pour le moment. Actualisez l'onglet et réessayez.",
+    "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.",
+    "unifiedDocViewer.sourceViewer.refresh": "Actualiser",
     "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana",
     "textBasedLanguages.advancedSettings.enableESQLTitle": "Activer ES|QL",
     "domDragDrop.announce.cancelled": "Mouvement annulé. {label} revenu à sa position initiale",
@@ -4527,7 +4559,6 @@
     "indexPatternManagement.editIndexPattern.fields.table.typeHeader": "Type",
     "indexPatternManagement.editIndexPattern.indexPatternHeading": "Modèle d'indexation :",
     "indexPatternManagement.editIndexPattern.list.defaultIndexPatternListName": "Par défaut",
-    "indexPatternManagement.editIndexPattern.list.rollupIndexPatternListName": "Cumul",
     "indexPatternManagement.editIndexPattern.mappingConflictHeader": "Conflit de mapping",
     "indexPatternManagement.editIndexPattern.scripted.addFieldButton": "Ajouter un champ scripté",
     "indexPatternManagement.editIndexPattern.scripted.deleteField.cancelButton": "Annuler",
@@ -13300,10 +13331,8 @@
     "xpack.elasticAssistant.assistant.connectors.connectorMissingCallout.conversationSettingsLink": "Paramètres de conversation",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.ariaLabel": "Sélecteur de conversation",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.newConnectorOptions": "Ajouter un nouveau connecteur...",
-    "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorLabel": "Connecteur :",
     "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorPlaceholder": "Sélectionner un connecteur",
     "xpack.elasticAssistant.assistant.connectors.preconfiguredTitle": "Préconfiguré",
-    "xpack.elasticAssistant.assistant.connectors.setup.complete": "Configuration du connecteur terminée !",
     "xpack.elasticAssistant.assistant.connectors.setup.skipTitle": "Cliquez pour ignorer...",
     "xpack.elasticAssistant.assistant.connectors.setup.timestampAtTitle": "à",
     "xpack.elasticAssistant.assistant.connectors.setup.userAssistantTitle": "Assistant",
@@ -13472,7 +13501,6 @@
     "xpack.elasticAssistant.connectors.models.modelSelector.placeholderText": "Sélectionnez ou saisissez pour créer une nouvelle...",
     "xpack.elasticAssistant.connectors.useLoadActionTypes.errorMessage": "Bienvenue sur votre assistant d’intelligence artificielle Elastic. Je suis votre portail 100 % open source vers votre vie Elastic. ",
     "xpack.elasticAssistant.connectors.useLoadConnectors.errorMessage": "Bienvenue sur votre assistant d’intelligence artificielle Elastic. Je suis votre portail 100 % open source vers votre vie Elastic. ",
-    "xpack.elasticAssistant.content.prompts.welcome.welcomeSecurityPrompt": "Bienvenue sur votre assistant d’intelligence artificielle Elastic. Je suis votre portail 100 % open source vers Elastic Security. ",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph1": "Les champs ci-dessous sont permis par défaut",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph2": "Activer optionnellement l’anonymisation pour ces champs",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutTitle": "Valeur par défaut de l'anonymisation",
@@ -29570,7 +29598,6 @@
     "xpack.observability.apmProgressiveLoadingDescription": "{technicalPreviewLabel} S'il faut charger les données de façon progressive pour les vues APM. Les données peuvent être demandées d'abord avec un taux d'échantillonnage inférieur, avec une précision plus faible mais des temps de réponse plus rapides, pendant que les données non échantillonnées se chargent en arrière-plan",
     "xpack.observability.apmServiceInventoryOptimizedSortingDescription": "{technicalPreviewLabel} Tri par défaut des pages d'inventaire et de stockage des services APM (pour les services hors Machine Learning), en fonction du nom de service.",
     "xpack.observability.apmTraceExplorerTabDescription": "{technicalPreviewLabel} Activer la fonctionnalité Explorateur de traces APM, qui vous permet de rechercher et d'inspecter les traces avec KQL ou EQL. {link}",
-    "xpack.observability.customThreshold.rule..charts.noData.title": "Aucune donnée du graphique n'est disponible, vérifiez la règle {errorSourceField}",
     "xpack.observability.customThreshold.rule.aggregators.average": "{metric} moyen",
     "xpack.observability.customThreshold.rule.aggregators.cardinality": "Cardinalité de {metric}",
     "xpack.observability.customThreshold.rule.aggregators.max": "{metric} max.",
@@ -29683,8 +29710,6 @@
     "xpack.observability.customThreshold.alertChartTitle": "Résultat de l'équation pour ",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysis.sectionTitle": "Analyse du taux de log",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysisTitle": "Causes possibles et résolutions",
-    "xpack.observability.customThreshold.rule..charts.error_equation.description": "Vérifiez l'équation de la règle.",
-    "xpack.observability.customThreshold.rule..charts.error_equation.title": "Une erreur s'est produite lors de l'affichage du graphique",
     "xpack.observability.customThreshold.rule..charts.errorMessage": "Oups, un problème est survenu",
     "xpack.observability.customThreshold.rule..charts.noDataMessage": "Aucune donnée graphique disponible",
     "xpack.observability.customThreshold.rule..timeLabels.days": "jours",
@@ -29941,8 +29966,6 @@
     "xpack.observability.rulePage.logsTabTitle": "Logs",
     "xpack.observability.rulePage.rulesTabTitle": "Règles",
     "xpack.observability.rules.addRuleButtonLabel": "Créer une règle",
-    "xpack.observability.rules.createRule.errorNotification.descriptionText": "Échec de création de la règle",
-    "xpack.observability.rules.createRule.successNotification.descriptionText": "Règle créée",
     "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "Annuler",
     "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "Impossible de supprimer la règle",
     "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "Règle supprimée",
@@ -31504,7 +31527,6 @@
     "xpack.rollupJobs.detailPanel.loadingLabel": "Chargement de la tâche de cumul…",
     "xpack.rollupJobs.detailPanel.notFoundLabel": "Tâche de cumul introuvable",
     "xpack.rollupJobs.featureCatalogueDescription": "Résumez et stockez les données historiques dans un index plus petit pour une analyse ultérieure.",
-    "xpack.rollupJobs.indexMgmtBadge.rollupLabel": "Cumul",
     "xpack.rollupJobs.indexMgmtToggle.toggleLabel": "Inclure les index de cumul",
     "xpack.rollupJobs.jobActionMenu.cloneJobLabel": "Cloner la tâche",
     "xpack.rollupJobs.jobActionMenu.deleteJob.confirmModal.cancelButtonText": "Annuler",
@@ -32646,7 +32668,6 @@
     "xpack.securitySolution.enableRiskScore.enableRiskScoreDescription": "Une fois que vous avez activé cette fonctionnalité, vous pouvez obtenir un accès rapide aux scores de risque de {riskEntity} dans cette section. Les données pourront prendre jusqu'à une heure pour être générées après l'activation du module.",
     "xpack.securitySolution.enableRiskScore.upgradeRiskScore": "Mettre à niveau le score de risque de {riskEntity}",
     "xpack.securitySolution.endpoint.actions.unsupported.message": "La version actuelle de l'agent {agentType} ne prend pas en charge {command}. Mettez à niveau votre Elastic Agent via Fleet vers la dernière version pour activer cette action de réponse.",
-    "xpack.securitySolution.endpoint.details.policy.revisionNumber": "rév. {revNumber}",
     "xpack.securitySolution.endpoint.details.policyStatusValue": "{policyStatus, select, success {Succès} warning {Avertissement} failure {Échec} other {Inconnu}}",
     "xpack.securitySolution.endpoint.fleetCustomExtension.artifactsSummaryError": "Une erreur s'est produite lors de la tentative de récupération des statistiques d'artefacts : \"{error}\"",
     "xpack.securitySolution.endpoint.fleetCustomExtension.blocklistsSummary.error": "Une erreur s'est produite lors de la tentative de récupération des statistiques de liste noire : \"{error}\"",
@@ -32666,7 +32687,6 @@
     "xpack.securitySolution.endpoint.hostIsolation.unisolate.successfulMessage": "La libération de l'hôte {hostName} a été soumise",
     "xpack.securitySolution.endpoint.hostIsolation.unIsolateThisHost": "{hostName} est actuellement {isolated}. Voulez-vous vraiment {unisolate} cet hôte ?",
     "xpack.securitySolution.endpoint.list.hostStatusValue": "{hostStatus, select, healthy {Sain} unhealthy {En mauvais état} updating {En cours de mise à jour} offline {Hors ligne} inactive {Inactif} unenrolled {Désinscrit} other {En mauvais état}}",
-    "xpack.securitySolution.endpoint.list.policy.revisionNumber": "rév. {revNumber}",
     "xpack.securitySolution.endpoint.list.totalCount": "Affichage de {totalItemCount, plural, one {# point de terminaison} other {# points de terminaison}}",
     "xpack.securitySolution.endpoint.list.totalCount.limited": "Affichage de {limit} de {totalItemCount, plural, one {# point de terminaison} other {# points de terminaison}}",
     "xpack.securitySolution.endpoint.list.transformFailed.message": "Une transformation requise, {transformId}, est actuellement en échec. La plupart du temps, ce problème peut être corrigé grâce aux {transformsPage}. Pour une assistance supplémentaire, veuillez visitez la {docsPage}",
@@ -32737,7 +32757,6 @@
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.countByCategory": "{count} {category}",
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.numberOfEvents": "{totalCount} événements",
     "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "Cette liste inclut {numberOfEntries} événements de processus.",
-    "xpack.securitySolution.endpointPolicyStatus.revisionNumber": "rév. {revNumber}",
     "xpack.securitySolution.endpointResponseActions.actionError.errorMessage": "{ errorCount, plural, =1 {Erreur rencontrée} other {Erreurs rencontrées}} :",
     "xpack.securitySolution.enrichment.noInvestigationEnrichment": "Aucun renseignement supplémentaire sur les menaces n'a été détecté sur la période sélectionnée. Sélectionnez une autre plage temporelle ou {link} afin de collecter des renseignements sur les menaces pour les détecter et les comparer.",
     "xpack.securitySolution.entityAnalytics.anomalies.moduleNotCompatibleTitle": "{incompatibleJobCount} {incompatibleJobCount, plural, =1 {tâche est actuellement indisponible} other {tâches sont actuellement indisponibles}}",
@@ -35616,7 +35635,6 @@
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromEndpointPage": "À partir de cette page, vous pourrez afficher et gérer les hôtes dans votre environnement exécutant Elastic Defend.",
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromPolicyPage": "À partir de cette page, vous pourrez afficher et gérer les politiques d'intégration Elastic Defend dans votre environnement exécutant Elastic Defend.",
     "xpack.securitySolution.endpoint.policyList.onboardingTitle": "Lancez-vous avec Elastic Defend",
-    "xpack.securitySolution.endpoint.policyNotFound": "Politique introuvable !",
     "xpack.securitySolution.endpoint.policyResponse.backLinkTitle": "Détails de point de terminaison",
     "xpack.securitySolution.endpoint.policyResponse.title": "Réponse de politique",
     "xpack.securitySolution.endpoint.protectionUpdates.automaticUpdates.enabled.toggleName": "Activer les mises à jour automatique",
@@ -35671,7 +35689,6 @@
     "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "Déclenchement arrêté",
     "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "Applications de confiance",
     "xpack.securitySolution.endpoint.updateCases.emptyComment": "Aucun commentaire fourni",
-    "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "Action en échec",
     "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "Les fichiers zip de sortie d'exécution de commande en attente sont trop nombreux.",
     "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "Échec inconnu lors de l'exécution de la commande.",
     "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "Impossible de charger le fichier zip de sortie d'exécution de la commande Le chargement a expiré",
@@ -35753,7 +35770,6 @@
     "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "Requête de libération de l'hôte reçue par Endpoint",
     "xpack.securitySolution.endpointDetails.overview": "Aperçu",
     "xpack.securitySolution.endpointDetails.responseActionsHistory": "Historique des actions de réponse",
-    "xpack.securitySolution.endpointPolicyStatus.tooltipTitleLabel": "Politique appliquée",
     "xpack.securitySolution.endpointResponseActions.actionSubmitter.apiErrorDetails": "L'erreur suivante a été rencontrée :",
     "xpack.securitySolution.endpointResponseActions.executeAction.successTitle": "L'exécution de la commande a réussi.",
     "xpack.securitySolution.endpointResponseActions.getFileAction.successTitle": "Fichier récupéré à partir de l'hôte.",
@@ -36834,7 +36850,6 @@
     "xpack.securitySolution.osquery.action.permissionDenied": "Autorisation refusée",
     "xpack.securitySolution.osquery.action.shortEmptyTitle": "Osquery n’est pas disponible.",
     "xpack.securitySolution.osquery.action.unavailable": "L’intégration Osquery Manager n'a pas été ajoutée à la politique d'agent. Pour exécuter des requêtes sur l'hôte, ajoutez l'intégration Osquery Manager à la politique d'agent dans Fleet.",
-    "xpack.securitySolution.outOfDateLabel": "Obsolète",
     "xpack.securitySolution.overview.auditBeatAuditTitle": "Audit",
     "xpack.securitySolution.overview.auditBeatFimTitle": "File Integrity Module",
     "xpack.securitySolution.overview.auditBeatLoginTitle": "Connexion",
@@ -37753,7 +37768,6 @@
     "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Toujours plus avec Security !",
     "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Toujours plus avec Security !",
     "xpack.serverlessSearch.apiKey.activeKeys": "Vous avez {number} clés actives.",
-    "xpack.serverlessSearch.apiKey.expiresHelpText": "Cette clé d'API expirera le {expirationDate}",
     "xpack.serverlessSearch.connectors.config.apiKeyDescription": "Vous pouvez limiter la clé d'API du connecteur pour n'avoir accès qu'à l'index ci-dessus. Une fois créée, utilisez cette clé pour déterminer la variable {apiKey} dans votre fichier {config}.",
     "xpack.serverlessSearch.connectors.config.createIndexLabel": "Le connecteur créera l'index {searchValue}",
     "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "Cette action ne peut pas être annulée. Veuillez saisir {connectorName} pour confirmer.",
@@ -37770,31 +37784,11 @@
     "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "Cette clé ne s’affichera qu’une fois, conservez-la donc en lieu sûr. Nous ne conservons pas vos clés d’API, vous devrez donc générer une clé de remplacement si vous la perdez.",
     "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "Stocker cette clé d'API",
     "xpack.serverlessSearch.apiKey.description": "Une clé d'API est un identifiant privé et unique destiné à l'authentification et l'autorisation. Il vous faut une clé d'API pour vous connecter à votre projet en toute sécurité.",
-    "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "en jours",
-    "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "Jamais",
-    "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "Les clés d’API doivent être changées régulièrement.",
-    "xpack.serverlessSearch.apiKey.expiresFieldLabel": "Expire",
-    "xpack.serverlessSearch.apiKey.expiresFieldUnit": "jours",
-    "xpack.serverlessSearch.apiKey.flyout.errorTitle": "Erreur lors de la création d’une clé d’API",
-    "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "Créer une clé d'API",
-    "xpack.serverlessSearch.apiKey.flyoutTitle": "Créer une clé d'API",
     "xpack.serverlessSearch.apiKey.manageLabel": "Gérer",
-    "xpack.serverlessSearch.apiKey.metadata.description": "Utilisez des paires clé-valeur configurables pour ajouter des informations au sujet de la clé d’API ou personnaliser l’accès aux ressources Elasticsearch.",
-    "xpack.serverlessSearch.apiKey.metadata.title": "Métadonnées",
-    "xpack.serverlessSearch.apiKey.metadataLinkLabel": "Découvrez comment structurer les métadonnées de rôle",
-    "xpack.serverlessSearch.apiKey.nameFieldHelpText": "Un bon nom permet de savoir clairement à quoi sert votre clé d’API.",
-    "xpack.serverlessSearch.apiKey.nameFieldLabel": "Nom",
     "xpack.serverlessSearch.apiKey.newButtonLabel": "Nouveauté",
     "xpack.serverlessSearch.apiKey.panel.description": "Utilisez une clé existante ou créez-en une nouvelle et copiez-la dans un endroit sûr.",
     "xpack.serverlessSearch.apiKey.panel.title": "Ajouter une clé d'API",
-    "xpack.serverlessSearch.apiKey.privileges.description": "Contrôlez l'accès aux ressources et API Elasticsearch spécifiques à l’aide de rôles prédéfinis ou de privilèges personnalisés par clé d’API.",
-    "xpack.serverlessSearch.apiKey.privileges.title": "Privilèges de sécurité",
-    "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "Découvrir comment structurer les descripteurs de rôles",
-    "xpack.serverlessSearch.apiKey.setup.description": "Les détails de la configuration de base pour créer votre clé d’API.",
-    "xpack.serverlessSearch.apiKey.setup.title": "Configuration",
     "xpack.serverlessSearch.apiKey.title": "Clé d'API",
-    "xpack.serverlessSearch.apiKey.userFieldHelpText": "Identifiant de l’utilisateur créant la clé d’API.",
-    "xpack.serverlessSearch.apiKey.userFieldLabel": "Utilisateur",
     "xpack.serverlessSearch.app.connectors.title": "Connecteurs",
     "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch",
     "xpack.serverlessSearch.back": "Retour",
@@ -43910,7 +43904,6 @@
     "aiAssistantManagementSelection.aiAssistantSelectionPage.observabilityLabel": "Assistant d'IA Elastic pour Observability",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.descriptionTextLabel": "L'Assistant d'IA utilise l'IA générative pour aider votre équipe en expliquant les erreurs, en suggérant une résolution et en vous aidant à demander, analyser et visualiser vos données.",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.h2.aIAssistantLabel": "Assistant d'intelligence artificielle",
-    "aiAssistantManagementSelection.aiAssistantSettingsPage.obsAssistant.documentationLinkLabel": "Documentation",
     "aiAssistantManagementSelection.app.description": "Gérer les Assistants d'IA.",
     "aiAssistantManagementSelection.app.title": "Assistants d'IA",
     "aiAssistantManagementSelection.app.titleBar": "Assistants d'IA",
@@ -44234,41 +44227,8 @@
     "uiActions.errors.incompatibleAction": "Action non compatible",
     "uiActions.triggers.rowClickkDescription": "Un clic sur une ligne de tableau",
     "uiActions.triggers.rowClickTitle": "Clic sur ligne de tableau",
-    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "Une ou plusieurs valeurs dans ce champ sont trop longues et ne peuvent pas être recherchées ni filtrées.",
-    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "Ce champ comporte une ou plusieurs valeurs mal formées qui ne peuvent pas être recherchées ni filtrées.",
-    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "Une ou plusieurs valeurs dans ce champ ont été ignorées par Elasticsearch et ne peuvent pas être recherchées ni filtrées.",
-    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "La valeur dans ce champ est trop longue et ne peut pas être recherchée ni filtrée.",
-    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "La valeur dans ce champ est mal formée et ne peut pas être recherchée ni filtrée.",
-    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "La valeur dans ce champ a été ignorée par Elasticsearch et ne peut pas être recherchée ni filtrée.",
-    "unifiedDocViewer.docView.table.searchPlaceHolder": "Rechercher les noms de champs",
-    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "Filtrer sur le champ",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "Filtrer sur le champ",
-    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "Filtrer sur la valeur",
-    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "Filtrer sur la valeur",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "Exclure la valeur",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "Exclure la valeur",
-    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "Contient des valeurs ignorées",
-    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "Valeur ignorée",
-    "unifiedDocViewer.docViews.table.pinFieldLabel": "Épingler le champ",
-    "unifiedDocViewer.docViews.table.tableTitle": "Tableau",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "Afficher/Masquer la colonne dans le tableau",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "Afficher/Masquer la colonne dans le tableau",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "Impossible de filtrer sur les champs méta",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "Impossible de filtrer sur les champs scriptés",
-    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "Les champs non indexés ou les valeurs ignorées ne peuvent pas être recherchés",
-    "unifiedDocViewer.docViews.table.unpinFieldLabel": "Désépingler le champ",
-    "unifiedDocViewer.fieldChooser.discoverField.actions": "Actions",
-    "unifiedDocViewer.fieldChooser.discoverField.multiField": "champ multiple",
-    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "Les champs multiples peuvent avoir plusieurs valeurs.",
-    "unifiedDocViewer.fieldChooser.discoverField.name": "Champ",
-    "unifiedDocViewer.fieldChooser.discoverField.value": "Valeur",
-    "unifiedDocViewer.json.codeEditorAriaLabel": "Affichage JSON en lecture seule d’un document Elasticsearch",
-    "unifiedDocViewer.json.copyToClipboardLabel": "Copier dans le presse-papiers",
-    "unifiedDocViewer.loadingJSON": "Chargement de JSON",
-    "unifiedDocViewer.sourceViewer.errorMessage": "Impossible de récupérer les données pour le moment. Actualisez l'onglet et réessayez.",
-    "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.",
-    "unifiedDocViewer.sourceViewer.refresh": "Actualiser",
+    "uiActions.triggers.dashboard.addPanelMenu.description": "Une nouvelle action apparaîtra dans le menu Ajouter un panneau du tableau de bord",
+    "uiActions.triggers.dashboard.addPanelMenu.title": "Menu Ajouter un panneau",
     "unsavedChangesBadge.contextMenu.openButton": "Afficher les actions disponibles",
     "unsavedChangesBadge.contextMenu.revertChangesButton": "Restaurer les modifications",
     "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "Annuler les modifications",
@@ -44621,4 +44581,4 @@
     "xpack.serverlessObservability.nav.projectSettings": "Paramètres de projet",
     "xpack.serverlessObservability.nav.synthetics": "Synthetics"
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 902b420e0098c..7b1fb5c238f52 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -1192,8 +1192,6 @@
     "dashboard.actions.downloadOptionsUnsavedFilename": "無題",
     "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "最小化",
     "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "パネルを最大化",
-    "dashboard.addPanelMenuTrigger.description": "新しいアクションは、ダッシュボードのパネルの追加メニューに表示されます",
-    "dashboard.addPanelMenuTrigger.title": "パネルの追加メニュー",
     "dashboard.appLeaveConfirmModal.cancelButtonLabel": "キャンセル",
     "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "作業を保存せずにダッシュボードから移動しますか？",
     "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "保存されていない変更",
@@ -1215,7 +1213,6 @@
     "dashboard.editingToolbar.controlsButtonTitle": "コントロール",
     "dashboard.editingToolbar.editControlGroupButtonTitle": "設定",
     "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "コントロールグループには、すでに時間スライダーコントロールがあります。",
-    "dashboard.editorMenu.aggBasedGroupTitle": "アグリゲーションに基づく",
     "dashboard.editorMenu.deprecatedTag": "非推奨",
     "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "適用",
     "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "キャンセル",
@@ -2393,12 +2390,7 @@
     "discover.fieldChooser.discoverField.removeFieldTooltip": "フィールドを表から削除",
     "discover.globalSearch.esqlSearchTitle": "ES|QLクエリを作成",
     "discover.goToDiscoverButtonText": "Discoverに移動",
-    "unifiedDocViewer.flyout.documentNavigation": "ドキュメントナビゲーション",
-    "unifiedDocViewer.flyout.toastColumnAdded": "列'{columnName}'が追加されました",
-    "unifiedDocViewer.flyout.toastColumnRemoved": "列'{columnName}'が削除されました",
     "discover.grid.tableRow.actionsLabel": "アクション",
-    "unifiedDocViewer.flyout.docViewerDetailHeading": "ドキュメント",
-    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行",
     "discover.grid.tableRow.mobileFlyoutActionsButton": "アクション",
     "discover.grid.tableRow.moreFlyoutActionsButton": "さらにアクションを表示",
     "discover.grid.tableRow.esqlDetailHeading": "展開された行",
@@ -2491,6 +2483,46 @@
     "discover.viewAlert.searchSourceErrorTitle": "検索ソースの取得エラー",
     "discover.viewModes.document.label": "ドキュメント",
     "discover.viewModes.fieldStatistics.label": "フィールド統計情報",
+    "unifiedDocViewer.flyout.documentNavigation": "ドキュメントナビゲーション",
+    "unifiedDocViewer.flyout.toastColumnAdded": "列'{columnName}'が追加されました",
+    "unifiedDocViewer.flyout.toastColumnRemoved": "列'{columnName}'が削除されました",
+    "unifiedDocViewer.flyout.docViewerDetailHeading": "ドキュメント",
+    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行",
+    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "このフィールドの1つ以上の値が長すぎるため、検索またはフィルタリングできません。",
+    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "このフィールドは、検索またはフィルタリングできない正しくない形式の値が1つ以上あります。",
+    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "このフィールドの1つ以上の値がElasticsearchによって無視されたため、検索またはフィルタリングできません。",
+    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "このフィールドの値が長すぎるため、検索またはフィルタリングできません。",
+    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "このフィールドの値の形式が正しくないため、検索またはフィルタリングできません。",
+    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "このフィールドの値はElasticsearchによって無視されたため、検索またはフィルタリングできません。",
+    "unifiedDocViewer.docView.table.searchPlaceHolder": "検索フィールド名",
+    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "フィールド表示のフィルター",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "フィールド表示のフィルター",
+    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "値でフィルター",
+    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "値でフィルター",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "値を除外",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "値を除外",
+    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "無視された値を含む",
+    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "無視された値",
+    "unifiedDocViewer.docViews.table.pinFieldLabel": "フィールドを固定",
+    "unifiedDocViewer.docViews.table.tableTitle": "表",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "表の列を切り替える",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "表の列を切り替える",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "メタフィールドの有無でフィルタリングできません",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "スクリプトフィールドの有無でフィルタリングできません",
+    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "インデックスがないフィールドまたは無視された値は検索できません",
+    "unifiedDocViewer.docViews.table.unpinFieldLabel": "フィールドを固定解除",
+    "unifiedDocViewer.fieldChooser.discoverField.actions": "アクション",
+    "unifiedDocViewer.fieldChooser.discoverField.multiField": "複数フィールド",
+    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "複数フィールドにはフィールドごとに複数の値を入力できます",
+    "unifiedDocViewer.fieldChooser.discoverField.name": "フィールド",
+    "unifiedDocViewer.fieldChooser.discoverField.value": "値",
+    "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch ドキュメントの JSON ビューのみを読み込む",
+    "unifiedDocViewer.json.copyToClipboardLabel": "クリップボードにコピー",
+    "unifiedDocViewer.loadingJSON": "JSONを読み込んでいます",
+    "unifiedDocViewer.sourceViewer.errorMessage": "現在データを取得できませんでした。タブを更新して、再試行してください。",
+    "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました",
+    "unifiedDocViewer.sourceViewer.refresh": "更新",
     "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana",
     "textBasedLanguages.advancedSettings.enableESQLTitle": "ES|QLを有効化",
     "domDragDrop.announce.cancelled": "移動がキャンセルされました。{label}は初期位置に戻りました",
@@ -4520,7 +4552,6 @@
     "indexPatternManagement.editIndexPattern.fields.table.typeHeader": "型",
     "indexPatternManagement.editIndexPattern.indexPatternHeading": "インデックスパターン：",
     "indexPatternManagement.editIndexPattern.list.defaultIndexPatternListName": "デフォルト",
-    "indexPatternManagement.editIndexPattern.list.rollupIndexPatternListName": "ロールアップ",
     "indexPatternManagement.editIndexPattern.mappingConflictHeader": "マッピングの矛盾",
     "indexPatternManagement.editIndexPattern.scripted.addFieldButton": "スクリプトフィールドを追加",
     "indexPatternManagement.editIndexPattern.scripted.deleteField.cancelButton": "キャンセル",
@@ -13279,10 +13310,8 @@
     "xpack.elasticAssistant.assistant.connectors.connectorMissingCallout.conversationSettingsLink": "会話設定",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.ariaLabel": "会話セレクター",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.newConnectorOptions": "新しいコネクターを追加...",
-    "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorLabel": "コネクター：",
     "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorPlaceholder": "コネクターを選択",
     "xpack.elasticAssistant.assistant.connectors.preconfiguredTitle": "構成済み",
-    "xpack.elasticAssistant.assistant.connectors.setup.complete": "コネクターのセットアップが完了しました!",
     "xpack.elasticAssistant.assistant.connectors.setup.skipTitle": "クリックしてスキップ....",
     "xpack.elasticAssistant.assistant.connectors.setup.timestampAtTitle": "に",
     "xpack.elasticAssistant.assistant.connectors.setup.userAssistantTitle": "アシスタント",
@@ -13451,7 +13480,6 @@
     "xpack.elasticAssistant.connectors.models.modelSelector.placeholderText": "選択するか、入力して新規作成...",
     "xpack.elasticAssistant.connectors.useLoadActionTypes.errorMessage": "Elastic AI Assistantへようこそ！Elasticを活用するための100%オープンソースのポータルです。",
     "xpack.elasticAssistant.connectors.useLoadConnectors.errorMessage": "Elastic AI Assistantへようこそ！Elasticを活用するための100%オープンソースのポータルです。",
-    "xpack.elasticAssistant.content.prompts.welcome.welcomeSecurityPrompt": "Elastic AI Assistantへようこそ！Elasticセキュリティを活用するための100%オープンソースのポータルです。",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph1": "このフィールドはデフォルトで許可されています",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph2": "任意で、これらのフィールドの匿名化を有効にします",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutTitle": "匿名化デフォルト",
@@ -29547,7 +29575,6 @@
     "xpack.observability.apmProgressiveLoadingDescription": "{technicalPreviewLabel} APMビューでデータのプログレッシブ読み込みを行うかどうか。サンプリングされていないデータをバックグラウンドで読み込みながら、最初は低いサンプリングレート、低い精度、高速の応答時間でデータを要求できます",
     "xpack.observability.apmServiceInventoryOptimizedSortingDescription": "{technicalPreviewLabel} サービス名によるデフォルトAPMサービスインベントリおよびストレージエクスプローラーページの並べ替え（機械学習が適用されていないサービス）。",
     "xpack.observability.apmTraceExplorerTabDescription": "{technicalPreviewLabel} APMトレースエクスプローラー機能を有効にし、KQLまたはEQLでトレースを検索、検査できます。{link}",
-    "xpack.observability.customThreshold.rule..charts.noData.title": "グラフデータはありません。ルール{errorSourceField}を確認してください",
     "xpack.observability.customThreshold.rule.aggregators.average": "平均{metric}",
     "xpack.observability.customThreshold.rule.aggregators.cardinality": "{metric}のカーディナリティ",
     "xpack.observability.customThreshold.rule.aggregators.max": "最大{metric}",
@@ -29661,8 +29688,6 @@
     "xpack.observability.customThreshold.alertChartTitle": "式の結果 ",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysis.sectionTitle": "ログレート分析",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysisTitle": "考えられる原因と修正方法",
-    "xpack.observability.customThreshold.rule..charts.error_equation.description": "ルール式を確認してください。",
-    "xpack.observability.customThreshold.rule..charts.error_equation.title": "グラフの表示中にエラーが発生しました",
     "xpack.observability.customThreshold.rule..charts.errorMessage": "問題が発生しました",
     "xpack.observability.customThreshold.rule..charts.noDataMessage": "グラフデータがありません",
     "xpack.observability.customThreshold.rule..timeLabels.days": "日",
@@ -29919,8 +29944,6 @@
     "xpack.observability.rulePage.logsTabTitle": "ログ",
     "xpack.observability.rulePage.rulesTabTitle": "ルール",
     "xpack.observability.rules.addRuleButtonLabel": "ルールを作成",
-    "xpack.observability.rules.createRule.errorNotification.descriptionText": "ルールの作成に失敗しました",
-    "xpack.observability.rules.createRule.successNotification.descriptionText": "ルールが作成されました",
     "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "キャンセル",
     "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "ルールを削除できませんでした",
     "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "削除されたルール",
@@ -31480,7 +31503,6 @@
     "xpack.rollupJobs.detailPanel.loadingLabel": "ロールアップジョブを読み込み中...",
     "xpack.rollupJobs.detailPanel.notFoundLabel": "ロールアップジョブが見つかりません",
     "xpack.rollupJobs.featureCatalogueDescription": "今後の分析用に履歴データを小さなインデックスに要約して格納します。",
-    "xpack.rollupJobs.indexMgmtBadge.rollupLabel": "ロールアップ",
     "xpack.rollupJobs.indexMgmtToggle.toggleLabel": "ロールアップインデックスを含める",
     "xpack.rollupJobs.jobActionMenu.cloneJobLabel": "ジョブのクローンを作成します",
     "xpack.rollupJobs.jobActionMenu.deleteJob.confirmModal.cancelButtonText": "キャンセル",
@@ -32620,7 +32642,6 @@
     "xpack.securitySolution.enableRiskScore.enableRiskScoreDescription": "この機能を有効化すると、このセクションで{riskEntity}リスクスコアにすばやくアクセスできます。モジュールを有効化した後、データの生成までに1時間かかる場合があります。",
     "xpack.securitySolution.enableRiskScore.upgradeRiskScore": "{riskEntity}リスクスコアをアップグレード",
     "xpack.securitySolution.endpoint.actions.unsupported.message": "現在のバージョンの{agentType}エージェントは、{command}をサポートしていません。この応答アクションを有効化するには、Fleet経由でElasticエージェントを最新バージョンにアップグレードしてください。",
-    "xpack.securitySolution.endpoint.details.policy.revisionNumber": "rev. {revNumber}",
     "xpack.securitySolution.endpoint.details.policyStatusValue": "{policyStatus, select, success {成功} warning {警告} failure {失敗} other {不明}}",
     "xpack.securitySolution.endpoint.fleetCustomExtension.artifactsSummaryError": "アーティファクト統計情報の取得中にエラーが発生しました：\"{error}\"",
     "xpack.securitySolution.endpoint.fleetCustomExtension.blocklistsSummary.error": "ブロックリスト統計情報の取得中にエラーが発生しました：\"{error}\"",
@@ -32640,7 +32661,6 @@
     "xpack.securitySolution.endpoint.hostIsolation.unisolate.successfulMessage": "ホスト{hostName}でのリリースは正常に送信されました",
     "xpack.securitySolution.endpoint.hostIsolation.unIsolateThisHost": "現在{hostName}は{isolated}です。このホストを{unisolate}しますか？",
     "xpack.securitySolution.endpoint.list.hostStatusValue": "{hostStatus, select, healthy {正常} unhealthy {異常} updating {更新中} offline {オフライン} inactive {無効} unenrolled {登録解除済み} other {異常}}",
-    "xpack.securitySolution.endpoint.list.policy.revisionNumber": "rev. {revNumber}",
     "xpack.securitySolution.endpoint.list.totalCount": "{totalItemCount, plural, other  {# 個のエンドポイント}}を表示しています",
     "xpack.securitySolution.endpoint.list.totalCount.limited": "{totalItemCount, plural, other  {# 個のエンドポイント}}の{limit}を表示しています",
     "xpack.securitySolution.endpoint.list.transformFailed.message": "現在、必須の変換{transformId}が失敗しています。通常、これは{transformsPage}で修正できます。ヘルプについては、{docsPage}をご覧ください",
@@ -32710,7 +32730,6 @@
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.countByCategory": "{count} {category}",
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.numberOfEvents": "{totalCount}件のイベント",
     "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "このリストには、{numberOfEntries} 件のプロセスイベントが含まれています。",
-    "xpack.securitySolution.endpointPolicyStatus.revisionNumber": "rev. {revNumber}",
     "xpack.securitySolution.endpointResponseActions.actionError.errorMessage": "次の{ errorCount, plural, other {件のエラー}}が発生しました：",
     "xpack.securitySolution.enrichment.noInvestigationEnrichment": "選択した期間内に追加の脅威情報が見つかりませんでした。別の時間枠、または{link}を試して、脅威の検出と照合のための脅威インテリジェンスを収集します。",
     "xpack.securitySolution.entityAnalytics.anomalies.moduleNotCompatibleTitle": "{incompatibleJobCount} {incompatibleJobCount, plural, other {件のジョブ}}が現在使用できません",
@@ -35591,7 +35610,6 @@
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromEndpointPage": "このページでは、Elastic Defendを実行している環境でホストを表示して管理できます。",
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromPolicyPage": "このページでは、Elastic Defendを実行している環境で、Elastic Defend統合ポリシーを表示して管理できます。",
     "xpack.securitySolution.endpoint.policyList.onboardingTitle": "Elastic Defendをはじめよう",
-    "xpack.securitySolution.endpoint.policyNotFound": "ポリシーが見つかりません。",
     "xpack.securitySolution.endpoint.policyResponse.backLinkTitle": "エンドポイント詳細",
     "xpack.securitySolution.endpoint.policyResponse.title": "ポリシー応答",
     "xpack.securitySolution.endpoint.protectionUpdates.automaticUpdates.enabled.toggleName": "自動更新を有効化",
@@ -35646,7 +35664,6 @@
     "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "トリガーを中断しました",
     "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "信頼できるアプリケーション",
     "xpack.securitySolution.endpoint.updateCases.emptyComment": "コメントがありません",
-    "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "アクションが失敗しました",
     "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "保留中のコマンド実行出力zipファイルが多すぎます。",
     "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "コマンドの実行中に不明な障害が発生しました。",
     "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "コマンド実行出力zipファイルをアップロードできませんでした。アップロードがタイムアウトしました",
@@ -35728,7 +35745,6 @@
     "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "エンドポイントが受信したホストリリースリクエスト",
     "xpack.securitySolution.endpointDetails.overview": "概要",
     "xpack.securitySolution.endpointDetails.responseActionsHistory": "対応アクション履歴",
-    "xpack.securitySolution.endpointPolicyStatus.tooltipTitleLabel": "ポリシーが適用されました",
     "xpack.securitySolution.endpointResponseActions.actionSubmitter.apiErrorDetails": "次のエラーが発生しました：",
     "xpack.securitySolution.endpointResponseActions.executeAction.successTitle": "コマンド実行が成功しました。",
     "xpack.securitySolution.endpointResponseActions.getFileAction.successTitle": "ファイルがホストから取得されました。",
@@ -36809,7 +36825,6 @@
     "xpack.securitySolution.osquery.action.permissionDenied": "パーミッションが拒否されました",
     "xpack.securitySolution.osquery.action.shortEmptyTitle": "Osqueryが使用できません",
     "xpack.securitySolution.osquery.action.unavailable": "Osqueryマネージャー統合がエージェントポリシーに追加されていません。ホストでクエリを実行するには、FleetでOsqueryマネージャー統合をエージェントポリシーに追加してください。",
-    "xpack.securitySolution.outOfDateLabel": "最新ではありません",
     "xpack.securitySolution.overview.auditBeatAuditTitle": "監査",
     "xpack.securitySolution.overview.auditBeatFimTitle": "File Integrityモジュール",
     "xpack.securitySolution.overview.auditBeatLoginTitle": "ログイン",
@@ -37727,7 +37742,6 @@
     "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Securityではさまざまなことが可能です！",
     "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Securityではさまざまなことが可能です！",
     "xpack.serverlessSearch.apiKey.activeKeys": "{number}のアクティブなキーがあります。",
-    "xpack.serverlessSearch.apiKey.expiresHelpText": "このAPIキーは{expirationDate}に有効期限切れになります",
     "xpack.serverlessSearch.connectors.config.apiKeyDescription": "上記のインデックスにのみアクセスできるように、コネクターのAPIキーを制限できます。作成したら、このキーを使って{config}ファイルの{apiKey}変数を設定します。",
     "xpack.serverlessSearch.connectors.config.createIndexLabel": "コネクターはインデックス{searchValue}を作成します",
     "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "この操作は元に戻すことができません。{connectorName}を入力して確認してください。",
@@ -37744,31 +37758,11 @@
     "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "このキーは一度しか表示されないため、安全な場所に保存しておいてください。当社はお客様のAPIキーを保存しません。キーを紛失した場合は、代替キーを生成する必要があります。",
     "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "このAPIキーを保存",
     "xpack.serverlessSearch.apiKey.description": "APIキーは、認証と認可のための非公開の一意の識別子です。プロジェクトに安全に接続するには、APIキーが必要です。",
-    "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "日",
-    "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "なし",
-    "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "APIキーは定期的にローテーションしてください。",
-    "xpack.serverlessSearch.apiKey.expiresFieldLabel": "有効期限",
-    "xpack.serverlessSearch.apiKey.expiresFieldUnit": "日",
-    "xpack.serverlessSearch.apiKey.flyout.errorTitle": "APIキーの作成エラー",
-    "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "APIキーを作成",
-    "xpack.serverlessSearch.apiKey.flyoutTitle": "APIキーを作成する",
     "xpack.serverlessSearch.apiKey.manageLabel": "管理",
-    "xpack.serverlessSearch.apiKey.metadata.description": "設定可能なキーと値のペアを使用して、APIキーに関する情報を追加したり、Elasticsearchリソースへのアクセスをカスタマイズしたりします。",
-    "xpack.serverlessSearch.apiKey.metadata.title": "メタデータ",
-    "xpack.serverlessSearch.apiKey.metadataLinkLabel": "ロールメタデータを構成する方法",
-    "xpack.serverlessSearch.apiKey.nameFieldHelpText": "良い名前は、APIキーの目的を明確に示します。",
-    "xpack.serverlessSearch.apiKey.nameFieldLabel": "名前",
     "xpack.serverlessSearch.apiKey.newButtonLabel": "新規",
     "xpack.serverlessSearch.apiKey.panel.description": "既存のキーを使用するか、新しいキーを作成して安全な場所にコピーしてください。",
     "xpack.serverlessSearch.apiKey.panel.title": "APIキーを追加",
-    "xpack.serverlessSearch.apiKey.privileges.description": "APIキーごとに定義済みのロールやカスタム権限を使用して、特定のElasticsearch APIやリソースへのアクセスを制御します。",
-    "xpack.serverlessSearch.apiKey.privileges.title": "セキュリティ権限",
-    "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "ロール記述子を構造化する方法をご覧ください",
-    "xpack.serverlessSearch.apiKey.setup.description": "APIキーを作成するための基本構成詳細情報。",
-    "xpack.serverlessSearch.apiKey.setup.title": "セットアップ",
     "xpack.serverlessSearch.apiKey.title": "API キー",
-    "xpack.serverlessSearch.apiKey.userFieldHelpText": "APIキーを作成するユーザーのID。",
-    "xpack.serverlessSearch.apiKey.userFieldLabel": "ユーザー",
     "xpack.serverlessSearch.app.connectors.title": "コネクター",
     "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch",
     "xpack.serverlessSearch.back": "戻る",
@@ -43886,7 +43880,6 @@
     "aiAssistantManagementSelection.aiAssistantSelectionPage.observabilityLabel": "Elastic AI Assistant for Observability",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.descriptionTextLabel": "AI Assistantは、生成AIを使用して、エラーを説明したり、改善策を提案したり、データのリクエスト、分析、可視化を支援したりすることで、チームを支援します。",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.h2.aIAssistantLabel": "AI Assistant",
-    "aiAssistantManagementSelection.aiAssistantSettingsPage.obsAssistant.documentationLinkLabel": "ドキュメント",
     "aiAssistantManagementSelection.app.description": "AI Assistantを管理します。",
     "aiAssistantManagementSelection.app.title": "AI Assistant",
     "aiAssistantManagementSelection.app.titleBar": "AI Assistant",
@@ -44208,43 +44201,10 @@
     "uiActions.actionPanel.more": "詳細",
     "uiActions.actionPanel.title": "オプション",
     "uiActions.errors.incompatibleAction": "操作に互換性がありません",
+    "uiActions.triggers.dashboard.addPanelMenu.description": "新しいアクションは、ダッシュボードのパネルの追加メニューに表示されます",
+    "uiActions.triggers.dashboard.addPanelMenu.title": "パネルの追加メニュー",
     "uiActions.triggers.rowClickkDescription": "テーブル行をクリック",
     "uiActions.triggers.rowClickTitle": "テーブル行クリック",
-    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "このフィールドの1つ以上の値が長すぎるため、検索またはフィルタリングできません。",
-    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "このフィールドは、検索またはフィルタリングできない正しくない形式の値が1つ以上あります。",
-    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "このフィールドの1つ以上の値がElasticsearchによって無視されたため、検索またはフィルタリングできません。",
-    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "このフィールドの値が長すぎるため、検索またはフィルタリングできません。",
-    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "このフィールドの値の形式が正しくないため、検索またはフィルタリングできません。",
-    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "このフィールドの値はElasticsearchによって無視されたため、検索またはフィルタリングできません。",
-    "unifiedDocViewer.docView.table.searchPlaceHolder": "検索フィールド名",
-    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "フィールド表示のフィルター",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "フィールド表示のフィルター",
-    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "値でフィルター",
-    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "値でフィルター",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "値を除外",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "値を除外",
-    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "無視された値を含む",
-    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "無視された値",
-    "unifiedDocViewer.docViews.table.pinFieldLabel": "フィールドを固定",
-    "unifiedDocViewer.docViews.table.tableTitle": "表",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "表の列を切り替える",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "表の列を切り替える",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "メタフィールドの有無でフィルタリングできません",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "スクリプトフィールドの有無でフィルタリングできません",
-    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "インデックスがないフィールドまたは無視された値は検索できません",
-    "unifiedDocViewer.docViews.table.unpinFieldLabel": "フィールドを固定解除",
-    "unifiedDocViewer.fieldChooser.discoverField.actions": "アクション",
-    "unifiedDocViewer.fieldChooser.discoverField.multiField": "複数フィールド",
-    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "複数フィールドにはフィールドごとに複数の値を入力できます",
-    "unifiedDocViewer.fieldChooser.discoverField.name": "フィールド",
-    "unifiedDocViewer.fieldChooser.discoverField.value": "値",
-    "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch ドキュメントの JSON ビューのみを読み込む",
-    "unifiedDocViewer.json.copyToClipboardLabel": "クリップボードにコピー",
-    "unifiedDocViewer.loadingJSON": "JSONを読み込んでいます",
-    "unifiedDocViewer.sourceViewer.errorMessage": "現在データを取得できませんでした。タブを更新して、再試行してください。",
-    "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました",
-    "unifiedDocViewer.sourceViewer.refresh": "更新",
     "unsavedChangesBadge.contextMenu.openButton": "使用可能なアクションを表示",
     "unsavedChangesBadge.contextMenu.revertChangesButton": "変更を元に戻す",
     "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "変更を元に戻しています...",
@@ -44597,4 +44557,4 @@
     "xpack.serverlessObservability.nav.projectSettings": "プロジェクト設定",
     "xpack.serverlessObservability.nav.synthetics": "Synthetics"
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 7c3f6e0ecea52..c783af0ea5060 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -1194,8 +1194,6 @@
     "dashboard.actions.downloadOptionsUnsavedFilename": "未命名",
     "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "最小化",
     "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "最大化面板",
-    "dashboard.addPanelMenuTrigger.description": "一个新操作将在仪表板的添加面板菜单中显示出来",
-    "dashboard.addPanelMenuTrigger.title": "添加面板菜单",
     "dashboard.appLeaveConfirmModal.cancelButtonLabel": "取消",
     "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "离开有未保存工作的仪表板？",
     "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "未保存的更改",
@@ -1217,7 +1215,6 @@
     "dashboard.editingToolbar.controlsButtonTitle": "控件",
     "dashboard.editingToolbar.editControlGroupButtonTitle": "设置",
     "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "控件组已包含时间滑块控件。",
-    "dashboard.editorMenu.aggBasedGroupTitle": "基于聚合",
     "dashboard.editorMenu.deprecatedTag": "（已过时）",
     "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "应用",
     "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "取消",
@@ -2397,12 +2394,7 @@
     "discover.fieldChooser.discoverField.removeFieldTooltip": "从表中移除字段",
     "discover.globalSearch.esqlSearchTitle": "创建 ES|QL 查询",
     "discover.goToDiscoverButtonText": "前往 Discover",
-    "unifiedDocViewer.flyout.documentNavigation": "文档导航",
-    "unifiedDocViewer.flyout.toastColumnAdded": "已添加列“{columnName}”",
-    "unifiedDocViewer.flyout.toastColumnRemoved": "已移除列“{columnName}”",
     "discover.grid.tableRow.actionsLabel": "操作",
-    "unifiedDocViewer.flyout.docViewerDetailHeading": "文档",
-    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行",
     "discover.grid.tableRow.mobileFlyoutActionsButton": "操作",
     "discover.grid.tableRow.moreFlyoutActionsButton": "更多操作",
     "discover.grid.tableRow.esqlDetailHeading": "已展开行",
@@ -2495,6 +2487,46 @@
     "discover.viewAlert.searchSourceErrorTitle": "提取搜索源时出错",
     "discover.viewModes.document.label": "文档",
     "discover.viewModes.fieldStatistics.label": "字段统计信息",
+    "unifiedDocViewer.flyout.documentNavigation": "文档导航",
+    "unifiedDocViewer.flyout.toastColumnAdded": "已添加列“{columnName}”",
+    "unifiedDocViewer.flyout.toastColumnRemoved": "已移除列“{columnName}”",
+    "unifiedDocViewer.flyout.docViewerDetailHeading": "文档",
+    "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行",
+    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "此字段中的一个或多个值过长，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "此字段包含一个或多个格式错误的值，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "此字段中的一个或多个值被 Elasticsearch 忽略，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "此字段中的值过长，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "此字段中的值格式错误，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "此字段中的值被 Elasticsearch 忽略，无法搜索或筛选。",
+    "unifiedDocViewer.docView.table.searchPlaceHolder": "搜索字段名称",
+    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "筛留存在的字段",
+    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "字段是否存在筛选",
+    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "筛留值",
+    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "筛留值",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "筛除值",
+    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "筛除值",
+    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "包含被忽略的值",
+    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "被忽略的值",
+    "unifiedDocViewer.docViews.table.pinFieldLabel": "固定字段",
+    "unifiedDocViewer.docViews.table.tableTitle": "表",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "在表中切换列",
+    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "在表中切换列",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "无法筛选元数据字段是否存在",
+    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "无法筛选脚本字段是否存在",
+    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "无法搜索未编入索引的字段或被忽略的值",
+    "unifiedDocViewer.docViews.table.unpinFieldLabel": "取消固定字段",
+    "unifiedDocViewer.fieldChooser.discoverField.actions": "操作",
+    "unifiedDocViewer.fieldChooser.discoverField.multiField": "多字段",
+    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "多字段的每个字段可以有多个值",
+    "unifiedDocViewer.fieldChooser.discoverField.name": "字段",
+    "unifiedDocViewer.fieldChooser.discoverField.value": "值",
+    "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch 文档的只读 JSON 视图",
+    "unifiedDocViewer.json.copyToClipboardLabel": "复制到剪贴板",
+    "unifiedDocViewer.loadingJSON": "正在加载 JSON",
+    "unifiedDocViewer.sourceViewer.errorMessage": "当前无法获取数据。请刷新选项卡以重试。",
+    "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误",
+    "unifiedDocViewer.sourceViewer.refresh": "刷新",
     "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana",
     "textBasedLanguages.advancedSettings.enableESQLTitle": "启用 ES|QL",
     "domDragDrop.announce.cancelled": "移动已取消。{label} 将返回至其初始位置",
@@ -4529,7 +4561,6 @@
     "indexPatternManagement.editIndexPattern.fields.table.typeHeader": "类型",
     "indexPatternManagement.editIndexPattern.indexPatternHeading": "索引模式：",
     "indexPatternManagement.editIndexPattern.list.defaultIndexPatternListName": "默认",
-    "indexPatternManagement.editIndexPattern.list.rollupIndexPatternListName": "汇总/打包",
     "indexPatternManagement.editIndexPattern.mappingConflictHeader": "映射冲突",
     "indexPatternManagement.editIndexPattern.scripted.addFieldButton": "添加脚本字段",
     "indexPatternManagement.editIndexPattern.scripted.deleteField.cancelButton": "取消",
@@ -13305,10 +13336,8 @@
     "xpack.elasticAssistant.assistant.connectors.connectorMissingCallout.conversationSettingsLink": "对话设置",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.ariaLabel": "对话选择器",
     "xpack.elasticAssistant.assistant.connectors.connectorSelector.newConnectorOptions": "添加新连接器……",
-    "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorLabel": "连接器：",
     "xpack.elasticAssistant.assistant.connectors.connectorSelectorInline.connectorPlaceholder": "选择连接器",
     "xpack.elasticAssistant.assistant.connectors.preconfiguredTitle": "预配置",
-    "xpack.elasticAssistant.assistant.connectors.setup.complete": "连接器设置完成！",
     "xpack.elasticAssistant.assistant.connectors.setup.skipTitle": "单击以跳过……",
     "xpack.elasticAssistant.assistant.connectors.setup.timestampAtTitle": "处于",
     "xpack.elasticAssistant.assistant.connectors.setup.userAssistantTitle": "助手",
@@ -13477,7 +13506,6 @@
     "xpack.elasticAssistant.connectors.models.modelSelector.placeholderText": "选择或键入以新建……",
     "xpack.elasticAssistant.connectors.useLoadActionTypes.errorMessage": "欢迎使用 Elastic AI 助手！我是您的 100% 开源门户，可帮助您熟练使用 Elastic。",
     "xpack.elasticAssistant.connectors.useLoadConnectors.errorMessage": "欢迎使用 Elastic AI 助手！我是您的 100% 开源门户，可帮助您熟练使用 Elastic。",
-    "xpack.elasticAssistant.content.prompts.welcome.welcomeSecurityPrompt": "欢迎使用 Elastic AI 助手！我是您的 100% 开源门户，可帮助您熟练使用 Elastic Security。",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph1": "默认允许使用以下字段",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutParagraph2": "（可选）对这些字段启用匿名处理",
     "xpack.elasticAssistant.dataAnonymization.settings.anonymizationSettings.calloutTitle": "匿名处理默认设置",
@@ -29587,7 +29615,6 @@
     "xpack.observability.apmProgressiveLoadingDescription": "{technicalPreviewLabel} 是否以渐进方式为 APM 视图加载数据。可以先以较低的采样速率请求数据，这样的准确性较低，但响应时间更快，同时在后台加载未采样数据",
     "xpack.observability.apmServiceInventoryOptimizedSortingDescription": "{technicalPreviewLabel} 默认 APM 服务库存和 Storage Explorer 页面排序（对于未应用 Machine Learning 的服务）将按服务名称排序。",
     "xpack.observability.apmTraceExplorerTabDescription": "{technicalPreviewLabel} 启用 APM Trace Explorer 功能，它允许您通过 KQL 或 EQL 搜索和检查跟踪。{link}",
-    "xpack.observability.customThreshold.rule..charts.noData.title": "没有可用图表数据，请检查规则 {errorSourceField}",
     "xpack.observability.customThreshold.rule.aggregators.average": "平均值 {metric}",
     "xpack.observability.customThreshold.rule.aggregators.cardinality": "{metric} 的基数",
     "xpack.observability.customThreshold.rule.aggregators.max": "{metric} 最大值",
@@ -29701,8 +29728,6 @@
     "xpack.observability.customThreshold.alertChartTitle": "方程结果用于 ",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysis.sectionTitle": "日志速率分析",
     "xpack.observability.customThreshold.alertDetails.logRateAnalysisTitle": "可能的原因和补救措施",
-    "xpack.observability.customThreshold.rule..charts.error_equation.description": "检查规则方程。",
-    "xpack.observability.customThreshold.rule..charts.error_equation.title": "渲染图表时出错",
     "xpack.observability.customThreshold.rule..charts.errorMessage": "哇哦，出问题了",
     "xpack.observability.customThreshold.rule..charts.noDataMessage": "没有可用图表数据",
     "xpack.observability.customThreshold.rule..timeLabels.days": "天",
@@ -29959,8 +29984,6 @@
     "xpack.observability.rulePage.logsTabTitle": "日志",
     "xpack.observability.rulePage.rulesTabTitle": "规则",
     "xpack.observability.rules.addRuleButtonLabel": "创建规则",
-    "xpack.observability.rules.createRule.errorNotification.descriptionText": "无法创建规则",
-    "xpack.observability.rules.createRule.successNotification.descriptionText": "已创建规则",
     "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "取消",
     "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "无法删除规则",
     "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "已删除规则",
@@ -31521,7 +31544,6 @@
     "xpack.rollupJobs.detailPanel.loadingLabel": "正在加载汇总/打包作业……",
     "xpack.rollupJobs.detailPanel.notFoundLabel": "未找到汇总/打包作业",
     "xpack.rollupJobs.featureCatalogueDescription": "汇总历史数据并将其存储在较小的索引中以供将来分析。",
-    "xpack.rollupJobs.indexMgmtBadge.rollupLabel": "汇总/打包",
     "xpack.rollupJobs.indexMgmtToggle.toggleLabel": "包括汇总索引",
     "xpack.rollupJobs.jobActionMenu.cloneJobLabel": "克隆作业",
     "xpack.rollupJobs.jobActionMenu.deleteJob.confirmModal.cancelButtonText": "取消",
@@ -32663,7 +32685,6 @@
     "xpack.securitySolution.enableRiskScore.enableRiskScoreDescription": "一旦启用此功能，您将可以在此部分快速访问{riskEntity}风险分数。启用此模板后，可能需要一小时才能生成数据。",
     "xpack.securitySolution.enableRiskScore.upgradeRiskScore": "升级{riskEntity}风险分数",
     "xpack.securitySolution.endpoint.actions.unsupported.message": "当前版本的 {agentType} 代理不支持 {command}。通过 Fleet 将您的 Elastic 代理升级到最新版本以启用此响应操作。",
-    "xpack.securitySolution.endpoint.details.policy.revisionNumber": "修订版 {revNumber}",
     "xpack.securitySolution.endpoint.details.policyStatusValue": "{policyStatus, select, success {成功} warning {警告} failure {失败} other {未知}}",
     "xpack.securitySolution.endpoint.fleetCustomExtension.artifactsSummaryError": "尝试提取项目统计时出错：“{error}”",
     "xpack.securitySolution.endpoint.fleetCustomExtension.blocklistsSummary.error": "尝试提取阻止列表统计时出错：“{error}”",
@@ -32683,7 +32704,6 @@
     "xpack.securitySolution.endpoint.hostIsolation.unisolate.successfulMessage": "已成功提交主机 {hostName} 的释放",
     "xpack.securitySolution.endpoint.hostIsolation.unIsolateThisHost": "{hostName} 当前{isolated}。是否确定要{unisolate}此主机？",
     "xpack.securitySolution.endpoint.list.hostStatusValue": "{hostStatus, select, healthy {运行正常} unhealthy {运行不正常} updating {正在更新} offline {脱机} inactive {非活动} unenrolled {未注册} other {运行不正常}}",
-    "xpack.securitySolution.endpoint.list.policy.revisionNumber": "修订版 {revNumber}",
     "xpack.securitySolution.endpoint.list.totalCount": "正在显示 {totalItemCount, plural, other {# 个终端}}",
     "xpack.securitySolution.endpoint.list.totalCount.limited": "正在显示 {totalItemCount, plural, other {# 个终端}}中的 {limit} 个",
     "xpack.securitySolution.endpoint.list.transformFailed.message": "所需的转换 {transformId} 当前失败。多数时候，这可以通过 {transformsPage} 解决。要获取更多帮助，请访问{docsPage}",
@@ -32754,7 +32774,6 @@
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.countByCategory": "{count} 个{category}",
     "xpack.securitySolution.endpoint.resolver.panel.relatedEventList.numberOfEvents": "{totalCount} 个事件",
     "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "此列表包括 {numberOfEntries} 个进程事件。",
-    "xpack.securitySolution.endpointPolicyStatus.revisionNumber": "修订版 {revNumber}",
     "xpack.securitySolution.endpointResponseActions.actionError.errorMessage": "遇到以下{ errorCount, plural, other {错误}}：",
     "xpack.securitySolution.enrichment.noInvestigationEnrichment": "在选定时间范围内未发现其他威胁情报。请尝试不同时间范围，或 {link} 以收集威胁情报用于威胁检测和匹配。",
     "xpack.securitySolution.entityAnalytics.anomalies.moduleNotCompatibleTitle": "{incompatibleJobCount} 个{incompatibleJobCount, plural, other {作业}}当前不可用",
@@ -35634,7 +35653,6 @@
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromEndpointPage": "从此页面，您将能够查看和管理环境中运行 Elastic Defend 的主机。",
     "xpack.securitySolution.endpoint.policyList.onboardingSectionTwo.fromPolicyPage": "从此页面，您将能够查看和管理运行 Elastic Defend 的环境中的 Elastic Defend 集成策略。",
     "xpack.securitySolution.endpoint.policyList.onboardingTitle": "开始使用 Elastic Defend",
-    "xpack.securitySolution.endpoint.policyNotFound": "未找到策略！",
     "xpack.securitySolution.endpoint.policyResponse.backLinkTitle": "终端详情",
     "xpack.securitySolution.endpoint.policyResponse.title": "策略响应",
     "xpack.securitySolution.endpoint.protectionUpdates.automaticUpdates.enabled.toggleName": "启用自动更新",
@@ -35689,7 +35707,6 @@
     "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "已终止触发器",
     "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "受信任的应用程序",
     "xpack.securitySolution.endpoint.updateCases.emptyComment": "未提供注释",
-    "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "操作失败",
     "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "待处理的命令执行输出 zip 文件过多。",
     "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "执行命令时出现未知故障。",
     "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "无法上传命令执行输出 zip 文件。上传超时",
@@ -35771,7 +35788,6 @@
     "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "终端收到释放主机请求",
     "xpack.securitySolution.endpointDetails.overview": "概览",
     "xpack.securitySolution.endpointDetails.responseActionsHistory": "响应操作历史记录",
-    "xpack.securitySolution.endpointPolicyStatus.tooltipTitleLabel": "已应用策略",
     "xpack.securitySolution.endpointResponseActions.actionSubmitter.apiErrorDetails": "遇到以下错误：",
     "xpack.securitySolution.endpointResponseActions.executeAction.successTitle": "命令执行成功。",
     "xpack.securitySolution.endpointResponseActions.getFileAction.successTitle": "已从主机检索文件。",
@@ -36852,7 +36868,6 @@
     "xpack.securitySolution.osquery.action.permissionDenied": "权限被拒绝",
     "xpack.securitySolution.osquery.action.shortEmptyTitle": "Osquery 不可用",
     "xpack.securitySolution.osquery.action.unavailable": "Osquery 管理器集成未添加到代理策略。要在此主机上运行查询，请在 Fleet 中将 Osquery 管理器集成添加到代理策略。",
-    "xpack.securitySolution.outOfDateLabel": "过时",
     "xpack.securitySolution.overview.auditBeatAuditTitle": "审计",
     "xpack.securitySolution.overview.auditBeatFimTitle": "文件完整性模块",
     "xpack.securitySolution.overview.auditBeatLoginTitle": "登录",
@@ -37771,7 +37786,6 @@
     "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Security 让您事半功倍！",
     "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Security 让您事半功倍！",
     "xpack.serverlessSearch.apiKey.activeKeys": "您有 {number} 个活动密钥。",
-    "xpack.serverlessSearch.apiKey.expiresHelpText": "此 API 密钥将于 {expirationDate}到期",
     "xpack.serverlessSearch.connectors.config.apiKeyDescription": "您可以将连接器的 API 密钥限定为仅有权访问以上索引。创建后，请使用此密钥在 {config} 文件中设置 {apiKey} 变量。",
     "xpack.serverlessSearch.connectors.config.createIndexLabel": "连接器将创建索引 {searchValue}",
     "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "此操作无法撤消。请尝试 {connectorName} 以确认。",
@@ -37788,31 +37802,11 @@
     "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "此密钥仅显示一次，因此请将其保存到某个安全位置。我们不存储您的 API 密钥，因此，如果您丢失了密钥，则需要生成替代密钥。",
     "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "存储此 API 密钥",
     "xpack.serverlessSearch.apiKey.description": "API 密钥是用于身份验证和授权的专用唯一标识符。您需要 API 密钥以便安全连接到您的项目。",
-    "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "以天为单位",
-    "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "永不",
-    "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "应定期轮换 API 密钥。",
-    "xpack.serverlessSearch.apiKey.expiresFieldLabel": "过期",
-    "xpack.serverlessSearch.apiKey.expiresFieldUnit": "天",
-    "xpack.serverlessSearch.apiKey.flyout.errorTitle": "创建 API 密钥时出错",
-    "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "创建 API 密钥",
-    "xpack.serverlessSearch.apiKey.flyoutTitle": "创建 API 密钥",
     "xpack.serverlessSearch.apiKey.manageLabel": "管理",
-    "xpack.serverlessSearch.apiKey.metadata.description": "使用可配置的键值对添加有关 API 密钥的信息，或定制 Elasticsearch 资源访问权限。",
-    "xpack.serverlessSearch.apiKey.metadata.title": "元数据",
-    "xpack.serverlessSearch.apiKey.metadataLinkLabel": "了解如何构造角色元数据",
-    "xpack.serverlessSearch.apiKey.nameFieldHelpText": "适当的名称便于用户清楚了解 API 密钥的用途。",
-    "xpack.serverlessSearch.apiKey.nameFieldLabel": "名称",
     "xpack.serverlessSearch.apiKey.newButtonLabel": "新建",
     "xpack.serverlessSearch.apiKey.panel.description": "使用现有密钥，或创建新密钥并将其复制到某个安全位置。",
     "xpack.serverlessSearch.apiKey.panel.title": "添加 API 密钥",
-    "xpack.serverlessSearch.apiKey.privileges.description": "使用每个 API 密钥的预定义角色或定制权限控制对特定 Elasticsearch API 和资源的访问。",
-    "xpack.serverlessSearch.apiKey.privileges.title": "安全权限",
-    "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "了解如何构造角色描述符",
-    "xpack.serverlessSearch.apiKey.setup.description": "用于创建 API 密钥的基本配置详情。",
-    "xpack.serverlessSearch.apiKey.setup.title": "设置",
     "xpack.serverlessSearch.apiKey.title": "API 密钥",
-    "xpack.serverlessSearch.apiKey.userFieldHelpText": "创建 API 密钥的用户的 ID。",
-    "xpack.serverlessSearch.apiKey.userFieldLabel": "用户",
     "xpack.serverlessSearch.app.connectors.title": "连接器",
     "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch",
     "xpack.serverlessSearch.back": "返回",
@@ -43934,7 +43928,6 @@
     "aiAssistantManagementSelection.aiAssistantSelectionPage.observabilityLabel": "适用于 Observability 的 Elastic AI 助手",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.descriptionTextLabel": "通过解释错误，建议补救措施并帮助您请求、分析和可视化数据，AI 助手使用生成式 AI 来为您的团队提供帮助。",
     "aiAssistantManagementSelection.aiAssistantSettingsPage.h2.aIAssistantLabel": "AI 助手",
-    "aiAssistantManagementSelection.aiAssistantSettingsPage.obsAssistant.documentationLinkLabel": "文档",
     "aiAssistantManagementSelection.app.description": "管理您的 AI 助手。",
     "aiAssistantManagementSelection.app.title": "AI 助手",
     "aiAssistantManagementSelection.app.titleBar": "AI 助手",
@@ -44256,43 +44249,10 @@
     "uiActions.actionPanel.more": "更多",
     "uiActions.actionPanel.title": "选项",
     "uiActions.errors.incompatibleAction": "操作不兼容",
+    "uiActions.triggers.dashboard.addPanelMenu.description": "一个新操作将在仪表板的添加面板菜单中显示出来",
+    "uiActions.triggers.dashboard.addPanelMenu.title": "添加面板菜单",
     "uiActions.triggers.rowClickkDescription": "表格行的单击",
     "uiActions.triggers.rowClickTitle": "表格行单击",
-    "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "此字段中的一个或多个值过长，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "此字段包含一个或多个格式错误的值，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "此字段中的一个或多个值被 Elasticsearch 忽略，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "此字段中的值过长，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "此字段中的值格式错误，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "此字段中的值被 Elasticsearch 忽略，无法搜索或筛选。",
-    "unifiedDocViewer.docView.table.searchPlaceHolder": "搜索字段名称",
-    "unifiedDocViewer.docViews.json.jsonTitle": "JSON",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "筛留存在的字段",
-    "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "字段是否存在筛选",
-    "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "筛留值",
-    "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "筛留值",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "筛除值",
-    "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "筛除值",
-    "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "包含被忽略的值",
-    "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "被忽略的值",
-    "unifiedDocViewer.docViews.table.pinFieldLabel": "固定字段",
-    "unifiedDocViewer.docViews.table.tableTitle": "表",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "在表中切换列",
-    "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "在表中切换列",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "无法筛选元数据字段是否存在",
-    "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "无法筛选脚本字段是否存在",
-    "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "无法搜索未编入索引的字段或被忽略的值",
-    "unifiedDocViewer.docViews.table.unpinFieldLabel": "取消固定字段",
-    "unifiedDocViewer.fieldChooser.discoverField.actions": "操作",
-    "unifiedDocViewer.fieldChooser.discoverField.multiField": "多字段",
-    "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "多字段的每个字段可以有多个值",
-    "unifiedDocViewer.fieldChooser.discoverField.name": "字段",
-    "unifiedDocViewer.fieldChooser.discoverField.value": "值",
-    "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch 文档的只读 JSON 视图",
-    "unifiedDocViewer.json.copyToClipboardLabel": "复制到剪贴板",
-    "unifiedDocViewer.loadingJSON": "正在加载 JSON",
-    "unifiedDocViewer.sourceViewer.errorMessage": "当前无法获取数据。请刷新选项卡以重试。",
-    "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误",
-    "unifiedDocViewer.sourceViewer.refresh": "刷新",
     "unsavedChangesBadge.contextMenu.openButton": "查看可用操作",
     "unsavedChangesBadge.contextMenu.revertChangesButton": "恢复更改",
     "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "正在恢复更改......",
@@ -44645,4 +44605,4 @@
     "xpack.serverlessObservability.nav.projectSettings": "项目设置",
     "xpack.serverlessObservability.nav.synthetics": "Synthetics"
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx
index 6be43f797b7a4..ce9ddfcad2be1 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx
@@ -7,9 +7,9 @@
 
 import { RuleAction, RuleNotifyWhen } from '@kbn/alerting-plugin/common';
 import React, { useState, useEffect, useCallback, useMemo } from 'react';
+import { css } from '@emotion/css'; // We can't use @emotion/react - this component gets used with plugins that use both styled-components and Emotion
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { euiStyled } from '@kbn/kibana-react-plugin/common';
 import {
   EuiFlexGroup,
   EuiFlexItem,
@@ -23,6 +23,7 @@ import {
   EuiButtonEmpty,
   EuiContextMenuPanel,
   EuiContextMenuItem,
+  useEuiTheme,
 } from '@elastic/eui';
 import { some, filter, map } from 'fp-ts/lib/Option';
 import { pipe } from 'fp-ts/lib/pipeable';
@@ -242,30 +243,39 @@ export const ActionNotifyWhen = ({
     [onSummaryChange, selectedOptionDoesNotExist, onNotifyWhenChange, getDefaultNotifyWhenOption]
   );
 
+  const { euiTheme } = useEuiTheme();
+  const summaryContextMenuOptionStyles = useMemo(
+    () => css`
+      min-width: 300px;
+      padding: ${euiTheme.size.s};
+    `,
+    [euiTheme]
+  );
+
   const summaryOptions = useMemo(
     () => [
-      <SummaryContextMenuOption
-        className="euiSuperSelect__item"
+      <EuiContextMenuItem
         key="summary"
         onClick={() => selectSummaryOption(true)}
         icon={frequency.summary ? 'check' : 'empty'}
         id="actionNotifyWhen-option-summary"
         data-test-subj="actionNotifyWhen-option-summary"
+        className={summaryContextMenuOptionStyles}
       >
         {SUMMARY_OF_ALERTS}
-      </SummaryContextMenuOption>,
-      <SummaryContextMenuOption
-        className="euiSuperSelect__item"
+      </EuiContextMenuItem>,
+      <EuiContextMenuItem
         key="for_each"
         onClick={() => selectSummaryOption(false)}
         icon={!frequency.summary ? 'check' : 'empty'}
         id="actionNotifyWhen-option-for_each"
         data-test-subj="actionNotifyWhen-option-for_each"
+        className={summaryContextMenuOptionStyles}
       >
         {FOR_EACH_ALERT}
-      </SummaryContextMenuOption>,
+      </EuiContextMenuItem>,
     ],
-    [frequency.summary, selectSummaryOption]
+    [frequency.summary, selectSummaryOption, summaryContextMenuOptionStyles]
   );
 
   const summaryOrPerRuleSelect = (
@@ -389,7 +399,3 @@ const SUMMARY_OF_ALERTS = i18n.translate(
   'xpack.triggersActionsUI.sections.ruleForm.actionNotifyWhen.summaryOption',
   { defaultMessage: 'Summary of alerts' }
 );
-
-const SummaryContextMenuOption = euiStyled(EuiContextMenuItem)`
-  min-width: 300px;
-`;
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
index 65353acf5c9a6..31f93378ef9a6 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
@@ -78,7 +78,7 @@ export type AlertsTableStateProps = {
   pageSize?: number;
   browserFields?: BrowserFields;
   onUpdate?: (args: TableUpdateHandlerArgs) => void;
-  onLoaded?: () => void;
+  onLoaded?: (alerts: Alerts) => void;
   runtimeMappings?: MappingRuntimeFields;
   showAlertStatusWithFlapping?: boolean;
   toolbarVisibility?: EuiDataGridToolBarVisibilityOptions;
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_fetch_alerts.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_fetch_alerts.tsx
index 5a0a5efb18c32..c47c2d3207248 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_fetch_alerts.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_fetch_alerts.tsx
@@ -36,7 +36,7 @@ export interface FetchAlertsArgs {
     pageIndex: number;
     pageSize: number;
   };
-  onLoaded?: () => void;
+  onLoaded?: (alerts: Alerts) => void;
   onPageChange: (pagination: RuleRegistrySearchRequestPagination) => void;
   runtimeMappings?: MappingRuntimeFields;
   sort: SortCombinations[];
@@ -259,13 +259,13 @@ const useFetchAlerts = ({
                     totalAlerts,
                   });
                   dispatch({ type: 'loading', loading: false });
-                  onLoaded?.();
+                  onLoaded?.(alerts);
                   searchSubscription$.current.unsubscribe();
                 }
               },
               error: (msg) => {
                 dispatch({ type: 'loading', loading: false });
-                onLoaded?.();
+                onLoaded?.([]);
                 data.search.showError(msg);
                 searchSubscription$.current.unsubscribe();
               },
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rule_status_filter.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rule_status_filter.tsx
index 4e7082931b64d..09d7234595857 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rule_status_filter.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rule_status_filter.tsx
@@ -4,14 +4,18 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import React, { useState, useCallback } from 'react';
+import React, { useState, useCallback, useMemo } from 'react';
+import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { EuiFilterButton, EuiPopover, EuiFilterGroup, EuiSelectableListItem } from '@elastic/eui';
-import { RuleStatus } from '../../../../types';
-
-const statuses: RuleStatus[] = ['enabled', 'disabled', 'snoozed'];
-
-const getOptionDataTestSubj = (status: RuleStatus) => `ruleStatusFilterOption-${status}`;
+import {
+  EuiFilterButton,
+  EuiPopover,
+  EuiFilterGroup,
+  EuiSelectable,
+  type EuiSelectableOption,
+  type EuiSelectableProps,
+} from '@elastic/eui';
+import type { RuleStatus } from '../../../../types';
 
 export interface RuleStatusFilterProps {
   selectedStatuses: RuleStatus[];
@@ -22,6 +26,38 @@ export interface RuleStatusFilterProps {
   onChange: (selectedStatuses: RuleStatus[]) => void;
 }
 
+const ruleStateFilterOptions: Array<{ key: RuleStatus; label: string }> = [
+  {
+    key: 'enabled',
+    label: i18n.translate(
+      'xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.enabledOptionText',
+      {
+        defaultMessage: 'Rule is enabled',
+      }
+    ),
+  },
+  {
+    key: 'disabled',
+    label: i18n.translate(
+      'xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.disabledOptionText',
+      {
+        defaultMessage: 'Rule is disabled',
+      }
+    ),
+  },
+  {
+    key: 'snoozed',
+    label: i18n.translate(
+      'xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.snoozedOptionText',
+      {
+        defaultMessage: 'Rule has snoozed',
+      }
+    ),
+  },
+];
+
+const getOptionDataTestSubj = (status: RuleStatus) => `ruleStatusFilterOption-${status}`;
+
 export const RuleStatusFilter = (props: RuleStatusFilterProps) => {
   const {
     selectedStatuses = [],
@@ -34,45 +70,31 @@ export const RuleStatusFilter = (props: RuleStatusFilterProps) => {
 
   const [isPopoverOpen, setIsPopoverOpen] = useState<boolean>(false);
 
-  const onFilterItemClick = useCallback(
-    (newOption: RuleStatus) => () => {
-      if (selectedStatuses.includes(newOption)) {
-        onChange(selectedStatuses.filter((option) => option !== newOption));
-        return;
-      }
-      onChange([...selectedStatuses, newOption]);
+  const onFilterItemChange: EuiSelectableProps['onChange'] = useCallback(
+    (newOptions: EuiSelectableOption[]) => {
+      const selected = newOptions
+        .filter(({ checked }) => checked === 'on')
+        .map(({ key }) => key as RuleStatus);
+
+      onChange(selected);
     },
-    [selectedStatuses, onChange]
+    [onChange]
   );
 
   const onClick = useCallback(() => {
     setIsPopoverOpen((prevIsOpen) => !prevIsOpen);
   }, [setIsPopoverOpen]);
 
-  const renderRuleStateOptions = (status: 'enabled' | 'disabled' | 'snoozed') => {
-    if (status === 'enabled') {
-      return (
-        <FormattedMessage
-          id="xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.enabledOptionText"
-          defaultMessage="Rule is enabled"
-        />
-      );
-    } else if (status === 'disabled') {
-      return (
-        <FormattedMessage
-          id="xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.disabledOptionText"
-          defaultMessage="Rule is disabled"
-        />
-      );
-    } else if (status === 'snoozed') {
-      return (
-        <FormattedMessage
-          id="xpack.triggersActionsUI.sections.ruleDetails.ruleStateFilter.snoozedOptionText"
-          defaultMessage="Rule has snoozed"
-        />
-      );
-    }
-  };
+  const selectableOptions = useMemo<EuiSelectableOption[]>(
+    () =>
+      ruleStateFilterOptions.map(({ key, label }) => ({
+        key,
+        label,
+        'data-test-subj': optionDataTestSubj(key),
+        checked: selectedStatuses.includes(key) ? 'on' : undefined,
+      })),
+    [optionDataTestSubj, selectedStatuses]
+  );
 
   return (
     <EuiFilterGroup data-test-subj={dataTestSubj}>
@@ -96,18 +118,18 @@ export const RuleStatusFilter = (props: RuleStatusFilterProps) => {
         }
       >
         <div data-test-subj={selectDataTestSubj}>
-          {statuses.map((status) => {
-            return (
-              <EuiSelectableListItem
-                key={status}
-                data-test-subj={optionDataTestSubj(status)}
-                onClick={onFilterItemClick(status)}
-                checked={selectedStatuses.includes(status) ? 'on' : undefined}
-              >
-                {renderRuleStateOptions(status)}
-              </EuiSelectableListItem>
-            );
-          })}
+          <EuiSelectable
+            options={selectableOptions}
+            onChange={onFilterItemChange}
+            listProps={{
+              bordered: false,
+              style: {
+                minWidth: 300,
+              },
+            }}
+          >
+            {(list) => list}
+          </EuiSelectable>
         </div>
       </EuiPopover>
     </EuiFilterGroup>
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rules_list.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rules_list.test.tsx
index 363c348407bfe..efedf01a92f84 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rules_list.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rules_list.test.tsx
@@ -397,13 +397,14 @@ describe('rules_list ', () => {
     );
     fireEvent.click((await screen.findAllByTestId('ruleStatusFilterButton'))[0]);
     fireEvent.click((await screen.findAllByTestId('ruleStatusFilterOption-enabled'))[0]);
+
     expect(loadRulesWithKueryFilter).toHaveBeenLastCalledWith(
       expect.objectContaining({
-        ruleStatusesFilter: ['disabled', 'enabled'],
+        ruleStatusesFilter: ['enabled', 'disabled'],
       })
     );
     expect(onStatusFilterChangeMock).toHaveBeenCalled();
-    expect(onStatusFilterChangeMock).toHaveBeenLastCalledWith(['disabled', 'enabled']);
+    expect(onStatusFilterChangeMock).toHaveBeenLastCalledWith(['enabled', 'disabled']);
   });
 
   it('can filter by last response', async () => {
diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list_page.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list_page.helpers.ts
index cd4fd2ab2cfba..905f6b69f6df4 100644
--- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list_page.helpers.ts
+++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list_page.helpers.ts
@@ -68,7 +68,7 @@ export const setup = async (httpSetup: HttpSetup): Promise<WatchListTestBed> =>
 
   const searchWatches = async (term: string) => {
     const { find, component } = testBed;
-    const searchInput = find('watchesTableContainer').find('.euiFieldSearch');
+    const searchInput = find('watchesTableContainer').find('input.euiFieldSearch');
 
     // Enter input into the search box
     // @ts-ignore
diff --git a/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts b/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts
index c47443dd66773..39f8222fb4e8b 100644
--- a/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts
+++ b/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts
@@ -7,7 +7,7 @@
 
 import moment from 'moment';
 
-export function getMoment(date?: string | number | null) {
+export function getMoment(date?: string | number | null | Date) {
   if (!date) {
     return null;
   }
diff --git a/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts b/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts
index f235c2ea07a9d..7bd23fcd9b46c 100644
--- a/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts
+++ b/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts
@@ -30,7 +30,7 @@ export class BedrockSimulator extends Simulator {
     }
 
     if (
-      request.url === '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke-with-response-stream'
+      request.url === '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke-with-response-stream'
     ) {
       return BedrockSimulator.sendStreamResponse(response);
     }
diff --git a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts
index 5ecb376a95ca8..4cafa57d3d480 100644
--- a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts
+++ b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts
@@ -92,6 +92,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
         'test.patternFiringAad',
         'test.waitingRule',
         'test.patternFiringAutoRecoverFalse',
+        'test.severity',
       ],
       privileges: {
         all: {
@@ -123,6 +124,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
                 'test.patternFiringAad',
                 'test.waitingRule',
                 'test.patternFiringAutoRecoverFalse',
+                'test.severity',
               ],
             },
           },
@@ -157,6 +159,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
                 'test.patternFiringAad',
                 'test.waitingRule',
                 'test.patternFiringAutoRecoverFalse',
+                'test.severity',
               ],
             },
           },
diff --git a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
index 109f01f6b6d57..498020cb4b7d2 100644
--- a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
+++ b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
@@ -1032,6 +1032,78 @@ function getWaitingRuleType(logger: Logger) {
   return result;
 }
 
+function getSeverityRuleType() {
+  const paramsSchema = schema.object({
+    pattern: schema.arrayOf(
+      schema.oneOf([schema.literal('low'), schema.literal('medium'), schema.literal('high')])
+    ),
+  });
+  type ParamsType = TypeOf<typeof paramsSchema>;
+  interface State extends RuleTypeState {
+    patternIndex?: number;
+  }
+  const result: RuleType<
+    ParamsType,
+    never,
+    State,
+    {},
+    {},
+    'low' | 'medium' | 'high',
+    'recovered',
+    { patternIndex: number; instancePattern: boolean[] }
+  > = {
+    id: 'test.severity',
+    name: 'Test: Rule type with severity',
+    actionGroups: [
+      { id: 'low', name: 'Low', severity: { level: 0 } },
+      { id: 'medium', name: 'Medium', severity: { level: 1 } },
+      { id: 'high', name: 'High', severity: { level: 2 } },
+    ],
+    category: 'management',
+    producer: 'alertsFixture',
+    defaultActionGroupId: 'low',
+    minimumLicenseRequired: 'basic',
+    isExportable: true,
+    doesSetRecoveryContext: true,
+    validate: { params: paramsSchema },
+    async executor(executorOptions) {
+      const { services, state, params } = executorOptions;
+      const pattern = params.pattern;
+      if (!Array.isArray(pattern)) throw new Error('pattern is not an array');
+
+      const alertsClient = services.alertsClient;
+      if (!alertsClient) {
+        throw new Error(`Expected alertsClient to be defined but it is not`);
+      }
+
+      // get the pattern index, return if past it
+      const patternIndex = state.patternIndex ?? 0;
+      if (patternIndex >= pattern.length) {
+        return { state: { patternIndex } };
+      }
+
+      alertsClient.report({ id: '*', actionGroup: pattern[patternIndex] });
+
+      // set recovery payload
+      for (const recoveredAlert of alertsClient.getRecoveredAlerts()) {
+        alertsClient.setAlertData({ id: recoveredAlert.alert.getId() });
+      }
+
+      return {
+        state: {
+          patternIndex: patternIndex + 1,
+        },
+      };
+    },
+    alerts: {
+      context: 'test.severity',
+      shouldWrite: true,
+      mappings: { fieldMap: {} },
+    },
+  };
+  return result;
+}
+
 async function sendSignal(
   logger: Logger,
   es: ElasticsearchClient,
@@ -1325,4 +1397,5 @@ export function defineRuleTypes(
   alerting.registerType(getPatternFiringAutoRecoverFalseRuleType());
   alerting.registerType(getPatternFiringAlertsAsDataRuleType());
   alerting.registerType(getWaitingRuleType(logger));
+  alerting.registerType(getSeverityRuleType());
 }
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
index d5207718d844a..edd3d8d2ae072 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
@@ -896,24 +896,24 @@ export default function scheduleBackfillTests({ getService }: FtrProviderContext
               // error scheduling due to unsupported rule type
               expect(result[2]).to.eql({
                 error: {
-                  error: 'Bad Request',
                   message: `Rule type "test.noop" for rule ${lifecycleRuleId} is not supported`,
+                  rule: { id: lifecycleRuleId, name: 'abc' },
                 },
               });
 
               // error scheduling due to disabled rule
               expect(result[3]).to.eql({
                 error: {
-                  error: 'Bad Request',
                   message: `Rule ${disabledRuleId} is disabled`,
+                  rule: { id: disabledRuleId, name: 'abc' },
                 },
               });
 
               // error scheduling due to deleted rule
               expect(result[4]).to.eql({
                 error: {
-                  error: 'Not Found',
                   message: `Saved object [alert/${deletedRuleId}] not found`,
+                  rule: { id: deletedRuleId },
                 },
               });
 
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts
index a802ec201f839..93c8cd40fb37f 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts
@@ -31,7 +31,7 @@ const secrets = {
 };
 
 const defaultConfig = {
-  defaultModel: 'anthropic.claude-3-sonnet-20240229-v1:0',
+  defaultModel: 'anthropic.claude-3-5-sonnet-20240620-v1:0',
 };
 
 // eslint-disable-next-line import/no-default-export
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts
new file mode 100644
index 0000000000000..533bd593e3588
--- /dev/null
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts
@@ -0,0 +1,138 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import type { Alert } from '@kbn/alerts-as-data-utils';
+import { SearchHit } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import {
+  ALERT_ACTION_GROUP,
+  ALERT_SEVERITY_IMPROVING,
+  ALERT_PREVIOUS_ACTION_GROUP,
+} from '@kbn/rule-data-utils';
+import { FtrProviderContext } from '../../../../common/ftr_provider_context';
+import { getEventLog, getUrlPrefix, getTestRuleData, ObjectRemover } from '../../../../common/lib';
+import { Spaces } from '../../../scenarios';
+
+// eslint-disable-next-line import/no-default-export
+export default function createAlertSeverityTests({ getService }: FtrProviderContext) {
+  const es = getService('es');
+  const retry = getService('retry');
+  const supertest = getService('supertest');
+  const space = Spaces.default;
+
+  const alertsAsDataIndex = '.alerts-test.severity.alerts-default';
+
+  describe('improving alert severity', () => {
+    const objectRemover = new ObjectRemover(supertest);
+
+    afterEach(async () => {
+      await objectRemover.removeAll();
+    });
+    after(async () => {
+      await es.deleteByQuery({
+        index: alertsAsDataIndex,
+        query: { match_all: {} },
+        conflicts: 'proceed',
+      });
+    });
+
+    it('should correctly set severity_improving and previous_action_group data in alert document', async () => {
+      const pattern = [
+        'low',
+        'low',
+        'medium',
+        'high',
+        'high',
+        'low',
+        'high',
+        'medium',
+        'medium',
+        'low',
+      ];
+      const { body: createdRule } = await supertest
+        .post(`${getUrlPrefix(space.id)}/api/alerting/rule`)
+        .set('kbn-xsrf', 'foo')
+        .send(
+          getTestRuleData({
+            rule_type_id: 'test.severity',
+            schedule: { interval: '1d' },
+            throttle: null,
+            params: {
+              pattern,
+            },
+          })
+        )
+        .expect(200);
+      const ruleId = createdRule.id;
+      objectRemover.add(space.id, ruleId, 'rule', 'alerting');
+
+      const allAlertDocs: Alert[] = [];
+      for (let i = 0; i < pattern.length; i++) {
+        // Wait for execution to finish
+        await waitForEventLogDocs(ruleId, new Map([['execute', { equal: i + 1 }]]));
+
+        // Get alert after last execution
+        const alertDocs = await queryForAlertDocs<Alert>();
+        expect(alertDocs.length).to.eql(1);
+        allAlertDocs.push(alertDocs[0]._source!);
+
+        // Run another execution
+        await supertest
+          .post(`${getUrlPrefix(space.id)}/internal/alerting/rule/${ruleId}/_run_soon`)
+          .set('kbn-xsrf', 'foo')
+          .expect(204);
+      }
+
+      // Verify action group and previous action group are set as expected
+      for (let i = 0; i < pattern.length; i++) {
+        expect(allAlertDocs[i][ALERT_ACTION_GROUP]).to.eql(pattern[i]);
+
+        if (i >= 1) {
+          expect(allAlertDocs[i][ALERT_PREVIOUS_ACTION_GROUP]).to.eql(pattern[i - 1]);
+        } else {
+          expect(allAlertDocs[i][ALERT_PREVIOUS_ACTION_GROUP]).to.be(undefined);
+        }
+      }
+
+      // Verify severity_improving is set correctly
+      expect(allAlertDocs[0][ALERT_SEVERITY_IMPROVING]).to.eql(false);
+      expect(allAlertDocs[1][ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(allAlertDocs[2][ALERT_SEVERITY_IMPROVING]).to.eql(false);
+      expect(allAlertDocs[3][ALERT_SEVERITY_IMPROVING]).to.eql(false);
+      expect(allAlertDocs[4][ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(allAlertDocs[5][ALERT_SEVERITY_IMPROVING]).to.eql(true);
+      expect(allAlertDocs[6][ALERT_SEVERITY_IMPROVING]).to.eql(false);
+      expect(allAlertDocs[7][ALERT_SEVERITY_IMPROVING]).to.eql(true);
+      expect(allAlertDocs[8][ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(allAlertDocs[9][ALERT_SEVERITY_IMPROVING]).to.eql(true);
+    });
+  });
+
+  async function queryForAlertDocs<T>(): Promise<Array<SearchHit<T>>> {
+    const searchResult = await es.search({
+      index: alertsAsDataIndex,
+      body: { query: { match_all: {} } },
+    });
+    return searchResult.hits.hits as Array<SearchHit<T>>;
+  }
+
+  async function waitForEventLogDocs(
+    id: string,
+    actions: Map<string, { gte: number } | { equal: number }>
+  ) {
+    return await retry.try(async () => {
+      return await getEventLog({
+        getService,
+        spaceId: space.id,
+        type: 'alert',
+        id,
+        provider: 'alerting',
+        actions,
+      });
+    });
+  }
+}
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts
index 99464a5f4069d..1604fa24bfe79 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts
@@ -17,6 +17,8 @@ import {
   ALERT_FLAPPING,
   ALERT_FLAPPING_HISTORY,
   ALERT_INSTANCE_ID,
+  ALERT_SEVERITY_IMPROVING,
+  ALERT_PREVIOUS_ACTION_GROUP,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_EXECUTION_TIMESTAMP,
@@ -62,6 +64,8 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
     'kibana.alert.flapping_history',
     'kibana.alert.rule.execution.uuid',
     'kibana.alert.rule.execution.timestamp',
+    'kibana.alert.severity_improving',
+    'kibana.alert.previous_action_group',
   ];
 
   describe('alerts as data', () => {
@@ -169,6 +173,9 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
 
         // tags should equal rule tags because rule type doesn't set any tags
         expect(source.tags).to.eql(['foo']);
+
+        // new alerts automatically get severity_improving set to false
+        expect(source[ALERT_SEVERITY_IMPROVING]).to.equal(false);
       }
 
       let alertDoc: SearchHit<PatternFiringAlert> | undefined = alertDocsRun1.find(
@@ -256,6 +263,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
       expect(alertADocRun2[ALERT_WORKFLOW_STATUS]).to.eql(alertADocRun1[ALERT_WORKFLOW_STATUS]);
       expect(alertADocRun2[ALERT_TIME_RANGE]?.gte).to.equal(alertADocRun1[ALERT_TIME_RANGE]?.gte);
 
+      // no severity levels for this rule type
+      expect(alertADocRun2[ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(alertADocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default');
+
       // alertB, run 2
       // status is updated to recovered, duration is updated, end time is set
       alertDoc = alertDocsRun2.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertB');
@@ -295,6 +306,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
       // time_range.lte should be set to end time
       expect(alertBDocRun2[ALERT_TIME_RANGE]?.lte).to.equal(alertBDocRun2[ALERT_END]);
 
+      // recovered alerts automatically get severity_improving set to true
+      expect(alertBDocRun2[ALERT_SEVERITY_IMPROVING]).to.equal(true);
+      expect(alertBDocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default');
+
       // alertC, run 2
       // status is updated to recovered, duration is updated, end time is set
       alertDoc = alertDocsRun2.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertC');
@@ -334,6 +349,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
       // time_range.lte should be set to end time
       expect(alertCDocRun2[ALERT_TIME_RANGE]?.lte).to.equal(alertCDocRun2[ALERT_END]);
 
+      // recovered alerts automatically get severity_improving set to true
+      expect(alertBDocRun2[ALERT_SEVERITY_IMPROVING]).to.equal(true);
+      expect(alertCDocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default');
+
       // --------------------------
       // RUN 3 - 1 re-active (alertC), 1 still recovered (alertB), 1 ongoing (alertA)
       // --------------------------
@@ -401,6 +420,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
       expect(alertADocRun3[ALERT_WORKFLOW_STATUS]).to.eql(alertADocRun2[ALERT_WORKFLOW_STATUS]);
       expect(alertADocRun3[ALERT_TIME_RANGE]?.gte).to.equal(alertADocRun2[ALERT_TIME_RANGE]?.gte);
 
+      // no severity levels for this rule type
+      expect(alertADocRun3[ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(alertADocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default');
+
       // alertB doc should be unchanged from prior run because it is still recovered
       // but its flapping history should be updated
       alertDoc = alertDocsRun3.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertB');
@@ -420,6 +443,9 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
         false,
       ]);
 
+      expect(alertBDocRun3[ALERT_SEVERITY_IMPROVING]).to.be(undefined);
+      expect(alertBDocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('recovered');
+
       // alertC should have 2 docs
       const alertCDocs = alertDocsRun3.filter(
         (doc) => doc._source![ALERT_INSTANCE_ID] === 'alertC'
@@ -462,6 +488,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
       expect(alertCDocRun3[EVENT_KIND]).to.eql('signal');
       expect(alertCDocRun3[ALERT_WORKFLOW_STATUS]).to.eql('open');
       expect(alertCDocRun3[ALERT_TIME_RANGE]?.gte).to.equal(alertCDocRun3[ALERT_START]);
+
+      // new alerts automatically get severity_improving set to false
+      expect(alertCDocRun3[ALERT_SEVERITY_IMPROVING]).to.equal(false);
+      expect(alertCDocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.be(undefined);
     });
   });
 
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts
index 95132afc0122c..59fd7eeb5d6fa 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts
@@ -99,7 +99,7 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
         await esTestIndexTool.waitForDocs(source, 'rule-starting-2');
 
         log(`ad-hoc update the alert doc`);
-        await adHocUpdate(es, aadIndex, initialDocs[0]._id);
+        await adHocUpdate(es, aadIndex, initialDocs[0]._id!);
 
         log(`signal the rule to finish`);
         await esTestIndexTool.indexDoc(source, 'rule-complete-2');
@@ -157,8 +157,8 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F
         await esTestIndexTool.waitForDocs(source, 'rule-starting-2');
 
         log(`ad-hoc update the 2nd and 4th alert docs`);
-        await adHocUpdate(es, aadIndex, initialDocs[1]._id);
-        await adHocUpdate(es, aadIndex, initialDocs[3]._id);
+        await adHocUpdate(es, aadIndex, initialDocs[1]._id!);
+        await adHocUpdate(es, aadIndex, initialDocs[3]._id!);
 
         log(`signal the rule to finish`);
         await esTestIndexTool.indexDoc(source, 'rule-complete-2');
@@ -287,6 +287,8 @@ const SkipFields = [
   'kibana.alert.workflow_tags',
   'kibana.alert.workflow_status',
   'kibana.alert.consecutive_matches',
+  'kibana.alert.severity_improving',
+  'kibana.alert.previous_action_group',
 ];
 
 function log(message: string) {
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts
index 86c239250d109..79dae86b6a8d5 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts
@@ -30,6 +30,7 @@ export default function alertingTests({ loadTestFile, getService }: FtrProviderC
     loadTestFile(require.resolve('./flapping_history'));
     loadTestFile(require.resolve('./check_registered_rule_types'));
     loadTestFile(require.resolve('./alert_delay'));
+    loadTestFile(require.resolve('./alert_severity'));
     loadTestFile(require.resolve('./generate_alert_schemas'));
     // Do not place test files here, due to https://github.com/elastic/kibana/issues/123059
 
diff --git a/x-pack/test/api_integration/apis/aiops/test_data.ts b/x-pack/test/api_integration/apis/aiops/test_data.ts
index 21f628d832c7d..72d791248e9b2 100644
--- a/x-pack/test/api_integration/apis/aiops/test_data.ts
+++ b/x-pack/test/api_integration/apis/aiops/test_data.ts
@@ -32,11 +32,11 @@ export const getLogRateAnalysisTestData = <T extends ApiVersion>(): Array<TestDa
     testName: 'ecommerce',
     esArchive: 'x-pack/test/functional/es_archives/ml/ecommerce',
     requestBody: {
-      baselineMax: 1561719083292,
-      baselineMin: 1560954147006,
-      deviationMax: 1562254538692,
-      deviationMin: 1561986810992,
-      end: 2147483647000,
+      baselineMax: 1687949483292,
+      baselineMin: 1687184547006,
+      deviationMax: 1688484938692,
+      deviationMin: 1688217210992,
+      end: 2273714047000,
       index: 'ft_ecommerce',
       searchQuery: '{"match_all":{}}',
       start: 0,
diff --git a/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts b/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts
deleted file mode 100644
index af9d3d0d206a4..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrConfigProviderContext } from '@kbn/test';
-
-export default async function ({ readConfigFile }: FtrConfigProviderContext) {
-  const baseIntegrationTestsConfig = await readConfigFile(require.resolve('../../config.ts'));
-
-  return {
-    ...baseIntegrationTestsConfig.getAll(),
-    testFiles: [require.resolve('./tests/when_disabled.ts')],
-  };
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/config_when_enabled.ts b/x-pack/test/api_integration/apis/asset_manager/config_when_enabled.ts
deleted file mode 100644
index a8ad78d02ab6f..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/config_when_enabled.ts
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  ApmSynthtraceEsClient,
-  ApmSynthtraceKibanaClient,
-  createLogger,
-  InfraSynthtraceEsClient,
-  LogLevel,
-} from '@kbn/apm-synthtrace';
-import { FtrConfigProviderContext, kbnTestConfig } from '@kbn/test';
-import url from 'url';
-import { FtrProviderContext as InheritedFtrProviderContext } from '../../ftr_provider_context';
-import { InheritedServices } from './types';
-
-interface AssetManagerConfig {
-  services: InheritedServices & {
-    infraSynthtraceEsClient: (
-      context: InheritedFtrProviderContext
-    ) => Promise<InfraSynthtraceEsClient>;
-    apmSynthtraceEsClient: (context: InheritedFtrProviderContext) => Promise<ApmSynthtraceEsClient>;
-  };
-}
-
-export default async function createTestConfig({
-  readConfigFile,
-}: FtrConfigProviderContext): Promise<AssetManagerConfig> {
-  const baseIntegrationTestsConfig = await readConfigFile(require.resolve('../../config.ts'));
-  const services = baseIntegrationTestsConfig.get('services');
-
-  return {
-    ...baseIntegrationTestsConfig.getAll(),
-    testFiles: [require.resolve('./tests')],
-    services: {
-      ...services,
-      infraSynthtraceEsClient: (context: InheritedFtrProviderContext) => {
-        return new InfraSynthtraceEsClient({
-          client: context.getService('es'),
-          logger: createLogger(LogLevel.info),
-          refreshAfterIndex: true,
-        });
-      },
-      apmSynthtraceEsClient: async (context: InheritedFtrProviderContext) => {
-        const servers = baseIntegrationTestsConfig.get('servers');
-
-        const kibanaServer = servers.kibana as url.UrlObject;
-        const kibanaServerUrl = url.format(kibanaServer);
-        const kibanaServerUrlWithAuth = url
-          .format({
-            ...url.parse(kibanaServerUrl),
-            auth: `elastic:${kbnTestConfig.getUrlParts().password}`,
-          })
-          .slice(0, -1);
-
-        const kibanaClient = new ApmSynthtraceKibanaClient({
-          target: kibanaServerUrlWithAuth,
-          logger: createLogger(LogLevel.debug),
-        });
-        const kibanaVersion = await kibanaClient.fetchLatestApmPackageVersion();
-        await kibanaClient.installApmPackage(kibanaVersion);
-
-        return new ApmSynthtraceEsClient({
-          client: context.getService('es'),
-          logger: createLogger(LogLevel.info),
-          version: kibanaVersion,
-          refreshAfterIndex: true,
-        });
-      },
-    },
-    kbnTestServer: {
-      ...baseIntegrationTestsConfig.get('kbnTestServer'),
-      serverArgs: [
-        ...baseIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
-        '--xpack.assetManager.alphaEnabled=true',
-      ],
-    },
-  };
-}
-
-export type CreateTestConfig = Awaited<ReturnType<typeof createTestConfig>>;
-
-export type AssetManagerServices = CreateTestConfig['services'];
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/assets.ts b/x-pack/test/api_integration/apis/asset_manager/tests/assets.ts
deleted file mode 100644
index dc140d3cea763..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/assets.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import expect from '@kbn/expect';
-import { ASSETS_ENDPOINT } from './constants';
-import { FtrProviderContext } from '../types';
-import { generateHostsData, generateServicesData } from './helpers';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const synthtraceApm = getService('apmSynthtraceEsClient');
-  const synthtraceInfra = getService('infraSynthtraceEsClient');
-
-  describe('GET /assets', () => {
-    const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-    const to = new Date().toISOString();
-
-    beforeEach(async () => {
-      await synthtraceApm.clean();
-      await synthtraceInfra.clean();
-    });
-
-    it('should return all assets', async () => {
-      await Promise.all([
-        synthtraceInfra.index(generateHostsData({ from, to, count: 5 })),
-        synthtraceApm.index(generateServicesData({ from, to, count: 5 })),
-      ]);
-
-      const response = await supertest
-        .get(ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('assets');
-      expect(response.body.assets.length).to.equal(10);
-    });
-
-    it('supports only hosts and services', async () => {
-      await supertest
-        .get(ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ kind: ['host', 'service'] }),
-        })
-        .expect(200);
-
-      await supertest
-        .get(ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ kind: ['container', 'host'] }),
-        })
-        .expect(400);
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts b/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts
deleted file mode 100644
index d0d44b88f68c1..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import expect from '@kbn/expect';
-import { FtrProviderContext } from '../../../ftr_provider_context';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const esSupertest = getService('esSupertest');
-
-  describe('during basic startup', () => {
-    describe('ping endpoint', () => {
-      it('returns a successful response', async () => {
-        const response = await supertest.get('/api/asset-manager/ping').expect(200);
-        expect(response.body).to.eql({ message: 'Asset Manager OK' });
-      });
-    });
-
-    describe('assets index templates', () => {
-      it('should always be installed', async () => {
-        await esSupertest.get('/_index_template/assets').expect(200);
-      });
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/containers.ts b/x-pack/test/api_integration/apis/asset_manager/tests/containers.ts
deleted file mode 100644
index ea1b7120238b0..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/containers.ts
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { timerange, infra } from '@kbn/apm-synthtrace-client';
-import expect from '@kbn/expect';
-import { Asset } from '@kbn/assetManager-plugin/common/types_api';
-import * as routePaths from '@kbn/assetManager-plugin/common/constants_routes';
-import { FtrProviderContext } from '../types';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const synthtrace = getService('infraSynthtraceEsClient');
-
-  describe(`GET ${routePaths.GET_CONTAINERS}`, () => {
-    const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-    const to = new Date().toISOString();
-
-    beforeEach(async () => {
-      await synthtrace.clean();
-    });
-
-    it('should return docker container assets', async () => {
-      await synthtrace.index(generateDockerContainersData({ from, to, count: 5 }));
-
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(5);
-    });
-
-    it('should return a specific docker container asset by EAN', async () => {
-      await synthtrace.index(generateDockerContainersData({ from, to, count: 5 }));
-      const testEan = 'container:container-id-1';
-
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ ean: testEan }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(1);
-      expect(response.body.containers[0]['asset.ean']).to.equal(testEan);
-    });
-
-    it('should return a filtered list of docker container assets by ID wildcard pattern', async () => {
-      await synthtrace.index(generateDockerContainersData({ from, to, count: 15 }));
-      const testIdPattern = '*id-1*';
-
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ id: testIdPattern }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(6);
-
-      const ids = response.body.containers.map((result: Asset) => result['asset.id']);
-
-      expect(ids).to.eql([
-        'container-id-1',
-        'container-id-10',
-        'container-id-11',
-        'container-id-12',
-        'container-id-13',
-        'container-id-14',
-      ]);
-    });
-
-    it('should return k8s container assets', async () => {
-      await synthtrace.index(generateK8sContainersData({ from, to, count: 5 }));
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(5);
-    });
-
-    it('should return a specific k8s container asset by EAN', async () => {
-      await synthtrace.index(generateK8sContainersData({ from, to, count: 5 }));
-      const testEan = 'container:container-id-1';
-
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ ean: testEan }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(1);
-      expect(response.body.containers[0]['asset.ean']).to.equal(testEan);
-    });
-
-    it('should return a filtered list of k8s container assets by ID wildcard pattern', async () => {
-      await synthtrace.index(generateK8sContainersData({ from, to, count: 15 }));
-      const testIdPattern = '*id-1*';
-
-      const response = await supertest
-        .get(routePaths.GET_CONTAINERS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ id: testIdPattern }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('containers');
-      expect(response.body.containers.length).to.equal(6);
-
-      const ids = response.body.containers.map((result: Asset) => result['asset.id']);
-
-      expect(ids).to.eql([
-        'container-id-1',
-        'container-id-10',
-        'container-id-11',
-        'container-id-12',
-        'container-id-13',
-        'container-id-14',
-      ]);
-    });
-  });
-}
-
-function generateDockerContainersData({
-  from,
-  to,
-  count = 1,
-}: {
-  from: string;
-  to: string;
-  count: number;
-}) {
-  const range = timerange(from, to);
-
-  const containers = Array(count)
-    .fill(0)
-    .map((_, idx) => infra.dockerContainer(`container-id-${idx}`));
-
-  return range
-    .interval('1m')
-    .rate(1)
-    .generator((timestamp) =>
-      containers.map((container) => container.metrics().timestamp(timestamp))
-    );
-}
-
-function generateK8sContainersData({
-  from,
-  to,
-  count = 1,
-}: {
-  from: string;
-  to: string;
-  count: number;
-}) {
-  const range = timerange(from, to);
-
-  const containers = Array(count)
-    .fill(0)
-    .map((_, idx) =>
-      infra.k8sContainer(`container-id-${idx}`, `container-uid-${idx + 1000}`, `node-name-${idx}`)
-    );
-
-  return range
-    .interval('1m')
-    .rate(1)
-    .generator((timestamp) =>
-      containers.map((container) => container.metrics().timestamp(timestamp))
-    );
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts b/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts
deleted file mode 100644
index 94ab2f5b99ffe..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { AssetWithoutTimestamp } from '@kbn/assetManager-plugin/common/types_api';
-import type { WriteSamplesPostBody } from '@kbn/assetManager-plugin/server';
-import { apm, infra, timerange } from '@kbn/apm-synthtrace-client';
-import expect from '@kbn/expect';
-import { Agent as SuperTestAgent } from 'supertest';
-
-const SAMPLE_ASSETS_ENDPOINT = '/api/asset-manager/assets/sample';
-
-export type KibanaSupertest = SuperTestAgent;
-
-// NOTE: In almost every case in tests, you want { refresh: true }
-// in the options of this function, so it is defaulted to that value.
-// Otherwise, it's likely whatever action you are testing after you
-// create the sample asset docs will fail to find them.
-// This refresh key passes through to the underlying ES
-// query via the refresh option, see: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-refresh.html
-export async function createSampleAssets(
-  supertest: KibanaSupertest,
-  options: WriteSamplesPostBody = {}
-) {
-  if (options === null) {
-    options = {};
-  }
-  if (!('refresh' in options)) {
-    options.refresh = true;
-  }
-  return supertest.post(SAMPLE_ASSETS_ENDPOINT).set('kbn-xsrf', 'xxx').send(options).expect(200);
-}
-
-export async function deleteSampleAssets(supertest: KibanaSupertest) {
-  return await supertest.delete(SAMPLE_ASSETS_ENDPOINT).set('kbn-xsrf', 'xxx').expect(200);
-}
-
-export async function viewSampleAssetDocs(supertest: KibanaSupertest) {
-  const response = await supertest.get(SAMPLE_ASSETS_ENDPOINT).expect(200);
-  expect(response).to.have.property('body');
-  expect(response.body).to.have.property('results');
-  return response.body.results as AssetWithoutTimestamp[];
-}
-
-export function generateServicesData({
-  from,
-  to,
-  count = 1,
-}: {
-  from: string;
-  to: string;
-  count: number;
-}) {
-  const range = timerange(from, to);
-
-  const services = Array(count)
-    .fill(0)
-    .map((_, idx) =>
-      apm
-        .service({
-          name: `service-${idx}`,
-          environment: 'production',
-          agentName: 'nodejs',
-        })
-        .instance(`my-host-${idx}`)
-    );
-
-  return range
-    .interval('1m')
-    .rate(1)
-    .generator((timestamp, index) =>
-      services.map((service) =>
-        service
-          .transaction({ transactionName: 'GET /foo' })
-          .timestamp(timestamp)
-          .duration(500)
-          .success()
-      )
-    );
-}
-
-export function generateHostsData({
-  from,
-  to,
-  count = 1,
-}: {
-  from: string;
-  to: string;
-  count: number;
-}) {
-  const range = timerange(from, to);
-
-  const hosts = Array(count)
-    .fill(0)
-    .map((_, idx) => infra.host(`my-host-${idx}`));
-
-  return range
-    .interval('1m')
-    .rate(1)
-    .generator((timestamp, index) => hosts.map((host) => host.cpu().timestamp(timestamp)));
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/hosts.ts b/x-pack/test/api_integration/apis/asset_manager/tests/hosts.ts
deleted file mode 100644
index 8ce5e4dea8592..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/hosts.ts
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import expect from '@kbn/expect';
-import { Asset } from '@kbn/assetManager-plugin/common/types_api';
-import { ASSETS_ENDPOINT } from './constants';
-import { FtrProviderContext } from '../types';
-import { generateHostsData } from './helpers';
-
-const HOSTS_ASSETS_ENDPOINT = `${ASSETS_ENDPOINT}/hosts`;
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const synthtrace = getService('infraSynthtraceEsClient');
-
-  describe('GET /assets/hosts', () => {
-    const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-    const to = new Date().toISOString();
-
-    beforeEach(async () => {
-      await synthtrace.clean();
-    });
-
-    it('should return hosts', async () => {
-      await synthtrace.index(generateHostsData({ from, to, count: 5 }));
-
-      const response = await supertest
-        .get(HOSTS_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('hosts');
-      expect(response.body.hosts.length).to.equal(5);
-    });
-
-    it('should return a specific host by EAN', async () => {
-      await synthtrace.index(generateHostsData({ from, to, count: 5 }));
-      const testEan = 'host:my-host-1';
-
-      const response = await supertest
-        .get(HOSTS_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ ean: testEan }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('hosts');
-      expect(response.body.hosts.length).to.equal(1);
-      expect(response.body.hosts[0]['asset.ean']).to.equal(testEan);
-    });
-
-    it('should return a filtered list of hosts by ID wildcard pattern', async () => {
-      await synthtrace.index(generateHostsData({ from, to, count: 15 }));
-      const testIdPattern = '*host-1*';
-
-      const response = await supertest
-        .get(HOSTS_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ id: testIdPattern }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('hosts');
-      expect(response.body.hosts.length).to.equal(6);
-
-      const ids = response.body.hosts.map((result: Asset) => result['asset.id']);
-
-      expect(ids).to.eql([
-        'my-host-1',
-        'my-host-10',
-        'my-host-11',
-        'my-host-12',
-        'my-host-13',
-        'my-host-14',
-      ]);
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/index.ts b/x-pack/test/api_integration/apis/asset_manager/tests/index.ts
deleted file mode 100644
index 8f8295db4dd01..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/index.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import { FtrProviderContext } from '../../../ftr_provider_context';
-
-export default function ({ loadTestFile }: FtrProviderContext) {
-  describe('Asset Manager API Endpoints', () => {
-    loadTestFile(require.resolve('./basics'));
-    loadTestFile(require.resolve('./containers'));
-    loadTestFile(require.resolve('./hosts'));
-    loadTestFile(require.resolve('./services'));
-    loadTestFile(require.resolve('./pods'));
-    loadTestFile(require.resolve('./sample_assets'));
-    loadTestFile(require.resolve('./assets'));
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/pods.ts b/x-pack/test/api_integration/apis/asset_manager/tests/pods.ts
deleted file mode 100644
index e77f10c084d18..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/pods.ts
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { timerange, infra } from '@kbn/apm-synthtrace-client';
-import expect from '@kbn/expect';
-import { Asset } from '@kbn/assetManager-plugin/common/types_api';
-import * as routePaths from '@kbn/assetManager-plugin/common/constants_routes';
-import { FtrProviderContext } from '../types';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const synthtrace = getService('infraSynthtraceEsClient');
-
-  describe(`GET ${routePaths.GET_PODS}`, () => {
-    const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-    const to = new Date().toISOString();
-
-    beforeEach(async () => {
-      await synthtrace.clean();
-    });
-
-    it('should return pod assets', async () => {
-      await synthtrace.index(generatePodsData({ from, to, count: 5 }));
-
-      const response = await supertest
-        .get(routePaths.GET_PODS)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('pods');
-      expect(response.body.pods.length).to.equal(5);
-    });
-
-    it('should return a specific pod asset by EAN', async () => {
-      await synthtrace.index(generatePodsData({ from, to, count: 5 }));
-      const testEan = 'pod:pod-uid-1';
-
-      const response = await supertest
-        .get(routePaths.GET_PODS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ ean: testEan }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('pods');
-      expect(response.body.pods.length).to.equal(1);
-      expect(response.body.pods[0]['asset.ean']).to.equal(testEan);
-    });
-
-    it('should return a filtered list of pods assets by ID wildcard pattern', async () => {
-      await synthtrace.index(generatePodsData({ from, to, count: 15 }));
-      const testIdPattern = '*id-1*';
-
-      const response = await supertest
-        .get(routePaths.GET_PODS)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ id: testIdPattern }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('pods');
-      expect(response.body.pods.length).to.equal(6);
-
-      const ids = response.body.pods.map((result: Asset) => result['asset.id']);
-
-      expect(ids).to.eql([
-        'pod-uid-1',
-        'pod-uid-10',
-        'pod-uid-11',
-        'pod-uid-12',
-        'pod-uid-13',
-        'pod-uid-14',
-      ]);
-    });
-  });
-}
-
-function generatePodsData({ from, to, count = 1 }: { from: string; to: string; count: number }) {
-  const range = timerange(from, to);
-
-  const pods = Array(count)
-    .fill(0)
-    .map((_, idx) => infra.pod(`pod-uid-${idx}`, `node-name-${idx}`));
-
-  return range
-    .interval('1m')
-    .rate(1)
-    .generator((timestamp) => pods.map((pod) => pod.metrics().timestamp(timestamp)));
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts b/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts
deleted file mode 100644
index a9e7ebab188e8..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { Asset } from '@kbn/assetManager-plugin/common/types_api';
-import expect from '@kbn/expect';
-import { FtrProviderContext } from '../../../ftr_provider_context';
-import { createSampleAssets, deleteSampleAssets, viewSampleAssetDocs } from './helpers';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const esSupertest = getService('esSupertest');
-
-  async function countSampleDocs() {
-    const sampleAssetDocs = await viewSampleAssetDocs(supertest);
-    return sampleAssetDocs.length;
-  }
-
-  // This function performs the direct ES search using esSupertest,
-  // so we don't use the assets API to test the assets API
-  interface SearchESForAssetsOptions {
-    size?: number;
-    from?: string;
-    to?: string;
-  }
-  async function searchESForSampleAssets({
-    size = 0,
-    from = 'now-24h',
-    to = 'now',
-  }: SearchESForAssetsOptions = {}) {
-    const queryPostBody = {
-      size,
-      query: {
-        range: {
-          '@timestamp': {
-            gte: from,
-            lte: to,
-          },
-        },
-      },
-    };
-
-    return await esSupertest.post('/assets-*-sample_data/_search').send(queryPostBody).expect(200);
-  }
-
-  describe('Sample Assets API', () => {
-    // Clear out the asset indices before each test
-    beforeEach(async () => {
-      await deleteSampleAssets(supertest);
-    });
-
-    // Clear out the asset indices one last time after the last test
-    after(async () => {
-      await deleteSampleAssets(supertest);
-    });
-
-    it('should return the sample asset documents', async () => {
-      const sampleAssetDocs = await viewSampleAssetDocs(supertest);
-      expect(sampleAssetDocs.length).to.be.greaterThan(0);
-    });
-
-    it('should find no sample assets in ES at first', async () => {
-      const initialResponse = await searchESForSampleAssets();
-      expect(initialResponse.body.hits?.total?.value).to.equal(0);
-    });
-
-    it('should successfully create sample assets', async () => {
-      const nSampleDocs = await countSampleDocs();
-
-      const postResponse = await createSampleAssets(supertest, { refresh: true });
-      expect(postResponse.status).to.equal(200);
-      expect(postResponse.body?.items?.length).to.equal(nSampleDocs);
-
-      // using 'within the past 5 minutes' to approximate whatever the 'now' time was plus query and test lag
-      const searchResponse = await searchESForSampleAssets({ from: 'now-5m' });
-
-      expect(searchResponse.body.hits?.total?.value).to.equal(nSampleDocs);
-    });
-
-    it('should delete all sample data', async () => {
-      const nSampleDocs = await countSampleDocs();
-      await createSampleAssets(supertest, { refresh: true });
-
-      const responseBeforeDelete = await searchESForSampleAssets();
-      expect(responseBeforeDelete.body.hits?.total?.value).to.equal(nSampleDocs);
-
-      await deleteSampleAssets(supertest);
-
-      const responseAfterDelete = await searchESForSampleAssets();
-      expect(responseAfterDelete.body.hits?.total?.value).to.equal(0);
-    });
-
-    it('should create sample data with a timestamp in the past', async () => {
-      const nSampleDocs = await countSampleDocs();
-
-      // Create sample documents dated three days prior to now
-      const now = new Date();
-      const threeDaysAgo = new Date(now.getTime() - 1000 * 60 * 60 * 24 * 3);
-      const response = await createSampleAssets(supertest, {
-        refresh: true,
-        baseDateTime: threeDaysAgo.toISOString(),
-      });
-
-      // Expect that all of the sample docs have been indexed
-      expect(response.body?.items?.length).to.equal(nSampleDocs);
-
-      // Searching only within the past day, we don't expect to find any of the asset documents
-      const oneDayAgoResponse = await searchESForSampleAssets({ size: 1, from: 'now-1d' });
-      expect(oneDayAgoResponse.body.hits?.total?.value).to.equal(0);
-
-      // Searching within the past 5 days, we should find all of the asset documents
-      const fiveDaysAgoResponse = await searchESForSampleAssets({ from: 'now-5d' });
-      expect(fiveDaysAgoResponse.body.hits?.total?.value).to.equal(nSampleDocs);
-    });
-
-    it('should create sample data but exclude some documents via provided Elastic Asset Name values', async () => {
-      const sampleAssetDocs = await viewSampleAssetDocs(supertest);
-      const nSampleDocs = sampleAssetDocs.length;
-
-      // We will remove the first and the last sample document, just for a test.
-      // Note: This test will continue to work without any hard-coded EAN values, and
-      // regardless of how those EAN values may change or expand.
-      const first = sampleAssetDocs.shift();
-      const last = sampleAssetDocs.pop();
-      const included = sampleAssetDocs.map((doc) => doc['asset.ean']);
-
-      if (!first || !last) {
-        throw new Error('Sample asset documents were incorrectly returned');
-      }
-
-      const excluded = [first['asset.ean'], last['asset.ean']];
-      const createResponse = await createSampleAssets(supertest, {
-        refresh: true,
-        excludeEans: excluded,
-      });
-
-      // We expect the created response should reference all sample docs, minus the 2 we excluded
-      expect(createResponse.body.items.length).to.equal(nSampleDocs - 2);
-
-      // In Elasticsearch, we should also find 2 less asset documents than the total sample docs
-      const searchResponse = await searchESForSampleAssets({ size: nSampleDocs });
-      expect(searchResponse.body.hits?.total?.value).to.equal(nSampleDocs - 2);
-
-      // Lastly, we should confirm that the EAN values found in the sample docs are all
-      // included in the asset documents returned from ES, minus the two we excluded
-      const returnedAssetEans = searchResponse.body.hits.hits.map(
-        (doc: { _source: Asset }) => doc._source['asset.ean']
-      );
-
-      included.forEach((ean) => {
-        expect(returnedAssetEans).to.contain(ean);
-      });
-
-      excluded.forEach((ean) => {
-        expect(returnedAssetEans).to.not.contain(ean);
-      });
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/services.ts b/x-pack/test/api_integration/apis/asset_manager/tests/services.ts
deleted file mode 100644
index ae92a646b3b2a..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/services.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { omit } from 'lodash';
-import expect from '@kbn/expect';
-import { ASSETS_ENDPOINT } from './constants';
-import { FtrProviderContext } from '../types';
-import { generateServicesData } from './helpers';
-
-const SERVICES_ASSETS_ENDPOINT = `${ASSETS_ENDPOINT}/services`;
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const synthtrace = getService('apmSynthtraceEsClient');
-
-  describe('GET /assets/services', () => {
-    beforeEach(async () => {
-      await synthtrace.clean();
-    });
-
-    it('should return services', async () => {
-      const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-      const to = new Date().toISOString();
-      await synthtrace.index(generateServicesData({ from, to, count: 2 }));
-
-      const response = await supertest
-        .get(SERVICES_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('services');
-      expect(response.body.services.length).to.equal(2);
-    });
-
-    it('should return specific service', async () => {
-      const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-      const to = new Date().toISOString();
-      await synthtrace.index(generateServicesData({ from, to, count: 5 }));
-
-      const response = await supertest
-        .get(SERVICES_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ ean: 'service:service-4' }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('services');
-      expect(response.body.services.length).to.equal(1);
-      expect(omit(response.body.services[0], ['@timestamp'])).to.eql({
-        'asset.kind': 'service',
-        'asset.id': 'service-4',
-        'asset.ean': 'service:service-4',
-        'asset.references': [],
-        'asset.parents': [],
-        'service.environment': 'production',
-      });
-    });
-
-    it('should return services running on specified host', async () => {
-      const from = new Date(Date.now() - 1000 * 60 * 2).toISOString();
-      const to = new Date().toISOString();
-      await synthtrace.index(generateServicesData({ from, to, count: 5 }));
-
-      const response = await supertest
-        .get(SERVICES_ASSETS_ENDPOINT)
-        .query({
-          from,
-          to,
-          stringFilters: JSON.stringify({ parentEan: 'host:my-host-1' }),
-        })
-        .expect(200);
-
-      expect(response.body).to.have.property('services');
-      expect(response.body.services.length).to.equal(1);
-      expect(omit(response.body.services[0], ['@timestamp'])).to.eql({
-        'asset.kind': 'service',
-        'asset.id': 'service-1',
-        'asset.ean': 'service:service-1',
-        'asset.references': [],
-        'asset.parents': [],
-        'service.environment': 'production',
-      });
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts b/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts
deleted file mode 100644
index d8b556a959f8d..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrProviderContext } from '../../../ftr_provider_context';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-  const esSupertest = getService('esSupertest');
-
-  describe('Asset Manager API Endpoints - when NOT enabled', () => {
-    describe('basic ping endpoint', () => {
-      it('returns a 404 response', async () => {
-        await supertest.get('/api/asset-manager/ping').expect(404);
-      });
-    });
-
-    describe('assets index templates', () => {
-      it('should not be installed', async () => {
-        await esSupertest.get('/_index_template/assets').expect(404);
-      });
-    });
-  });
-}
diff --git a/x-pack/test/api_integration/apis/asset_manager/types.ts b/x-pack/test/api_integration/apis/asset_manager/types.ts
deleted file mode 100644
index 3a2b1656928fc..0000000000000
--- a/x-pack/test/api_integration/apis/asset_manager/types.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { GenericFtrProviderContext } from '@kbn/test';
-import { FtrProviderContext as InheritedFtrProviderContext } from '../../ftr_provider_context';
-import { AssetManagerServices } from './config_when_enabled';
-
-export type InheritedServices = InheritedFtrProviderContext extends GenericFtrProviderContext<
-  infer TServices,
-  {}
->
-  ? TServices
-  : {};
-
-export type FtrProviderContext = GenericFtrProviderContext<AssetManagerServices, {}>;
diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts
index 37bdd4975b2a6..00bcffd553af1 100644
--- a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts
+++ b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts
@@ -13,6 +13,12 @@ import type { IndexDetails } from '@kbn/cloud-security-posture-plugin/common/typ
 import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
 import { SecurityService } from '../../../../../test/common/services/security/security';
 
+export interface RoleCredentials {
+  apiKey: { id: string; name: string };
+  apiKeyHeader: { Authorization: string };
+  cookieHeader: { Cookie: string };
+}
+
 export const deleteIndex = (es: Client, indexToBeDeleted: string[]) => {
   Promise.all([
     ...indexToBeDeleted.map((indexes) =>
@@ -50,7 +56,9 @@ export async function createPackagePolicy(
   input: string,
   deployment: string,
   posture: string,
-  packageName: string = 'cloud_security_posture-1'
+  packageName: string = 'cloud_security_posture-1',
+  roleAuthc?: RoleCredentials,
+  internalRequestHeader?: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }
 ) {
   const version = CLOUD_SECURITY_PLUGIN_VERSION;
   const title = 'Security Posture Management';
@@ -72,35 +80,67 @@ export async function createPackagePolicy(
 
   const inputs = posture === 'vuln_mgmt' ? { ...inputTemplate, streams } : { ...inputTemplate };
 
-  const { body: postPackageResponse } = await supertest
-    .post(`/api/fleet/package_policies`)
-    .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
-    .set('kbn-xsrf', 'xxxx')
-    .send({
-      force: true,
-      name: packageName,
-      description: '',
-      namespace: 'default',
-      policy_id: agentPolicyId,
-      enabled: true,
-      inputs: [inputs],
-      package: {
-        name: 'cloud_security_posture',
-        title,
-        version,
-      },
-      vars: {
-        deployment: {
-          value: deployment,
-          type: 'text',
-        },
-        posture: {
-          value: posture,
-          type: 'text',
-        },
-      },
-    })
-    .expect(200);
+  const { body: postPackageResponse } =
+    roleAuthc && internalRequestHeader
+      ? await supertest
+          .post(`/api/fleet/package_policies`)
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
+          .send({
+            force: true,
+            name: packageName,
+            description: '',
+            namespace: 'default',
+            policy_id: agentPolicyId,
+            enabled: true,
+            inputs: [inputs],
+            package: {
+              name: 'cloud_security_posture',
+              title,
+              version,
+            },
+            vars: {
+              deployment: {
+                value: deployment,
+                type: 'text',
+              },
+              posture: {
+                value: posture,
+                type: 'text',
+              },
+            },
+          })
+          .expect(200)
+      : await supertest
+          .post(`/api/fleet/package_policies`)
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+          .set('kbn-xsrf', 'xxxx')
+          .send({
+            force: true,
+            name: packageName,
+            description: '',
+            namespace: 'default',
+            policy_id: agentPolicyId,
+            enabled: true,
+            inputs: [inputs],
+            package: {
+              name: 'cloud_security_posture',
+              title,
+              version,
+            },
+            vars: {
+              deployment: {
+                value: deployment,
+                type: 'text',
+              },
+              posture: {
+                value: posture,
+                type: 'text',
+              },
+            },
+          })
+          .expect(200);
 
   return postPackageResponse.item;
 }
diff --git a/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts b/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts
index c3d3406f61eb2..564c68c8e5c32 100644
--- a/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts
+++ b/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts
@@ -70,6 +70,17 @@ export default function ({ getService }: FtrProviderContext) {
           message: `There is already a pipeline with name '${name}'.`,
         });
       });
+
+      it(`doesn't allow to create a pipeline with a too long name`, async () => {
+        const pipelineRequestBody = {
+          name: 'testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest1',
+        };
+        await supertest
+          .post(ingestPipelines.fixtures.apiBasePath)
+          .set('kbn-xsrf', 'xxx')
+          .send(pipelineRequestBody)
+          .expect(400);
+      });
     });
 
     describe('Update', () => {
diff --git a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
index 421d59d3d7b50..1c23805e264d1 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
@@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => {
       const annotationsForJob = await ml.api.getAnnotations(jobIds[0]);
       expect(annotationsForJob).to.have.length(1);
 
-      const annotationIdToDelete = annotationsForJob[0]._id;
+      const annotationIdToDelete = annotationsForJob[0]._id!;
 
       const { body, status } = await supertest
         .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`)
@@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
       const annotationsForJob = await ml.api.getAnnotations(jobIds[1]);
       expect(annotationsForJob).to.have.length(1);
 
-      const annotationIdToDelete = annotationsForJob[0]._id;
+      const annotationIdToDelete = annotationsForJob[0]._id!;
 
       const { body, status } = await supertest
         .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`)
@@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => {
       const annotationsForJob = await ml.api.getAnnotations(jobIds[2]);
       expect(annotationsForJob).to.have.length(1);
 
-      const annotationIdToDelete = annotationsForJob[0]._id;
+      const annotationIdToDelete = annotationsForJob[0]._id!;
 
       const { body, status } = await supertest
         .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`)
diff --git a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
index dd7ff75374490..6b7c437eb77ca 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
@@ -69,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(body._id).to.eql(originalAnnotation._id);
       expect(body.result).to.eql('updated');
 
-      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id);
+      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!);
 
       if (updatedAnnotation) {
         Object.keys(commonAnnotationUpdateRequestBody).forEach((key) => {
@@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(body._id).to.eql(originalAnnotation._id);
       expect(body.result).to.eql('updated');
 
-      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id);
+      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!);
       if (updatedAnnotation) {
         Object.keys(commonAnnotationUpdateRequestBody).forEach((key) => {
           const field = key as keyof Annotation;
@@ -131,7 +131,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(body.error).to.eql('Forbidden');
       expect(body.message).to.eql('Forbidden');
 
-      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id);
+      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!);
       expect(updatedAnnotation).to.eql(originalAnnotation._source);
     });
 
@@ -157,7 +157,7 @@ export default ({ getService }: FtrProviderContext) => {
         .send(annotationUpdateRequestBodyWithMissingFields);
       ml.api.assertResponseStatusCode(200, status, body);
 
-      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id);
+      const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!);
       if (updatedAnnotation) {
         Object.keys(annotationUpdateRequestBodyWithMissingFields).forEach((key) => {
           if (key !== '_id') {
diff --git a/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts b/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts
index e6b7af719a73c..fdd505ccaa6e2 100644
--- a/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts
+++ b/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts
@@ -42,8 +42,8 @@ export default ({ getService }: FtrProviderContext) => {
         fieldNames: ['geoip.city_name', 'geoip.continent_name', 'geoip.country_iso_code'],
         query: { bool: { must: [{ match_all: {} }] } },
         timeFieldName: 'order_date',
-        earliestMs: 1560556800000, // June 15, 2019 12:00:00 AM GMT
-        latestMs: 1560643199000, //  June 15, 2019 11:59:59 PM GMT
+        earliestMs: 1686787200000, // June 15, 2023 12:00:00 AM GMT
+        latestMs: 1686873599000, //  June 15, 2023 11:59:59 PM GMT
       },
       expected: {
         statusCode: 200,
@@ -62,8 +62,8 @@ export default ({ getService }: FtrProviderContext) => {
         fieldNames: ['manufacturer'],
         query: { bool: { must: [{ match_all: {} }] } },
         timeFieldName: 'order_date',
-        earliestMs: 1560556800000, // June 15, 2019 12:00:00 AM GMT
-        latestMs: 1560643199000, //  June 15, 2019 11:59:59 PM GMT
+        earliestMs: 1686787200000, // June 15, 2023 12:00:00 AM GMT
+        latestMs: 1686873599000, //  June 15, 2023 11:59:59 PM GMT
       },
       expected: {
         statusCode: 200,
diff --git a/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts b/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts
index 6f55439b8e11f..7960935e1b4f9 100644
--- a/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts
+++ b/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts
@@ -28,8 +28,8 @@ export default ({ getService }: FtrProviderContext) => {
       expected: {
         responseCode: 200,
         responseBody: {
-          start: 1560297859000,
-          end: 1562975136000,
+          start: 1686528259000,
+          end: 1689205536000,
           success: true,
         },
       },
@@ -51,8 +51,8 @@ export default ({ getService }: FtrProviderContext) => {
       expected: {
         responseCode: 200,
         responseBody: {
-          start: 1560298982000,
-          end: 1562973754000,
+          start: 1686529382000,
+          end: 1689204154000,
           success: true,
         },
       },
diff --git a/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts b/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts
index e6c058acc3695..562ec3a4ec0da 100644
--- a/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts
+++ b/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts
@@ -23,7 +23,7 @@ export default ({ getService }: FtrProviderContext) => {
       user: USER.ML_POWERUSER,
       requestBody: {
         aggTypes: ['avg'],
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         fields: ['taxless_total_price'],
         index: 'ft_ecommerce',
         query: { bool: { must: [{ match_all: {} }] } },
@@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => {
       user: USER.ML_POWERUSER,
       requestBody: {
         aggTypes: ['avg', 'sum'],
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         fields: ['products.base_price', 'products.base_unit_price'],
         index: 'ft_ecommerce',
         query: { bool: { must: [{ match_all: {} }] } },
@@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => {
       user: USER.ML_POWERUSER,
       requestBody: {
         aggTypes: ['avg'],
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         fields: ['taxless_total_price'],
         index: 'ft_ecommerce',
         query: { bool: { must: [{ match_all: {} }] } },
@@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => {
       user: USER.ML_POWERUSER,
       requestBody: {
         aggTypes: ['avg'],
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         fields: ['taxless_total_price'],
         filters: [],
         index: 'ft_ecommerce',
diff --git a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
index 8a7cb38f8dba8..02088af0b12e1 100644
--- a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
+++ b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
@@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     it(`should recognize a valid job configuration`, async () => {
       const requestBody = {
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         job: {
           job_id: 'test',
           description: '',
@@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     it('should recognize a basic invalid job configuration and skip advanced checks', async () => {
       const requestBody = {
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         job: {
           job_id: '-(*&^',
           description: '',
@@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     it('should recognize non-basic issues in job configuration', async () => {
       const requestBody = {
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         job: {
           job_id: 'test',
           description: '',
@@ -204,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     it('should not validate configuration in case request payload is invalid', async () => {
       const requestBody = {
-        duration: { start: 1560297859000, end: 1562975136000 },
+        duration: { start: 1686528259000, end: 1689205536000 },
         job: {
           job_id: 'test',
           description: '',
diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts
index 4bc611e50bba2..9f6d717ea9dff 100644
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@@ -127,6 +127,13 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
+    createAlertsIndex() {
+      return supertest
+        .post('/api/detection_engine/index')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     createAlertsMigration(props: CreateAlertsMigrationProps) {
       return supertest
         .post('/api/detection_engine/signals/migration')
@@ -146,6 +153,13 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
+    deleteAlertsIndex() {
+      return supertest
+        .delete('/api/detection_engine/index')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     /**
      * Deletes a single rule using the `rule_id` or `id` field.
      */
@@ -202,6 +216,13 @@ finalize it.
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .query(props.query);
     },
+    getAlertsIndex() {
+      return supertest
+        .get('/api/detection_engine/index')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     getAlertsMigrationStatus(props: GetAlertsMigrationStatusProps) {
       return supertest
         .post('/api/detection_engine/signals/migration_status')
diff --git a/x-pack/test/apm_api_integration/tests/asset_services/asset_services.spec.ts b/x-pack/test/apm_api_integration/tests/asset_services/asset_services.spec.ts
deleted file mode 100644
index 64a202fe2ca8e..0000000000000
--- a/x-pack/test/apm_api_integration/tests/asset_services/asset_services.spec.ts
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { Readable } from 'stream';
-import {
-  apm,
-  timerange,
-  log,
-  generateShortId,
-  Instance,
-  Serializable,
-} from '@kbn/apm-synthtrace-client';
-import { RecursivePartial } from '@kbn/apm-plugin/typings/common';
-import expect from '@kbn/expect';
-import moment from 'moment';
-import {
-  APIReturnType,
-  APIClientRequestParamsOf,
-} from '@kbn/apm-plugin/public/services/rest/create_call_apm_api';
-import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
-import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const assetsSynthtraceClient = getService('assetsSynthtraceEsClient');
-  const apmSynthtraceClient = getService('apmSynthtraceEsClient');
-  const logSynthtraceClient = getService('logSynthtraceEsClient');
-
-  const now = new Date();
-  const start = new Date(moment(now).subtract(10, 'minutes').valueOf()).toISOString();
-  const end = new Date(moment(now).valueOf()).toISOString();
-  const range = timerange(start, end);
-
-  async function getServiceAssets(
-    overrides?: RecursivePartial<
-      APIClientRequestParamsOf<'GET /internal/apm/assets/services'>['params']
-    >
-  ) {
-    const response = await apmApiClient.readUser({
-      endpoint: 'GET /internal/apm/assets/services',
-      params: {
-        query: {
-          start,
-          end,
-          kuery: '',
-          documentType: ApmDocumentType.TransactionEvent,
-          rollupInterval: RollupInterval.None,
-          useDurationSummary: false,
-          ...overrides?.query,
-        },
-      },
-    });
-    return response;
-  }
-
-  let response: {
-    status: number;
-    body: APIReturnType<'GET /internal/apm/assets/services'>;
-  };
-
-  registry.when('Asset services when data is not loaded', { config: 'basic', archives: [] }, () => {
-    it('handles the empty state', async () => {
-      response = await getServiceAssets({ query: { start, end } });
-      expect(response.status).to.be(200);
-      expect(response.body.services.length).to.be(0);
-    });
-  });
-
-  registry.when('Asset services when data is loaded', { config: 'basic', archives: [] }, () => {
-    before(() => {
-      const transactionName = '240rpm/75% 1000ms';
-
-      const successfulTimestamps = range.interval('1m').rate(1);
-      const failedTimestamps = range.interval('1m').rate(1);
-      const serviceNames = ['multisignal-service', 'apm-only-service'];
-
-      const instances = serviceNames.map((serviceName) =>
-        apm
-          .service({ name: serviceName, environment: 'testing', agentName: 'nodejs' })
-          .instance('instance')
-      );
-      const instanceSpans = (instance: Instance) => {
-        const successfulTraceEvents = successfulTimestamps.generator((timestamp) =>
-          instance
-            .transaction({ transactionName })
-            .timestamp(timestamp)
-            .duration(1000)
-            .success()
-            .children(
-              instance
-                .span({
-                  spanName: 'GET apm-*/_search',
-                  spanType: 'db',
-                  spanSubtype: 'elasticsearch',
-                })
-                .duration(1000)
-                .success()
-                .destination('elasticsearch')
-                .timestamp(timestamp),
-              instance
-                .span({ spanName: 'custom_operation', spanType: 'custom' })
-                .duration(100)
-                .success()
-                .timestamp(timestamp)
-            )
-        );
-
-        const failedTraceEvents = failedTimestamps.generator((timestamp) =>
-          instance
-            .transaction({ transactionName })
-            .timestamp(timestamp)
-            .duration(1000)
-            .failure()
-            .errors(
-              instance
-                .error({
-                  message: '[ResponseError] index_not_found_exception',
-                  type: 'ResponseError',
-                })
-                .timestamp(timestamp + 50)
-            )
-        );
-
-        const metricsets = range
-          .interval('30s')
-          .rate(1)
-          .generator((timestamp) =>
-            instance
-              .appMetrics({
-                'system.memory.actual.free': 800,
-                'system.memory.total': 1000,
-                'system.cpu.total.norm.pct': 0.6,
-                'system.process.cpu.total.norm.pct': 0.7,
-              })
-              .timestamp(timestamp)
-          );
-
-        return [...successfulTraceEvents, ...failedTraceEvents, ...metricsets];
-      };
-
-      const logEvents = range
-        .interval('1m')
-        .rate(1)
-        .generator((timestamp) => {
-          return [
-            log
-              .create()
-              .message('this is a log message')
-              .service('logs-only-service')
-              .logLevel('error')
-              .defaults({
-                'trace.id': generateShortId(),
-                'agent.name': 'synth-agent',
-              })
-              .timestamp(timestamp),
-            log
-              .create()
-              .message('this is a log message')
-              .service('multisignal-service')
-              .logLevel('error')
-              .defaults({
-                'trace.id': generateShortId(),
-                'agent.name': 'synth-agent',
-              })
-              .timestamp(timestamp),
-          ];
-        });
-
-      function* createGeneratorFromArray(arr: Array<Serializable<any>>) {
-        yield* arr;
-      }
-
-      const logsValuesArray = [...logEvents];
-      const logsGen = createGeneratorFromArray(logsValuesArray);
-      const logsGenAssets = createGeneratorFromArray(logsValuesArray);
-
-      const traces = instances.flatMap((instance) => instanceSpans(instance));
-      const tracesGen = createGeneratorFromArray(traces);
-      const tracesGenAssets = createGeneratorFromArray(traces);
-
-      return Promise.all([
-        assetsSynthtraceClient.index(
-          Readable.from(Array.from(logsGenAssets).concat(Array.from(tracesGenAssets)))
-        ),
-        logSynthtraceClient.index(logsGen),
-        apmSynthtraceClient.index(tracesGen),
-      ]);
-    });
-
-    after(async () => {
-      await logSynthtraceClient.clean();
-      await apmSynthtraceClient.clean();
-      await assetsSynthtraceClient.clean();
-    });
-
-    describe('when no additional filters are applied', () => {
-      before(async () => {
-        response = await getServiceAssets({ query: { start, end } });
-      });
-
-      it('returns a successful response', async () => {
-        expect(response.status).to.be(200);
-        expect(response.body.services.length).to.be(3);
-      });
-
-      it('returns all services', () => {
-        const multisignal = response.body.services.find(
-          (item) => item.service.name === 'multisignal-service'
-        );
-
-        expect(multisignal?.asset.signalTypes).to.eql({
-          'asset.traces': true,
-          'asset.logs': true,
-        });
-        expect(multisignal?.service.environment).to.be('testing');
-
-        const apmOnly = response.body.services.find(
-          (item) => item.service.name === 'apm-only-service'
-        );
-
-        expect(apmOnly?.asset.signalTypes).to.eql({ 'asset.traces': true });
-        expect(apmOnly?.service.environment).to.be('testing');
-
-        const logsOnly = response.body.services.find(
-          (item) => item.service.name === 'logs-only-service'
-        );
-
-        expect(logsOnly?.asset.signalTypes).to.eql({ 'asset.logs': true });
-        expect(logsOnly?.service.environment).not.to.be('testing');
-      });
-
-      it('return traces and logs metrics for services when multi-signals', () => {
-        const multiSignalService = response.body.services.find(
-          (item) => item.service.name === 'multisignal-service'
-        );
-
-        expect(multiSignalService?.metrics.latency).to.be(1000 * 1000); // microseconds
-        expect(multiSignalService?.metrics.throughput).to.be(2);
-        expect(multiSignalService?.metrics.transactionErrorRate).to.be(0.5);
-        expect(multiSignalService?.metrics.logRatePerMinute).to.be(1);
-        expect(multiSignalService?.metrics.logErrorRate).to.be(1);
-      });
-
-      it('return traces only metrics', () => {
-        const apmService = response.body.services.find(
-          (item) => item.service.name === 'apm-only-service'
-        );
-
-        expect(apmService?.metrics.latency).to.be(1000 * 1000); // microseconds
-        expect(apmService?.metrics.throughput).to.be(2);
-        expect(apmService?.metrics.transactionErrorRate).to.be(0.5);
-        expect(apmService?.metrics.logRatePerMinute).to.be(undefined);
-        expect(apmService?.metrics.logErrorRate).to.be(undefined);
-      });
-
-      it('return logs only metrics', () => {
-        const logsService = response.body.services.find(
-          (item) => item.service.name === 'logs-only-service'
-        );
-
-        expect(logsService?.metrics.latency).to.be(undefined);
-        expect(logsService?.metrics.throughput).to.be(undefined);
-        expect(logsService?.metrics.transactionErrorRate).to.be(undefined);
-        expect(logsService?.metrics.logRatePerMinute).to.be(1);
-        expect(logsService?.metrics.logErrorRate).to.be(1);
-      });
-    });
-
-    describe('when additional filters are applied', () => {
-      it('returns no services when the time range is outside the data range', async () => {
-        response = await getServiceAssets({
-          query: { start: '2022-10-01T00:00:00.000Z', end: '2022-10-01T01:00:00.000Z' },
-        });
-        expect(response.status).to.be(200);
-        expect(response.body.services.length).to.be(0);
-      });
-
-      it('returns services when the time range is within the data range', async () => {
-        response = await getServiceAssets({
-          query: {
-            start: new Date(moment(now).subtract(2, 'days').valueOf()).toISOString(),
-            end: new Date(moment(now).add(1, 'days').valueOf()).toISOString(),
-          },
-        });
-
-        expect(response.status).to.be(200);
-        expect(response.body.services.length).to.be(3);
-      });
-
-      it('returns services when filtering by service.name', async () => {
-        response = await getServiceAssets({
-          query: { start, end, kuery: 'service.name: "logs-only-*" ' },
-        });
-        expect(response.status).to.be(200);
-        const service = response.body.services[0];
-        expect(service.service.name).to.be('logs-only-service');
-        expect(service.asset.signalTypes['asset.logs']).to.be(true);
-        expect(service.metrics.latency).to.be(undefined);
-        expect(service.metrics.throughput).to.be(undefined);
-        expect(service.metrics.transactionErrorRate).to.be(undefined);
-        expect(service.metrics.logRatePerMinute).to.be(1);
-        expect(service.metrics.logErrorRate).to.be(1);
-      });
-
-      it('returns not services when filtering by a field that does not exist in assets', async () => {
-        response = await getServiceAssets({
-          query: { start, end, kuery: 'transaction.name: "240rpm/75% 1000ms" ' },
-        });
-
-        expect(response.status).to.be(200);
-        expect(response.body.services.length).to.be(0);
-      });
-    });
-  });
-}
diff --git a/x-pack/test/cases_api_integration/common/lib/api/index.ts b/x-pack/test/cases_api_integration/common/lib/api/index.ts
index 6582601f0f1a9..d9aeafe6c7bf2 100644
--- a/x-pack/test/cases_api_integration/common/lib/api/index.ts
+++ b/x-pack/test/cases_api_integration/common/lib/api/index.ts
@@ -107,9 +107,9 @@ export const getSignalsWithES = async ({
   return signals.body.hits.hits.reduce((acc, hit) => {
     let indexMap = acc.get(hit._index);
     if (indexMap === undefined) {
-      indexMap = new Map<string, estypes.SearchHit<SignalHit>>([[hit._id, hit]]);
+      indexMap = new Map<string, estypes.SearchHit<SignalHit>>([[hit._id!, hit]]);
     } else {
-      indexMap.set(hit._id, hit);
+      indexMap.set(hit._id!, hit);
     }
     acc.set(hit._index, indexMap);
     return acc;
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts
index ef0e09f1a477d..fbfa4354683a5 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts
@@ -262,7 +262,7 @@ export default ({ getService }: FtrProviderContext): void => {
           await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
           await createAlertsIndex(supertest, log);
           const signals = await createSecuritySolutionAlerts(supertest, log, 2);
-          alerts = [signals.hits.hits[0], signals.hits.hits[1]];
+          alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]];
         });
 
         afterEach(async () => {
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts
index 723646a1763e6..0a3bd5ab1519d 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts
@@ -569,7 +569,7 @@ export default function createGetTests({ getService }: FtrProviderContext) {
           const casesFromES = await getCaseSavedObjectsFromES({ es });
 
           for (const hit of casesFromES.body.hits.hits) {
-            const caseID = hit._id;
+            const caseID = hit._id!;
             expect(expectedSeverityValues[caseID]).not.to.be(undefined);
             expect(hit._source?.cases.severity).to.eql(expectedSeverityValues[caseID]);
           }
@@ -588,7 +588,7 @@ export default function createGetTests({ getService }: FtrProviderContext) {
           const casesFromES = await getCaseSavedObjectsFromES({ es });
 
           for (const hit of casesFromES.body.hits.hits) {
-            const caseID = hit._id;
+            const caseID = hit._id!;
             expect(expectedStatusValues[caseID]).not.to.be(undefined);
             expect(hit._source?.cases.status).to.eql(expectedStatusValues[caseID]);
           }
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
index 07349749f0a2a..07cb4cee269bb 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
@@ -1742,7 +1742,7 @@ export default ({ getService }: FtrProviderContext): void => {
             supertest,
             caseId: postedCase.id,
             params: {
-              alertId: alert._id,
+              alertId: alert._id!,
               index: alert._index,
               rule: {
                 id: 'id',
@@ -1774,7 +1774,7 @@ export default ({ getService }: FtrProviderContext): void => {
           const { body: updatedAlert } = await supertest
             .post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
             .set('kbn-xsrf', 'true')
-            .send(getQueryAlertIds([alert._id]))
+            .send(getQueryAlertIds([alert._id!]))
             .expect(200);
 
           expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
@@ -1805,7 +1805,7 @@ export default ({ getService }: FtrProviderContext): void => {
             supertest,
             caseId: postedCase.id,
             params: {
-              alertId: alert._id,
+              alertId: alert._id!,
               index: alert._index,
               type: AttachmentType.alert,
               rule: {
@@ -1832,7 +1832,7 @@ export default ({ getService }: FtrProviderContext): void => {
           const { body: updatedAlert } = await supertest
             .post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
             .set('kbn-xsrf', 'true')
-            .send(getQueryAlertIds([alert._id]))
+            .send(getQueryAlertIds([alert._id!]))
             .expect(200);
 
           expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql('open');
@@ -1861,7 +1861,7 @@ export default ({ getService }: FtrProviderContext): void => {
             supertest,
             caseId: postedCase.id,
             params: {
-              alertId: alert._id,
+              alertId: alert._id!,
               index: alert._index,
               rule: {
                 id: 'id',
@@ -1906,7 +1906,7 @@ export default ({ getService }: FtrProviderContext): void => {
           const { body: updatedAlert } = await supertest
             .post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
             .set('kbn-xsrf', 'true')
-            .send(getQueryAlertIds([alert._id]))
+            .send(getQueryAlertIds([alert._id!]))
             .expect(200);
 
           expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
@@ -1933,7 +1933,7 @@ export default ({ getService }: FtrProviderContext): void => {
             supertest,
             caseId: postedCase.id,
             params: {
-              alertId: alert._id,
+              alertId: alert._id!,
               index: alert._index,
               type: AttachmentType.alert,
               rule: {
@@ -1975,7 +1975,7 @@ export default ({ getService }: FtrProviderContext): void => {
           const { body: updatedAlert } = await supertest
             .post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
             .set('kbn-xsrf', 'true')
-            .send(getQueryAlertIds([alert._id]))
+            .send(getQueryAlertIds([alert._id!]))
             .expect(200);
 
           expect(updatedAlert.hits.hits[0]._source['kibana.alert.workflow_status']).eql('open');
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts
index 6a7426dd95104..8f78bad67249b 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts
@@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => {
           await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
           await createAlertsIndex(supertest, log);
           const signals = await createSecuritySolutionAlerts(supertest, log, 2);
-          alerts = [signals.hits.hits[0], signals.hits.hits[1]];
+          alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]];
         });
 
         afterEach(async () => {
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts
index 3a73f14aca9b0..5607a8d61e6c8 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts
@@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => {
           await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
           await createAlertsIndex(supertest, log);
           const signals = await createSecuritySolutionAlerts(supertest, log, 2);
-          alerts = [signals.hits.hits[0], signals.hits.hits[1]];
+          alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]];
         });
 
         afterEach(async () => {
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts
index 1d2f58fed13f3..a9689575fb524 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts
@@ -632,13 +632,13 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
             expectedHttpCode: attachmentExpectedHttpCode,
             auth: attachmentAuth,
           });
 
-          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]);
+          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]);
 
           expect(updatedAlert.hits.hits[0]._source?.[ALERT_WORKFLOW_STATUS]).eql(
             expectedAlertStatus
@@ -661,12 +661,12 @@ export default ({ getService }: FtrProviderContext): void => {
           for (const theCase of cases) {
             await createCommentAndRefreshIndex({
               caseId: theCase.id,
-              alertId: alert._id,
+              alertId: alert._id!,
               alertIndex: alert._index,
             });
           }
 
-          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]);
+          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]);
           const caseIds = cases.map((theCase) => theCase.id);
 
           expect(updatedAlert.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql(caseIds);
@@ -741,11 +741,11 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
           });
 
-          const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id]);
+          const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id!]);
           expect(updatedAlertSecondTime.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql([
             postedCase.id,
           ]);
@@ -762,7 +762,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
             expectedHttpCode: 400,
           });
@@ -784,7 +784,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
             expectedHttpCode: 200,
             auth: { user: secOnlyReadAlerts, space: 'space1' },
@@ -807,7 +807,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
             expectedHttpCode: 403,
             auth: { user: obsSec, space: 'space1' },
@@ -830,7 +830,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await createCommentAndRefreshIndex({
             caseId: postedCase.id,
-            alertId: alert._id,
+            alertId: alert._id!,
             alertIndex: alert._index,
             expectedHttpCode: 200,
             auth: { user: secSolutionOnlyReadNoIndexAlerts, space: 'space1' },
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts
index 1e460515e9f84..7a2cce01af0dd 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts
@@ -883,12 +883,12 @@ export default ({ getService }: FtrProviderContext): void => {
             expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
 
             alerts.push({
-              id: alert._id,
+              id: alert._id!,
               index: alert._index,
             });
 
             indices.push(alert._index);
-            ids.push(alert._id);
+            ids.push(alert._id!);
           });
 
           await bulkCreateAttachmentsAndRefreshIndex({
@@ -921,13 +921,13 @@ export default ({ getService }: FtrProviderContext): void => {
           for (const theCase of cases) {
             await bulkCreateAttachmentsAndRefreshIndex({
               caseId: theCase.id,
-              alerts: [{ id: alert._id, index: alert._index }],
+              alerts: [{ id: alert._id!, index: alert._index }],
             });
           }
 
           await es.indices.refresh({ index: alert._index });
 
-          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]);
+          const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]);
           const caseIds = cases.map((theCase) => theCase.id);
 
           expect(updatedAlert.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql(caseIds);
@@ -1002,10 +1002,10 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await bulkCreateAttachmentsAndRefreshIndex({
             caseId: postedCase.id,
-            alerts: [{ id: alert._id, index: alert._index }],
+            alerts: [{ id: alert._id!, index: alert._index }],
           });
 
-          const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id]);
+          const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id!]);
           expect(updatedAlertSecondTime.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql([
             postedCase.id,
           ]);
@@ -1022,7 +1022,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await bulkCreateAttachmentsAndRefreshIndex({
             caseId: postedCase.id,
-            alerts: [{ id: alert._id, index: alert._index }],
+            alerts: [{ id: alert._id!, index: alert._index }],
             expectedHttpCode: 400,
           });
         });
@@ -1043,7 +1043,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await bulkCreateAttachmentsAndRefreshIndex({
             caseId: postedCase.id,
-            alerts: [{ id: alert._id, index: alert._index }],
+            alerts: [{ id: alert._id!, index: alert._index }],
             expectedHttpCode: 200,
             auth: { user: secOnlyReadAlerts, space: 'space1' },
           });
@@ -1065,7 +1065,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await bulkCreateAttachmentsAndRefreshIndex({
             caseId: postedCase.id,
-            alerts: [{ id: alert._id, index: alert._index }],
+            alerts: [{ id: alert._id!, index: alert._index }],
             expectedHttpCode: 403,
             auth: { user: obsSec, space: 'space1' },
           });
@@ -1087,7 +1087,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           await bulkCreateAttachmentsAndRefreshIndex({
             caseId: postedCase.id,
-            alerts: [{ id: alert._id, index: alert._index }],
+            alerts: [{ id: alert._id!, index: alert._index }],
             expectedHttpCode: 200,
             auth: { user: secSolutionOnlyReadNoIndexAlerts, space: 'space1' },
           });
diff --git a/x-pack/test/cloud_security_posture_functional/page_objects/add_cis_integration_form_page.ts b/x-pack/test/cloud_security_posture_functional/page_objects/add_cis_integration_form_page.ts
index 1a566a346ad4e..0df5147574d28 100644
--- a/x-pack/test/cloud_security_posture_functional/page_objects/add_cis_integration_form_page.ts
+++ b/x-pack/test/cloud_security_posture_functional/page_objects/add_cis_integration_form_page.ts
@@ -31,6 +31,9 @@ export function AddCisIntegrationFormPageProvider({
     getPostInstallCloudFormationModal: async () => {
       return await testSubjects.find('postInstallCloudFormationModal');
     },
+    showLaunchCloudFormationAgentlessButton: async () => {
+      return await testSubjects.exists('launchCloudFormationAgentlessButton');
+    },
   };
 
   const cisGcp = {
@@ -89,6 +92,9 @@ export function AddCisIntegrationFormPageProvider({
       const fieldValue = (await (await testSubjects.find(field)).getAttribute(value)) ?? '';
       return fieldValue;
     },
+    showLaunchCloudShellAgentlessButton: async () => {
+      return await testSubjects.exists('launchGoogleCloudShellAgentlessButton');
+    },
   };
 
   const isRadioButtonChecked = async (selector: string) => {
@@ -113,6 +119,15 @@ export function AddCisIntegrationFormPageProvider({
     await PageObjects.header.waitUntilLoadingHasFinished();
   };
 
+  const navigateToAddIntegrationCspmWithVersionPage = async (packageVersion: string) => {
+    await PageObjects.common.navigateToUrl(
+      'fleet',
+      `integrations/cloud_security_posture-${packageVersion}/add-integration/cspm`,
+      { shouldUseHashForSubUrl: false }
+    );
+    await PageObjects.header.waitUntilLoadingHasFinished();
+  };
+
   const navigateToAddIntegrationCnvmPage = async () => {
     await PageObjects.common.navigateToUrl(
       'fleet', // Defined in Security Solution plugin
@@ -181,6 +196,13 @@ export function AddCisIntegrationFormPageProvider({
     return await optionToBeClicked;
   };
 
+  const clickAccordianButton = async (text: string) => {
+    await PageObjects.header.waitUntilLoadingHasFinished();
+    const advancedAccordian = await testSubjects.find(text);
+    await advancedAccordian.scrollIntoView();
+    await advancedAccordian.click();
+  };
+
   const clickOptionButton = async (text: string) => {
     const optionToBeClicked = await findOptionInPage(text);
     await optionToBeClicked.scrollIntoView();
@@ -261,6 +283,7 @@ export function AddCisIntegrationFormPageProvider({
     cisAws,
     cisGcp,
     navigateToAddIntegrationCspmPage,
+    navigateToAddIntegrationCspmWithVersionPage,
     navigateToAddIntegrationCnvmPage,
     navigateToAddIntegrationKspmPage,
     navigateToIntegrationCspList,
@@ -277,6 +300,7 @@ export function AddCisIntegrationFormPageProvider({
     clickOptionButton,
     clickSaveButton,
     clickSaveIntegrationButton,
+    clickAccordianButton,
     getPostInstallModal,
     fillInTextField,
     chooseDropDown,
diff --git a/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts b/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts
index cd63bc117224d..ec4a7c61239ea 100644
--- a/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts
+++ b/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts
@@ -35,7 +35,8 @@ export default function (providerContext: FtrProviderContext) {
       await cisIntegration.navigateToAddIntegrationKspmPage();
     });
 
-    describe('KSPM EKS Assume Role', async () => {
+    // FLAKY: https://github.com/elastic/kibana/issues/186306
+    describe.skip('KSPM EKS Assume Role', async () => {
       it('KSPM EKS Assume Role workflow', async () => {
         const roleArn = 'RoleArnTestValue';
         await cisIntegration.clickOptionButton(CIS_EKS_OPTION_TEST_ID);
diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings.ts b/x-pack/test/cloud_security_posture_functional/pages/findings.ts
index 6819da2a03e09..76ea64f6e6195 100644
--- a/x-pack/test/cloud_security_posture_functional/pages/findings.ts
+++ b/x-pack/test/cloud_security_posture_functional/pages/findings.ts
@@ -17,7 +17,6 @@ import type { FtrProviderContext } from '../ftr_provider_context';
 
 // eslint-disable-next-line import/no-default-export
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const queryBar = getService('queryBar');
   const filterBar = getService('filterBar');
   const testSubjects = getService('testSubjects');
   const retry = getService('retry');
@@ -100,9 +99,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     },
   ];
 
-  const ruleName1 = data[0].rule.name;
-  const ruleName2 = data[1].rule.name;
-
   const getCspBenchmarkRules = async (benchmarkId: string): Promise<CspBenchmarkRule[]> => {
     const cspBenchmarkRules = await kibanaServer.savedObjects.find<CspBenchmarkRule>({
       type: CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
@@ -151,39 +147,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await findings.index.remove();
     });
 
-    // FLAKY: https://github.com/elastic/kibana/issues/174472
-    describe.skip('SearchBar', () => {
-      it('add filter', async () => {
-        // Filter bar uses the field's customLabel in the DataView
-        await filterBar.addFilter({ field: 'Rule Name', operation: 'is', value: ruleName1 });
-
-        expect(await filterBar.hasFilter('rule.name', ruleName1)).to.be(true);
-        expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName1)).to.be(true);
-      });
-
-      it('remove filter', async () => {
-        await filterBar.removeFilter('rule.name');
-
-        expect(await filterBar.hasFilter('rule.name', ruleName1)).to.be(false);
-        expect(await latestFindingsTable.getRowsCount()).to.be(data.length);
-      });
-
-      it('set search query', async () => {
-        await queryBar.setQuery(ruleName1);
-        await queryBar.submitQuery();
-
-        expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName1)).to.be(true);
-        expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName2)).to.be(false);
-
-        await queryBar.setQuery('');
-        await queryBar.submitQuery();
-
-        expect(await latestFindingsTable.getRowsCount()).to.be(data.length);
-      });
-    });
-
-    // FLAKY: https://github.com/elastic/kibana/issues/152913
-    describe.skip('Table Sort', () => {
+    describe('Table Sort', () => {
       type SortingMethod = (a: string, b: string) => number;
       type SortDirection = 'asc' | 'desc';
       // Sort by lexical order will sort by the first character of the string (case-sensitive)
@@ -238,14 +202,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       });
     });
 
-    describe('DataTable features', () => {
-      it('Edit data view field option is Enabled', async () => {
-        await latestFindingsTable.toggleEditDataViewFieldsOption('result.evaluation');
-        expect(await testSubjects.find('gridEditFieldButton')).to.be.ok();
-        await latestFindingsTable.toggleEditDataViewFieldsOption('result.evaluation');
-      });
-    });
-
     describe('Findings - Fields selector', () => {
       const CSP_FIELDS_SELECTOR_MODAL = 'cloudSecurityFieldsSelectorModal';
       const CSP_FIELDS_SELECTOR_OPEN_BUTTON = 'cloudSecurityFieldsSelectorOpenButton';
diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts b/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts
index ddd1c080b308d..1c345b68caf7b 100644
--- a/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts
+++ b/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts
@@ -143,8 +143,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       pageObjects.header.waitUntilLoadingHasFinished();
     });
 
-    // FLAKY: https://github.com/elastic/kibana/issues/168991
-    describe.skip('Create detection rule', () => {
+    describe('Create detection rule', () => {
       it('Creates a detection rule from the Take Action button and navigates to rule page', async () => {
         await latestFindingsTable.openFlyoutAt(0);
         await misconfigurationsFlyout.clickTakeActionCreateRuleButton();
@@ -167,6 +166,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
         await testSubjects.click('csp:toast-success-link');
 
+        await pageObjects.header.waitUntilLoadingHasFinished();
         const rulePageTitle = await testSubjects.find('header-page-title');
         expect(await rulePageTitle.getVisibleText()).to.be(ruleName1);
       });
@@ -193,7 +193,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         expect(await toastMessageTitle.getVisibleText()).to.be(ruleName1);
 
         await testSubjects.click('csp:toast-success-link');
-
+        await pageObjects.header.waitUntilLoadingHasFinished();
         const rulePageTitle = await testSubjects.find('header-page-title');
         expect(await rulePageTitle.getVisibleText()).to.be(ruleName1);
       });
@@ -204,7 +204,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         await misconfigurationsFlyout.clickTakeActionCreateRuleButton();
 
         await testSubjects.click('csp:toast-success-link');
-
+        await pageObjects.header.waitUntilLoadingHasFinished();
         const rulePageDescription = await testSubjects.find(
           'stepAboutRuleDetailsToggleDescriptionText'
         );
@@ -223,7 +223,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         await misconfigurationsFlyout.clickTakeActionCreateRuleButton();
         const flyout = await misconfigurationsFlyout.getElement();
         await (await flyout.findByTestSubject('csp:findings-flyout-detection-rule-count')).click();
-
+        await pageObjects.header.waitUntilLoadingHasFinished();
         expect(await (await testSubjects.find('ruleName')).getVisibleText()).to.be(ruleName1);
       });
       it('Clicking on count of Alerts should navigate to the alerts page', async () => {
@@ -231,7 +231,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         await misconfigurationsFlyout.clickTakeActionCreateRuleButton();
         const flyout = await misconfigurationsFlyout.getElement();
         await (await flyout.findByTestSubject('csp:findings-flyout-alert-count')).click();
-
+        await pageObjects.header.waitUntilLoadingHasFinished();
         expect(await (await testSubjects.find('header-page-title')).getVisibleText()).to.be(
           'Alerts'
         );
diff --git a/x-pack/test/cloud_security_posture_functional/pages/vulnerabilities.ts b/x-pack/test/cloud_security_posture_functional/pages/vulnerabilities.ts
index d882d1765f752..c94fe9b5d046b 100644
--- a/x-pack/test/cloud_security_posture_functional/pages/vulnerabilities.ts
+++ b/x-pack/test/cloud_security_posture_functional/pages/vulnerabilities.ts
@@ -93,14 +93,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       });
     });
 
-    describe('DataTable features', () => {
-      it('Edit data view field option is Enabled', async () => {
-        await latestVulnerabilitiesTable.toggleEditDataViewFieldsOption('vulnerability.id');
-        expect(await testSubjects.find('gridEditFieldButton')).to.be.ok();
-        await latestVulnerabilitiesTable.toggleEditDataViewFieldsOption('vulnerability.id');
-      });
-    });
-
     describe('Vulnerabilities - Fields selector', () => {
       const CSP_FIELDS_SELECTOR_MODAL = 'cloudSecurityFieldsSelectorModal';
       const CSP_FIELDS_SELECTOR_OPEN_BUTTON = 'cloudSecurityFieldsSelectorOpenButton';
diff --git a/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts b/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts
index 6c93e3e6eb14d..93476c0d252fc 100644
--- a/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts
+++ b/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts
@@ -55,7 +55,7 @@ export default function (providerContext: FtrProviderContext) {
 
       for (const hit of res.hits.hits) {
         await es.delete({
-          id: hit._id,
+          id: hit._id!,
           index: hit._index,
         });
       }
diff --git a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts
index 0aedab4496616..e5cf4c241767a 100644
--- a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts
+++ b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts
@@ -69,7 +69,7 @@ export default function (providerContext: FtrProviderContext) {
 
       for (const hit of res.hits.hits) {
         await es.delete({
-          id: hit._id,
+          id: hit._id!,
           index: hit._index,
         });
       }
diff --git a/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts b/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts
index c030913bfbcb6..33ef065ee7d49 100644
--- a/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts
+++ b/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts
@@ -56,7 +56,7 @@ export default function (providerContext: FtrProviderContext) {
 
       for (const hit of res.hits.hits) {
         await es.delete({
-          id: hit._id,
+          id: hit._id!,
           index: hit._index,
         });
       }
diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts
index 4b166d040625b..c14f87447e154 100644
--- a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts
+++ b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts
@@ -20,6 +20,7 @@ import {
   PostEnrollmentAPIKeyResponse,
   PostEnrollmentAPIKeyRequest,
   GetEnrollmentSettingsResponse,
+  GetInfoResponse,
 } from '@kbn/fleet-plugin/common/types';
 import {
   GetUninstallTokenResponse,
@@ -173,4 +174,53 @@ export class SpaceTestApiClient {
 
     return res;
   }
+  // Package install
+  async getPackage(
+    { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string },
+    spaceId?: string
+  ): Promise<GetInfoResponse> {
+    const { body: res } = await this.supertest
+      .get(`${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}`)
+      .expect(200);
+
+    return res;
+  }
+  async installPackage(
+    { pkgName, pkgVersion, force }: { pkgName: string; pkgVersion: string; force?: boolean },
+    spaceId?: string
+  ) {
+    const { body: res } = await this.supertest
+      .post(`${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}`)
+      .set('kbn-xsrf', 'xxxx')
+      .send({ force })
+      .expect(200);
+
+    return res;
+  }
+  async deletePackageKibanaAssets(
+    { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string },
+    spaceId?: string
+  ) {
+    const { body: res } = await this.supertest
+      .delete(
+        `${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}/kibana_assets`
+      )
+      .set('kbn-xsrf', 'xxxx')
+      .expect(200);
+
+    return res;
+  }
+  async installPackageKibanaAssets(
+    { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string },
+    spaceId?: string
+  ) {
+    const { body: res } = await this.supertest
+      .post(
+        `${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}/kibana_assets`
+      )
+      .set('kbn-xsrf', 'xxxx')
+      .expect(200);
+
+    return res;
+  }
 }
diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/index.js b/x-pack/test/fleet_api_integration/apis/space_awareness/index.js
index 3a3d9ea907150..9733668cd913d 100644
--- a/x-pack/test/fleet_api_integration/apis/space_awareness/index.js
+++ b/x-pack/test/fleet_api_integration/apis/space_awareness/index.js
@@ -12,5 +12,6 @@ export default function loadTests({ loadTestFile }) {
     loadTestFile(require.resolve('./agent_policies'));
     loadTestFile(require.resolve('./agents'));
     loadTestFile(require.resolve('./enrollment_settings'));
+    loadTestFile(require.resolve('./package_install'));
   });
 }
diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts
new file mode 100644
index 0000000000000..ed464bd8d9f31
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts
@@ -0,0 +1,233 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../../api_integration/ftr_provider_context';
+import { skipIfNoDockerRegistry } from '../../helpers';
+import { SpaceTestApiClient } from './api_helper';
+import { cleanFleetIndices } from './helpers';
+import { setupTestSpaces, TEST_SPACE_1 } from './space_helpers';
+
+export default function (providerContext: FtrProviderContext) {
+  const { getService } = providerContext;
+  const supertest = getService('supertest');
+  const esClient = getService('es');
+  const kibanaServer = getService('kibanaServer');
+
+  describe('package install', async function () {
+    skipIfNoDockerRegistry(providerContext);
+    const apiClient = new SpaceTestApiClient(supertest);
+
+    before(async () => {
+      await kibanaServer.savedObjects.cleanStandardList();
+      await kibanaServer.savedObjects.cleanStandardList({
+        space: TEST_SPACE_1,
+      });
+      await cleanFleetIndices(esClient);
+    });
+
+    after(async () => {
+      await kibanaServer.savedObjects.cleanStandardList();
+      await kibanaServer.savedObjects.cleanStandardList({
+        space: TEST_SPACE_1,
+      });
+      await cleanFleetIndices(esClient);
+    });
+
+    setupTestSpaces(providerContext);
+
+    describe('kibana_assets', () => {
+      describe('with package installed in default space', () => {
+        before(async () => {
+          await kibanaServer.savedObjects.cleanStandardList();
+          await kibanaServer.savedObjects.cleanStandardList({
+            space: TEST_SPACE_1,
+          });
+          await cleanFleetIndices(esClient);
+          await apiClient.installPackage({
+            pkgName: 'nginx',
+            pkgVersion: '1.20.0',
+            force: true, // To avoid package verification
+          });
+        });
+
+        after(async () => {
+          await kibanaServer.savedObjects.cleanStandardList();
+          await kibanaServer.savedObjects.cleanStandardList({
+            space: TEST_SPACE_1,
+          });
+          await cleanFleetIndices(esClient);
+        });
+
+        it('should not allow to install kibana assets for a non installed package', async () => {
+          let err: Error | undefined;
+          try {
+            await apiClient.installPackageKibanaAssets({ pkgName: 'test', pkgVersion: '1.0.0' });
+          } catch (_err) {
+            err = _err;
+          }
+          expect(err).to.be.an(Error);
+          expect(err?.message).to.match(/404 "Not Found"/);
+        });
+
+        it('should not allow to install kibana assets for a non installed package version', async () => {
+          let err: Error | undefined;
+          try {
+            await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.19.0' });
+          } catch (_err) {
+            err = _err;
+          }
+          expect(err).to.be.an(Error);
+          expect(err?.message).to.match(/404 "Not Found"/);
+        });
+
+        it('should allow to install kibana assets in default space', async () => {
+          await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+
+          const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          if (!('installationInfo' in res.item)) {
+            throw new Error('not installed');
+          }
+
+          expect(res.item.installationInfo?.installed_kibana_space_id).eql('default');
+          expect(res.item.installationInfo?.additional_spaces_installed_kibana).eql(undefined);
+        });
+
+        it('should allow to install kibana assets in another space', async () => {
+          await apiClient.installPackageKibanaAssets(
+            { pkgName: 'nginx', pkgVersion: '1.20.0' },
+            TEST_SPACE_1
+          );
+
+          const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          if (!('installationInfo' in res.item)) {
+            throw new Error('not installed');
+          }
+
+          expect(res.item.installationInfo?.installed_kibana_space_id).eql('default');
+          expect(
+            Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {})
+          ).eql([TEST_SPACE_1]);
+
+          const dashboard = res.item.installationInfo!.additional_spaces_installed_kibana?.[
+            TEST_SPACE_1
+          ]!.find((asset) => asset.originId === 'nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519');
+          expect(dashboard).not.eql(undefined);
+        });
+
+        it('should not allow to delete kibana assets from default space', async () => {
+          let err: Error | undefined;
+          try {
+            await apiClient.deletePackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          } catch (_err) {
+            err = _err;
+          }
+          expect(err).to.be.an(Error);
+          expect(err?.message).to.match(/400 "Bad Request"/);
+        });
+
+        it('should allow to delete kibana assets from test space', async () => {
+          await apiClient.deletePackageKibanaAssets(
+            { pkgName: 'nginx', pkgVersion: '1.20.0' },
+            TEST_SPACE_1
+          );
+
+          const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          if (!('installationInfo' in res.item)) {
+            throw new Error('not installed');
+          }
+          expect(
+            Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {})
+          ).eql([]);
+        });
+      });
+
+      describe('with package installed in test space', () => {
+        before(async () => {
+          await kibanaServer.savedObjects.cleanStandardList();
+          await kibanaServer.savedObjects.cleanStandardList({
+            space: TEST_SPACE_1,
+          });
+          await cleanFleetIndices(esClient);
+          await apiClient.installPackage(
+            {
+              pkgName: 'nginx',
+              pkgVersion: '1.20.0',
+              force: true, // To avoid package verification
+            },
+            TEST_SPACE_1
+          );
+        });
+
+        after(async () => {
+          await kibanaServer.savedObjects.cleanStandardList();
+          await kibanaServer.savedObjects.cleanStandardList({
+            space: TEST_SPACE_1,
+          });
+          await cleanFleetIndices(esClient);
+        });
+
+        it('should not allow to install kibana assets for a non installed package', async () => {
+          let err: Error | undefined;
+          try {
+            await apiClient.installPackageKibanaAssets({ pkgName: 'test', pkgVersion: '1.0.0' });
+          } catch (_err) {
+            err = _err;
+          }
+          expect(err).to.be.an(Error);
+          expect(err?.message).to.match(/404 "Not Found"/);
+        });
+
+        it('should not allow to install kibana assets for a non installed package version', async () => {
+          let err: Error | undefined;
+          try {
+            await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.19.0' });
+          } catch (_err) {
+            err = _err;
+          }
+          expect(err).to.be.an(Error);
+          expect(err?.message).to.match(/404 "Not Found"/);
+        });
+
+        it('should allow to install kibana assets in test space', async () => {
+          await apiClient.installPackageKibanaAssets(
+            { pkgName: 'nginx', pkgVersion: '1.20.0' },
+            TEST_SPACE_1
+          );
+
+          const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          if (!('installationInfo' in res.item)) {
+            throw new Error('not installed');
+          }
+
+          expect(res.item.installationInfo?.installed_kibana_space_id).eql(TEST_SPACE_1);
+          expect(res.item.installationInfo?.additional_spaces_installed_kibana).eql(undefined);
+        });
+
+        it('should allow to install kibana assets in default space', async () => {
+          await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+
+          const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' });
+          if (!('installationInfo' in res.item)) {
+            throw new Error('not installed');
+          }
+
+          expect(res.item.installationInfo?.installed_kibana_space_id).eql(TEST_SPACE_1);
+          expect(
+            Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {})
+          ).eql(['default']);
+
+          const dashboard =
+            res.item.installationInfo!.additional_spaces_installed_kibana?.default!.find(
+              (asset) => asset.originId === 'nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519'
+            );
+          expect(dashboard).not.eql(undefined);
+        });
+      });
+    });
+  });
+}
diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts
index d2c3f1987667b..e92f6aa7121a3 100644
--- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts
+++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts
@@ -151,7 +151,16 @@ export const getArtificialLogDataViewTestData = ({
       analysisGroupsTable: getAnalysisGroupsTable(),
       filteredAnalysisGroupsTable: getFilteredAnalysisGroupsTable(),
       analysisTable: getAnalysisTable(),
-      columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'],
+      columnSelectorPopover: [
+        'Log rate',
+        'Doc count',
+        'p-value',
+        'Impact',
+        'Baseline rate',
+        'Deviation rate',
+        'Log rate change',
+        'Actions',
+      ],
       fieldSelectorPopover: getFieldSelectorPopover(),
       globalState: {
         refreshInterval: { pause: true, value: 60000 },
diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts
index 84e5cbed3e400..9ad71506c82cf 100644
--- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts
+++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts
@@ -25,7 +25,16 @@ export const farequoteDataViewTestData: TestData = {
   expected: {
     totalDocCountFormatted: '86,374',
     sampleProbabilityFormatted: '0.5',
-    columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'],
+    columnSelectorPopover: [
+      'Log rate',
+      'Doc count',
+      'p-value',
+      'Impact',
+      'Baseline rate',
+      'Deviation rate',
+      'Log rate change',
+      'Actions',
+    ],
     fieldSelectorPopover: ['airline', 'custom_field.keyword'],
     globalState: {
       refreshInterval: { pause: true, value: 60000 },
diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts
index 42fddac191988..9a0295f2b55bb 100644
--- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts
+++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts
@@ -44,7 +44,16 @@ export const farequoteDataViewTestDataWithQuery: TestData = {
         impact: 'High',
       },
     ],
-    columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'],
+    columnSelectorPopover: [
+      'Log rate',
+      'Doc count',
+      'p-value',
+      'Impact',
+      'Baseline rate',
+      'Deviation rate',
+      'Log rate change',
+      'Actions',
+    ],
     fieldSelectorPopover: ['airline', 'custom_field.keyword'],
     globalState: {
       refreshInterval: { pause: true, value: 60000 },
diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts
index 9645863ed1e82..9759cc149bf9f 100644
--- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts
+++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts
@@ -70,7 +70,16 @@ export const kibanaLogsDataViewTestData: TestData = {
       logRate: 'Chart type:bar chart',
       impact: 'High',
     })),
-    columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'],
+    columnSelectorPopover: [
+      'Log rate',
+      'Doc count',
+      'p-value',
+      'Impact',
+      'Baseline rate',
+      'Deviation rate',
+      'Log rate change',
+      'Actions',
+    ],
     fieldSelectorPopover: [
       'agent.keyword',
       'clientip',
diff --git a/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts b/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts
index 61fc8319cb907..6cfdc7356a4b5 100644
--- a/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts
+++ b/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts
@@ -33,6 +33,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await PageObjects.dashboard.switchToEditMode();
     }
     await dashboardAddPanel.clickEditorMenuButton();
+    await testSubjects.setValue('dashboardPanelSelectionFlyout__searchInput', 'maps');
     await dashboardAddPanel.clickVisType('maps');
     await PageObjects.maps.clickSaveAndReturnButton();
   }
diff --git a/x-pack/test/functional/apps/dataset_quality/data/logs_data.ts b/x-pack/test/functional/apps/dataset_quality/data/logs_data.ts
index 399030d1dd377..168aeb4b4df21 100644
--- a/x-pack/test/functional/apps/dataset_quality/data/logs_data.ts
+++ b/x-pack/test/functional/apps/dataset_quality/data/logs_data.ts
@@ -191,6 +191,7 @@ export function createDegradedFieldsRecord({
 
 export const datasetNames = ['synth.1', 'synth.2', 'synth.3'];
 export const defaultNamespace = 'default';
+export const productionNamespace = 'production';
 
 // Logs Data logic
 const MESSAGE_LOG_LEVELS: MessageWithLevel[] = [
diff --git a/x-pack/test/functional/apps/dataset_quality/dataset_quality_flyout.ts b/x-pack/test/functional/apps/dataset_quality/dataset_quality_flyout.ts
index b3a80bd673d8a..59e11b225772a 100644
--- a/x-pack/test/functional/apps/dataset_quality/dataset_quality_flyout.ts
+++ b/x-pack/test/functional/apps/dataset_quality/dataset_quality_flyout.ts
@@ -12,6 +12,7 @@ import {
   datasetNames,
   getInitialTestLogs,
   getLogsForDataset,
+  productionNamespace,
 } from './data';
 
 const integrationActions = {
@@ -32,22 +33,70 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
   const retry = getService('retry');
   const browser = getService('browser');
   const to = '2024-01-01T12:00:00.000Z';
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const apacheIntegrationId = 'apache';
+  const apachePkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
+
+  const bitbucketDatasetName = 'atlassian_bitbucket.audit';
+  const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+  const bitbucketPkg = {
+    name: 'atlassian_bitbucket',
+    version: '1.14.0',
+  };
+
+  const degradedDatasetName = datasetNames[2];
+
+  describe('Flyout', () => {
+    before(async () => {
+      // Install Apache Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(apachePkg);
+
+      // Install Bitbucket Integration (package which does not has Dashboards) and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(bitbucketPkg);
+
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        createDegradedFieldsRecord({
+          to: new Date().toISOString(),
+          count: 2,
+          dataset: degradedDatasetName,
+        }),
+        // Index 15 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 15,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+        // Index degraded docs for Apache integration
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+          isMalformed: true,
+        }),
+        // Index logs for Bitbucket integration
+        getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }),
+      ]);
+
+      await PageObjects.datasetQuality.navigateTo();
+    });
 
-  describe('Dataset quality flyout', () => {
-    // FLAKY: https://github.com/elastic/kibana/issues/182154
-    // Added this sub describe block so that the existing flaky tests can be skipped and new ones can be added in the other describe block
-    describe.skip('Other dataset quality flyout tests', () => {
-      before(async () => {
-        await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
-        await PageObjects.datasetQuality.navigateTo();
-      });
-
-      after(async () => {
-        await synthtrace.clean();
-        await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
-      });
+    after(async () => {
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(apachePkg);
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(bitbucketPkg);
+      await synthtrace.clean();
+    });
 
-      it('opens the flyout for the right dataset', async () => {
+    describe('open flyout', () => {
+      it('should open the flyout for the right dataset', async () => {
         const testDatasetName = datasetNames[1];
 
         await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
@@ -55,42 +104,12 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
         await testSubjects.existOrFail(
           PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutTitle
         );
-      });
-
-      it('shows the correct last activity', async () => {
-        const testDatasetName = datasetNames[0];
 
-        // Update last activity for the dataset
         await PageObjects.datasetQuality.closeFlyout();
-        await synthtrace.index(
-          getLogsForDataset({ to: new Date().toISOString(), count: 1, dataset: testDatasetName })
-        );
-        await PageObjects.datasetQuality.refreshTable();
-
-        const cols = await PageObjects.datasetQuality.parseDatasetTable();
-
-        const datasetNameCol = cols['Data Set Name'];
-        const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-
-        const testDatasetRowIndex = datasetNameColCellTexts.findIndex(
-          (dName: string) => dName === testDatasetName
-        );
-
-        const lastActivityText = (await cols['Last Activity'].getCellTexts())[testDatasetRowIndex];
-
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
-
-        const lastActivityTextExists = await PageObjects.datasetQuality.doestTextExistInFlyout(
-          lastActivityText,
-          `[data-test-subj=${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutFieldValue}]`
-        );
-
-        expect(lastActivityTextExists).to.eql(true);
       });
 
       it('reflects the breakdown field state in url', async () => {
-        const testDatasetName = datasetNames[0];
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
         const breakdownField = 'service.name';
         await PageObjects.datasetQuality.selectBreakdownField(breakdownField);
@@ -109,25 +128,25 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
           const currentUrl = await browser.getCurrentUrl();
           expect(currentUrl).to.not.contain('breakdownField');
         });
+        await PageObjects.datasetQuality.closeFlyout();
       });
+    });
 
-      it('shows the integration details', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-        const apacheIntegrationId = 'apache';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+    describe('integrations', () => {
+      it('should hide the integration section for non integrations', async () => {
+        const testDatasetName = datasetNames[1];
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
+        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
 
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
+        await testSubjects.missingOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors
+            .datasetQualityFlyoutFieldsListIntegrationDetails
         );
 
-        await PageObjects.datasetQuality.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
+      it('should shows the integration section for integrations', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const integrationNameElements = await PageObjects.datasetQuality.getFlyoutElementsByText(
@@ -135,124 +154,141 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
           apacheIntegrationId
         );
 
-        await PageObjects.datasetQuality.closeFlyout();
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors
+            .datasetQualityFlyoutFieldsListIntegrationDetails
+        );
 
         expect(integrationNameElements.length).to.eql(1);
+
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('goes to log explorer page when open button is clicked', async () => {
-        const testDatasetName = datasetNames[2];
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
+      it('should show the integration actions menu with correct actions', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        await (await PageObjects.datasetQuality.getFlyoutLogsExplorerButton()).click();
+        const actions = await Promise.all(
+          Object.values(integrationActions).map((action) =>
+            PageObjects.datasetQuality.getIntegrationActionButtonByAction(action)
+          )
+        );
 
-        // Confirm dataset selector text in observability logs explorer
-        const datasetSelectorText =
-          await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
-        expect(datasetSelectorText).to.eql(testDatasetName);
+        expect(actions.length).to.eql(3);
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+
+      it('should hide integration dashboard for integrations without dashboards', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+
+        await testSubjects.missingOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutIntegrationAction(
+            integrationActions.viewDashboards
+          )
+        );
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('shows summary KPIs', async () => {
+      it('Should navigate to integration overview page on clicking integration overview action', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.overview
+        );
+
+        await action.click();
+
+        await retry.tryForTime(5000, async () => {
+          const currentUrl = await browser.getCurrentUrl();
+          const parsedUrl = new URL(currentUrl);
+
+          expect(parsedUrl.pathname).to.contain('/app/integrations/detail/atlassian_bitbucket');
+        });
+
         await PageObjects.datasetQuality.navigateTo();
+      });
 
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+      it('should navigate to index template page in clicking Integration template', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.template
+        );
+
+        await action.click();
 
-        const summary = await PageObjects.datasetQuality.parseFlyoutKpis();
-        expect(summary).to.eql({
-          docsCountTotal: '0',
-          size: '0.0 B',
-          services: '0',
-          hosts: '0',
-          degradedDocs: '0',
+        await retry.tryForTime(5000, async () => {
+          const currentUrl = await browser.getCurrentUrl();
+          const parsedUrl = new URL(currentUrl);
+          expect(parsedUrl.pathname).to.contain(
+            `/app/management/data/index_management/templates/logs-${apacheAccessDatasetName}`
+          );
         });
+        await PageObjects.datasetQuality.navigateTo();
       });
 
-      it('shows the updated KPIs', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+      it('should navigate to the selected dashboard on clicking integration dashboard action ', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        const summaryBefore = await PageObjects.datasetQuality.parseFlyoutKpis();
-
-        // Set time range to 3 days ago
-        const flyoutBodyContainer = await testSubjects.find(
-          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutBody
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.viewDashboards
         );
-        await PageObjects.datasetQuality.setDatePickerLastXUnits(flyoutBodyContainer, 3, 'd');
 
-        // Index 2 doc 2 days ago
-        const time2DaysAgo = Date.now() - 2 * 24 * 60 * 60 * 1000;
-        await synthtrace.index(
-          getLogsForDataset({
-            to: time2DaysAgo,
-            count: 2,
-            dataset: apacheAccessDatasetName,
-            isMalformed: false,
-          })
-        );
+        await action.click();
 
-        // Index 5 degraded docs 2 days ago
-        await synthtrace.index(
-          getLogsForDataset({
-            to: time2DaysAgo,
-            count: 5,
-            dataset: apacheAccessDatasetName,
-            isMalformed: true,
-          })
-        );
+        const dashboardButtons = await PageObjects.datasetQuality.getIntegrationDashboardButtons();
+        const firstDashboardButton = await dashboardButtons[0];
+        const dashboardText = await firstDashboardButton.getVisibleText();
 
-        await PageObjects.datasetQuality.refreshFlyout();
-        const summaryAfter = await PageObjects.datasetQuality.parseFlyoutKpis();
+        await firstDashboardButton.click();
 
-        expect(parseInt(summaryAfter.docsCountTotal, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.docsCountTotal, 10)
-        );
+        const breadcrumbText = await testSubjects.getVisibleText('breadcrumb last');
 
-        expect(parseInt(summaryAfter.degradedDocs, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.degradedDocs, 10)
-        );
+        expect(breadcrumbText).to.eql(dashboardText);
 
-        expect(parseInt(summaryAfter.size, 10)).to.be.greaterThan(parseInt(summaryBefore.size, 10));
-        expect(parseInt(summaryAfter.services, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.services, 10)
-        );
-        expect(parseInt(summaryAfter.hosts, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.hosts, 10)
-        );
+        await PageObjects.datasetQuality.navigateTo();
       });
+    });
 
-      it('shows the right number of services', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+    describe('summary panel', () => {
+      it('should show summary KPIs', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
-        const summaryBefore = await PageObjects.datasetQuality.parseFlyoutKpis();
-        const testServices = ['test-srv-1', 'test-srv-2'];
+        const { docsCountTotal, degradedDocs, services, hosts, size } =
+          await PageObjects.datasetQuality.parseFlyoutKpis();
+        expect(parseInt(docsCountTotal, 10)).to.be(226);
+        expect(parseInt(degradedDocs, 10)).to.be(1);
+        expect(parseInt(services, 10)).to.be(3);
+        expect(parseInt(hosts, 10)).to.be(52);
+        expect(parseInt(size, 10)).to.be.greaterThan(0);
 
-        // Index 2 docs with different services
-        const timeNow = Date.now();
-        await synthtrace.index(
-          getLogsForDataset({
-            to: timeNow,
-            count: 2,
-            dataset: apacheAccessDatasetName,
-            isMalformed: false,
-            services: testServices,
-          })
-        );
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+    });
 
-        await PageObjects.datasetQuality.refreshFlyout();
-        const summaryAfter = await PageObjects.datasetQuality.parseFlyoutKpis();
+    describe('navigation', () => {
+      it('should go to log explorer page when the open in log explorer button is clicked', async () => {
+        const testDatasetName = datasetNames[2];
+        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
 
-        expect(parseInt(summaryAfter.services, 10)).to.eql(
-          parseInt(summaryBefore.services, 10) + testServices.length
-        );
+        const logExplorerButton = await PageObjects.datasetQuality.getFlyoutLogsExplorerButton();
+
+        await logExplorerButton.click();
+
+        // Confirm dataset selector text in observability logs explorer
+        const datasetSelectorText =
+          await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
+        expect(datasetSelectorText).to.eql(testDatasetName);
+
+        // Should bring back the test to the dataset quality page
+        await PageObjects.datasetQuality.navigateTo();
       });
 
-      it('goes to log explorer for degraded docs when show all is clicked', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+      it('should go log explorer for degraded docs when the show all button is clicked', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const degradedDocsShowAllSelector = `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutKpiLink}-${PageObjects.datasetQuality.texts.degradedDocs}`;
@@ -266,11 +302,13 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
 
         await browser.closeCurrentWindow();
         await browser.switchTab(0);
+
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
       // Blocked by https://github.com/elastic/kibana/issues/181705
+      // Its a test written ahead of its time.
       it.skip('goes to infra hosts for hosts when show all is clicked', async () => {
-        const apacheAccessDatasetHumanName = 'Apache access logs';
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const hostsShowAllSelector = `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutKpiLink}-${PageObjects.datasetQuality.texts.hosts}`;
@@ -286,307 +324,132 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
 
         await browser.closeCurrentWindow();
         await browser.switchTab(0);
-      });
 
-      it('Integration actions menu is present with correct actions', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+    });
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
+    describe('degraded fields table', () => {
+      it(' should show empty degraded fields table when no degraded fields are present', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(datasetNames[0]);
 
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedTableNoData
         );
 
-        await PageObjects.datasetQuality.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+      it('should show the degraded fields table with data when present', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        const actions = await Promise.all(
-          Object.values(integrationActions).map((action) =>
-            PageObjects.datasetQuality.getIntegrationActionButtonByAction(action)
-          )
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedFieldTable
         );
 
-        expect(actions.length).to.eql(3);
-      });
+        const rows =
+          await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
 
-      it('Integration dashboard action hidden for integrations without dashboards', async () => {
-        const bitbucketDatasetName = 'atlassian_bitbucket.audit';
-        const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+        expect(rows.length).to.eql(2);
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.installPackage({
-          name: 'atlassian_bitbucket',
-          version: '1.14.0',
-        });
+      it('should display Spark Plot for every row of degraded fields', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        // Index 10 logs for `atlassian_bitbucket.audit` dataset
-        await synthtrace.index(getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }));
+        const rows =
+          await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
 
-        await PageObjects.datasetQuality.navigateTo();
+        const sparkPlots = await testSubjects.findAll(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualitySparkPlot
+        );
 
-        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        expect(rows.length).to.be(sparkPlots.length);
 
-        await testSubjects.missingOrFail(
-          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutIntegrationAction(
-            integrationActions.viewDashboards
-          )
-        );
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('Integration overview action should navigate to the integration overview page', async () => {
-        const bitbucketDatasetName = 'atlassian_bitbucket.audit';
-        const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+      it('should sort the table when the count table header is clicked', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.installPackage({
-          name: 'atlassian_bitbucket',
-          version: '1.14.0',
-        });
+        const countColumn = table['Docs count'];
+        const cellTexts = await countColumn.getCellTexts();
 
-        // Index 10 logs for `atlassian_bitbucket.audit` dataset
-        await synthtrace.index(getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }));
+        await countColumn.sort('ascending');
+        const sortedCellTexts = await countColumn.getCellTexts();
 
-        await PageObjects.datasetQuality.navigateTo();
+        expect(cellTexts.reverse()).to.eql(sortedCellTexts);
 
-        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-          integrationActions.overview
-        );
+      it('should update the URL when the table is sorted', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        await action.click();
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const countColumn = table['Docs count'];
 
         await retry.tryForTime(5000, async () => {
           const currentUrl = await browser.getCurrentUrl();
           const parsedUrl = new URL(currentUrl);
+          const pageState = parsedUrl.searchParams.get('pageState');
 
-          expect(parsedUrl.pathname).to.contain('/app/integrations/detail/atlassian_bitbucket');
+          expect(decodeURIComponent(pageState as string)).to.contain(
+            'sort:(direction:desc,field:count)'
+          );
         });
-      });
-
-      it('Integration template action should navigate to the index template page', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
-
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-        );
-
-        await PageObjects.datasetQuality.navigateTo();
-
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        countColumn.sort('ascending');
 
         await retry.tryForTime(5000, async () => {
-          const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-            integrationActions.template
-          );
-
-          await action.click();
-
           const currentUrl = await browser.getCurrentUrl();
           const parsedUrl = new URL(currentUrl);
-          expect(parsedUrl.pathname).to.contain(
-            `/app/management/data/index_management/templates/logs-${apacheAccessDatasetName}`
-          );
-        });
-      });
-
-      it('Integration dashboard action should navigate to the selected dashboard', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
-
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-        );
-
-        await PageObjects.datasetQuality.navigateTo();
-
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
-
-        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-          integrationActions.viewDashboards
-        );
-
-        await action.click();
-
-        const dashboardButtons = await PageObjects.datasetQuality.getIntegrationDashboardButtons();
-        const firstDashboardButton = await dashboardButtons[0];
-        const dashboardText = await firstDashboardButton.getVisibleText();
-
-        await firstDashboardButton.click();
-
-        const breadcrumbText = await testSubjects.getVisibleText('breadcrumb last');
-
-        expect(breadcrumbText).to.eql(dashboardText);
-      });
-    });
-
-    // The above describe block has some failing/flaky tests which will
-    // be fixed as part of the tech debt mentioned here
-    // https://github.com/elastic/kibana/issues/184145
-    // Until then, the below describe block is added to cover the tests for the
-    // newly added degraded Fields Table. This must be merged under the above
-    // describe block once the tech debt is fixed.
-    describe('Dataset quality flyout with degraded fields', () => {
-      const goodDatasetName = 'good';
-      const degradedDatasetName = 'degraded';
-      const today = new Date().toISOString();
-
-      describe('Degraded Fields Table with common data', () => {
-        before(async () => {
-          await synthtrace.index([
-            getLogsForDataset({
-              to: today,
-              count: 2,
-              dataset: goodDatasetName,
-              isMalformed: false,
-            }),
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
-          await PageObjects.datasetQuality.navigateTo();
-        });
+          const pageState = parsedUrl.searchParams.get('pageState');
 
-        after(async () => {
-          await synthtrace.clean();
-        });
-
-        it('shows the degraded fields table with no data when no degraded fields are present', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(goodDatasetName);
-
-          await testSubjects.existOrFail(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedTableNoData
-          );
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
-
-        it('should load the degraded fields table with data', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          await testSubjects.existOrFail(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedFieldTable
+          expect(decodeURIComponent(pageState as string)).to.contain(
+            'sort:(direction:asc,field:count)'
           );
-
-          const rows =
-            await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
-
-          expect(rows.length).to.eql(2);
-
-          await PageObjects.datasetQuality.closeFlyout();
         });
 
-        it('should display Spark Plot for every row of degraded fields', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          const rows =
-            await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
-
-          const sparkPlots = await testSubjects.findAll(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualitySparkPlot
-          );
-
-          expect(rows.length).to.be(sparkPlots.length);
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
-
-        it('should sort the table when the count table header is clicked', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
-
-          const countColumn = table['Docs count'];
-          const cellTexts = await countColumn.getCellTexts();
-
-          await countColumn.sort('ascending');
-          const sortedCellTexts = await countColumn.getCellTexts();
-
-          expect(cellTexts.reverse()).to.eql(sortedCellTexts);
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      describe('Degraded Fields Table with data ingestion', () => {
-        before(async () => {
-          await synthtrace.index([
-            getLogsForDataset({
-              to: today,
-              count: 2,
-              dataset: goodDatasetName,
-              isMalformed: false,
-            }),
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
-          await PageObjects.datasetQuality.navigateTo();
-        });
-
-        after(async () => {
-          await synthtrace.clean();
-        });
+      // This is the only test which ingest data during the test.
+      // This block tests the refresh behavior of the degraded fields table.
+      // Even though this test ingest data, it can also be freely moved inside
+      // this describe block, and it won't affect any of the existing tests
+      it('should update the table when new data is ingested and the flyout is refreshed using the time selector', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        it('should update the table when new data is ingested and the flyout is refreshed using the time selector', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
 
-          const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const countColumn = table['Docs count'];
+        const cellTexts = await countColumn.getCellTexts();
 
-          const countColumn = table['Docs count'];
-          const cellTexts = await countColumn.getCellTexts();
+        await synthtrace.index([
+          createDegradedFieldsRecord({
+            to: new Date().toISOString(),
+            count: 2,
+            dataset: degradedDatasetName,
+          }),
+        ]);
 
-          await synthtrace.index([
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
+        await PageObjects.datasetQuality.refreshFlyout();
 
-          await PageObjects.datasetQuality.refreshFlyout();
+        const updatedTable = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const updatedCountColumn = updatedTable['Docs count'];
 
-          const updatedCellTexts = await countColumn.getCellTexts();
+        const updatedCellTexts = await updatedCountColumn.getCellTexts();
 
-          const singleValuePreviously = parseInt(cellTexts[0], 10);
-          const singleValueNow = parseInt(updatedCellTexts[0], 10);
+        const singleValuePreviously = parseInt(cellTexts[0], 10);
+        const singleValueNow = parseInt(updatedCellTexts[0], 10);
 
-          expect(singleValueNow).to.be(singleValuePreviously * 2);
+        expect(singleValueNow).to.be.greaterThan(singleValuePreviously);
 
-          await PageObjects.datasetQuality.closeFlyout();
-        });
+        await PageObjects.datasetQuality.closeFlyout();
       });
     });
   });
diff --git a/x-pack/test/functional/apps/dataset_quality/dataset_quality_summary.ts b/x-pack/test/functional/apps/dataset_quality/dataset_quality_summary.ts
index c3bc9ea3145a5..491a3b20c8004 100644
--- a/x-pack/test/functional/apps/dataset_quality/dataset_quality_summary.ts
+++ b/x-pack/test/functional/apps/dataset_quality/dataset_quality_summary.ts
@@ -17,21 +17,47 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
     'datasetQuality',
   ]);
   const synthtrace = getService('logSynthtraceEsClient');
-  const browser = getService('browser');
-  const retry = getService('retry');
   const to = '2024-01-01T12:00:00.000Z';
 
+  const ingestDataForSummary = async () => {
+    // Ingest documents for 3 type of datasets
+    return synthtrace.index([
+      // Ingest good data to all 3 datasets
+      getInitialTestLogs({ to, count: 4 }),
+      // Ingesting poor data to one dataset
+      getLogsForDataset({
+        to: Date.now(),
+        count: 1,
+        dataset: datasetNames[1],
+        isMalformed: true,
+      }),
+      // Ingesting degraded docs into another dataset by ingesting malformed 1st and then good data
+      getLogsForDataset({
+        to: Date.now(),
+        count: 1,
+        dataset: datasetNames[2],
+        isMalformed: true,
+      }),
+      getLogsForDataset({
+        to: Date.now(),
+        count: 10,
+        dataset: datasetNames[2],
+        isMalformed: false,
+      }),
+    ]);
+  };
+
   describe('Dataset quality summary', () => {
     before(async () => {
       await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
       await PageObjects.datasetQuality.navigateTo();
     });
 
-    after(async () => {
+    afterEach(async () => {
       await synthtrace.clean();
     });
 
-    it('shows poor, degraded and good count', async () => {
+    it('shows poor, degraded and good count as 0 and all dataset as healthy', async () => {
       const summary = await PageObjects.datasetQuality.parseSummaryPanel();
       expect(summary).to.eql({
         datasetHealthPoor: '0',
@@ -42,92 +68,21 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
       });
     });
 
-    it('updates the poor count when degraded docs are ingested', async () => {
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[2],
-          isMalformed: true,
-        })
-      );
-
-      await browser.refresh();
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
-
-      await retry.try(async () => {
-        const summary = await PageObjects.datasetQuality.parseSummaryPanel();
-        const { estimatedData, ...restOfSummary } = summary;
-        expect(restOfSummary).to.eql({
-          datasetHealthPoor: '1',
-          datasetHealthDegraded: '0',
-          datasetHealthGood: '2',
-          activeDatasets: '1 of 3',
-        });
-      });
-    });
-
-    it('updates the degraded count when degraded docs are ingested', async () => {
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[1],
-          isMalformed: true,
-        })
-      );
-
-      // Index healthy documents
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 10,
-          dataset: datasetNames[1],
-          isMalformed: false,
-        })
-      );
-
-      await browser.refresh();
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
+    it('shows updated count for poor, degraded and good datasets, estimated size and updates active datasets', async () => {
+      await ingestDataForSummary();
+      await PageObjects.datasetQuality.refreshTable();
 
-      await retry.try(async () => {
-        const { estimatedData, ...restOfSummary } =
-          await PageObjects.datasetQuality.parseSummaryPanel();
-        expect(restOfSummary).to.eql({
-          datasetHealthPoor: '1',
-          datasetHealthDegraded: '1',
-          datasetHealthGood: '1',
-          activeDatasets: '2 of 3',
-        });
+      const summary = await PageObjects.datasetQuality.parseSummaryPanel();
+      const { estimatedData, ...restOfSummary } = summary;
+      expect(restOfSummary).to.eql({
+        datasetHealthPoor: '1',
+        datasetHealthDegraded: '1',
+        datasetHealthGood: '1',
+        activeDatasets: '2 of 3',
       });
-    });
-
-    it('updates active datasets and estimated data KPIs', async () => {
-      const { estimatedData: existingEstimatedData } =
-        await PageObjects.datasetQuality.parseSummaryPanel();
-
-      // Index document at current time to mark dataset as active
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 4,
-          dataset: datasetNames[0],
-          isMalformed: false,
-        })
-      );
 
-      await browser.refresh(); // Summary panel doesn't update reactively
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
-
-      await retry.try(async () => {
-        const { activeDatasets: updatedActiveDatasets, estimatedData: updatedEstimatedData } =
-          await PageObjects.datasetQuality.parseSummaryPanel();
-
-        expect(updatedActiveDatasets).to.eql('3 of 3');
-        expect(updatedEstimatedData).to.not.eql(existingEstimatedData);
-      });
+      const sizeInNumber = parseFloat(estimatedData.split(' ')[0]);
+      expect(sizeInNumber).to.be.greaterThan(0);
     });
   });
 }
diff --git a/x-pack/test/functional/apps/dataset_quality/dataset_quality_table.ts b/x-pack/test/functional/apps/dataset_quality/dataset_quality_table.ts
index 51707db1f852c..fb6c6ed9b519f 100644
--- a/x-pack/test/functional/apps/dataset_quality/dataset_quality_table.ts
+++ b/x-pack/test/functional/apps/dataset_quality/dataset_quality_table.ts
@@ -7,7 +7,13 @@
 
 import expect from '@kbn/expect';
 import { DatasetQualityFtrProviderContext } from './config';
-import { datasetNames, defaultNamespace, getInitialTestLogs, getLogsForDataset } from './data';
+import {
+  datasetNames,
+  defaultNamespace,
+  getInitialTestLogs,
+  getLogsForDataset,
+  productionNamespace,
+} from './data';
 
 export default function ({ getService, getPageObjects }: DatasetQualityFtrProviderContext) {
   const PageObjects = getPageObjects([
@@ -17,40 +23,78 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
     'datasetQuality',
   ]);
   const synthtrace = getService('logSynthtraceEsClient');
-  const testSubjects = getService('testSubjects');
-  const retry = getService('retry');
   const to = '2024-01-01T12:00:00.000Z';
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const pkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
 
   describe('Dataset quality table', () => {
     before(async () => {
-      await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
+      // Install Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(pkg);
+      // Ingest basic logs
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: datasetNames[2],
+          isMalformed: true,
+        }),
+        // Index 10 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to,
+          count: 10,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+      ]);
       await PageObjects.datasetQuality.navigateTo();
     });
 
     after(async () => {
       await synthtrace.clean();
-      await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(pkg);
     });
 
-    it('shows the right number of rows in correct order', async () => {
+    it('shows sort by dataset name and show namespace', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
-
       const datasetNameCol = cols['Data Set Name'];
       await datasetNameCol.sort('descending');
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql([...datasetNames].reverse());
+      expect(datasetNameColCellTexts).to.eql(
+        [apacheAccessDatasetHumanName, ...datasetNames].reverse()
+      );
 
       const namespaceCol = cols.Namespace;
       const namespaceColCellTexts = await namespaceCol.getCellTexts();
-      expect(namespaceColCellTexts).to.eql([defaultNamespace, defaultNamespace, defaultNamespace]);
+      expect(namespaceColCellTexts).to.eql([
+        defaultNamespace,
+        defaultNamespace,
+        defaultNamespace,
+        productionNamespace,
+      ]);
 
-      const degradedDocsCol = cols['Degraded Docs (%)'];
-      const degradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%']);
+      // Cleaning the sort
+      await datasetNameCol.sort('ascending');
+    });
 
+    it('shows the last activity', async () => {
+      const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const lastActivityCol = cols['Last Activity'];
-      const lastActivityColCellTexts = await lastActivityCol.getCellTexts();
-      expect(lastActivityColCellTexts).to.eql([
+      const activityCells = await lastActivityCol.getCellTexts();
+      const lastActivityCell = activityCells[activityCells.length - 1];
+      const restActivityCells = activityCells.slice(0, -1);
+
+      // The first cell of lastActivity should have data
+      expect(lastActivityCell).to.not.eql(PageObjects.datasetQuality.texts.noActivityText);
+      // The rest of the rows must show no activity
+      expect(restActivityCells).to.eql([
         PageObjects.datasetQuality.texts.noActivityText,
         PageObjects.datasetQuality.texts.noActivityText,
         PageObjects.datasetQuality.texts.noActivityText,
@@ -59,111 +103,30 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
 
     it('shows degraded docs percentage', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-      await datasetNameCol.sort('ascending');
 
       const degradedDocsCol = cols['Degraded Docs (%)'];
       const degradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%']);
-
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[2],
-          isMalformed: true,
-        })
-      );
-
-      // Set time range to Last 5 minute
-      const filtersContainer = await testSubjects.find(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFiltersContainer
-      );
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 5, 'm');
-
-      const updatedDegradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(updatedDegradedDocsColCellTexts[2]).to.not.eql('0%');
+      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%', '100%']);
     });
 
-    it('shows the updated size of the index', async () => {
-      const testDatasetIndex = 2;
+    it('shows the value in the size column', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-      await datasetNameCol.sort('ascending');
-      const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-
-      const datasetToUpdateRowIndex = datasetNameColCellTexts.findIndex(
-        (dName: string) => dName === datasetNames[testDatasetIndex]
-      );
 
       const sizeColCellTexts = await cols.Size.getCellTexts();
-      const beforeSize = sizeColCellTexts[datasetToUpdateRowIndex];
+      const sizeGreaterThanZero = sizeColCellTexts[3];
+      const sizeEqualToZero = sizeColCellTexts[2];
 
-      // Index documents with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 4,
-          dataset: datasetNames[testDatasetIndex],
-          isMalformed: false,
-        })
-      );
-
-      const colsAfterUpdate = await PageObjects.datasetQuality.parseDatasetTable();
-
-      // Assert that size has changed
-      await retry.tryForTime(15000, async () => {
-        // Refresh the table
-        await PageObjects.datasetQuality.refreshTable();
-        const updatedSizeColCellTexts = await colsAfterUpdate.Size.getCellTexts();
-        expect(updatedSizeColCellTexts[datasetToUpdateRowIndex]).to.not.eql(beforeSize);
-      });
-    });
-
-    it('sorts by dataset name', async () => {
-      // const header = await PageObjects.datasetQuality.getDatasetTableHeader('Data Set Name');
-      const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-
-      // Sort ascending
-      await datasetNameCol.sort('ascending');
-      const cellTexts = await datasetNameCol.getCellTexts();
-
-      const datasetNamesAsc = [...datasetNames].sort();
-
-      expect(cellTexts).to.eql(datasetNamesAsc);
+      expect(sizeGreaterThanZero).to.not.eql('0.0 KB');
+      expect(sizeEqualToZero).to.eql('0.0 B');
     });
 
     it('shows dataset from integration', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const apacheAccessDatasetHumanName = 'Apache access logs';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
 
-      // Sort ascending
-      await datasetNameCol.sort('ascending');
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
 
-      const datasetNamesAsc = [...datasetNames, apacheAccessDatasetHumanName].sort();
-
-      // Assert there are 4 rows
-      expect(datasetNameColCellTexts.length).to.eql(4);
-
-      expect(datasetNameColCellTexts).to.eql(datasetNamesAsc);
+      expect(datasetNameColCellTexts[0]).to.eql(apacheAccessDatasetHumanName);
     });
 
     it('goes to log explorer page when opened', async () => {
@@ -179,50 +142,12 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
       const datasetSelectorText =
         await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
       expect(datasetSelectorText).to.eql(datasetName);
-    });
 
-    it('shows the last activity when in time range', async () => {
+      // Return to Dataset Quality Page
       await PageObjects.datasetQuality.navigateTo();
-      const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const lastActivityCol = cols['Last Activity'];
-      const datasetNameCol = cols['Data Set Name'];
-
-      // Set time range to Last 1 minute
-      const filtersContainer = await testSubjects.find(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFiltersContainer
-      );
-
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 1, 's');
-      const lastActivityColCellTexts = await lastActivityCol.getCellTexts();
-      expect(lastActivityColCellTexts).to.eql([
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-      ]);
-
-      const datasetToUpdate = datasetNames[0];
-      await synthtrace.index(
-        getLogsForDataset({ to: new Date().toISOString(), count: 1, dataset: datasetToUpdate })
-      );
-      const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      const datasetToUpdateRowIndex = datasetNameColCellTexts.findIndex(
-        (dName: string) => dName === datasetToUpdate
-      );
-
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 1, 'h');
-
-      await retry.tryForTime(5000, async () => {
-        const updatedLastActivityColCellTexts = await lastActivityCol.getCellTexts();
-        expect(updatedLastActivityColCellTexts[datasetToUpdateRowIndex]).to.not.eql(
-          PageObjects.datasetQuality.texts.noActivityText
-        );
-      });
     });
 
     it('hides inactive datasets', async () => {
-      await PageObjects.datasetQuality.waitUntilTableLoaded();
-
       // Get number of rows with Last Activity not equal to "No activity in the selected timeframe"
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const lastActivityCol = cols['Last Activity'];
diff --git a/x-pack/test/functional/apps/dataset_quality/dataset_quality_table_filters.ts b/x-pack/test/functional/apps/dataset_quality/dataset_quality_table_filters.ts
index ac118a5c1d1cc..3c8c3e702d576 100644
--- a/x-pack/test/functional/apps/dataset_quality/dataset_quality_table_filters.ts
+++ b/x-pack/test/functional/apps/dataset_quality/dataset_quality_table_filters.ts
@@ -7,7 +7,7 @@
 
 import expect from '@kbn/expect';
 import { DatasetQualityFtrProviderContext } from './config';
-import { datasetNames, defaultNamespace, getInitialTestLogs, getLogsForDataset } from './data';
+import { datasetNames, getInitialTestLogs, getLogsForDataset, productionNamespace } from './data';
 
 export default function ({ getService, getPageObjects }: DatasetQualityFtrProviderContext) {
   const PageObjects = getPageObjects([
@@ -19,55 +19,73 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
   const synthtrace = getService('logSynthtraceEsClient');
   const testSubjects = getService('testSubjects');
   const to = '2024-01-01T12:00:00.000Z';
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const apacheIntegrationName = 'Apache HTTP Server';
+  const pkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
+  const allDatasetNames = [apacheAccessDatasetHumanName, ...datasetNames];
 
   describe('Dataset quality table filters', () => {
     before(async () => {
-      await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
+      // Install Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(pkg);
+      // Ingest basic logs
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: datasetNames[2],
+          isMalformed: true,
+        }),
+        // Index 10 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to,
+          count: 10,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+      ]);
       await PageObjects.datasetQuality.navigateTo();
     });
 
     after(async () => {
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(pkg);
       await synthtrace.clean();
-      await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
-    });
-
-    it('hides inactive datasets when toggled', async () => {
-      const initialRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(initialRows.length).to.eql(3);
-
-      await PageObjects.datasetQuality.toggleShowInactiveDatasets();
-
-      const afterToggleRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(afterToggleRows.length).to.eql(1);
-
-      await PageObjects.datasetQuality.toggleShowInactiveDatasets();
-
-      const afterReToggleRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(afterReToggleRows.length).to.eql(3);
     });
 
     it('shows full dataset names when toggled', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql(datasetNames);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       await PageObjects.datasetQuality.toggleShowFullDatasetNames();
 
       const datasetNameColCellTextsAfterToggle = await datasetNameCol.getCellTexts();
-      const duplicateNames = datasetNames.map((name) => `${name}\n${name}`);
+      const duplicateNames = [
+        `${apacheAccessDatasetHumanName}\n${apacheAccessDatasetName}`,
+        ...datasetNames.map((name) => `${name}\n${name}`),
+      ];
+
       expect(datasetNameColCellTextsAfterToggle).to.eql(duplicateNames);
 
+      // resetting the toggle
       await PageObjects.datasetQuality.toggleShowFullDatasetNames();
       const datasetNameColCellTextsAfterReToggle = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTextsAfterReToggle).to.eql(datasetNames);
+      expect(datasetNameColCellTextsAfterReToggle).to.eql(allDatasetNames);
     });
 
     it('searches the datasets', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql(datasetNames);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       // Search for a dataset
       await testSubjects.setValue(
@@ -79,33 +97,16 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
       const datasetNameColAfterSearch = colsAfterSearch['Data Set Name'];
       const datasetNameColCellTextsAfterSearch = await datasetNameColAfterSearch.getCellTexts();
       expect(datasetNameColCellTextsAfterSearch).to.eql([datasetNames[2]]);
-      await testSubjects.setValue(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFilterBarFieldSearch,
-        ''
-      );
+
+      // Reset the search field
+      await testSubjects.click('clearSearchButton');
     });
 
     it('filters for integration', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const apacheAccessDatasetHumanName = 'Apache access logs';
-      const apacheIntegrationName = 'Apache HTTP Server';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql([apacheAccessDatasetHumanName, ...datasetNames]);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       // Filter for integration
       await PageObjects.datasetQuality.filterForIntegrations([apacheIntegrationName]);
@@ -113,65 +114,33 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
       const colsAfterFilter = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameColAfterFilter = colsAfterFilter['Data Set Name'];
       const datasetNameColCellTextsAfterFilter = await datasetNameColAfterFilter.getCellTexts();
+
       expect(datasetNameColCellTextsAfterFilter).to.eql([apacheAccessDatasetHumanName]);
+      // Reset the filter by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForIntegrations([apacheIntegrationName]);
     });
 
     it('filters for namespace', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const datasetNamespace = 'prod';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({
-          to,
-          count: 10,
-          dataset: apacheAccessDatasetName,
-          namespace: datasetNamespace,
-        })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       // Get default namespaces
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const namespaceCol = cols.Namespace;
       const namespaceColCellTexts = await namespaceCol.getCellTexts();
-      expect(namespaceColCellTexts).to.contain(defaultNamespace);
+      expect(namespaceColCellTexts).to.contain(productionNamespace);
 
-      // Filter for prod namespace
-      await PageObjects.datasetQuality.filterForNamespaces([datasetNamespace]);
+      // Filter for production namespace
+      await PageObjects.datasetQuality.filterForNamespaces([productionNamespace]);
 
       const colsAfterFilter = await PageObjects.datasetQuality.parseDatasetTable();
       const namespaceColAfterFilter = colsAfterFilter.Namespace;
       const namespaceColCellTextsAfterFilter = await namespaceColAfterFilter.getCellTexts();
 
-      expect(namespaceColCellTextsAfterFilter).to.eql([datasetNamespace]);
+      expect(namespaceColCellTextsAfterFilter).to.eql([productionNamespace]);
+      // Reset the namespace by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForNamespaces([productionNamespace]);
     });
 
     it('filters for quality', async () => {
-      const apacheAccessDatasetName = 'apache.access';
       const expectedQuality = 'Poor';
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({
-          to: new Date().toISOString(),
-          count: 10,
-          dataset: apacheAccessDatasetName,
-          isMalformed: true,
-        })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       // Get default quality
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetQuality = cols['Data Set Quality'];
@@ -186,6 +155,9 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid
       const datasetQualityCellTextsAfterFilter = await datasetQualityAfterFilter.getCellTexts();
 
       expect(datasetQualityCellTextsAfterFilter).to.eql([expectedQuality]);
+
+      // Reset the namespace by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForQualities([expectedQuality]);
     });
   });
 }
diff --git a/x-pack/test/functional/apps/index_lifecycle_management/home_page.ts b/x-pack/test/functional/apps/index_lifecycle_management/home_page.ts
index 71056c2d836fc..8d32181210fcd 100644
--- a/x-pack/test/functional/apps/index_lifecycle_management/home_page.ts
+++ b/x-pack/test/functional/apps/index_lifecycle_management/home_page.ts
@@ -18,6 +18,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const esClient = getService('es');
   const security = getService('security');
   const deployment = getService('deployment');
+  const testSubjects = getService('testSubjects');
 
   describe('Home page', function () {
     before(async () => {
@@ -80,5 +81,19 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
 
       expect(createdPolicy.length).to.be(1);
     });
+
+    it('Shows a prompt when trying to navigate away from the creation form when the form is dirty', async () => {
+      await pageObjects.indexLifecycleManagement.clickCreatePolicyButton();
+
+      await pageObjects.indexLifecycleManagement.fillNewPolicyForm({
+        policyName,
+      });
+
+      // Try to navigate to another page
+      await testSubjects.click('logo');
+
+      // Since the form is now dirty it should trigger a confirmation prompt
+      expect(await testSubjects.exists('navigationBlockConfirmModal')).to.be(true);
+    });
   });
 };
diff --git a/x-pack/test/functional/apps/index_management/feature_controls/index_management_security.ts b/x-pack/test/functional/apps/index_management/feature_controls/index_management_security.ts
index 7d94e7e3d85c8..4655b79890f41 100644
--- a/x-pack/test/functional/apps/index_management/feature_controls/index_management_security.ts
+++ b/x-pack/test/functional/apps/index_management/feature_controls/index_management_security.ts
@@ -66,7 +66,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         expect(sections).to.have.length(2);
         expect(sections[0]).to.eql({
           sectionId: 'data',
-          sectionLinks: ['index_management', 'transform'],
+          sectionLinks: ['index_management', 'data_quality', 'transform'],
         });
       });
     });
diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts
index f58cd84517860..f422518a8fe9a 100644
--- a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts
+++ b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts
@@ -12,7 +12,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const kibanaServer = getService('kibanaServer');
   const security = getService('security');
   const PageObjects = getPageObjects(['common', 'error', 'infraHome', 'security']);
-  const testSubjects = getService('testSubjects');
   const appsMenu = getService('appsMenu');
   const globalNav = getService('globalNav');
 
@@ -64,15 +63,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       });
 
       describe('logs landing page without data', () => {
-        it(`shows the 'No data' page`, async () => {
-          await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, {
-            ensureCurrentUrl: true,
-            shouldLoginIfPrompted: false,
-          });
-          await testSubjects.existOrFail('~infraLogsPage');
-          await testSubjects.existOrFail('~noDataPage');
-        });
-
         it(`doesn't show read-only badge`, async () => {
           await globalNav.badgeMissingOrFail();
         });
@@ -125,21 +115,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         const navLinks = (await appsMenu.readLinks()).map((link) => link.text);
         expect(navLinks).to.contain('Logs');
       });
-
-      describe('logs landing page without data', () => {
-        it(`Shows the 'No data' page`, async () => {
-          await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, {
-            ensureCurrentUrl: true,
-            shouldLoginIfPrompted: false,
-          });
-          await testSubjects.existOrFail('~infraLogsPage');
-          await testSubjects.existOrFail('~noDataPage');
-        });
-
-        it(`shows read-only badge`, async () => {
-          await globalNav.badgeExistsOrFail('Read only');
-        });
-      });
     });
 
     describe('global logs no privileges', () => {
diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts
index 570515a2d9614..3a66fb3326341 100644
--- a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts
+++ b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts
@@ -12,7 +12,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const kibanaServer = getService('kibanaServer');
   const spacesService = getService('spaces');
   const PageObjects = getPageObjects(['common', 'infraHome', 'security', 'spaceSelector']);
-  const testSubjects = getService('testSubjects');
   const appsMenu = getService('appsMenu');
 
   describe('logs spaces', () => {
@@ -41,18 +40,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         const navLinks = (await appsMenu.readLinks()).map((link) => link.text);
         expect(navLinks).to.contain('Logs');
       });
-
-      describe('logs landing page without data', () => {
-        it(`shows 'No data' page`, async () => {
-          await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, {
-            basePath: '/s/custom_space',
-            ensureCurrentUrl: true,
-            shouldLoginIfPrompted: false,
-          });
-          await testSubjects.existOrFail('~infraLogsPage');
-          await testSubjects.existOrFail('~noDataPage');
-        });
-      });
     });
 
     describe('space with Logs disabled', () => {
diff --git a/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts b/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts
index f01e5fd0a06f5..ed1f85248b303 100644
--- a/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts
+++ b/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts
@@ -6,13 +6,11 @@
  */
 
 import expect from '@kbn/expect';
-import { URL } from 'url';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { DATES } from '../constants';
 
 export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const retry = getService('retry');
-  const browser = getService('browser');
   const esArchiver = getService('esArchiver');
   const logsUi = getService('logsUi');
   const find = getService('find');
@@ -63,15 +61,6 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
       expect(entryTimestamp).to.be('19:43:22.111');
     });
 
-    it('should properly sync logPosition in url', async () => {
-      const currentUrl = await browser.getCurrentUrl();
-      const parsedUrl = new URL(currentUrl);
-
-      expect(parsedUrl.searchParams.get('logPosition')).to.contain(
-        `time:\'2018-10-17T19:46:22.333333333Z\'`
-      );
-    });
-
     it('should properly render timestamp in flyout with nano precision', async () => {
       await logsUi.logStreamPage.navigateTo({ logFilter });
 
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
index dc2d16472bc31..9d547f60c3def 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
@@ -155,7 +155,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
           title: 'ios',
           subtitle: 'Average machine.ram',
           extraText: '',
-          value: '65,047,486.03',
+          value: '65,047,486.03%',
           color: 'rgba(255, 255, 255, 1)',
           trendlineColor: undefined,
           showingBar: true,
@@ -165,7 +165,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
           title: 'osx',
           subtitle: 'Average machine.ram',
           extraText: '',
-          value: '66,144,823.35',
+          value: '66,144,823.35%',
           color: 'rgba(255, 255, 255, 1)',
           trendlineColor: undefined,
           showingBar: true,
@@ -175,7 +175,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
           title: 'win 7',
           subtitle: 'Average machine.ram',
           extraText: '',
-          value: '65,933,477.76',
+          value: '65,933,477.76%',
           color: 'rgba(255, 255, 255, 1)',
           trendlineColor: undefined,
           showingBar: true,
@@ -185,7 +185,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
           title: 'win 8',
           subtitle: 'Average machine.ram',
           extraText: '',
-          value: '65,157,898.23',
+          value: '65,157,898.23%',
           color: 'rgba(255, 255, 255, 1)',
           trendlineColor: undefined,
           showingBar: true,
@@ -195,7 +195,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
           title: 'win xp',
           subtitle: 'Average machine.ram',
           extraText: '',
-          value: '65,365,950.93',
+          value: '65,365,950.93%',
           color: 'rgba(255, 255, 255, 1)',
           trendlineColor: undefined,
           showingBar: true,
diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts
index db5be20f2e978..9ebc7d8ddc827 100644
--- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts
+++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts
@@ -94,7 +94,7 @@ export default function ({ getService }: FtrProviderContext) {
           memoryStatus: 'ok',
           jobState: 'closed',
           datafeedState: 'stopped',
-          latestTimestamp: '2019-07-12 23:45:36',
+          latestTimestamp: '2023-07-12 23:45:36',
         },
         counts: {
           processed_record_count: '4,675',
@@ -107,10 +107,10 @@ export default function ({ getService }: FtrProviderContext) {
           empty_bucket_count: '0',
           sparse_bucket_count: '0',
           bucket_count: '743',
-          earliest_record_timestamp: '2019-06-12 00:04:19',
-          latest_record_timestamp: '2019-07-12 23:45:36',
+          earliest_record_timestamp: '2023-06-12 00:04:19',
+          latest_record_timestamp: '2023-07-12 23:45:36',
           input_record_count: '4,675',
-          latest_bucket_timestamp: '2019-07-12 23:00:00',
+          latest_bucket_timestamp: '2023-07-12 23:00:00',
         },
         modelSizeStats: {
           result_type: 'model_size_stats',
@@ -120,7 +120,7 @@ export default function ({ getService }: FtrProviderContext) {
           total_partition_field_count: '8',
           bucket_allocation_failures_count: '0',
           memory_status: 'ok',
-          timestamp: '2019-07-12 22:00:00',
+          timestamp: '2023-07-12 22:00:00',
         },
       },
     },
diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts
index 74ac24987926d..082ec7762bb98 100644
--- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts
+++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts
@@ -284,8 +284,8 @@ export default function ({ getService }: FtrProviderContext) {
 
         await ml.testExecution.logTestStep('job creation sets the time range');
         await ml.jobWizardCommon.clickUseFullDataButton(
-          'Jun 12, 2019 @ 00:04:19.000',
-          'Jul 12, 2019 @ 23:45:36.000'
+          'Jun 12, 2023 @ 00:04:19.000',
+          'Jul 12, 2023 @ 23:45:36.000'
         );
 
         await ml.testExecution.logTestStep(
@@ -501,8 +501,8 @@ export default function ({ getService }: FtrProviderContext) {
 
         await ml.testExecution.logTestStep('job creation sets the time range');
         await ml.jobWizardCommon.clickUseFullDataButton(
-          'Jun 12, 2019 @ 00:04:19.000',
-          'Jul 12, 2019 @ 23:45:36.000'
+          'Jun 12, 2023 @ 00:04:19.000',
+          'Jul 12, 2023 @ 23:45:36.000'
         );
 
         await ml.testExecution.logTestStep('population job creation displays the event rate chart');
diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts
index 35d6d40cdbe27..a95ba4782c413 100644
--- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts
+++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts
@@ -40,7 +40,7 @@ export default function ({ getService }: FtrProviderContext) {
       memoryStatus: 'ok',
       jobState: 'closed',
       datafeedState: 'stopped',
-      latestTimestamp: '2019-07-12 23:45:36',
+      latestTimestamp: '2023-07-12 23:45:36',
     };
   }
 
@@ -57,10 +57,10 @@ export default function ({ getService }: FtrProviderContext) {
       empty_bucket_count: '492',
       sparse_bucket_count: '0',
       bucket_count: '2,975',
-      earliest_record_timestamp: '2019-06-12 00:04:19',
-      latest_record_timestamp: '2019-07-12 23:45:36',
+      earliest_record_timestamp: '2023-06-12 00:04:19',
+      latest_record_timestamp: '2023-07-12 23:45:36',
       input_record_count: '4,675',
-      latest_bucket_timestamp: '2019-07-12 23:45:00',
+      latest_bucket_timestamp: '2023-07-12 23:45:00',
     };
   }
 
@@ -74,7 +74,7 @@ export default function ({ getService }: FtrProviderContext) {
       total_partition_field_count: '3',
       bucket_allocation_failures_count: '0',
       memory_status: 'ok',
-      timestamp: '2019-07-12 23:30:00',
+      timestamp: '2023-07-12 23:30:00',
     };
   }
 
@@ -117,8 +117,8 @@ export default function ({ getService }: FtrProviderContext) {
 
       await ml.testExecution.logTestStep('job creation sets the time range');
       await ml.jobWizardCommon.clickUseFullDataButton(
-        'Jun 12, 2019 @ 00:04:19.000',
-        'Jul 12, 2019 @ 23:45:36.000'
+        'Jun 12, 2023 @ 00:04:19.000',
+        'Jul 12, 2023 @ 23:45:36.000'
       );
 
       await ml.testExecution.logTestStep('job creation displays the event rate chart');
@@ -245,8 +245,8 @@ export default function ({ getService }: FtrProviderContext) {
 
       await ml.testExecution.logTestStep('job cloning sets the time range');
       await ml.jobWizardCommon.clickUseFullDataButton(
-        'Jun 12, 2019 @ 00:04:19.000',
-        'Jul 12, 2019 @ 23:45:36.000'
+        'Jun 12, 2023 @ 00:04:19.000',
+        'Jul 12, 2023 @ 23:45:36.000'
       );
 
       await ml.testExecution.logTestStep('job cloning displays the event rate chart');
diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts
index 3095f49d2d7c5..1dd7801fa334c 100644
--- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts
+++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts
@@ -54,7 +54,7 @@ export default function ({ getService }: FtrProviderContext) {
       memoryStatus: 'ok',
       jobState: 'closed',
       datafeedState: 'stopped',
-      latestTimestamp: '2019-07-12 23:45:36',
+      latestTimestamp: '2023-07-12 23:45:36',
     };
   }
 
@@ -71,10 +71,10 @@ export default function ({ getService }: FtrProviderContext) {
       empty_bucket_count: '0',
       sparse_bucket_count: '0',
       bucket_count: '371',
-      earliest_record_timestamp: '2019-06-12 00:04:19',
-      latest_record_timestamp: '2019-07-12 23:45:36',
+      earliest_record_timestamp: '2023-06-12 00:04:19',
+      latest_record_timestamp: '2023-07-12 23:45:36',
       input_record_count: '4,675',
-      latest_bucket_timestamp: '2019-07-12 22:00:00',
+      latest_bucket_timestamp: '2023-07-12 22:00:00',
     };
   }
 
@@ -88,7 +88,7 @@ export default function ({ getService }: FtrProviderContext) {
       total_partition_field_count: '3',
       bucket_allocation_failures_count: '0',
       memory_status: 'ok',
-      timestamp: '2019-07-12 20:00:00',
+      timestamp: '2023-07-12 20:00:00',
     };
   }
 
@@ -132,8 +132,8 @@ export default function ({ getService }: FtrProviderContext) {
 
       await ml.testExecution.logTestStep('job creation sets the time range');
       await ml.jobWizardCommon.clickUseFullDataButton(
-        'Jun 12, 2019 @ 00:04:19.000',
-        'Jul 12, 2019 @ 23:45:36.000'
+        'Jun 12, 2023 @ 00:04:19.000',
+        'Jul 12, 2023 @ 23:45:36.000'
       );
 
       await ml.testExecution.logTestStep('job creation displays the event rate chart');
@@ -285,8 +285,8 @@ export default function ({ getService }: FtrProviderContext) {
 
       await ml.testExecution.logTestStep('job cloning sets the time range');
       await ml.jobWizardCommon.clickUseFullDataButton(
-        'Jun 12, 2019 @ 00:04:19.000',
-        'Jul 12, 2019 @ 23:45:36.000'
+        'Jun 12, 2023 @ 00:04:19.000',
+        'Jul 12, 2023 @ 23:45:36.000'
       );
 
       await ml.testExecution.logTestStep('job cloning displays the event rate chart');
diff --git a/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation.ts b/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation.ts
index c639b16dbb894..b06cb628d21f4 100644
--- a/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation.ts
+++ b/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation.ts
@@ -176,10 +176,10 @@ export default function ({ getService }: FtrProviderContext) {
                   timing_stats: '{"elapsed_time":49}',
                   n_neighbors: '0',
                   method: 'ensemble',
-                  compute_feature_influence: 'true',
+                  compute_feature_influence: true,
                   feature_influence_threshold: '0.1',
                   outlier_fraction: '0.05',
-                  standardization_enabled: 'true',
+                  standardization_enabled: true,
                 },
               },
             ],
diff --git a/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation_saved_search.ts b/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation_saved_search.ts
index 93478ebbb766e..ddfc9e540bee1 100644
--- a/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation_saved_search.ts
+++ b/x-pack/test/functional/apps/ml/data_frame_analytics/outlier_detection_creation_saved_search.ts
@@ -114,10 +114,10 @@ export default function ({ getService }: FtrProviderContext) {
                   timing_stats: '{"elapsed_time":15}',
                   n_neighbors: '0',
                   method: 'ensemble',
-                  compute_feature_influence: 'true',
+                  compute_feature_influence: true,
                   feature_influence_threshold: '0.1',
                   outlier_fraction: '0.05',
-                  standardization_enabled: 'true',
+                  standardization_enabled: true,
                 },
               },
             ],
@@ -191,10 +191,10 @@ export default function ({ getService }: FtrProviderContext) {
                   timing_stats: '{"elapsed_time":12}',
                   n_neighbors: '0',
                   method: 'ensemble',
-                  compute_feature_influence: 'true',
+                  compute_feature_influence: true,
                   feature_influence_threshold: '0.1',
                   outlier_fraction: '0.05',
-                  standardization_enabled: 'true',
+                  standardization_enabled: true,
                 },
               },
             ],
@@ -268,10 +268,10 @@ export default function ({ getService }: FtrProviderContext) {
                   timing_stats: '{"elapsed_time":12}',
                   n_neighbors: '0',
                   method: 'ensemble',
-                  compute_feature_influence: 'true',
+                  compute_feature_influence: true,
                   feature_influence_threshold: '0.1',
                   outlier_fraction: '0.05',
-                  standardization_enabled: 'true',
+                  standardization_enabled: true,
                 },
               },
             ],
@@ -346,10 +346,10 @@ export default function ({ getService }: FtrProviderContext) {
                   timing_stats: '{"elapsed_time":12}',
                   n_neighbors: '0',
                   method: 'ensemble',
-                  compute_feature_influence: 'true',
+                  compute_feature_influence: true,
                   feature_influence_threshold: '0.1',
                   outlier_fraction: '0.05',
-                  standardization_enabled: 'true',
+                  standardization_enabled: true,
                 },
               },
             ],
diff --git a/x-pack/test/functional/apps/search_playground/playground_overview.ess.ts b/x-pack/test/functional/apps/search_playground/playground_overview.ess.ts
index 48f6d5e13cf88..0afa2979a6c15 100644
--- a/x-pack/test/functional/apps/search_playground/playground_overview.ess.ts
+++ b/x-pack/test/functional/apps/search_playground/playground_overview.ess.ts
@@ -5,10 +5,16 @@
  * 2.0.
  */
 
+import type OpenAI from 'openai';
 import { FtrProviderContext } from '../../ftr_provider_context';
 import { createOpenAIConnector } from './utils/create_openai_connector';
 import { MachineLearningCommonAPIProvider } from '../../services/ml/common_api';
 
+import {
+  createLlmProxy,
+  LlmProxy,
+} from '../../../observability_ai_assistant_api_integration/common/create_llm_proxy';
+
 const indexName = 'basic_index';
 const esArchiveIndex = 'test/api_integration/fixtures/es_archiver/index_patterns/basic_index';
 
@@ -18,76 +24,166 @@ export default function (ftrContext: FtrProviderContext) {
   const commonAPI = MachineLearningCommonAPIProvider(ftrContext);
   const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
+
+  const log = getService('log');
+  const browser = getService('browser');
+
   const createIndex = async () => await esArchiver.load(esArchiveIndex);
+
+  let proxy: LlmProxy;
   let removeOpenAIConnector: () => Promise<void>;
   const createConnector = async () => {
     removeOpenAIConnector = await createOpenAIConnector({
       supertest,
       requestHeader: commonAPI.getCommonRequestHeader(),
+      proxy,
     });
   };
 
-  describe('Playground Overview', () => {
+  describe('Playground', () => {
     before(async () => {
+      proxy = await createLlmProxy(log);
       await pageObjects.common.navigateToApp('enterpriseSearchApplications/playground');
     });
 
     after(async () => {
       await esArchiver.unload(esArchiveIndex);
-      await removeOpenAIConnector?.();
+      proxy.close();
     });
 
-    describe('start chat page', () => {
-      it('playground app is loaded', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundStartChatPageComponentsToExist();
+    describe('setup Page', () => {
+      it('is loaded successfully', async () => {
         await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundHeaderComponentsToExist();
+        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundHeaderComponentsToDisabled();
+        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundStartChatPageComponentsToExist();
       });
 
-      it('show no index callout', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectNoIndexCalloutExists();
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectCreateIndexButtonToExists();
-      });
-
-      it('hide no index callout when index added', async () => {
-        await createIndex();
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
-      });
-
-      it('show add connector button', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectAddConnectorButtonExists();
+      describe('with gen ai connectors', () => {
+        before(async () => {
+          await createConnector();
+          await browser.refresh();
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await browser.refresh();
+        });
+        it('hide gen ai panel', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnector();
+        });
       });
 
-      it('click add connector button opens connector flyout', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectOpenConnectorPagePlayground();
+      describe('without gen ai connectors', () => {
+        it('should display the set up connectors button', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectAddConnectorButtonExists();
+        });
+
+        it('creates a connector successfully', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectOpenConnectorPagePlayground();
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnectorAfterCreatingConnector(
+            createConnector
+          );
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await browser.refresh();
+        });
       });
 
-      it('hide gen ai panel when connector exists', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnector(
-          createConnector
-        );
+      describe('without any indices', () => {
+        it('show no index callout', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectNoIndexCalloutExists();
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectCreateIndexButtonToExists();
+        });
+
+        it('hide no index callout when index added', async () => {
+          await createIndex();
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
+        });
+
+        after(async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.removeIndexFromComboBox();
+          await esArchiver.unload(esArchiveIndex);
+          await browser.refresh();
+        });
       });
 
-      it('show chat page', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectToStartChatPage();
+      describe('with existing indices', () => {
+        before(async () => {
+          await createConnector();
+          await createIndex();
+          await browser.refresh();
+        });
+
+        it('dropdown shows up', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectIndicesInDropdown();
+        });
+
+        it('can select index from dropdown and navigate to chat window', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectToSelectIndicesAndStartButtonEnabled(
+            indexName
+          );
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await esArchiver.unload(esArchiveIndex);
+          await browser.refresh();
+        });
       });
     });
 
     describe('chat page', () => {
-      it('chat works', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWorks();
+      before(async () => {
+        await createConnector();
+        await createIndex();
+        await browser.refresh();
+        await pageObjects.searchPlayground.PlaygroundChatPage.navigateToChatPage(indexName);
       });
-
-      it('open view code', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectOpenViewCode();
+      it('loads successfully', async () => {
+        await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWindowLoaded();
       });
 
-      it('show fields and code in view query', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectViewQueryHasFields();
+      describe('chat', () => {
+        it('works', async () => {
+          const conversationInterceptor = proxy.intercept(
+            'conversation',
+            (body) =>
+              (JSON.parse(body) as OpenAI.Chat.ChatCompletionCreateParamsNonStreaming).tools?.find(
+                (fn) => fn.function.name === 'title_conversation'
+              ) === undefined
+          );
+
+          await pageObjects.searchPlayground.PlaygroundChatPage.sendQuestion();
+
+          const conversationSimulator = await conversationInterceptor.waitForIntercept();
+
+          await conversationSimulator.next('My response');
+
+          await conversationSimulator.complete();
+
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWorks();
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectTokenTooltipExists();
+        });
+
+        it('open view code', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectOpenViewCode();
+        });
+
+        it('show fields and code in view query', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectViewQueryHasFields();
+        });
+
+        it('show edit context', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectEditContextOpens();
+        });
       });
 
-      it('show edit context', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectEditContextOpens();
+      after(async () => {
+        await removeOpenAIConnector?.();
+        await esArchiver.unload(esArchiveIndex);
+        await browser.refresh();
       });
     });
   });
diff --git a/x-pack/test/functional/apps/search_playground/utils/create_openai_connector.ts b/x-pack/test/functional/apps/search_playground/utils/create_openai_connector.ts
index 864e424664785..ed8c81eda0491 100644
--- a/x-pack/test/functional/apps/search_playground/utils/create_openai_connector.ts
+++ b/x-pack/test/functional/apps/search_playground/utils/create_openai_connector.ts
@@ -6,20 +6,23 @@
  */
 
 import type SuperTest from 'supertest';
+import { LlmProxy } from '../../../../observability_ai_assistant_api_integration/common/create_llm_proxy';
 
 export async function createOpenAIConnector({
   supertest,
   requestHeader = {},
   apiKeyHeader = {},
+  proxy,
 }: {
   supertest: SuperTest.Agent;
   requestHeader?: Record<string, string>;
   apiKeyHeader?: Record<string, string>;
+  proxy: LlmProxy;
 }): Promise<() => Promise<void>> {
   const config = {
     apiProvider: 'OpenAI',
     defaultModel: 'gpt-4',
-    apiUrl: 'http://localhost:3002',
+    apiUrl: `http://localhost:${proxy.getPort()}`,
   };
 
   const connector: { id: string } | undefined = (
@@ -28,7 +31,7 @@ export async function createOpenAIConnector({
       .set(requestHeader)
       .set(apiKeyHeader)
       .send({
-        name: 'test Open AI',
+        name: 'myConnector',
         connector_type_id: '.gen-ai',
         config,
         secrets: {
diff --git a/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts b/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts
index a9671b6e350d6..5a531d6cf5bb5 100644
--- a/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts
+++ b/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts
@@ -39,7 +39,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     describe('Single SLO', function () {
       it('should open SLO configuration flyout', async () => {
         await dashboardAddPanel.clickEditorMenuButton();
-        await dashboardAddPanel.clickEmbeddableFactoryGroupButton('slos');
+        await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('slos');
         await dashboardAddPanel.clickAddNewPanelFromUIActionLink('SLO Overview');
         await sloUi.common.assertSloOverviewConfigurationExists();
       });
@@ -67,7 +67,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     describe('Group of SLOs', function () {
       it('can select Group Overview mode in the Flyout configuration', async () => {
         await dashboardAddPanel.clickEditorMenuButton();
-        await dashboardAddPanel.clickEmbeddableFactoryGroupButton('slos');
+        await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('slos');
         await dashboardAddPanel.clickAddNewPanelFromUIActionLink('SLO Overview');
         await sloUi.common.clickOverviewMode();
         await sloUi.common.assertSloConfigurationGroupOverviewModeIsSelected();
diff --git a/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts b/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts
index 24a3874eddec0..2dac3b5da9545 100644
--- a/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts
+++ b/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts
@@ -211,11 +211,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           transformPreview: {
             column: 0,
             values: [
-              'July 12th 2019, 22:16:19',
-              'July 12th 2019, 22:50:53',
-              'July 12th 2019, 23:06:43',
-              'July 12th 2019, 23:15:22',
-              'July 12th 2019, 23:31:12',
+              'July 12th 2023, 22:16:19',
+              'July 12th 2023, 22:50:53',
+              'July 12th 2023, 23:06:43',
+              'July 12th 2023, 23:15:22',
+              'July 12th 2023, 23:31:12',
             ],
           },
           discoverQueryHits: '10',
diff --git a/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts b/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts
index f72e3f666c362..dbc62293f035f 100644
--- a/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts
+++ b/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts
@@ -124,8 +124,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         numFailureRetries: '7',
         expected: {
           fullTimeRange: {
-            start: 'Jun 12, 2019 @ 00:04:19.000',
-            end: 'Jul 12, 2019 @ 23:45:36.000',
+            start: 'Jun 12, 2023 @ 00:04:19.000',
+            end: 'Jul 12, 2023 @ 23:45:36.000',
           },
           pivotAdvancedEditorValueArr: ['{', '  "group_by": {', '    "category": {'],
           pivotAdvancedEditorValue: {
@@ -327,8 +327,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         numFailureRetries: '-1',
         expected: {
           fullTimeRange: {
-            start: 'Jun 12, 2019 @ 00:04:19.000',
-            end: 'Jul 12, 2019 @ 23:45:36.000',
+            start: 'Jun 12, 2023 @ 00:04:19.000',
+            end: 'Jul 12, 2023 @ 23:45:36.000',
           },
           pivotAdvancedEditorValueArr: ['{', '  "group_by": {', '    "geoip.country_iso_code": {'],
           pivotAdvancedEditorValue: {
@@ -406,8 +406,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         numFailureRetries: '0',
         expected: {
           fullTimeRange: {
-            start: 'Jun 12, 2019 @ 00:04:19.000',
-            end: 'Jul 12, 2019 @ 23:45:36.000',
+            start: 'Jun 12, 2023 @ 00:04:19.000',
+            end: 'Jul 12, 2023 @ 23:45:36.000',
           },
           pivotAdvancedEditorValueArr: ['{', '  "group_by": {', '    "customer_gender": {'],
           pivotAdvancedEditorValue: {
@@ -472,8 +472,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         numFailureRetries: '101',
         expected: {
           fullTimeRange: {
-            start: 'Jun 12, 2019 @ 00:04:19.000',
-            end: 'Jul 12, 2019 @ 23:45:36.000',
+            start: 'Jun 12, 2023 @ 00:04:19.000',
+            end: 'Jul 12, 2023 @ 23:45:36.000',
           },
           latestPreview: {
             column: 0,
@@ -492,11 +492,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           transformPreview: {
             column: 0,
             values: [
-              'July 12th 2019, 22:16:19',
-              'July 12th 2019, 22:50:53',
-              'July 12th 2019, 23:06:43',
-              'July 12th 2019, 23:15:22',
-              'July 12th 2019, 23:31:12',
+              'July 12th 2023, 22:16:19',
+              'July 12th 2023, 22:50:53',
+              'July 12th 2023, 23:06:43',
+              'July 12th 2023, 23:15:22',
+              'July 12th 2023, 23:31:12',
             ],
           },
           discoverQueryHits: '10',
diff --git a/x-pack/test/functional/apps/transform/edit_clone/cloning.ts b/x-pack/test/functional/apps/transform/edit_clone/cloning.ts
index 3146548b8bbcc..a8539cfcaf28b 100644
--- a/x-pack/test/functional/apps/transform/edit_clone/cloning.ts
+++ b/x-pack/test/functional/apps/transform/edit_clone/cloning.ts
@@ -383,9 +383,9 @@ export default function ({ getService }: FtrProviderContext) {
           transformPreview: {
             column: 0,
             values: [
-              'July 12th 2019, 23:06:43',
-              'July 12th 2019, 23:31:12',
-              'July 12th 2019, 23:45:36',
+              'July 12th 2023, 23:06:43',
+              'July 12th 2023, 23:31:12',
+              'July 12th 2023, 23:45:36',
             ],
           },
           retentionPolicySwitchEnabled: false,
diff --git a/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz b/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz
index 071622842c8e8..e4f2705ec02b1 100644
Binary files a/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz and b/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz differ
diff --git a/x-pack/test/functional/page_objects/dataset_quality.ts b/x-pack/test/functional/page_objects/dataset_quality.ts
index 3722a10849aff..dc580d2951c6a 100644
--- a/x-pack/test/functional/page_objects/dataset_quality.ts
+++ b/x-pack/test/functional/page_objects/dataset_quality.ts
@@ -51,12 +51,26 @@ type SummaryPanelKpi = Record<
 
 type FlyoutKpi = Record<'docsCountTotal' | 'size' | 'services' | 'hosts' | 'degradedDocs', string>;
 
+const texts = {
+  noActivityText: 'No activity in the selected timeframe',
+  datasetHealthPoor: 'Poor',
+  datasetHealthDegraded: 'Degraded',
+  datasetHealthGood: 'Good',
+  activeDatasets: 'Active Data Sets',
+  estimatedData: 'Estimated Data',
+  docsCountTotal: 'Docs count (total)',
+  size: 'Size',
+  services: 'Services',
+  hosts: 'Hosts',
+  degradedDocs: 'Degraded docs',
+};
+
 export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProviderContext) {
   const PageObjects = getPageObjects(['common']);
   const testSubjects = getService('testSubjects');
   const euiSelectable = getService('selectable');
-  const retry = getService('retry');
   const find = getService('find');
+  const retry = getService('retry');
 
   const selectors = {
     datasetQualityTable: '[data-test-subj="datasetQualityTable"]',
@@ -80,6 +94,8 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
     datasetQualitySparkPlot: 'datasetQualitySparkPlot',
     datasetQualityHeaderButton: 'datasetQualityHeaderButton',
     datasetQualityFlyoutFieldValue: 'datasetQualityFlyoutFieldValue',
+    datasetQualityFlyoutFieldsListIntegrationDetails:
+      'datasetQualityFlyoutFieldsList-integration_details',
     datasetQualityFlyoutIntegrationActionsButton: 'datasetQualityFlyoutIntegrationActionsButton',
     datasetQualityFlyoutIntegrationAction: (action: string) =>
       `datasetQualityFlyoutIntegrationAction${action}`,
@@ -147,13 +163,17 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
       await find.waitForDeletedByCssSelector('.euiFlyoutBody .euiBasicTable-loading', 20 * 1000);
     },
 
-    async waitUntilSummaryPanelLoaded() {
+    async waitUntilSummaryPanelLoaded(isStateful: boolean = true) {
       await testSubjects.missingOrFail(`datasetQuality-${texts.activeDatasets}-loading`);
-      await testSubjects.missingOrFail(`datasetQuality-${texts.estimatedData}-loading`);
+      if (isStateful) {
+        await testSubjects.missingOrFail(`datasetQuality-${texts.estimatedData}-loading`);
+      }
     },
 
     async parseSummaryPanel(excludeKeys: string[] = []): Promise<SummaryPanelKpi> {
-      await this.waitUntilSummaryPanelLoaded();
+      const isStateful = !excludeKeys.includes('estimatedData');
+
+      await this.waitUntilSummaryPanelLoaded(isStateful);
 
       const kpiTitleAndKeys = [
         { title: texts.datasetHealthPoor, key: 'datasetHealthPoor' },
@@ -200,7 +220,8 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
 
     async refreshTable() {
       const filtersContainer = await testSubjects.find(
-        testSubjectSelectors.datasetQualityFiltersContainer
+        testSubjectSelectors.datasetQualityFiltersContainer,
+        20 * 1000
       );
       const refreshButton = await filtersContainer.findByTestSubject(
         testSubjectSelectors.superDatePickerApplyTimeButton
@@ -221,8 +242,9 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
     },
 
     async parseDatasetTable() {
+      await this.waitUntilTableLoaded();
       const table = await this.getDatasetsTable();
-      return parseDatasetTable(table, [
+      return this.parseTable(table, [
         '0',
         'Data Set Name',
         'Namespace',
@@ -235,8 +257,9 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
     },
 
     async parseDegradedFieldTable() {
+      await this.waitUntilTableInFlyoutLoaded();
       const table = await this.getDatasetQualityFlyoutDegradedFieldTable();
-      return parseDatasetTable(table, ['Field', 'Docs count', 'Last Occurrence']);
+      return this.parseTable(table, ['Field', 'Docs count', 'Last Occurrence']);
     },
 
     async filterForIntegrations(integrations: string[]) {
@@ -272,29 +295,32 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
     },
 
     async openDatasetFlyout(datasetName: string) {
+      await this.waitUntilTableLoaded();
       const cols = await this.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
       const testDatasetRowIndex = datasetNameColCellTexts.findIndex(
         (dName) => dName === datasetName
       );
-      const expanderColumn = cols['0'];
-      let expanderButtons: WebElementWrapper[];
-      await retry.try(async () => {
-        expanderButtons = await expanderColumn.getCellChildren(
-          `[data-test-subj=${testSubjectSelectors.datasetQualityExpandButton}]`
-        );
-        expect(expanderButtons.length).to.be.greaterThan(0);
-
-        // Check if 'title' attribute is "Expand" or "Collapse"
-        const isCollapsed =
-          (await expanderButtons[testDatasetRowIndex].getAttribute('title')) === 'Expand';
-
-        // Open if collapsed
-        if (isCollapsed) {
-          await expanderButtons[testDatasetRowIndex].click();
-        }
-      });
+
+      expect(testDatasetRowIndex).to.be.greaterThan(-1);
+
+      const expandColumn = cols['0'];
+      const expandButtons = await expandColumn.getCellChildren(
+        `[data-test-subj=${testSubjectSelectors.datasetQualityExpandButton}]`
+      );
+
+      expect(expandButtons.length).to.be.greaterThan(0);
+
+      const datasetExpandButton = expandButtons[testDatasetRowIndex];
+
+      // Check if 'title' attribute is "Expand" or "Collapse"
+      const isCollapsed = (await datasetExpandButton.getAttribute('title')) === 'Expand';
+
+      // Open if collapsed
+      if (isCollapsed) {
+        await datasetExpandButton.click();
+      }
     },
 
     async closeFlyout() {
@@ -430,6 +456,85 @@ export function DatasetQualityPageObject({ getPageObjects, getService }: FtrProv
         fieldText
       );
     },
+
+    async parseTable(tableWrapper: WebElementWrapper, columnNamesOrIndexes: string[]) {
+      const headerElementWrappers = await tableWrapper.findAllByCssSelector('thead th, thead td');
+
+      const result: Record<
+        string,
+        {
+          columnNameOrIndex: string;
+          sortDirection?: 'ascending' | 'descending';
+          headerElement: WebElementWrapper;
+          cellElements: WebElementWrapper[];
+          cellContentElements: WebElementWrapper[];
+          getSortDirection: () => Promise<'ascending' | 'descending' | undefined>;
+          sort: (sortDirection: 'ascending' | 'descending') => Promise<void>;
+          getCellTexts: (selector?: string) => Promise<string[]>;
+          getCellChildren: (selector: string) => Promise<WebElementWrapper[]>;
+        }
+      > = {};
+
+      for (let i = 0; i < headerElementWrappers.length; i++) {
+        const tdSelector = `table > tbody > tr td:nth-child(${i + 1})`;
+        const cellContentSelector = `${tdSelector} .euiTableCellContent`;
+        const thWrapper = headerElementWrappers[i];
+        const columnName = await thWrapper.getVisibleText();
+        const columnIndex = `${i}`;
+        const columnNameOrIndex = columnNamesOrIndexes.includes(columnName)
+          ? columnName
+          : columnNamesOrIndexes.includes(columnIndex)
+          ? columnIndex
+          : undefined;
+
+        if (columnNameOrIndex) {
+          const headerElement = thWrapper;
+
+          const tdWrappers = await tableWrapper.findAllByCssSelector(tdSelector);
+          const cellContentWrappers = await tableWrapper.findAllByCssSelector(cellContentSelector);
+
+          const getSortDirection = () =>
+            headerElement.getAttribute('aria-sort') as Promise<
+              'ascending' | 'descending' | undefined
+            >;
+
+          result[columnNameOrIndex] = {
+            columnNameOrIndex,
+            headerElement,
+            cellElements: tdWrappers,
+            cellContentElements: cellContentWrappers,
+            getSortDirection,
+            sort: async (sortDirection: 'ascending' | 'descending') => {
+              await retry.tryForTime(5000, async () => {
+                while ((await getSortDirection()) !== sortDirection) {
+                  await headerElement.click();
+                }
+              });
+            },
+            getCellTexts: async (textContainerSelector?: string) => {
+              const cellContentContainerWrappers = textContainerSelector
+                ? await tableWrapper.findAllByCssSelector(`${tdSelector} ${textContainerSelector}`)
+                : cellContentWrappers;
+
+              const cellContentContainerWrapperTexts: string[] = [];
+              for (let j = 0; j < cellContentContainerWrappers.length; j++) {
+                const cellContentContainerWrapper = cellContentContainerWrappers[j];
+                const cellContentContainerWrapperText =
+                  await cellContentContainerWrapper.getVisibleText();
+                cellContentContainerWrapperTexts.push(cellContentContainerWrapperText);
+              }
+
+              return cellContentContainerWrapperTexts;
+            },
+            getCellChildren: (childSelector: string) => {
+              return tableWrapper.findAllByCssSelector(`${cellContentSelector} ${childSelector}`);
+            },
+          };
+        }
+      }
+
+      return result;
+    },
   };
 }
 
@@ -440,86 +545,6 @@ async function getDatasetTableHeaderTexts(tableWrapper: WebElementWrapper) {
   );
 }
 
-async function parseDatasetTable(tableWrapper: WebElementWrapper, columnNamesOrIndexes: string[]) {
-  const headerElementWrappers = await tableWrapper.findAllByCssSelector('thead th, thead td');
-
-  const result: Record<
-    string,
-    {
-      columnNameOrIndex: string;
-      sortDirection?: 'ascending' | 'descending';
-      headerElement: WebElementWrapper;
-      cellElements: WebElementWrapper[];
-      cellContentElements: WebElementWrapper[];
-      getSortDirection: () => Promise<'ascending' | 'descending' | undefined>;
-      sort: (sortDirection: 'ascending' | 'descending') => Promise<void>;
-      getCellTexts: (selector?: string) => Promise<string[]>;
-      getCellChildren: (selector: string) => Promise<WebElementWrapper[]>;
-    }
-  > = {};
-
-  for (let i = 0; i < headerElementWrappers.length; i++) {
-    const tdSelector = `table > tbody > tr td:nth-child(${i + 1})`;
-    const cellContentSelector = `${tdSelector} .euiTableCellContent`;
-    const thWrapper = headerElementWrappers[i];
-    const columnName = await thWrapper.getVisibleText();
-    const columnIndex = `${i}`;
-    const columnNameOrIndex = columnNamesOrIndexes.includes(columnName)
-      ? columnName
-      : columnNamesOrIndexes.includes(columnIndex)
-      ? columnIndex
-      : undefined;
-
-    if (columnNameOrIndex) {
-      const headerElement = thWrapper;
-
-      const tdWrappers = await tableWrapper.findAllByCssSelector(tdSelector);
-      const cellContentWrappers = await tableWrapper.findAllByCssSelector(cellContentSelector);
-
-      const getSortDirection = () =>
-        headerElement.getAttribute('aria-sort') as Promise<'ascending' | 'descending' | undefined>;
-
-      result[columnNameOrIndex] = {
-        columnNameOrIndex,
-        headerElement,
-        cellElements: tdWrappers,
-        cellContentElements: cellContentWrappers,
-        getSortDirection,
-        sort: async (sortDirection: 'ascending' | 'descending') => {
-          if ((await getSortDirection()) !== sortDirection) {
-            await headerElement.click();
-          }
-
-          // Sorting twice if the sort was in neutral state
-          if ((await getSortDirection()) !== sortDirection) {
-            await headerElement.click();
-          }
-        },
-        getCellTexts: async (textContainerSelector?: string) => {
-          const cellContentContainerWrappers = textContainerSelector
-            ? await tableWrapper.findAllByCssSelector(`${tdSelector} ${textContainerSelector}`)
-            : cellContentWrappers;
-
-          const cellContentContainerWrapperTexts: string[] = [];
-          for (let j = 0; j < cellContentContainerWrappers.length; j++) {
-            const cellContentContainerWrapper = cellContentContainerWrappers[j];
-            const cellContentContainerWrapperText =
-              await cellContentContainerWrapper.getVisibleText();
-            cellContentContainerWrapperTexts.push(cellContentContainerWrapperText);
-          }
-
-          return cellContentContainerWrapperTexts;
-        },
-        getCellChildren: (childSelector: string) => {
-          return tableWrapper.findAllByCssSelector(`${cellContentSelector} ${childSelector}`);
-        },
-      };
-    }
-  }
-
-  return result;
-}
-
 /**
  * Get all elements matching the given selector and text
  * @example
@@ -544,17 +569,3 @@ export async function getAllByText(container: WebElementWrapper, selector: strin
 
   return matchingElements;
 }
-
-const texts = {
-  noActivityText: 'No activity in the selected timeframe',
-  datasetHealthPoor: 'Poor',
-  datasetHealthDegraded: 'Degraded',
-  datasetHealthGood: 'Good',
-  activeDatasets: 'Active Data Sets',
-  estimatedData: 'Estimated Data',
-  docsCountTotal: 'Docs count (total)',
-  size: 'Size',
-  services: 'Services',
-  hosts: 'Hosts',
-  degradedDocs: 'Degraded docs',
-};
diff --git a/x-pack/test/functional/page_objects/index_lifecycle_management_page.ts b/x-pack/test/functional/page_objects/index_lifecycle_management_page.ts
index b9cfebfbbb40b..a0061dff067d1 100644
--- a/x-pack/test/functional/page_objects/index_lifecycle_management_page.ts
+++ b/x-pack/test/functional/page_objects/index_lifecycle_management_page.ts
@@ -27,6 +27,9 @@ export function IndexLifecycleManagementPageProvider({ getService }: FtrProvider
     async createPolicyButton() {
       return await testSubjects.find('createPolicyButton');
     },
+    async clickCreatePolicyButton() {
+      return await testSubjects.click('createPolicyButton');
+    },
     async fillNewPolicyForm(policy: Policy) {
       const {
         policyName,
diff --git a/x-pack/test/functional/page_objects/lens_page.ts b/x-pack/test/functional/page_objects/lens_page.ts
index 913396d5b64dc..7256e92ca829e 100644
--- a/x-pack/test/functional/page_objects/lens_page.ts
+++ b/x-pack/test/functional/page_objects/lens_page.ts
@@ -1357,17 +1357,20 @@ export function LensPageProvider({ getService, getPageObjects }: FtrProviderCont
     },
 
     async getMetricDatum(tile: WebElementWrapper) {
+      // using getAttribute('innerText') because getVisibleText() fails when the text overflows the metric panel.
+      // The reported "visible" text is somewhat inaccurate and just report the full innerText of just the visible DOM elements.
+      // In the case of Metric, suffixes that are on a sub-element are not considered visible.
       return {
-        title: await (await this.getMetricElementIfExists('h2', tile))?.getVisibleText(),
+        title: await (await this.getMetricElementIfExists('h2', tile))?.getAttribute('innerText'),
         subtitle: await (
           await this.getMetricElementIfExists('.echMetricText__subtitle', tile)
-        )?.getVisibleText(),
+        )?.getAttribute('innerText'),
         extraText: await (
           await this.getMetricElementIfExists('.echMetricText__extra', tile)
-        )?.getVisibleText(),
+        )?.getAttribute('innerText'),
         value: await (
           await this.getMetricElementIfExists('.echMetricText__value', tile)
-        )?.getVisibleText(),
+        )?.getAttribute('innerText'),
         color: await (
           await this.getMetricElementIfExists('.echMetric', tile)
         )?.getComputedStyle('background-color'),
diff --git a/x-pack/test/functional/page_objects/search_playground_page.ts b/x-pack/test/functional/page_objects/search_playground_page.ts
index 35e0a8cc253d3..89bffc8bbd841 100644
--- a/x-pack/test/functional/page_objects/search_playground_page.ts
+++ b/x-pack/test/functional/page_objects/search_playground_page.ts
@@ -17,6 +17,7 @@ export function SearchPlaygroundPageProvider({ getService }: FtrProviderContext)
     PlaygroundStartChatPage: {
       async expectPlaygroundStartChatPageComponentsToExist() {
         await testSubjects.existOrFail('startChatPage');
+        await testSubjects.existOrFail('connectToLLMChatPanel');
         await testSubjects.existOrFail('selectIndicesChatPanel');
         await testSubjects.existOrFail('startChatButton');
       },
@@ -26,8 +27,10 @@ export function SearchPlaygroundPageProvider({ getService }: FtrProviderContext)
         await testSubjects.existOrFail('playground-documentation-link');
       },
 
-      async expectCreateIndexButtonToMissed() {
-        await testSubjects.missingOrFail('createIndexButton');
+      async expectPlaygroundHeaderComponentsToDisabled() {
+        expect(await testSubjects.isEnabled('editContextActionButton')).to.be(false);
+        expect(await testSubjects.isEnabled('viewQueryActionButton')).to.be(false);
+        expect(await testSubjects.isEnabled('viewCodeActionButton')).to.be(false);
       },
 
       async expectCreateIndexButtonToExists() {
@@ -45,8 +48,23 @@ export function SearchPlaygroundPageProvider({ getService }: FtrProviderContext)
         await comboBox.setCustom('selectIndicesComboBox', indexName);
       },
 
-      async expectNoIndicesFieldsWarningExists() {
-        await testSubjects.existOrFail('NoIndicesFieldsMessage');
+      async expectIndicesInDropdown() {
+        await testSubjects.existOrFail('selectIndicesComboBox');
+      },
+
+      async removeIndexFromComboBox() {
+        await testSubjects.click('removeIndexButton');
+      },
+
+      async expectToSelectIndicesAndStartButtonEnabled(indexName: string) {
+        await comboBox.setCustom('selectIndicesComboBox', indexName);
+        expect(await testSubjects.isEnabled('startChatButton')).to.be(true);
+        expect(await testSubjects.isEnabled('editContextActionButton')).to.be(true);
+        expect(await testSubjects.isEnabled('viewQueryActionButton')).to.be(true);
+        expect(await testSubjects.isEnabled('viewCodeActionButton')).to.be(true);
+
+        await testSubjects.click('startChatButton');
+        await testSubjects.existOrFail('chatPage');
       },
 
       async expectAddConnectorButtonExists() {
@@ -58,24 +76,66 @@ export function SearchPlaygroundPageProvider({ getService }: FtrProviderContext)
         await testSubjects.existOrFail('create-connector-flyout');
       },
 
-      async expectHideGenAIPanelConnector(createConnector: () => Promise<void>) {
+      async expectHideGenAIPanelConnectorAfterCreatingConnector(
+        createConnector: () => Promise<void>
+      ) {
         await createConnector();
         await browser.refresh();
         await testSubjects.missingOrFail('connectToLLMChatPanel');
       },
 
-      async expectToStartChatPage() {
-        expect(await testSubjects.isEnabled('startChatButton')).to.be(true);
-        await testSubjects.click('startChatButton');
-        await testSubjects.existOrFail('chatPage');
+      async expectHideGenAIPanelConnector() {
+        await testSubjects.missingOrFail('connectToLLMChatPanel');
       },
     },
     PlaygroundChatPage: {
-      async expectChatWorks() {
+      async navigateToChatPage(indexName: string) {
+        await comboBox.setCustom('selectIndicesComboBox', indexName);
+        await testSubjects.click('startChatButton');
+      },
+
+      async expectChatWindowLoaded() {
+        expect(await testSubjects.isEnabled('editContextActionButton')).to.be(true);
+        expect(await testSubjects.isEnabled('viewQueryActionButton')).to.be(true);
+        expect(await testSubjects.isEnabled('viewCodeActionButton')).to.be(true);
+
+        expect(await testSubjects.isEnabled('regenerateActionButton')).to.be(false);
+        expect(await testSubjects.isEnabled('clearChatActionButton')).to.be(false);
+        expect(await testSubjects.isEnabled('sendQuestionButton')).to.be(false);
+
         await testSubjects.existOrFail('questionInput');
+        const model = await testSubjects.find('summarizationModelSelect');
+        const defaultModel = await model.getVisibleText();
+
+        expect(defaultModel).to.equal('OpenAI GPT-3.5 Turbo');
+        expect(defaultModel).not.to.be.empty();
+
+        expect(
+          await (await testSubjects.find('manageConnectorsLink')).getAttribute('href')
+        ).to.contain('/app/management/insightsAndAlerting/triggersActionsConnectors/connectors/');
+
+        await testSubjects.click('sourcesAccordion');
+
+        expect(await testSubjects.findAll('indicesInAccordian')).to.have.length(1);
+      },
+
+      async sendQuestion() {
         await testSubjects.setValue('questionInput', 'test question');
         await testSubjects.click('sendQuestionButton');
-        await testSubjects.existOrFail('userMessage');
+      },
+
+      async expectChatWorks() {
+        const userMessageElement = await testSubjects.find('userMessage');
+        const userMessage = await userMessageElement.getVisibleText();
+        expect(userMessage).to.contain('test question');
+
+        const assistantMessageElement = await testSubjects.find('assistant-message');
+        const assistantMessage = await assistantMessageElement.getVisibleText();
+        expect(assistantMessage).to.contain('My response');
+      },
+
+      async expectTokenTooltipExists() {
+        await testSubjects.existOrFail('token-tooltip-button');
       },
 
       async expectOpenViewCode() {
diff --git a/x-pack/test/functional/services/ml/dashboard_embeddables.ts b/x-pack/test/functional/services/ml/dashboard_embeddables.ts
index 9a5428276479e..b22622ead61d0 100644
--- a/x-pack/test/functional/services/ml/dashboard_embeddables.ts
+++ b/x-pack/test/functional/services/ml/dashboard_embeddables.ts
@@ -124,9 +124,9 @@ export function MachineLearningDashboardEmbeddablesProvider(
       };
       await retry.tryForTime(60 * 1000, async () => {
         await dashboardAddPanel.clickEditorMenuButton();
-        await testSubjects.existOrFail('dashboardEditorContextMenu', { timeout: 2000 });
+        await testSubjects.existOrFail('dashboardPanelSelectionFlyout', { timeout: 2000 });
 
-        await dashboardAddPanel.clickEmbeddableFactoryGroupButton('ml');
+        await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('ml');
 
         await dashboardAddPanel.clickAddNewPanelFromUIActionLink(name[mlEmbeddableType]);
         await testSubjects.existOrFail('mlAnomalyJobSelectionControls', { timeout: 2000 });
diff --git a/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts b/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts
index 7802a25f53e2f..58c72ef9d1a27 100644
--- a/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts
+++ b/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts
@@ -67,8 +67,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
 
   let testJobId = '';
 
-  // Failing: See https://github.com/elastic/kibana/issues/186261
-  describe.skip('anomaly detection alert', function () {
+  describe('anomaly detection alert', function () {
     before(async () => {
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/ecommerce');
       await ml.testResources.createDataViewIfNeeded('ft_ecommerce', 'order_date');
diff --git a/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts b/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts
index 4952135c3d623..cce12d2c1b958 100644
--- a/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts
+++ b/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts
@@ -98,7 +98,7 @@ export class LlmProxy {
         waitForIntercept: () => Promise<LlmResponseSimulator>;
       }
     : {
-        complete: () => Promise<void>;
+        waitAndComplete: () => Promise<void>;
       } {
     const waitForInterceptPromise = Promise.race([
       new Promise<LlmResponseSimulator>((outerResolve) => {
@@ -149,7 +149,7 @@ export class LlmProxy {
         });
       }),
       new Promise<LlmResponseSimulator>((_, reject) => {
-        setTimeout(() => reject(new Error(`Interceptor "${name}" timed out after 5000ms`)), 5000);
+        setTimeout(() => reject(new Error(`Interceptor "${name}" timed out after 20000ms`)), 20000);
       }),
     ]);
 
@@ -162,7 +162,7 @@ export class LlmProxy {
       : responseChunks.split(' ').map((token, i) => (i === 0 ? token : ` ${token}`));
 
     return {
-      complete: async () => {
+      waitAndComplete: async () => {
         const simulator = await waitForInterceptPromise;
         for (const chunk of parsedChunks) {
           await simulator.next(chunk);
diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts
index eb5ed07d3ea08..6be64a1daf3ff 100644
--- a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts
+++ b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts
@@ -414,11 +414,11 @@ export default function ApiTest({ getService }: FtrProviderContext) {
               },
             },
           ])
-          .complete();
+          .waitAndComplete();
 
         proxy
           .intercept('conversation', (body) => !isFunctionTitleRequest(body), 'Good morning, sir!')
-          .complete();
+          .waitAndComplete();
 
         const createResponse = await observabilityAIAssistantAPIClient
           .editorUser({
@@ -450,7 +450,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
 
         proxy
           .intercept('conversation', (body) => !isFunctionTitleRequest(body), 'Good night, sir!')
-          .complete();
+          .waitAndComplete();
 
         const updatedResponse = await observabilityAIAssistantAPIClient
           .editorUser({
diff --git a/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts b/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts
index b7234648c8464..d0a45f61e17be 100644
--- a/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts
+++ b/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts
@@ -44,6 +44,7 @@ const pages = {
     saveButton: 'create-connector-flyout-save-btn',
   },
   contextualInsights: {
+    container: 'obsAiAssistantInsightContainer',
     button: 'obsAiAssistantInsightButton',
     text: 'obsAiAssistantInsightResponse',
   },
diff --git a/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts b/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts
index 4a6992b6362e6..aff0d91173dd3 100644
--- a/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts
+++ b/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts
@@ -17,14 +17,13 @@ import { FtrProviderContext } from '../../ftr_provider_context';
 
 export default function ApiTest({ getService, getPageObjects }: FtrProviderContext) {
   const ui = getService('observabilityAIAssistantUI');
+  const find = getService('find');
   const testSubjects = getService('testSubjects');
   const supertest = getService('supertest');
   const retry = getService('retry');
   const log = getService('log');
-  const browser = getService('browser');
-  const deployment = getService('deployment');
   const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
-  const { common } = getPageObjects(['header', 'common']);
+  const { header, common } = getPageObjects(['header', 'common']);
 
   async function createSynthtraceErrors() {
     const start = moment().subtract(5, 'minutes').valueOf();
@@ -45,7 +44,11 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
             .transaction({ transactionName: 'GET /banana' })
             .errors(
               serviceInstance
-                .error({ message: 'Some exception', type: 'exception' })
+                .error({
+                  message: 'Some exception',
+                  type: 'exception',
+                  groupingKey: 'some-expection-key',
+                })
                 .timestamp(timestamp)
             )
             .duration(10)
@@ -87,9 +90,22 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
   }
 
   async function navigateToError() {
-    await common.navigateToApp('apm');
-    await browser.get(`${deployment.getHostPort()}/app/apm/services/opbeans-go/errors/`);
-    await testSubjects.click('errorGroupId');
+    await common.navigateToUrl('apm', 'services/opbeans-go/errors/some-expection-key', {
+      shouldUseHashForSubUrl: false,
+    });
+    await header.waitUntilLoadingHasFinished();
+  }
+
+  // open contextual insights component and ensure it was opened
+  async function openContextualInsights() {
+    await retry.tryForTime(5 * 1000, async () => {
+      await testSubjects.click(ui.pages.contextualInsights.button);
+      const isOpen =
+        (await (
+          await find.byCssSelector(`[aria-controls="${ui.pages.contextualInsights.container}"]`)
+        ).getAttribute('aria-expanded')) === 'true';
+      expect(isOpen).to.be(true);
+    });
   }
 
   describe('Contextual insights for APM errors', () => {
@@ -113,16 +129,14 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
       ]);
     });
 
-    // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/184029
-    describe.skip('when there are no connectors', () => {
+    describe('when there are no connectors', () => {
       it('should not show the contextual insight component', async () => {
         await navigateToError();
         await testSubjects.missingOrFail(ui.pages.contextualInsights.button);
       });
     });
 
-    // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/184071
-    describe.skip('when there are connectors', () => {
+    describe('when there are connectors', () => {
       let proxy: LlmProxy;
 
       before(async () => {
@@ -137,17 +151,17 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
       it('should show the contextual insight component on the APM error details page', async () => {
         await navigateToError();
 
-        proxy
-          .intercept(
-            'conversation',
-            (body) => !isFunctionTitleRequest(body),
-            'This error is nothing to worry about. Have a nice day!'
-          )
-          .complete();
+        const interceptor = proxy.intercept(
+          'conversation',
+          (body) => !isFunctionTitleRequest(body),
+          'This error is nothing to worry about. Have a nice day!'
+        );
+
+        await openContextualInsights();
 
-        await testSubjects.click(ui.pages.contextualInsights.button);
+        await interceptor.waitAndComplete();
 
-        await retry.try(async () => {
+        await retry.tryForTime(5 * 1000, async () => {
           const llmResponse = await testSubjects.getVisibleText(ui.pages.contextualInsights.text);
           expect(llmResponse).to.contain('This error is nothing to worry about. Have a nice day!');
         });
diff --git a/x-pack/test/rule_registry/security_and_spaces/tests/basic/get_browser_fields_by_feature_id.ts b/x-pack/test/rule_registry/security_and_spaces/tests/basic/get_browser_fields_by_feature_id.ts
index fcf67163b2bbb..f922371edc492 100644
--- a/x-pack/test/rule_registry/security_and_spaces/tests/basic/get_browser_fields_by_feature_id.ts
+++ b/x-pack/test/rule_registry/security_and_spaces/tests/basic/get_browser_fields_by_feature_id.ts
@@ -47,11 +47,16 @@ export default ({ getService }: FtrProviderContext) => {
         ]);
         expect(Object.keys(resp.browserFields)).toEqual([
           'base',
+          'agent',
           'cloud',
           'container',
+          'error',
           'host',
           'kibana',
+          'observer',
           'orchestrator',
+          'tls',
+          'url',
         ]);
       });
 
@@ -64,11 +69,19 @@ export default ({ getService }: FtrProviderContext) => {
         ]);
         expect(Object.keys(resp.browserFields)).toEqual([
           'base',
+          'agent',
+          'anomaly',
           'cloud',
           'container',
+          'error',
           'host',
           'kibana',
+          'location',
+          'monitor',
+          'observer',
           'orchestrator',
+          'tls',
+          'url',
         ]);
       });
 
diff --git a/x-pack/test/security_api_integration/oidc.http2.config.ts b/x-pack/test/security_api_integration/oidc.http2.config.ts
new file mode 100644
index 0000000000000..395b8c62c25d4
--- /dev/null
+++ b/x-pack/test/security_api_integration/oidc.http2.config.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import { configureHTTP2 } from '../../../test/common/configure_http2';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config.ts'));
+  const functionalConfig = await readConfigFile(require.resolve('./oidc.config'));
+  const kibanaPort = xPackAPITestsConfig.get('servers.kibana.port');
+  const jwksPath = require.resolve('@kbn/security-api-integration-helpers/oidc/jwks.json');
+
+  return configureHTTP2({
+    ...functionalConfig.getAll(),
+    esTestCluster: {
+      ...functionalConfig.get('esTestCluster'),
+      serverArgs: [
+        ...xPackAPITestsConfig.get('esTestCluster.serverArgs'),
+        'xpack.security.authc.token.enabled=true',
+        'xpack.security.authc.token.timeout=15s',
+        'xpack.security.authc.realms.oidc.oidc1.order=0',
+        `xpack.security.authc.realms.oidc.oidc1.rp.client_id=0oa8sqpov3TxMWJOt356`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.client_secret=0oa8sqpov3TxMWJOt356`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.response_type=code`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.redirect_uri=https://localhost:${kibanaPort}/api/security/oidc/callback`,
+        `xpack.security.authc.realms.oidc.oidc1.op.authorization_endpoint=https://test-op.elastic.co/oauth2/v1/authorize`,
+        `xpack.security.authc.realms.oidc.oidc1.op.endsession_endpoint=https://test-op.elastic.co/oauth2/v1/endsession`,
+        `xpack.security.authc.realms.oidc.oidc1.op.token_endpoint=https://localhost:${kibanaPort}/api/oidc_provider/token_endpoint`,
+        `xpack.security.authc.realms.oidc.oidc1.op.userinfo_endpoint=https://localhost:${kibanaPort}/api/oidc_provider/userinfo_endpoint`,
+        `xpack.security.authc.realms.oidc.oidc1.op.issuer=https://test-op.elastic.co`,
+        `xpack.security.authc.realms.oidc.oidc1.op.jwkset_path=${jwksPath}`,
+        `xpack.security.authc.realms.oidc.oidc1.claims.principal=sub`,
+        `xpack.security.authc.realms.oidc.oidc1.ssl.certificate_authorities=${CA_CERT_PATH}`,
+      ],
+    },
+    junit: {
+      reportName: 'X-Pack Security API Integration Tests HTTP/2 (OIDC - Authorization Code Flow)',
+    },
+  });
+}
diff --git a/x-pack/test/security_api_integration/saml.http2.config.ts b/x-pack/test/security_api_integration/saml.http2.config.ts
new file mode 100644
index 0000000000000..1e3ab00712965
--- /dev/null
+++ b/x-pack/test/security_api_integration/saml.http2.config.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import { configureHTTP2 } from '../../../test/common/configure_http2';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config.ts'));
+  const functionalConfig = await readConfigFile(require.resolve('./saml.config'));
+
+  const kibanaPort = xPackAPITestsConfig.get('servers.kibana.port');
+  const idpPath = require.resolve('@kbn/security-api-integration-helpers/saml/idp_metadata.xml');
+
+  return configureHTTP2({
+    ...functionalConfig.getAll(),
+    esTestCluster: {
+      ...functionalConfig.get('esTestCluster'),
+      serverArgs: [
+        ...xPackAPITestsConfig.get('esTestCluster.serverArgs'),
+        'xpack.security.authc.token.enabled=true',
+        'xpack.security.authc.token.timeout=15s',
+        'xpack.security.authc.realms.saml.saml1.order=0',
+        `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`,
+        'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1',
+        `xpack.security.authc.realms.saml.saml1.sp.entity_id=https://localhost:${kibanaPort}`,
+        `xpack.security.authc.realms.saml.saml1.sp.logout=https://localhost:${kibanaPort}/logout`,
+        `xpack.security.authc.realms.saml.saml1.sp.acs=https://localhost:${kibanaPort}/api/security/saml/callback`,
+        'xpack.security.authc.realms.saml.saml1.attributes.principal=urn:oid:0.0.7',
+        `xpack.security.authc.realms.saml.saml1.ssl.certificate_authorities=${CA_CERT_PATH}`,
+      ],
+    },
+    junit: {
+      reportName: 'X-Pack Security API Integration Tests HTTP/2 (SAML)',
+    },
+  });
+}
diff --git a/x-pack/test/security_api_integration/tests/saml/saml_login.ts b/x-pack/test/security_api_integration/tests/saml/saml_login.ts
index 893f2fcf3b0bd..b07b0f8706dab 100644
--- a/x-pack/test/security_api_integration/tests/saml/saml_login.ts
+++ b/x-pack/test/security_api_integration/tests/saml/saml_login.ts
@@ -31,7 +31,7 @@ export default function ({ getService }: FtrProviderContext) {
 
   function createSAMLResponse(options = {}) {
     return getSAMLResponse({
-      destination: `http://localhost:${kibanaServerConfig.port}/api/security/saml/callback`,
+      destination: `${kibanaServerConfig.protocol}://localhost:${kibanaServerConfig.port}/api/security/saml/callback`,
       sessionIndex: String(randomness.naturalNumber()),
       ...options,
     });
@@ -39,7 +39,7 @@ export default function ({ getService }: FtrProviderContext) {
 
   function createLogoutRequest(options: { sessionIndex: string }) {
     return getLogoutRequest({
-      destination: `http://localhost:${kibanaServerConfig.port}/logout`,
+      destination: `${kibanaServerConfig.protocol}://localhost:${kibanaServerConfig.port}/logout`,
       ...options,
     });
   }
diff --git a/x-pack/test/security_functional/oidc.http2.config.ts b/x-pack/test/security_functional/oidc.http2.config.ts
new file mode 100644
index 0000000000000..ebb3447401e24
--- /dev/null
+++ b/x-pack/test/security_functional/oidc.http2.config.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import { configureHTTP2 } from '../../../test/common/configure_http2';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const kibanaFunctionalConfig = await readConfigFile(
+    require.resolve('../../../test/functional/config.base.js')
+  );
+  const functionalConfig = await readConfigFile(require.resolve('./oidc.config'));
+  const kibanaPort = kibanaFunctionalConfig.get('servers.kibana.port');
+  const jwksPath = require.resolve('@kbn/security-api-integration-helpers/oidc/jwks.json');
+
+  return configureHTTP2({
+    ...functionalConfig.getAll(),
+    esTestCluster: {
+      license: 'trial',
+      from: 'snapshot',
+      serverArgs: [
+        'xpack.security.authc.token.enabled=true',
+        'xpack.security.authc.realms.oidc.oidc1.order=0',
+        `xpack.security.authc.realms.oidc.oidc1.rp.client_id=0oa8sqpov3TxMWJOt356`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.client_secret=0oa8sqpov3TxMWJOt356`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.response_type=code`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.redirect_uri=https://localhost:${kibanaPort}/api/security/oidc/callback`,
+        `xpack.security.authc.realms.oidc.oidc1.rp.post_logout_redirect_uri=https://localhost:${kibanaPort}/security/logged_out`,
+        `xpack.security.authc.realms.oidc.oidc1.op.authorization_endpoint=https://localhost:${kibanaPort}/oidc_provider/authorize`,
+        `xpack.security.authc.realms.oidc.oidc1.op.endsession_endpoint=https://localhost:${kibanaPort}/oidc_provider/endsession`,
+        `xpack.security.authc.realms.oidc.oidc1.op.token_endpoint=https://localhost:${kibanaPort}/api/oidc_provider/token_endpoint`,
+        `xpack.security.authc.realms.oidc.oidc1.op.userinfo_endpoint=https://localhost:${kibanaPort}/api/oidc_provider/userinfo_endpoint`,
+        `xpack.security.authc.realms.oidc.oidc1.op.issuer=https://test-op.elastic.co`,
+        `xpack.security.authc.realms.oidc.oidc1.op.jwkset_path=${jwksPath}`,
+        `xpack.security.authc.realms.oidc.oidc1.claims.principal=sub`,
+        `xpack.security.authc.realms.oidc.oidc1.ssl.certificate_authorities=${CA_CERT_PATH}`,
+      ],
+    },
+    junit: {
+      reportName: 'Chrome X-Pack Security Functional Tests HTTP/2 (OpenID Connect)',
+    },
+  });
+}
diff --git a/x-pack/test/security_functional/saml.http2.config.ts b/x-pack/test/security_functional/saml.http2.config.ts
new file mode 100644
index 0000000000000..998fcbfc8cfaa
--- /dev/null
+++ b/x-pack/test/security_functional/saml.http2.config.ts
@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { resolve } from 'path';
+import { FtrConfigProviderContext } from '@kbn/test';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import { configureHTTP2 } from '../../../test/common/configure_http2';
+
+// the default export of config files must be a config provider
+// that returns an object with the projects config values
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(require.resolve('./saml.config'));
+  const kibanaFunctionalConfig = await readConfigFile(
+    require.resolve('../../../test/functional/config.base.js')
+  );
+
+  const kibanaPort = kibanaFunctionalConfig.get('servers.kibana.port');
+  const idpPath = resolve(
+    __dirname,
+    '../security_api_integration/plugins/saml_provider/metadata.xml'
+  );
+
+  return configureHTTP2({
+    ...functionalConfig.getAll(),
+    esTestCluster: {
+      license: 'trial',
+      from: 'snapshot',
+      serverArgs: [
+        'xpack.security.authc.token.enabled=true',
+        'xpack.security.authc.realms.saml.saml1.order=0',
+        `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`,
+        'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1',
+        `xpack.security.authc.realms.saml.saml1.sp.entity_id=https://localhost:${kibanaPort}`,
+        `xpack.security.authc.realms.saml.saml1.sp.logout=https://localhost:${kibanaPort}/logout`,
+        `xpack.security.authc.realms.saml.saml1.sp.acs=https://localhost:${kibanaPort}/api/security/saml/callback`,
+        'xpack.security.authc.realms.saml.saml1.attributes.principal=urn:oid:0.0.7',
+        `xpack.security.authc.realms.saml.saml1.ssl.certificate_authorities=${CA_CERT_PATH}`,
+      ],
+    },
+    junit: {
+      reportName: 'Chrome X-Pack Security Functional Tests HTTP/2 (SAML)',
+    },
+  });
+}
diff --git a/x-pack/test/security_functional/tests/oidc/url_capture.ts b/x-pack/test/security_functional/tests/oidc/url_capture.ts
index 6553ef193fc3b..359034681b6d3 100644
--- a/x-pack/test/security_functional/tests/oidc/url_capture.ts
+++ b/x-pack/test/security_functional/tests/oidc/url_capture.ts
@@ -16,7 +16,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const testSubjects = getService('testSubjects');
   const PageObjects = getPageObjects(['common']);
 
-  describe('URL capture', function () {
+  // Failing: See https://github.com/elastic/kibana/issues/186780
+  describe.skip('URL capture', function () {
     this.tags('includeFirefox');
 
     before(async () => {
diff --git a/x-pack/test/security_functional/tests/saml/url_capture.ts b/x-pack/test/security_functional/tests/saml/url_capture.ts
index 0193d3d870701..71b62eb2b2aa3 100644
--- a/x-pack/test/security_functional/tests/saml/url_capture.ts
+++ b/x-pack/test/security_functional/tests/saml/url_capture.ts
@@ -16,7 +16,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const testSubjects = getService('testSubjects');
   const PageObjects = getPageObjects(['common']);
 
-  describe('URL capture', function () {
+  // Failing: See https://github.com/elastic/kibana/issues/186675
+  describe.skip('URL capture', function () {
     this.tags('includeFirefox');
 
     before(async () => {
diff --git a/x-pack/test/security_solution_api_integration/README.md b/x-pack/test/security_solution_api_integration/README.md
index 1cfc87a1420c9..450558737b1e9 100644
--- a/x-pack/test/security_solution_api_integration/README.md
+++ b/x-pack/test/security_solution_api_integration/README.md
@@ -47,6 +47,13 @@ ex:
 3. In these new configuration files, include references to the base configurations located under the config directory to inherit CI configurations, environment variables, and other settings.
 4. Append a new entry in the `ftr_configs.yml` file to enable the execution of the newly added tests within the CI pipeline.
 
+## Adding tests for MKI which rely onto NON default project configuration
+
+The default project type configuration in Serverless is complete. If for the needs of a test suite a different configuration is required, e.g. [PLI - Essentials](https://github.com/elastic/kibana/blob/36578e82fa0a0440c1657a0ca688106c895d5e4e/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/basic_license_essentials_tier/configs/serverless.config.ts#L13), the already mentioned configuration in the permalink **does not work** for MKI. The override is needed to be added in the `./scripts/api_configs.json` file under the key with exact same name as the one of the script in `package.json` file which is running. 
+
+There are already configurations in the `./scripts/api_configs.json` which you can follow in order to add yours when it is needed. The currently supported configuration, allows **ONLY** the PLIs to be configured. Thus, experimental feature flags **are not yet supported** and the test should be skipped until further notice. 
+
+**NOTE**: If a target script living in `package.json` file, does not require any further configuration, then the entry in `./scripts/api_configs.json` file, **can be omitted!**
 
 # Testing locally 
 
@@ -104,7 +111,43 @@ In this project, you can run various commands to execute tests and workflows, ea
          ```shell
          npm run initialize-server:dr:default exceptions/workflows ess   
          ```
-      5. **Run tests for "exception_workflows" using the ess runner in the "essEnv" environment:**   
+      5. **Run tests for "exception_workflows" using the ess runner in the "essEnv" environment:**
          ```shell
          npm run run-tests:dr:default exceptions/workflows ess essEnv
-      ```
\ No newline at end of file
+         ```
+
+## Testing with serverless roles
+
+The `supertest` service is logged with the `admin` role by default on serverless. Ideally, every test that runs on serverless should use the most appropriate role.
+
+The `securitySolutionUtils` helper exports the `createSuperTest` function, which accepts the role as a parameter.
+You need to call `createSuperTest` from a lifecycle hook and wait for it to return the `supertest` instance.
+All API calls using the returned instance will inject the required auth headers.
+
+**On ESS, `createSuperTest` returns a basic `supertest` instance without headers.*
+
+```js
+import TestAgent from 'supertest/lib/agent';
+
+export default ({ getService }: FtrProviderContext) => {
+   const utils = getService('securitySolutionUtils');
+
+   describe('@ess @serverless my_test', () => {
+      let supertest: TestAgent;
+
+      before(async () => {
+         supertest = await utils.createSuperTest('admin');
+      });
+   ...
+```
+
+If you need to use multiple roles in a single test, you can instantiate multiple `supertest` versions.
+```js
+before(async () => {
+   adminSupertest = await utils.createSuperTest('admin');
+   viewerSupertest = await utils.createSuperTest('viewer');
+});
+...
+```
+
+The helper keeps track of only one active session per role. So, if you instantiate `supertest` twice for the same role, the first instance will have an invalid API key.
diff --git a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts
index 0fbe6b12a7ade..7256432174e3c 100644
--- a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts
+++ b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts
@@ -7,7 +7,7 @@
 
 import { CA_CERT_PATH } from '@kbn/dev-utils';
 import { FtrConfigProviderContext, kbnTestConfig, kibanaTestUser } from '@kbn/test';
-import { services } from '../../../api_integration/services';
+import { services } from './services';
 import { PRECONFIGURED_ACTION_CONNECTORS } from '../shared';
 
 interface CreateTestConfigOptions {
diff --git a/x-pack/test/security_solution_api_integration/config/ess/services.ts b/x-pack/test/security_solution_api_integration/config/ess/services.ts
index d6a3c415f29df..e5f66d5c1928a 100644
--- a/x-pack/test/security_solution_api_integration/config/ess/services.ts
+++ b/x-pack/test/security_solution_api_integration/config/ess/services.ts
@@ -7,8 +7,10 @@
 
 import { SpacesServiceProvider } from '../../../common/services/spaces';
 import { services as essServices } from '../../../api_integration/services';
+import { SecuritySolutionESSUtils } from '../services/security_solution_ess_utils';
 
 export const services = {
   ...essServices,
   spaces: SpacesServiceProvider,
+  securitySolutionUtils: SecuritySolutionESSUtils,
 };
diff --git a/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts b/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
index 55a7957ae20d6..3b4a220a1c0bc 100644
--- a/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
+++ b/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
@@ -11,7 +11,7 @@ export interface CreateTestConfigOptions {
   kbnTestServerArgs?: string[];
   kbnTestServerEnv?: Record<string, string>;
 }
-import { services } from '../../../../test_serverless/api_integration/services';
+import { services } from './services';
 
 export function createTestConfig(options: CreateTestConfigOptions) {
   return async ({ readConfigFile }: FtrConfigProviderContext) => {
diff --git a/x-pack/test/security_solution_api_integration/config/serverless/services.ts b/x-pack/test/security_solution_api_integration/config/serverless/services.ts
index c033d11d1d2a4..c57007f774541 100644
--- a/x-pack/test/security_solution_api_integration/config/serverless/services.ts
+++ b/x-pack/test/security_solution_api_integration/config/serverless/services.ts
@@ -8,9 +8,13 @@
 import { SpacesServiceProvider } from '../../../common/services/spaces';
 import { BsearchSecureService } from '../../../../test_serverless/shared/services/bsearch_secure';
 import { services as serverlessServices } from '../../../../test_serverless/api_integration/services';
+import { SecuritySolutionServerlessUtils } from '../services/security_solution_serverless_utils';
+import { SecuritySolutionServerlessSuperTest } from '../services/security_solution_serverless_supertest';
 
 export const services = {
   ...serverlessServices,
   spaces: SpacesServiceProvider,
   secureBsearch: BsearchSecureService,
+  securitySolutionUtils: SecuritySolutionServerlessUtils,
+  supertest: SecuritySolutionServerlessSuperTest,
 };
diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts
new file mode 100644
index 0000000000000..4a69d1db5e253
--- /dev/null
+++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+import { SecuritySolutionUtils } from './types';
+
+export function SecuritySolutionESSUtils({
+  getService,
+}: FtrProviderContext): SecuritySolutionUtils {
+  const config = getService('config');
+  const supertest = getService('supertest');
+
+  return {
+    getUsername: (_role?: string) =>
+      Promise.resolve(config.get('servers.kibana.username') as string),
+    createSuperTest: (_role?: string) => Promise.resolve(supertest),
+  };
+}
diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts
new file mode 100644
index 0000000000000..8341396ee3c2d
--- /dev/null
+++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+// It is wrapper around supertest that injects Serverless auth headers for the admin user.
+export async function SecuritySolutionServerlessSuperTest({ getService }: FtrProviderContext) {
+  const { createSuperTest } = getService('securitySolutionUtils');
+
+  return await createSuperTest('admin');
+}
diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts
new file mode 100644
index 0000000000000..6af51abccc79c
--- /dev/null
+++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts
@@ -0,0 +1,68 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import supertest from 'supertest';
+import { format as formatUrl } from 'url';
+import { RoleCredentials } from '../../../../test_serverless/shared/services';
+import { FtrProviderContext } from '../../ftr_provider_context';
+import { SecuritySolutionUtils } from './types';
+
+export function SecuritySolutionServerlessUtils({
+  getService,
+}: FtrProviderContext): SecuritySolutionUtils {
+  const svlUserManager = getService('svlUserManager');
+  const lifecycle = getService('lifecycle');
+  const svlCommonApi = getService('svlCommonApi');
+  const config = getService('config');
+  const log = getService('log');
+
+  const rolesCredentials = new Map<string, RoleCredentials>();
+  const commonRequestHeader = svlCommonApi.getCommonRequestHeader();
+  const kbnUrl = formatUrl({
+    ...config.get('servers.kibana'),
+    auth: false,
+  });
+  const agentWithCommonHeaders = supertest.agent(kbnUrl).set(commonRequestHeader);
+
+  async function invalidateApiKey(credentials: RoleCredentials) {
+    await svlUserManager.invalidateApiKeyForRole(credentials);
+  }
+
+  async function cleanCredentials(role: string) {
+    if (rolesCredentials.has(role)) {
+      log.debug(`Invalidating API key for role [${role}]`);
+      await invalidateApiKey(rolesCredentials.get(role)!);
+      rolesCredentials.delete(role);
+    }
+  }
+
+  // Invalidate API keys when all tests have finished.
+  lifecycle.cleanup.add(async () => {
+    rolesCredentials.forEach((credential, role) => {
+      log.debug(`Invalidating API key for role [${role}]`);
+      invalidateApiKey(credential);
+    });
+  });
+
+  return {
+    getUsername: async (role = 'admin') => {
+      const { username } = await svlUserManager.getUserData(role);
+
+      return username;
+    },
+    /**
+     * Only one API key for each role can be active at a time.
+     */
+    createSuperTest: async (role = 'admin') => {
+      cleanCredentials(role);
+      const credentials = await svlUserManager.createApiKeyForRole(role);
+      rolesCredentials.set(role, credentials);
+
+      return agentWithCommonHeaders.set(credentials.apiKeyHeader);
+    },
+  };
+}
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index_route.ts b/x-pack/test/security_solution_api_integration/config/services/types.ts
similarity index 56%
rename from x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index_route.ts
rename to x-pack/test/security_solution_api_integration/config/services/types.ts
index 43daea9be9fe1..b0a22e8f3a12e 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index_route.ts
+++ b/x-pack/test/security_solution_api_integration/config/services/types.ts
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export interface ReadIndexResponse {
-  name: string;
-  index_mapping_outdated: boolean | null;
+import TestAgent from 'supertest/lib/agent';
+
+export interface SecuritySolutionUtils {
+  getUsername: (role?: string) => Promise<string>;
+  createSuperTest: (role?: string) => Promise<TestAgent<any>>;
 }
diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json
index acc78fba0fddf..52ff9a233b477 100644
--- a/x-pack/test/security_solution_api_integration/package.json
+++ b/x-pack/test/security_solution_api_integration/package.json
@@ -297,11 +297,11 @@
     "rule_read:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_read ess",
     "rule_read:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_read ess essEnv",
 
-    "rules_management:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials  rule_management serverless",
-    "rules_management:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials  rule_management serverless serverlessEnv",
-    "rules_management:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials  rule_management serverless qaPeriodicEnv",
-    "rules_management:essentials:qa:serverless:release": "npm run run-tests:rm:basic_essentials  rule_management serverless qaEnv",
-    "rules_management:basic:server:ess": "npm run initialize-server:rm:basic_essentials  rule_management ess",
-    "rules_management:basic:runner:ess": "npm run run-tests:rm:basic_essentials  rule_management ess essEnv"
+    "rules_management:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_management serverless",
+    "rules_management:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_management serverless serverlessEnv",
+    "rules_management:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_management serverless qaPeriodicEnv",
+    "rules_management:essentials:qa:serverless:release": "npm run run-tests:rm:basic_essentials rule_management serverless qaEnv",
+    "rules_management:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_management ess",
+    "rules_management:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_management ess essEnv"
   }
 }
diff --git a/x-pack/test/security_solution_api_integration/scripts/api_configs.json b/x-pack/test/security_solution_api_integration/scripts/api_configs.json
new file mode 100644
index 0000000000000..6a25037ccb905
--- /dev/null
+++ b/x-pack/test/security_solution_api_integration/scripts/api_configs.json
@@ -0,0 +1,198 @@
+{
+  "nlp_cleanup_task:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" },
+      { "product_line": "cloud", "product_tier": "essentials" }
+    ]
+  },
+  "nlp_cleanup_task:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" },
+      { "product_line": "cloud", "product_tier": "essentials" }
+    ]
+  },
+  "entity_analytics:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" },
+      { "product_line": "cloud", "product_tier": "essentials" }
+    ]
+  },
+  "entity_analytics:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" },
+      { "product_line": "cloud", "product_tier": "essentials" }
+    ]
+  },
+  "exception_workflows:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_workflows:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_date_numeric_types:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_date_numeric_types:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_keyword:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_keyword:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_ips:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_ips:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_long:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_long:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_text:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "exception_operators_text:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "alerts:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "alerts:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_creation:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_creation:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_update:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_update:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_patch:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_patch:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_delete:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_delete:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_import_export:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_import_export:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rules_management:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rules_management:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_read:essentials:qa:serverless": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  },
+  "rule_read:essentials:qa:serverless:release": {
+    "productTypes": [
+      { "product_line": "security", "product_tier": "essentials" },
+      { "product_line": "endpoint", "product_tier": "essentials" }
+    ]
+  }
+}
diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api_ftr_execution.ts b/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts
similarity index 72%
rename from .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api_ftr_execution.ts
rename to x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts
index f1e957873de0a..7241d28f9c29b 100644
--- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api_ftr_execution.ts
+++ b/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts
@@ -1,17 +1,19 @@
 /*
  * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
  * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
  */
 
 import { run } from '@kbn/dev-cli-runner';
 import { ToolingLog } from '@kbn/tooling-log';
 import { exec } from 'child_process';
 import crypto from 'crypto';
-
-import type { ProjectHandler } from '@kbn/security-solution-plugin/scripts/run_cypress/project_handler/project_handler';
+import fs from 'fs';
+import type {
+  ProductType,
+  ProjectHandler,
+} from '@kbn/security-solution-plugin/scripts/run_cypress/project_handler/project_handler';
 import { CloudHandler } from '@kbn/security-solution-plugin/scripts/run_cypress/project_handler/cloud_project_handler';
 import { ProxyHandler } from '@kbn/security-solution-plugin/scripts/run_cypress/project_handler/proxy_project_handler';
 import {
@@ -25,28 +27,33 @@ const BASE_ENV_URL = `${process.env.QA_CONSOLE_URL}`;
 const PROJECT_NAME_PREFIX = 'kibana-ftr-api-integration-security-solution';
 
 // Function to execute a command and return a Promise with the status code
-function executeCommand(command: string, envVars: any, workDir: string): Promise<number> {
+function executeCommand(
+  command: string,
+  envVars: any,
+  log: ToolingLog,
+  workDir?: string
+): Promise<number> {
   return new Promise((resolve, reject) => {
-    const childProcess = exec(command, { env: envVars, cwd: workDir }, (error, stdout, stderr) => {
+    const childProcess = exec(command, { env: envVars }, (error, stdout, stderr) => {
       if (error) {
-        console.error(`exec error: ${error}`);
+        log.error(`exec error: ${error}`);
         process.exitCode = error.code;
       }
     });
 
     // Listen and print stdout data
     childProcess.stdout?.on('data', (data) => {
-      console.log(data);
+      log.info(data);
     });
 
     // Listen and print stderr data
     childProcess.stderr?.on('data', (data) => {
-      console.log(data);
+      log.info(data);
     });
 
     // Listen for process exit
     childProcess.on('exit', (code) => {
-      console.log(`Node process for target ${process.env.TARGET_SCRIPT} exits with code : ${code}`);
+      log.info(`Node process for target ${process.env.TARGET_SCRIPT} exits with code : ${code}`);
       if (code !== 0) {
         reject(code);
         return;
@@ -56,6 +63,24 @@ function executeCommand(command: string, envVars: any, workDir: string): Promise
   });
 }
 
+async function parseProductTypes(log: ToolingLog): Promise<ProductType[] | undefined> {
+  if (!process.env.TARGET_SCRIPT) {
+    log.error('TARGET_SCRIPT environment variable is not provided. Aborting...');
+    return process.exit(1);
+  }
+
+  const apiConfigs = JSON.parse(await fs.promises.readFile('./scripts/api_configs.json', 'utf8'));
+  try {
+    const productTypes: ProductType[] = apiConfigs[process.env.TARGET_SCRIPT]
+      .productTypes as ProductType[];
+    return productTypes && productTypes.length > 0 ? productTypes : undefined;
+  } catch (err) {
+    // If the configuration for the script is not needed, it can be omitted from the json file.
+    log.warning(`Extended configuration was not found for script : ${process.env.TARGET_SCRIPT}`);
+    return undefined;
+  }
+}
+
 export const cli = () => {
   run(
     async (context) => {
@@ -89,14 +114,16 @@ export const cli = () => {
 
       const id = crypto.randomBytes(8).toString('hex');
       const PROJECT_NAME = `${PROJECT_NAME_PREFIX}-${id}`;
+      const productTypes = await parseProductTypes(log);
 
       // Creating project for the test to run
-      const project = await cloudHandler.createSecurityProject(PROJECT_NAME);
-      log.info(project);
+      const project = await cloudHandler.createSecurityProject(PROJECT_NAME, productTypes);
+      // Check if proxy service is used to define which org executes the tests.
+      const proxyOrg = cloudHandler instanceof ProxyHandler ? project?.proxy_org_name : undefined;
+      log.info(`Proxy Organization used id : ${proxyOrg}`);
 
       if (!project) {
         log.error('Failed to create project.');
-
         return process.exit(1);
       }
       let statusCode: number = 0;
@@ -132,15 +159,16 @@ export const cli = () => {
         const testCloud = 1;
         const testEsUrl = `https://${credentials.username}:${credentials.password}@${FORMATTED_ES_URL}`;
         const testKibanaUrl = `https://${credentials.username}:${credentials.password}@${FORMATTED_KB_URL}`;
-        const workDir = 'x-pack/test/security_solution_api_integration';
         const envVars = {
           ...process.env,
           TEST_CLOUD: testCloud.toString(),
           TEST_ES_URL: testEsUrl,
           TEST_KIBANA_URL: testKibanaUrl,
+          TEST_CLOUD_HOST_NAME: new URL(BASE_ENV_URL).hostname,
+          ROLES_FILENAME_OVERRIDE: proxyOrg ? `${proxyOrg}.json` : undefined,
         };
 
-        statusCode = await executeCommand(command, envVars, workDir);
+        statusCode = await executeCommand(command, envVars, log);
       } catch (err) {
         log.error('An error occured when running the test script.');
         log.error(err.message);
diff --git a/x-pack/test/security_solution_api_integration/scripts/mki_start_api_ftr_execution.js b/x-pack/test/security_solution_api_integration/scripts/mki_start_api_ftr_execution.js
new file mode 100644
index 0000000000000..587ce8e13f0b6
--- /dev/null
+++ b/x-pack/test/security_solution_api_integration/scripts/mki_start_api_ftr_execution.js
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+require('../../../../src/setup_node_env');
+require('./mki_api_ftr_execution').cli();
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts
index 0f9f863161e35..1a26ae97e3817 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts
@@ -152,7 +152,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alertsOpen = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alertsOpen.hits.hits.map((alert) => alert._id);
+          const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_SIGNALS_STATUS_URL)
@@ -182,7 +182,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alertsOpen = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alertsOpen.hits.hits.map((alert) => alert._id);
+          const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!);
 
           // set all of the alerts to the state of closed. There is no reason to use a waitUntil here
           // as this route intentionally has a waitFor within it and should only return when the query has
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts
index 1b25b5b499e9c..9541badc5e6de 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts
@@ -97,7 +97,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alertsOpen = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alertsOpen.hits.hits.map((alert) => alert._id);
+        const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!);
 
         // set all of the alerts to the state of closed. There is no reason to use a waitUntil here
         // as this route intentionally has a waitFor within it and should only return when the query has
@@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 1, [id]);
         const alertsOpen = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alertsOpen.hits.hits.map((alert) => alert._id);
+        const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!);
 
         // Try to set all of the alerts to the state of closed.
         // This should not be possible with the given user.
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts
index a66daa964ce82..8ed33f1b763f1 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts
@@ -38,12 +38,6 @@ export default ({ getService }: FtrProviderContext) => {
           await esArchiver.unload('x-pack/test/functional/es_archives/signals/index_alias_clash');
         });
 
-        // Skipped: see https://github.com/elastic/kibana/issues/179208
-        it.skip('should report that alerts index does not exist', async () => {
-          const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(404);
-          expect(body).to.eql({ message: 'index for this space does not exist', status_code: 404 });
-        });
-
         it('should return 200 for create_index', async () => {
           const { body } = await supertest
             .post(DETECTION_ENGINE_INDEX_URL)
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts
index 961150d0908c2..f3a0206a58abf 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts
@@ -99,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         await supertest
           .post(DETECTION_ENGINE_ALERT_TAGS_URL)
@@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         await supertest
           .post(DETECTION_ENGINE_ALERT_TAGS_URL)
@@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         await supertest
           .post(DETECTION_ENGINE_ALERT_TAGS_URL)
@@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         await supertest
           .post(DETECTION_ENGINE_ALERT_TAGS_URL)
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts
index 0a2e64df60534..b445c6f81f99c 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts
@@ -118,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
           const alertId = alertIds[0];
 
           await supertest
@@ -153,7 +153,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
@@ -190,7 +190,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
           const alertId = alertIds[0];
 
           // Assign users
@@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           // Assign users
           await supertest
@@ -293,7 +293,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
@@ -330,7 +330,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
@@ -376,7 +376,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
@@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
@@ -474,7 +474,7 @@ export default ({ getService }: FtrProviderContext) => {
           await waitForRuleSuccess({ supertest, log, id });
           await waitForAlertsToBePresent(supertest, log, 10, [id]);
           const alerts = await getAlertsByIds(supertest, log, [id]);
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL)
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts
index 3ec8bbf7bdbfc..569934bea4985 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts
@@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         const userAndRole = ROLES.reader;
         await createUserAndRole(getService, userAndRole);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts
index 7282f0f7f7dcc..1cb5121069f23 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts
@@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => {
         await waitForRuleSuccess({ supertest, log, id });
         await waitForAlertsToBePresent(supertest, log, 10, [id]);
         const alerts = await getAlertsByIds(supertest, log, [id]);
-        const alertIds = alerts.hits.hits.map((alert) => alert._id);
+        const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
         // Try to set all of the alerts to the state of closed.
         // This should not be possible with the given user.
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts
index 21147663a630d..8b13aa64ac6b2 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts
@@ -45,8 +45,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@serverless @serverlessQA @ess create "rule_default" exceptions', () => {
     before(async () => {
@@ -61,7 +60,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     it('creates and associates a `rule_default` exception list to a rule if one not already found', async () => {
       const rule = await createRule(supertest, log, getSimpleRule('rule-2'));
-
+      const username = await utils.getUsername();
       const { body: items } = await supertest
         .post(`${DETECTION_ENGINE_RULES_URL}/${rule.id}/exceptions`)
         .set('kbn-xsrf', 'true')
@@ -82,7 +81,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(itemsWithoutServerGeneratedValues).to.eql([
         {
           comments: [],
-          created_by: ELASTICSEARCH_USERNAME,
+          created_by: username,
           description: 'Exception item for rule default exception list',
           entries: [
             {
@@ -98,13 +97,14 @@ export default ({ getService }: FtrProviderContext) => {
           os_types: [],
           tags: [],
           type: 'simple',
-          updated_by: ELASTICSEARCH_USERNAME,
+          updated_by: username,
         },
       ]);
       expect(udpatedRule.exceptions_list.some((list) => list.type === 'rule_default')).to.eql(true);
     });
 
     it('creates and associates a `rule_default` exception list to a rule even when rule has non existent default list attached', async () => {
+      const username = await utils.getUsername();
       // create a rule that has a non existent default exception list
       const rule = await createRule(supertest, log, {
         ...getSimpleRule('rule-5'),
@@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(itemsWithoutServerGeneratedValues).to.eql([
         {
           comments: [],
-          created_by: ELASTICSEARCH_USERNAME,
+          created_by: username,
           description: 'Exception item for rule default exception list',
           entries: [
             {
@@ -162,12 +162,13 @@ export default ({ getService }: FtrProviderContext) => {
           os_types: [],
           tags: [],
           type: 'simple',
-          updated_by: ELASTICSEARCH_USERNAME,
+          updated_by: username,
         },
       ]);
     });
 
     it('adds exception items to rule default exception list', async () => {
+      const username = await utils.getUsername();
       // create default exception list
       const exceptionList: CreateExceptionListSchema = {
         ...getCreateExceptionListMinimalSchemaMock(),
@@ -208,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => {
       );
       expect(itemsWithoutServerGeneratedValues[0]).to.eql({
         comments: [],
-        created_by: ELASTICSEARCH_USERNAME,
+        created_by: username,
         description: 'Exception item for rule default exception list',
         entries: [
           {
@@ -224,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => {
         os_types: [],
         tags: [],
         type: 'simple',
-        updated_by: ELASTICSEARCH_USERNAME,
+        updated_by: username,
       });
     });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts
index e2009873d4af6..692f986e6e6a6 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts
@@ -951,7 +951,7 @@ export default ({ getService }: FtrProviderContext) => {
 
           // Close the alert. Subsequent rule executions should ignore this closed alert
           // for suppression purposes.
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
           await supertest
             .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
             .set('kbn-xsrf', 'true')
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts
index b0a0e3f8b66ba..33ece3e69cb8c 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts
@@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => {
 
           // Close the alert. Subsequent rule executions should ignore this closed alert
           // for suppression purposes.
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
 
           await supertest
             .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
index 1bdf089844746..cbc7f43cfe6cc 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts
@@ -37,8 +37,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const log = getService('log');
   const kibanaServer = getService('kibanaServer');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   const { indexEnhancedDocuments, indexListOfDocuments, indexGeneratedDocuments } =
     dataGeneratorFactory({
@@ -66,6 +65,7 @@ export default ({ getService }: FtrProviderContext) => {
     // First test creates a real rule - remaining tests use preview API
     it('should generate 1 alert with during actual rule execution', async () => {
       const id = uuidv4();
+      const username = await utils.getUsername();
       const interval: [string, string] = ['2020-10-28T06:00:00.000Z', '2020-10-28T06:10:00.000Z'];
       const doc1 = { agent: { name: 'test-1' } };
       const doc2 = { agent: { name: 'test-2' } };
@@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => {
         'kibana.alert.risk_score': 55,
         'kibana.alert.rule.actions': [],
         'kibana.alert.rule.author': [],
-        'kibana.alert.rule.created_by': ELASTICSEARCH_USERNAME,
+        'kibana.alert.rule.created_by': username,
         'kibana.alert.rule.description': 'Detecting root and admin users',
         'kibana.alert.rule.enabled': true,
         'kibana.alert.rule.exceptions_list': [],
@@ -157,7 +157,7 @@ export default ({ getService }: FtrProviderContext) => {
         'kibana.alert.rule.threat': [],
         'kibana.alert.rule.to': 'now',
         'kibana.alert.rule.type': 'esql',
-        'kibana.alert.rule.updated_by': ELASTICSEARCH_USERNAME,
+        'kibana.alert.rule.updated_by': username,
         'kibana.alert.rule.version': 1,
         'kibana.alert.workflow_tags': [],
         'kibana.alert.workflow_assignee_ids': [],
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts
index 39724206cfab3..90fd1463f15dd 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts
@@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(alerts.hits.hits).toHaveLength(1);
       // Close the alert. Subsequent rule executions should ignore this closed alert
       // for suppression purposes.
-      const alertIds = alerts.hits.hits.map((alert) => alert._id);
+      const alertIds = alerts.hits.hits.map((alert) => alert._id!);
       await supertest
         .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
         .set('kbn-xsrf', 'true')
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts
index a999b430a521a..81b41ee1b0d5f 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts
@@ -158,7 +158,7 @@ export default ({ getService }: FtrProviderContext) => {
   // TODO: add a new service for loading archiver files similar to "getService('es')"
   const config = getService('config');
   const isServerless = config.get('serverless');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const audibeatHostsPath = dataPathBuilder.getPath('auditbeat/hosts');
   const threatIntelPath = dataPathBuilder.getPath('filebeat/threat_intel');
@@ -186,6 +186,7 @@ export default ({ getService }: FtrProviderContext) => {
 
     // First 2 test creates a real rule - remaining tests use preview API
     it('should be able to execute and get all alerts when doing a specific query (terms query)', async () => {
+      const username = await utils.getUsername();
       const rule: ThreatMatchRuleCreateProps = createThreatMatchRule();
 
       const createdRule = await createRule(supertest, log, rule);
@@ -320,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => {
           author: [],
           category: 'Indicator Match Rule',
           consumer: 'siem',
-          created_by: ELASTICSEARCH_USERNAME,
+          created_by: username,
           description: 'Detecting root and admin users',
           enabled: true,
           exceptions_list: [],
@@ -342,13 +343,14 @@ export default ({ getService }: FtrProviderContext) => {
           to: 'now',
           type: 'threat_match',
           updated_at: fullAlert[ALERT_RULE_UPDATED_AT],
-          updated_by: ELASTICSEARCH_USERNAME,
+          updated_by: username,
           uuid: fullAlert[ALERT_RULE_UUID],
           version: 1,
         }),
       });
     });
     it('should be able to execute and get all alerts when doing a specific query (match query)', async () => {
+      const username = await utils.getUsername();
       const rule: ThreatMatchRuleCreateProps = createThreatMatchRule({
         threat_mapping: [
           // We match host.name against host.name
@@ -499,7 +501,7 @@ export default ({ getService }: FtrProviderContext) => {
           author: [],
           category: 'Indicator Match Rule',
           consumer: 'siem',
-          created_by: ELASTICSEARCH_USERNAME,
+          created_by: username,
           description: 'Detecting root and admin users',
           enabled: true,
           exceptions_list: [],
@@ -521,7 +523,7 @@ export default ({ getService }: FtrProviderContext) => {
           to: 'now',
           type: 'threat_match',
           updated_at: fullAlert[ALERT_RULE_UPDATED_AT],
-          updated_by: ELASTICSEARCH_USERNAME,
+          updated_by: username,
           uuid: fullAlert[ALERT_RULE_UUID],
           version: 1,
         }),
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts
index 1868fbdef1555..833a54cd9042a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts
@@ -326,7 +326,7 @@ export default ({ getService }: FtrProviderContext) => {
 
           // Close the alert. Subsequent rule executions should ignore this closed alert
           // for suppression purposes.
-          const alertIds = alerts.hits.hits.map((alert) => alert._id);
+          const alertIds = alerts.hits.hits.map((alert) => alert._id!);
           await supertest
             .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
             .set('kbn-xsrf', 'true')
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts
index 9e2638981a9e8..ec0602290b935 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts
@@ -46,8 +46,8 @@ export default ({ getService }: FtrProviderContext) => {
     log,
   });
   // TODO: add a new service for loading archiver files similar to "getService('es')"
+  const utils = getService('securitySolutionUtils');
   const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
   const isServerless = config.get('serverless');
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const path = dataPathBuilder.getPath('auditbeat/hosts');
@@ -99,6 +99,7 @@ export default ({ getService }: FtrProviderContext) => {
     // suricata-sensor-san-francisco appears in a document at 2019-02-19T20:42:08.230Z, but also appears
     // in earlier documents so is not new. An alert should not be generated for that term.
     it('should generate 1 alert with 1 selected field', async () => {
+      const username = await utils.getUsername();
       const rule: NewTermsRuleCreateProps = {
         ...getCreateNewTermsRulesSchemaMock('rule-1', true),
         new_terms_fields: ['host.name'],
@@ -214,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => {
         },
         'kibana.alert.rule.actions': [],
         'kibana.alert.rule.author': [],
-        'kibana.alert.rule.created_by': ELASTICSEARCH_USERNAME,
+        'kibana.alert.rule.created_by': username,
         'kibana.alert.rule.description': 'Detecting root and admin users',
         'kibana.alert.rule.enabled': true,
         'kibana.alert.rule.exceptions_list': [],
@@ -232,7 +233,7 @@ export default ({ getService }: FtrProviderContext) => {
         'kibana.alert.rule.threat': [],
         'kibana.alert.rule.to': 'now',
         'kibana.alert.rule.type': 'new_terms',
-        'kibana.alert.rule.updated_by': ELASTICSEARCH_USERNAME,
+        'kibana.alert.rule.updated_by': username,
         'kibana.alert.rule.version': 1,
         'kibana.alert.rule.risk_score': 55,
         'kibana.alert.rule.severity': 'high',
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts
index 4a2644a9737a6..11bda2226c786 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts
@@ -231,7 +231,7 @@ export default ({ getService }: FtrProviderContext) => {
       expect(alerts.hits.hits).toHaveLength(1);
       // Close the alert. Subsequent rule executions should ignore this closed alert
       // for suppression purposes.
-      const alertIds = alerts.hits.hits.map((alert) => alert._id);
+      const alertIds = alerts.hits.hits.map((alert) => alert._id!);
       await supertest
         .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
         .set('kbn-xsrf', 'true')
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts
index d97bd0d517314..85e0bd504fb36 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts
@@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext) => {
 
       // Close the alert. Subsequent rule executions should ignore this closed alert
       // for suppression purposes.
-      const alertIds = alerts.hits.hits.map((alert) => alert._id);
+      const alertIds = alerts.hits.hits.map((alert) => alert._id!);
       await supertest
         .post(DETECTION_ENGINE_ALERTS_STATUS_URL)
         .set('kbn-xsrf', 'true')
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts
index e26c66622e02a..8a6167fc69301 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts
@@ -108,8 +108,8 @@ export default ({ getService }: FtrProviderContext) => {
         expect(results).toEqual([
           {
             error: {
-              error: 'Bad Request',
               message: `Rule ${createdRule.id} is disabled`,
+              rule: { id: `${createdRule.id}`, name: 'Custom query rule' },
             },
           },
         ]);
@@ -231,8 +231,8 @@ export default ({ getService }: FtrProviderContext) => {
             }),
             {
               error: {
-                error: 'Not Found',
                 message: `Saved object [alert/${nonExistingRuleId}] not found`,
+                rule: { id: nonExistingRuleId },
               },
             },
           ])
@@ -272,8 +272,8 @@ export default ({ getService }: FtrProviderContext) => {
           expect.arrayContaining([
             {
               error: {
-                error: 'Bad Request',
                 message: `Rule ${createdRule1.id} is disabled`,
+                rule: { id: `${createdRule1.id}`, name: 'Custom query rule' },
               },
             },
             expect.objectContaining({
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts
index 091707df88d0a..cd2c1358edf90 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts
@@ -9,6 +9,7 @@ import expect from 'expect';
 import {
   DETECTION_ENGINE_RULES_BULK_ACTION,
   DETECTION_ENGINE_RULES_URL,
+  MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS,
   NOTIFICATION_THROTTLE_RULE,
 } from '@kbn/security-solution-plugin/common/constants';
 import {
@@ -20,6 +21,7 @@ import { EXCEPTION_LIST_ITEM_URL, EXCEPTION_LIST_URL } from '@kbn/securitysoluti
 import { getCreateExceptionListItemMinimalSchemaMock } from '@kbn/lists-plugin/common/schemas/request/create_exception_list_item_schema.mock';
 import { AuthType } from '@kbn/stack-connectors-plugin/common/auth/constants';
 import { BaseDefaultableFields } from '@kbn/security-solution-plugin/common/api/detection_engine';
+import moment from 'moment';
 import {
   binaryToString,
   getSimpleMlRule,
@@ -48,9 +50,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   const log = getService('log');
   const esArchiver = getService('esArchiver');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   const postBulkAction = () =>
     supertest
@@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const [ruleJson, connectorsJson, exportDetailsJson] = body.toString().split(/\n/);
 
       const rule = removeServerGeneratedProperties(JSON.parse(ruleJson));
-      const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
       expect(rule).toEqual({
         ...expectedRule,
@@ -2403,6 +2403,378 @@ export default ({ getService }: FtrProviderContext): void => {
       });
     });
 
+    describe('manual rule run action', () => {
+      it('should return all existing and enabled rules as succeeded', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              query: '',
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(200);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 0,
+          skipped: 0,
+          succeeded: 2,
+          total: 2,
+        });
+        expect(body.attributes.errors).toBeUndefined();
+      });
+
+      it('should return 400 error when start date > end date', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: endDate.toISOString(),
+                end_date: startDate.toISOString(),
+              },
+            },
+          })
+          .expect(400);
+
+        expect(body.message).toContain('[0]: Backfill end must be greater than backfill start');
+      });
+
+      it('should return 400 error when start date = end date', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment().subtract(1, 'h');
+        const startDate = endDate.clone();
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(400);
+
+        expect(body.message).toContain('[0]: Backfill end must be greater than backfill start');
+      });
+
+      it('should return 400 error when start date is in the future', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const startDate = moment().add(1, 'd');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: { start_date: startDate.toISOString() },
+            },
+          })
+          .expect(400);
+
+        expect(body.message).toContain('[0]: Backfill cannot be scheduled for the future');
+      });
+
+      it('should return 400 error when end date is in the future', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment().add(1, 'd');
+        const startDate = moment().subtract(1, 'd');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(400);
+
+        expect(body.message).toContain('[0]: Backfill cannot be scheduled for the future');
+      });
+
+      it('should return 400 error when start date is far in the past', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = moment().subtract(MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS + 1, 'd');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(400);
+
+        expect(body.message).toContain(
+          `[0]: Backfill cannot look back more than ${MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS} days`
+        );
+      });
+
+      it('should return 500 error if some rules do not exist', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, 'rule-2'],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(500);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 1,
+          skipped: 0,
+          succeeded: 1,
+          total: 2,
+        });
+
+        expect(body.attributes.errors).toHaveLength(1);
+        expect(body.attributes.errors[0]).toEqual({
+          message: 'Rule not found',
+          status_code: 500,
+          rules: [
+            {
+              id: 'rule-2',
+            },
+          ],
+        });
+      });
+
+      it('should return 500 error if some rules are disabled', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: false,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: {},
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(500);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 1,
+          skipped: 0,
+          succeeded: 1,
+          total: 2,
+        });
+
+        expect(body.attributes.errors).toHaveLength(1);
+        expect(body.attributes.errors).toEqual(
+          expect.arrayContaining([
+            {
+              message: 'Cannot schedule manual rule run for a disabled rule',
+              status_code: 500,
+              err_code: 'MANUAL_RULE_RUN_DISABLED_RULE',
+              rules: [{ id: createdRule1.id, name: createdRule1.name }],
+            },
+          ])
+        );
+        expect(body.attributes.results).toEqual({
+          updated: [expect.objectContaining(createdRule2)],
+          created: [],
+          deleted: [],
+          skipped: [],
+        });
+      });
+    });
+
     describe('overwrite_data_views', () => {
       it('should add an index pattern to a rule and overwrite the data view when overwrite_data_views is true', async () => {
         const ruleId = 'ruleId';
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts
index 149af89f6a72a..c9eefd8bdbb65 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts
@@ -9,7 +9,13 @@ import {
   BulkActionTypeEnum,
   BulkActionEditTypeEnum,
 } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management';
-import { getSimpleMlRule, getSimpleRule, installMockPrebuiltRules } from '../../../utils';
+import moment from 'moment';
+import {
+  getCustomQueryRuleParams,
+  getSimpleMlRule,
+  getSimpleRule,
+  installMockPrebuiltRules,
+} from '../../../utils';
 import {
   createRule,
   createAlertsIndex,
@@ -289,5 +295,164 @@ export default ({ getService }: FtrProviderContext): void => {
         });
       });
     });
+
+    describe('schedule manual rule run action', () => {
+      it('should return all existing and enabled rules as succeeded', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: { dry_run: true },
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(200);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 0,
+          skipped: 0,
+          succeeded: 2,
+          total: 2,
+        });
+        expect(body.attributes.errors).toBeUndefined();
+      });
+
+      it('should return 500 error if some rules do not exist', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: { dry_run: true },
+            body: {
+              ids: [createdRule1.id, 'rule-2'],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(500);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 1,
+          skipped: 0,
+          succeeded: 1,
+          total: 2,
+        });
+
+        expect(body.attributes.errors).toHaveLength(1);
+        expect(body.attributes.errors[0]).toEqual({
+          message: 'Rule not found',
+          status_code: 500,
+          rules: [
+            {
+              id: 'rule-2',
+            },
+          ],
+        });
+      });
+
+      it('should return 500 error if some rules are disabled', async () => {
+        const intervalInMinutes = 25;
+        const interval = `${intervalInMinutes}m`;
+        const createdRule1 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-1',
+            enabled: false,
+            interval,
+          })
+        );
+        const createdRule2 = await createRule(
+          supertest,
+          log,
+          getCustomQueryRuleParams({
+            rule_id: 'rule-2',
+            enabled: true,
+            interval,
+          })
+        );
+
+        const endDate = moment();
+        const startDate = endDate.clone().subtract(1, 'h');
+
+        const { body } = await securitySolutionApi
+          .performBulkAction({
+            query: { dry_run: true },
+            body: {
+              ids: [createdRule1.id, createdRule2.id],
+              action: BulkActionTypeEnum.run,
+              [BulkActionTypeEnum.run]: {
+                start_date: startDate.toISOString(),
+                end_date: endDate.toISOString(),
+              },
+            },
+          })
+          .expect(500);
+
+        expect(body.attributes.summary).toEqual({
+          failed: 1,
+          skipped: 0,
+          succeeded: 1,
+          total: 2,
+        });
+
+        expect(body.attributes.errors).toHaveLength(1);
+        expect(body.attributes.errors[0]).toEqual({
+          err_code: 'MANUAL_RULE_RUN_DISABLED_RULE',
+          message: 'Cannot schedule manual rule run for a disabled rule',
+          status_code: 500,
+          rules: [
+            {
+              id: createdRule1.id,
+              name: createdRule1.name,
+            },
+          ],
+        });
+      });
+    });
   });
 };
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts
index fe89747eaa375..a8c70f1518f92 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts
@@ -25,9 +25,9 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   // TODO: add a new service for loading archiver files similar to "getService('es')"
   const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
   const isServerless = config.get('serverless');
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
+  const utils = getService('securitySolutionUtils');
   const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts');
 
   describe('create_ml_rules', () => {
@@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleMlRule(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleMlRule(), await utils.getUsername());
         expect(bodyToCompare).toEqual(expect.objectContaining(expectedRule));
       });
     });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts
index 2f5ffd07e7d00..5bad760d3f91c 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts
@@ -32,9 +32,9 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
+  const utils = getService('securitySolutionUtils');
   // TODO: add a new service for loading archiver files similar to "getService('es')"
   const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
   const isServerless = config.get('serverless');
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts');
@@ -64,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).toEqual(expectedRule);
       });
@@ -159,7 +159,7 @@ export default ({ getService }: FtrProviderContext) => {
             version: 1,
             revision: 0,
           },
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).toEqual(expectedRule);
@@ -173,7 +173,7 @@ export default ({ getService }: FtrProviderContext) => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).toEqual(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts
index 4356c8b82b8b4..529c3615e9e8e 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts
@@ -33,10 +33,10 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   // TODO: add a new service for loading archiver files similar to "getService('es')"
   const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
   const isServerless = config.get('serverless');
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless create_rules_bulk', () => {
     describe('creating rules in bulk', () => {
@@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).toEqual(expectedRule);
       });
@@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).toEqual(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts
index e6e4e4697d099..c3bdc9b4661d4 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts
@@ -48,9 +48,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@serverless @ess create_rules', () => {
     describe('rule creation', () => {
@@ -75,6 +73,7 @@ export default ({ getService }: FtrProviderContext) => {
 
       describe('elastic admin', () => {
         it('creates a custom query rule', async () => {
+          const username = await utils.getUsername();
           const { body } = await securitySolutionApi
             .createRule({ body: getCustomQueryRuleParams() })
             .expect(200);
@@ -82,13 +81,14 @@ export default ({ getService }: FtrProviderContext) => {
           expect(body).toEqual(
             expect.objectContaining({
               ...getCustomQueryRuleParams(),
-              created_by: ELASTICSEARCH_USERNAME,
-              updated_by: ELASTICSEARCH_USERNAME,
+              created_by: username,
+              updated_by: username,
             })
           );
         });
 
         it('creates a saved query rule', async () => {
+          const username = await utils.getUsername();
           const savedQueryRuleParams = getSavedQueryRuleParams({
             data_view_id: 'my-data-view',
             type: 'saved_query',
@@ -102,8 +102,8 @@ export default ({ getService }: FtrProviderContext) => {
           expect(body).toEqual(
             expect.objectContaining({
               ...savedQueryRuleParams,
-              created_by: ELASTICSEARCH_USERNAME,
-              updated_by: ELASTICSEARCH_USERNAME,
+              created_by: username,
+              updated_by: username,
             })
           );
         });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts
index f7dd02061f429..75e3be0d825ee 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_rules', () => {
     describe('deleting rules', () => {
@@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -68,7 +67,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -85,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts
index 0a3c419b6f1c4..bfde40d8b0db7 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts
@@ -30,8 +30,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_rules_bulk', () => {
     describe('deleting rules bulk using DELETE', () => {
@@ -53,7 +52,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -69,7 +68,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -136,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect([bodyToCompare, body[1]]).to.eql([
@@ -175,7 +174,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -194,7 +193,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -214,7 +213,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -271,7 +270,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect([bodyToCompare, body[1]]).to.eql([
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts
index a4161baa54547..4e2628f196c22 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts
@@ -29,9 +29,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_rules', () => {
     describe('deleting rules', () => {
@@ -53,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -69,7 +67,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -86,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts
index cd4deb8cff7d8..361dfbef8c642 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts
@@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation
   describe('@ess @skipInServerlesMKI delete_rules_bulk', () => {
@@ -74,7 +72,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -90,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -107,7 +105,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -157,7 +155,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect([bodyToCompare, body[1]]).to.eql([
@@ -196,7 +194,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
         expect(bodyToCompare).to.eql(expectedRule);
       });
 
@@ -214,7 +212,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -235,7 +233,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -292,7 +290,7 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
         expect([bodyToCompare, body[1]]).to.eql([
           expectedRule,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts
index a2658ed2fb285..475446b90d905 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless patch_rules', () => {
     describe('patch rules', () => {
@@ -54,7 +53,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -128,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutputWithoutRuleId();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -145,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -161,7 +160,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = getSimpleRuleOutput();
         outputRule.enabled = false;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -179,7 +178,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -205,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.timeline_title = 'some title';
         outputRule.timeline_id = 'some id';
         outputRule.revision = 2;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts
index a04245eac5517..207456d48f430 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless patch_rules_bulk', () => {
     describe('patch rules bulk', () => {
@@ -55,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
         expect(bodyToCompare).toEqual(expectedRule);
       });
 
@@ -104,6 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should patch two rule properties of name using the two rules rule_id', async () => {
         await createRule(supertest, log, getSimpleRule('rule-1'));
         await createRule(supertest, log, getSimpleRule('rule-2'));
+        const username = await utils.getUsername();
 
         // patch both rule names
         const { body } = await securitySolutionApi
@@ -118,12 +118,12 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule1 = getSimpleRuleOutput();
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
-        const expectedRule1 = updateUsername(outputRule1, ELASTICSEARCH_USERNAME);
+        const expectedRule1 = updateUsername(outputRule1, username);
 
         const outputRule2 = getSimpleRuleOutput('rule-2');
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
-        const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME);
+        const expectedRule2 = updateUsername(outputRule2, username);
 
         const bodyToCompare1 = removeServerGeneratedProperties(body[0]);
         const bodyToCompare2 = removeServerGeneratedProperties(body[1]);
@@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
       });
@@ -150,6 +150,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should patch two rule properties of name using the two rules id', async () => {
         const createRule1 = await createRule(supertest, log, getSimpleRule('rule-1'));
         const createRule2 = await createRule(supertest, log, getSimpleRule('rule-2'));
+        const username = await utils.getUsername();
 
         // patch both rule names
         const { body } = await securitySolutionApi
@@ -164,12 +165,12 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1');
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
-        const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule1, username);
 
         const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2');
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
-        const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME);
+        const expectedRule2 = updateUsername(outputRule2, username);
 
         const bodyToCompare1 = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const bodyToCompare2 = removeServerGeneratedPropertiesIncludingRuleId(body[1]);
@@ -188,7 +189,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -204,7 +205,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = getSimpleRuleOutput();
         outputRule.enabled = false;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -222,7 +223,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -248,7 +249,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.timeline_title = 'some title';
         outputRule.timeline_id = 'some id';
         outputRule.revision = 2;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -301,7 +302,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect([bodyToCompare, body[1]]).toEqual([
@@ -332,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect([bodyToCompare, body[1]]).toEqual([
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts
index 4a69f208c3bd5..a6a64857f6721 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts
@@ -43,9 +43,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless @skipInServerlessMKI patch_rules', () => {
     describe('patch rules', () => {
@@ -69,7 +67,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', name: 'some other name' })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -88,7 +86,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', machine_learning_job_id: 'some_job_id' })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(outputRule);
@@ -105,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', name: 'some other name' })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -128,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         outputRule.name = 'some other name';
@@ -147,7 +145,7 @@ export default ({ getService }: FtrProviderContext) => {
           .set('elastic-api-version', '2023-10-31')
           .send({ id: createdBody.id, name: 'some other name' })
           .expect(200);
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -166,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', enabled: false })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.enabled = false;
 
@@ -185,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', severity: 'low', enabled: false })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
@@ -213,7 +211,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send({ rule_id: 'rule-1', name: 'some other name' })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
         outputRule.name = 'some other name';
         outputRule.timeline_title = 'some title';
         outputRule.timeline_id = 'some id';
@@ -436,7 +434,7 @@ export default ({ getService }: FtrProviderContext) => {
                 );
                 const expectedRule = updateUsername(
                   getSimpleRuleOutputWithoutRuleId(),
-                  ELASTICSEARCH_USERNAME
+                  await utils.getUsername()
                 );
 
                 expectedRule.revision = 1;
@@ -466,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => {
               );
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
 
               expectedRule.revision = 1;
@@ -505,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => {
 
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
 
               expectedRule.revision = 1;
@@ -533,7 +531,7 @@ export default ({ getService }: FtrProviderContext) => {
                 );
                 const expectedRule = updateUsername(
                   getSimpleRuleOutputWithoutRuleId(),
-                  ELASTICSEARCH_USERNAME
+                  await utils.getUsername()
                 );
 
                 expectedRule.revision = 1;
@@ -564,7 +562,7 @@ export default ({ getService }: FtrProviderContext) => {
 
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
               expectedRule.revision = 1;
               expectedRule.actions = someActionsWithFrequencies.map((action) => ({
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts
index 88ca9c4ffe289..7e496ea73194d 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts
@@ -39,9 +39,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation
   describe('@ess @skipInServerless patch_rules_bulk', () => {
@@ -81,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -92,6 +90,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should patch two rule properties of name using the two rules rule_id', async () => {
         await createRule(supertest, log, getSimpleRule('rule-1'));
         await createRule(supertest, log, getSimpleRule('rule-2'));
+        const username = await utils.getUsername();
 
         // patch both rule names
         const { body } = await securitySolutionApi
@@ -103,12 +102,12 @@ export default ({ getService }: FtrProviderContext) => {
           })
           .expect(200);
 
-        const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), ELASTICSEARCH_USERNAME);
+        const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), username);
 
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
 
-        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME);
+        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username);
 
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
@@ -127,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ id: createRuleBody.id, name: 'some other name' }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
@@ -137,6 +136,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should patch two rule properties of name using the two rules id', async () => {
         const createRule1 = await createRule(supertest, log, getSimpleRule('rule-1'));
         const createRule2 = await createRule(supertest, log, getSimpleRule('rule-2'));
+        const username = await utils.getUsername();
 
         // patch both rule names
         const { body } = await securitySolutionApi
@@ -148,18 +148,12 @@ export default ({ getService }: FtrProviderContext) => {
           })
           .expect(200);
 
-        const outputRule1 = updateUsername(
-          getSimpleRuleOutputWithoutRuleId('rule-1'),
-          ELASTICSEARCH_USERNAME
-        );
+        const outputRule1 = updateUsername(getSimpleRuleOutputWithoutRuleId('rule-1'), username);
 
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
 
-        const outputRule2 = updateUsername(
-          getSimpleRuleOutputWithoutRuleId('rule-2'),
-          ELASTICSEARCH_USERNAME
-        );
+        const outputRule2 = updateUsername(getSimpleRuleOutputWithoutRuleId('rule-2'), username);
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
 
@@ -210,13 +204,11 @@ export default ({ getService }: FtrProviderContext) => {
         const sidecarActionsPostResults = await getLegacyActionSO(es);
         expect(sidecarActionsPostResults.hits.hits.length).to.eql(0);
 
+        const username = await utils.getUsername();
         // @ts-expect-error
         body.forEach((response) => {
           const bodyToCompare = removeServerGeneratedProperties(response);
-          const outputRule = updateUsername(
-            getSimpleRuleOutput(response.rule_id, false),
-            ELASTICSEARCH_USERNAME
-          );
+          const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id, false), username);
 
           outputRule.actions = [
             {
@@ -244,7 +236,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ id: createdBody.id, name: 'some other name' }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
@@ -259,7 +251,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ rule_id: 'rule-1', enabled: false }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.enabled = false;
 
@@ -275,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ rule_id: 'rule-1', severity: 'low', enabled: false }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.enabled = false;
         outputRule.severity = 'low';
@@ -300,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.timeline_title = 'some title';
@@ -355,7 +347,7 @@ export default ({ getService }: FtrProviderContext) => {
           })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -386,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => {
           })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts
index 5efab4bb9e533..30398cd2cd1e9 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts
@@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess patch_rules - ESS specific logic', () => {
     describe('patch rules', () => {
@@ -80,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(patchResponse.body);
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.actions = [
           {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts
index 20da65ab16fdb..d21c78a68f5c4 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts
@@ -22,8 +22,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_rules', () => {
     beforeEach(async () => {
@@ -48,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
 
       body.data = [removeServerGeneratedProperties(body.data[0])];
-      const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
       expect(body).to.eql({
         data: [expectedRule],
@@ -66,7 +65,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
 
       body.data = [removeServerGeneratedProperties(body.data[0])];
-      const expectedRule = updateUsername(getComplexRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername());
       expect(body).to.eql({
         data: [expectedRule],
         page: 1,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts
index 35b45cc1faa46..21b31c702a7dc 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_rules', () => {
     describe('reading rules', () => {
@@ -51,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -64,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -79,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts
index fb9c9341a7529..2ef2890eeffa8 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts
@@ -23,9 +23,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_rules', () => {
     beforeEach(async () => {
@@ -50,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
 
       body.data = [removeServerGeneratedProperties(body.data[0])];
-      const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
       expect(body).to.eql({
         data: [expectedRule],
@@ -68,7 +66,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
 
       body.data = [removeServerGeneratedProperties(body.data[0])];
-      const expectedRule = updateUsername(getComplexRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername());
 
       expect(body).to.eql({
         data: [expectedRule],
@@ -104,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => {
       // query the single rule from _find
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
 
-      const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
       const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
         ...expectedRule,
         actions: [
@@ -151,7 +149,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
       // query the single rule from _find
       const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200);
-      const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+      const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
       const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
         ...expectedRule,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts
index ccebf86486879..70d0758a390ec 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts
@@ -32,9 +32,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess find_rules - ESS specific logic', () => {
     beforeEach(async () => {
@@ -86,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .send()
           .expect(200);
 
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
           ...expectedRule,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts
index 2dc3e8168a24f..2e40bdb4d42a4 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts
@@ -29,9 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_rules', () => {
     describe('reading rules', () => {
@@ -52,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -65,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         expect(bodyToCompare).to.eql(expectedRule);
       });
@@ -80,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         const expectedRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         expect(bodyToCompare).to.eql(expectedRule);
@@ -135,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
           ...expectedRule,
@@ -180,7 +178,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeServerGeneratedProperties(body);
-        const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
           ...expectedRule,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts
index 78bbcadac71eb..1e6ccbdf0ef76 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts
@@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess read_rules - ESS specific logic', () => {
     describe('reading rules', () => {
@@ -97,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => {
             .expect(200);
 
           const bodyToCompare = removeServerGeneratedProperties(body);
-          const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+          const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
           const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = {
             ...expectedRule,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts
index 33505f9d150d6..06729d7ef31fa 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts
@@ -31,8 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_rules', () => {
     describe('update rules', () => {
@@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -136,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutputWithoutRuleId();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -156,7 +155,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -176,7 +175,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -201,7 +200,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 2;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body);
         expect(bodyToCompare).toEqual(expectedRule);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts
index effc64a241cc5..6708fe5a5e39d 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts
@@ -30,8 +30,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_rules_bulk', () => {
     describe('update rules bulk', () => {
@@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -119,15 +118,16 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1, updatedRule2] })
           .expect(200);
 
+        const username = await utils.getUsername();
         const outputRule1 = getSimpleRuleOutput();
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
-        const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule1, username);
 
         const outputRule2 = getSimpleRuleOutput('rule-2');
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
-        const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME);
+        const expectedRule2 = updateUsername(outputRule2, username);
 
         const bodyToCompare1 = removeServerGeneratedProperties(body[0]);
         const bodyToCompare2 = removeServerGeneratedProperties(body[1]);
@@ -151,7 +151,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -176,15 +176,16 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1, updatedRule2] })
           .expect(200);
 
+        const username = await utils.getUsername();
         const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1');
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
-        const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule1, username);
 
         const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2');
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
-        const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME);
+        const expectedRule2 = updateUsername(outputRule2, username);
 
         const bodyToCompare1 = removeServerGeneratedPropertiesIncludingRuleId(body[0]);
         const bodyToCompare2 = removeServerGeneratedPropertiesIncludingRuleId(body[1]);
@@ -208,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -230,7 +231,7 @@ export default ({ getService }: FtrProviderContext) => {
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -257,7 +258,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 2;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect(bodyToCompare).toEqual(expectedRule);
@@ -319,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect([bodyToCompare, body[1]]).toEqual([
@@ -355,7 +356,7 @@ export default ({ getService }: FtrProviderContext) => {
         const outputRule = getSimpleRuleOutput();
         outputRule.name = 'some other name';
         outputRule.revision = 1;
-        const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME);
+        const expectedRule = updateUsername(outputRule, await utils.getUsername());
 
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         expect([bodyToCompare, body[1]]).toEqual([
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts
index 6d120a7944759..af9929f87832d 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts
@@ -46,9 +46,7 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless @skipInServerlessMKI update_rules', () => {
     describe('update rules', () => {
@@ -72,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -91,7 +89,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200);
 
-        const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername());
 
         // @ts-expect-error type narrowing is lost due to Omit<>
         outputRule.machine_learning_job_id = ['legacy_job_id'];
@@ -111,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200);
 
-        const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername());
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body);
@@ -133,7 +131,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
 
         outputRule.name = 'some other name';
@@ -182,7 +180,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -203,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 1;
@@ -221,7 +219,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.enabled = false;
         outputRule.severity = 'low';
@@ -247,7 +245,7 @@ export default ({ getService }: FtrProviderContext) => {
         // update a simple rule's name
         const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername());
 
         outputRule.name = 'some other name';
         outputRule.revision = 2;
@@ -579,7 +577,7 @@ export default ({ getService }: FtrProviderContext) => {
                 );
                 const expectedRule = updateUsername(
                   getSimpleRuleOutputWithoutRuleId(),
-                  ELASTICSEARCH_USERNAME
+                  await utils.getUsername()
                 );
 
                 expectedRule.revision = 1;
@@ -610,7 +608,7 @@ export default ({ getService }: FtrProviderContext) => {
 
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
               expectedRule.revision = 1;
               expectedRule.actions = actionsWithoutFrequencies.map((action) => ({
@@ -648,7 +646,7 @@ export default ({ getService }: FtrProviderContext) => {
 
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
               expectedRule.revision = 1;
               expectedRule.actions = actionsWithFrequencies;
@@ -676,7 +674,7 @@ export default ({ getService }: FtrProviderContext) => {
 
                 const expectedRule = updateUsername(
                   getSimpleRuleOutputWithoutRuleId(),
-                  ELASTICSEARCH_USERNAME
+                  await utils.getUsername()
                 );
                 expectedRule.revision = 1;
                 expectedRule.actions = someActionsWithFrequencies.map((action) => ({
@@ -706,7 +704,7 @@ export default ({ getService }: FtrProviderContext) => {
 
               const expectedRule = updateUsername(
                 getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
+                await utils.getUsername()
               );
               expectedRule.revision = 1;
               expectedRule.actions = someActionsWithFrequencies.map((action) => ({
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts
index 2dead22fd358a..68886130e6cc3 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts
@@ -49,12 +49,15 @@ export default ({ getService }: FtrProviderContext) => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
   const es = getService('es');
-  // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
+  let username: string;
 
   // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation
   describe('@ess update_rules_bulk', () => {
+    before(async () => {
+      username = await utils.getUsername();
+    });
+
     describe('deprecations', () => {
       afterEach(async () => {
         await deleteAllRules(supertest, log);
@@ -95,7 +98,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
@@ -119,11 +122,11 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1, updatedRule2] })
           .expect(200);
 
-        const outputRule1 = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule1 = updateUsername(getSimpleRuleOutput(), username);
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
 
-        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME);
+        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username);
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
 
@@ -187,10 +190,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         body.forEach((response) => {
           const bodyToCompare = removeServerGeneratedProperties(response);
-          const outputRule = updateUsername(
-            getSimpleRuleOutput(response.rule_id),
-            ELASTICSEARCH_USERNAME
-          );
+          const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id), username);
           outputRule.name = 'some other name';
           outputRule.revision = 1;
           outputRule.actions = [
@@ -250,10 +250,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         body.forEach((response) => {
-          const outputRule = updateUsername(
-            getSimpleRuleOutput(response.rule_id),
-            ELASTICSEARCH_USERNAME
-          );
+          const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id), username);
           outputRule.name = 'some other name';
           outputRule.revision = 1;
           outputRule.actions = [];
@@ -275,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
@@ -301,11 +298,11 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1, updatedRule2] })
           .expect(200);
 
-        const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), ELASTICSEARCH_USERNAME);
+        const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), username);
         outputRule1.name = 'some other name';
         outputRule1.revision = 1;
 
-        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME);
+        const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username);
         outputRule2.name = 'some other name';
         outputRule2.revision = 1;
 
@@ -328,7 +325,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 1;
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
@@ -347,7 +344,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [updatedRule1] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.enabled = false;
         outputRule.severity = 'low';
         outputRule.revision = 1;
@@ -374,7 +371,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [ruleUpdate2] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 2;
 
@@ -435,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [ruleUpdate, ruleUpdate2] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 1;
 
@@ -470,7 +467,7 @@ export default ({ getService }: FtrProviderContext) => {
           .bulkUpdateRules({ body: [rule1, rule2] })
           .expect(200);
 
-        const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
+        const outputRule = updateUsername(getSimpleRuleOutput(), username);
         outputRule.name = 'some other name';
         outputRule.revision = 1;
 
@@ -629,10 +626,7 @@ export default ({ getService }: FtrProviderContext) => {
                 actionsWithoutFrequencies
               );
 
-              const expectedRule = updateUsername(
-                getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
-              );
+              const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username);
               expectedRule.revision = 1;
               expectedRule.actions = actionsWithoutFrequencies.map((action) => ({
                 ...action,
@@ -660,10 +654,7 @@ export default ({ getService }: FtrProviderContext) => {
               actionsWithoutFrequencies
             );
 
-            const expectedRule = updateUsername(
-              getSimpleRuleOutputWithoutRuleId(),
-              ELASTICSEARCH_USERNAME
-            );
+            const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username);
             expectedRule.revision = 1;
             expectedRule.actions = actionsWithoutFrequencies.map((action) => ({
               ...action,
@@ -698,10 +689,7 @@ export default ({ getService }: FtrProviderContext) => {
               actionsWithFrequencies
             );
 
-            const expectedRule = updateUsername(
-              getSimpleRuleOutputWithoutRuleId(),
-              ELASTICSEARCH_USERNAME
-            );
+            const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username);
             expectedRule.revision = 1;
             expectedRule.actions = actionsWithFrequencies;
 
@@ -726,10 +714,7 @@ export default ({ getService }: FtrProviderContext) => {
                 someActionsWithFrequencies
               );
 
-              const expectedRule = updateUsername(
-                getSimpleRuleOutputWithoutRuleId(),
-                ELASTICSEARCH_USERNAME
-              );
+              const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username);
               expectedRule.revision = 1;
               expectedRule.actions = someActionsWithFrequencies.map((action) => ({
                 ...action,
@@ -756,10 +741,7 @@ export default ({ getService }: FtrProviderContext) => {
               someActionsWithFrequencies
             );
 
-            const expectedRule = updateUsername(
-              getSimpleRuleOutputWithoutRuleId(),
-              ELASTICSEARCH_USERNAME
-            );
+            const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username);
             expectedRule.revision = 1;
             expectedRule.actions = someActionsWithFrequencies.map((action) => ({
               ...action,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts
index b6c4862ccf298..4272345759f0e 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts
@@ -37,8 +37,7 @@ export default ({ getService }: FtrProviderContext) => {
   const log = getService('log');
   const es = getService('es');
   // TODO: add a new service for pulling kibana username, similar to getService('es')
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess update_rules - ESS specific logic', () => {
     describe('update rules', () => {
@@ -97,7 +96,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const outputRule = updateUsername(
           getSimpleRuleOutputWithoutRuleId(),
-          ELASTICSEARCH_USERNAME
+          await utils.getUsername()
         );
         outputRule.name = 'some other name';
         outputRule.revision = 1;
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
index 123fd4cecf0cb..3e443226542f1 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
@@ -15,7 +15,7 @@ import {
 } from '../../utils';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
-  describe('@ess @serverless Entity Analytics - Asset Criticality CSV upload', () => {
+  describe('@ess @serverless @serverlessQA Entity Analytics - Asset Criticality CSV upload', () => {
     const esClient = getService('es');
     const supertest = getService('supertest');
     const assetCriticalityRoutes = assetCriticalityRouteHelpersFactory(supertest);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts
index e2af055597f99..4ccce93c790f9 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts
@@ -10,7 +10,6 @@ import { FtrProviderContext } from '../../../../ftr_provider_context';
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('Entity Analytics - Risk Engine', function () {
     loadTestFile(require.resolve('./init_and_status_apis'));
-    loadTestFile(require.resolve('./risk_score_calculation'));
     loadTestFile(require.resolve('./risk_score_preview'));
     loadTestFile(require.resolve('./risk_scoring_task/task_execution'));
     loadTestFile(require.resolve('./risk_scoring_task/task_execution_nondefault_spaces'));
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts
index 62ef6eee01f4f..48c208e99fc96 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts
@@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext) => {
   const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest);
   const log = getService('log');
 
-  describe('@ess @serverless init_and_status_apis', () => {
+  describe('@ess @serverless @serverlessQA init_and_status_apis', () => {
     beforeEach(async () => {
       await cleanRiskEngine({ kibanaServer, es, log });
     });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts
deleted file mode 100644
index 29451ef9dacbe..0000000000000
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import expect from '@kbn/expect';
-import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common';
-
-import { RISK_SCORE_CALCULATION_URL } from '@kbn/security-solution-plugin/common/constants';
-import { v4 as uuidv4 } from 'uuid';
-import { EntityRiskScoreRecord } from '@kbn/security-solution-plugin/common/api/entity_analytics/common';
-import { dataGeneratorFactory } from '../../../detections_response/utils';
-import { deleteAllAlerts, deleteAllRules } from '../../../../../common/utils/security_solution';
-import {
-  buildDocument,
-  createAndSyncRuleAndAlertsFactory,
-  deleteAllRiskScores,
-  readRiskScores,
-  normalizeScores,
-  waitForRiskScoresToBePresent,
-  assetCriticalityRouteHelpersFactory,
-  cleanAssetCriticality,
-  waitForAssetCriticalityToBePresent,
-  getLatestRiskScoreIndexMapping,
-  riskEngineRouteHelpersFactory,
-  cleanRiskEngine,
-  enableAssetCriticalityAdvancedSetting,
-} from '../../utils';
-import { FtrProviderContext } from '../../../../ftr_provider_context';
-
-export default ({ getService }: FtrProviderContext): void => {
-  const supertest = getService('supertest');
-
-  const esArchiver = getService('esArchiver');
-  const es = getService('es');
-  const log = getService('log');
-  const kibanaServer = getService('kibanaServer');
-
-  const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest);
-
-  const createAndSyncRuleAndAlerts = createAndSyncRuleAndAlertsFactory({ supertest, log });
-
-  const calculateRiskScores = async ({
-    body,
-  }: {
-    body: object;
-  }): Promise<{ scores: EntityRiskScoreRecord[] }> => {
-    const { body: result } = await supertest
-      .post(RISK_SCORE_CALCULATION_URL)
-      .set('kbn-xsrf', 'true')
-      .set('elastic-api-version', '1')
-      .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-      .send(body)
-      .expect(200);
-    return result;
-  };
-
-  const calculateRiskScoreAfterRuleCreationAndExecution = async (
-    documentId: string,
-    {
-      alerts = 1,
-      riskScore = 21,
-      maxSignals = 100,
-    }: { alerts?: number; riskScore?: number; maxSignals?: number } = {}
-  ) => {
-    await createAndSyncRuleAndAlerts({ query: `id: ${documentId}`, alerts, riskScore, maxSignals });
-
-    return await calculateRiskScores({
-      body: {
-        data_view_id: '.alerts-security.alerts-default',
-        range: { start: 'now-30d', end: 'now' },
-        identifier_type: 'host',
-      },
-    });
-  };
-
-  describe('@ess @serverless Risk Scoring Calculation API', () => {
-    before(async () => {
-      enableAssetCriticalityAdvancedSetting(kibanaServer, log);
-    });
-
-    context('with auditbeat data', () => {
-      const { indexListOfDocuments } = dataGeneratorFactory({
-        es,
-        index: 'ecs_compliant',
-        log,
-      });
-
-      before(async () => {
-        await esArchiver.load('x-pack/test/functional/es_archives/security_solution/ecs_compliant');
-      });
-
-      after(async () => {
-        await esArchiver.unload(
-          'x-pack/test/functional/es_archives/security_solution/ecs_compliant'
-        );
-      });
-
-      beforeEach(async () => {
-        await deleteAllAlerts(supertest, log, es);
-        await deleteAllRules(supertest, log);
-
-        await cleanRiskEngine({ kibanaServer, es, log });
-        await riskEngineRoutes.init();
-      });
-
-      afterEach(async () => {
-        await deleteAllRiskScores(log, es);
-        await deleteAllAlerts(supertest, log, es);
-        await deleteAllRules(supertest, log);
-
-        await cleanRiskEngine({ kibanaServer, es, log });
-      });
-
-      it('calculates and persists risk score', async () => {
-        const documentId = uuidv4();
-        await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]);
-
-        const results = await calculateRiskScoreAfterRuleCreationAndExecution(documentId);
-        expect(results).to.eql({
-          after_keys: {
-            host: {
-              'host.name': 'host-1',
-            },
-          },
-          errors: [],
-          scores_written: 1,
-        });
-
-        await waitForRiskScoresToBePresent({ es, log });
-        const scores = await readRiskScores(es);
-
-        expect(scores.length).to.eql(1);
-        const [score] = normalizeScores(scores);
-
-        expect(score).to.eql({
-          calculated_level: 'Unknown',
-          calculated_score: 21,
-          calculated_score_norm: 8.10060175898781,
-          category_1_score: 8.10060175898781,
-          category_1_count: 1,
-          id_field: 'host.name',
-          id_value: 'host-1',
-        });
-      });
-
-      it('upgrades latest risk score index dynamic setting before persisting risk scores', async () => {
-        const documentId = uuidv4();
-        await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]);
-
-        await calculateRiskScoreAfterRuleCreationAndExecution(documentId);
-
-        const unmodifiedIndexMapping = await getLatestRiskScoreIndexMapping(es);
-        // by default, the dynamic mapping is set to false.
-        expect(unmodifiedIndexMapping?.dynamic).to.eql('false');
-
-        // set the 'dynamic' configuration to an undesirable value
-        await es.indices.putMapping({
-          index: 'risk-score.risk-score-latest-default',
-          dynamic: 'strict',
-        });
-
-        expect((await getLatestRiskScoreIndexMapping(es))?.dynamic).to.eql('strict');
-
-        // before re-running risk score persistence, the dynamic configuration should be reset to the desired value
-        await calculateRiskScoreAfterRuleCreationAndExecution(documentId);
-
-        const finalIndexMapping = await getLatestRiskScoreIndexMapping(es);
-
-        expect(finalIndexMapping?.dynamic).to.eql('false');
-
-        // after all processing is complete, the mapping should be exactly the same as before
-        expect(unmodifiedIndexMapping).to.eql(finalIndexMapping);
-      });
-
-      describe('paging through calculations', () => {
-        let documentId: string;
-        beforeEach(async () => {
-          documentId = uuidv4();
-          const baseEvent = buildDocument({ host: { name: 'host-1' } }, documentId);
-          await indexListOfDocuments(
-            Array(10)
-              .fill(baseEvent)
-              .map((_baseEvent, index) => ({
-                ..._baseEvent,
-                'host.name': `host-${index}`,
-              }))
-          );
-
-          await createAndSyncRuleAndAlerts({
-            query: `id: ${documentId}`,
-            alerts: 10,
-            riskScore: 40,
-          });
-        });
-
-        it('calculates and persists a single page of risk scores', async () => {
-          const results = await calculateRiskScores({
-            body: {
-              data_view_id: '.alerts-security.alerts-default',
-              identifier_type: 'host',
-              range: { start: 'now-30d', end: 'now' },
-            },
-          });
-          expect(results).to.eql({
-            after_keys: {
-              host: {
-                'host.name': 'host-9',
-              },
-            },
-            errors: [],
-            scores_written: 10,
-          });
-
-          await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 });
-          const scores = await readRiskScores(es);
-
-          expect(scores.length).to.eql(10);
-        });
-
-        it('calculates and persists multiple pages of risk scores', async () => {
-          const results = await calculateRiskScores({
-            body: {
-              data_view_id: '.alerts-security.alerts-default',
-              identifier_type: 'host',
-              range: { start: 'now-30d', end: 'now' },
-              page_size: 5,
-            },
-          });
-          expect(results).to.eql({
-            after_keys: {
-              host: {
-                'host.name': 'host-4',
-              },
-            },
-            errors: [],
-            scores_written: 5,
-          });
-
-          const secondResults = await calculateRiskScores({
-            body: {
-              after_keys: {
-                host: {
-                  'host.name': 'host-4',
-                },
-              },
-              data_view_id: '.alerts-security.alerts-default',
-              identifier_type: 'host',
-              range: { start: 'now-30d', end: 'now' },
-              page_size: 5,
-            },
-          });
-
-          expect(secondResults).to.eql({
-            after_keys: {
-              host: {
-                'host.name': 'host-9',
-              },
-            },
-            errors: [],
-            scores_written: 5,
-          });
-
-          await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 });
-          const scores = await readRiskScores(es);
-
-          expect(scores.length).to.eql(10);
-        });
-
-        it('returns an appropriate response if there are no inputs left to score/persist', async () => {
-          const results = await calculateRiskScores({
-            body: {
-              data_view_id: '.alerts-security.alerts-default',
-              identifier_type: 'host',
-              range: { start: 'now-30d', end: 'now' },
-              page_size: 10,
-            },
-          });
-          expect(results).to.eql({
-            after_keys: {
-              host: {
-                'host.name': 'host-9',
-              },
-            },
-            errors: [],
-            scores_written: 10,
-          });
-
-          const noopCalculationResults = await calculateRiskScores({
-            body: {
-              after_keys: {
-                host: {
-                  'host.name': 'host-9',
-                },
-              },
-              debug: true,
-              data_view_id: '.alerts-security.alerts-default',
-              identifier_type: 'host',
-              range: { start: 'now-30d', end: 'now' },
-              page_size: 5,
-            },
-          });
-
-          expect(noopCalculationResults).to.eql({
-            after_keys: {},
-            errors: [],
-            scores_written: 0,
-          });
-
-          await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 });
-          const scores = await readRiskScores(es);
-
-          expect(scores.length).to.eql(10);
-        });
-      });
-
-      describe('@skipInServerless with asset criticality data', () => {
-        const assetCriticalityRoutes = assetCriticalityRouteHelpersFactory(supertest);
-
-        beforeEach(async () => {
-          await assetCriticalityRoutes.upsert({
-            id_field: 'host.name',
-            id_value: 'host-1',
-            criticality_level: 'high_impact',
-          });
-        });
-
-        afterEach(async () => {
-          await cleanAssetCriticality({ log, es });
-        });
-
-        it('calculates and persists risk scores with additional criticality metadata and modifiers', async () => {
-          const documentId = uuidv4();
-          await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]);
-          await waitForAssetCriticalityToBePresent({ es, log });
-
-          const results = await calculateRiskScoreAfterRuleCreationAndExecution(documentId);
-          expect(results).to.eql({
-            after_keys: { host: { 'host.name': 'host-1' } },
-            errors: [],
-            scores_written: 1,
-          });
-
-          await waitForRiskScoresToBePresent({ es, log });
-          const scores = await readRiskScores(es);
-          expect(scores.length).to.eql(1);
-
-          const [score] = normalizeScores(scores);
-          expect(score).to.eql({
-            criticality_level: 'high_impact',
-            criticality_modifier: 1.5,
-            calculated_level: 'Unknown',
-            calculated_score: 21,
-            calculated_score_norm: 11.677912063468526,
-            category_1_score: 8.10060175898781,
-            category_1_count: 1,
-            id_field: 'host.name',
-            id_value: 'host-1',
-          });
-          const [rawScore] = scores;
-
-          expect(
-            rawScore.host?.risk.category_1_score! + rawScore.host?.risk.category_2_score!
-          ).to.be.within(
-            score.calculated_score_norm! - 0.000000000000001,
-            score.calculated_score_norm! + 0.000000000000001
-          );
-        });
-      });
-    });
-  });
-};
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_scoring_task/task_execution.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_scoring_task/task_execution.ts
index d53ffc707b396..21de936b4ff3a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_scoring_task/task_execution.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_scoring_task/task_execution.ts
@@ -36,7 +36,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const createAndSyncRuleAndAlerts = createAndSyncRuleAndAlertsFactory({ supertest, log });
   const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest);
 
-  describe('@ess @serverless Risk Scoring Task Execution', () => {
+  describe('@ess @serverless @serverlessQA Risk Scoring Task Execution', () => {
     context('with auditbeat data', () => {
       const { indexListOfDocuments } = dataGeneratorFactory({
         es,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts
index ad7c413a3c6a7..b5a4dc3449eb1 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts
@@ -26,8 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless create_exception_list_items', () => {
     describe('validation errors', () => {
@@ -65,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -95,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql({
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           entries,
         });
       });
@@ -115,7 +114,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         const outputList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           item_id: body.item_id,
         };
         expect(bodyToCompare).to.eql(outputList);
@@ -165,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql({
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           expire_time: datetime,
         });
       });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts
index 4d3b2be7de27f..89ff41806c97f 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts
@@ -26,8 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_exception_list_items', () => {
     describe('delete exception list items', () => {
@@ -62,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -87,7 +86,7 @@ export default ({ getService }: FtrProviderContext) => {
           .set('kbn-xsrf', 'true')
           .expect(200);
         const outputtedList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           item_id: body.item_id,
         };
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts
index 3fcbd476b7547..bd9068d989c19 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts
@@ -28,8 +28,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_exception_list_items', () => {
     describe('find exception list items', () => {
@@ -105,11 +104,12 @@ export default ({ getService }: FtrProviderContext): void => {
           .expect(200);
 
         body.data = [removeExceptionListItemServerGeneratedProperties(body.data[0])];
+        const username = await utils.getUsername();
         expect(body).to.eql({
           data: [
             {
               comments: [],
-              created_by: ELASTICSEARCH_USERNAME,
+              created_by: username,
               description: 'some description',
               entries: [
                 {
@@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => {
               os_types: ['windows'],
               tags: [],
               type: 'simple',
-              updated_by: ELASTICSEARCH_USERNAME,
+              updated_by: username,
             },
           ],
           page: 1,
@@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext): void => {
         body.data = [removeExceptionListItemServerGeneratedProperties(body.data[0])];
         expect(body).to.eql({
           data: [
-            getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+            getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           ],
           page: 1,
           per_page: 20,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts
index a2cffa490194c..d1689dcaf04b7 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts
@@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_exception_list_items', () => {
     describe('reading exception list items', () => {
@@ -50,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -76,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -100,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputtedList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           item_id: body.item_id,
         };
 
@@ -128,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputtedList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           item_id: body.item_id,
         };
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts
index 6e0a1daa024e1..46766b1ace80f 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts
@@ -30,8 +30,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_exception_list_items', () => {
     describe('update exception list items', () => {
@@ -253,7 +252,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
         };
 
@@ -293,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ExceptionListItemSchema> = {
-          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           item_id: body.item_id,
         };
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts
index da066b078b0c4..0a1ecfa0b0d0a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts
@@ -21,8 +21,7 @@ import { deleteAllExceptions, removeExceptionListServerGeneratedProperties } fro
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless create_exception_lists', () => {
     describe('creating exception lists', () => {
@@ -39,7 +38,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
         const outputtedList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           list_id: bodyToCompare.list_id,
         };
         expect(bodyToCompare).to.eql(outputtedList);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts
index ae109897fb138..98b387b1dc9bb 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts
@@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_exception_lists', () => {
     describe('delete exception lists', () => {
@@ -49,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -68,7 +67,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputtedList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           list_id: body.list_id,
         };
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts
index 14a4dcfb65ec7..927cf87b93d5a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts
@@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless duplicate_exception_lists', () => {
     afterEach(async () => {
@@ -50,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => {
 
       const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
       expect(bodyToCompare).to.eql({
-        ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+        ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
         type: 'detection',
         list_id: body.list_id,
         name: `${getCreateExceptionListDetectionSchemaMock().name} [Duplicate]`,
@@ -91,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => {
 
       const listBodyToCompare = removeExceptionListServerGeneratedProperties(listBody);
       expect(listBodyToCompare).to.eql({
-        ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+        ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
         type: 'detection',
         list_id: listBody.list_id,
         name: `${getCreateExceptionListDetectionSchemaMock().name} [Duplicate]`,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts
index cb405b7b7d642..3ffcad93b568e 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts
@@ -17,8 +17,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_exception_lists', () => {
     describe('find exception lists', () => {
@@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
         body.data = [removeExceptionListServerGeneratedProperties(body.data[0])];
         expect(body).to.eql({
-          data: [getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)],
+          data: [getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())],
           page: 1,
           per_page: 20,
           total: 1,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts
index b2061928e1759..89239b1a93c25 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts
@@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_exception_lists', () => {
     describe('reading exception lists', () => {
@@ -46,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -65,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeExceptionListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -83,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputtedList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           list_id: body.list_id,
         };
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts
index 1a5aed16b128c..f399bcde87426 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts
@@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_exception_lists', () => {
     describe('update exception lists', () => {
@@ -53,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
@@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           list_id: body.list_id,
           version: 2,
@@ -118,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ExceptionListSchema> = {
-          ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           description: 'some other description',
           version: 2,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts
index f174fdff3f774..9ab6eb9361148 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts
@@ -16,6 +16,7 @@ import {
   getCreateMinimalListItemSchemaMockWithoutId,
 } from '@kbn/lists-plugin/common/schemas/request/create_list_item_schema.mock';
 import { getListItemResponseMockWithoutAutoGeneratedValues } from '@kbn/lists-plugin/common/schemas/response/list_item_schema.mock';
+import TestAgent from 'supertest/lib/agent';
 import {
   createListsIndex,
   deleteListsIndex,
@@ -25,12 +26,16 @@ import {
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
-  const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless create_list_items', () => {
+    let supertest: TestAgent;
+
+    before(async () => {
+      supertest = await utils.createSuperTest('admin');
+    });
+
     describe('validation errors', () => {
       it('should give a 404 error that the list must exist first before being able to add a list item', async () => {
         const { body } = await supertest
@@ -69,8 +74,9 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
+
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -89,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts
index f17d950a10dc1..1f224e2e2db74 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts
@@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_list_items', () => {
     describe('deleting list items', () => {
@@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -85,7 +84,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts
index aed7d61acf7b2..d7817ea86cd23 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts
@@ -79,6 +79,28 @@ export default ({ getService }: FtrProviderContext): void => {
         });
       });
 
+      it('should accept empty string filter', async () => {
+        await supertest
+          .post(LIST_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getCreateMinimalListSchemaMock())
+          .expect(200);
+
+        const { body } = await supertest
+          .get(`${LIST_ITEM_URL}/_find?list_id=${LIST_ID}&filter=`)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        expect(body).toEqual({
+          cursor: 'WzBd',
+          data: [],
+          page: 1,
+          per_page: 20,
+          total: 0,
+        });
+      });
+
       it('should return a single list item when a single list item is loaded from a find with defaults added', async () => {
         const listMock = getCreateMinimalListSchemaMock();
         const listItemMock = getCreateMinimalListItemSchemaMock();
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts
index 7fabd749bc01d..3e2949568d7b9 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts
@@ -24,8 +24,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless import_list_items', () => {
     describe('importing list items without an index', () => {
@@ -106,7 +105,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         const outputtedList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'list_items.txt',
           description: 'File uploaded from file system of list_items.txt',
         };
@@ -139,7 +138,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body[0]);
         const outputtedList: Partial<ListItemSchema> = {
-          ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           list_id: 'list_items.txt',
         };
         expect(bodyToCompare).to.eql(outputtedList);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts
index cd614bd07e359..abcbc8499af86 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts
@@ -22,8 +22,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
   const es = getService('es');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess import_list_items_migrations', () => {
     describe('import list to legacy index and migrate it', () => {
@@ -49,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           const bodyToCompare = removeListServerGeneratedProperties(body);
           const outputtedList: Partial<ListSchema> = {
-            ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+            ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
             name: 'list_items.txt',
             description: 'File uploaded from file system of list_items.txt',
           };
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts
index 01a9d332ba355..ac25a46b458b8 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const retry = getService('retry');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless patch_list_items', () => {
     describe('patch list items', () => {
@@ -70,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send(patchListItemPayload);
 
         const outputListItem: Partial<ListItemSchema> = {
-          ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           value: '192.168.0.2',
         };
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
@@ -120,7 +119,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputListItem: Partial<ListItemSchema> = {
-          ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           value: '192.168.0.2',
         };
         const bodyToCompare = {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts
index b0005ccb3fc0b..6b57358f68057 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts
@@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_list_items', () => {
     describe('reading list items', () => {
@@ -56,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -80,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts
index 90d246d141866..073127cebfb3b 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts
@@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const retry = getService('retry');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_list_items', () => {
     describe('update list items', () => {
@@ -69,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => {
           .send(updatedListItem);
 
         const outputListItem: Partial<ListItemSchema> = {
-          ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           value: '192.168.0.2',
         };
         const bodyToCompare = removeListItemServerGeneratedProperties(body);
@@ -119,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputListItem: Partial<ListItemSchema> = {
-          ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           value: '192.168.0.2',
         };
         const bodyToCompare = {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts
index 8cd7517c9efe8..d8ee7bcb7bd8a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts
@@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless create_lists', () => {
     describe('creating lists', () => {
@@ -47,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -60,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts
index 87b54d9a2e99a..bcb02e613defc 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts
@@ -33,8 +33,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless delete_lists', () => {
     describe('deleting lists', () => {
@@ -62,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -106,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -260,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => {
 
           const bodyToCompare = removeListServerGeneratedProperties(deleteListBody.body);
           expect(bodyToCompare).to.eql(
-            getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+            getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
           );
 
           await supertest
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts
index 3c47ad92eb824..f28f5252e3679 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts
@@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_lists', () => {
     describe('find lists', () => {
@@ -70,7 +69,7 @@ export default ({ getService }: FtrProviderContext): void => {
         // cursor is a constant changing value so we have to delete it as well.
         delete body.cursor;
         expect(body).to.eql({
-          data: [getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)],
+          data: [getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())],
           page: 1,
           per_page: 20,
           total: 1,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts
index 813293ed1e7cc..f4aacaa2f8b77 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts
@@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless find_lists_by_size', () => {
     describe('find lists by size', () => {
@@ -81,11 +80,13 @@ export default ({ getService }: FtrProviderContext): void => {
         body.largeLists = [removeListServerGeneratedProperties(body.largeLists[0])];
         // cursor is a constant changing value so we have to delete it as well.
         delete body.cursor;
+
+        const username = await utils.getUsername();
         expect(body).to.eql({
-          smallLists: [getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)],
+          smallLists: [getListResponseMockWithoutAutoGeneratedValues(username)],
           largeLists: [
             {
-              ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+              ...getListResponseMockWithoutAutoGeneratedValues(username),
               type: 'text',
             },
           ],
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts
index 2586dcb23ab4f..51d9a2a9b5dab 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts
@@ -24,8 +24,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const retry = getService('retry');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless patch_lists', () => {
     describe('patch lists', () => {
@@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
@@ -100,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
@@ -140,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts
index 025725fe01575..6750acd2f4a5a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts
@@ -24,8 +24,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless read_lists', () => {
     describe('reading lists', () => {
@@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
@@ -71,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => {
 
         const bodyToCompare = removeListServerGeneratedProperties(body);
         expect(bodyToCompare).to.eql(
-          getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)
+          getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())
         );
       });
 
diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts
index 28084f54d2abe..21d1db4ff3e94 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts
@@ -25,8 +25,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
   const retry = getService('retry');
-  const config = getService('config');
-  const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username');
+  const utils = getService('securitySolutionUtils');
 
   describe('@ess @serverless update_lists', () => {
     describe('update lists', () => {
@@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
@@ -89,7 +88,7 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           version: 2,
         };
@@ -188,7 +187,7 @@ export default ({ getService }: FtrProviderContext) => {
         const { body } = await supertest.put(LIST_URL).set('kbn-xsrf', 'true').send(updatedList);
 
         const outputList: Partial<ListSchema> = {
-          ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME),
+          ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()),
           name: 'some other name',
           description: 'some other description',
           version: 2,
diff --git a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/common.ts b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/common.ts
index 88d31aea15813..4a9102638edb1 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/common.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/common.ts
@@ -35,6 +35,7 @@ export const schemaWithAncestry: ResolverSchema = {
   ancestry: 'process.Ext.ancestry',
   id: 'process.entity_id',
   parent: 'process.parent.entity_id',
+  agentId: 'agent.id',
 };
 
 /**
@@ -43,6 +44,7 @@ export const schemaWithAncestry: ResolverSchema = {
 export const schemaWithoutAncestry: ResolverSchema = {
   id: 'process.entity_id',
   parent: 'process.parent.entity_id',
+  agentId: 'agent.id',
 };
 
 /**
@@ -52,6 +54,7 @@ export const schemaWithName: ResolverSchema = {
   id: 'process.entity_id',
   parent: 'process.parent.entity_id',
   name: 'process.name',
+  agentId: 'agent.id',
 };
 
 const createLevels = ({
diff --git a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity.ts b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity.ts
index 42b30ce18063f..31de9cce299dc 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity.ts
@@ -41,7 +41,7 @@ export default function ({ getService }: FtrProviderContext) {
               parent: 'process.parent.entity_id',
               name: 'process.name',
             },
-            // this value is from the es archive
+            // this value comes from the es archive
             id: '{98da333e-2060-5fc9-2e01-000000003f00}',
           },
         ]);
@@ -84,9 +84,11 @@ export default function ({ getService }: FtrProviderContext) {
               parent: 'process.parent.entity_id',
               ancestry: 'process.Ext.ancestry',
               name: 'process.name',
+              agentId: 'agent.id',
             },
-            // this value is from the es archive
+            // these values come from the es archive
             id: 'MTIwNWY1NWQtODRkYS00MzkxLWIyNWQtYTNkNGJmNDBmY2E1LTc1NTItMTMyNDM1NDY1MTQuNjI0MjgxMDA=',
+            agentId: '1205f55d-84da-4391-b25d-a3d4bf40fca5',
           },
         ]);
       });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity_id.ts b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
index 69359a7003369..ab2c96756f463 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
@@ -115,6 +115,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: timestampAsDateSafeVersion(childWithEntityID)?.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: origin.agent?.id,
           })
           .expect(200);
         expect(body.length).to.be(1);
@@ -187,6 +188,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: timestampAsDateSafeVersion(origin)?.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: origin.agent?.id,
           })
           .expect(200);
         // the origin itself will be returned as part of the /tree request
diff --git a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/tree.ts b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/tree.ts
index 9707b430b0182..e161a5d00f4f4 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/tree.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/apis/resolver/tree.ts
@@ -30,9 +30,11 @@ export default function ({ getService }: FtrProviderContext) {
     { category: RelatedEventCategory.File, count: 1 },
     { category: RelatedEventCategory.Registry, count: 1 },
   ];
+
   const relatedAlerts = 4;
   let resolverTrees: GeneratedTrees;
   let tree: Tree;
+  let tree2: Tree;
   const treeOptions: Options = {
     ancestors: 5,
     relatedEvents: relatedEventsToGen,
@@ -41,16 +43,15 @@ export default function ({ getService }: FtrProviderContext) {
     generations: 2,
     percentTerminated: 100,
     percentWithRelated: 100,
-    numTrees: 1,
+    numTrees: 2,
     alwaysGenMaxChildrenPerNode: true,
     ancestryArraySize: 2,
   };
-
   describe('@ess @serverless Resolver tree', function () {
     before(async () => {
       resolverTrees = await resolver.createTrees(treeOptions);
-      // we only requested a single alert so there's only 1 tree
-      tree = resolverTrees.trees[0];
+      // we need tree2 for comparison tests
+      [tree, tree2] = resolverTrees.trees;
     });
     after(async () => {
       await resolver.deleteData(resolverTrees);
@@ -72,6 +73,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -97,6 +99,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         expect(body).to.be.empty();
@@ -118,6 +121,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -143,6 +147,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -171,6 +176,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: from,
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -198,6 +204,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -234,6 +241,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -265,6 +273,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['doesnotexist-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         expect(body).to.be.empty();
@@ -287,6 +296,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -317,6 +327,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -346,6 +357,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         expect(body).to.be.empty();
@@ -369,6 +381,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -402,6 +415,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -435,6 +449,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -472,6 +487,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -508,6 +524,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: end,
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -537,6 +554,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -575,6 +593,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -613,6 +632,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         verifyTree({
@@ -651,6 +671,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: tree.endTime.toISOString(),
             },
             indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
           })
           .expect(200);
         expect(body).to.be.empty();
@@ -667,5 +688,136 @@ export default function ({ getService }: FtrProviderContext) {
         });
       });
     });
+    describe('different agent.ids', () => {
+      it('should return correct nodes for tree1 and tree2 based on agent.id', async () => {
+        const { body: body1 }: { body: ResolverNode[] } = await supertest
+          .post('/api/endpoint/resolver/tree')
+          .set(HEADERS)
+          .send({
+            descendants: 100,
+            descendantLevels: 10,
+            ancestors: 50,
+            schema: schemaWithAncestry,
+            nodes: [tree.origin.id],
+            timeRange: {
+              from: tree.startTime.toISOString(),
+              to: tree.endTime.toISOString(),
+            },
+            indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
+          })
+          .expect(200);
+        verifyTree({
+          expectations: [
+            {
+              origin: tree.origin.id,
+              nodeExpectations: { descendants: 12, descendantLevels: 2, ancestors: 5 },
+            },
+          ],
+          response: body1,
+          schema: schemaWithAncestry,
+          genTree: tree,
+          relatedEventsCategories: relatedEventsToGen,
+        });
+
+        const { body: body2 }: { body: ResolverNode[] } = await supertest
+          .post('/api/endpoint/resolver/tree')
+          .set(HEADERS)
+          .send({
+            descendants: 100,
+            descendantLevels: 10,
+            ancestors: 50,
+            schema: schemaWithAncestry,
+            nodes: [tree2.origin.id],
+            timeRange: {
+              from: tree2.startTime.toISOString(),
+              to: tree2.endTime.toISOString(),
+            },
+            indexPatterns: ['logs-*'],
+            agentId: 'wrong-agent-id',
+          })
+          .expect(200);
+        verifyTree({
+          expectations: [
+            {
+              origin: tree2.origin.id,
+              nodeExpectations: { descendants: 0, descendantLevels: 0, ancestors: 0 },
+            },
+          ],
+          response: body2,
+          schema: schemaWithAncestry,
+          genTree: tree2,
+          relatedEventsCategories: relatedEventsToGen,
+        });
+      });
+    });
+
+    describe('collision in process.entity_id', () => {
+      it('should handle process.entity_id collisions correctly', async () => {
+        const duplicateEntityId = tree.origin.id;
+
+        const { body: body1 }: { body: ResolverNode[] } = await supertest
+          .post('/api/endpoint/resolver/tree')
+          .set(HEADERS)
+          .send({
+            descendants: 100,
+            descendantLevels: 10,
+            ancestors: 50,
+            schema: schemaWithAncestry,
+            nodes: [duplicateEntityId],
+            timeRange: {
+              from: tree.startTime.toISOString(),
+              to: tree.endTime.toISOString(),
+            },
+            indexPatterns: ['logs-*'],
+            agentId: tree.agentId,
+          })
+          .expect(200);
+
+        const { body: body2 }: { body: ResolverNode[] } = await supertest
+          .post('/api/endpoint/resolver/tree')
+          .set(HEADERS)
+          .send({
+            descendants: 100,
+            descendantLevels: 10,
+            ancestors: 50,
+            schema: schemaWithAncestry,
+            nodes: [duplicateEntityId],
+            timeRange: {
+              from: tree2.startTime.toISOString(),
+              to: tree2.endTime.toISOString(),
+            },
+            indexPatterns: ['logs-*'],
+            agentId: 'wrong-agent-id',
+          })
+          .expect(200);
+
+        verifyTree({
+          expectations: [
+            {
+              origin: duplicateEntityId,
+              nodeExpectations: { descendants: 12, descendantLevels: 2, ancestors: 5 },
+            },
+          ],
+          response: body1,
+          schema: schemaWithAncestry,
+          genTree: tree,
+          relatedEventsCategories: relatedEventsToGen,
+        });
+
+        verifyTree({
+          expectations: [
+            {
+              origin: duplicateEntityId,
+              nodeExpectations: { descendants: 0, descendantLevels: 0, ancestors: 0 },
+            },
+          ],
+          response: body2,
+          schema: schemaWithAncestry,
+          genTree: tree2,
+          relatedEventsCategories: relatedEventsToGen,
+        });
+      });
+    });
   });
 }
diff --git a/x-pack/test/security_solution_api_integration/tsconfig.json b/x-pack/test/security_solution_api_integration/tsconfig.json
index 269822e345de8..c9bcdf8ccde2b 100644
--- a/x-pack/test/security_solution_api_integration/tsconfig.json
+++ b/x-pack/test/security_solution_api_integration/tsconfig.json
@@ -47,5 +47,6 @@
     "@kbn/timelines-plugin",
     "@kbn/ftr-common-functional-ui-services",
     "@kbn/test-subj-selector",
+    "@kbn/dev-cli-runner",
   ]
 }
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/callouts/missing_privileges_callout.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/callouts/missing_privileges_callout.cy.ts
index bcb29a456bdd2..69e6bb8b35253 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/callouts/missing_privileges_callout.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/callouts/missing_privileges_callout.cy.ts
@@ -44,106 +44,91 @@ const waitForPageTitleToBeShown = () => {
   cy.get(PAGE_TITLE).should('be.visible');
 };
 
-// FLAKY: https://github.com/elastic/kibana/issues/178176
-describe.skip(
-  'Detections > Callouts',
-  { tags: ['@ess', '@serverless', '@skipInServerless'] },
-  () => {
-    before(() => {
-      // First, we have to open the app on behalf of a privileged user in order to initialize it.
-      // Otherwise the app will be disabled and show a "welcome"-like page.
-      login();
-      visit(ALERTS_URL);
-      waitForPageTitleToBeShown();
-    });
-
-    context('indicating read-only access to resources', () => {
-      context('On Detections home page', () => {
-        beforeEach(() => {
-          loadPageAsReadOnlyUser(ALERTS_URL);
-        });
-
-        it('We show one primary callout', () => {
-          waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
-        });
-
-        context('When a user clicks Dismiss on the callout', () => {
-          it('We hide it and persist the dismissal', () => {
-            waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
-            dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
-            reloadPage();
-            getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
-          });
-        });
+describe('Detections > Callouts', { tags: ['@ess', '@serverless', '@skipInServerless'] }, () => {
+  before(() => {
+    // First, we have to open the app on behalf of a privileged user in order to initialize it.
+    // Otherwise the app will be disabled and show a "welcome"-like page.
+    login();
+    visit(ALERTS_URL);
+    waitForPageTitleToBeShown();
+  });
+
+  context('indicating read-only access to resources', () => {
+    context('On Detections home page', () => {
+      beforeEach(() => {
+        loadPageAsReadOnlyUser(ALERTS_URL);
       });
 
-      // FYI: Rules Management check moved to ../detection_rules/all_rules_read_only.spec.ts
+      it('dismisses callout and persists its state', () => {
+        waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
 
-      context('On Rule Details page', () => {
-        beforeEach(() => {
-          createRule(getNewRule()).then((rule) =>
-            loadPageAsReadOnlyUser(ruleDetailsUrl(rule.body.id))
-          );
-        });
+        dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
+        reloadPage();
 
-        afterEach(() => {
-          deleteCustomRule();
-        });
+        getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
+      });
+    });
+
+    // FYI: Rules Management check moved to ../detection_rules/all_rules_read_only.spec.ts
+
+    context('On Rule Details page', () => {
+      beforeEach(() => {
+        createRule(getNewRule()).then((rule) =>
+          loadPageAsReadOnlyUser(ruleDetailsUrl(rule.body.id))
+        );
+      });
 
-        it('We show one primary callout', () => {
-          waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
-        });
+      afterEach(() => {
+        deleteCustomRule();
+      });
 
-        context('When a user clicks Dismiss on the callouts', () => {
-          it('We hide them and persist the dismissal', () => {
-            waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
+      it('dismisses callout and persists its state', () => {
+        waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
 
-            dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
-            reloadPage();
+        dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
+        reloadPage();
 
-            getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
-          });
-        });
+        getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
       });
     });
+  });
 
-    context('indicating read-write access to resources', () => {
-      context('On Detections home page', () => {
-        beforeEach(() => {
-          loadPageAsPlatformEngineer(ALERTS_URL);
-        });
+  context('indicating read-write access to resources', () => {
+    context('On Detections home page', () => {
+      beforeEach(() => {
+        loadPageAsPlatformEngineer(ALERTS_URL);
+      });
 
-        it('We show no callout', () => {
-          getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
-        });
+      it('We show no callout', () => {
+        getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
       });
+    });
 
-      context('On Rules Management page', () => {
-        beforeEach(() => {
-          login(ROLES.platform_engineer);
-          loadPageAsPlatformEngineer(RULES_MANAGEMENT_URL);
-        });
+    context('On Rules Management page', () => {
+      beforeEach(() => {
+        login(ROLES.platform_engineer);
+        loadPageAsPlatformEngineer(RULES_MANAGEMENT_URL);
+      });
 
-        it('We show no callout', () => {
-          getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
-        });
+      it('We show no callout', () => {
+        getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
       });
+    });
 
-      context('On Rule Details page', () => {
-        beforeEach(() => {
-          createRule(getNewRule()).then((rule) =>
-            loadPageAsPlatformEngineer(ruleDetailsUrl(rule.body.id))
-          );
-        });
+    context('On Rule Details page', () => {
+      beforeEach(() => {
+        createRule(getNewRule()).then((rule) =>
+          loadPageAsPlatformEngineer(ruleDetailsUrl(rule.body.id))
+        );
+      });
 
-        afterEach(() => {
-          deleteCustomRule();
-        });
+      afterEach(() => {
+        deleteCustomRule();
+      });
 
-        it('We show no callouts', () => {
-          getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
-        });
+      it('We show no callouts', () => {
+        getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
       });
     });
-  }
-);
+  });
+});
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule.cy.ts
index a40d635cd4bf9..36c84cdf93e2d 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule.cy.ts
@@ -61,7 +61,7 @@ describe('Create custom query rule', { tags: ['@ess', '@serverless'] }, () => {
     });
 
     // FLAKEY - see https://github.com/elastic/kibana/issues/182891
-    it('@skipInServerless Adds filter on define step', () => {
+    it('Adds filter on define step', { tags: ['@skipInServerless'] }, () => {
       visit(CREATE_RULE_URL);
       fillDefineCustomRule(rule);
       openAddFilterPopover();
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts
index 9121e524ddbb4..57c0c39f8a8f9 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts
@@ -4,13 +4,11 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { isArray } from 'lodash';
 
 import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
 import { getMachineLearningRule } from '../../../../objects/rule';
 
 import {
-  CUSTOM_RULES_BTN,
   RISK_SCORE,
   RULES_MANAGEMENT_TABLE,
   RULE_NAME,
@@ -53,15 +51,29 @@ import { login } from '../../../../tasks/login';
 import { visit } from '../../../../tasks/navigation';
 import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
 import { CREATE_RULE_URL } from '../../../../urls/navigation';
+import { forceStopAndCloseJob } from '../../../../support/machine_learning';
+import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
 
 describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => {
   const expectedUrls = (getMachineLearningRule().references ?? []).join('');
   const expectedFalsePositives = (getMachineLearningRule().false_positives ?? []).join('');
   const expectedTags = (getMachineLearningRule().tags ?? []).join('');
   const expectedMitre = formatMitreAttackDescription(getMachineLearningRule().threat ?? []);
-  const expectedNumberOfRules = 1;
+  const expectedJobText = [
+    'Unusual Linux Network Activity',
+    'Anomalous Process for a Linux Population',
+  ].join('');
+
+  before(() => {
+    const machineLearningJobIds = ([] as string[]).concat(
+      getMachineLearningRule().machine_learning_job_id
+    );
+    // ensure no ML jobs are started before the suite
+    machineLearningJobIds.forEach((jobId) => forceStopAndCloseJob({ jobId }));
+  });
 
   beforeEach(() => {
+    deleteAlertsAndRules();
     login();
     visit(CREATE_RULE_URL);
   });
@@ -75,9 +87,7 @@ describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => {
     createAndEnableRule();
     openRuleManagementPageViaBreadcrumbs();
 
-    cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
-
-    expectNumberOfRules(RULES_MANAGEMENT_TABLE, expectedNumberOfRules);
+    expectNumberOfRules(RULES_MANAGEMENT_TABLE, 1);
 
     cy.get(RULE_NAME).should('have.text', mlRule.name);
     cy.get(RISK_SCORE).should('have.text', mlRule.risk_score);
@@ -104,15 +114,12 @@ describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => {
       getDetails(ANOMALY_SCORE_DETAILS).should('have.text', mlRule.anomaly_threshold);
       getDetails(RULE_TYPE_DETAILS).should('have.text', 'Machine Learning');
       getDetails(TIMELINE_TEMPLATE_DETAILS).should('have.text', 'None');
-      const machineLearningJobsArray = isArray(mlRule.machine_learning_job_id)
-        ? mlRule.machine_learning_job_id
-        : [mlRule.machine_learning_job_id];
       // With the #1912 ML rule improvement changes we enable jobs on rule creation.
       // Though, in cypress jobs enabling does not work reliably and job can be started or stopped.
       // Thus, we disable next check till we fix the issue with enabling jobs in cypress.
       // Relevant ticket: https://github.com/elastic/security-team/issues/5389
       // cy.get(MACHINE_LEARNING_JOB_STATUS).should('have.text', 'StoppedStopped');
-      cy.get(MACHINE_LEARNING_JOB_ID).should('have.text', machineLearningJobsArray.join(''));
+      cy.get(MACHINE_LEARNING_JOB_ID).should('have.text', expectedJobText);
     });
     cy.get(SCHEDULE_DETAILS).within(() => {
       getDetails(RUNS_EVERY_DETAILS)
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/bulk_manual_rule_run.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/bulk_manual_rule_run.cy.ts
new file mode 100644
index 0000000000000..17cde9485a13c
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/bulk_manual_rule_run.cy.ts
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { scheduleManualRuleRunForSelectedRules } from '../../../../tasks/rules_bulk_actions';
+import { MODAL_ERROR_BODY, TOASTER_BODY } from '../../../../screens/alerts_detection_rules';
+import { visitRulesManagementTable } from '../../../../tasks/rules_management';
+import {
+  disableAutoRefresh,
+  clickErrorToastBtn,
+  selectAllRules,
+  selectRulesByName,
+} from '../../../../tasks/alerts_detection_rules';
+import { getNewRule } from '../../../../objects/rule';
+import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
+import { createRule } from '../../../../tasks/api_calls/rules';
+import { login } from '../../../../tasks/login';
+
+// Currently FF are not supported on MKI environments, so this test should be skipped from MKI environments.
+// Once `manualRuleRunEnabled` FF is removed, we can remove `@skipInServerlessMKI` as well
+describe('Manual rule run', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => {
+  beforeEach(() => {
+    login();
+    deleteAlertsAndRules();
+
+    const defaultValues = { enabled: true, interval: '5m', from: 'now-6m' };
+    createRule(getNewRule({ rule_id: '1', name: 'Rule 1', ...defaultValues }));
+    createRule(getNewRule({ rule_id: '2', name: 'Rule 2', ...defaultValues }));
+    createRule(getNewRule({ rule_id: '3', name: 'Rule 3', ...defaultValues, enabled: false }));
+    createRule(getNewRule({ rule_id: '4', name: 'Rule 4', ...defaultValues }));
+    createRule(getNewRule({ rule_id: '5', name: 'Rule 5', ...defaultValues, enabled: false }));
+
+    visitRulesManagementTable();
+    disableAutoRefresh();
+  });
+
+  it('schedule enabled rules', () => {
+    const enabledRules = ['Rule 1', 'Rule 2', 'Rule 4'] as const;
+    selectRulesByName(enabledRules);
+
+    const enabledCount = enabledRules.length;
+    const disabledCount = 0;
+    scheduleManualRuleRunForSelectedRules(enabledCount, disabledCount);
+
+    cy.contains(TOASTER_BODY, `Successfully scheduled manual rule run for ${enabledCount} rule`);
+  });
+
+  it('schedule enable rules and show warning about disabled rules', () => {
+    const enabledRules = ['Rule 1', 'Rule 2', 'Rule 4'] as const;
+    const disabledRules = ['Rule 3', 'Rule 5'] as const;
+    selectRulesByName([...enabledRules, ...disabledRules]);
+
+    const enabledCount = enabledRules.length;
+    const disabledCount = disabledRules.length;
+    scheduleManualRuleRunForSelectedRules(enabledCount, disabledCount);
+
+    cy.contains(TOASTER_BODY, `Successfully scheduled manual rule run for ${enabledCount} rule`);
+  });
+
+  it('schedule enable rules and show partial error for disabled rules when all rules are selected', () => {
+    selectAllRules();
+
+    const enabledCount = 3;
+    const disabledCount = 2;
+    scheduleManualRuleRunForSelectedRules(enabledCount, disabledCount);
+
+    cy.contains(
+      TOASTER_BODY,
+      `${disabledCount} rules failed to schedule manual rule run.See the full error`
+    );
+
+    // on error toast button click display error that it is not possible to schedule manual rule run for disabled rules
+    clickErrorToastBtn();
+    cy.contains(MODAL_ERROR_BODY, 'Cannot schedule manual rule run for a disabled rule');
+  });
+});
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts
index 28eaef22cc2e7..29e2379367c0b 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts
@@ -32,7 +32,7 @@ describe('Manual rule run', { tags: ['@ess', '@serverless', '@skipInServerlessMK
     );
     manualRuleRunFromDetailsPage();
 
-    cy.get(TOASTER).should('have.text', 'Successfully scheduled backfill for 1 rule');
+    cy.get(TOASTER).should('have.text', 'Successfully scheduled manual run for 1 rule');
   });
 
   it('schedule from rules management table', () => {
@@ -42,7 +42,7 @@ describe('Manual rule run', { tags: ['@ess', '@serverless', '@skipInServerlessMK
         disableAutoRefresh();
         manuallyRunFirstRule();
 
-        cy.get(TOASTER).should('have.text', 'Successfully scheduled backfill for 1 rule');
+        cy.get(TOASTER).should('have.text', 'Successfully scheduled manual run for 1 rule');
       }
     );
   });
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts
index 13af60594d103..4b4a9542ff1bc 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts
@@ -1143,111 +1143,96 @@ describe('Detection rules, Prebuilt Rules Installation and Update workflow', ()
       });
     });
 
-    describe(
-      'Viewing rule changes in per-field diff view',
-      {
-        tags: TEST_ENV_TAGS,
-        env: {
-          ftrConfig: {
-            kbnServerArgs: [
-              `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-                'perFieldPrebuiltRulesDiffingEnabled',
-              ])}`,
-            ],
-          },
-        },
-      },
-      () => {
-        it('User can see changes in a side-by-side per-field diff view', () => {
-          clickRuleUpdatesTab();
+    describe('Viewing rule changes in per-field diff view', { tags: TEST_ENV_TAGS }, () => {
+      it('User can see changes in a side-by-side per-field diff view', () => {
+        clickRuleUpdatesTab();
 
-          openRuleUpdatePreview(OUTDATED_RULE_1['security-rule'].name);
-          assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
+        openRuleUpdatePreview(OUTDATED_RULE_1['security-rule'].name);
+        assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
 
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Current rule').should('be.visible');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Elastic update').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Current rule').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Elastic update').should('be.visible');
 
-          cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 2);
+        cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 2);
 
-          /* Version should be the first field in the order */
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
+        /* Version should be the first field in the order */
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
 
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Outdated rule 1').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Updated rule 1').should('be.visible');
-        });
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Outdated rule 1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Updated rule 1').should('be.visible');
+      });
 
-        it('User can switch between rules upgrades without closing flyout', () => {
-          clickRuleUpdatesTab();
+      it('User can switch between rules upgrades without closing flyout', () => {
+        clickRuleUpdatesTab();
 
-          openRuleUpdatePreview(OUTDATED_RULE_1['security-rule'].name);
-          assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
+        openRuleUpdatePreview(OUTDATED_RULE_1['security-rule'].name);
+        assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
 
-          /* Version should be the first field in the order */
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
+        /* Version should be the first field in the order */
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
 
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Outdated rule 1').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Updated rule 1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Outdated rule 1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Updated rule 1').should('be.visible');
 
-          /* Select another rule without closing the preview for the current rule */
-          openRuleUpdatePreview(OUTDATED_RULE_2['security-rule'].name);
+        /* Select another rule without closing the preview for the current rule */
+        openRuleUpdatePreview(OUTDATED_RULE_2['security-rule'].name);
 
-          /* Make sure the per-field diff is displayed for the newly selected rule */
-          cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Outdated rule 2').should('be.visible');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Updated rule 2').should('be.visible');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Outdated rule 1').should('not.exist');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Updated rule 1').should('not.exist');
+        /* Make sure the per-field diff is displayed for the newly selected rule */
+        cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Outdated rule 2').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Updated rule 2').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Outdated rule 1').should('not.exist');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Updated rule 1').should('not.exist');
 
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
-          cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
-        });
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible');
+        cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible');
+      });
 
-        it('User can see changes when updated rule is a different rule type', () => {
-          const OUTDATED_RULE_WITH_QUERY_TYPE = createRuleAssetSavedObject({
-            name: 'Query rule',
-            rule_id: 'rule_id',
-            version: 1,
-            type: 'query',
-            language: 'kuery',
-          });
-          const UPDATED_RULE_WITH_EQL_TYPE = createRuleAssetSavedObject({
-            language: 'eql',
-            name: 'EQL rule',
-            rule_id: 'rule_id',
-            version: 2,
-            type: 'eql',
-          });
-          /* Create a new rule and install it */
-          createAndInstallMockedPrebuiltRules([OUTDATED_RULE_WITH_QUERY_TYPE]);
-          /* Create a second version of the rule, making it available for update */
-          installPrebuiltRuleAssets([UPDATED_RULE_WITH_EQL_TYPE]);
+      it('User can see changes when updated rule is a different rule type', () => {
+        const OUTDATED_RULE_WITH_QUERY_TYPE = createRuleAssetSavedObject({
+          name: 'Query rule',
+          rule_id: 'rule_id',
+          version: 1,
+          type: 'query',
+          language: 'kuery',
+        });
+        const UPDATED_RULE_WITH_EQL_TYPE = createRuleAssetSavedObject({
+          language: 'eql',
+          name: 'EQL rule',
+          rule_id: 'rule_id',
+          version: 2,
+          type: 'eql',
+        });
+        /* Create a new rule and install it */
+        createAndInstallMockedPrebuiltRules([OUTDATED_RULE_WITH_QUERY_TYPE]);
+        /* Create a second version of the rule, making it available for update */
+        installPrebuiltRuleAssets([UPDATED_RULE_WITH_EQL_TYPE]);
 
-          cy.reload();
-          clickRuleUpdatesTab();
+        cy.reload();
+        clickRuleUpdatesTab();
 
-          openRuleUpdatePreview(OUTDATED_RULE_WITH_QUERY_TYPE['security-rule'].name);
-          assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
+        openRuleUpdatePreview(OUTDATED_RULE_WITH_QUERY_TYPE['security-rule'].name);
+        assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default
 
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Current rule').should('be.visible');
-          cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Elastic update').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Current rule').should('be.visible');
+        cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Elastic update').should('be.visible');
 
-          cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 5);
+        cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 5);
 
-          cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('Type').should('be.visible');
-          cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('query').should('be.visible');
-          cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('eql').should('be.visible');
+        cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('Type').should('be.visible');
+        cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('query').should('be.visible');
+        cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('eql').should('be.visible');
 
-          cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('KQL query').should('exist');
-          cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('EQL query').should('exist');
-        });
-      }
-    );
+        cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('KQL query').should('exist');
+        cy.get(PER_FIELD_DIFF_DEFINITION_SECTION).contains('EQL query').should('exist');
+      });
+    });
   });
 });
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts
index 7413b8a8f02c7..2f97e2f3c0721 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts
@@ -58,7 +58,7 @@ describe(
       interceptFindBackfills();
       goToExecutionLogTab();
 
-      cy.get(RULE_BACKFILLS_INFO_HEADEAR).contains('Backfill runs');
+      cy.get(RULE_BACKFILLS_INFO_HEADEAR).contains('Manual runs');
       getBackfillsTableRows().should('have.length', 2);
       getBackfillsTableRows().eq(0).contains('Pending');
       getBackfillsTableRows().eq(0).find(RULE_BACKFILLS_COLUMN_ERROR).contains('1');
@@ -76,11 +76,11 @@ describe(
 
       getBackfillsTableRows().eq(0).find(RULE_BACKFILLS_DELETE_BUTTON).click();
 
-      cy.get(RULE_BACKFILLS_DELETE_MODAL).contains('Are you sure you want to stop this run?');
+      cy.get(RULE_BACKFILLS_DELETE_MODAL).contains('Stop this rule run');
       interceptDeleteBackfill(FIRST_BACKFILL_ID, 'deleteBackfill');
       cy.get(RULE_BACKFILL_DELETE_MODAL_CONFIRM_BUTTON).click();
       cy.wait('@deleteBackfill');
-      cy.get(TOASTER).contains('Run stopped');
+      cy.get(TOASTER).contains('Rule run stopped');
     });
   }
 );
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/new_risk_score.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/new_risk_score.cy.ts
index da59afaec941c..b704b67ad41d6 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/new_risk_score.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/new_risk_score.cy.ts
@@ -78,8 +78,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () =>
       });
     });
 
-    // https://github.com/elastic/kibana/issues/179687
-    describe('When risk engine is enabled', { tags: ['@skipInServerlessMKI'] }, () => {
+    describe('When risk engine is enabled', () => {
       beforeEach(() => {
         login();
         mockRiskEngineEnabled();
@@ -151,7 +150,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () =>
           });
 
           beforeEach(() => {
-            login();
             visitWithTimeRange(ALERTS_URL);
             waitForAlertsToPopulate();
             visitWithTimeRange(ENTITY_ANALYTICS_URL);
@@ -244,7 +242,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () =>
           });
 
           beforeEach(() => {
-            login();
             visitWithTimeRange(ALERTS_URL);
             waitForAlertsToPopulate();
             visitWithTimeRange(ENTITY_ANALYTICS_URL);
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts
index 518980c29c908..ee229539c8dbd 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { getNewRule } from '../../../objects/rule';
 import {
   UPGRADE_RISK_SCORE_BUTTON,
   USERS_TABLE,
@@ -23,7 +22,6 @@ import {
 } from '../../../tasks/api_calls/risk_scores';
 import { clickUpgradeRiskScore } from '../../../tasks/risk_scores';
 
-import { createRule } from '../../../tasks/api_calls/rules';
 import { login } from '../../../tasks/login';
 import { visitWithTimeRange } from '../../../tasks/navigation';
 
@@ -32,15 +30,15 @@ import { RiskScoreEntity } from '../../../tasks/risk_scores/common';
 import { ENTITY_ANALYTICS_URL } from '../../../urls/navigation';
 import { upgradeRiskEngine } from '../../../tasks/entity_analytics';
 import { deleteRiskEngineConfiguration } from '../../../tasks/api_calls/risk_engine';
+import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
 
 const spaceId = 'default';
 
-// Failing: See https://github.com/elastic/kibana/issues/185024
-describe.skip('Upgrade risk scores', { tags: ['@ess'] }, () => {
+describe('Upgrade risk scores', { tags: ['@ess'] }, () => {
   beforeEach(() => {
     login();
     deleteRiskEngineConfiguration();
-    createRule(getNewRule({ rule_id: 'rule1' }));
+    deleteAlertsAndRules();
   });
 
   describe('show upgrade risk button', () => {
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
index 45dcbd0b6c861..c0895ec187365 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
@@ -48,16 +48,21 @@ import {
   fillCasesMandatoryfields,
   filterStatusOpen,
 } from '../../../tasks/create_new_case';
-import { login } from '../../../tasks/login';
 import { visit, visitWithTimeRange } from '../../../tasks/navigation';
 
 import { CASES_URL, OVERVIEW_URL } from '../../../urls/navigation';
 import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../env_var_names_constants';
 import { deleteCases } from '../../../tasks/api_calls/cases';
+import { login } from '../../../tasks/login';
 
-// https://github.com/elastic/kibana/issues/179231
 const isServerless = Cypress.env(IS_SERVERLESS);
-const username = isServerless ? 'platform_engineer' : Cypress.env(ELASTICSEARCH_USERNAME);
+const getUsername = () => {
+  if (isServerless) {
+    return cy.task('getFullname');
+  } else {
+    return cy.wrap(Cypress.env(ELASTICSEARCH_USERNAME));
+  }
+};
 
 // Tracked by https://github.com/elastic/security-team/issues/7696
 describe('Cases', { tags: ['@ess', '@serverless'] }, () => {
@@ -109,12 +114,17 @@ describe('Cases', { tags: ['@ess', '@serverless'] }, () => {
     cy.get(CASE_DETAILS_PAGE_TITLE).should('have.text', this.mycase.name);
     cy.get(CASE_DETAILS_STATUS).should('have.text', 'Open');
     cy.get(CASE_DETAILS_USER_ACTION_DESCRIPTION_EVENT).should('have.text', 'Description');
+
     cy.get(CASE_DETAILS_DESCRIPTION).should(
       'have.text',
       `${this.mycase.description} ${this.mycase.timeline.title}`
     );
-    cy.get(CASE_DETAILS_USERNAMES).eq(REPORTER).should('contain', username);
-    cy.get(CASE_DETAILS_USERNAMES).eq(PARTICIPANTS).should('contain', username);
+
+    getUsername().then((username) => {
+      cy.get(CASE_DETAILS_USERNAMES).eq(REPORTER).should('contain', username);
+      cy.get(CASE_DETAILS_USERNAMES).eq(PARTICIPANTS).should('contain', username);
+    });
+
     cy.get(CASE_DETAILS_TAGS).should('have.text', expectedTags);
 
     EXPECTED_METRICS.forEach((metric) => {
diff --git a/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts b/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts
index 20f44653f72f0..697448bd0aeaa 100644
--- a/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts
+++ b/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+import { ROLES } from '@kbn/security-solution-plugin/common/test';
+
 /**
  * The `CYPRESS_ELASTICSEARCH_USERNAME` environment variable specifies the
  * username to be used when authenticating with Kibana
@@ -28,3 +30,9 @@ export const IS_SERVERLESS = 'IS_SERVERLESS';
  * environment is a real MKI.
  */
 export const CLOUD_SERVERLESS = 'CLOUD_SERVERLESS';
+
+/**
+ * The `DEFAULT_SERVERLESS_ROLE` environment variable specifies the default role used
+ * on serverless tests/
+ */
+export const DEFAULT_SERVERLESS_ROLE = ROLES.platform_engineer;
diff --git a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts
index 04ba983664952..50e358515d922 100644
--- a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts
+++ b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts
@@ -361,8 +361,8 @@ export const getMachineLearningRule = (
 ): MachineLearningRuleCreateProps => ({
   type: 'machine_learning',
   machine_learning_job_id: [
-    'Unusual Linux Network Activity',
-    'Anomalous Process for a Linux Population',
+    'v3_linux_anomalous_network_activity',
+    'v3_linux_anomalous_process_all_hosts',
   ],
   anomaly_threshold: 20,
   name: 'New ML Rule Test',
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts b/x-pack/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts
index 403d4257687c2..2f59e9362f051 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts
@@ -38,6 +38,9 @@ export const DUPLICATE_WITH_EXCEPTIONS_WITHOUT_EXPIRED_OPTION =
 
 export const DUPLICATE_WITHOUT_EXCEPTIONS_OPTION = '[data-test-subj="withoutExceptions"] label';
 
+export const CONFIRM_MANUAL_RULE_RUN_WARNING_BTN =
+  '[data-test-subj="bulkActionConfirmationModal"] [data-test-subj="confirmModalConfirmButton"]';
+
 export const RULE_SEARCH_FIELD = '[data-test-subj="ruleSearchField"]';
 
 export const EXPORT_ACTION_BTN = '[data-test-subj="exportRuleAction"]';
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_alert_reason_preview.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_alert_reason_preview.ts
index 24bb9fc086443..669f262621488 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_alert_reason_preview.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_alert_reason_preview.ts
@@ -8,5 +8,5 @@
 import { getDataTestSubjectSelector } from '../../helpers/common';
 
 export const DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER = getDataTestSubjectSelector(
-  'securitySolutionFlyoutAlertReasonPreviewBody'
+  'securitySolutionFlyoutAlertReasonBody'
 );
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts
index f49ca7963ae6a..1c511e090103f 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts
@@ -8,30 +8,30 @@
 import { getDataTestSubjectSelector } from '../../helpers/common';
 
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewRulePreviewTitle'
+  'securitySolutionFlyoutRuleOverviewRuleOverviewTitle'
 );
 export const DOCUMENT_DETAILS_FLYOUT_CREATED_BY = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewCreatedByText'
+  'securitySolutionFlyoutRuleOverviewCreatedByText'
 );
 export const DOCUMENT_DETAILS_FLYOUT_UPDATED_BY = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewUpdatedByText'
+  'securitySolutionFlyoutRuleOverviewUpdatedByText'
 );
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewAboutSectionHeader'
+  'securitySolutionFlyoutRuleOverviewAboutSectionHeader'
 );
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT =
-  getDataTestSubjectSelector('securitySolutionFlyoutRulePreviewAboutSectionContent');
+  getDataTestSubjectSelector('securitySolutionFlyoutRuleOverviewAboutSectionContent');
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER =
-  getDataTestSubjectSelector('securitySolutionFlyoutRulePreviewDefinitionSectionHeader');
+  getDataTestSubjectSelector('securitySolutionFlyoutRuleOverviewDefinitionSectionHeader');
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT =
-  getDataTestSubjectSelector('securitySolutionFlyoutRulePreviewDefinitionSectionContent');
+  getDataTestSubjectSelector('securitySolutionFlyoutRuleOverviewDefinitionSectionContent');
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER =
-  getDataTestSubjectSelector('securitySolutionFlyoutRulePreviewScheduleSectionHeader');
+  getDataTestSubjectSelector('securitySolutionFlyoutRuleOverviewScheduleSectionHeader');
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT =
-  getDataTestSubjectSelector('securitySolutionFlyoutRulePreviewScheduleSectionContent');
+  getDataTestSubjectSelector('securitySolutionFlyoutRuleOverviewScheduleSectionContent');
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewFooter'
+  'securitySolutionFlyoutRuleOverviewFooter'
 );
 export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK = getDataTestSubjectSelector(
-  'securitySolutionFlyoutRulePreviewFooterLinkToRuleDetails'
+  'securitySolutionFlyoutRuleOverviewFooterLinkToRuleDetails'
 );
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/integrations.ts b/x-pack/test/security_solution_cypress/cypress/screens/integrations.ts
index ddcb266d7274e..1f0e9a21087c8 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/integrations.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/integrations.ts
@@ -11,6 +11,6 @@ export const SKIP_AGENT_INSTALLATION_BTN = '[data-test-subj="skipAgentInstallati
 
 export const INTEGRATION_ADDED_POP_UP = '[data-test-subj="postInstallAddAgentModal"]';
 
-export const QUEUE_URL = '.euiFieldText.euiFormControlLayout--1icons';
+export const QUEUE_URL = '.euiFieldText';
 
 export const SAVE_AND_CONTINUE_BTN = '[data-test-subj="createPackagePolicySaveButton"]';
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/rules_bulk_actions.ts b/x-pack/test/security_solution_cypress/cypress/screens/rules_bulk_actions.ts
index cdf458a1e9ad8..46a265f0632fe 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/rules_bulk_actions.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/rules_bulk_actions.ts
@@ -115,3 +115,8 @@ export const DUPLICATE_RULE_BULK_BTN = '[data-test-subj="duplicateRuleBulk"]';
 
 // EXPORT
 export const BULK_EXPORT_ACTION_BTN = '[data-test-subj="exportRuleBulk"]';
+
+// SCHEDULE MANUAL RULE RUN
+export const BULK_MANUAL_RULE_RUN_BTN = '[data-test-subj="scheduleRuleRunBulk"]';
+
+export const BULK_MANUAL_RULE_RUN_WARNING_MODAL = '[data-test-subj="bulkActionConfirmationModal"]';
diff --git a/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts b/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts
new file mode 100644
index 0000000000000..e562a693865e3
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { rootRequest } from '../tasks/api_calls/common';
+
+/**
+ * Calls the internal ML Jobs API to force stop the datafeed of, and force close
+ * the job with the given ID.
+ *
+ * @param jobId the ID of the ML job to stop and close
+ * @returns the response from the force stop and close job request
+ */
+export const forceStopAndCloseJob = ({ jobId }: { jobId: string }) =>
+  rootRequest({
+    headers: {
+      'elastic-api-version': 1,
+    },
+    method: 'POST',
+    url: '/internal/ml/jobs/force_stop_and_close_job',
+    failOnStatusCode: false,
+    body: {
+      jobId,
+    },
+  });
diff --git a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
index 4c26b46a0f62a..b1fcc4ade9cdf 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
+++ b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
@@ -9,6 +9,7 @@ import { ToolingLog } from '@kbn/tooling-log';
 
 import { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { HostOptions, SamlSessionManager } from '@kbn/test';
+import { DEFAULT_SERVERLESS_ROLE } from '../env_var_names_constants';
 
 export const samlAuthentication = async (
   on: Cypress.PluginEvents,
@@ -28,10 +29,11 @@ export const samlAuthentication = async (
     password: config.env.ELASTICSEARCH_PASSWORD,
   };
 
+  // If config.env.PROXY_ORG is set, it means that proxy service is used to create projects. Define the proxy org filename to override the roles.
+  const rolesFilename = config.env.PROXY_ORG ? `${config.env.PROXY_ORG}.json` : undefined;
+
   on('task', {
     getSessionCookie: async (role: string | SecurityRoleName): Promise<string> => {
-      // If config.env.PROXY_ORG is set, it means that proxy service is used to create projects. Define the proxy org filename to override the roles.
-      const rolesFilename = config.env.PROXY_ORG ? `${config.env.PROXY_ORG}.json` : undefined;
       const sessionManager = new SamlSessionManager(
         {
           hostOptions,
@@ -42,5 +44,19 @@ export const samlAuthentication = async (
       );
       return sessionManager.getSessionCookieForRole(role);
     },
+    getFullname: async (
+      role: string | SecurityRoleName = DEFAULT_SERVERLESS_ROLE
+    ): Promise<string> => {
+      const sessionManager = new SamlSessionManager(
+        {
+          hostOptions,
+          log,
+          isCloud: config.env.CLOUD_SERVERLESS,
+        },
+        rolesFilename
+      );
+      const { full_name: fullName } = await sessionManager.getUserData(role);
+      return fullName;
+    },
   });
 };
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts b/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts
index 97d6c34fdd040..4be7fb43cd11e 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts
@@ -214,7 +214,6 @@ export const filterByDisabledRules = () => {
 export const goToRuleDetailsOf = (ruleName: string) => {
   cy.contains(RULE_NAME, ruleName).click();
 
-  cy.get(PAGE_CONTENT_SPINNER).should('be.visible');
   cy.contains(RULE_NAME_HEADER, ruleName).should('be.visible');
   cy.get(PAGE_CONTENT_SPINNER).should('not.exist');
 };
@@ -384,7 +383,7 @@ export const expectNumberOfRules = (
   expectedNumber: number
 ) => {
   cy.log(`Expecting rules table to contain #${expectedNumber} rules`);
-  cy.get(tableSelector).find(RULES_ROW).should('have.length', expectedNumber);
+  cy.get(tableSelector).find(RULES_ROW).its('length').should('be.gte', expectedNumber);
 };
 
 export const expectToContainRule = (
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
index d9f0120ab0199..65203d2594d07 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
@@ -802,21 +802,23 @@ export const continueFromDefineStep = () => {
   getDefineContinueButton().should('exist').click({ force: true });
 };
 
-export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRuleCreateProps) => {
+const optionsToComboboxText = (options: string[]) => {
+  return options.map((o) => `${o}{downArrow}{enter}{esc}`).join('');
+};
+
+export const fillDefineMachineLearningRule = (rule: MachineLearningRuleCreateProps) => {
   const jobsAsArray = isArray(rule.machine_learning_job_id)
     ? rule.machine_learning_job_id
     : [rule.machine_learning_job_id];
-  const text = jobsAsArray
-    .map((machineLearningJob) => `${machineLearningJob}{downArrow}{enter}`)
-    .join('');
   cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).click({ force: true });
-  cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type(text);
-
-  cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type('{esc}');
-
+  cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type(optionsToComboboxText(jobsAsArray));
   cy.get(ANOMALY_THRESHOLD_INPUT).type(`{selectall}${rule.anomaly_threshold}`, {
     force: true,
   });
+};
+
+export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRuleCreateProps) => {
+  fillDefineMachineLearningRule(rule);
   getDefineContinueButton().should('exist').click({ force: true });
 };
 
@@ -910,8 +912,17 @@ export const enablesAndPopulatesThresholdSuppression = (
 };
 
 export const fillAlertSuppressionFields = (fields: string[]) => {
+  cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).should('not.be.disabled');
+  cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).click();
   fields.forEach((field) => {
-    cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).type(`${field}{enter}`);
+    cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).type(`${field}{downArrow}{enter}{esc}`);
+  });
+};
+
+export const clearAlertSuppressionFields = () => {
+  cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).should('not.be.disabled');
+  cy.get(ALERT_SUPPRESSION_FIELDS).within(() => {
+    cy.get(COMBO_BOX_CLEAR_BTN).click();
   });
 };
 
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts
index c43aaa26e3c4e..4d996af79cbc6 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts
@@ -10,6 +10,7 @@ import { KNOWN_SERVERLESS_ROLE_DEFINITIONS } from '@kbn/security-solution-plugin
 import { LOGOUT_URL } from '../urls/navigation';
 import {
   CLOUD_SERVERLESS,
+  DEFAULT_SERVERLESS_ROLE,
   ELASTICSEARCH_PASSWORD,
   ELASTICSEARCH_USERNAME,
   IS_SERVERLESS,
@@ -45,7 +46,7 @@ export const login = (role?: SecurityRoleName): void => {
 
   if (Cypress.env(IS_SERVERLESS)) {
     if (!role) {
-      testRole = 'platform_engineer';
+      testRole = DEFAULT_SERVERLESS_ROLE;
     } else {
       testRole = role;
     }
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts b/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts
index c74214c60fbac..fab3221fecb9d 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts
@@ -10,10 +10,12 @@ import { recurse } from 'cypress-recurse';
 import {
   CONFIRM_DELETE_RULE_BTN,
   CONFIRM_DUPLICATE_RULE,
+  CONFIRM_MANUAL_RULE_RUN_WARNING_BTN,
   DUPLICATE_WITHOUT_EXCEPTIONS_OPTION,
   DUPLICATE_WITH_EXCEPTIONS_OPTION,
   DUPLICATE_WITH_EXCEPTIONS_WITHOUT_EXPIRED_OPTION,
   MODAL_CONFIRMATION_BODY,
+  MODAL_CONFIRMATION_BTN,
   MODAL_CONFIRMATION_TITLE,
   RULES_TAGS_FILTER_BTN,
   TOASTER_BODY,
@@ -49,6 +51,8 @@ import {
   RULES_BULK_EDIT_SCHEDULES_WARNING,
   RULES_BULK_EDIT_TAGS,
   RULES_BULK_EDIT_TIMELINE_TEMPLATES_SELECTOR,
+  BULK_MANUAL_RULE_RUN_BTN,
+  BULK_MANUAL_RULE_RUN_WARNING_MODAL,
   TAGS_RULE_BULK_MENU_ITEM,
   UPDATE_SCHEDULE_INTERVAL_INPUT,
   UPDATE_SCHEDULE_LOOKBACK_INPUT,
@@ -429,3 +433,21 @@ export const waitForMixedRulesBulkEditModal = (customRulesCount: number) => {
     `This action can only be applied to ${customRulesCount} custom rules`
   );
 };
+
+// SCHEDULE MANUAL RULE RUN
+export const scheduleManualRuleRunForSelectedRules = (
+  enabledCount: number,
+  disabledCount: number
+) => {
+  cy.log('Bulk schedule manual rule run for selected rules');
+  cy.get(BULK_ACTIONS_BTN).click();
+  cy.get(BULK_MANUAL_RULE_RUN_BTN).click();
+  if (disabledCount > 0) {
+    cy.get(BULK_MANUAL_RULE_RUN_WARNING_MODAL).should(
+      'have.text',
+      `This action can only be applied to ${enabledCount} custom rulesThis action can't be applied to the following rules in your selection:${disabledCount} rules (Cannot schedule manual rule run for disabled rules)CancelSchedule ${enabledCount} custom rules`
+    );
+    cy.get(CONFIRM_MANUAL_RULE_RUN_WARNING_BTN).click();
+  }
+  cy.get(MODAL_CONFIRMATION_BTN).click();
+};
diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json
index d7727ec005328..13e3d0634cd40 100644
--- a/x-pack/test/tsconfig.json
+++ b/x-pack/test/tsconfig.json
@@ -120,7 +120,6 @@
     "@kbn/discover-plugin",
     "@kbn/files-plugin",
     "@kbn/shared-ux-file-types",
-    "@kbn/assetManager-plugin",
     "@kbn/guided-onboarding-plugin",
     "@kbn/field-formats-plugin",
     "@kbn/ml-anomaly-utils",
diff --git a/x-pack/test_serverless/api_integration/services/index.ts b/x-pack/test_serverless/api_integration/services/index.ts
index 844c9339cf8ac..69040d96218f3 100644
--- a/x-pack/test_serverless/api_integration/services/index.ts
+++ b/x-pack/test_serverless/api_integration/services/index.ts
@@ -14,6 +14,7 @@ import { SamlToolsProvider } from './saml_tools';
 import { SvlCasesServiceProvider } from './svl_cases';
 import { SloApiProvider } from './slo_api';
 import { TransformProvider } from './transform';
+import { SynthtraceProvider } from './synthtrace';
 
 export const services = {
   // deployment agnostic FTR services
@@ -26,6 +27,7 @@ export const services = {
   svlCases: SvlCasesServiceProvider,
   sloApi: SloApiProvider,
   transform: TransformProvider,
+  synthtrace: SynthtraceProvider,
 };
 
 export type InheritedFtrProviderContext = GenericFtrProviderContext<typeof services, {}>;
diff --git a/x-pack/test_serverless/api_integration/services/synthtrace.ts b/x-pack/test_serverless/api_integration/services/synthtrace.ts
new file mode 100644
index 0000000000000..39c842237eb6b
--- /dev/null
+++ b/x-pack/test_serverless/api_integration/services/synthtrace.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { Client } from '@elastic/elasticsearch';
+import {
+  ApmSynthtraceEsClient,
+  ApmSynthtraceKibanaClient,
+  createLogger,
+  LogLevel,
+} from '@kbn/apm-synthtrace';
+import url, { format, UrlObject } from 'url';
+import { FtrProviderContext } from '../ftr_provider_context';
+
+async function getSynthtraceEsClient(client: Client, kibanaClient: ApmSynthtraceKibanaClient) {
+  const kibanaVersion = await kibanaClient.fetchLatestApmPackageVersion();
+  await kibanaClient.installApmPackage(kibanaVersion);
+
+  const esClient = new ApmSynthtraceEsClient({
+    client,
+    logger: createLogger(LogLevel.info),
+    version: kibanaVersion,
+    refreshAfterIndex: true,
+  });
+
+  return esClient;
+}
+
+function getSynthtraceKibanaClient(kibanaServerUrl: string) {
+  const kibanaServerUrlWithAuth = url
+    .format({
+      ...url.parse(kibanaServerUrl),
+    })
+    .slice(0, -1);
+
+  const kibanaClient = new ApmSynthtraceKibanaClient({
+    target: kibanaServerUrlWithAuth,
+    logger: createLogger(LogLevel.debug),
+  });
+
+  return kibanaClient;
+}
+
+export function SynthtraceProvider({ getService }: FtrProviderContext) {
+  const es = getService('es');
+  const config = getService('config');
+
+  const servers = config.get('servers');
+  const kibanaServer = servers.kibana as UrlObject;
+  const kibanaServerUrl = format(kibanaServer);
+  const synthtraceKibanaClient = getSynthtraceKibanaClient(kibanaServerUrl);
+
+  return {
+    createSynthtraceKibanaClient: getSynthtraceKibanaClient,
+    async createSynthtraceEsClient() {
+      return getSynthtraceEsClient(es, synthtraceKibanaClient);
+    },
+  };
+}
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts b/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts
index 3e0f400d35e78..a8106a85a9bc9 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts
@@ -13,6 +13,7 @@ import {
   ALERT_FLAPPING,
   ALERT_FLAPPING_HISTORY,
   ALERT_INSTANCE_ID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_MAINTENANCE_WINDOW_IDS,
   ALERT_REASON,
   ALERT_RULE_CATEGORY,
@@ -38,6 +39,7 @@ import {
   VERSION,
   ALERT_CONSECUTIVE_MATCHES,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_PREVIOUS_ACTION_GROUP,
 } from '@kbn/rule-data-utils';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { createEsQueryRule } from './helpers/alerting_api_helper';
@@ -155,6 +157,8 @@ export default function ({ getService }: FtrProviderContext) {
         'kibana.alert.url',
         'kibana.version',
         'kibana.alert.consecutive_matches',
+        'kibana.alert.severity_improving',
+        'kibana.alert.previous_action_group',
       ];
 
       for (const field of fields) {
@@ -274,6 +278,8 @@ export default function ({ getService }: FtrProviderContext) {
       expect(hits2[ALERT_DURATION]).not.to.be(0);
       expect(hits2[ALERT_RULE_EXECUTION_TIMESTAMP]).to.eql(hits2['@timestamp']);
       expect(hits2[ALERT_CONSECUTIVE_MATCHES]).to.be.greaterThan(hits1[ALERT_CONSECUTIVE_MATCHES]);
+      expect(hits2[ALERT_PREVIOUS_ACTION_GROUP]).to.be('query matched');
+      expect(hits2[ALERT_SEVERITY_IMPROVING]).to.be(undefined);
 
       // remove fields we know will be different
       const fields = [
@@ -285,6 +291,8 @@ export default function ({ getService }: FtrProviderContext) {
         'kibana.alert.rule.execution.uuid',
         'kibana.alert.rule.execution.timestamp',
         'kibana.alert.consecutive_matches',
+        'kibana.alert.severity_improving',
+        'kibana.alert.previous_action_group',
       ];
 
       for (const field of fields) {
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts b/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts
index 0058e15d85c97..27f27f33bd163 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts
@@ -11,6 +11,7 @@ import {
   ALERT_ACTION_GROUP,
   ALERT_FLAPPING,
   ALERT_INSTANCE_ID,
+  ALERT_SEVERITY_IMPROVING,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_NAME,
@@ -24,6 +25,7 @@ import {
   ALERT_WORKFLOW_STATUS,
   SPACE_IDS,
   TAGS,
+  ALERT_PREVIOUS_ACTION_GROUP,
 } from '@kbn/rule-data-utils';
 import { omit, padStart } from 'lodash';
 import { FtrProviderContext } from '../../../ftr_provider_context';
@@ -194,6 +196,7 @@ export default function ({ getService }: FtrProviderContext) {
         [ALERT_ACTION_GROUP]: 'query matched',
         [ALERT_FLAPPING]: false,
         [ALERT_INSTANCE_ID]: 'query matched',
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_RULE_CATEGORY]: 'Elasticsearch query',
@@ -323,6 +326,7 @@ export default function ({ getService }: FtrProviderContext) {
         [ALERT_ACTION_GROUP]: 'query matched',
         [ALERT_FLAPPING]: false,
         [ALERT_INSTANCE_ID]: 'query matched',
+        [ALERT_SEVERITY_IMPROVING]: false,
         [ALERT_STATUS]: 'active',
         [ALERT_WORKFLOW_STATUS]: 'open',
         [ALERT_RULE_CATEGORY]: 'Elasticsearch query',
@@ -546,6 +550,7 @@ export default function ({ getService }: FtrProviderContext) {
         ['kibana.alert.evaluation.threshold']: -1,
         ['kibana.alert.evaluation.value']: '0',
         [ALERT_ACTION_GROUP]: 'query matched',
+        [ALERT_PREVIOUS_ACTION_GROUP]: 'query matched',
         [ALERT_FLAPPING]: false,
         [ALERT_INSTANCE_ID]: 'query matched',
         [ALERT_STATUS]: 'active',
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/index_management/datastreams.ts b/x-pack/test_serverless/api_integration/test_suites/common/index_management/datastreams.ts
index df1419a377f51..7c3f56f9c190d 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/index_management/datastreams.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/index_management/datastreams.ts
@@ -88,53 +88,6 @@ export default function ({ getService }: FtrProviderContext) {
         });
       });
 
-      it('includes stats when provided the includeStats query parameter', async () => {
-        const { body: dataStreams } = await supertest
-          .get(`${API_BASE_PATH}/data_streams?includeStats=true`)
-          .set('kbn-xsrf', 'xxx')
-          .set('x-elastic-internal-origin', 'xxx')
-          .expect(200);
-
-        expect(dataStreams).to.be.an('array');
-
-        // returned array can contain automatically created data streams
-        const testDataStream = dataStreams.find(
-          (dataStream: DataStream) => dataStream.name === testDataStreamName
-        );
-
-        expect(testDataStream).to.be.ok();
-
-        // ES determines these values so we'll just echo them back.
-        const { name: indexName, uuid } = testDataStream!.indices[0];
-        const { storageSize, storageSizeBytes, ...dataStreamWithoutStorageSize } = testDataStream!;
-
-        expect(dataStreamWithoutStorageSize).to.eql({
-          name: testDataStreamName,
-          privileges: {
-            delete_index: true,
-            manage_data_stream_lifecycle: true,
-          },
-          timeStampField: { name: '@timestamp' },
-          indices: [
-            {
-              name: indexName,
-              managedBy: 'Data stream lifecycle',
-              preferILM: true,
-              uuid,
-            },
-          ],
-          generation: 1,
-          health: 'green',
-          indexTemplateName: testDataStreamName,
-          nextGenerationManagedBy: 'Data stream lifecycle',
-          maxTimeStamp: 0,
-          hidden: false,
-          lifecycle: {
-            enabled: true,
-          },
-        });
-      });
-
       it('returns a single data stream by ID', async () => {
         const { body: dataStream } = await supertest
           .get(`${API_BASE_PATH}/data_streams/${testDataStreamName}`)
@@ -165,7 +118,6 @@ export default function ({ getService }: FtrProviderContext) {
           health: 'green',
           indexTemplateName: testDataStreamName,
           nextGenerationManagedBy: 'Data stream lifecycle',
-          maxTimeStamp: 0,
           hidden: false,
           lifecycle: {
             enabled: true,
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts
index 0b08aa18ce128..337e3d1c3988c 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts
@@ -6,25 +6,38 @@
  */
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   describe('security/anonymous', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
         it('get access capabilities', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/anonymous_access/capabilities')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
         it('get access state', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/anonymous_access/state')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts
index 691f448ca0ab2..c61d01970ba78 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts
@@ -7,18 +7,28 @@
 
 import expect from 'expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
   let roleMapping: { id: string; name: string; api_key: string; encoded: string };
-
+  const supertest = getService('supertest');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
   describe('security/api_keys', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('internal', () => {
         before(async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .post('/internal/security/api_key')
+            .set(roleAuthc.cookieHeader)
             .set(svlCommonApi.getInternalRequestHeader())
             .send({
               name: 'test',
@@ -29,14 +39,16 @@ export default function ({ getService }: FtrProviderContext) {
           roleMapping = body;
         });
 
-        after(async () => {
-          const { body, status } = await supertest
+        after(async function invalidateAll() {
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/api_key?isAdmin=true')
+            .set(roleAuthc.cookieHeader)
             .set(svlCommonApi.getInternalRequestHeader());
 
           if (status === 200) {
-            await supertest
+            await supertestWithoutAuth
               .post('/internal/security/api_key/invalidate')
+              .set(roleAuthc.cookieHeader)
               .set(svlCommonApi.getInternalRequestHeader())
               .send({
                 apiKeys: body?.apiKeys,
@@ -54,23 +66,22 @@ export default function ({ getService }: FtrProviderContext) {
             role_descriptors: {},
           };
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/api_key')
             .set(svlCommonApi.getCommonRequestHeader())
             .send(requestBody));
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
-            statusCode: 400,
-            error: 'Bad Request',
-            message: expect.stringContaining(
-              'method [post] exists but is not available with the current configuration'
-            ),
+            statusCode: 401,
+            error: 'Unauthorized',
+            message: expect.stringContaining('Unauthorized'),
           });
-          expect(status).toBe(400);
+          expect(status).toBe(401);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/api_key')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody));
           // expect success because we're using the internal header
           expect(body).toEqual(expect.objectContaining({ name: 'create_test' }));
@@ -86,9 +97,10 @@ export default function ({ getService }: FtrProviderContext) {
             role_descriptors: {},
           };
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .put('/internal/security/api_key')
             .set(svlCommonApi.getCommonRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody));
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
@@ -100,9 +112,10 @@ export default function ({ getService }: FtrProviderContext) {
           });
           expect(status).toBe(400);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .put('/internal/security/api_key')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody));
           // expect success because we're using the internal header
           expect(body).toEqual(expect.objectContaining({ updated: true }));
@@ -115,7 +128,8 @@ export default function ({ getService }: FtrProviderContext) {
 
           ({ body, status } = await supertest
             .get('/internal/security/api_key/_enabled')
-            .set(svlCommonApi.getCommonRequestHeader()));
+            .set(svlCommonApi.getCommonRequestHeader())
+            .set(roleAuthc.cookieHeader));
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
             statusCode: 400,
@@ -126,8 +140,9 @@ export default function ({ getService }: FtrProviderContext) {
           });
           expect(status).toBe(400);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .get('/internal/security/api_key/_enabled')
+            .set(roleAuthc.cookieHeader)
             .set(svlCommonApi.getInternalRequestHeader()));
           // expect success because we're using the internal header
           expect(body).toEqual({ apiKeysEnabled: true });
@@ -147,9 +162,10 @@ export default function ({ getService }: FtrProviderContext) {
             isAdmin: true,
           };
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/api_key/invalidate')
             .set(svlCommonApi.getCommonRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody));
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
@@ -161,9 +177,10 @@ export default function ({ getService }: FtrProviderContext) {
           });
           expect(status).toBe(400);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/api_key/invalidate')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody));
           // expect success because we're using the internal header
           expect(body).toEqual({
@@ -188,9 +205,10 @@ export default function ({ getService }: FtrProviderContext) {
             size: 1,
           };
 
-          const { body } = await supertest
+          const { body } = await supertestWithoutAuth
             .post('/internal/security/api_key/_query')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.cookieHeader)
             .send(requestBody)
             .expect(200);
 
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication.ts
index da71d2ad4858a..d1cb2b29b56b5 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication.ts
@@ -7,27 +7,38 @@
 
 import expect from 'expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const svlCommonApi = getService('svlCommonApi');
   const supertest = getService('supertest');
   const config = getService('config');
 
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
   describe('security/authentication', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
         // ToDo: uncomment when we disable login
         // it('login', async () => {
-        //   const { body, status } = await supertest
+        //   const { body, status } = await supertestWithoutAuth
         //     .post('/internal/security/login')
-        //     .set(svlCommonApi.getInternalRequestHeader());
+        //     .set(svlCommonApi.getInternalRequestHeader()).set(roleAuthc.apiKeyHeader)
         //   svlCommonApi.assertApiNotFound(body, status);
         // });
 
         it('logout (deprecated)', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/api/security/v1/logout')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication_http.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication_http.ts
index 50148f2892154..6c7e939a3b6b0 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication_http.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authentication_http.ts
@@ -9,7 +9,7 @@ import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertestWithoutAuth');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
 
   describe('security/authentication/http', function () {
     describe('JWT', () => {
@@ -28,7 +28,7 @@ export default function ({ getService }: FtrProviderContext) {
           '/internal/task_manager/_background_task_utilization',
           '/api/task_manager/metrics',
         ]) {
-          await supertest
+          await supertestWithoutAuth
             .get(allowedPath)
             .set('Authorization', `Bearer ${jsonWebToken}`)
             .set('ES-Client-Authentication', 'SharedSecret my_super_secret')
@@ -37,14 +37,14 @@ export default function ({ getService }: FtrProviderContext) {
         }
 
         // Make sure it's not possible to use JWT to have interactive sessions.
-        await supertest
+        await supertestWithoutAuth
           .get('/')
           .set('Authorization', `Bearer ${jsonWebToken}`)
           .set('ES-Client-Authentication', 'SharedSecret my_super_secret')
           .expect(401);
 
         // Make sure it's not possible to use JWT to access any other APIs.
-        await supertest
+        await supertestWithoutAuth
           .get('/internal/security/me')
           .set('Authorization', `Bearer ${jsonWebToken}`)
           .set('ES-Client-Authentication', 'SharedSecret my_super_secret')
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts
index d6ec69803b8f5..672ff9cfdbedd 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts
@@ -8,6 +8,7 @@
 import expect from 'expect';
 import { KibanaFeatureConfig, SubFeaturePrivilegeConfig } from '@kbn/features-plugin/common';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 function collectSubFeaturesPrivileges(feature: KibanaFeatureConfig) {
   return new Map(
@@ -22,60 +23,78 @@ function collectSubFeaturesPrivileges(feature: KibanaFeatureConfig) {
 }
 
 export default function ({ getService }: FtrProviderContext) {
+  const log = getService('log');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
   const supertest = getService('supertest');
-  const log = getService('log');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   describe('security/authorization', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('internal', () => {
         describe('disabled', () => {
           it('get all privileges', async () => {
-            const { body, status } = await supertest
+            const { body, status } = await supertestWithoutAuth
               .get('/api/security/privileges')
-              .set(svlCommonApi.getInternalRequestHeader());
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
           it('get built-in elasticsearch privileges', async () => {
-            const { body, status } = await supertest
+            const { body, status } = await supertestWithoutAuth
               .get('/internal/security/esPrivileges/builtin')
-              .set(svlCommonApi.getInternalRequestHeader());
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
-          it('create/update role', async () => {
-            const { body, status } = await supertest
-              .put('/api/security/role/test')
-              .set(svlCommonApi.getInternalRequestHeader());
+          it('create/update roleAuthc', async () => {
+            const { body, status } = await supertestWithoutAuth
+              .put('/api/security/roleAuthc/test')
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
-          it('get role', async () => {
-            const { body, status } = await supertest
-              .get('/api/security/role/superuser')
-              .set(svlCommonApi.getInternalRequestHeader());
+          it('get roleAuthc', async () => {
+            const { body, status } = await supertestWithoutAuth
+              .get('/api/security/roleAuthc/superuser')
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
           it('get all roles', async () => {
-            const { body, status } = await supertest
-              .get('/api/security/role')
-              .set(svlCommonApi.getInternalRequestHeader());
+            const { body, status } = await supertestWithoutAuth
+              .get('/api/security/roleAuthc')
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
-          it('delete role', async () => {
-            const { body, status } = await supertest
-              .delete('/api/security/role/superuser')
-              .set(svlCommonApi.getInternalRequestHeader());
+          it('delete roleAuthc', async () => {
+            const { body, status } = await supertestWithoutAuth
+              .delete('/api/security/roleAuthc/superuser')
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
 
           it('get shared saved object permissions', async () => {
-            const { body, status } = await supertest
+            const { body, status } = await supertestWithoutAuth
               .get('/internal/security/_share_saved_object_permissions')
-              .set(svlCommonApi.getInternalRequestHeader());
+              .set(svlCommonApi.getInternalRequestHeader())
+              .set(roleAuthc.apiKeyHeader);
             svlCommonApi.assertApiNotFound(body, status);
           });
         });
@@ -83,26 +102,25 @@ export default function ({ getService }: FtrProviderContext) {
 
       describe('public', () => {
         it('reset session page', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/internal/security/reset_session_page.js')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
       });
     });
 
     describe('available features', () => {
-      const svlUserManager = getService('svlUserManager');
-      const supertestWithoutAuth = getService('supertestWithoutAuth');
       let adminCredentials: { Cookie: string };
 
       before(async () => {
-        // get auth header for Viewer role
+        // get auth header for Viewer roleAuthc
         adminCredentials = await svlUserManager.getApiCredentialsForRole('admin');
       });
 
       it('all Dashboard and Discover sub-feature privileges are disabled', async () => {
-        const { body } = await supertestWithoutAuth
+        const { body } = await supertest
           .get('/api/features')
           .set(svlCommonApi.getInternalRequestHeader())
           .set(adminCredentials)
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/encrypted_saved_objects.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/encrypted_saved_objects.ts
index 63d81773398cd..55627e840fc17 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/encrypted_saved_objects.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/encrypted_saved_objects.ts
@@ -6,18 +6,30 @@
  */
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   describe('encrypted saved objects', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
         it('rotate key', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .post('/api/encrypted_saved_objects/_rotate_key')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts
index e42cb88eec0f8..3f79993262322 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts
@@ -6,16 +6,26 @@
  */
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('security/features', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     it('route access disabled', async () => {
-      const { body, status } = await supertest
+      const { body, status } = await supertestWithoutAuth
         .get('/internal/security/_check_security_features')
-        .set(svlCommonApi.getInternalRequestHeader());
+        .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader);
       svlCommonApi.assertApiNotFound(body, status);
     });
   });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts
index 2b49b3a96ab20..37c11fe6b5917 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts
@@ -7,49 +7,63 @@
 
 import expect from 'expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('security/misc', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
         it('get index fields', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/fields/test')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader)
             .send({ params: 'params' });
           svlCommonApi.assertApiNotFound(body, status);
         });
 
         it('fix deprecated roles', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .post('/internal/security/deprecations/kibana_user_role/_fix_users')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
-        it('fix deprecated role mappings', async () => {
-          const { body, status } = await supertest
+        it('fix deprecated roleAuthc mappings', async () => {
+          const { body, status } = await supertestWithoutAuth
             .post('/internal/security/deprecations/kibana_user_role/_fix_role_mappings')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
         it('get security checkup state', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/security_checkup/state')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
       });
 
       describe('internal', () => {
         it('get record auth type', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .post('/internal/security/analytics/_record_auth_type')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts
index 75413907fbd30..393645ba8b360 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts
@@ -8,10 +8,13 @@
 import expect from 'expect';
 import cspParser from 'content-security-policy-parser';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('security/response_headers', function () {
     const baseCSP = `script-src 'report-sample' 'self'; worker-src 'report-sample' 'self' blob:; style-src 'report-sample' 'self' 'unsafe-inline'; frame-ancestors 'self'`;
@@ -23,9 +26,16 @@ export default function ({ getService }: FtrProviderContext) {
     const defaultXContentTypeOptions = 'nosniff';
     const defaultXFrameOptions = 'SAMEORIGIN';
 
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     it('API endpoint response contains default security headers', async () => {
-      const { header } = await supertest
+      const { header } = await supertestWithoutAuth
         .get(`/internal/security/me`)
+        .set(roleAuthc.apiKeyHeader)
         .set(svlCommonApi.getInternalRequestHeader())
         .expect(200);
 
@@ -40,7 +50,7 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it('redirect endpoint response contains default security headers', async () => {
-      const { header } = await supertest
+      const { header } = await supertestWithoutAuth
         .get(`/logout`)
         .set(svlCommonApi.getInternalRequestHeader())
         .expect(200);
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts
index bfddf5b4a3267..5e64dd88b1184 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts
@@ -6,40 +6,53 @@
  */
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('security/role_mappings', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
-        it('create/update role mapping', async () => {
-          const { body, status } = await supertest
+        it('create/update roleAuthc mapping', async () => {
+          const { body, status } = await supertestWithoutAuth
             .post('/internal/security/role_mapping/test')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
-        it('get role mapping', async () => {
-          const { body, status } = await supertest
+        it('get roleAuthc mapping', async () => {
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/role_mapping/test')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
-        it('get all role mappings', async () => {
-          const { body, status } = await supertest
+        it('get all roleAuthc mappings', async () => {
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/role_mapping')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
-        it('delete role mapping', async () => {
-          // this test works because the message for a missing endpoint is different from a missing role mapping
-          const { body, status } = await supertest
+        it('delete roleAuthc mapping', async () => {
+          // this test works because the message for a missing endpoint is different from a missing roleAuthc mapping
+          const { body, status } = await supertestWithoutAuth
             .delete('/internal/security/role_mapping/test')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts
index 2148447fa736f..de2b1751c82c1 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts
@@ -7,18 +7,27 @@
 
 import expect from 'expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
-
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
   describe('security/sessions', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
         it('invalidate', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .post('/api/security/session/_invalidate')
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader)
             .send({ match: 'all' });
           svlCommonApi.assertApiNotFound(body, status);
         });
@@ -29,9 +38,11 @@ export default function ({ getService }: FtrProviderContext) {
           let body: any;
           let status: number;
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .get('/internal/security/session')
+            .set(roleAuthc.apiKeyHeader)
             .set(svlCommonApi.getCommonRequestHeader()));
+
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
             statusCode: 400,
@@ -42,8 +53,9 @@ export default function ({ getService }: FtrProviderContext) {
           });
           expect(status).toBe(400);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .get('/internal/security/session')
+            .set(roleAuthc.apiKeyHeader)
             .set(svlCommonApi.getInternalRequestHeader()));
           // expect 204 because there is no session
           expect(status).toBe(204);
@@ -53,8 +65,9 @@ export default function ({ getService }: FtrProviderContext) {
           let body: any;
           let status: number;
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/session')
+            .set(roleAuthc.apiKeyHeader)
             .set(svlCommonApi.getCommonRequestHeader()));
           // expect a rejection because we're not using the internal header
           expect(body).toEqual({
@@ -66,8 +79,9 @@ export default function ({ getService }: FtrProviderContext) {
           });
           expect(status).toBe(400);
 
-          ({ body, status } = await supertest
+          ({ body, status } = await supertestWithoutAuth
             .post('/internal/security/session')
+            .set(roleAuthc.apiKeyHeader)
             .set(svlCommonApi.getInternalRequestHeader()));
           // expect redirect
           expect(status).toBe(302);
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts
index 83ef0c4335679..687a6ee453a2d 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts
@@ -8,13 +8,22 @@
 import expect from 'expect';
 import { kibanaTestUser } from '@kbn/test';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
+  const samlTools = getService('samlTools');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
-  const samlTools = getService('samlTools');
+  let roleAuthc: RoleCredentials;
 
   describe('security/user_profiles', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('internal', () => {
         // When we run tests on MKI, SAML realm is configured differently, and we cannot handcraft SAML responses to
@@ -25,6 +34,7 @@ export default function ({ getService }: FtrProviderContext) {
           const { status } = await supertestWithoutAuth
             .post(`/internal/security/user_profile/_data`)
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader)
             .set(await samlTools.login(kibanaTestUser.username))
             .send({ key: 'value' });
           expect(status).not.toBe(404);
@@ -33,6 +43,7 @@ export default function ({ getService }: FtrProviderContext) {
         it('get current', async () => {
           const { status } = await supertestWithoutAuth
             .get(`/internal/security/user_profile`)
+            .set(roleAuthc.apiKeyHeader)
             .set(svlCommonApi.getInternalRequestHeader())
             .set(await samlTools.login(kibanaTestUser.username));
           expect(status).not.toBe(404);
@@ -42,6 +53,7 @@ export default function ({ getService }: FtrProviderContext) {
           const { status } = await supertestWithoutAuth
             .get(`/internal/security/user_profile`)
             .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader)
             .set(await samlTools.login(kibanaTestUser.username))
             .send({ uids: ['12345678'] });
           expect(status).not.toBe(404);
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts
index 2feaa8878d1ef..b9979492ce417 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts
@@ -6,89 +6,105 @@
  */
 
 import expect from 'expect';
+import { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('security/users', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       // ToDo: uncomment when we disable user APIs
-      // describe('disabled', () => {
-      // it('get', async () => {
-      //   const { body, status } = await supertest
-      //     .get('/internal/security/users/elastic')
-      //     .set(svlCommonApi.getInternalRequestHeader());
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('get all', async () => {
-      //   const { body, status } = await supertest
-      //     .get('/internal/security/users')
-      //     .set(svlCommonApi.getInternalRequestHeader());
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('create/update', async () => {
-      //   const { body, status } = await supertest
-      //     .post(`/internal/security/users/some_testuser`)
-      //     .set(svlCommonApi.getInternalRequestHeader())
-      //     .send({ username: 'some_testuser', password: 'testpassword', roles: [] });
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('delete', async () => {
-      //   const { body, status } = await supertest
-      //     .delete(`/internal/security/users/elastic`)
-      //     .set(svlCommonApi.getInternalRequestHeader());
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('disable', async () => {
-      //   const { body, status } = await supertest
-      //     .post(`/internal/security/users/elastic/_disable`)
-      //     .set(svlCommonApi.getInternalRequestHeader());
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('enable', async () => {
-      //   const { body, status } = await supertest
-      //     .post(`/internal/security/users/elastic/_enable`)
-      //     .set(svlCommonApi.getInternalRequestHeader());
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-
-      // it('set password', async () => {
-      //   const { body, status } = await supertest
-      //     .post(`/internal/security/users/{username}/password`)
-      //     .set(svlCommonApi.getInternalRequestHeader())
-      //     .send({
-      //       password: 'old_pw',
-      //       newPassword: 'new_pw',
-      //     });
-      //   svlCommonApi.assertApiNotFound(body, status);
-      // });
-      // });
+      describe.skip('disabled', () => {
+        it('get', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .get('/internal/security/users/elastic')
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('get all', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .get('/internal/security/users')
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('create/update', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .post(`/internal/security/users/some_testuser`)
+            .set(svlCommonApi.getInternalRequestHeader())
+            .send({ username: 'some_testuser', password: 'testpassword', roles: [] });
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('delete', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .delete(`/internal/security/users/elastic`)
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('disable', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .post(`/internal/security/users/elastic/_disable`)
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('enable', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .post(`/internal/security/users/elastic/_enable`)
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+
+        it('set password', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .post(`/internal/security/users/{username}/password`)
+            .set(svlCommonApi.getInternalRequestHeader())
+            .send({
+              password: 'old_pw',
+              newPassword: 'new_pw',
+            });
+          svlCommonApi.assertApiNotFound(body, status);
+        });
+      });
 
       // ToDo: remove when we disable user APIs
       describe('internal', () => {
         it('get', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/internal/security/users/elastic')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).not.toBe(404);
         });
 
         it('get all', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/internal/security/users')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).not.toBe(404);
         });
 
         it('create/update', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .post(`/internal/security/users/some_testuser`)
             .set(svlCommonApi.getInternalRequestHeader())
             .send({ username: 'some_testuser', password: 'testpassword', roles: [] });
@@ -96,28 +112,31 @@ export default function ({ getService }: FtrProviderContext) {
         });
 
         it('delete', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .delete(`/internal/security/users/elastic`)
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).not.toBe(404);
         });
 
         it('disable', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .post(`/internal/security/users/elastic/_disable`)
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).not.toBe(404);
         });
 
         it('enable', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .post(`/internal/security/users/elastic/_enable`)
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).not.toBe(404);
         });
 
         it('set password', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .post(`/internal/security/users/{username}/password`)
             .set(svlCommonApi.getInternalRequestHeader())
             .send({
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts
index ac1d994252c57..3800d1f06b134 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts
@@ -6,106 +6,131 @@
  */
 
 import expect from 'expect';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   describe('security/views', function () {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('route access', () => {
       describe('disabled', () => {
-        // ToDo: uncomment these when we disable login routes
-        // it('login', async () => {
-        //   const { body, status } = await supertest
-        //     .get('/login')
-        //     .set(svlCommonApi.getInternalRequestHeader());
-        //   svlCommonApi.assertApiNotFound(body, status);
-        // });
+        // ToDo: unskip these when we disable login routes
+        xit('login', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .get('/login')
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
 
-        // it('get login state', async () => {
-        //   const { body, status } = await supertest
-        //     .get('/internal/security/login_state')
-        //     .set(svlCommonApi.getInternalRequestHeader());
-        //   svlCommonApi.assertApiNotFound(body, status);
-        // });
+        // ToDo: unskip these when we disable login routes
+        xit('get login state', async () => {
+          const { body, status } = await supertestWithoutAuth
+            .get('/internal/security/login_state')
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
+          svlCommonApi.assertApiNotFound(body, status);
+        });
 
         it('access agreement', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/security/access_agreement')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
 
         it('get access agreement state', async () => {
-          const { body, status } = await supertest
+          const { body, status } = await supertestWithoutAuth
             .get('/internal/security/access_agreement/state')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           svlCommonApi.assertApiNotFound(body, status);
         });
       });
 
       describe('public', () => {
         it('login', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/login')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(302);
         });
 
         it('get login state', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/internal/security/login_state')
-            .set(svlCommonApi.getInternalRequestHeader());
+            .set(svlCommonApi.getInternalRequestHeader())
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('capture URL', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/internal/security/capture-url')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('space selector', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/spaces/space_selector')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('enter space', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/spaces/enter')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(302);
         });
 
         it('account', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/security/account')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('logged out', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/security/logged_out')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('logout', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/logout')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
 
         it('overwritten session', async () => {
-          const { status } = await supertest
+          const { status } = await supertestWithoutAuth
             .get('/security/overwritten_session')
-            .set(svlCommonApi.getCommonRequestHeader());
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
           expect(status).toBe(200);
         });
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts
index 1d336ec504250..7e37b26ad83b3 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts
@@ -7,12 +7,17 @@
 
 import { expect } from 'expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
   const reportingAPI = getService('svlReportingApi');
-  const supertest = getService('supertest');
+  const svlCommonApi = getService('svlCommonApi');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   const archives: Record<string, { data: string; savedObjects: string }> = {
     ecommerce: {
@@ -21,64 +26,73 @@ export default function ({ getService }: FtrProviderContext) {
     },
   };
 
-  describe('Data Stream', () => {
+  describe('Data Stream', function () {
     before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+
       await esArchiver.load(archives.ecommerce.data);
       await kibanaServer.importExport.load(archives.ecommerce.savedObjects);
 
       // for this test, we don't need to wait for the job to finish or verify the result
-      await reportingAPI.createReportJobInternal('csv_searchsource', {
-        browserTimezone: 'UTC',
-        objectType: 'search',
-        searchSource: {
-          index: '5193f870-d861-11e9-a311-0fa548c5f953',
-          query: { language: 'kuery', query: '' },
-          version: true,
+      await reportingAPI.createReportJobInternal(
+        'csv_searchsource',
+        {
+          browserTimezone: 'UTC',
+          objectType: 'search',
+          searchSource: {
+            index: '5193f870-d861-11e9-a311-0fa548c5f953',
+            query: { language: 'kuery', query: '' },
+            version: true,
+          },
+          title: 'Ecommerce Data',
+          version: '8.15.0',
         },
-        title: 'Ecommerce Data',
-        version: '8.15.0',
-      });
+        roleAuthc,
+        internalReqHeader
+      );
     });
 
     after(async () => {
-      await reportingAPI.deleteAllReports();
+      await reportingAPI.deleteAllReports(roleAuthc, internalReqHeader);
       await esArchiver.unload(archives.ecommerce.data);
       await kibanaServer.importExport.unload(archives.ecommerce.savedObjects);
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
-    it('uses the datastream configuration with set ILM policy', async () => {
-      const { body } = await supertest
+    it('uses the datastream configuration', async () => {
+      const { status, body } = await supertestWithoutAuth
         .get(`/api/index_management/data_streams/.kibana-reporting`)
-        .set('kbn-xsrf', 'xxx')
-        .set('x-elastic-internal-origin', 'xxx')
-        .expect(200);
+        .set(internalReqHeader)
+        .set(roleAuthc.apiKeyHeader);
 
-      expect(body).toEqual({
-        _meta: {
-          description: 'default kibana reporting template installed by elasticsearch',
-          managed: true,
-        },
-        name: '.kibana-reporting',
-        indexTemplateName: '.kibana-reporting',
-        generation: 1,
-        health: 'green',
-        hidden: true,
-        indices: [
-          {
-            name: expect.any(String),
-            uuid: expect.any(String),
-            managedBy: 'Data stream lifecycle',
-            preferILM: true,
+      svlCommonApi.assertResponseStatusCode(200, status, body);
+
+      expect(body).toEqual(
+        expect.objectContaining({
+          _meta: {
+            description: 'default kibana reporting template installed by elasticsearch',
+            managed: true,
           },
-        ],
-        lifecycle: { enabled: true },
-        maxTimeStamp: 0,
-        nextGenerationManagedBy: 'Data stream lifecycle',
-        privileges: { delete_index: true, manage_data_stream_lifecycle: true },
-        timeStampField: { name: '@timestamp' },
-        storageSize: expect.any(String),
-        storageSizeBytes: expect.any(Number),
-      });
+          name: '.kibana-reporting',
+          indexTemplateName: '.kibana-reporting',
+          generation: 1,
+          health: 'green',
+          hidden: true,
+          indices: [
+            {
+              name: expect.any(String),
+              uuid: expect.any(String),
+              managedBy: 'Data stream lifecycle',
+              preferILM: true,
+            },
+          ],
+          lifecycle: expect.objectContaining({ enabled: true }),
+          nextGenerationManagedBy: 'Data stream lifecycle',
+          privileges: { delete_index: true, manage_data_stream_lifecycle: true },
+          timeStampField: { name: '@timestamp' },
+        })
+      );
     });
   });
 }
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts
index 6fe25028cb3e7..16342c37fc579 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts
@@ -9,12 +9,17 @@ import expect from '@kbn/expect';
 import type { SortDirection } from '@kbn/data-plugin/common';
 import type { JobParamsCSV } from '@kbn/reporting-export-types-csv-common';
 import type { Filter } from '@kbn/es-query';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
   const reportingAPI = getService('svlReportingApi');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   /*
    * Helper function to decorate with common fields needed in the API call
@@ -73,6 +78,11 @@ export default function ({ getService }: FtrProviderContext) {
     // see kibanaReportCompletion config
     this.timeout(12 * 60 * 1000);
 
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
     beforeEach(async () => {
       await kibanaServer.uiSettings.update({
         'csv:quoteValues': true,
@@ -80,6 +90,10 @@ export default function ({ getService }: FtrProviderContext) {
       });
     });
 
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
+
     describe('exported CSV', () => {
       before(async () => {
         await esArchiver.load(archives.ecommerce.data);
@@ -87,7 +101,7 @@ export default function ({ getService }: FtrProviderContext) {
       });
 
       after(async () => {
-        await reportingAPI.deleteAllReports();
+        await reportingAPI.deleteAllReports(roleAuthc, internalReqHeader);
         await esArchiver.unload(archives.ecommerce.data);
         await kibanaServer.importExport.unload(archives.ecommerce.savedObjects);
       });
@@ -155,10 +169,16 @@ export default function ({ getService }: FtrProviderContext) {
             },
             title: 'Ecommerce Data',
             version: '8.14.0',
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(124183);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -192,10 +212,12 @@ export default function ({ getService }: FtrProviderContext) {
             },
             title: 'Untitled discover search',
             version: '8.14.0',
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        return reportingAPI.getCompletedJobOutput(res.path);
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        return reportingAPI.getCompletedJobOutput(res.path, roleAuthc, internalReqHeader);
       }
 
       it('includes an unmapped field to the report', async () => {
@@ -337,10 +359,16 @@ export default function ({ getService }: FtrProviderContext) {
                 },
               },
             },
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(1270683);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -383,10 +411,16 @@ export default function ({ getService }: FtrProviderContext) {
                 },
               },
             },
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(918298);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -435,10 +469,16 @@ export default function ({ getService }: FtrProviderContext) {
               sort: [{ '@timestamp': 'desc' as SortDirection }],
             },
             columns: ['@timestamp', 'clientip', 'extension'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(3020);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -475,10 +515,16 @@ export default function ({ getService }: FtrProviderContext) {
               sort: [{ '@timestamp': 'desc' as SortDirection }],
             },
             columns: ['@timestamp', 'clientip', 'extension'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(3020);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -509,10 +555,16 @@ export default function ({ getService }: FtrProviderContext) {
               filter: [],
             },
             columns: ['date', 'message'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(103);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -532,10 +584,16 @@ export default function ({ getService }: FtrProviderContext) {
               filter: [],
             },
             columns: ['date', 'message'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(103);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -569,10 +627,16 @@ export default function ({ getService }: FtrProviderContext) {
               filter: [],
             },
             columns: ['date', 'message', '_id', '_index'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(134);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -595,10 +659,16 @@ export default function ({ getService }: FtrProviderContext) {
               ] as unknown as Filter[],
             },
             columns: ['name', 'power'],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(274);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -673,10 +743,16 @@ export default function ({ getService }: FtrProviderContext) {
               },
             },
             columns: [],
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(356);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
@@ -733,10 +809,16 @@ export default function ({ getService }: FtrProviderContext) {
                 },
               },
             },
-          })
+          }),
+          roleAuthc,
+          internalReqHeader
+        );
+        await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader);
+        const csvFile = await reportingAPI.getCompletedJobOutput(
+          res.path,
+          roleAuthc,
+          internalReqHeader
         );
-        await reportingAPI.waitForJobToFinish(res.path);
-        const csvFile = await reportingAPI.getCompletedJobOutput(res.path);
         expect((csvFile as string).length).to.be(4845684);
         expectSnapshot(createPartialCsv(csvFile)).toMatch();
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts
index 8610bb6aa1c2f..953dd533b4a96 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts
@@ -9,20 +9,17 @@ import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common/src/con
 import expect from '@kbn/expect';
 import { INTERNAL_ROUTES } from '@kbn/reporting-common';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 // the archived data holds a report created by test_user
-const TEST_USERNAME = 'test_user';
-const TEST_USER_PASSWORD = 'changeme';
 const API_HEADER: [string, string] = ['kbn-xsrf', 'reporting'];
 const INTERNAL_HEADER: [string, string] = [X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'Kibana'];
 
 export default ({ getService }: FtrProviderContext) => {
   const esArchiver = getService('esArchiver');
-  const supertest = getService('supertestWithoutAuth');
-  const config = getService('config');
-
-  const REPORTING_USER_USERNAME = config.get('servers.kibana.username');
-  const REPORTING_USER_PASSWORD = config.get('servers.kibana.password');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
 
   describe('Reporting Management', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.reporting-2020.04.19], this action is granted by the index privileges [create_index,manage,all]
@@ -30,12 +27,17 @@ export default ({ getService }: FtrProviderContext) => {
 
     const dataArchive = 'x-pack/test/functional/es_archives/reporting/archived_reports';
 
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+
     beforeEach(async () => {
       await esArchiver.load(dataArchive);
     });
 
     after(async () => {
       await esArchiver.unload(dataArchive);
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
     describe('Deletion', () => {
@@ -43,22 +45,22 @@ export default ({ getService }: FtrProviderContext) => {
 
       // archived data uses the test user but functionality for specific users is not possible yet for svl
       xit(`user can delete a report they've created`, async () => {
-        const response = await supertest
+        const response = await supertestWithoutAuth
           .delete(`${INTERNAL_ROUTES.JOBS.DELETE_PREFIX}/${DELETE_REPORT_ID}`)
-          .auth(TEST_USERNAME, TEST_USER_PASSWORD)
           .set(...API_HEADER)
-          .set(...INTERNAL_HEADER);
+          .set(...INTERNAL_HEADER)
+          .set(roleAuthc.apiKeyHeader);
 
         expect(response.status).to.be(200);
         expect(response.body).to.eql({ deleted: true });
       });
 
       it(`user can not delete a report they haven't created`, async () => {
-        const response = await supertest
+        const response = await supertestWithoutAuth
           .delete(`${INTERNAL_ROUTES.JOBS.DELETE_PREFIX}/${DELETE_REPORT_ID}`)
-          .auth(REPORTING_USER_USERNAME, REPORTING_USER_PASSWORD)
           .set(...API_HEADER)
-          .set(...INTERNAL_HEADER);
+          .set(...INTERNAL_HEADER)
+          .set(roleAuthc.apiKeyHeader);
 
         expect(response.status).to.be(404);
         expect(response.body.message).to.be('Not Found');
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/saved_objects_management/index.ts b/x-pack/test_serverless/api_integration/test_suites/common/saved_objects_management/index.ts
index 2da0263122550..f5e6cdf72c90d 100644
--- a/x-pack/test_serverless/api_integration/test_suites/common/saved_objects_management/index.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/common/saved_objects_management/index.ts
@@ -8,7 +8,9 @@
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ loadTestFile }: FtrProviderContext) {
-  describe('saved objects management apis', () => {
+  describe('saved objects management apis', function () {
+    this.tags(['esGate']);
+
     loadTestFile(require.resolve('./find'));
     loadTestFile(require.resolve('./bulk_get'));
     loadTestFile(require.resolve('./bulk_delete'));
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/service_maps/service_maps.ts b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/service_maps/service_maps.ts
new file mode 100644
index 0000000000000..3b23d783c610c
--- /dev/null
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/service_maps/service_maps.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import expect from 'expect';
+import { serviceMap, timerange } from '@kbn/apm-synthtrace-client';
+import { Readable } from 'stream';
+import type { InternalRequestHeader, RoleCredentials } from '../../../../../shared/services';
+import { APMFtrContextProvider } from '../common/services';
+
+export default function ({ getService }: APMFtrContextProvider) {
+  const apmApiClient = getService('apmApiClient');
+  const svlUserManager = getService('svlUserManager');
+  const svlCommonApi = getService('svlCommonApi');
+  const synthtrace = getService('synthtrace');
+
+  const start = new Date('2024-06-01T00:00:00.000Z').getTime();
+  const end = new Date('2024-06-01T00:01:00.000Z').getTime();
+
+  describe('APM Service maps', () => {
+    let roleAuthc: RoleCredentials;
+    let internalReqHeader: InternalRequestHeader;
+    let synthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      synthtraceEsClient = await synthtrace.createSynthtraceEsClient();
+
+      const events = timerange(start, end)
+        .interval('10s')
+        .rate(3)
+        .generator(
+          serviceMap({
+            services: [
+              { 'frontend-rum': 'rum-js' },
+              { 'frontend-node': 'nodejs' },
+              { advertService: 'java' },
+            ],
+            definePaths([rum, node, adv]) {
+              return [
+                [
+                  [rum, 'fetchAd'],
+                  [node, 'GET /nodejs/adTag'],
+                  [adv, 'APIRestController#getAd'],
+                  ['elasticsearch', 'GET ad-*/_search'],
+                ],
+              ];
+            },
+          })
+        );
+
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+
+      return synthtraceEsClient.index(Readable.from(Array.from(events)));
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      return synthtraceEsClient.clean();
+    });
+
+    it('returns service map elements', async () => {
+      const response = await apmApiClient.slsUser({
+        endpoint: 'GET /internal/apm/service-map',
+        params: {
+          query: {
+            start: new Date(start).toISOString(),
+            end: new Date(end).toISOString(),
+            environment: 'ENVIRONMENT_ALL',
+          },
+        },
+        roleAuthc,
+        internalReqHeader,
+      });
+
+      expect(response.status).toBe(200);
+      expect(response.body.elements.length).toBeGreaterThan(0);
+    });
+  });
+}
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/traces/critical_path.ts b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/traces/critical_path.ts
new file mode 100644
index 0000000000000..b3e252d6d6901
--- /dev/null
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/traces/critical_path.ts
@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import { apm, ApmFields, SynthtraceGenerator, timerange } from '@kbn/apm-synthtrace-client';
+import { compact, uniq } from 'lodash';
+import { Readable } from 'stream';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import type { InternalRequestHeader, RoleCredentials } from '../../../../../shared/services';
+import { APMFtrContextProvider } from '../common/services';
+
+export default function ({ getService }: APMFtrContextProvider) {
+  const apmApiClient = getService('apmApiClient');
+  const svlUserManager = getService('svlUserManager');
+  const svlCommonApi = getService('svlCommonApi');
+  const synthtrace = getService('synthtrace');
+
+  const start = new Date('2022-01-01T00:00:00.000Z').getTime();
+  const end = new Date('2022-01-01T00:15:00.000Z').getTime() - 1;
+
+  async function fetchAndBuildCriticalPathTree(
+    synthtraceEsClient: ApmSynthtraceEsClient,
+    options: {
+      fn: () => SynthtraceGenerator<ApmFields>;
+      roleAuthc: RoleCredentials;
+      internalReqHeader: InternalRequestHeader;
+    } & ({ serviceName: string; transactionName: string } | {})
+  ) {
+    const { fn, roleAuthc, internalReqHeader } = options;
+
+    const generator = fn();
+
+    const unserialized = Array.from(generator);
+    const serialized = unserialized.flatMap((event) => event.serialize());
+    const traceIds = compact(uniq(serialized.map((event) => event['trace.id'])));
+
+    await synthtraceEsClient.index(Readable.from(unserialized));
+
+    return apmApiClient.slsUser({
+      endpoint: 'POST /internal/apm/traces/aggregated_critical_path',
+      params: {
+        body: {
+          start: new Date(start).toISOString(),
+          end: new Date(end).toISOString(),
+          traceIds,
+          serviceName: 'serviceName' in options ? options.serviceName : null,
+          transactionName: 'transactionName' in options ? options.transactionName : null,
+        },
+      },
+      roleAuthc,
+      internalReqHeader,
+    });
+  }
+
+  describe('APM Aggregated critical path', () => {
+    let roleAuthc: RoleCredentials;
+    let internalReqHeader: InternalRequestHeader;
+    let synthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      synthtraceEsClient = await synthtrace.createSynthtraceEsClient();
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      return synthtraceEsClient.clean();
+    });
+
+    it('returns service map elements', async () => {
+      const java = apm
+        .service({ name: 'java', environment: 'production', agentName: 'java' })
+        .instance('java');
+
+      const duration = 1000;
+      const rate = 10;
+
+      const response = await fetchAndBuildCriticalPathTree(synthtraceEsClient, {
+        fn: () =>
+          timerange(start, end)
+            .interval('15m')
+            .rate(rate)
+            .generator((timestamp) => {
+              return java.transaction('GET /api').timestamp(timestamp).duration(duration);
+            }),
+        roleAuthc,
+        internalReqHeader,
+      });
+
+      expect(response.status).toBe(200);
+      expect(response.body.criticalPath).not.toBeUndefined();
+    });
+  });
+}
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/index.ts b/x-pack/test_serverless/api_integration/test_suites/observability/index.ts
index bf0d1e3772f90..c3e9bddc4e95c 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/index.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/index.ts
@@ -12,6 +12,8 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     this.tags(['esGate']);
 
     loadTestFile(require.resolve('./apm_api_integration/feature_flags.ts'));
+    loadTestFile(require.resolve('./apm_api_integration/service_maps/service_maps'));
+    loadTestFile(require.resolve('./apm_api_integration/traces/critical_path'));
     loadTestFile(require.resolve('./cases'));
     loadTestFile(require.resolve('./burn_rate_rule/burn_rate_rule'));
     loadTestFile(require.resolve('./es_query_rule/es_query_rule'));
diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts
index d22d6fc8360ce..f6f6c9a97bc35 100644
--- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts
@@ -6,24 +6,34 @@
  */
 
 import expect from 'expect';
-import { kibanaTestUser } from '@kbn/test';
+import { kibanaTestSuperuserServerless } from '@kbn/test';
 import { SecurityApiKey } from '@elastic/elasticsearch/lib/api/types';
+import { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 const API_BASE_PATH = '/internal/serverless_search';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlUserManager = getService('svlUserManager');
   const es = getService('es');
   const log = getService('log');
+  let roleAuthc: RoleCredentials;
 
   describe('API Key routes', function () {
     describe('GET api_keys', function () {
+      before(async () => {
+        roleAuthc = await svlUserManager.createApiKeyForRole('developer');
+      });
+      after(async () => {
+        await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      });
       it('return apiKeys', async () => {
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .get(`${API_BASE_PATH}/api_keys`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(body).toBeDefined();
@@ -37,7 +47,9 @@ export default function ({ getService }: FtrProviderContext) {
         let apiKeys: SecurityApiKey[];
         // Delete existing API keys
         try {
-          const apiKeysResult = await es.security.getApiKey({ username: kibanaTestUser.username });
+          const apiKeysResult = await es.security.getApiKey({
+            username: kibanaTestSuperuserServerless.username,
+          });
           apiKeys = apiKeysResult.api_keys;
         } catch (err) {
           log.debug('[Setup error] error listing API keys');
@@ -54,18 +66,21 @@ export default function ({ getService }: FtrProviderContext) {
       };
       before(async () => {
         await deleteAllApiKeys();
+        roleAuthc = await svlUserManager.createApiKeyForRole('developer');
       });
       after(async () => {
         await deleteAllApiKeys();
+        await svlUserManager.invalidateApiKeyForRole(roleAuthc);
       });
       it('can create a key that expires', async () => {
         const createBody = {
           name: 'test-api-key-001',
           expiration: '60d',
         };
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .post(`${API_BASE_PATH}/api_key`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.cookieHeader)
           .send(createBody)
           .expect(200);
 
@@ -75,9 +90,10 @@ export default function ({ getService }: FtrProviderContext) {
         const createBody = {
           name: 'test-api-key-002',
         };
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .post(`${API_BASE_PATH}/api_key`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.cookieHeader)
           .send(createBody)
           .expect(200);
 
@@ -87,10 +103,11 @@ export default function ({ getService }: FtrProviderContext) {
         const createBody = {
           name: 'test-api-key-003',
         };
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .post(`${API_BASE_PATH}/api_key`)
           .set(svlCommonApi.getInternalRequestHeader())
           .send(createBody)
+          .set(roleAuthc.cookieHeader)
           .expect(200);
 
         expect(body).toMatchObject({
diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts
index 4b82f944a9321..af657705d5743 100644
--- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts
@@ -6,20 +6,30 @@
  */
 
 import expect from 'expect';
+import { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 const API_BASE_PATH = '/internal/serverless_search';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('Connectors routes', function () {
     describe('GET connectors', function () {
+      before(async () => {
+        roleAuthc = await svlUserManager.createApiKeyForRole('viewer');
+      });
+      after(async () => {
+        await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      });
       it('returns list of connectors', async () => {
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .get(`${API_BASE_PATH}/connectors`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(body.connectors).toBeDefined();
diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts
index a387f6e7e320e..6bb02a7d99a40 100644
--- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts
@@ -6,35 +6,47 @@
  */
 
 import expect from 'expect';
+import { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 const API_BASE_PATH = '/internal/serverless_search';
 
 export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
-  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
 
   describe('Indices routes', function () {
     describe('GET indices', function () {
+      before(async () => {
+        roleAuthc = await svlUserManager.createApiKeyForRole('viewer');
+      });
+      after(async () => {
+        await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      });
       it('has route', async () => {
-        const { body } = await supertest
+        const { body } = await supertestWithoutAuth
           .get(`${API_BASE_PATH}/indices`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(body).toBeDefined();
       });
       it('accepts search_query', async () => {
-        await supertest
+        await supertestWithoutAuth
           .get(`${API_BASE_PATH}/indices`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.apiKeyHeader)
           .query({ search_query: 'foo' })
           .expect(200);
       });
       it('accepts from & size', async () => {
-        await supertest
+        await supertestWithoutAuth
           .get(`${API_BASE_PATH}/indices`)
           .set(svlCommonApi.getInternalRequestHeader())
+          .set(roleAuthc.apiKeyHeader)
           .query({ from: 0, size: 10 })
           .expect(200);
       });
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v1.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v1.ts
index 129b59880312b..5b4154db95151 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v1.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v1.ts
@@ -6,17 +6,17 @@
  */
 import expect from '@kbn/expect';
 import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types/latest';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('GET /internal/cloud_security_posture/benchmark', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
@@ -26,14 +26,26 @@ export default function ({ getService }: FtrProviderContext) {
     let agentPolicyId2: string;
     let agentPolicyId3: string;
     let agentPolicyId4: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     beforeEach(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-      const { body: agentPolicyResponse } = await supertest
+      const { body: agentPolicyResponse } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy',
           namespace: 'default',
@@ -41,9 +53,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId = agentPolicyResponse.item.id;
 
-      const { body: agentPolicyResponse2 } = await supertest
+      const { body: agentPolicyResponse2 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 2',
           namespace: 'default',
@@ -51,9 +64,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId2 = agentPolicyResponse2.item.id;
 
-      const { body: agentPolicyResponse3 } = await supertest
+      const { body: agentPolicyResponse3 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 3',
           namespace: 'default',
@@ -61,9 +75,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId3 = agentPolicyResponse3.item.id;
 
-      const { body: agentPolicyResponse4 } = await supertest
+      const { body: agentPolicyResponse4 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 4',
           namespace: 'default',
@@ -72,43 +87,51 @@ export default function ({ getService }: FtrProviderContext) {
       agentPolicyId4 = agentPolicyResponse4.item.id;
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'cspm',
         'cloudbeat/cis_aws',
         'aws',
         'cspm',
-        'CSPM-1'
+        'CSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId2,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
         'kspm',
-        'KSPM-1'
+        'KSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId3,
         'vuln_mgmt',
         'cloudbeat/vuln_mgmt_aws',
         'aws',
         'vuln_mgmt',
-        'CNVM-1'
+        'CNVM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId4,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
         'kspm',
-        'KSPM-2'
+        'KSPM-2',
+        roleAuthc,
+        internalRequestHeader
       );
     });
 
@@ -118,44 +141,44 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it(`Should return non-empty array filled with Rules if user has CSP integrations`, async () => {
-      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+      const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/benchmarks`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
 
       expect(res.items.length).equal(3);
     });
 
     it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
-      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+      const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/benchmarks?per_page=2`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
 
       expect(res.items.length).equal(2);
     });
 
     it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
-      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+      const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=2`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
 
       expect(res.items.length).equal(1);
     });
 
     it(`Should return empty array when we set page to be above the last page number`, async () => {
-      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+      const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=3`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
 
       expect(res.items.length).equal(0);
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v2.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v2.ts
index a6e856ea0129e..9eff835396680 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v2.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v2.ts
@@ -6,17 +6,17 @@
  */
 import expect from '@kbn/expect';
 import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types/latest';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
 
   describe('GET /internal/cloud_security_posture/benchmark', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
@@ -26,14 +26,26 @@ export default function ({ getService }: FtrProviderContext) {
     let agentPolicyId2: string;
     let agentPolicyId3: string;
     let agentPolicyId4: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     beforeEach(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-      const { body: agentPolicyResponse } = await supertest
+      const { body: agentPolicyResponse } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy',
           namespace: 'default',
@@ -41,9 +53,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId = agentPolicyResponse.item.id;
 
-      const { body: agentPolicyResponse2 } = await supertest
+      const { body: agentPolicyResponse2 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 2',
           namespace: 'default',
@@ -51,9 +64,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId2 = agentPolicyResponse2.item.id;
 
-      const { body: agentPolicyResponse3 } = await supertest
+      const { body: agentPolicyResponse3 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 3',
           namespace: 'default',
@@ -61,9 +75,10 @@ export default function ({ getService }: FtrProviderContext) {
 
       agentPolicyId3 = agentPolicyResponse3.item.id;
 
-      const { body: agentPolicyResponse4 } = await supertest
+      const { body: agentPolicyResponse4 } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy 4',
           namespace: 'default',
@@ -72,43 +87,51 @@ export default function ({ getService }: FtrProviderContext) {
       agentPolicyId4 = agentPolicyResponse4.item.id;
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'cspm',
         'cloudbeat/cis_aws',
         'aws',
         'cspm',
-        'CSPM-1'
+        'CSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId2,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
         'kspm',
-        'KSPM-1'
+        'KSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId3,
         'vuln_mgmt',
         'cloudbeat/vuln_mgmt_aws',
         'aws',
         'vuln_mgmt',
-        'CNVM-1'
+        'CNVM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId4,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
         'kspm',
-        'KSPM-2'
+        'KSPM-2',
+        roleAuthc,
+        internalRequestHeader
       );
     });
 
@@ -118,11 +141,11 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it(`Should return all benchmarks if user has CSP integrations`, async () => {
-      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+      const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/benchmarks`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
 
       expect(res.items.length).equal(5);
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts
index 8209e9965a9a2..91c2e950877b1 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts
@@ -5,10 +5,7 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type {
   CspBenchmarkRule,
   FindCspBenchmarkRuleResponse,
@@ -16,11 +13,14 @@ import type {
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { createPackagePolicy } from '../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   // find csp benchmark rule tests
   describe('GET internal/cloud_security_posture/rules/_find', function () {
@@ -28,14 +28,26 @@ export default function ({ getService }: FtrProviderContext) {
     this.tags(['failsOnMKI']);
 
     let agentPolicyId: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     beforeEach(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-      const { body: agentPolicyResponse } = await supertest
+      const { body: agentPolicyResponse } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy',
           namespace: 'default',
@@ -51,19 +63,22 @@ export default function ({ getService }: FtrProviderContext) {
 
     it(`Should return 500 error code when not provide package policy id or benchmark id`, async () => {
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: { message: string } } = await supertest
+      const { body }: { body: { message: string } } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(500);
 
       expect(body.message).to.eql(
@@ -74,19 +89,22 @@ export default function ({ getService }: FtrProviderContext) {
 
     it(`Should return 500 error code when provide both package policy id and benchmark id`, async () => {
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-2',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: { message: string } } = await supertest
+      const { body }: { body: { message: string } } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           packagePolicyId: 'your-package-policy-id',
           benchmarkId: 'cis_aws',
@@ -100,11 +118,11 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it(`Should return 404 status code when the package policy ID does not exist`, async () => {
-      const { body }: { body: { statusCode: number; error: string } } = await supertest
+      const { body }: { body: { statusCode: number; error: string } } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           packagePolicyId: 'non-existing-packagePolicy-id',
         })
@@ -122,19 +140,22 @@ export default function ({ getService }: FtrProviderContext) {
 
     it(`Should return 200 status code and filter rules by benchmarkId`, async () => {
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-3',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
+      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           benchmarkId: 'cis_k8s',
         })
@@ -154,19 +175,22 @@ export default function ({ getService }: FtrProviderContext) {
 
     it(`Should return 200 status code, and only requested fields in the response`, async () => {
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-4',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
+      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           benchmarkId: 'cis_k8s',
           fields: ['metadata.name', 'metadata.section', 'metadata.id'],
@@ -188,19 +212,22 @@ export default function ({ getService }: FtrProviderContext) {
 
     it(`Should return 200 status code, items sorted by metadata.section field`, async () => {
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-5',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
+      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           benchmarkId: 'cis_k8s',
           sortField: 'metadata.section',
@@ -223,19 +250,22 @@ export default function ({ getService }: FtrProviderContext) {
       const perPage = 10;
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'kspm',
         'cloudbeat/cis_k8s',
         'vanilla',
-        'kspm'
+        'kspm',
+        'KSPM-6',
+        roleAuthc,
+        internalRequestHeader
       );
 
-      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
+      const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
         .get(`/internal/cloud_security_posture/rules/_find`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set('kbn-xsrf', 'xxxx')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .query({
           benchmarkId: 'cis_k8s',
           perPage,
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts
index ec3216971ec35..b03368fbdaeb9 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts
@@ -5,10 +5,7 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
 import {
   FINDINGS_INDEX_DEFAULT_NS,
@@ -26,6 +23,7 @@ import {
   findingsMockData,
   vulnerabilityMockData,
 } from '../../../../../../test/api_integration/apis/cloud_security_posture/mock_data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../../shared/services';
 
 const INDEX_ARRAY = [
   FINDINGS_INDEX_DEFAULT_NS,
@@ -36,25 +34,39 @@ const INDEX_ARRAY = [
 
 export default function (providerContext: FtrProviderContext) {
   const { getService } = providerContext;
-  const supertest = getService('supertest');
   const es = getService('es');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('GET /internal/cloud_security_posture/status', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
     this.tags(['failsOnMKI']);
 
     let agentPolicyId: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     describe('STATUS = INDEXED TEST', () => {
       beforeEach(async () => {
         await kibanaServer.savedObjects.cleanStandardList();
         await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-        const { body: agentPolicyResponse } = await supertest
+        const { body: agentPolicyResponse } = await supertestWithoutAuth
           .post(`/api/fleet/agent_policies`)
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .send({
             name: 'Test policy',
             namespace: 'default',
@@ -75,19 +87,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'kspm',
           'cloudbeat/cis_k8s',
           'vanilla',
-          'kspm'
+          'kspm',
+          'KSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.kspm.status).to.eql(
@@ -98,19 +113,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'cspm',
           'cloudbeat/cis_aws',
           'aws',
-          'cspm'
+          'cspm',
+          'CSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.cspm.status).to.eql(
@@ -121,19 +139,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return vuln status indexed when logs-cloud_security_posture.vulnerabilities_latest-default contains new documents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'vuln_mgmt',
           'cloudbeat/vuln_mgmt_aws',
           'aws',
-          'vuln_mgmt'
+          'vuln_mgmt',
+          'CNVM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.vuln_mgmt.status).to.eql(
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts
index 17e1e6458edaa..559e9e7b43c99 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts
@@ -5,10 +5,7 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
 import {
   FINDINGS_INDEX_DEFAULT_NS,
@@ -26,6 +23,7 @@ import {
   findingsMockData,
   vulnerabilityMockData,
 } from '../../../../../../test/api_integration/apis/cloud_security_posture/mock_data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../../shared/services';
 
 const INDEX_ARRAY = [
   FINDINGS_INDEX_DEFAULT_NS,
@@ -36,25 +34,39 @@ const INDEX_ARRAY = [
 
 export default function (providerContext: FtrProviderContext) {
   const { getService } = providerContext;
-  const supertest = getService('supertest');
   const es = getService('es');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('GET /internal/cloud_security_posture/status', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
     this.tags(['failsOnMKI']);
 
     let agentPolicyId: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     describe('STATUS = INDEXING TEST', () => {
       beforeEach(async () => {
         await kibanaServer.savedObjects.cleanStandardList();
         await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-        const { body: agentPolicyResponse } = await supertest
+        const { body: agentPolicyResponse } = await supertestWithoutAuth
           .post(`/api/fleet/agent_policies`)
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .send({
             name: 'Test policy',
             namespace: 'default',
@@ -74,19 +86,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'kspm',
           'cloudbeat/cis_k8s',
           'vanilla',
-          'kspm'
+          'kspm',
+          'KSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.kspm.status).to.eql(
@@ -97,19 +112,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents  `, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'cspm',
           'cloudbeat/cis_aws',
           'aws',
-          'cspm'
+          'cspm',
+          'CSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.cspm.status).to.eql(
@@ -120,19 +138,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Return vuln status indexing when logs-cloud_security_posture.vulnerabilities_latest-default doesn't contain vuln new documents, but has newly connected agents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'vuln_mgmt',
           'cloudbeat/vuln_mgmt_aws',
           'aws',
-          'vuln_mgmt'
+          'vuln_mgmt',
+          'CNVM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.vuln_mgmt.status).to.eql(
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_not_deployed_not_installed.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_not_deployed_not_installed.ts
index 9dc25ca4a1133..1cf6e453ea1f3 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_not_deployed_not_installed.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_not_deployed_not_installed.ts
@@ -6,33 +6,45 @@
  */
 import expect from '@kbn/expect';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../../shared/services';
 
 export default function (providerContext: FtrProviderContext) {
   const { getService } = providerContext;
-  const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('GET /internal/cloud_security_posture/status', function () {
     // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
     this.tags(['failsOnMKI']);
 
     let agentPolicyId: string;
+    let roleAuthc: RoleCredentials;
+    let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
 
     describe('STATUS = NOT-DEPLOYED and STATUS = NOT-INSTALLED TEST', () => {
       beforeEach(async () => {
         await kibanaServer.savedObjects.cleanStandardList();
         await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-        const { body: agentPolicyResponse } = await supertest
+        const { body: agentPolicyResponse } = await supertestWithoutAuth
           .post(`/api/fleet/agent_policies`)
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .send({
             name: 'Test policy',
             namespace: 'default',
@@ -47,19 +59,22 @@ export default function (providerContext: FtrProviderContext) {
       });
       it(`Should return not-deployed when installed kspm, no findings on either indices and no healthy agents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'kspm',
           'cloudbeat/cis_k8s',
           'vanilla',
-          'kspm'
+          'kspm',
+          'KSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.kspm.status).to.eql(
@@ -86,19 +101,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Should return not-deployed when installed cspm, no findings on either indices and no healthy agents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'cspm',
           'cloudbeat/cis_aws',
           'aws',
-          'cspm'
+          'cspm',
+          'CSPM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.cspm.status).to.eql(
@@ -125,19 +143,22 @@ export default function (providerContext: FtrProviderContext) {
 
       it(`Should return not-deployed when installed cnvm, no findings on either indices and no healthy agents`, async () => {
         await createPackagePolicy(
-          supertest,
+          supertestWithoutAuth,
           agentPolicyId,
           'vuln_mgmt',
           'cloudbeat/vuln_mgmt_aws',
           'aws',
-          'vuln_mgmt'
+          'vuln_mgmt',
+          'CNVM-1',
+          roleAuthc,
+          internalRequestHeader
         );
 
-        const { body: res }: { body: CspSetupStatus } = await supertest
+        const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
           .get(`/internal/cloud_security_posture/status`)
           .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-          .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
-          .set('kbn-xsrf', 'xxxx')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
           .expect(200);
 
         expect(res.cspm.status).to.eql(
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts
index 155d85dc0f06c..b4f82203ecdf7 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts
@@ -6,37 +6,48 @@
  */
 
 import expect from '@kbn/expect';
-import {
-  ELASTIC_HTTP_VERSION_HEADER,
-  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
-} from '@kbn/core-http-common';
+import type { Agent as SuperTestAgent } from 'supertest';
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { FtrProviderContext } from '../../../ftr_provider_context';
 import {
   data as telemetryMockData,
   MockTelemetryFindings,
 } from '../../../../../test/cloud_security_posture_api/telemetry/data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
 import { createPackagePolicy } from '../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+import { RoleCredentials } from '../../../../shared/services';
 
 const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
 
 export default function ({ getService }: FtrProviderContext) {
   const retry = getService('retry');
   const es = getService('es');
-  const supertest = getService('supertest');
   const log = getService('log');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+
+  let roleAuthc: RoleCredentials;
+  let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
 
   /**
    * required before indexing findings
    */
-  const waitForPluginInitialized = (): Promise<void> =>
+  const waitForPluginInitialized = (
+    supertestWithoutAuthParam: SuperTestAgent,
+    internalRequestHeaderParam: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string },
+    roleAuthcParam: RoleCredentials
+  ): Promise<void> =>
     retry.try(async () => {
       log.debug('Check CSP plugin is initialized');
-      const response = await supertest
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
+      const response = await supertestWithoutAuthParam
         .get('/internal/cloud_security_posture/status?check=init')
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set(internalRequestHeaderParam)
+        .set(roleAuthcParam.apiKeyHeader)
         .expect(200);
       expect(response.body).to.eql({ isPluginInitialized: true });
       log.debug('CSP plugin is initialized');
@@ -68,12 +79,15 @@ export default function ({ getService }: FtrProviderContext) {
     let agentPolicyId: string;
 
     before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
 
-      const { body: agentPolicyResponse } = await supertest
+      const { body: agentPolicyResponse } = await supertestWithoutAuth
         .post(`/api/fleet/agent_policies`)
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test policy',
           namespace: 'default',
@@ -82,18 +96,21 @@ export default function ({ getService }: FtrProviderContext) {
       agentPolicyId = agentPolicyResponse.item.id;
 
       await createPackagePolicy(
-        supertest,
+        supertestWithoutAuth,
         agentPolicyId,
         'cspm',
         'cloudbeat/cis_aws',
         'aws',
         'cspm',
-        'CSPM-1'
+        'CSPM-1',
+        roleAuthc,
+        internalRequestHeader
       );
-      await waitForPluginInitialized();
+      await waitForPluginInitialized(supertestWithoutAuth, internalRequestHeader, roleAuthc);
     });
 
     after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
     });
@@ -107,11 +124,11 @@ export default function ({ getService }: FtrProviderContext) {
 
       const {
         body: [{ stats: apiResponse }],
-      } = await supertest
+      } = await supertestWithoutAuth
         .post(`/internal/telemetry/clusters/_stats`)
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-        .set('kbn-xsrf', 'xxxx')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           unencrypted: true,
           refreshCache: true,
@@ -161,11 +178,11 @@ export default function ({ getService }: FtrProviderContext) {
 
       const {
         body: [{ stats: apiResponse }],
-      } = await supertest
+      } = await supertestWithoutAuth
         .post(`/internal/telemetry/clusters/_stats`)
-        .set('kbn-xsrf', 'xxxx')
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           unencrypted: true,
           refreshCache: true,
@@ -208,11 +225,11 @@ export default function ({ getService }: FtrProviderContext) {
 
       const {
         body: [{ stats: apiResponse }],
-      } = await supertest
+      } = await supertestWithoutAuth
         .post(`/internal/telemetry/clusters/_stats`)
-        .set('kbn-xsrf', 'xxxx')
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           unencrypted: true,
           refreshCache: true,
@@ -286,11 +303,11 @@ export default function ({ getService }: FtrProviderContext) {
 
       const {
         body: [{ stats: apiResponse }],
-      } = await supertest
+      } = await supertestWithoutAuth
         .post(`/internal/telemetry/clusters/_stats`)
-        .set('kbn-xsrf', 'xxxx')
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           unencrypted: true,
           refreshCache: true,
@@ -342,11 +359,11 @@ export default function ({ getService }: FtrProviderContext) {
 
       const {
         body: [{ stats: apiResponse }],
-      } = await supertest
+      } = await supertestWithoutAuth
         .post(`/internal/telemetry/clusters/_stats`)
-        .set('kbn-xsrf', 'xxxx')
         .set(ELASTIC_HTTP_VERSION_HEADER, '2')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .set(internalRequestHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({
           unencrypted: true,
           refreshCache: true,
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts b/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts
index 547d16399bdab..19c01d0944071 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts
@@ -6,6 +6,7 @@
  */
 
 import expect from 'expect';
+import { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import {
   expectDefaultElasticsearchOutput,
@@ -14,13 +15,16 @@ import {
 
 export default function (ctx: FtrProviderContext) {
   const svlCommonApi = ctx.getService('svlCommonApi');
-  const supertest = ctx.getService('supertest');
+  const supertestWithoutAuth = ctx.getService('supertestWithoutAuth');
+  const svlUserManager = ctx.getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
 
   describe('fleet', function () {
     let defaultFleetServerHostUrl: string = '';
     let defaultEsOutputUrl: string = '';
 
     before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
       defaultFleetServerHostUrl = await expectDefaultFleetServer(ctx);
       expect(defaultFleetServerHostUrl).not.toBe('');
 
@@ -28,10 +32,15 @@ export default function (ctx: FtrProviderContext) {
       expect(defaultEsOutputUrl).not.toBe('');
     });
 
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
+
     it('rejects request to create a new fleet server hosts if host url is different from default', async () => {
-      const { body, status } = await supertest
+      const { body, status } = await supertestWithoutAuth
         .post('/api/fleet/fleet_server_hosts')
         .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'test',
           host_urls: ['https://localhost:8221'],
@@ -47,9 +56,10 @@ export default function (ctx: FtrProviderContext) {
     });
 
     it('accepts request to create a new fleet server hosts if host url is same as default', async () => {
-      const { body, status } = await supertest
+      const { body, status } = await supertestWithoutAuth
         .post('/api/fleet/fleet_server_hosts')
         .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test Fleet server host',
           host_urls: [defaultFleetServerHostUrl],
@@ -65,9 +75,10 @@ export default function (ctx: FtrProviderContext) {
     });
 
     it('rejects request to create a new elasticsearch output if host is different from default', async () => {
-      const { body, status } = await supertest
+      const { body, status } = await supertestWithoutAuth
         .post('/api/fleet/outputs')
         .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test output',
           type: 'elasticsearch',
@@ -83,9 +94,10 @@ export default function (ctx: FtrProviderContext) {
     });
 
     it('accepts request to create a new elasticsearch output if host url is same as default', async () => {
-      const { body, status } = await supertest
+      const { body, status } = await supertestWithoutAuth
         .post('/api/fleet/outputs')
         .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .send({
           name: 'Test output',
           type: 'elasticsearch',
diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts
index 617b0d76e2ba3..3618fed58dcf3 100644
--- a/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts
+++ b/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts
@@ -11,6 +11,7 @@ import { FtrProviderContext } from '../ftr_provider_context';
 export function SvlSearchLandingPageProvider({ getService }: FtrProviderContext) {
   const testSubjects = getService('testSubjects');
   const browser = getService('browser');
+  const monacoEditor = getService('monacoEditor');
 
   return {
     async assertSvlSearchSideNavExists() {
@@ -32,50 +33,44 @@ export function SvlSearchLandingPageProvider({ getService }: FtrProviderContext)
     apiKeys: {
       async openCreateFlyout() {
         await testSubjects.click('new-api-key-button');
-        await testSubjects.existOrFail('create-api-key-submit');
+        await testSubjects.existOrFail('formFlyoutSubmitButton');
       },
       async setApiKeyName(value: string) {
-        await testSubjects.existOrFail('create-api-key-name');
-        await testSubjects.setValue('create-api-key-name', value);
+        await testSubjects.existOrFail('apiKeyNameInput');
+        await testSubjects.setValue('apiKeyNameInput', value);
       },
       async selectNeverExpires() {
-        await (
-          await (
-            await testSubjects.find('create-api-key-expires-never-radio')
-          ).findByTagName('label')
-        ).click();
-        await testSubjects.missingOrFail('create-api-key-expires-days-number-field');
+        await (await await testSubjects.find('apiKeyCustomExpirationSwitch')).click();
+        await testSubjects.missingOrFail('apiKeyCustomExpirationInput');
       },
       async createApiKeySubmitAndSuccess() {
-        await testSubjects.click('create-api-key-submit');
+        await testSubjects.click('formFlyoutSubmitButton');
         await testSubjects.existOrFail('api-key-create-success-panel');
       },
       async createApiKeySubmitAndError() {
-        await testSubjects.click('create-api-key-submit');
-        await testSubjects.existOrFail('create-api-key-error-callout');
+        await testSubjects.click('formFlyoutSubmitButton');
+        await testSubjects.existOrFail('apiKeyFlyoutResponseError');
       },
       async createApiKeyCancel() {
-        await testSubjects.click('create-api-key-cancel');
+        await testSubjects.click('formFlyoutCancelButton');
       },
       async createApiKeyToggleMetadataSwitch() {
-        await testSubjects.click('create-api-metadata-switch');
+        await testSubjects.click('apiKeysMetadataSwitch');
       },
       async expectMetadataEditorToExist() {
-        await testSubjects.existOrFail('create-api-metadata-code-editor-container');
+        await monacoEditor.getCodeEditorValue(1);
       },
       async createApiKeyToggleRoleDescriptorsSwitch() {
-        await testSubjects.click('create-api-role-descriptors-switch');
+        await testSubjects.click('apiKeysRoleDescriptorsSwitch');
       },
       async expectRoleDescriptorsEditorToExist() {
-        await testSubjects.existOrFail('create-api-role-descriptors-code-editor-container');
-        await testSubjects.existOrFail('serverlessSearchSecurityPrivilegesFormReadOnlyButton');
-        await testSubjects.existOrFail('serverlessSearchSecurityPrivilegesFormWriteOnlyButton');
+        await monacoEditor.getCodeEditorValue(0);
+        await testSubjects.existOrFail('apiKeysReadOnlyDescriptors');
+        await testSubjects.existOrFail('apiKeysWriteOnlyDescriptors');
       },
       async setRoleDescriptorsValue(value: string) {
-        await testSubjects.existOrFail('create-api-role-descriptors-code-editor-container');
-        await testSubjects.setValue('kibanaCodeEditor', value, {
-          clearWithKeyboard: true,
-        });
+        await monacoEditor.getCodeEditorValue(0);
+        await monacoEditor.setCodeEditorValue(value, 0);
       },
     },
     pipeline: {
diff --git a/x-pack/test_serverless/functional/test_suites/common/discover_ml_uptime/discover/search_source_alert.ts b/x-pack/test_serverless/functional/test_suites/common/discover_ml_uptime/discover/search_source_alert.ts
index ace790cc15950..22e64db2c4068 100644
--- a/x-pack/test_serverless/functional/test_suites/common/discover_ml_uptime/discover/search_source_alert.ts
+++ b/x-pack/test_serverless/functional/test_suites/common/discover_ml_uptime/discover/search_source_alert.ts
@@ -354,7 +354,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     expect(await titleElem.getAttribute('value')).to.equal(dataView);
   };
 
-  describe('Search source Alert', () => {
+  describe('Search source Alert', function () {
+    // fails on MKI, see https://github.com/elastic/kibana/issues/187069
+    this.tags(['failsOnMKI']);
+
     before(async () => {
       await security.testUser.setRoles(['discover_alert']);
       await PageObjects.svlCommonPage.loginAsAdmin();
diff --git a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts
index 6d23ef5512b76..50b8f0919694a 100644
--- a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts
+++ b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts
@@ -11,6 +11,7 @@ import {
   JobParamsCsvFromSavedObject,
 } from '@kbn/reporting-export-types-csv-common';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const kibanaServer = getService('kibanaServer');
@@ -19,7 +20,11 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const retry = getService('retry');
   const PageObjects = getPageObjects(['common', 'svlCommonPage', 'header']);
   const reportingAPI = getService('svlReportingApi');
-  const config = getService('config');
+  const svlUserManager = getService('svlUserManager');
+  const svlCommonApi = getService('svlCommonApi');
+  let roleAuthc: RoleCredentials;
+  let roleName: string;
+  let internalReqHeader: InternalRequestHeader;
 
   const navigateToReportingManagement = async () => {
     log.debug(`navigating to reporting management app`);
@@ -51,39 +56,46 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
     };
 
     // Kibana CI and MKI use different users
-    const TEST_USERNAME = config.get('servers.kibana.username');
-    const TEST_PASSWORD = config.get('servers.kibana.password');
-
     before('initialize saved object archive', async () => {
+      roleName = 'admin';
+      roleAuthc = await svlUserManager.createApiKeyForRole(roleName);
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
       // add test saved search object
       await kibanaServer.importExport.load(savedObjectsArchive);
     });
 
     after('clean up archives', async () => {
       await kibanaServer.importExport.unload(savedObjectsArchive);
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
-    // Cant auth into the route as it's structured currently
-    xit(`user sees a job they've created`, async () => {
+    it(`user sees a job they've created`, async () => {
       const {
         job: { id: jobId },
-      } = await reportingAPI.createReportJobInternal(CSV_REPORT_TYPE_V2, job);
+      } = await reportingAPI.createReportJobInternal(
+        CSV_REPORT_TYPE_V2,
+        job,
+        roleAuthc,
+        internalReqHeader
+      );
 
       await navigateToReportingManagement();
       await testSubjects.existOrFail(`viewReportingLink-${jobId}`);
     });
 
     // Skipping test for now because functionality is not yet possible to test
+    // See details: https://github.com/elastic/kibana/issues/186558
     xit(`user doesn't see a job another user has created`, async () => {
-      log.debug(`creating a csv report job as '${TEST_USERNAME}'`);
+      log.debug(`creating a csv report job using api keys for role: [${roleName}]`);
 
       const {
         job: { id: jobId },
       } = await reportingAPI.createReportJobInternal(
         CSV_REPORT_TYPE_V2,
         job,
-        TEST_USERNAME,
-        TEST_PASSWORD
+        roleAuthc,
+        internalReqHeader
       );
 
       await navigateToReportingManagement();
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/data/logs_data.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/data/logs_data.ts
index 399030d1dd377..168aeb4b4df21 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/data/logs_data.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/data/logs_data.ts
@@ -191,6 +191,7 @@ export function createDegradedFieldsRecord({
 
 export const datasetNames = ['synth.1', 'synth.2', 'synth.3'];
 export const defaultNamespace = 'default';
+export const productionNamespace = 'production';
 
 // Logs Data logic
 const MESSAGE_LOG_LEVELS: MessageWithLevel[] = [
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_flyout.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_flyout.ts
index 0ca26b296fe13..24f6011c78855 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_flyout.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_flyout.ts
@@ -12,6 +12,7 @@ import {
   getInitialTestLogs,
   getLogsForDataset,
   createDegradedFieldsRecord,
+  productionNamespace,
 } from './data';
 
 const integrationActions = {
@@ -36,25 +37,72 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const to = '2024-01-01T12:00:00.000Z';
   const excludeKeysFromServerless = ['size']; // https://github.com/elastic/kibana/issues/178954
 
-  describe('Dataset quality flyout', function () {
-    // FLAKY: https://github.com/elastic/kibana/issues/183771
-    // Added this sub describe block so that the existing flaky tests can be skipped and new ones can be added in the other describe block
-
-    describe.skip('Other dataset quality flyout tests', () => {
-      this.tags(['failsOnMKI']); // Failing https://github.com/elastic/kibana/issues/183495
-
-      before(async () => {
-        await PageObjects.svlCommonPage.loginWithRole('admin');
-        await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
-        await PageObjects.datasetQuality.navigateTo();
-      });
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const apacheIntegrationId = 'apache';
+  const apachePkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
+
+  const bitbucketDatasetName = 'atlassian_bitbucket.audit';
+  const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+  const bitbucketPkg = {
+    name: 'atlassian_bitbucket',
+    version: '1.14.0',
+  };
+
+  const degradedDatasetName = datasetNames[2];
+
+  describe('Flyout', function () {
+    before(async () => {
+      // Install Apache Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(apachePkg);
+
+      // Install Bitbucket Integration (package which does not has Dashboards) and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(bitbucketPkg);
+
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        createDegradedFieldsRecord({
+          to: new Date().toISOString(),
+          count: 2,
+          dataset: degradedDatasetName,
+        }),
+        // Index 15 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 15,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+        // Index degraded docs for Apache integration
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+          isMalformed: true,
+        }),
+        // Index logs for Bitbucket integration
+        getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }),
+      ]);
+
+      await PageObjects.svlCommonPage.loginWithRole('admin');
+
+      await PageObjects.datasetQuality.navigateTo();
+    });
 
-      after(async () => {
-        await synthtrace.clean();
-        await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
-      });
+    after(async () => {
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(apachePkg);
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(bitbucketPkg);
+      await synthtrace.clean();
+    });
 
-      it('opens the flyout for the right dataset', async () => {
+    describe('open flyout', () => {
+      it('should open the flyout for the right dataset', async () => {
         const testDatasetName = datasetNames[1];
 
         await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
@@ -62,44 +110,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await testSubjects.existOrFail(
           PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutTitle
         );
-      });
 
-      // Fails on Serverless. TODO: Need to update the UI as well as the test
-      it.skip('shows the correct last activity', async () => {
-        const testDatasetName = datasetNames[0];
-
-        // Update last activity for the dataset
         await PageObjects.datasetQuality.closeFlyout();
-        await synthtrace.index(
-          getLogsForDataset({ to: new Date().toISOString(), count: 1, dataset: testDatasetName })
-        );
-        await PageObjects.datasetQuality.refreshTable();
-
-        const cols = await PageObjects.datasetQuality.parseDatasetTable();
-
-        const datasetNameCol = cols['Data Set Name'];
-        const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-
-        const testDatasetRowIndex = datasetNameColCellTexts.findIndex(
-          (dName: string) => dName === testDatasetName
-        );
-
-        const lastActivityText = (await cols['Last Activity'].getCellTexts())[testDatasetRowIndex];
-
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
-
-        const lastActivityTextExists = await PageObjects.datasetQuality.doestTextExistInFlyout(
-          lastActivityText,
-          `[data-test-subj=${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutFieldValue}]`
-        );
-
-        expect(lastActivityTextExists).to.eql(true);
       });
 
-      // FLAKY: https://github.com/elastic/kibana/issues/180994
-      it.skip('reflects the breakdown field state in url', async () => {
-        const testDatasetName = datasetNames[0];
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
+      it('reflects the breakdown field state in url', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
         const breakdownField = 'service.name';
         await PageObjects.datasetQuality.selectBreakdownField(breakdownField);
@@ -118,25 +134,25 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           const currentUrl = await browser.getCurrentUrl();
           expect(currentUrl).to.not.contain('breakdownField');
         });
+        await PageObjects.datasetQuality.closeFlyout();
       });
+    });
 
-      it('shows the integration details', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-        const apacheIntegrationId = 'apache';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+    describe('integrations', () => {
+      it('should hide the integration section for non integrations', async () => {
+        const testDatasetName = datasetNames[1];
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
+        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
 
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
+        await testSubjects.missingOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors
+            .datasetQualityFlyoutFieldsListIntegrationDetails
         );
 
-        await PageObjects.datasetQuality.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
+      it('should shows the integration section for integrations', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const integrationNameElements = await PageObjects.datasetQuality.getFlyoutElementsByText(
@@ -144,134 +160,140 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           apacheIntegrationId
         );
 
-        await PageObjects.datasetQuality.closeFlyout();
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors
+            .datasetQualityFlyoutFieldsListIntegrationDetails
+        );
 
         expect(integrationNameElements.length).to.eql(1);
+
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('goes to log explorer page when open button is clicked', async () => {
-        const testDatasetName = datasetNames[2];
-        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
+      it('should show the integration actions menu with correct actions', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        await (await PageObjects.datasetQuality.getFlyoutLogsExplorerButton()).click();
+        const actions = await Promise.all(
+          Object.values(integrationActions).map((action) =>
+            PageObjects.datasetQuality.getIntegrationActionButtonByAction(action)
+          )
+        );
 
-        // Confirm dataset selector text in observability logs explorer
-        const datasetSelectorText =
-          await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
-        expect(datasetSelectorText).to.eql(testDatasetName);
+        expect(actions.length).to.eql(3);
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('shows summary KPIs', async () => {
-        await PageObjects.datasetQuality.navigateTo();
+      it('should hide integration dashboard for integrations without dashboards', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await testSubjects.missingOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutIntegrationAction(
+            integrationActions.viewDashboards
+          )
+        );
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+
+      it('Should navigate to integration overview page on clicking integration overview action', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        const summary = await PageObjects.datasetQuality.parseFlyoutKpis(excludeKeysFromServerless);
-        expect(summary).to.eql({
-          docsCountTotal: '0',
-          // size: '0.0 B', // `_stats` not available on Serverless
-          services: '0',
-          hosts: '0',
-          degradedDocs: '0',
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.overview
+        );
+
+        await action.click();
+
+        await retry.tryForTime(5000, async () => {
+          const currentUrl = await browser.getCurrentUrl();
+          const parsedUrl = new URL(currentUrl);
+
+          expect(parsedUrl.pathname).to.contain('/app/integrations/detail/atlassian_bitbucket');
         });
+
+        await PageObjects.datasetQuality.navigateTo();
       });
 
-      it('shows the updated KPIs', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+      it('should navigate to index template page in clicking Integration template', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        const summaryBefore = await PageObjects.datasetQuality.parseFlyoutKpis(
-          excludeKeysFromServerless
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.template
         );
 
-        // Set time range to 3 days ago
-        const flyoutBodyContainer = await testSubjects.find(
-          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutBody
-        );
-        await PageObjects.datasetQuality.setDatePickerLastXUnits(flyoutBodyContainer, 3, 'd');
+        await action.click();
 
-        // Index 2 doc 2 days ago
-        const time2DaysAgo = Date.now() - 2 * 24 * 60 * 60 * 1000;
-        await synthtrace.index(
-          getLogsForDataset({
-            to: time2DaysAgo,
-            count: 2,
-            dataset: apacheAccessDatasetName,
-            isMalformed: false,
-          })
-        );
+        await retry.tryForTime(5000, async () => {
+          const currentUrl = await browser.getCurrentUrl();
+          const parsedUrl = new URL(currentUrl);
+          expect(parsedUrl.pathname).to.contain(
+            `/app/management/data/index_management/templates/logs-${apacheAccessDatasetName}`
+          );
+        });
+        await PageObjects.datasetQuality.navigateTo();
+      });
 
-        // Index 5 degraded docs 2 days ago
-        await synthtrace.index(
-          getLogsForDataset({
-            to: time2DaysAgo,
-            count: 5,
-            dataset: apacheAccessDatasetName,
-            isMalformed: true,
-          })
-        );
+      it('should navigate to the selected dashboard on clicking integration dashboard action ', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
+        await PageObjects.datasetQuality.openIntegrationActionsMenu();
 
-        await PageObjects.datasetQuality.refreshFlyout();
-        const summaryAfter = await PageObjects.datasetQuality.parseFlyoutKpis(
-          excludeKeysFromServerless
+        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
+          integrationActions.viewDashboards
         );
 
-        expect(parseInt(summaryAfter.docsCountTotal, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.docsCountTotal, 10)
-        );
+        await action.click();
 
-        expect(parseInt(summaryAfter.degradedDocs, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.degradedDocs, 10)
-        );
+        const dashboardButtons = await PageObjects.datasetQuality.getIntegrationDashboardButtons();
+        const firstDashboardButton = await dashboardButtons[0];
+        const dashboardText = await firstDashboardButton.getVisibleText();
 
-        // `_stats` not available on Serverless so we can't compare size // https://github.com/elastic/kibana/issues/178954
-        // expect(parseInt(summaryAfter.size, 10)).to.be.greaterThan(parseInt(summaryBefore.size, 10));
+        await firstDashboardButton.click();
 
-        expect(parseInt(summaryAfter.services, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.services, 10)
-        );
-        expect(parseInt(summaryAfter.hosts, 10)).to.be.greaterThan(
-          parseInt(summaryBefore.hosts, 10)
-        );
+        const breadcrumbText = await testSubjects.getVisibleText('breadcrumb last');
+
+        expect(breadcrumbText).to.eql(dashboardText);
+
+        await PageObjects.datasetQuality.navigateTo();
       });
+    });
 
-      it('shows the right number of services', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+    describe('summary panel', () => {
+      it('should show summary KPIs', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
-        const summaryBefore = await PageObjects.datasetQuality.parseFlyoutKpis(
-          excludeKeysFromServerless
-        );
-        const testServices = ['test-srv-1', 'test-srv-2'];
+        const { docsCountTotal, degradedDocs, services, hosts } =
+          await PageObjects.datasetQuality.parseFlyoutKpis(excludeKeysFromServerless);
+        expect(parseInt(docsCountTotal, 10)).to.be(226);
+        expect(parseInt(degradedDocs, 10)).to.be(1);
+        expect(parseInt(services, 10)).to.be(3);
+        expect(parseInt(hosts, 10)).to.be(52);
 
-        // Index 2 docs with different services
-        const timeNow = Date.now();
-        await synthtrace.index(
-          getLogsForDataset({
-            to: timeNow,
-            count: 2,
-            dataset: apacheAccessDatasetName,
-            isMalformed: false,
-            services: testServices,
-          })
-        );
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+    });
 
-        await PageObjects.datasetQuality.refreshFlyout();
-        const summaryAfter = await PageObjects.datasetQuality.parseFlyoutKpis(
-          excludeKeysFromServerless
-        );
+    describe('navigation', () => {
+      it('should go to log explorer page when the open in log explorer button is clicked', async () => {
+        const testDatasetName = datasetNames[2];
+        await PageObjects.datasetQuality.openDatasetFlyout(testDatasetName);
 
-        expect(parseInt(summaryAfter.services, 10)).to.eql(
-          parseInt(summaryBefore.services, 10) + testServices.length
-        );
+        const logExplorerButton = await PageObjects.datasetQuality.getFlyoutLogsExplorerButton();
+
+        await logExplorerButton.click();
+
+        // Confirm dataset selector text in observability logs explorer
+        const datasetSelectorText =
+          await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
+        expect(datasetSelectorText).to.eql(testDatasetName);
+
+        // Should bring back the test to the dataset quality page
+        await PageObjects.datasetQuality.navigateTo();
       });
 
-      it('goes to log explorer for degraded docs when show all is clicked', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
+      it('should go log explorer for degraded docs when the show all button is clicked', async () => {
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const degradedDocsShowAllSelector = `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutKpiLink}-${PageObjects.datasetQuality.texts.degradedDocs}`;
@@ -285,11 +307,13 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
         await browser.closeCurrentWindow();
         await browser.switchTab(0);
+
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
       // Blocked by https://github.com/elastic/kibana/issues/181705
+      // Its a test written ahead of its time.
       it.skip('goes to infra hosts for hosts when show all is clicked', async () => {
-        const apacheAccessDatasetHumanName = 'Apache access logs';
         await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
 
         const hostsShowAllSelector = `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutKpiLink}-${PageObjects.datasetQuality.texts.hosts}`;
@@ -305,308 +329,132 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
         await browser.closeCurrentWindow();
         await browser.switchTab(0);
-      });
-
-      it('Integration actions menu is present with correct actions', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
+    });
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
+    describe('degraded fields table', () => {
+      it(' should show empty degraded fields table when no degraded fields are present', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(datasetNames[0]);
 
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedTableNoData
         );
 
-        await PageObjects.datasetQuality.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+      it('should show the degraded fields table with data when present', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        const actions = await Promise.all(
-          Object.values(integrationActions).map((action) =>
-            PageObjects.datasetQuality.getIntegrationActionButtonByAction(action)
-          )
+        await testSubjects.existOrFail(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedFieldTable
         );
 
-        expect(actions.length).to.eql(3);
-      });
+        const rows =
+          await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
 
-      it('Integration dashboard action hidden for integrations without dashboards', async () => {
-        const bitbucketDatasetName = 'atlassian_bitbucket.audit';
-        const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+        expect(rows.length).to.eql(2);
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.installPackage({
-          name: 'atlassian_bitbucket',
-          version: '1.14.0',
-        });
+      it('should display Spark Plot for every row of degraded fields', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        // Index 10 logs for `atlassian_bitbucket.audit` dataset
-        await synthtrace.index(getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }));
+        const rows =
+          await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
 
-        await PageObjects.datasetQuality.navigateTo();
+        const sparkPlots = await testSubjects.findAll(
+          PageObjects.datasetQuality.testSubjectSelectors.datasetQualitySparkPlot
+        );
 
-        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        expect(rows.length).to.be(sparkPlots.length);
 
-        await testSubjects.missingOrFail(
-          PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutIntegrationAction(
-            integrationActions.viewDashboards
-          )
-        );
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      it('Integration overview action should navigate to the integration overview page', async () => {
-        const bitbucketDatasetName = 'atlassian_bitbucket.audit';
-        const bitbucketDatasetHumanName = 'Bitbucket Audit Logs';
+      it('should sort the table when the count table header is clicked', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        await PageObjects.observabilityLogsExplorer.navigateTo();
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
 
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.installPackage({
-          name: 'atlassian_bitbucket',
-          version: '1.14.0',
-        });
+        const countColumn = table['Docs count'];
+        const cellTexts = await countColumn.getCellTexts();
 
-        // Index 10 logs for `atlassian_bitbucket.audit` dataset
-        await synthtrace.index(getLogsForDataset({ to, count: 10, dataset: bitbucketDatasetName }));
+        await countColumn.sort('ascending');
+        const sortedCellTexts = await countColumn.getCellTexts();
 
-        await PageObjects.datasetQuality.navigateTo();
+        expect(cellTexts.reverse()).to.eql(sortedCellTexts);
 
-        await PageObjects.datasetQuality.openDatasetFlyout(bitbucketDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        await PageObjects.datasetQuality.closeFlyout();
+      });
 
-        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-          integrationActions.overview
-        );
+      it('should update the URL when the table is sorted', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        await action.click();
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const countColumn = table['Docs count'];
 
         await retry.tryForTime(5000, async () => {
           const currentUrl = await browser.getCurrentUrl();
           const parsedUrl = new URL(currentUrl);
+          const pageState = parsedUrl.searchParams.get('pageState');
 
-          expect(parsedUrl.pathname).to.contain('/app/integrations/detail/atlassian_bitbucket');
+          expect(decodeURIComponent(pageState as string)).to.contain(
+            'sort:(direction:desc,field:count)'
+          );
         });
-      });
-
-      it('Integration template action should navigate to the index template page', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
-
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-        );
-
-        await PageObjects.datasetQuality.navigateTo();
 
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
+        countColumn.sort('ascending');
 
         await retry.tryForTime(5000, async () => {
-          const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-            integrationActions.template
-          );
-
-          await action.click();
-
           const currentUrl = await browser.getCurrentUrl();
           const parsedUrl = new URL(currentUrl);
-          expect(parsedUrl.pathname).to.contain(
-            `/app/management/data/index_management/templates/logs-${apacheAccessDatasetName}`
-          );
-        });
-      });
-
-      it('Integration dashboard action should navigate to the selected dashboard', async () => {
-        const apacheAccessDatasetName = 'apache.access';
-        const apacheAccessDatasetHumanName = 'Apache access logs';
-
-        await PageObjects.observabilityLogsExplorer.navigateTo();
-
-        // Add initial integrations
-        await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-        // Index 10 logs for `logs-apache.access` dataset
-        await synthtrace.index(
-          getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-        );
-
-        await PageObjects.datasetQuality.navigateTo();
-
-        await PageObjects.datasetQuality.openDatasetFlyout(apacheAccessDatasetHumanName);
-        await PageObjects.datasetQuality.openIntegrationActionsMenu();
-
-        const action = await PageObjects.datasetQuality.getIntegrationActionButtonByAction(
-          integrationActions.viewDashboards
-        );
-
-        await action.click();
-
-        const dashboardButtons = await PageObjects.datasetQuality.getIntegrationDashboardButtons();
-        const firstDashboardButton = await dashboardButtons[0];
-        const dashboardText = await firstDashboardButton.getVisibleText();
-
-        await firstDashboardButton.click();
-
-        const breadcrumbText = await testSubjects.getVisibleText('breadcrumb last');
-
-        expect(breadcrumbText).to.eql(dashboardText);
-      });
-    });
+          const pageState = parsedUrl.searchParams.get('pageState');
 
-    // The above describe block has some failing/flaky tests which will
-    // be fixed as part of the tech debt mentioned here
-    // https://github.com/elastic/kibana/issues/184145
-    // Until then, the below describe block is added to cover the tests for the
-    // newly added degraded Fields Table. This must be merged under the above
-    // describe block once the tech debt is fixed.
-    //
-    // FLAKY: https://github.com/elastic/kibana/issues/184438
-    describe.skip('Dataset quality flyout with degraded fields', () => {
-      const goodDatasetName = 'good';
-      const degradedDatasetName = 'degraded';
-      const today = new Date().toISOString();
-      describe('Degraded Fields Table with common data', () => {
-        before(async () => {
-          await PageObjects.svlCommonPage.loginWithRole('admin');
-          await synthtrace.index([
-            getLogsForDataset({
-              to: today,
-              count: 2,
-              dataset: goodDatasetName,
-              isMalformed: false,
-            }),
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
-          await PageObjects.datasetQuality.navigateTo();
-        });
-
-        after(async () => {
-          await synthtrace.clean();
-        });
-        it('shows the degraded fields table with no data when no degraded fields are present', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(goodDatasetName);
-
-          await testSubjects.existOrFail(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedTableNoData
-          );
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
-
-        it('should load the degraded fields table with data', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          await testSubjects.existOrFail(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFlyoutDegradedFieldTable
+          expect(decodeURIComponent(pageState as string)).to.contain(
+            'sort:(direction:asc,field:count)'
           );
-
-          const rows =
-            await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
-
-          expect(rows.length).to.eql(2);
-
-          await PageObjects.datasetQuality.closeFlyout();
         });
 
-        it('should display Spark Plot for every row of degraded fields', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          const rows =
-            await PageObjects.datasetQuality.getDatasetQualityFlyoutDegradedFieldTableRows();
-
-          const sparkPlots = await testSubjects.findAll(
-            PageObjects.datasetQuality.testSubjectSelectors.datasetQualitySparkPlot
-          );
-
-          expect(rows.length).to.be(sparkPlots.length);
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
-
-        it('should sort the table when the count table header is clicked', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
-
-          const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
-
-          const countColumn = table['Docs count'];
-          const cellTexts = await countColumn.getCellTexts();
-
-          await countColumn.sort('ascending');
-          const sortedCellTexts = await countColumn.getCellTexts();
-
-          expect(cellTexts.reverse()).to.eql(sortedCellTexts);
-
-          await PageObjects.datasetQuality.closeFlyout();
-        });
+        await PageObjects.datasetQuality.closeFlyout();
       });
 
-      describe('Degraded Fields Table with data ingestion', () => {
-        before(async () => {
-          await PageObjects.svlCommonPage.loginWithRole('admin');
-          await synthtrace.index([
-            getLogsForDataset({
-              to: today,
-              count: 2,
-              dataset: goodDatasetName,
-              isMalformed: false,
-            }),
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
-          await PageObjects.datasetQuality.navigateTo();
-        });
+      // This is the only test which ingest data during the test.
+      // This block tests the refresh behavior of the degraded fields table.
+      // Even though this test ingest data, it can also be freely moved inside
+      // this describe block, and it won't affect any of the existing tests
+      it('should update the table when new data is ingested and the flyout is refreshed using the time selector', async () => {
+        await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
 
-        after(async () => {
-          await synthtrace.clean();
-        });
-        it('should update the table when new data is ingested and the flyout is refreshed using the time selector', async () => {
-          await PageObjects.datasetQuality.openDatasetFlyout(degradedDatasetName);
+        const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
 
-          const table = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const countColumn = table['Docs count'];
+        const cellTexts = await countColumn.getCellTexts();
 
-          const countColumn = table['Docs count'];
-          const cellTexts = await countColumn.getCellTexts();
-          const singleValuePreviously = parseInt(cellTexts[0], 10);
+        await synthtrace.index([
+          createDegradedFieldsRecord({
+            to: new Date().toISOString(),
+            count: 2,
+            dataset: degradedDatasetName,
+          }),
+        ]);
 
-          await synthtrace.index([
-            createDegradedFieldsRecord({
-              to: today,
-              count: 2,
-              dataset: degradedDatasetName,
-            }),
-          ]);
+        await PageObjects.datasetQuality.refreshFlyout();
 
-          await PageObjects.datasetQuality.refreshFlyout();
+        const updatedTable = await PageObjects.datasetQuality.parseDegradedFieldTable();
+        const updatedCountColumn = updatedTable['Docs count'];
 
-          const updatedCellTexts = await countColumn.getCellTexts();
+        const updatedCellTexts = await updatedCountColumn.getCellTexts();
 
-          const singleValueNow = parseInt(updatedCellTexts[0], 10);
+        const singleValuePreviously = parseInt(cellTexts[0], 10);
+        const singleValueNow = parseInt(updatedCellTexts[0], 10);
 
-          expect(singleValueNow).to.be(singleValuePreviously * 2);
+        expect(singleValueNow).to.be.greaterThan(singleValuePreviously);
 
-          await PageObjects.datasetQuality.closeFlyout();
-        });
+        await PageObjects.datasetQuality.closeFlyout();
       });
     });
   });
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_summary.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_summary.ts
index f5a6fd31a25f3..5821612c0b9b2 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_summary.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_summary.ts
@@ -17,11 +17,37 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     'svlCommonPage',
   ]);
   const synthtrace = getService('svlLogsSynthtraceClient');
-  const browser = getService('browser');
-  const retry = getService('retry');
   const to = '2024-01-01T12:00:00.000Z';
   const excludeKeysFromServerless = ['estimatedData']; // https://github.com/elastic/kibana/issues/178954
 
+  const ingestDataForSummary = async () => {
+    // Ingest documents for 3 type of datasets
+    return synthtrace.index([
+      // Ingest good data to all 3 datasets
+      getInitialTestLogs({ to, count: 4 }),
+      // Ingesting poor data to one dataset
+      getLogsForDataset({
+        to: Date.now(),
+        count: 1,
+        dataset: datasetNames[1],
+        isMalformed: true,
+      }),
+      // Ingesting degraded docs into another dataset by ingesting malformed 1st and then good data
+      getLogsForDataset({
+        to: Date.now(),
+        count: 1,
+        dataset: datasetNames[2],
+        isMalformed: true,
+      }),
+      getLogsForDataset({
+        to: Date.now(),
+        count: 10,
+        dataset: datasetNames[2],
+        isMalformed: false,
+      }),
+    ]);
+  };
+
   describe('Dataset quality summary', () => {
     before(async () => {
       await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
@@ -29,110 +55,31 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await PageObjects.datasetQuality.navigateTo();
     });
 
-    after(async () => {
+    afterEach(async () => {
       await synthtrace.clean();
     });
 
-    it('shows poor, degraded and good count', async () => {
+    it('shows poor, degraded and good count as 0 and all dataset as healthy', async () => {
+      await PageObjects.datasetQuality.refreshTable();
       const summary = await PageObjects.datasetQuality.parseSummaryPanel(excludeKeysFromServerless);
       expect(summary).to.eql({
         datasetHealthPoor: '0',
         datasetHealthDegraded: '0',
         datasetHealthGood: '3',
         activeDatasets: '0 of 3',
-        // estimatedData: '0.0 B', https://github.com/elastic/kibana/issues/178954
-      });
-    });
-
-    it('updates the poor count when degraded docs are ingested', async () => {
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[2],
-          isMalformed: true,
-        })
-      );
-
-      await browser.refresh();
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
-
-      await retry.try(async () => {
-        const summary = await PageObjects.datasetQuality.parseSummaryPanel(
-          excludeKeysFromServerless
-        );
-        const { estimatedData, ...restOfSummary } = summary;
-        expect(restOfSummary).to.eql({
-          datasetHealthPoor: '1',
-          datasetHealthDegraded: '0',
-          datasetHealthGood: '2',
-          activeDatasets: '1 of 3',
-        });
-      });
-    });
-
-    it('updates the degraded count when degraded docs are ingested', async () => {
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[1],
-          isMalformed: true,
-        })
-      );
-
-      // Index healthy documents
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 10,
-          dataset: datasetNames[1],
-          isMalformed: false,
-        })
-      );
-
-      await browser.refresh();
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
-
-      await retry.try(async () => {
-        const { estimatedData, ...restOfSummary } =
-          await PageObjects.datasetQuality.parseSummaryPanel(excludeKeysFromServerless);
-        expect(restOfSummary).to.eql({
-          datasetHealthPoor: '1',
-          datasetHealthDegraded: '1',
-          datasetHealthGood: '1',
-          activeDatasets: '2 of 3',
-        });
       });
     });
 
-    it('updates active datasets and estimated data KPIs', async () => {
-      const { estimatedData: _existingEstimatedData } =
-        await PageObjects.datasetQuality.parseSummaryPanel(excludeKeysFromServerless);
-
-      // Index document at current time to mark dataset as active
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 4,
-          dataset: datasetNames[0],
-          isMalformed: false,
-        })
-      );
-
-      await browser.refresh(); // Summary panel doesn't update reactively
-      await PageObjects.datasetQuality.waitUntilSummaryPanelLoaded();
+    it('shows updated count for poor, degraded and good datasets and updates active datasets', async () => {
+      await ingestDataForSummary();
+      await PageObjects.datasetQuality.refreshTable();
 
-      await retry.try(async () => {
-        const { activeDatasets: updatedActiveDatasets, estimatedData: _updatedEstimatedData } =
-          await PageObjects.datasetQuality.parseSummaryPanel(excludeKeysFromServerless);
-
-        expect(updatedActiveDatasets).to.eql('3 of 3');
-
-        // TODO: `_stats` not available on Serverless. // https://github.com/elastic/kibana/issues/178954
-        // expect(_updatedEstimatedData).to.not.eql(_existingEstimatedData);
+      const summary = await PageObjects.datasetQuality.parseSummaryPanel(excludeKeysFromServerless);
+      expect(summary).to.eql({
+        datasetHealthPoor: '1',
+        datasetHealthDegraded: '1',
+        datasetHealthGood: '1',
+        activeDatasets: '2 of 3',
       });
     });
   });
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table.ts
index b86bf82a6266a..40531e4b04d18 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table.ts
@@ -7,7 +7,13 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
-import { datasetNames, defaultNamespace, getInitialTestLogs, getLogsForDataset } from './data';
+import {
+  datasetNames,
+  defaultNamespace,
+  getInitialTestLogs,
+  getLogsForDataset,
+  productionNamespace,
+} from './data';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const PageObjects = getPageObjects([
@@ -19,42 +25,79 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     'svlCommonPage',
   ]);
   const synthtrace = getService('svlLogsSynthtraceClient');
-  const testSubjects = getService('testSubjects');
-  const retry = getService('retry');
   const to = '2024-01-01T12:00:00.000Z';
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const pkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
 
   describe('Dataset quality table', function () {
-    this.tags(['failsOnMKI']); // Failing https://github.com/elastic/kibana/issues/183495
-
     before(async () => {
-      await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
+      // Install Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(pkg);
+      // Ingest basic logs
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: datasetNames[2],
+          isMalformed: true,
+        }),
+        // Index 10 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to,
+          count: 10,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+      ]);
       await PageObjects.svlCommonPage.loginWithRole('admin');
       await PageObjects.datasetQuality.navigateTo();
     });
 
     after(async () => {
       await synthtrace.clean();
-      await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(pkg);
     });
 
-    it('shows the right number of rows in correct order', async () => {
+    it('shows sort by dataset name and show namespace', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       await datasetNameCol.sort('descending');
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql([...datasetNames].reverse());
+      expect(datasetNameColCellTexts).to.eql(
+        [apacheAccessDatasetHumanName, ...datasetNames].reverse()
+      );
 
       const namespaceCol = cols.Namespace;
       const namespaceColCellTexts = await namespaceCol.getCellTexts();
-      expect(namespaceColCellTexts).to.eql([defaultNamespace, defaultNamespace, defaultNamespace]);
+      expect(namespaceColCellTexts).to.eql([
+        defaultNamespace,
+        defaultNamespace,
+        defaultNamespace,
+        productionNamespace,
+      ]);
 
-      const degradedDocsCol = cols['Degraded Docs (%)'];
-      const degradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%']);
+      // Cleaning the sort
+      await datasetNameCol.sort('ascending');
+    });
 
+    it('shows the last activity', async () => {
+      const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const lastActivityCol = cols['Last Activity'];
-      const lastActivityColCellTexts = await lastActivityCol.getCellTexts();
-      expect(lastActivityColCellTexts).to.eql([
+      const activityCells = await lastActivityCol.getCellTexts();
+      const lastActivityCell = activityCells[activityCells.length - 1];
+      const restActivityCells = activityCells.slice(0, -1);
+
+      // The first cell of lastActivity should have data
+      expect(lastActivityCell).to.not.eql(PageObjects.datasetQuality.texts.noActivityText);
+      // The rest of the rows must show no activity
+      expect(restActivityCells).to.eql([
         PageObjects.datasetQuality.texts.noActivityText,
         PageObjects.datasetQuality.texts.noActivityText,
         PageObjects.datasetQuality.texts.noActivityText,
@@ -63,112 +106,19 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
     it('shows degraded docs percentage', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-      await datasetNameCol.sort('ascending');
 
       const degradedDocsCol = cols['Degraded Docs (%)'];
       const degradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%']);
-
-      // Index malformed document with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 1,
-          dataset: datasetNames[2],
-          isMalformed: true,
-        })
-      );
-
-      // Set time range to Last 5 minute
-      const filtersContainer = await testSubjects.find(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFiltersContainer
-      );
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 5, 'm');
-
-      const updatedDegradedDocsColCellTexts = await degradedDocsCol.getCellTexts();
-      expect(updatedDegradedDocsColCellTexts[2]).to.not.eql('0%');
-    });
-
-    // https://github.com/elastic/kibana/issues/178954
-    it.skip('shows the updated size of the index', async () => {
-      const testDatasetIndex = 2;
-      const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-      await datasetNameCol.sort('ascending');
-      const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-
-      const datasetToUpdateRowIndex = datasetNameColCellTexts.findIndex(
-        (dName: string) => dName === datasetNames[testDatasetIndex]
-      );
-
-      const sizeColCellTexts = await cols.Size.getCellTexts();
-      const beforeSize = sizeColCellTexts[datasetToUpdateRowIndex];
-
-      // Index documents with current timestamp
-      await synthtrace.index(
-        getLogsForDataset({
-          to: Date.now(),
-          count: 4,
-          dataset: datasetNames[testDatasetIndex],
-          isMalformed: false,
-        })
-      );
-
-      const colsAfterUpdate = await PageObjects.datasetQuality.parseDatasetTable();
-
-      // Assert that size has changed
-      await retry.tryForTime(15000, async () => {
-        // Refresh the table
-        await PageObjects.datasetQuality.refreshTable();
-        const updatedSizeColCellTexts = await colsAfterUpdate.Size.getCellTexts();
-        expect(updatedSizeColCellTexts[datasetToUpdateRowIndex]).to.not.eql(beforeSize);
-      });
-    });
-
-    it('sorts by dataset name', async () => {
-      // const header = await PageObjects.datasetQuality.getDatasetTableHeader('Dataset Name');
-      const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const datasetNameCol = cols['Data Set Name'];
-
-      // Sort ascending
-      await datasetNameCol.sort('ascending');
-      const cellTexts = await datasetNameCol.getCellTexts();
-
-      const datasetNamesAsc = [...datasetNames].sort();
-
-      expect(cellTexts).to.eql(datasetNamesAsc);
+      expect(degradedDocsColCellTexts).to.eql(['0%', '0%', '0%', '100%']);
     });
 
     it('shows dataset from integration', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const apacheAccessDatasetHumanName = 'Apache access logs';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
 
-      // Sort ascending
-      await datasetNameCol.sort('ascending');
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
 
-      const datasetNamesAsc = [...datasetNames, apacheAccessDatasetHumanName].sort();
-
-      // Assert there are 4 rows
-      expect(datasetNameColCellTexts.length).to.eql(4);
-
-      expect(datasetNameColCellTexts).to.eql(datasetNamesAsc);
+      expect(datasetNameColCellTexts[0]).to.eql(apacheAccessDatasetHumanName);
     });
 
     it('goes to log explorer page when opened', async () => {
@@ -184,50 +134,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       const datasetSelectorText =
         await PageObjects.observabilityLogsExplorer.getDataSourceSelectorButtonText();
       expect(datasetSelectorText).to.eql(datasetName);
-    });
 
-    it('shows the last activity when in time range', async () => {
+      // Return to Dataset Quality Page
       await PageObjects.datasetQuality.navigateTo();
-      const cols = await PageObjects.datasetQuality.parseDatasetTable();
-      const lastActivityCol = cols['Last Activity'];
-      const datasetNameCol = cols['Data Set Name'];
-
-      // Set time range to Last 1 minute
-      const filtersContainer = await testSubjects.find(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFiltersContainer
-      );
-
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 1, 's');
-      const lastActivityColCellTexts = await lastActivityCol.getCellTexts();
-      expect(lastActivityColCellTexts).to.eql([
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-        PageObjects.datasetQuality.texts.noActivityText,
-      ]);
-
-      const datasetToUpdate = datasetNames[0];
-      await synthtrace.index(
-        getLogsForDataset({ to: new Date().toISOString(), count: 1, dataset: datasetToUpdate })
-      );
-      const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      const datasetToUpdateRowIndex = datasetNameColCellTexts.findIndex(
-        (dName: string) => dName === datasetToUpdate
-      );
-
-      await PageObjects.datasetQuality.setDatePickerLastXUnits(filtersContainer, 1, 'h');
-
-      await retry.tryForTime(5000, async () => {
-        const updatedLastActivityColCellTexts = await lastActivityCol.getCellTexts();
-        expect(updatedLastActivityColCellTexts[datasetToUpdateRowIndex]).to.not.eql(
-          PageObjects.datasetQuality.texts.noActivityText
-        );
-      });
     });
 
     it('hides inactive datasets', async () => {
-      await PageObjects.datasetQuality.waitUntilTableLoaded();
-
       // Get number of rows with Last Activity not equal to "No activity in the selected timeframe"
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const lastActivityCol = cols['Last Activity'];
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table_filters.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table_filters.ts
index 239e4322876b0..b53ffe313e86e 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table_filters.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_table_filters.ts
@@ -7,7 +7,7 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
-import { datasetNames, defaultNamespace, getInitialTestLogs, getLogsForDataset } from './data';
+import { datasetNames, getInitialTestLogs, getLogsForDataset, productionNamespace } from './data';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const PageObjects = getPageObjects([
@@ -20,58 +20,73 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const synthtrace = getService('svlLogsSynthtraceClient');
   const testSubjects = getService('testSubjects');
   const to = '2024-01-01T12:00:00.000Z';
+  const apacheAccessDatasetName = 'apache.access';
+  const apacheAccessDatasetHumanName = 'Apache access logs';
+  const apacheIntegrationName = 'Apache HTTP Server';
+  const pkg = {
+    name: 'apache',
+    version: '1.14.0',
+  };
+  const allDatasetNames = [apacheAccessDatasetHumanName, ...datasetNames];
 
   describe('Dataset quality table filters', function () {
-    this.tags(['failsOnMKI']); // Failing https://github.com/elastic/kibana/issues/183495
-
     before(async () => {
-      await synthtrace.index(getInitialTestLogs({ to, count: 4 }));
+      // Install Integration and ingest logs for it
+      await PageObjects.observabilityLogsExplorer.installPackage(pkg);
+      // Ingest basic logs
+      await synthtrace.index([
+        // Ingest basic logs
+        getInitialTestLogs({ to, count: 4 }),
+        // Ingest Degraded Logs
+        getLogsForDataset({
+          to: new Date().toISOString(),
+          count: 1,
+          dataset: datasetNames[2],
+          isMalformed: true,
+        }),
+        // Index 10 logs for `logs-apache.access` dataset
+        getLogsForDataset({
+          to,
+          count: 10,
+          dataset: apacheAccessDatasetName,
+          namespace: productionNamespace,
+        }),
+      ]);
       await PageObjects.svlCommonPage.loginWithRole('admin');
       await PageObjects.datasetQuality.navigateTo();
     });
 
     after(async () => {
+      await PageObjects.observabilityLogsExplorer.uninstallPackage(pkg);
       await synthtrace.clean();
-      await PageObjects.observabilityLogsExplorer.removeInstalledPackages();
-    });
-
-    it('hides inactive datasets when toggled', async () => {
-      const initialRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(initialRows.length).to.eql(3);
-
-      await PageObjects.datasetQuality.toggleShowInactiveDatasets();
-
-      const afterToggleRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(afterToggleRows.length).to.eql(1);
-
-      await PageObjects.datasetQuality.toggleShowInactiveDatasets();
-
-      const afterReToggleRows = await PageObjects.datasetQuality.getDatasetTableRows();
-      expect(afterReToggleRows.length).to.eql(3);
     });
 
     it('shows full dataset names when toggled', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql(datasetNames);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       await PageObjects.datasetQuality.toggleShowFullDatasetNames();
 
       const datasetNameColCellTextsAfterToggle = await datasetNameCol.getCellTexts();
-      const duplicateNames = datasetNames.map((name) => `${name}\n${name}`);
+      const duplicateNames = [
+        `${apacheAccessDatasetHumanName}\n${apacheAccessDatasetName}`,
+        ...datasetNames.map((name) => `${name}\n${name}`),
+      ];
       expect(datasetNameColCellTextsAfterToggle).to.eql(duplicateNames);
 
+      // resetting the toggle
       await PageObjects.datasetQuality.toggleShowFullDatasetNames();
       const datasetNameColCellTextsAfterReToggle = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTextsAfterReToggle).to.eql(datasetNames);
+      expect(datasetNameColCellTextsAfterReToggle).to.eql(allDatasetNames);
     });
 
     it('searches the datasets', async () => {
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql(datasetNames);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       // Search for a dataset
       await testSubjects.setValue(
@@ -83,33 +98,15 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       const datasetNameColAfterSearch = colsAfterSearch['Data Set Name'];
       const datasetNameColCellTextsAfterSearch = await datasetNameColAfterSearch.getCellTexts();
       expect(datasetNameColCellTextsAfterSearch).to.eql([datasetNames[2]]);
-      await testSubjects.setValue(
-        PageObjects.datasetQuality.testSubjectSelectors.datasetQualityFilterBarFieldSearch,
-        ''
-      );
+      // Reset the search field
+      await testSubjects.click('clearSearchButton');
     });
 
     it('filters for integration', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const apacheAccessDatasetHumanName = 'Apache access logs';
-      const apacheIntegrationName = 'Apache HTTP Server';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({ to, count: 10, dataset: apacheAccessDatasetName })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetNameCol = cols['Data Set Name'];
       const datasetNameColCellTexts = await datasetNameCol.getCellTexts();
-      expect(datasetNameColCellTexts).to.eql([apacheAccessDatasetHumanName, ...datasetNames]);
+      expect(datasetNameColCellTexts).to.eql(allDatasetNames);
 
       // Filter for integration
       await PageObjects.datasetQuality.filterForIntegrations([apacheIntegrationName]);
@@ -118,64 +115,31 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       const datasetNameColAfterFilter = colsAfterFilter['Data Set Name'];
       const datasetNameColCellTextsAfterFilter = await datasetNameColAfterFilter.getCellTexts();
       expect(datasetNameColCellTextsAfterFilter).to.eql([apacheAccessDatasetHumanName]);
+      // Reset the filter by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForIntegrations([apacheIntegrationName]);
     });
 
     it('filters for namespace', async () => {
-      const apacheAccessDatasetName = 'apache.access';
-      const datasetNamespace = 'prod';
-
-      await PageObjects.observabilityLogsExplorer.navigateTo();
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({
-          to,
-          count: 10,
-          dataset: apacheAccessDatasetName,
-          namespace: datasetNamespace,
-        })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       // Get default namespaces
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const namespaceCol = cols.Namespace;
       const namespaceColCellTexts = await namespaceCol.getCellTexts();
-      expect(namespaceColCellTexts).to.contain(defaultNamespace);
+      expect(namespaceColCellTexts).to.contain(productionNamespace);
 
       // Filter for prod namespace
-      await PageObjects.datasetQuality.filterForNamespaces([datasetNamespace]);
+      await PageObjects.datasetQuality.filterForNamespaces([productionNamespace]);
 
       const colsAfterFilter = await PageObjects.datasetQuality.parseDatasetTable();
       const namespaceColAfterFilter = colsAfterFilter.Namespace;
       const namespaceColCellTextsAfterFilter = await namespaceColAfterFilter.getCellTexts();
 
-      expect(namespaceColCellTextsAfterFilter).to.eql([datasetNamespace]);
+      expect(namespaceColCellTextsAfterFilter).to.eql([productionNamespace]);
+      // Reset the namespace by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForNamespaces([productionNamespace]);
     });
 
     it('filters for quality', async () => {
-      const apacheAccessDatasetName = 'apache.access';
       const expectedQuality = 'Poor';
-
-      // Add initial integrations
-      await PageObjects.observabilityLogsExplorer.setupInitialIntegrations();
-
-      // Index 10 logs for `logs-apache.access` dataset
-      await synthtrace.index(
-        getLogsForDataset({
-          to: new Date().toISOString(),
-          count: 10,
-          dataset: apacheAccessDatasetName,
-          isMalformed: true,
-        })
-      );
-
-      await PageObjects.datasetQuality.navigateTo();
-
       // Get default quality
       const cols = await PageObjects.datasetQuality.parseDatasetTable();
       const datasetQuality = cols['Data Set Quality'];
@@ -190,6 +154,9 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       const datasetQualityCellTextsAfterFilter = await datasetQualityAfterFilter.getCellTexts();
 
       expect(datasetQualityCellTextsAfterFilter).to.eql([expectedQuality]);
+
+      // Reset the namespace by selecting from the dropdown again
+      await PageObjects.datasetQuality.filterForQualities([expectedQuality]);
     });
   });
 }
diff --git a/x-pack/test_serverless/functional/test_suites/observability/rules/rules_list.ts b/x-pack/test_serverless/functional/test_suites/observability/rules/rules_list.ts
index aa2ba3ff72fda..4696907ed8ee4 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/rules/rules_list.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/rules/rules_list.ts
@@ -30,6 +30,7 @@ export default ({ getPageObject, getService }: FtrProviderContext) => {
   const find = getService('find');
   const retry = getService('retry');
   const toasts = getService('toasts');
+  const log = getService('log');
   const svlCommonApi = getService('svlCommonApi');
   const svlUserManager = getService('svlUserManager');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
@@ -711,6 +712,24 @@ export default ({ getPageObject, getService }: FtrProviderContext) => {
     });
 
     it('should filter rules by the rule status', async () => {
+      const setRuleStatus = async (testSubj: string, checked: boolean) => {
+        const readAriaChecked = async (): Promise<boolean> => {
+          const statusItem = await testSubjects.find(testSubj);
+          return statusItem
+            ? JSON.parse((await statusItem.getAttribute('aria-checked')) || 'null')
+            : null;
+        };
+
+        await retry.try(async () => {
+          if ((await readAriaChecked()) !== checked) {
+            await testSubjects.click(testSubj);
+            await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+          }
+
+          expect(await readAriaChecked()).toEqual(checked);
+        });
+      };
+
       // Enabled alert
       const rule1 = await createRule({
         supertest,
@@ -750,39 +769,33 @@ export default ({ getPageObject, getService }: FtrProviderContext) => {
       await refreshRulesList();
       await assertRulesLength(4);
 
-      // Select only enabled
+      log.debug('ruleStatusFilterButton: Select only enabled');
       await testSubjects.click('ruleStatusFilterButton');
-      await testSubjects.click('ruleStatusFilterOption-enabled');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      await setRuleStatus('ruleStatusFilterOption-enabled', true);
       await assertRulesLength(2);
 
-      // Select enabled or disabled (e.g. all)
-      await testSubjects.click('ruleStatusFilterOption-disabled');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      log.debug('ruleStatusFilterButton: Select enabled or disabled (e.g. all)');
+      await setRuleStatus('ruleStatusFilterOption-disabled', true);
       await assertRulesLength(4);
 
-      // Select only disabled
-      await testSubjects.click('ruleStatusFilterOption-enabled');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      log.debug('ruleStatusFilterButton: Select only disabled');
+      await setRuleStatus('ruleStatusFilterOption-enabled', false);
       await assertRulesLength(2);
 
-      // Select only snoozed
-      await testSubjects.click('ruleStatusFilterOption-disabled');
-      await testSubjects.click('ruleStatusFilterOption-snoozed');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      log.debug('ruleStatusFilterButton: Select only snoozed');
+      await setRuleStatus('ruleStatusFilterOption-disabled', false);
+      await setRuleStatus('ruleStatusFilterOption-snoozed', true);
       await assertRulesLength(2);
 
-      // Select disabled or snoozed
-      await testSubjects.click('ruleStatusFilterOption-disabled');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      log.debug('ruleStatusFilterButton: Select disabled or snoozed');
+      await setRuleStatus('ruleStatusFilterOption-disabled', true);
       await assertRulesLength(3);
 
-      // Select enabled or disabled or snoozed
-      await testSubjects.click('ruleStatusFilterOption-enabled');
-      await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
+      log.debug('ruleStatusFilterButton: Select enabled or disabled or snoozed');
+      await setRuleStatus('ruleStatusFilterOption-enabled', true);
       await assertRulesLength(4);
 
-      // Clear it again because it is still selected
+      log.debug('ruleStatusFilterButton: Clear it again because it is still selected');
       await testSubjects.click('rules-list-clear-filter');
       await find.waitForDeletedByCssSelector('.euiBasicTable-loading');
       await assertRulesLength(4);
diff --git a/x-pack/test_serverless/functional/test_suites/search/advanced_settings.ts b/x-pack/test_serverless/functional/test_suites/search/advanced_settings.ts
index 2f2b76b21edab..33ec373f8956a 100644
--- a/x-pack/test_serverless/functional/test_suites/search/advanced_settings.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/advanced_settings.ts
@@ -18,7 +18,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
 
   describe('Search advanced settings', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
       await pageObjects.common.navigateToApp('settings');
     });
 
diff --git a/x-pack/test_serverless/functional/test_suites/search/cases/attachment_framework.ts b/x-pack/test_serverless/functional/test_suites/search/cases/attachment_framework.ts
index 044782083b292..831369311f942 100644
--- a/x-pack/test_serverless/functional/test_suites/search/cases/attachment_framework.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/cases/attachment_framework.ts
@@ -20,7 +20,7 @@ export default ({ getPageObject, getService }: FtrProviderContext) => {
 
   describe('persistable attachment', () => {
     before(async () => {
-      await svlCommonPage.login();
+      await svlCommonPage.loginWithRole('developer');
     });
 
     after(async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/connectors/connectors_overview.ts b/x-pack/test_serverless/functional/test_suites/search/connectors/connectors_overview.ts
index 5cbb06975b76b..dca1e694702a6 100644
--- a/x-pack/test_serverless/functional/test_suites/search/connectors/connectors_overview.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/connectors/connectors_overview.ts
@@ -19,16 +19,12 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const browser = getService('browser');
   describe('connectors', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('developer');
       await pageObjects.svlCommonNavigation.sidenav.clickLink({
         deepLinkId: 'serverlessConnectors',
       });
     });
 
-    after(async () => {
-      await pageObjects.svlCommonPage.forceLogout();
-    });
-
     it('Connector app is loaded and  has no connectors', async () => {
       await pageObjects.svlSearchConnectorsPage.connectorOverviewPage.expectConnectorOverviewPageComponentsToExist();
     });
diff --git a/x-pack/test_serverless/functional/test_suites/search/console_notebooks.ts b/x-pack/test_serverless/functional/test_suites/search/console_notebooks.ts
index 57790f3e58f7a..4eaab5ef16904 100644
--- a/x-pack/test_serverless/functional/test_suites/search/console_notebooks.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/console_notebooks.ts
@@ -12,7 +12,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
   describe('Console Notebooks', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
     });
 
     after(async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/dashboards/build_dashboard.ts b/x-pack/test_serverless/functional/test_suites/search/dashboards/build_dashboard.ts
index ea76872a57876..c278eedcb27b6 100644
--- a/x-pack/test_serverless/functional/test_suites/search/dashboards/build_dashboard.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/dashboards/build_dashboard.ts
@@ -28,7 +28,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
   describe('Building a new dashboard', function () {
     before(async () => {
-      await PageObjects.svlCommonPage.login();
+      await PageObjects.svlCommonPage.loginWithRole('admin');
       await kibanaServer.savedObjects.cleanStandardList();
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/logstash_functional');
       await kibanaServer.importExport.load(
@@ -46,7 +46,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         'x-pack/test/functional/fixtures/kbn_archiver/lens/lens_basic.json'
       );
       await kibanaServer.savedObjects.cleanStandardList();
-      await PageObjects.svlCommonPage.forceLogout();
     });
 
     it('can add a lens panel by value', async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/dashboards/import_dashboard.ts b/x-pack/test_serverless/functional/test_suites/search/dashboards/import_dashboard.ts
index 30d99d112e640..dbf1f653cc968 100644
--- a/x-pack/test_serverless/functional/test_suites/search/dashboards/import_dashboard.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/dashboards/import_dashboard.ts
@@ -29,7 +29,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('Importing an existing dashboard', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.login();
+      await PageObjects.svlCommonPage.loginWithRole('developer');
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/logstash_functional');
       await kibanaServer.uiSettings.replace({});
     });
@@ -37,7 +37,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     after(async () => {
       await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional');
       await kibanaServer.savedObjects.cleanStandardList();
-      await PageObjects.svlCommonPage.forceLogout();
     });
 
     it('should be able to import dashboard created in 8.11', async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/default_dataview.ts b/x-pack/test_serverless/functional/test_suites/search/default_dataview.ts
index 1b32eaefc2061..e772c814389a5 100644
--- a/x-pack/test_serverless/functional/test_suites/search/default_dataview.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/default_dataview.ts
@@ -16,7 +16,7 @@ export default function ({ getPageObject, getService }: FtrProviderContext) {
 
   describe('default dataView', function () {
     before(async () => {
-      await svlCommonPage.login();
+      await svlCommonPage.loginWithRole('developer');
       await svlSearchNavigation.navigateToLandingPage();
 
       // re-create the default data view in case it has been cleaned up by another test
@@ -27,10 +27,6 @@ export default function ({ getPageObject, getService }: FtrProviderContext) {
       });
     });
 
-    after(async () => {
-      await svlCommonPage.forceLogout();
-    });
-
     it('should show discover but with no data', async () => {
       await svlCommonNavigation.sidenav.clickLink({ deepLinkId: 'discover' });
       await testSubjects.existOrFail('~breadcrumb-deepLinkId-discover');
diff --git a/x-pack/test_serverless/functional/test_suites/search/index.ts b/x-pack/test_serverless/functional/test_suites/search/index.ts
index 8c3cfd83e04e9..79728fb4663e6 100644
--- a/x-pack/test_serverless/functional/test_suites/search/index.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/index.ts
@@ -20,7 +20,7 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./advanced_settings'));
     loadTestFile(require.resolve('./rules/rule_details'));
     loadTestFile(require.resolve('./console_notebooks'));
-    loadTestFile(require.resolve('./playground_overview'));
+    loadTestFile(require.resolve('./search_playground/playground_overview'));
 
     loadTestFile(require.resolve('./ml'));
     loadTestFile(require.resolve('./search_homepage'));
diff --git a/x-pack/test_serverless/functional/test_suites/search/index_management.ts b/x-pack/test_serverless/functional/test_suites/search/index_management.ts
index 674688092350c..dc8d147c9d348 100644
--- a/x-pack/test_serverless/functional/test_suites/search/index_management.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/index_management.ts
@@ -23,7 +23,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     before(async () => {
       await security.testUser.setRoles(['index_management_user']);
       // Navigate to the index management page
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('developer');
       await pageObjects.common.navigateToApp('indexManagement');
       // Navigate to the indices tab
       await pageObjects.indexManagement.changeTabs('indicesTab');
diff --git a/x-pack/test_serverless/functional/test_suites/search/landing_page.ts b/x-pack/test_serverless/functional/test_suites/search/landing_page.ts
index 04b6fbc166f16..5b148e72b35c9 100644
--- a/x-pack/test_serverless/functional/test_suites/search/landing_page.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/landing_page.ts
@@ -19,11 +19,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
   describe('landing page', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
-    });
-
-    after(async () => {
-      await pageObjects.svlCommonPage.forceLogout();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
     });
 
     it('has serverless side nav', async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/ml/search_bar_features.ts b/x-pack/test_serverless/functional/test_suites/search/ml/search_bar_features.ts
index 177174b4675e4..f2d724549f5e7 100644
--- a/x-pack/test_serverless/functional/test_suites/search/ml/search_bar_features.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/ml/search_bar_features.ts
@@ -41,11 +41,7 @@ export default function ({ getPageObjects }: FtrProviderContext) {
 
   describe('Search bar features', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.login();
-    });
-
-    after(async () => {
-      await PageObjects.svlCommonPage.forceLogout();
+      await PageObjects.svlCommonPage.loginWithRole('developer');
     });
 
     describe('list features', () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/ml/trained_models_list.ts b/x-pack/test_serverless/functional/test_suites/search/ml/trained_models_list.ts
index cc2a98291923f..2617c95604798 100644
--- a/x-pack/test_serverless/functional/test_suites/search/ml/trained_models_list.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/ml/trained_models_list.ts
@@ -12,14 +12,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('Trained models list', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.login();
+      await PageObjects.svlCommonPage.loginWithRole('viewer');
       await ml.api.syncSavedObjects();
     });
 
-    after(async () => {
-      await PageObjects.svlCommonPage.forceLogout();
-    });
-
     describe('page navigation', () => {
       it('renders trained models list', async () => {
         await ml.navigation.navigateToMl();
diff --git a/x-pack/test_serverless/functional/test_suites/search/navigation.ts b/x-pack/test_serverless/functional/test_suites/search/navigation.ts
index 554a2e2b63c15..9476010f58f54 100644
--- a/x-pack/test_serverless/functional/test_suites/search/navigation.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/navigation.ts
@@ -19,14 +19,9 @@ export default function ({ getPageObject, getService }: FtrProviderContext) {
 
   describe('navigation', function () {
     before(async () => {
-      await svlCommonPage.login();
+      await svlCommonPage.loginWithRole('developer');
       await svlSearchNavigation.navigateToLandingPage();
     });
-
-    after(async () => {
-      await svlCommonPage.forceLogout();
-    });
-
     it('navigate search sidenav & breadcrumbs', async () => {
       const expectNoPageReload = await svlCommonNavigation.createNoPageReloadCheck();
 
diff --git a/x-pack/test_serverless/functional/test_suites/search/pipelines.ts b/x-pack/test_serverless/functional/test_suites/search/pipelines.ts
index c2e324edbbfae..6f7c52af51f83 100644
--- a/x-pack/test_serverless/functional/test_suites/search/pipelines.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/pipelines.ts
@@ -17,16 +17,12 @@ export default function ({ getPageObjects }: FtrProviderContext) {
   ]);
   describe('ingest pipelines', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('developer');
       await pageObjects.svlCommonNavigation.sidenav.openSection('project_settings_project_nav');
       await pageObjects.svlCommonNavigation.sidenav.clickLink({ deepLinkId: 'management' });
       await pageObjects.svlManagementPage.clickIngestPipelinesManagementCard();
     });
 
-    after(async () => {
-      await pageObjects.svlCommonPage.forceLogout();
-    });
-
     it('has embedded console', async () => {
       await testHasEmbeddedConsole(pageObjects);
     });
diff --git a/x-pack/test_serverless/functional/test_suites/search/playground_overview.ts b/x-pack/test_serverless/functional/test_suites/search/playground_overview.ts
deleted file mode 100644
index 40a36362a585e..0000000000000
--- a/x-pack/test_serverless/functional/test_suites/search/playground_overview.ts
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type SuperTest from 'supertest';
-import { testHasEmbeddedConsole } from './embedded_console';
-import { FtrProviderContext } from '../../ftr_provider_context';
-import { RoleCredentials } from '../../../shared/services';
-
-const indexName = 'basic_index';
-const esArchiveIndex = 'test/api_integration/fixtures/es_archiver/index_patterns/basic_index';
-async function createOpenAIConnector({
-  supertest,
-  requestHeader = {},
-  apiKeyHeader = {},
-}: {
-  supertest: SuperTest.Agent;
-  requestHeader?: Record<string, string>;
-  apiKeyHeader?: Record<string, string>;
-}): Promise<() => Promise<void>> {
-  const config = {
-    apiProvider: 'OpenAI',
-    defaultModel: 'gpt-4',
-    apiUrl: 'http://localhost:3002',
-  };
-
-  const connector: { id: string } | undefined = (
-    await supertest
-      .post('/api/actions/connector')
-      .set(requestHeader)
-      .set(apiKeyHeader)
-      .send({
-        name: 'test Open AI',
-        connector_type_id: '.gen-ai',
-        config,
-        secrets: {
-          apiKey: 'genAiApiKey',
-        },
-      })
-      .expect(200)
-  ).body;
-
-  return async () => {
-    if (connector) {
-      await supertest
-        .delete(`/api/actions/connector/${connector.id}`)
-        .set(requestHeader)
-        .set(apiKeyHeader)
-        .expect(204);
-    }
-  };
-}
-
-export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const pageObjects = getPageObjects(['svlCommonPage', 'svlCommonNavigation', 'searchPlayground']);
-  const svlCommonApi = getService('svlCommonApi');
-  const svlUserManager = getService('svlUserManager');
-  const supertestWithoutAuth = getService('supertestWithoutAuth');
-  const esArchiver = getService('esArchiver');
-  const createIndex = async () => await esArchiver.load(esArchiveIndex);
-  let roleAuthc: RoleCredentials;
-
-  describe('Serverless Playground Overview', function () {
-    // see details: https://github.com/elastic/kibana/issues/183893
-    this.tags(['failsOnMKI']);
-
-    let removeOpenAIConnector: () => Promise<void>;
-    let createConnector: () => Promise<void>;
-
-    before(async () => {
-      await pageObjects.svlCommonPage.login();
-      await pageObjects.svlCommonNavigation.sidenav.clickLink({
-        deepLinkId: 'searchPlayground',
-      });
-
-      const requestHeader = svlCommonApi.getInternalRequestHeader();
-      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
-      createConnector = async () => {
-        removeOpenAIConnector = await createOpenAIConnector({
-          supertest: supertestWithoutAuth,
-          requestHeader,
-          apiKeyHeader: roleAuthc.apiKeyHeader,
-        });
-      };
-    });
-
-    after(async () => {
-      await removeOpenAIConnector?.();
-      await esArchiver.unload(esArchiveIndex);
-      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
-      await pageObjects.svlCommonPage.forceLogout();
-    });
-
-    describe('start chat page', () => {
-      it('playground app is loaded', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundStartChatPageComponentsToExist();
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundHeaderComponentsToExist();
-      });
-
-      it('show no index callout', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectNoIndexCalloutExists();
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectCreateIndexButtonToMissed();
-      });
-
-      it('hide no index callout when index added', async () => {
-        await createIndex();
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
-      });
-
-      it('show add connector button', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectAddConnectorButtonExists();
-      });
-
-      it('click add connector button opens connector flyout', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectOpenConnectorPagePlayground();
-      });
-
-      it('hide gen ai panel when connector exists', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnector(
-          createConnector
-        );
-      });
-
-      it('show chat page', async () => {
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
-        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectToStartChatPage();
-      });
-    });
-
-    describe('chat page', () => {
-      it('chat works', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWorks();
-      });
-
-      it('open view code', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectOpenViewCode();
-      });
-
-      it('show fields and code in view query', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectViewQueryHasFields();
-      });
-
-      it('show edit context', async () => {
-        await pageObjects.searchPlayground.PlaygroundChatPage.expectEditContextOpens();
-      });
-    });
-
-    it('has embedded console', async () => {
-      await testHasEmbeddedConsole(pageObjects);
-    });
-  });
-}
diff --git a/x-pack/test_serverless/functional/test_suites/search/rules/rule_details.ts b/x-pack/test_serverless/functional/test_suites/search/rules/rule_details.ts
index d6b1059b7e791..b296dc6e4b8ca 100644
--- a/x-pack/test_serverless/functional/test_suites/search/rules/rule_details.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/rules/rule_details.ts
@@ -75,11 +75,10 @@ export default ({ getPageObject, getService }: FtrProviderContext) => {
     before(async () => {
       roleAuthc = await svlUserManager.createApiKeyForRole('admin');
       internalReqHeader = svlCommonApi.getInternalRequestHeader();
-      await svlCommonPage.login();
+      await svlCommonPage.loginWithRole('viewer');
     });
 
     after(async () => {
-      await svlCommonPage.forceLogout();
       await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
diff --git a/x-pack/test_serverless/functional/test_suites/search/screenshot_creation/response_ops_docs/stack_connectors/connectors.ts b/x-pack/test_serverless/functional/test_suites/search/screenshot_creation/response_ops_docs/stack_connectors/connectors.ts
index 8bfada9db1044..97ab2bcbc1a1f 100644
--- a/x-pack/test_serverless/functional/test_suites/search/screenshot_creation/response_ops_docs/stack_connectors/connectors.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/screenshot_creation/response_ops_docs/stack_connectors/connectors.ts
@@ -17,7 +17,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('connectors', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
     });
 
     after(async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/search/search_homepage.ts b/x-pack/test_serverless/functional/test_suites/search/search_homepage.ts
index 3138e0e7f0242..1f627921d1592 100644
--- a/x-pack/test_serverless/functional/test_suites/search/search_homepage.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/search_homepage.ts
@@ -24,7 +24,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       // Enable Homepage Feature Flag
       await uiSettings.setUiSetting(roleAuthc, HOMEPAGE_FF_UI_SETTING, true);
 
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
     });
 
     after(async () => {
@@ -32,8 +32,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
       // Disable Homepage Feature Flag
       await uiSettings.deleteUISetting(roleAuthc, HOMEPAGE_FF_UI_SETTING);
-
-      await pageObjects.svlCommonPage.forceLogout();
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
     it('has search homepage with Home sidenav', async () => {
@@ -52,7 +51,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     });
 
     it('has embedded dev console', async () => {
-      testHasEmbeddedConsole(pageObjects);
+      await testHasEmbeddedConsole(pageObjects);
     });
   });
 }
diff --git a/x-pack/test_serverless/functional/test_suites/search/search_playground/playground_overview.ts b/x-pack/test_serverless/functional/test_suites/search/search_playground/playground_overview.ts
new file mode 100644
index 0000000000000..33e2e9883b38b
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/search/search_playground/playground_overview.ts
@@ -0,0 +1,203 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type OpenAI from 'openai';
+import { testHasEmbeddedConsole } from '../embedded_console';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
+import { createOpenAIConnector } from './utils/create_openai_connector';
+import { createLlmProxy, LlmProxy } from './utils/create_llm_proxy';
+
+const indexName = 'basic_index';
+const esArchiveIndex = 'test/api_integration/fixtures/es_archiver/index_patterns/basic_index';
+
+export default function ({ getPageObjects, getService }: FtrProviderContext) {
+  const pageObjects = getPageObjects(['svlCommonPage', 'svlCommonNavigation', 'searchPlayground']);
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+  const log = getService('log');
+  const browser = getService('browser');
+  const createIndex = async () => await esArchiver.load(esArchiveIndex);
+  let roleAuthc: RoleCredentials;
+
+  describe('Serverless Playground Overview', function () {
+    // see details: https://github.com/elastic/kibana/issues/183893
+    this.tags(['failsOnMKI']);
+
+    let removeOpenAIConnector: () => Promise<void>;
+    let createConnector: () => Promise<void>;
+    let proxy: LlmProxy;
+
+    before(async () => {
+      proxy = await createLlmProxy(log);
+      await pageObjects.svlCommonPage.loginWithRole('admin');
+      await pageObjects.svlCommonNavigation.sidenav.clickLink({
+        deepLinkId: 'searchPlayground',
+      });
+
+      const requestHeader = svlCommonApi.getInternalRequestHeader();
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      createConnector = async () => {
+        removeOpenAIConnector = await createOpenAIConnector({
+          supertest: supertestWithoutAuth,
+          requestHeader,
+          apiKeyHeader: roleAuthc.apiKeyHeader,
+          proxy,
+        });
+      };
+    });
+
+    after(async () => {
+      // await removeOpenAIConnector?.();
+      await esArchiver.unload(esArchiveIndex);
+      proxy.close();
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+      await pageObjects.svlCommonPage.forceLogout();
+    });
+
+    describe('setup Page', () => {
+      it('is loaded successfully', async () => {
+        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundHeaderComponentsToExist();
+        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundHeaderComponentsToDisabled();
+        await pageObjects.searchPlayground.PlaygroundStartChatPage.expectPlaygroundStartChatPageComponentsToExist();
+      });
+
+      describe('with gen ai connectors', () => {
+        before(async () => {
+          await createConnector();
+          await browser.refresh();
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await browser.refresh();
+        });
+        it('hide gen ai panel', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnector();
+        });
+      });
+
+      describe('without gen ai connectors', () => {
+        it('should display the set up connectors button', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectAddConnectorButtonExists();
+        });
+
+        it('creates a connector successfully', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectOpenConnectorPagePlayground();
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectHideGenAIPanelConnectorAfterCreatingConnector(
+            createConnector
+          );
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await browser.refresh();
+        });
+      });
+
+      describe('without any indices', () => {
+        it('show no index callout', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectNoIndexCalloutExists();
+        });
+
+        it('hide no index callout when index added', async () => {
+          await createIndex();
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectSelectIndex(indexName);
+        });
+
+        after(async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.removeIndexFromComboBox();
+          await esArchiver.unload(esArchiveIndex);
+          await browser.refresh();
+        });
+      });
+
+      describe('with existing indices', () => {
+        before(async () => {
+          await createConnector();
+          await createIndex();
+          await browser.refresh();
+        });
+
+        it('dropdown shows up', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectIndicesInDropdown();
+        });
+
+        it('can select index from dropdown and navigate to chat window', async () => {
+          await pageObjects.searchPlayground.PlaygroundStartChatPage.expectToSelectIndicesAndStartButtonEnabled(
+            indexName
+          );
+        });
+
+        after(async () => {
+          await removeOpenAIConnector?.();
+          await esArchiver.unload(esArchiveIndex);
+          await browser.refresh();
+        });
+      });
+    });
+
+    describe('chat page', () => {
+      before(async () => {
+        await createConnector();
+        await createIndex();
+        await browser.refresh();
+        await pageObjects.searchPlayground.PlaygroundChatPage.navigateToChatPage(indexName);
+      });
+      it('loads successfully', async () => {
+        await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWindowLoaded();
+      });
+
+      describe('chat', () => {
+        it('works', async () => {
+          const conversationInterceptor = proxy.intercept(
+            'conversation',
+            (body) =>
+              (JSON.parse(body) as OpenAI.Chat.ChatCompletionCreateParamsNonStreaming).tools?.find(
+                (fn) => fn.function.name === 'title_conversation'
+              ) === undefined
+          );
+
+          await pageObjects.searchPlayground.PlaygroundChatPage.sendQuestion();
+
+          const conversationSimulator = await conversationInterceptor.waitForIntercept();
+
+          await conversationSimulator.next('My response');
+
+          await conversationSimulator.complete();
+
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectChatWorks();
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectTokenTooltipExists();
+        });
+
+        it('open view code', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectOpenViewCode();
+        });
+
+        it('show fields and code in view query', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectViewQueryHasFields();
+        });
+
+        it('show edit context', async () => {
+          await pageObjects.searchPlayground.PlaygroundChatPage.expectEditContextOpens();
+        });
+      });
+
+      after(async () => {
+        await removeOpenAIConnector?.();
+        await esArchiver.unload(esArchiveIndex);
+        await browser.refresh();
+      });
+    });
+
+    it('has embedded console', async () => {
+      await testHasEmbeddedConsole(pageObjects);
+    });
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_llm_proxy.ts b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_llm_proxy.ts
new file mode 100644
index 0000000000000..4952135c3d623
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_llm_proxy.ts
@@ -0,0 +1,198 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ToolingLog } from '@kbn/tooling-log';
+import getPort from 'get-port';
+import http, { type Server } from 'http';
+import { once, pull } from 'lodash';
+import { createOpenAiChunk } from './create_openai_chunk';
+
+type Request = http.IncomingMessage;
+type Response = http.ServerResponse<http.IncomingMessage> & { req: http.IncomingMessage };
+
+type RequestHandler = (request: Request, response: Response, body: string) => void;
+
+interface RequestInterceptor {
+  name: string;
+  when: (body: string) => boolean;
+}
+
+export interface LlmResponseSimulator {
+  body: string;
+  status: (code: number) => Promise<void>;
+  next: (
+    msg:
+      | string
+      | {
+          content?: string;
+          function_call?: { name: string; arguments: string };
+        }
+  ) => Promise<void>;
+  error: (error: any) => Promise<void>;
+  complete: () => Promise<void>;
+  rawWrite: (chunk: string) => Promise<void>;
+  rawEnd: () => Promise<void>;
+}
+
+export class LlmProxy {
+  server: Server;
+
+  interceptors: Array<RequestInterceptor & { handle: RequestHandler }> = [];
+
+  constructor(private readonly port: number, private readonly log: ToolingLog) {
+    this.server = http
+      .createServer()
+      .on('request', async (request, response) => {
+        this.log.info(`LLM request received`);
+
+        const interceptors = this.interceptors.concat();
+        const body = await getRequestBody(request);
+
+        while (interceptors.length) {
+          const interceptor = interceptors.shift()!;
+
+          if (interceptor.when(body)) {
+            pull(this.interceptors, interceptor);
+            interceptor.handle(request, response, body);
+            return;
+          }
+        }
+
+        response.writeHead(500, 'No interceptors found to handle request: ' + request.url);
+        response.end();
+      })
+      .on('error', (error) => {
+        this.log.error(`LLM proxy encountered an error: ${error}`);
+      })
+      .listen(port);
+  }
+
+  getPort() {
+    return this.port;
+  }
+
+  clear() {
+    this.interceptors.length = 0;
+  }
+
+  close() {
+    this.server.close();
+  }
+
+  waitForAllInterceptorsSettled() {
+    return Promise.all(this.interceptors);
+  }
+
+  intercept<
+    TResponseChunks extends Array<Record<string, unknown>> | string | undefined = undefined
+  >(
+    name: string,
+    when: RequestInterceptor['when'],
+    responseChunks?: TResponseChunks
+  ): TResponseChunks extends undefined
+    ? {
+        waitForIntercept: () => Promise<LlmResponseSimulator>;
+      }
+    : {
+        complete: () => Promise<void>;
+      } {
+    const waitForInterceptPromise = Promise.race([
+      new Promise<LlmResponseSimulator>((outerResolve) => {
+        this.interceptors.push({
+          name,
+          when,
+          handle: (request, response, body) => {
+            this.log.info(`LLM request intercepted by "${name}"`);
+
+            function write(chunk: string) {
+              return new Promise<void>((resolve) => response.write(chunk, () => resolve()));
+            }
+            function end() {
+              return new Promise<void>((resolve) => response.end(resolve));
+            }
+
+            const simulator: LlmResponseSimulator = {
+              body,
+              status: once(async (status: number) => {
+                response.writeHead(status, {
+                  'Content-Type': 'text/event-stream',
+                  'Cache-Control': 'no-cache',
+                  Connection: 'keep-alive',
+                });
+              }),
+              next: (msg) => {
+                const chunk = createOpenAiChunk(msg);
+                return write(`data: ${JSON.stringify(chunk)}\n\n`);
+              },
+              rawWrite: (chunk: string) => {
+                return write(chunk);
+              },
+              rawEnd: async () => {
+                await end();
+              },
+              complete: async () => {
+                await write('data: [DONE]\n\n');
+                await end();
+              },
+              error: async (error) => {
+                await write(`data: ${JSON.stringify({ error })}\n\n`);
+                await end();
+              },
+            };
+
+            outerResolve(simulator);
+          },
+        });
+      }),
+      new Promise<LlmResponseSimulator>((_, reject) => {
+        setTimeout(() => reject(new Error(`Interceptor "${name}" timed out after 5000ms`)), 5000);
+      }),
+    ]);
+
+    if (responseChunks === undefined) {
+      return { waitForIntercept: () => waitForInterceptPromise } as any;
+    }
+
+    const parsedChunks = Array.isArray(responseChunks)
+      ? responseChunks
+      : responseChunks.split(' ').map((token, i) => (i === 0 ? token : ` ${token}`));
+
+    return {
+      complete: async () => {
+        const simulator = await waitForInterceptPromise;
+        for (const chunk of parsedChunks) {
+          await simulator.next(chunk);
+        }
+        await simulator.complete();
+      },
+    } as any;
+  }
+}
+
+export async function createLlmProxy(log: ToolingLog) {
+  const port = await getPort({ port: getPort.makeRange(9000, 9100) });
+
+  return new LlmProxy(port, log);
+}
+
+async function getRequestBody(request: http.IncomingMessage): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let data = '';
+
+    request.on('data', (chunk) => {
+      data += chunk.toString();
+    });
+
+    request.on('close', () => {
+      resolve(data);
+    });
+
+    request.on('error', (error) => {
+      reject(error);
+    });
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_chunk.ts b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_chunk.ts
new file mode 100644
index 0000000000000..3d7c64537ee5f
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_chunk.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CreateChatCompletionResponseChunk } from '@kbn/observability-ai-assistant-plugin/server/service/client/adapters/process_openai_stream';
+import { v4 } from 'uuid';
+
+export function createOpenAiChunk(
+  msg: string | { content?: string; function_call?: { name: string; arguments?: string } }
+): CreateChatCompletionResponseChunk {
+  msg = typeof msg === 'string' ? { content: msg } : msg;
+
+  return {
+    id: v4(),
+    object: 'chat.completion.chunk',
+    created: 0,
+    model: 'gpt-4',
+    choices: [
+      {
+        delta: msg,
+        index: 0,
+        finish_reason: null,
+      },
+    ],
+  };
+}
diff --git a/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_connector.ts b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_connector.ts
new file mode 100644
index 0000000000000..c2188aec10fb2
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/search/search_playground/utils/create_openai_connector.ts
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type SuperTest from 'supertest';
+import { LlmProxy } from './create_llm_proxy';
+
+export async function createOpenAIConnector({
+  supertest,
+  requestHeader = {},
+  apiKeyHeader = {},
+  proxy,
+}: {
+  supertest: SuperTest.Agent;
+  requestHeader?: Record<string, string>;
+  apiKeyHeader?: Record<string, string>;
+  proxy: LlmProxy;
+}): Promise<() => Promise<void>> {
+  const config = {
+    apiProvider: 'OpenAI',
+    defaultModel: 'gpt-4',
+    apiUrl: `http://localhost:${proxy.getPort()}`,
+  };
+
+  const connector: { id: string } | undefined = (
+    await supertest
+      .post('/api/actions/connector')
+      .set(requestHeader)
+      .set(apiKeyHeader)
+      .send({
+        name: 'myConnector',
+        connector_type_id: '.gen-ai',
+        config,
+        secrets: {
+          apiKey: 'genAiApiKey',
+        },
+      })
+      .expect(200)
+  ).body;
+
+  return async () => {
+    if (connector) {
+      await supertest
+        .delete(`/api/actions/connector/${connector.id}`)
+        .set(requestHeader)
+        .set(apiKeyHeader)
+        .expect(204);
+    }
+  };
+}
diff --git a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts
new file mode 100644
index 0000000000000..948a418279ac9
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CLOUD_CREDENTIALS_PACKAGE_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
+import { createTestConfig } from '../../config.base';
+
+export default createTestConfig({
+  serverlessProject: 'security',
+  junit: {
+    reportName: 'Serverless Security Cloud Security Agentless Onboarding Functional Tests',
+  },
+  kbnServerArgs: [
+    `--xpack.fleet.packages.0.name=cloud_security_posture`,
+    `--xpack.fleet.packages.0.version=${CLOUD_CREDENTIALS_PACKAGE_VERSION}`,
+
+    // Agentless Configuration based on Serverless Security Dev Yaml - config/serverless.security.dev.yml
+    `--xpack.fleet.enableExperimental.0=agentless`,
+    `--xpack.fleet.agentPolicies.0.id=agentless`,
+    `--xpack.fleet.agentPolicies.0.name=agentless`,
+    `--xpack.fleet.agentPolicies.0.package_policies=[]`,
+    `--xpack.cloud.serverless.project_id=some_fake_project_id`,
+  ],
+  // load tests in the index file
+  testFiles: [require.resolve('./ftr/cloud_security_posture/agentless')],
+});
diff --git a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
index 7063ec943dfba..ee788c7117f6f 100644
--- a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
@@ -6,6 +6,7 @@
  */
 
 import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
+
 import { createTestConfig } from '../../config.base';
 
 export default createTestConfig({
diff --git a/x-pack/test_serverless/functional/test_suites/security/advanced_settings.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/advanced_settings.ts
similarity index 88%
rename from x-pack/test_serverless/functional/test_suites/security/advanced_settings.ts
rename to x-pack/test_serverless/functional/test_suites/security/ftr/advanced_settings.ts
index 63e3a8a9a6672..c6448aac27ec8 100644
--- a/x-pack/test_serverless/functional/test_suites/security/advanced_settings.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/advanced_settings.ts
@@ -7,8 +7,8 @@
 
 import expect from '@kbn/expect';
 import { SECURITY_PROJECT_SETTINGS } from '@kbn/serverless-security-settings';
-import { FtrProviderContext } from '../../ftr_provider_context';
-import { isEditorFieldSetting } from '../common/management/advanced_settings';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { isEditorFieldSetting } from '../../common/management/advanced_settings';
 
 export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const testSubjects = getService('testSubjects');
@@ -18,7 +18,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
 
   describe('Security advanced settings', function () {
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('admin');
       await pageObjects.common.navigateToApp('settings');
     });
 
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_aws.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_aws.ts
new file mode 100644
index 0000000000000..0bcc3afc50927
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_aws.ts
@@ -0,0 +1,117 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+const CIS_AWS_OPTION_TEST_ID = 'cisAwsTestId';
+const AWS_CREDENTIAL_SELECTOR = 'aws-credentials-type-selector';
+const SETUP_TECHNOLOGY_SELECTOR = 'setup-technology-selector';
+const SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ = 'setup-technology-selector-accordion';
+
+const AWS_SINGLE_ACCOUNT_TEST_ID = 'awsSingleTestId';
+
+import { CLOUD_CREDENTIALS_PACKAGE_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
+import expect from '@kbn/expect';
+
+import type { FtrProviderContext } from '../../../../../ftr_provider_context';
+export default function ({ getPageObjects, getService }: FtrProviderContext) {
+  const pageObjects = getPageObjects([
+    'settings',
+    'common',
+    'svlCommonPage',
+    'cisAddIntegration',
+    'header',
+  ]);
+
+  describe('Agentless CIS Integration Page', function () {
+    // TODO: we need to check if the tests are running on MKI. There is a suspicion that installing csp package via Kibana server args is not working on MKI.
+    this.tags(['skipMKI', 'cloud_security_posture_cis_integration']);
+    let cisIntegration: typeof pageObjects.cisAddIntegration;
+    let cisIntegrationAws: typeof pageObjects.cisAddIntegration.cisAws;
+    const previousPackageVersion = '1.9.0';
+
+    before(async () => {
+      await pageObjects.svlCommonPage.login();
+
+      cisIntegration = pageObjects.cisAddIntegration;
+      cisIntegrationAws = pageObjects.cisAddIntegration.cisAws;
+    });
+
+    after(async () => {
+      await pageObjects.svlCommonPage.forceLogout();
+    });
+
+    describe('Agentless CIS_AWS Single Account Launch Cloud formation', () => {
+      it(`should show CIS_AWS Launch Cloud formation button when credentials selector is direct access keys and package version is ${CLOUD_CREDENTIALS_PACKAGE_VERSION}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(
+          CLOUD_CREDENTIALS_PACKAGE_VERSION
+        );
+
+        await cisIntegration.clickOptionButton(CIS_AWS_OPTION_TEST_ID);
+        await cisIntegration.clickOptionButton(AWS_SINGLE_ACCOUNT_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+        await cisIntegration.clickOptionButton(AWS_CREDENTIAL_SELECTOR);
+        await cisIntegration.selectValue(AWS_CREDENTIAL_SELECTOR, 'direct_access_keys');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(
+          (await cisIntegrationAws.showLaunchCloudFormationAgentlessButton()) !== undefined
+        ).to.be(true);
+      });
+
+      it(`should hide CIS_AWS Launch Cloud formation button when credentials selector is temporary keys and package version is less than ${previousPackageVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(previousPackageVersion);
+
+        await cisIntegration.clickOptionButton(CIS_AWS_OPTION_TEST_ID);
+        await cisIntegration.clickOptionButton(AWS_SINGLE_ACCOUNT_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agent-based');
+        await cisIntegration.clickOptionButton(AWS_CREDENTIAL_SELECTOR);
+        await cisIntegration.selectValue(AWS_CREDENTIAL_SELECTOR, 'temporary_keys');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationAws.showLaunchCloudFormationAgentlessButton()).to.be(false);
+      });
+    });
+
+    describe('Agentless CIS_AWS ORG Account Launch Cloud formation', () => {
+      it(`should show CIS_AWS Launch Cloud formation button when credentials selector is direct access keys and package version is ${CLOUD_CREDENTIALS_PACKAGE_VERSION}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(
+          CLOUD_CREDENTIALS_PACKAGE_VERSION
+        );
+
+        await cisIntegration.clickOptionButton(CIS_AWS_OPTION_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+        await cisIntegration.clickOptionButton(AWS_CREDENTIAL_SELECTOR);
+        await cisIntegration.selectValue(AWS_CREDENTIAL_SELECTOR, 'direct_access_keys');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationAws.showLaunchCloudFormationAgentlessButton()).to.be(true);
+      });
+
+      it(`should hide CIS_AWS Launch Cloud formation button when credentials selector is temporary keys and package version is less than ${previousPackageVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(previousPackageVersion);
+
+        await cisIntegration.clickOptionButton(CIS_AWS_OPTION_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+        await cisIntegration.clickOptionButton(AWS_CREDENTIAL_SELECTOR);
+        await cisIntegration.selectValue(AWS_CREDENTIAL_SELECTOR, 'temporary_keys');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationAws.showLaunchCloudFormationAgentlessButton()).to.be(false);
+      });
+    });
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_gcp.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_gcp.ts
new file mode 100644
index 0000000000000..bf7f8eead771f
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/cis_integration_gcp.ts
@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+const CIS_GCP_OPTION_TEST_ID = 'cisGcpTestId';
+const GCP_SINGLE_ACCOUNT_TEST_ID = 'gcpSingleAccountTestId';
+const SETUP_TECHNOLOGY_SELECTOR = 'setup-technology-selector';
+const SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ = 'setup-technology-selector-accordion';
+
+import expect from '@kbn/expect';
+import type { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default function ({ getPageObjects, getService }: FtrProviderContext) {
+  const pageObjects = getPageObjects(['common', 'svlCommonPage', 'cisAddIntegration', 'header']);
+  const agentlessPreReleaseVersion = '1.10.0-preview01';
+  const previousPackageVersion = '1.9.0';
+
+  describe('Agentless CIS Integration Page', function () {
+    // TODO: we need to check if the tests are running on MKI. There is a suspicion that installing csp package via Kibana server args is not working on MKI.
+    this.tags(['skipMKI', 'cloud_security_posture_cis_integration']);
+    let cisIntegration: typeof pageObjects.cisAddIntegration;
+    let cisIntegrationGcp: typeof pageObjects.cisAddIntegration.cisGcp;
+    before(async () => {
+      await pageObjects.svlCommonPage.login();
+
+      cisIntegration = pageObjects.cisAddIntegration;
+      cisIntegrationGcp = pageObjects.cisAddIntegration.cisGcp;
+    });
+
+    after(async () => {
+      await pageObjects.svlCommonPage.forceLogout();
+    });
+
+    describe('Agentless CIS_GCP Single Account Launch Cloud shell', () => {
+      it(`should show CIS_GCP Launch Cloud Shell button when package version is ${agentlessPreReleaseVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(
+          agentlessPreReleaseVersion
+        );
+
+        await cisIntegration.clickOptionButton(CIS_GCP_OPTION_TEST_ID);
+        await cisIntegration.clickOptionButton(GCP_SINGLE_ACCOUNT_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationGcp.showLaunchCloudShellAgentlessButton()).to.be(true);
+      });
+
+      it(`should hide CIS_GCP Launch Cloud Shell button when package version is less than ${agentlessPreReleaseVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(previousPackageVersion);
+
+        await cisIntegration.clickOptionButton(CIS_GCP_OPTION_TEST_ID);
+        await cisIntegration.clickOptionButton(GCP_SINGLE_ACCOUNT_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationGcp.showLaunchCloudShellAgentlessButton()).to.be(false);
+      });
+    });
+
+    describe('Agentless CIS_GCP ORG Account Launch Cloud Shell', () => {
+      it(`should show CIS_GCP Launch Cloud Shell button when package version is ${agentlessPreReleaseVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(
+          agentlessPreReleaseVersion
+        );
+
+        await cisIntegration.clickOptionButton(CIS_GCP_OPTION_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationGcp.showLaunchCloudShellAgentlessButton()).to.be(true);
+      });
+
+      it(`should hide CIS_GCP Launch Cloud shell button when package version is ${previousPackageVersion}`, async () => {
+        await cisIntegration.navigateToAddIntegrationCspmWithVersionPage(previousPackageVersion);
+
+        await cisIntegration.clickOptionButton(CIS_GCP_OPTION_TEST_ID);
+        await cisIntegration.clickAccordianButton(SETUP_TECHNOLOGY_SELECTOR_ACCORDION_TEST_SUBJ);
+        await cisIntegration.clickOptionButton(SETUP_TECHNOLOGY_SELECTOR);
+        await cisIntegration.selectValue(SETUP_TECHNOLOGY_SELECTOR, 'agentless');
+
+        await pageObjects.header.waitUntilLoadingHasFinished();
+
+        expect(await cisIntegrationGcp.showLaunchCloudShellAgentlessButton()).to.be(false);
+      });
+    });
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/index.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/index.ts
new file mode 100644
index 0000000000000..235757c508c16
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless/index.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('cloud_security_posture', function () {
+    this.tags(['cloud_security_posture_agentless']);
+    loadTestFile(require.resolve('./cis_integration_aws'));
+    loadTestFile(require.resolve('./cis_integration_gcp'));
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
index f7078c977191b..a5b99f0dd31bf 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
@@ -43,7 +43,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     let dashboard: typeof pageObjects.cloudPostureDashboard.dashboard;
 
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('viewer');
       cspDashboard = pageObjects.cloudPostureDashboard;
       dashboard = pageObjects.cloudPostureDashboard.dashboard;
       await cspDashboard.waitForPluginInitialized();
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.essentials.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.essentials.ts
index 28f494598835a..5c4df019c08db 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.essentials.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.essentials.ts
@@ -17,7 +17,7 @@ export default function (providerContext: FtrProviderContext) {
     let cisIntegration: typeof pageObjects.cisAddIntegration;
 
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('admin');
     });
 
     beforeEach(async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.ts
index a136d707cdb84..d050ece427125 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/csp_integrations_form.ts
@@ -17,7 +17,7 @@ export default function (providerContext: FtrProviderContext) {
     let cisIntegration: typeof pageObjects.cisAddIntegration;
 
     before(async () => {
-      await pageObjects.svlCommonPage.login();
+      await pageObjects.svlCommonPage.loginWithRole('admin');
     });
 
     beforeEach(async () => {
diff --git a/x-pack/test_serverless/functional/test_suites/security/index.ts b/x-pack/test_serverless/functional/test_suites/security/index.ts
index fabe48960b111..1639957c901d6 100644
--- a/x-pack/test_serverless/functional/test_suites/security/index.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/index.ts
@@ -12,7 +12,7 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./ftr/landing_page'));
     loadTestFile(require.resolve('./ftr/navigation'));
     loadTestFile(require.resolve('./ftr/cases'));
-    loadTestFile(require.resolve('./advanced_settings'));
+    loadTestFile(require.resolve('./ftr/advanced_settings'));
     loadTestFile(require.resolve('./ml'));
   });
 }
diff --git a/x-pack/test_serverless/shared/services/svl_reporting.ts b/x-pack/test_serverless/shared/services/svl_reporting.ts
index 4a1a2535aeced..cd231ee8e77e1 100644
--- a/x-pack/test_serverless/shared/services/svl_reporting.ts
+++ b/x-pack/test_serverless/shared/services/svl_reporting.ts
@@ -5,29 +5,26 @@
  * 2.0.
  */
 
-import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common';
 import expect from '@kbn/expect';
 import { INTERNAL_ROUTES } from '@kbn/reporting-common';
 import type { ReportingJobResponse } from '@kbn/reporting-plugin/server/types';
 import { REPORTING_DATA_STREAM_WILDCARD_WITH_LEGACY } from '@kbn/reporting-server';
 import rison from '@kbn/rison';
 import { FtrProviderContext } from '../../functional/ftr_provider_context';
+import { RoleCredentials } from './svl_user_manager';
+import { InternalRequestHeader } from './svl_common_api';
 
 const API_HEADER: [string, string] = ['kbn-xsrf', 'reporting'];
-const INTERNAL_HEADER: [string, string] = [X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'Kibana'];
 
 /**
  * Services to create roles and users for security testing
  */
 export function SvlReportingServiceProvider({ getService }: FtrProviderContext) {
   const log = getService('log');
-  const supertest = getService('supertestWithoutAuth');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
   const retry = getService('retry');
   const config = getService('config');
 
-  const REPORTING_USER_USERNAME = config.get('servers.kibana.username');
-  const REPORTING_USER_PASSWORD = config.get('servers.kibana.password');
-
   return {
     /**
      * Use the internal API to create any kind of report job
@@ -35,17 +32,16 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext)
     async createReportJobInternal(
       jobType: string,
       job: object,
-      username: string = REPORTING_USER_USERNAME,
-      password: string = REPORTING_USER_PASSWORD
+      roleAuthc: RoleCredentials,
+      internalReqHeader: InternalRequestHeader
     ) {
       const requestPath = `${INTERNAL_ROUTES.GENERATE_PREFIX}/${jobType}`;
       log.debug(`POST request to ${requestPath}`);
 
-      const { status, body } = await supertest
+      const { status, body } = await supertestWithoutAuth
         .post(requestPath)
-        .auth(username, password)
-        .set(...API_HEADER)
-        .set(...INTERNAL_HEADER)
+        .set(internalReqHeader)
+        .set(roleAuthc.apiKeyHeader)
         .send({ jobParams: rison.encode(job) });
 
       expect(status).to.be(200);
@@ -61,20 +57,20 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext)
      */
     async waitForJobToFinish(
       downloadReportPath: string,
-      username = REPORTING_USER_USERNAME,
-      password = REPORTING_USER_PASSWORD,
+      roleAuthc: RoleCredentials,
+      internalReqHeader: InternalRequestHeader,
       options?: { timeout?: number }
     ) {
       await retry.waitForWithTimeout(
         `job ${downloadReportPath} finished`,
         options?.timeout ?? config.get('timeouts.kibanaReportCompletion'),
         async () => {
-          const response = await supertest
+          const response = await supertestWithoutAuth
             .get(`${downloadReportPath}?elasticInternalOrigin=true`)
-            .auth(username, password)
             .responseType('blob')
             .set(...API_HEADER)
-            .set(...INTERNAL_HEADER);
+            .set(internalReqHeader)
+            .set(roleAuthc.apiKeyHeader);
 
           if (response.status === 500) {
             throw new Error(`Report at path ${downloadReportPath} has failed`);
@@ -102,25 +98,28 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext)
     },
 
     /*
-     * This function is only used in the API tests, funtional tests we have to click the download link in the UI
+     * This function is only used in the API tests, functional tests we have to click the download link in the UI
      */
     async getCompletedJobOutput(
       downloadReportPath: string,
-      username = REPORTING_USER_USERNAME,
-      password = REPORTING_USER_PASSWORD
+      roleAuthc: RoleCredentials,
+      internalReqHeader: InternalRequestHeader
     ) {
-      const response = await supertest
+      const response = await supertestWithoutAuth
         .get(`${downloadReportPath}?elasticInternalOrigin=true`)
-        .auth(username, password);
+        .set(internalReqHeader)
+        .set(roleAuthc.apiKeyHeader);
       return response.text as unknown;
     },
-    async deleteAllReports() {
+    async deleteAllReports(roleAuthc: RoleCredentials, internalReqHeader: InternalRequestHeader) {
       log.debug('ReportingAPI.deleteAllReports');
 
       // ignores 409 errs and keeps retrying
       await retry.tryForTime(5000, async () => {
-        await supertest
+        await supertestWithoutAuth
           .post(`/${REPORTING_DATA_STREAM_WILDCARD_WITH_LEGACY}/_delete_by_query`)
+          .set(internalReqHeader)
+          .set(roleAuthc.apiKeyHeader)
           .send({ query: { match_all: {} } });
       });
     },
diff --git a/x-pack/test_serverless/shared/services/svl_user_manager.ts b/x-pack/test_serverless/shared/services/svl_user_manager.ts
index 12fa18eee6673..14b125d046576 100644
--- a/x-pack/test_serverless/shared/services/svl_user_manager.ts
+++ b/x-pack/test_serverless/shared/services/svl_user_manager.ts
@@ -55,19 +55,23 @@ export function SvlUserManagerProvider({ getService }: FtrProviderContext) {
     }
   };
 
+  const customRolesFileName: string | undefined = process.env.ROLES_FILENAME_OVERRIDE;
   // Sharing the instance within FTR config run means cookies are persistent for each role between tests.
-  const sessionManager = new SamlSessionManager({
-    hostOptions: {
-      protocol: config.get('servers.kibana.protocol'),
-      hostname: config.get('servers.kibana.hostname'),
-      port: isCloud ? undefined : config.get('servers.kibana.port'),
-      username: config.get('servers.kibana.username'),
-      password: config.get('servers.kibana.password'),
+  const sessionManager = new SamlSessionManager(
+    {
+      hostOptions: {
+        protocol: config.get('servers.kibana.protocol'),
+        hostname: config.get('servers.kibana.hostname'),
+        port: isCloud ? undefined : config.get('servers.kibana.port'),
+        username: config.get('servers.kibana.username'),
+        password: config.get('servers.kibana.password'),
+      },
+      log,
+      isCloud,
+      supportedRoles,
     },
-    log,
-    isCloud,
-    supportedRoles,
-  });
+    customRolesFileName
+  );
 
   const DEFAULT_ROLE = getDefaultRole();
 
diff --git a/x-pack/test_serverless/tsconfig.json b/x-pack/test_serverless/tsconfig.json
index 95b99a8a08f20..ebc11815da754 100644
--- a/x-pack/test_serverless/tsconfig.json
+++ b/x-pack/test_serverless/tsconfig.json
@@ -104,5 +104,6 @@
     "@kbn/reporting-server",
     "@kbn/config-schema",
     "@kbn/features-plugin",
+    "@kbn/observability-ai-assistant-plugin",
   ]
 }
diff --git a/yarn.lock b/yarn.lock
index d59f566dc8627..9de08dc5d49d5 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -110,13 +110,13 @@
   dependencies:
     tslib "^2.3.1"
 
-"@babel/cli@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/cli/-/cli-7.24.1.tgz#2e11e071e32fe82850b4fe514f56b9c9e1c44911"
-  integrity sha512-HbmrtxyFUr34LwAlV9jS+sSIjUp4FpdtIMGwgufY3AsxrIfsh/HxlMTywsONAZsU0RMYbZtbZFpUCrSGs7o0EA==
+"@babel/cli@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/cli/-/cli-7.24.7.tgz#eb2868c1fa384b17ea88d60107577d3e6fd05c4e"
+  integrity sha512-8dfPprJgV4O14WTx+AQyEA+opgUKPrsIXX/MdL50J1n06EQJ6m1T+CdsJe0qEC0B/Xl85i+Un5KVAxd/PACX9A==
   dependencies:
     "@jridgewell/trace-mapping" "^0.3.25"
-    commander "^4.0.1"
+    commander "^6.2.0"
     convert-source-map "^2.0.0"
     fs-readdir-recursive "^1.1.0"
     glob "^7.2.0"
@@ -126,18 +126,18 @@
     "@nicolo-ribaudo/chokidar-2" "2.1.8-no-fsevents.3"
     chokidar "^3.4.0"
 
-"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.22.13", "@babel/code-frame@^7.23.5", "@babel/code-frame@^7.24.1", "@babel/code-frame@^7.24.2", "@babel/code-frame@^7.5.5", "@babel/code-frame@^7.8.3":
-  version "7.24.2"
-  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.2.tgz#718b4b19841809a58b29b68cde80bc5e1aa6d9ae"
-  integrity sha512-y5+tLQyV8pg3fsiln67BVLD1P13Eg4lh5RW9mF0zUuvLrv9uIQ4MCL+CRT+FTsBlBjcIan6PGsLcBN0m3ClUyQ==
+"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.22.13", "@babel/code-frame@^7.24.7", "@babel/code-frame@^7.5.5", "@babel/code-frame@^7.8.3":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.7.tgz#882fd9e09e8ee324e496bd040401c6f046ef4465"
+  integrity sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==
   dependencies:
-    "@babel/highlight" "^7.24.2"
+    "@babel/highlight" "^7.24.7"
     picocolors "^1.0.0"
 
-"@babel/compat-data@^7.20.5", "@babel/compat-data@^7.22.6", "@babel/compat-data@^7.23.5", "@babel/compat-data@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.24.4.tgz#6f102372e9094f25d908ca0d34fc74c74606059a"
-  integrity sha512-vg8Gih2MLK+kOkHJp4gBEIkyaIi00jgWot2D9QOmmfLC8jINSOzmCLta6Bvz/JSBCqnegV0L80jhxkol5GWNfQ==
+"@babel/compat-data@^7.20.5", "@babel/compat-data@^7.22.6", "@babel/compat-data@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.24.7.tgz#d23bbea508c3883ba8251fb4164982c36ea577ed"
+  integrity sha512-qJzAIcv03PyaWqxRgO4mSU3lihncDT296vnyuE2O8uA4w3UHWI4S3hgeZd1L8W1Bft40w9JxJ2b412iDUFFRhw==
 
 "@babel/core@7.12.9":
   version "7.12.9"
@@ -161,99 +161,100 @@
     semver "^5.4.1"
     source-map "^0.5.0"
 
-"@babel/core@^7.1.0", "@babel/core@^7.11.6", "@babel/core@^7.12.10", "@babel/core@^7.12.3", "@babel/core@^7.24.4", "@babel/core@^7.7.5":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.4.tgz#1f758428e88e0d8c563874741bc4ffc4f71a4717"
-  integrity sha512-MBVlMXP+kkl5394RBLSxxk/iLTeVGuXTV3cIDXavPpMMqnSnt6apKgan/U8O3USWZCWZT/TbgfEpKa4uMgN4Dg==
+"@babel/core@^7.1.0", "@babel/core@^7.11.6", "@babel/core@^7.12.10", "@babel/core@^7.12.3", "@babel/core@^7.24.7", "@babel/core@^7.7.5":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.7.tgz#b676450141e0b52a3d43bc91da86aa608f950ac4"
+  integrity sha512-nykK+LEK86ahTkX/3TgauT0ikKoNCfKHEaZYTUVupJdTLzGNvrblu4u6fa7DhZONAltdf8e662t/abY8idrd/g==
   dependencies:
     "@ampproject/remapping" "^2.2.0"
-    "@babel/code-frame" "^7.24.2"
-    "@babel/generator" "^7.24.4"
-    "@babel/helper-compilation-targets" "^7.23.6"
-    "@babel/helper-module-transforms" "^7.23.3"
-    "@babel/helpers" "^7.24.4"
-    "@babel/parser" "^7.24.4"
-    "@babel/template" "^7.24.0"
-    "@babel/traverse" "^7.24.1"
-    "@babel/types" "^7.24.0"
+    "@babel/code-frame" "^7.24.7"
+    "@babel/generator" "^7.24.7"
+    "@babel/helper-compilation-targets" "^7.24.7"
+    "@babel/helper-module-transforms" "^7.24.7"
+    "@babel/helpers" "^7.24.7"
+    "@babel/parser" "^7.24.7"
+    "@babel/template" "^7.24.7"
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
     convert-source-map "^2.0.0"
     debug "^4.1.0"
     gensync "^1.0.0-beta.2"
     json5 "^2.2.3"
     semver "^6.3.1"
 
-"@babel/eslint-parser@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz#e27eee93ed1d271637165ef3a86e2b9332395c32"
-  integrity sha512-d5guuzMlPeDfZIbpQ8+g1NaCNuAGBBGNECh0HVqz1sjOeVLh2CEaifuOysCH18URW6R7pqXINvf5PaR/dC6jLQ==
+"@babel/eslint-parser@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/eslint-parser/-/eslint-parser-7.24.7.tgz#27ebab1a1ec21f48ae191a8aaac5b82baf80d9c7"
+  integrity sha512-SO5E3bVxDuxyNxM5agFv480YA2HO6ohZbGxbazZdIk3KQOPOGVNw6q78I9/lbviIf95eq6tPozeYnJLbjnC8IA==
   dependencies:
     "@nicolo-ribaudo/eslint-scope-5-internals" "5.1.1-v1"
     eslint-visitor-keys "^2.1.0"
     semver "^6.3.1"
 
-"@babel/eslint-plugin@^7.23.5":
-  version "7.23.5"
-  resolved "https://registry.yarnpkg.com/@babel/eslint-plugin/-/eslint-plugin-7.23.5.tgz#77d4703e9f83b81e9fc13382810372beb2f10f94"
-  integrity sha512-03+E/58Hoo/ui69gR+beFdGpplpoVK0BSIdke2iw4/Bz7eGN0ssRenNlnU4nmbkowNQOPCStKSwFr8H6DiY49g==
+"@babel/eslint-plugin@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/eslint-plugin/-/eslint-plugin-7.24.7.tgz#ebdab31638cdcc720f0c788813066e9b5c0b3e29"
+  integrity sha512-lODNPJnM+OfcxxBvdmI2YmUeC0fBK3k9yET5O+1Eukr8d5VpO19c6ARtNheE2t2i/8XNYTzp3HeGEAAGZH3nnQ==
   dependencies:
     eslint-rule-composer "^0.3.0"
 
-"@babel/generator@^7.12.11", "@babel/generator@^7.12.5", "@babel/generator@^7.24.1", "@babel/generator@^7.24.4", "@babel/generator@^7.7.2":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.24.4.tgz#1fc55532b88adf952025d5d2d1e71f946cb1c498"
-  integrity sha512-Xd6+v6SnjWVx/nus+y0l1sxMOTOMBkyL4+BIdbALyatQnAe/SRVjANeDPSCYaX+i1iJmuGSKf3Z+E+V/va1Hvw==
+"@babel/generator@^7.12.11", "@babel/generator@^7.12.5", "@babel/generator@^7.24.7", "@babel/generator@^7.7.2":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.24.7.tgz#1654d01de20ad66b4b4d99c135471bc654c55e6d"
+  integrity sha512-oipXieGC3i45Y1A41t4tAqpnEZWgB/lC6Ehh6+rOviR5XWpTtMmLN+fGjz9vOiNRt0p6RtO6DtD0pdU3vpqdSA==
   dependencies:
-    "@babel/types" "^7.24.0"
+    "@babel/types" "^7.24.7"
     "@jridgewell/gen-mapping" "^0.3.5"
     "@jridgewell/trace-mapping" "^0.3.25"
     jsesc "^2.5.1"
 
-"@babel/helper-annotate-as-pure@^7.18.6", "@babel/helper-annotate-as-pure@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz#e7f06737b197d580a01edf75d97e2c8be99d3882"
-  integrity sha512-LvBTxu8bQSQkcyKOU+a1btnNFQ1dMAd0R6PyW3arXes06F6QLWLIrd681bxRPIXlrMGR3XYnW9JyML7dP3qgxg==
+"@babel/helper-annotate-as-pure@^7.18.6", "@babel/helper-annotate-as-pure@^7.22.5", "@babel/helper-annotate-as-pure@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.24.7.tgz#5373c7bc8366b12a033b4be1ac13a206c6656aab"
+  integrity sha512-BaDeOonYvhdKw+JoMVkAixAAJzG2jVPIwWoKBPdYuY9b452e2rPuI9QPYh3KpofZ3pW2akOmwZLOiOsHMiqRAg==
   dependencies:
-    "@babel/types" "^7.22.5"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-builder-binary-assignment-operator-visitor@^7.22.15":
-  version "7.22.15"
-  resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.15.tgz#5426b109cf3ad47b91120f8328d8ab1be8b0b956"
-  integrity sha512-QkBXwGgaoC2GtGZRoma6kv7Szfv06khvhFav67ZExau2RaXzy8MpHSMO2PNoP2XtmQphJQRHFfg77Bq731Yizw==
+"@babel/helper-builder-binary-assignment-operator-visitor@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.24.7.tgz#37d66feb012024f2422b762b9b2a7cfe27c7fba3"
+  integrity sha512-xZeCVVdwb4MsDBkkyZ64tReWYrLRHlMN72vP7Bdm3OUOuyFZExhsHUUnuWnm2/XOlAJzR0LfPpB56WXZn0X/lA==
   dependencies:
-    "@babel/types" "^7.22.15"
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-compilation-targets@^7.13.0", "@babel/helper-compilation-targets@^7.20.7", "@babel/helper-compilation-targets@^7.22.6", "@babel/helper-compilation-targets@^7.23.6":
-  version "7.23.6"
-  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz#4d79069b16cbcf1461289eccfbbd81501ae39991"
-  integrity sha512-9JB548GZoQVmzrFgp8o7KxdgkTGm6xs9DW0o/Pim72UDjzr5ObUQ6ZzYPqA+g9OTS2bBQoctLJrky0RDCAWRgQ==
+"@babel/helper-compilation-targets@^7.13.0", "@babel/helper-compilation-targets@^7.20.7", "@babel/helper-compilation-targets@^7.22.6", "@babel/helper-compilation-targets@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.24.7.tgz#4eb6c4a80d6ffeac25ab8cd9a21b5dfa48d503a9"
+  integrity sha512-ctSdRHBi20qWOfy27RUb4Fhp07KSJ3sXcuSvTrXrc4aG8NSYDo1ici3Vhg9bg69y5bj0Mr1lh0aeEgTvc12rMg==
   dependencies:
-    "@babel/compat-data" "^7.23.5"
-    "@babel/helper-validator-option" "^7.23.5"
+    "@babel/compat-data" "^7.24.7"
+    "@babel/helper-validator-option" "^7.24.7"
     browserslist "^4.22.2"
     lru-cache "^5.1.1"
     semver "^6.3.1"
 
-"@babel/helper-create-class-features-plugin@^7.18.6", "@babel/helper-create-class-features-plugin@^7.24.1", "@babel/helper-create-class-features-plugin@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.4.tgz#c806f73788a6800a5cfbbc04d2df7ee4d927cce3"
-  integrity sha512-lG75yeuUSVu0pIcbhiYMXBXANHrpUPaOfu7ryAzskCgKUHuAxRQI5ssrtmF0X9UXldPlvT0XM/A4F44OXRt6iQ==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-function-name" "^7.23.0"
-    "@babel/helper-member-expression-to-functions" "^7.23.0"
-    "@babel/helper-optimise-call-expression" "^7.22.5"
-    "@babel/helper-replace-supers" "^7.24.1"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5"
-    "@babel/helper-split-export-declaration" "^7.22.6"
+"@babel/helper-create-class-features-plugin@^7.18.6", "@babel/helper-create-class-features-plugin@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.7.tgz#2eaed36b3a1c11c53bdf80d53838b293c52f5b3b"
+  integrity sha512-kTkaDl7c9vO80zeX1rJxnuRpEsD5tA81yh11X1gQo+PhSti3JS+7qeZo9U4RHobKRiFPKaGK3svUAeb8D0Q7eg==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-function-name" "^7.24.7"
+    "@babel/helper-member-expression-to-functions" "^7.24.7"
+    "@babel/helper-optimise-call-expression" "^7.24.7"
+    "@babel/helper-replace-supers" "^7.24.7"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
+    "@babel/helper-split-export-declaration" "^7.24.7"
     semver "^6.3.1"
 
-"@babel/helper-create-regexp-features-plugin@^7.22.15", "@babel/helper-create-regexp-features-plugin@^7.22.5":
-  version "7.22.15"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.15.tgz#5ee90093914ea09639b01c711db0d6775e558be1"
-  integrity sha512-29FkPLFjn4TPEa3RE7GpW+qbE8tlsu3jntNYNfcGsc49LphF1PQIiD+vMZ1z1xVOKt+93khA9tc2JBs3kBjA7w==
+"@babel/helper-create-regexp-features-plugin@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.24.7.tgz#be4f435a80dc2b053c76eeb4b7d16dd22cfc89da"
+  integrity sha512-03TCmXy2FtXJEZfbXDTSqq1fRJArk7lX9DOFC/47VthYcxyIOx+eXQmdo6DOQvrbpIix+KfXwvuXdFDZHxt+rA==
   dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
+    "@babel/helper-annotate-as-pure" "^7.24.7"
     regexpu-core "^5.3.1"
     semver "^6.3.1"
 
@@ -282,186 +283,192 @@
     lodash.debounce "^4.0.8"
     resolve "^1.14.2"
 
-"@babel/helper-environment-visitor@^7.22.20":
-  version "7.22.20"
-  resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz#96159db61d34a29dba454c959f5ae4a649ba9167"
-  integrity sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==
+"@babel/helper-environment-visitor@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.24.7.tgz#4b31ba9551d1f90781ba83491dd59cf9b269f7d9"
+  integrity sha512-DoiN84+4Gnd0ncbBOM9AZENV4a5ZiL39HYMyZJGZ/AZEykHYdJw0wW3kdcsh9/Kn+BRXHLkkklZ51ecPKmI1CQ==
+  dependencies:
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-function-name@^7.22.5", "@babel/helper-function-name@^7.23.0":
-  version "7.23.0"
-  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz#1f9a3cdbd5b2698a670c30d2735f9af95ed52759"
-  integrity sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==
+"@babel/helper-function-name@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.24.7.tgz#75f1e1725742f39ac6584ee0b16d94513da38dd2"
+  integrity sha512-FyoJTsj/PEUWu1/TYRiXTIHc8lbw+TDYkZuoE43opPS5TrI7MyONBE1oNvfguEXAD9yhQRrVBnXdXzSLQl9XnA==
   dependencies:
-    "@babel/template" "^7.22.15"
-    "@babel/types" "^7.23.0"
+    "@babel/template" "^7.24.7"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-hoist-variables@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb"
-  integrity sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==
+"@babel/helper-hoist-variables@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.24.7.tgz#b4ede1cde2fd89436397f30dc9376ee06b0f25ee"
+  integrity sha512-MJJwhkoGy5c4ehfoRyrJ/owKeMl19U54h27YYftT0o2teQ3FJ3nQUf/I3LlJsX4l3qlw7WRXUmiyajvHXoTubQ==
   dependencies:
-    "@babel/types" "^7.22.5"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-member-expression-to-functions@^7.23.0":
-  version "7.23.0"
-  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz#9263e88cc5e41d39ec18c9a3e0eced59a3e7d366"
-  integrity sha512-6gfrPwh7OuT6gZyJZvd6WbTfrqAo7vm4xCzAXOusKqq/vWdKXphTpj5klHKNmRUU6/QRGlBsyU9mAIPaWHlqJA==
+"@babel/helper-member-expression-to-functions@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.24.7.tgz#67613d068615a70e4ed5101099affc7a41c5225f"
+  integrity sha512-LGeMaf5JN4hAT471eJdBs/GK1DoYIJ5GCtZN/EsL6KUiiDZOvO/eKE11AMZJa2zP4zk4qe9V2O/hxAmkRc8p6w==
   dependencies:
-    "@babel/types" "^7.23.0"
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-module-imports@^7.0.0", "@babel/helper-module-imports@^7.12.13", "@babel/helper-module-imports@^7.16.7", "@babel/helper-module-imports@^7.22.15", "@babel/helper-module-imports@^7.22.5", "@babel/helper-module-imports@^7.24.1", "@babel/helper-module-imports@^7.24.3":
-  version "7.24.3"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz#6ac476e6d168c7c23ff3ba3cf4f7841d46ac8128"
-  integrity sha512-viKb0F9f2s0BCS22QSF308z/+1YWKV/76mwt61NBzS5izMzDPwdq1pTrzf+Li3npBWX9KdQbkeCt1jSAM7lZqg==
+"@babel/helper-module-imports@^7.0.0", "@babel/helper-module-imports@^7.12.13", "@babel/helper-module-imports@^7.16.7", "@babel/helper-module-imports@^7.22.5", "@babel/helper-module-imports@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.24.7.tgz#f2f980392de5b84c3328fc71d38bd81bbb83042b"
+  integrity sha512-8AyH3C+74cgCVVXow/myrynrAGv+nTVg5vKu2nZph9x7RcRwzmh0VFallJuFTZ9mx6u4eSdXZfcOzSqTUm0HCA==
   dependencies:
-    "@babel/types" "^7.24.0"
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
 
-"@babel/helper-module-transforms@^7.12.1", "@babel/helper-module-transforms@^7.23.3":
-  version "7.23.3"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz#d7d12c3c5d30af5b3c0fcab2a6d5217773e2d0f1"
-  integrity sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ==
+"@babel/helper-module-transforms@^7.12.1", "@babel/helper-module-transforms@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.24.7.tgz#31b6c9a2930679498db65b685b1698bfd6c7daf8"
+  integrity sha512-1fuJEwIrp+97rM4RWdO+qrRsZlAeL1lQJoPqtCYWv0NL115XM93hIH4CSRln2w52SqvmY5hqdtauB6QFCDiZNQ==
   dependencies:
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-module-imports" "^7.22.15"
-    "@babel/helper-simple-access" "^7.22.5"
-    "@babel/helper-split-export-declaration" "^7.22.6"
-    "@babel/helper-validator-identifier" "^7.22.20"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-module-imports" "^7.24.7"
+    "@babel/helper-simple-access" "^7.24.7"
+    "@babel/helper-split-export-declaration" "^7.24.7"
+    "@babel/helper-validator-identifier" "^7.24.7"
 
-"@babel/helper-optimise-call-expression@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz#f21531a9ccbff644fdd156b4077c16ff0c3f609e"
-  integrity sha512-HBwaojN0xFRx4yIvpwGqxiV2tUfl7401jlok564NgB9EHS1y6QT17FmKWm4ztqjeVdXLuC4fSvHc5ePpQjoTbw==
+"@babel/helper-optimise-call-expression@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.24.7.tgz#8b0a0456c92f6b323d27cfd00d1d664e76692a0f"
+  integrity sha512-jKiTsW2xmWwxT1ixIdfXUZp+P5yURx2suzLZr5Hi64rURpDYdMW0pv+Uf17EYk2Rd428Lx4tLsnjGJzYKDM/6A==
   dependencies:
-    "@babel/types" "^7.22.5"
+    "@babel/types" "^7.24.7"
 
 "@babel/helper-plugin-utils@7.10.4":
   version "7.10.4"
   resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.4.tgz#2f75a831269d4f677de49986dff59927533cf375"
   integrity sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==
 
-"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.13.0", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.18.9", "@babel/helper-plugin-utils@^7.19.0", "@babel/helper-plugin-utils@^7.20.2", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.24.0", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
-  version "7.24.0"
-  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz#945681931a52f15ce879fd5b86ce2dae6d3d7f2a"
-  integrity sha512-9cUznXMG0+FxRuJfvL82QlTqIzhVW9sL0KjMPHhAOOvpQGL8QtdxnBKILjBqxlHyliz0yCa1G903ZXI/FuHy2w==
-
-"@babel/helper-remap-async-to-generator@^7.22.20":
-  version "7.22.20"
-  resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz#7b68e1cb4fa964d2996fd063723fb48eca8498e0"
-  integrity sha512-pBGyV4uBqOns+0UvhsTO8qgl8hO89PmiDYv+/COyp1aeMcmfrfruz+/nCMFiYyFF/Knn0yfrC85ZzNFjembFTw==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-wrap-function" "^7.22.20"
-
-"@babel/helper-replace-supers@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.24.1.tgz#7085bd19d4a0b7ed8f405c1ed73ccb70f323abc1"
-  integrity sha512-QCR1UqC9BzG5vZl8BMicmZ28RuUBnHhAMddD8yHFHDRH9lLTZ9uUPehX8ctVPT8l0TKblJidqcgUUKGVrePleQ==
-  dependencies:
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-member-expression-to-functions" "^7.23.0"
-    "@babel/helper-optimise-call-expression" "^7.22.5"
-
-"@babel/helper-simple-access@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz#4938357dc7d782b80ed6dbb03a0fba3d22b1d5de"
-  integrity sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==
-  dependencies:
-    "@babel/types" "^7.22.5"
-
-"@babel/helper-skip-transparent-expression-wrappers@^7.20.0", "@babel/helper-skip-transparent-expression-wrappers@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz#007f15240b5751c537c40e77abb4e89eeaaa8847"
-  integrity sha512-tK14r66JZKiC43p8Ki33yLBVJKlQDFoA8GYN67lWCDCqoL6EMMSuM9b+Iff2jHaM/RRFYl7K+iiru7hbRqNx8Q==
-  dependencies:
-    "@babel/types" "^7.22.5"
-
-"@babel/helper-split-export-declaration@^7.22.6":
-  version "7.22.6"
-  resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz#322c61b7310c0997fe4c323955667f18fcefb91c"
-  integrity sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==
-  dependencies:
-    "@babel/types" "^7.22.5"
-
-"@babel/helper-string-parser@^7.19.4", "@babel/helper-string-parser@^7.22.5", "@babel/helper-string-parser@^7.23.4":
-  version "7.23.4"
-  resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz#9478c707febcbbe1ddb38a3d91a2e054ae622d83"
-  integrity sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==
-
-"@babel/helper-validator-identifier@^7.19.1", "@babel/helper-validator-identifier@^7.22.20":
-  version "7.22.20"
-  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0"
-  integrity sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==
-
-"@babel/helper-validator-option@^7.18.6", "@babel/helper-validator-option@^7.23.5":
-  version "7.23.5"
-  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz#907a3fbd4523426285365d1206c423c4c5520307"
-  integrity sha512-85ttAOMLsr53VgXkTbkx8oA6YTfT4q7/HzXSLEYmjcSTJPMPQtvq1BD79Byep5xMUYbGRzEpDsjUf3dyp54IKw==
-
-"@babel/helper-wrap-function@^7.22.20":
-  version "7.22.20"
-  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.22.20.tgz#15352b0b9bfb10fc9c76f79f6342c00e3411a569"
-  integrity sha512-pms/UwkOpnQe/PDAEdV/d7dVCoBbB+R4FvYoHGZz+4VPcg7RtYy2KP7S2lbuWM6FCSgob5wshfGESbC/hzNXZw==
-  dependencies:
-    "@babel/helper-function-name" "^7.22.5"
-    "@babel/template" "^7.22.15"
-    "@babel/types" "^7.22.19"
-
-"@babel/helpers@^7.12.5", "@babel/helpers@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.24.4.tgz#dc00907fd0d95da74563c142ef4cd21f2cb856b6"
-  integrity sha512-FewdlZbSiwaVGlgT1DPANDuCHaDMiOo+D/IDYRFYjHOuv66xMSJ7fQwwODwRNAPkADIO/z1EoF/l2BCWlWABDw==
-  dependencies:
-    "@babel/template" "^7.24.0"
-    "@babel/traverse" "^7.24.1"
-    "@babel/types" "^7.24.0"
-
-"@babel/highlight@^7.24.2":
-  version "7.24.2"
-  resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.24.2.tgz#3f539503efc83d3c59080a10e6634306e0370d26"
-  integrity sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==
-  dependencies:
-    "@babel/helper-validator-identifier" "^7.22.20"
+"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.13.0", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.18.9", "@babel/helper-plugin-utils@^7.19.0", "@babel/helper-plugin-utils@^7.20.2", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.24.7", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.7.tgz#98c84fe6fe3d0d3ae7bfc3a5e166a46844feb2a0"
+  integrity sha512-Rq76wjt7yz9AAc1KnlRKNAi/dMSVWgDRx43FHoJEbcYU6xOWaE2dVPwcdTukJrjxS65GITyfbvEYHvkirZ6uEg==
+
+"@babel/helper-remap-async-to-generator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.24.7.tgz#b3f0f203628522713849d49403f1a414468be4c7"
+  integrity sha512-9pKLcTlZ92hNZMQfGCHImUpDOlAgkkpqalWEeftW5FBya75k8Li2ilerxkM/uBEj01iBZXcCIB/bwvDYgWyibA==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-wrap-function" "^7.24.7"
+
+"@babel/helper-replace-supers@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.24.7.tgz#f933b7eed81a1c0265740edc91491ce51250f765"
+  integrity sha512-qTAxxBM81VEyoAY0TtLrx1oAEJc09ZK67Q9ljQToqCnA+55eNwCORaxlKyu+rNfX86o8OXRUSNUnrtsAZXM9sg==
+  dependencies:
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-member-expression-to-functions" "^7.24.7"
+    "@babel/helper-optimise-call-expression" "^7.24.7"
+
+"@babel/helper-simple-access@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.24.7.tgz#bcade8da3aec8ed16b9c4953b74e506b51b5edb3"
+  integrity sha512-zBAIvbCMh5Ts+b86r/CjU+4XGYIs+R1j951gxI3KmmxBMhCg4oQMsv6ZXQ64XOm/cvzfU1FmoCyt6+owc5QMYg==
+  dependencies:
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
+
+"@babel/helper-skip-transparent-expression-wrappers@^7.20.0", "@babel/helper-skip-transparent-expression-wrappers@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.24.7.tgz#5f8fa83b69ed5c27adc56044f8be2b3ea96669d9"
+  integrity sha512-IO+DLT3LQUElMbpzlatRASEyQtfhSE0+m465v++3jyyXeBTBUjtVZg28/gHeV5mrTJqvEKhKroBGAvhW+qPHiQ==
+  dependencies:
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
+
+"@babel/helper-split-export-declaration@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.24.7.tgz#83949436890e07fa3d6873c61a96e3bbf692d856"
+  integrity sha512-oy5V7pD+UvfkEATUKvIjvIAH/xCzfsFVw7ygW2SI6NClZzquT+mwdTfgfdbUiceh6iQO0CHtCPsyze/MZ2YbAA==
+  dependencies:
+    "@babel/types" "^7.24.7"
+
+"@babel/helper-string-parser@^7.19.4", "@babel/helper-string-parser@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.24.7.tgz#4d2d0f14820ede3b9807ea5fc36dfc8cd7da07f2"
+  integrity sha512-7MbVt6xrwFQbunH2DNQsAP5sTGxfqQtErvBIvIMi6EQnbgUOuVYanvREcmFrOPhoXBrTtjhhP+lW+o5UfK+tDg==
+
+"@babel/helper-validator-identifier@^7.19.1", "@babel/helper-validator-identifier@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz#75b889cfaf9e35c2aaf42cf0d72c8e91719251db"
+  integrity sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==
+
+"@babel/helper-validator-option@^7.18.6", "@babel/helper-validator-option@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.24.7.tgz#24c3bb77c7a425d1742eec8fb433b5a1b38e62f6"
+  integrity sha512-yy1/KvjhV/ZCL+SM7hBrvnZJ3ZuT9OuZgIJAGpPEToANvc3iM6iDvBnRjtElWibHU6n8/LPR/EjX9EtIEYO3pw==
+
+"@babel/helper-wrap-function@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.24.7.tgz#52d893af7e42edca7c6d2c6764549826336aae1f"
+  integrity sha512-N9JIYk3TD+1vq/wn77YnJOqMtfWhNewNE+DJV4puD2X7Ew9J4JvrzrFDfTfyv5EgEXVy9/Wt8QiOErzEmv5Ifw==
+  dependencies:
+    "@babel/helper-function-name" "^7.24.7"
+    "@babel/template" "^7.24.7"
+    "@babel/traverse" "^7.24.7"
+    "@babel/types" "^7.24.7"
+
+"@babel/helpers@^7.12.5", "@babel/helpers@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.24.7.tgz#aa2ccda29f62185acb5d42fb4a3a1b1082107416"
+  integrity sha512-NlmJJtvcw72yRJRcnCmGvSi+3jDEg8qFu3z0AFoymmzLx5ERVWyzd9kVXr7Th9/8yIJi2Zc6av4Tqz3wFs8QWg==
+  dependencies:
+    "@babel/template" "^7.24.7"
+    "@babel/types" "^7.24.7"
+
+"@babel/highlight@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.24.7.tgz#a05ab1df134b286558aae0ed41e6c5f731bf409d"
+  integrity sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==
+  dependencies:
+    "@babel/helper-validator-identifier" "^7.24.7"
     chalk "^2.4.2"
     js-tokens "^4.0.0"
     picocolors "^1.0.0"
 
-"@babel/parser@^7.1.0", "@babel/parser@^7.10.3", "@babel/parser@^7.12.11", "@babel/parser@^7.12.7", "@babel/parser@^7.14.7", "@babel/parser@^7.20.7", "@babel/parser@^7.21.8", "@babel/parser@^7.23.0", "@babel/parser@^7.24.0", "@babel/parser@^7.24.1", "@babel/parser@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.24.4.tgz#234487a110d89ad5a3ed4a8a566c36b9453e8c88"
-  integrity sha512-zTvEBcghmeBma9QIGunWevvBAp4/Qu9Bdq+2k0Ot4fVMD6v3dsC9WOcRSKk7tRRyBM/53yKMJko9xOatGQAwSg==
+"@babel/parser@^7.1.0", "@babel/parser@^7.10.3", "@babel/parser@^7.12.11", "@babel/parser@^7.12.7", "@babel/parser@^7.14.7", "@babel/parser@^7.20.7", "@babel/parser@^7.21.8", "@babel/parser@^7.23.0", "@babel/parser@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.24.7.tgz#9a5226f92f0c5c8ead550b750f5608e766c8ce85"
+  integrity sha512-9uUYRm6OqQrCqQdG1iCBwBPZgN8ciDBro2nIOFaiRz1/BCxaI7CNvQbDHvsArAC7Tw9Hda/B3U+6ui9u4HWXPw==
 
-"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.24.4.tgz#6125f0158543fb4edf1c22f322f3db67f21cb3e1"
-  integrity sha512-qpl6vOOEEzTLLcsuqYYo8yDtrTocmu2xkGvgNebvPjT9DTtfFYGmgDqY+rBYXNlqL4s9qLDn6xkrJv4RxAPiTA==
+"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.24.7.tgz#fd059fd27b184ea2b4c7e646868a9a381bbc3055"
+  integrity sha512-TiT1ss81W80eQsN+722OaeQMY/G4yTb4G9JrqeiDADs3N8lbPMGldWi9x8tyqCW5NLx1Jh2AvkE6r6QvEltMMQ==
   dependencies:
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.24.1.tgz#b645d9ba8c2bc5b7af50f0fe949f9edbeb07c8cf"
-  integrity sha512-y4HqEnkelJIOQGd+3g1bTeKsA5c6qM7eOn7VggGVbBc0y8MLSKHacwcIE2PplNlQSj0PqS9rrXL/nkPVK+kUNg==
+"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.24.7.tgz#468096ca44bbcbe8fcc570574e12eb1950e18107"
+  integrity sha512-unaQgZ/iRu/By6tsjMZzpeBZjChYfLYry6HrEXPoz3KmfF0sVBQ1l8zKMQ4xRGLWVsjuvB8nQfjNP/DcfEOCsg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.24.1.tgz#da8261f2697f0f41b0855b91d3a20a1fbfd271d3"
-  integrity sha512-Hj791Ii4ci8HqnaKHAlLNs+zaLXb0EzSDhiAWp5VNlyvCNymYfacs64pxTxbH1znW/NcArSmwpmG9IKE/TUVVQ==
+"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.24.7.tgz#e4eabdd5109acc399b38d7999b2ef66fc2022f89"
+  integrity sha512-+izXIbke1T33mY4MSNnrqhPXDz01WYhEf3yF5NbnUtkiNnm+XBZJl3kNfoK6NKmYlz/D07+l2GWVK/QfDkNCuQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5"
-    "@babel/plugin-transform-optional-chaining" "^7.24.1"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
+    "@babel/plugin-transform-optional-chaining" "^7.24.7"
 
-"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.24.1.tgz#1181d9685984c91d657b8ddf14f0487a6bab2988"
-  integrity sha512-m9m/fXsXLiHfwdgydIFnpk+7jlVbnvlK5B2EKiPdLUb6WX654ZaaEWJUjk8TftRbZpK0XibovlLWX4KIZhV6jw==
+"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.24.7.tgz#71b21bb0286d5810e63a1538aa901c58e87375ec"
+  integrity sha512-utA4HuR6F4Vvcr+o4DnjL8fCOlgRFGbeeBEGNg3ZTrLFw6VWG5XmUrvcQ0FjIYMU2ST4XcR2Wsp7t9qOAPnxMg==
   dependencies:
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-proposal-class-properties@^7.12.1":
   version "7.18.6"
@@ -471,14 +478,14 @@
     "@babel/helper-create-class-features-plugin" "^7.18.6"
     "@babel/helper-plugin-utils" "^7.18.6"
 
-"@babel/plugin-proposal-decorators@^7.12.12", "@babel/plugin-proposal-decorators@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.24.1.tgz#bab2b9e174a2680f0a80f341f3ec70f809f8bb4b"
-  integrity sha512-zPEvzFijn+hRvJuX2Vu3KbEBN39LN3f7tW3MQO2LsIs57B26KU+kUc82BdAktS1VCM6libzh45eKGI65lg0cpA==
+"@babel/plugin-proposal-decorators@^7.12.12", "@babel/plugin-proposal-decorators@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.24.7.tgz#7e2dcfeda4a42596b57c4c9de1f5176bbfc532e3"
+  integrity sha512-RL9GR0pUG5Kc8BUWLNDm2T5OpYwSX15r98I0IkgmRQTXuELq/OynH8xtMTMvTJFjXbMWFVTKtYkTaYQsuAwQlQ==
   dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.24.1"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/plugin-syntax-decorators" "^7.24.1"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/plugin-syntax-decorators" "^7.24.7"
 
 "@babel/plugin-proposal-export-default-from@^7.12.1":
   version "7.18.10"
@@ -584,12 +591,12 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.14.5"
 
-"@babel/plugin-syntax-decorators@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.24.1.tgz#71d9ad06063a6ac5430db126b5df48c70ee885fa"
-  integrity sha512-05RJdO/cCrtVWuAaSn1tS3bH8jbsJa/Y1uD186u6J4C/1mnHFxseeuWpsqr9anvo7TUulev7tm7GDwRV+VuhDw==
+"@babel/plugin-syntax-decorators@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.24.7.tgz#e4f8a0a8778ccec669611cd5aed1ed8e6e3a6fcf"
+  integrity sha512-Ui4uLJJrRV1lb38zg1yYTmRKmiZLiftDEvZN2iq3kd9kUFU+PttmzTbAFC2ucRk/XJmtek6G23gPsuZbhrT8fQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-syntax-dynamic-import@^7.8.3":
   version "7.8.3"
@@ -619,19 +626,19 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.18.6"
 
-"@babel/plugin-syntax-import-assertions@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.24.1.tgz#db3aad724153a00eaac115a3fb898de544e34971"
-  integrity sha512-IuwnI5XnuF189t91XbxmXeCDz3qs6iDRO7GJ++wcfgeXNs/8FmIlKcpDSXNVyuLQxlwvskmI3Ct73wUODkJBlQ==
+"@babel/plugin-syntax-import-assertions@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.24.7.tgz#2a0b406b5871a20a841240586b1300ce2088a778"
+  integrity sha512-Ec3NRUMoi8gskrkBe3fNmEQfxDvY8bgfQpz6jlk/41kX9eUjvpyqWU7PBP/pLAvMaSQjbMNKJmvX57jP+M6bPg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-syntax-import-attributes@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.24.1.tgz#c66b966c63b714c4eec508fcf5763b1f2d381093"
-  integrity sha512-zhQTMH0X2nVLnb04tz+s7AMuasX8U0FnpE+nHTOhSOINjWMnopoZTxtIKsd45n4GQ/HIZLyfIpoul8e2m0DnRA==
+"@babel/plugin-syntax-import-attributes@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.24.7.tgz#b4f9ea95a79e6912480c4b626739f86a076624ca"
+  integrity sha512-hbX+lKKeUMGihnK8nvKqmXBInriT3GVjzXKFriV3YC6APGxMbP8RZNFwy91+hocLXq90Mta+HshoB31802bb8A==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-syntax-import-meta@^7.10.4", "@babel/plugin-syntax-import-meta@^7.8.3":
   version "7.10.4"
@@ -654,12 +661,12 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.10.4"
 
-"@babel/plugin-syntax-jsx@^7.17.12", "@babel/plugin-syntax-jsx@^7.22.5", "@babel/plugin-syntax-jsx@^7.23.3", "@babel/plugin-syntax-jsx@^7.24.1", "@babel/plugin-syntax-jsx@^7.7.2":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz#3f6ca04b8c841811dbc3c5c5f837934e0d626c10"
-  integrity sha512-2eCtxZXf+kbkMIsXS4poTvT4Yu5rXiRa+9xGVT56raghjmBTKMpFNc9R4IDiB4emao9eO22Ox7CxuJG7BgExqA==
+"@babel/plugin-syntax-jsx@^7.17.12", "@babel/plugin-syntax-jsx@^7.22.5", "@babel/plugin-syntax-jsx@^7.24.7", "@babel/plugin-syntax-jsx@^7.7.2":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.7.tgz#39a1fa4a7e3d3d7f34e2acc6be585b718d30e02d"
+  integrity sha512-6ddciUPe/mpMnOKv/U+RSd2vvVy+Yw/JfBB0ZHYjEZt9NLHmCUylNYlsbqCCS1Bffjlb0fCwC9Vqz+sBz6PsiQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-syntax-logical-assignment-operators@^7.10.4", "@babel/plugin-syntax-logical-assignment-operators@^7.8.3":
   version "7.10.4"
@@ -717,12 +724,12 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.14.5"
 
-"@babel/plugin-syntax-typescript@^7.24.1", "@babel/plugin-syntax-typescript@^7.7.2":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz#b3bcc51f396d15f3591683f90239de143c076844"
-  integrity sha512-Yhnmvy5HZEnHUty6i++gcfH1/l68AHnItFHnaCv6hn9dNh0hQvvQJsxpi4BMBFN5DLeHBuucT/0DgzXif/OyRw==
+"@babel/plugin-syntax-typescript@^7.24.7", "@babel/plugin-syntax-typescript@^7.7.2":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.7.tgz#58d458271b4d3b6bb27ee6ac9525acbb259bad1c"
+  integrity sha512-c/+fVeJBB0FeKsFvwytYiUD+LBvhHjGSI0g446PRGdSVGZLRNArBUno2PETbAly3tpiNAQR5XaZ+JslxkotsbA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-syntax-unicode-sets-regex@^7.18.6":
   version "7.18.6"
@@ -731,129 +738,129 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.18.6"
 
-"@babel/plugin-transform-arrow-functions@^7.12.1", "@babel/plugin-transform-arrow-functions@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.24.1.tgz#2bf263617060c9cc45bcdbf492b8cc805082bf27"
-  integrity sha512-ngT/3NkRhsaep9ck9uj2Xhv9+xB1zShY3tM3g6om4xxCELwCDN4g4Aq5dRn48+0hasAql7s2hdBOysCfNpr4fw==
+"@babel/plugin-transform-arrow-functions@^7.12.1", "@babel/plugin-transform-arrow-functions@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.24.7.tgz#4f6886c11e423bd69f3ce51dbf42424a5f275514"
+  integrity sha512-Dt9LQs6iEY++gXUwY03DNFat5C2NbO48jj+j/bSAz6b3HgPs39qcPiYt77fDObIcFwj3/C2ICX9YMwGflUoSHQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-async-generator-functions@^7.24.3":
-  version "7.24.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.24.3.tgz#8fa7ae481b100768cc9842c8617808c5352b8b89"
-  integrity sha512-Qe26CMYVjpQxJ8zxM1340JFNjZaF+ISWpr1Kt/jGo+ZTUzKkfw/pphEWbRCb+lmSM6k/TOgfYLvmbHkUQ0asIg==
+"@babel/plugin-transform-async-generator-functions@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.24.7.tgz#7330a5c50e05181ca52351b8fd01642000c96cfd"
+  integrity sha512-o+iF77e3u7ZS4AoAuJvapz9Fm001PuD2V3Lp6OSE4FYQke+cSewYtnek+THqGRWyQloRCyvWL1OkyfNEl9vr/g==
   dependencies:
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-remap-async-to-generator" "^7.22.20"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-remap-async-to-generator" "^7.24.7"
     "@babel/plugin-syntax-async-generators" "^7.8.4"
 
-"@babel/plugin-transform-async-to-generator@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.24.1.tgz#0e220703b89f2216800ce7b1c53cb0cf521c37f4"
-  integrity sha512-AawPptitRXp1y0n4ilKcGbRYWfbbzFWz2NqNu7dacYDtFtz0CMjG64b3LQsb3KIgnf4/obcUL78hfaOS7iCUfw==
+"@babel/plugin-transform-async-to-generator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.24.7.tgz#72a3af6c451d575842a7e9b5a02863414355bdcc"
+  integrity sha512-SQY01PcJfmQ+4Ash7NE+rpbLFbmqA2GPIgqzxfFTL4t1FKRq4zTms/7htKpoCUI9OcFYgzqfmCdH53s6/jn5fA==
   dependencies:
-    "@babel/helper-module-imports" "^7.24.1"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-remap-async-to-generator" "^7.22.20"
+    "@babel/helper-module-imports" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-remap-async-to-generator" "^7.24.7"
 
-"@babel/plugin-transform-block-scoped-functions@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.24.1.tgz#1c94799e20fcd5c4d4589523bbc57b7692979380"
-  integrity sha512-TWWC18OShZutrv9C6mye1xwtam+uNi2bnTOCBUd5sZxyHOiWbU6ztSROofIMrK84uweEZC219POICK/sTYwfgg==
+"@babel/plugin-transform-block-scoped-functions@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.24.7.tgz#a4251d98ea0c0f399dafe1a35801eaba455bbf1f"
+  integrity sha512-yO7RAz6EsVQDaBH18IDJcMB1HnrUn2FJ/Jslc/WtPPWcjhpUJXU/rjbwmluzp7v/ZzWcEhTMXELnnsz8djWDwQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-block-scoping@^7.12.12", "@babel/plugin-transform-block-scoping@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.24.4.tgz#28f5c010b66fbb8ccdeef853bef1935c434d7012"
-  integrity sha512-nIFUZIpGKDf9O9ttyRXpHFpKC+X3Y5mtshZONuEUYBomAKoM4y029Jr+uB1bHGPhNmK8YXHevDtKDOLmtRrp6g==
+"@babel/plugin-transform-block-scoping@^7.12.12", "@babel/plugin-transform-block-scoping@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.24.7.tgz#42063e4deb850c7bd7c55e626bf4e7ab48e6ce02"
+  integrity sha512-Nd5CvgMbWc+oWzBsuaMcbwjJWAcp5qzrbg69SZdHSP7AMY0AbWFqFO0WTFCA1jxhMCwodRwvRec8k0QUbZk7RQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-class-properties@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.24.1.tgz#bcbf1aef6ba6085cfddec9fc8d58871cf011fc29"
-  integrity sha512-OMLCXi0NqvJfORTaPQBwqLXHhb93wkBKZ4aNwMl6WtehO7ar+cmp+89iPEQPqxAnxsOKTaMcs3POz3rKayJ72g==
+"@babel/plugin-transform-class-properties@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.24.7.tgz#256879467b57b0b68c7ddfc5b76584f398cd6834"
+  integrity sha512-vKbfawVYayKcSeSR5YYzzyXvsDFWU2mD8U5TFeXtbCPLFUqe7GyCgvO6XDHzje862ODrOwy6WCPmKeWHbCFJ4w==
   dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.24.1"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-class-static-block@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.24.4.tgz#1a4653c0cf8ac46441ec406dece6e9bc590356a4"
-  integrity sha512-B8q7Pz870Hz/q9UgP8InNpY01CSLDSCyqX7zcRuv3FcPl87A2G17lASroHWaCtbdIcbYzOZ7kWmXFKbijMSmFg==
+"@babel/plugin-transform-class-static-block@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.24.7.tgz#c82027ebb7010bc33c116d4b5044fbbf8c05484d"
+  integrity sha512-HMXK3WbBPpZQufbMG4B46A90PkuuhN9vBCb5T8+VAHqvAqvcLi+2cKoukcpmUYkszLhScU3l1iudhrks3DggRQ==
   dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.24.4"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-class-static-block" "^7.14.5"
 
-"@babel/plugin-transform-classes@^7.12.1", "@babel/plugin-transform-classes@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.24.1.tgz#5bc8fc160ed96378184bc10042af47f50884dcb1"
-  integrity sha512-ZTIe3W7UejJd3/3R4p7ScyyOoafetUShSf4kCqV0O7F/RiHxVj/wRaRnQlrGwflvcehNA8M42HkAiEDYZu2F1Q==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-compilation-targets" "^7.23.6"
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-function-name" "^7.23.0"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-replace-supers" "^7.24.1"
-    "@babel/helper-split-export-declaration" "^7.22.6"
+"@babel/plugin-transform-classes@^7.12.1", "@babel/plugin-transform-classes@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.24.7.tgz#4ae6ef43a12492134138c1e45913f7c46c41b4bf"
+  integrity sha512-CFbbBigp8ln4FU6Bpy6g7sE8B/WmCmzvivzUC6xDAdWVsjYTXijpuuGJmYkAaoWAzcItGKT3IOAbxRItZ5HTjw==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-compilation-targets" "^7.24.7"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-function-name" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-replace-supers" "^7.24.7"
+    "@babel/helper-split-export-declaration" "^7.24.7"
     globals "^11.1.0"
 
-"@babel/plugin-transform-computed-properties@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.24.1.tgz#bc7e787f8e021eccfb677af5f13c29a9934ed8a7"
-  integrity sha512-5pJGVIUfJpOS+pAqBQd+QMaTD2vCL/HcePooON6pDpHgRp4gNRmzyHTPIkXntwKsq3ayUFVfJaIKPw2pOkOcTw==
+"@babel/plugin-transform-computed-properties@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.24.7.tgz#4cab3214e80bc71fae3853238d13d097b004c707"
+  integrity sha512-25cS7v+707Gu6Ds2oY6tCkUwsJ9YIDbggd9+cu9jzzDgiNq7hR/8dkzxWfKWnTic26vsI3EsCXNd4iEB6e8esQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/template" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/template" "^7.24.7"
 
-"@babel/plugin-transform-destructuring@^7.12.1", "@babel/plugin-transform-destructuring@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.1.tgz#b1e8243af4a0206841973786292b8c8dd8447345"
-  integrity sha512-ow8jciWqNxR3RYbSNVuF4U2Jx130nwnBnhRw6N6h1bOejNkABmcI5X5oz29K4alWX7vf1C+o6gtKXikzRKkVdw==
+"@babel/plugin-transform-destructuring@^7.12.1", "@babel/plugin-transform-destructuring@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.7.tgz#a097f25292defb6e6cc16d6333a4cfc1e3c72d9e"
+  integrity sha512-19eJO/8kdCQ9zISOf+SEUJM/bAUIsvY3YDnXZTupUCQ8LgrWnsG/gFB9dvXqdXnRXMAM8fvt7b0CBKQHNGy1mw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-dotall-regex@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.24.1.tgz#d56913d2f12795cc9930801b84c6f8c47513ac13"
-  integrity sha512-p7uUxgSoZwZ2lPNMzUkqCts3xlp8n+o05ikjy7gbtFJSt9gdU88jAmtfmOxHM14noQXBxfgzf2yRWECiNVhTCw==
+"@babel/plugin-transform-dotall-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.24.7.tgz#5f8bf8a680f2116a7207e16288a5f974ad47a7a0"
+  integrity sha512-ZOA3W+1RRTSWvyqcMJDLqbchh7U4NRGqwRfFSVbOLS/ePIP4vHB5e8T8eXcuqyN1QkgKyj5wuW0lcS85v4CrSw==
   dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-create-regexp-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-duplicate-keys@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.24.1.tgz#5347a797fe82b8d09749d10e9f5b83665adbca88"
-  integrity sha512-msyzuUnvsjsaSaocV6L7ErfNsa5nDWL1XKNnDePLgmz+WdU4w/J8+AxBMrWfi9m4IxfL5sZQKUPQKDQeeAT6lA==
+"@babel/plugin-transform-duplicate-keys@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.24.7.tgz#dd20102897c9a2324e5adfffb67ff3610359a8ee"
+  integrity sha512-JdYfXyCRihAe46jUIliuL2/s0x0wObgwwiGxw/UbgJBr20gQBThrokO4nYKgWkD7uBaqM7+9x5TU7NkExZJyzw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-dynamic-import@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.24.1.tgz#2a5a49959201970dd09a5fca856cb651e44439dd"
-  integrity sha512-av2gdSTyXcJVdI+8aFZsCAtR29xJt0S5tas+Ef8NvBNmD1a+N/3ecMLeMBgfcK+xzsjdLDT6oHt+DFPyeqUbDA==
+"@babel/plugin-transform-dynamic-import@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.24.7.tgz#4d8b95e3bae2b037673091aa09cd33fecd6419f4"
+  integrity sha512-sc3X26PhZQDb3JhORmakcbvkeInvxz+A8oda99lj7J60QRuPZvNAk9wQlTBS1ZynelDrDmTU4pw1tyc5d5ZMUg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-dynamic-import" "^7.8.3"
 
-"@babel/plugin-transform-exponentiation-operator@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.24.1.tgz#6650ebeb5bd5c012d5f5f90a26613a08162e8ba4"
-  integrity sha512-U1yX13dVBSwS23DEAqU+Z/PkwE9/m7QQy8Y9/+Tdb8UWYaGNDYwTLi19wqIAiROr8sXVum9A/rtiH5H0boUcTw==
+"@babel/plugin-transform-exponentiation-operator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.24.7.tgz#b629ee22645f412024297d5245bce425c31f9b0d"
+  integrity sha512-Rqe/vSc9OYgDajNIK35u7ot+KeCoetqQYFXM4Epf7M7ez3lWlOjrDjrwMei6caCVhfdw+mIKD4cgdGNy5JQotQ==
   dependencies:
-    "@babel/helper-builder-binary-assignment-operator-visitor" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-builder-binary-assignment-operator-visitor" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-export-namespace-from@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.24.1.tgz#f033541fc036e3efb2dcb58eedafd4f6b8078acd"
-  integrity sha512-Ft38m/KFOyzKw2UaJFkWG9QnHPG/Q/2SkOrRk4pNBPg5IPZ+dOxcmkK5IyuBcxiNPyyYowPGUReyBvrvZs7IlQ==
+"@babel/plugin-transform-export-namespace-from@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.24.7.tgz#176d52d8d8ed516aeae7013ee9556d540c53f197"
+  integrity sha512-v0K9uNYsPL3oXZ/7F9NNIbAj2jv1whUEtyA6aujhekLs56R++JDQuzRcP2/z4WX5Vg/c5lE9uWZA0/iUoFhLTA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-export-namespace-from" "^7.8.3"
 
 "@babel/plugin-transform-flow-strip-types@^7.18.6":
@@ -864,344 +871,344 @@
     "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/plugin-syntax-flow" "^7.18.6"
 
-"@babel/plugin-transform-for-of@^7.12.1", "@babel/plugin-transform-for-of@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.24.1.tgz#67448446b67ab6c091360ce3717e7d3a59e202fd"
-  integrity sha512-OxBdcnF04bpdQdR3i4giHZNZQn7cm8RQKcSwA17wAAqEELo1ZOwp5FFgeptWUQXFyT9kwHo10aqqauYkRZPCAg==
+"@babel/plugin-transform-for-of@^7.12.1", "@babel/plugin-transform-for-of@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.24.7.tgz#f25b33f72df1d8be76399e1b8f3f9d366eb5bc70"
+  integrity sha512-wo9ogrDG1ITTTBsy46oGiN1dS9A7MROBTcYsfS8DtsImMkHk9JXJ3EWQM6X2SUw4x80uGPlwj0o00Uoc6nEE3g==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
 
-"@babel/plugin-transform-function-name@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.24.1.tgz#8cba6f7730626cc4dfe4ca2fa516215a0592b361"
-  integrity sha512-BXmDZpPlh7jwicKArQASrj8n22/w6iymRnvHYYd2zO30DbE277JO20/7yXJT3QxDPtiQiOxQBbZH4TpivNXIxA==
+"@babel/plugin-transform-function-name@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.24.7.tgz#6d8601fbffe665c894440ab4470bc721dd9131d6"
+  integrity sha512-U9FcnA821YoILngSmYkW6FjyQe2TyZD5pHt4EVIhmcTkrJw/3KqcrRSxuOo5tFZJi7TE19iDyI1u+weTI7bn2w==
   dependencies:
-    "@babel/helper-compilation-targets" "^7.23.6"
-    "@babel/helper-function-name" "^7.23.0"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-compilation-targets" "^7.24.7"
+    "@babel/helper-function-name" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-json-strings@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.24.1.tgz#08e6369b62ab3e8a7b61089151b161180c8299f7"
-  integrity sha512-U7RMFmRvoasscrIFy5xA4gIp8iWnWubnKkKuUGJjsuOH7GfbMkB+XZzeslx2kLdEGdOJDamEmCqOks6e8nv8DQ==
+"@babel/plugin-transform-json-strings@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.24.7.tgz#f3e9c37c0a373fee86e36880d45b3664cedaf73a"
+  integrity sha512-2yFnBGDvRuxAaE/f0vfBKvtnvvqU8tGpMHqMNpTN2oWMKIR3NqFkjaAgGwawhqK/pIN2T3XdjGPdaG0vDhOBGw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-json-strings" "^7.8.3"
 
-"@babel/plugin-transform-literals@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.24.1.tgz#0a1982297af83e6b3c94972686067df588c5c096"
-  integrity sha512-zn9pwz8U7nCqOYIiBaOxoQOtYmMODXTJnkxG4AtX8fPmnCRYWBOHD0qcpwS9e2VDSp1zNJYpdnFMIKb8jmwu6g==
+"@babel/plugin-transform-literals@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.24.7.tgz#36b505c1e655151a9d7607799a9988fc5467d06c"
+  integrity sha512-vcwCbb4HDH+hWi8Pqenwnjy+UiklO4Kt1vfspcQYFhJdpthSnW8XvWGyDZWKNVrVbVViI/S7K9PDJZiUmP2fYQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-logical-assignment-operators@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.24.1.tgz#719d8aded1aa94b8fb34e3a785ae8518e24cfa40"
-  integrity sha512-OhN6J4Bpz+hIBqItTeWJujDOfNP+unqv/NJgyhlpSqgBTPm37KkMmZV6SYcOj+pnDbdcl1qRGV/ZiIjX9Iy34w==
+"@babel/plugin-transform-logical-assignment-operators@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.24.7.tgz#a58fb6eda16c9dc8f9ff1c7b1ba6deb7f4694cb0"
+  integrity sha512-4D2tpwlQ1odXmTEIFWy9ELJcZHqrStlzK/dAOWYyxX3zT0iXQB6banjgeOJQXzEc4S0E0a5A+hahxPaEFYftsw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4"
 
-"@babel/plugin-transform-member-expression-literals@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.24.1.tgz#896d23601c92f437af8b01371ad34beb75df4489"
-  integrity sha512-4ojai0KysTWXzHseJKa1XPNXKRbuUrhkOPY4rEGeR+7ChlJVKxFa3H3Bz+7tWaGKgJAXUWKOGmltN+u9B3+CVg==
+"@babel/plugin-transform-member-expression-literals@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.24.7.tgz#3b4454fb0e302e18ba4945ba3246acb1248315df"
+  integrity sha512-T/hRC1uqrzXMKLQ6UCwMT85S3EvqaBXDGf0FaMf4446Qx9vKwlghvee0+uuZcDUCZU5RuNi4781UQ7R308zzBw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-modules-amd@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.24.1.tgz#b6d829ed15258536977e9c7cc6437814871ffa39"
-  integrity sha512-lAxNHi4HVtjnHd5Rxg3D5t99Xm6H7b04hUS7EHIXcUl2EV4yl1gWdqZrNzXnSrHveL9qMdbODlLF55mvgjAfaQ==
+"@babel/plugin-transform-modules-amd@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.24.7.tgz#65090ed493c4a834976a3ca1cde776e6ccff32d7"
+  integrity sha512-9+pB1qxV3vs/8Hdmz/CulFB8w2tuu6EB94JZFsjdqxQokwGa9Unap7Bo2gGBGIvPmDIVvQrom7r5m/TCDMURhg==
   dependencies:
-    "@babel/helper-module-transforms" "^7.23.3"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-module-transforms" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-modules-commonjs@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.24.1.tgz#e71ba1d0d69e049a22bf90b3867e263823d3f1b9"
-  integrity sha512-szog8fFTUxBfw0b98gEWPaEqF42ZUD/T3bkynW/wtgx2p/XCP55WEsb+VosKceRSd6njipdZvNogqdtI4Q0chw==
+"@babel/plugin-transform-modules-commonjs@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.24.7.tgz#9fd5f7fdadee9085886b183f1ad13d1ab260f4ab"
+  integrity sha512-iFI8GDxtevHJ/Z22J5xQpVqFLlMNstcLXh994xifFwxxGslr2ZXXLWgtBeLctOD63UFDArdvN6Tg8RFw+aEmjQ==
   dependencies:
-    "@babel/helper-module-transforms" "^7.23.3"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-simple-access" "^7.22.5"
+    "@babel/helper-module-transforms" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-simple-access" "^7.24.7"
 
-"@babel/plugin-transform-modules-systemjs@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.24.1.tgz#2b9625a3d4e445babac9788daec39094e6b11e3e"
-  integrity sha512-mqQ3Zh9vFO1Tpmlt8QPnbwGHzNz3lpNEMxQb1kAemn/erstyqw1r9KeOlOfo3y6xAnFEcOv2tSyrXfmMk+/YZA==
+"@babel/plugin-transform-modules-systemjs@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.24.7.tgz#f8012316c5098f6e8dee6ecd58e2bc6f003d0ce7"
+  integrity sha512-GYQE0tW7YoaN13qFh3O1NCY4MPkUiAH3fiF7UcV/I3ajmDKEdG3l+UOcbAm4zUE3gnvUU+Eni7XrVKo9eO9auw==
   dependencies:
-    "@babel/helper-hoist-variables" "^7.22.5"
-    "@babel/helper-module-transforms" "^7.23.3"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-validator-identifier" "^7.22.20"
+    "@babel/helper-hoist-variables" "^7.24.7"
+    "@babel/helper-module-transforms" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-validator-identifier" "^7.24.7"
 
-"@babel/plugin-transform-modules-umd@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.24.1.tgz#69220c66653a19cf2c0872b9c762b9a48b8bebef"
-  integrity sha512-tuA3lpPj+5ITfcCluy6nWonSL7RvaG0AOTeAuvXqEKS34lnLzXpDb0dcP6K8jD0zWZFNDVly90AGFJPnm4fOYg==
+"@babel/plugin-transform-modules-umd@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.24.7.tgz#edd9f43ec549099620df7df24e7ba13b5c76efc8"
+  integrity sha512-3aytQvqJ/h9z4g8AsKPLvD4Zqi2qT+L3j7XoFFu1XBlZWEl2/1kWnhmAbxpLgPrHSY0M6UA02jyTiwUVtiKR6A==
   dependencies:
-    "@babel/helper-module-transforms" "^7.23.3"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-module-transforms" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-named-capturing-groups-regex@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz#67fe18ee8ce02d57c855185e27e3dc959b2e991f"
-  integrity sha512-YgLLKmS3aUBhHaxp5hi1WJTgOUb/NCuDHzGT9z9WTt3YG+CPRhJs6nprbStx6DnWM4dh6gt7SU3sZodbZ08adQ==
+"@babel/plugin-transform-named-capturing-groups-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.24.7.tgz#9042e9b856bc6b3688c0c2e4060e9e10b1460923"
+  integrity sha512-/jr7h/EWeJtk1U/uz2jlsCioHkZk1JJZVcc8oQsJ1dUlaJD83f4/6Zeh2aHt9BIFokHIsSeDfhUmju0+1GPd6g==
   dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.22.5"
-    "@babel/helper-plugin-utils" "^7.22.5"
+    "@babel/helper-create-regexp-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-new-target@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.24.1.tgz#29c59988fa3d0157de1c871a28cd83096363cc34"
-  integrity sha512-/rurytBM34hYy0HKZQyA0nHbQgQNFm4Q/BOc9Hflxi2X3twRof7NaE5W46j4kQitm7SvACVRXsa6N/tSZxvPug==
+"@babel/plugin-transform-new-target@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.24.7.tgz#31ff54c4e0555cc549d5816e4ab39241dfb6ab00"
+  integrity sha512-RNKwfRIXg4Ls/8mMTza5oPF5RkOW8Wy/WgMAp1/F1yZ8mMbtwXW+HDoJiOsagWrAhI5f57Vncrmr9XeT4CVapA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-nullish-coalescing-operator@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.24.1.tgz#0cd494bb97cb07d428bd651632cb9d4140513988"
-  integrity sha512-iQ+caew8wRrhCikO5DrUYx0mrmdhkaELgFa+7baMcVuhxIkN7oxt06CZ51D65ugIb1UWRQ8oQe+HXAVM6qHFjw==
+"@babel/plugin-transform-nullish-coalescing-operator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.24.7.tgz#1de4534c590af9596f53d67f52a92f12db984120"
+  integrity sha512-Ts7xQVk1OEocqzm8rHMXHlxvsfZ0cEF2yomUqpKENHWMF4zKk175Y4q8H5knJes6PgYad50uuRmt3UJuhBw8pQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3"
 
-"@babel/plugin-transform-numeric-separator@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.24.1.tgz#5bc019ce5b3435c1cadf37215e55e433d674d4e8"
-  integrity sha512-7GAsGlK4cNL2OExJH1DzmDeKnRv/LXq0eLUSvudrehVA5Rgg4bIrqEUW29FbKMBRT0ztSqisv7kjP+XIC4ZMNw==
+"@babel/plugin-transform-numeric-separator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.24.7.tgz#bea62b538c80605d8a0fac9b40f48e97efa7de63"
+  integrity sha512-e6q1TiVUzvH9KRvicuxdBTUj4AdKSRwzIyFFnfnezpCfP2/7Qmbb8qbU2j7GODbl4JMkblitCQjKYUaX/qkkwA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-numeric-separator" "^7.10.4"
 
-"@babel/plugin-transform-object-rest-spread@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.1.tgz#5a3ce73caf0e7871a02e1c31e8b473093af241ff"
-  integrity sha512-XjD5f0YqOtebto4HGISLNfiNMTTs6tbkFf2TOqJlYKYmbo+mN9Dnpl4SRoofiziuOWMIyq3sZEUqLo3hLITFEA==
+"@babel/plugin-transform-object-rest-spread@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.7.tgz#d13a2b93435aeb8a197e115221cab266ba6e55d6"
+  integrity sha512-4QrHAr0aXQCEFni2q4DqKLD31n2DL+RxcwnNjDFkSG0eNQ/xCavnRkfCUjsyqGC2OviNJvZOF/mQqZBw7i2C5Q==
   dependencies:
-    "@babel/helper-compilation-targets" "^7.23.6"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-compilation-targets" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-object-rest-spread" "^7.8.3"
-    "@babel/plugin-transform-parameters" "^7.24.1"
+    "@babel/plugin-transform-parameters" "^7.24.7"
 
-"@babel/plugin-transform-object-super@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.24.1.tgz#e71d6ab13483cca89ed95a474f542bbfc20a0520"
-  integrity sha512-oKJqR3TeI5hSLRxudMjFQ9re9fBVUU0GICqM3J1mi8MqlhVr6hC/ZN4ttAyMuQR6EZZIY6h/exe5swqGNNIkWQ==
+"@babel/plugin-transform-object-super@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.24.7.tgz#66eeaff7830bba945dd8989b632a40c04ed625be"
+  integrity sha512-A/vVLwN6lBrMFmMDmPPz0jnE6ZGx7Jq7d6sT/Ev4H65RER6pZ+kczlf1DthF5N0qaPHBsI7UXiE8Zy66nmAovg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-replace-supers" "^7.24.1"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-replace-supers" "^7.24.7"
 
-"@babel/plugin-transform-optional-catch-binding@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.24.1.tgz#92a3d0efe847ba722f1a4508669b23134669e2da"
-  integrity sha512-oBTH7oURV4Y+3EUrf6cWn1OHio3qG/PVwO5J03iSJmBg6m2EhKjkAu/xuaXaYwWW9miYtvbWv4LNf0AmR43LUA==
+"@babel/plugin-transform-optional-catch-binding@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.24.7.tgz#00eabd883d0dd6a60c1c557548785919b6e717b4"
+  integrity sha512-uLEndKqP5BfBbC/5jTwPxLh9kqPWWgzN/f8w6UwAIirAEqiIVJWWY312X72Eub09g5KF9+Zn7+hT7sDxmhRuKA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-optional-catch-binding" "^7.8.3"
 
-"@babel/plugin-transform-optional-chaining@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.24.1.tgz#26e588acbedce1ab3519ac40cc748e380c5291e6"
-  integrity sha512-n03wmDt+987qXwAgcBlnUUivrZBPZ8z1plL0YvgQalLm+ZE5BMhGm94jhxXtA1wzv1Cu2aaOv1BM9vbVttrzSg==
+"@babel/plugin-transform-optional-chaining@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.24.7.tgz#b8f6848a80cf2da98a8a204429bec04756c6d454"
+  integrity sha512-tK+0N9yd4j+x/4hxF3F0e0fu/VdcxU18y5SevtyM/PCFlQvXbR0Zmlo2eBrKtVipGNFzpq56o8WsIIKcJFUCRQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
     "@babel/plugin-syntax-optional-chaining" "^7.8.3"
 
-"@babel/plugin-transform-parameters@^7.12.1", "@babel/plugin-transform-parameters@^7.20.7", "@babel/plugin-transform-parameters@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.1.tgz#983c15d114da190506c75b616ceb0f817afcc510"
-  integrity sha512-8Jl6V24g+Uw5OGPeWNKrKqXPDw2YDjLc53ojwfMcKwlEoETKU9rU0mHUtcg9JntWI/QYzGAXNWEcVHZ+fR+XXg==
+"@babel/plugin-transform-parameters@^7.12.1", "@babel/plugin-transform-parameters@^7.20.7", "@babel/plugin-transform-parameters@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.7.tgz#5881f0ae21018400e320fc7eb817e529d1254b68"
+  integrity sha512-yGWW5Rr+sQOhK0Ot8hjDJuxU3XLRQGflvT4lhlSY0DFvdb3TwKaY26CJzHtYllU0vT9j58hc37ndFPsqT1SrzA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-private-methods@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.24.1.tgz#a0faa1ae87eff077e1e47a5ec81c3aef383dc15a"
-  integrity sha512-tGvisebwBO5em4PaYNqt4fkw56K2VALsAbAakY0FjTYqJp7gfdrgr7YX76Or8/cpik0W6+tj3rZ0uHU9Oil4tw==
+"@babel/plugin-transform-private-methods@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.24.7.tgz#e6318746b2ae70a59d023d5cc1344a2ba7a75f5e"
+  integrity sha512-COTCOkG2hn4JKGEKBADkA8WNb35TGkkRbI5iT845dB+NyqgO8Hn+ajPbSnIQznneJTa3d30scb6iz/DhH8GsJQ==
   dependencies:
-    "@babel/helper-create-class-features-plugin" "^7.24.1"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-private-property-in-object@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.24.1.tgz#756443d400274f8fb7896742962cc1b9f25c1f6a"
-  integrity sha512-pTHxDVa0BpUbvAgX3Gat+7cSciXqUcY9j2VZKTbSB6+VQGpNgNO9ailxTGHSXlqOnX1Hcx1Enme2+yv7VqP9bg==
+"@babel/plugin-transform-private-property-in-object@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.24.7.tgz#4eec6bc701288c1fab5f72e6a4bbc9d67faca061"
+  integrity sha512-9z76mxwnwFxMyxZWEgdgECQglF2Q7cFLm0kMf8pGwt+GSJsY0cONKj/UuO4bOH0w/uAel3ekS4ra5CEAyJRmDA==
   dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-create-class-features-plugin" "^7.24.1"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
 
-"@babel/plugin-transform-property-literals@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.24.1.tgz#d6a9aeab96f03749f4eebeb0b6ea8e90ec958825"
-  integrity sha512-LetvD7CrHmEx0G442gOomRr66d7q8HzzGGr4PMHGr+5YIm6++Yke+jxj246rpvsbyhJwCLxcTn6zW1P1BSenqA==
+"@babel/plugin-transform-property-literals@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.24.7.tgz#f0d2ed8380dfbed949c42d4d790266525d63bbdc"
+  integrity sha512-EMi4MLQSHfd2nrCqQEWxFdha2gBCqU4ZcCng4WBGZ5CJL4bBRW0ptdqqDdeirGZcpALazVVNJqRmsO8/+oNCBA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-react-display-name@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.24.1.tgz#554e3e1a25d181f040cf698b93fd289a03bfdcdb"
-  integrity sha512-mvoQg2f9p2qlpDQRBC7M3c3XTr0k7cp/0+kFKKO/7Gtu0LSw16eKB+Fabe2bDT/UpsyasTBBkAnbdsLrkD5XMw==
+"@babel/plugin-transform-react-display-name@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.24.7.tgz#9caff79836803bc666bcfe210aeb6626230c293b"
+  integrity sha512-H/Snz9PFxKsS1JLI4dJLtnJgCJRoo0AUm3chP6NYr+9En1JMKloheEiLIhlp5MDVznWo+H3AAC1Mc8lmUEpsgg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-react-jsx-development@^7.22.5":
-  version "7.22.5"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz#e716b6edbef972a92165cd69d92f1255f7e73e87"
-  integrity sha512-bDhuzwWMuInwCYeDeMzyi7TaBgRQei6DqxhbyniL7/VG4RSS7HtSL2QbY4eESy1KJqlWt8g3xeEBGPuo+XqC8A==
+"@babel/plugin-transform-react-jsx-development@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.24.7.tgz#eaee12f15a93f6496d852509a850085e6361470b"
+  integrity sha512-QG9EnzoGn+Qar7rxuW+ZOsbWOt56FvvI93xInqsZDC5fsekx1AlIO4KIJ5M+D0p0SqSH156EpmZyXq630B8OlQ==
   dependencies:
-    "@babel/plugin-transform-react-jsx" "^7.22.5"
+    "@babel/plugin-transform-react-jsx" "^7.24.7"
 
-"@babel/plugin-transform-react-jsx@^7.12.12", "@babel/plugin-transform-react-jsx@^7.17.12", "@babel/plugin-transform-react-jsx@^7.22.5", "@babel/plugin-transform-react-jsx@^7.23.4":
-  version "7.23.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.23.4.tgz#393f99185110cea87184ea47bcb4a7b0c2e39312"
-  integrity sha512-5xOpoPguCZCRbo/JeHlloSkTA8Bld1J/E1/kLfD1nsuiW1m8tduTA1ERCgIZokDflX/IBzKcqR3l7VlRgiIfHA==
+"@babel/plugin-transform-react-jsx@^7.12.12", "@babel/plugin-transform-react-jsx@^7.17.12", "@babel/plugin-transform-react-jsx@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.24.7.tgz#17cd06b75a9f0e2bd076503400e7c4b99beedac4"
+  integrity sha512-+Dj06GDZEFRYvclU6k4bme55GKBEWUmByM/eoKuqg4zTNQHiApWRhQph5fxQB2wAEFvRzL1tOEj1RJ19wJrhoA==
   dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-module-imports" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.22.5"
-    "@babel/plugin-syntax-jsx" "^7.23.3"
-    "@babel/types" "^7.23.4"
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-module-imports" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/plugin-syntax-jsx" "^7.24.7"
+    "@babel/types" "^7.24.7"
 
-"@babel/plugin-transform-react-pure-annotations@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.24.1.tgz#c86bce22a53956331210d268e49a0ff06e392470"
-  integrity sha512-+pWEAaDJvSm9aFvJNpLiM2+ktl2Sn2U5DdyiWdZBxmLc6+xGt88dvFqsHiAiDS+8WqUwbDfkKz9jRxK3M0k+kA==
+"@babel/plugin-transform-react-pure-annotations@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.24.7.tgz#bdd9d140d1c318b4f28b29a00fb94f97ecab1595"
+  integrity sha512-PLgBVk3fzbmEjBJ/u8kFzOqS9tUeDjiaWud/rRym/yjCo/M9cASPlnrd2ZmmZpQT40fOOrvR8jh+n8jikrOhNA==
   dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-regenerator@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.24.1.tgz#625b7545bae52363bdc1fbbdc7252b5046409c8c"
-  integrity sha512-sJwZBCzIBE4t+5Q4IGLaaun5ExVMRY0lYwos/jNecjMrVCygCdph3IKv0tkP5Fc87e/1+bebAmEAGBfnRD+cnw==
+"@babel/plugin-transform-regenerator@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.24.7.tgz#021562de4534d8b4b1851759fd7af4e05d2c47f8"
+  integrity sha512-lq3fvXPdimDrlg6LWBoqj+r/DEWgONuwjuOuQCSYgRroXDH/IdM1C0IZf59fL5cHLpjEH/O6opIRBbqv7ELnuA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
     regenerator-transform "^0.15.2"
 
-"@babel/plugin-transform-reserved-words@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.24.1.tgz#8de729f5ecbaaf5cf83b67de13bad38a21be57c1"
-  integrity sha512-JAclqStUfIwKN15HrsQADFgeZt+wexNQ0uLhuqvqAUFoqPMjEcFCYZBhq0LUdz6dZK/mD+rErhW71fbx8RYElg==
+"@babel/plugin-transform-reserved-words@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.24.7.tgz#80037fe4fbf031fc1125022178ff3938bb3743a4"
+  integrity sha512-0DUq0pHcPKbjFZCfTss/pGkYMfy3vFWydkUBd9r0GHpIyfs2eCDENvqadMycRS9wZCXR41wucAfJHJmwA0UmoQ==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-runtime@^7.24.3":
-  version "7.24.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.24.3.tgz#dc58ad4a31810a890550365cc922e1ff5acb5d7f"
-  integrity sha512-J0BuRPNlNqlMTRJ72eVptpt9VcInbxO6iP3jaxr+1NPhC0UkKL+6oeX6VXMEYdADnuqmMmsBspt4d5w8Y/TCbQ==
+"@babel/plugin-transform-runtime@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.24.7.tgz#00a5bfaf8c43cf5c8703a8a6e82b59d9c58f38ca"
+  integrity sha512-YqXjrk4C+a1kZjewqt+Mmu2UuV1s07y8kqcUf4qYLnoqemhR4gRQikhdAhSVJioMjVTu6Mo6pAbaypEA3jY6fw==
   dependencies:
-    "@babel/helper-module-imports" "^7.24.3"
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-module-imports" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
     babel-plugin-polyfill-corejs2 "^0.4.10"
     babel-plugin-polyfill-corejs3 "^0.10.1"
     babel-plugin-polyfill-regenerator "^0.6.1"
     semver "^6.3.1"
 
-"@babel/plugin-transform-shorthand-properties@^7.12.1", "@babel/plugin-transform-shorthand-properties@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.24.1.tgz#ba9a09144cf55d35ec6b93a32253becad8ee5b55"
-  integrity sha512-LyjVB1nsJ6gTTUKRjRWx9C1s9hE7dLfP/knKdrfeH9UPtAGjYGgxIbFfx7xyLIEWs7Xe1Gnf8EWiUqfjLhInZA==
+"@babel/plugin-transform-shorthand-properties@^7.12.1", "@babel/plugin-transform-shorthand-properties@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.24.7.tgz#85448c6b996e122fa9e289746140aaa99da64e73"
+  integrity sha512-KsDsevZMDsigzbA09+vacnLpmPH4aWjcZjXdyFKGzpplxhbeB4wYtury3vglQkg6KM/xEPKt73eCjPPf1PgXBA==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-spread@^7.12.1", "@babel/plugin-transform-spread@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.24.1.tgz#a1acf9152cbf690e4da0ba10790b3ac7d2b2b391"
-  integrity sha512-KjmcIM+fxgY+KxPVbjelJC6hrH1CgtPmTvdXAfn3/a9CnWGSTY7nH4zm5+cjmWJybdcPSsD0++QssDsjcpe47g==
+"@babel/plugin-transform-spread@^7.12.1", "@babel/plugin-transform-spread@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.24.7.tgz#e8a38c0fde7882e0fb8f160378f74bd885cc7bb3"
+  integrity sha512-x96oO0I09dgMDxJaANcRyD4ellXFLLiWhuwDxKZX5g2rWP1bTPkBSwCYv96VDXVT1bD9aPj8tppr5ITIh8hBng==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
 
-"@babel/plugin-transform-sticky-regex@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.24.1.tgz#f03e672912c6e203ed8d6e0271d9c2113dc031b9"
-  integrity sha512-9v0f1bRXgPVcPrngOQvLXeGNNVLc8UjMVfebo9ka0WF3/7+aVUHmaJVT3sa0XCzEFioPfPHZiOcYG9qOsH63cw==
+"@babel/plugin-transform-sticky-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.24.7.tgz#96ae80d7a7e5251f657b5cf18f1ea6bf926f5feb"
+  integrity sha512-kHPSIJc9v24zEml5geKg9Mjx5ULpfncj0wRpYtxbvKyTtHCYDkVE3aHQ03FrpEo4gEe2vrJJS1Y9CJTaThA52g==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-template-literals@^7.12.1", "@babel/plugin-transform-template-literals@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.24.1.tgz#15e2166873a30d8617e3e2ccadb86643d327aab7"
-  integrity sha512-WRkhROsNzriarqECASCNu/nojeXCDTE/F2HmRgOzi7NGvyfYGq1NEjKBK3ckLfRgGc6/lPAqP0vDOSw3YtG34g==
+"@babel/plugin-transform-template-literals@^7.12.1", "@babel/plugin-transform-template-literals@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.24.7.tgz#a05debb4a9072ae8f985bcf77f3f215434c8f8c8"
+  integrity sha512-AfDTQmClklHCOLxtGoP7HkeMw56k1/bTQjwsfhL6pppo/M4TOBSq+jjBUBLmV/4oeFg4GWMavIl44ZeCtmmZTw==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-typeof-symbol@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.24.1.tgz#6831f78647080dec044f7e9f68003d99424f94c7"
-  integrity sha512-CBfU4l/A+KruSUoW+vTQthwcAdwuqbpRNB8HQKlZABwHRhsdHZ9fezp4Sn18PeAlYxTNiLMlx4xUBV3AWfg1BA==
+"@babel/plugin-transform-typeof-symbol@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.24.7.tgz#f074be466580d47d6e6b27473a840c9f9ca08fb0"
+  integrity sha512-VtR8hDy7YLB7+Pet9IarXjg/zgCMSF+1mNS/EQEiEaUPoFXCVsHG64SIxcaaI2zJgRiv+YmgaQESUfWAdbjzgg==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
+    "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-typescript@^7.24.1":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.4.tgz#03e0492537a4b953e491f53f2bc88245574ebd15"
-  integrity sha512-79t3CQ8+oBGk/80SQ8MN3Bs3obf83zJ0YZjDmDaEZN8MqhMI760apl5z6a20kFeMXBwJX99VpKT8CKxEBp5H1g==
+"@babel/plugin-transform-typescript@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.7.tgz#b006b3e0094bf0813d505e0c5485679eeaf4a881"
+  integrity sha512-iLD3UNkgx2n/HrjBesVbYX6j0yqn/sJktvbtKKgcaLIQ4bTTQ8obAypc1VpyHPD2y4Phh9zHOaAt8e/L14wCpw==
   dependencies:
-    "@babel/helper-annotate-as-pure" "^7.22.5"
-    "@babel/helper-create-class-features-plugin" "^7.24.4"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/plugin-syntax-typescript" "^7.24.1"
-
-"@babel/plugin-transform-unicode-escapes@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.24.1.tgz#fb3fa16676549ac7c7449db9b342614985c2a3a4"
-  integrity sha512-RlkVIcWT4TLI96zM660S877E7beKlQw7Ig+wqkKBiWfj0zH5Q4h50q6er4wzZKRNSYpfo6ILJ+hrJAGSX2qcNw==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-
-"@babel/plugin-transform-unicode-property-regex@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.24.1.tgz#56704fd4d99da81e5e9f0c0c93cabd91dbc4889e"
-  integrity sha512-Ss4VvlfYV5huWApFsF8/Sq0oXnGO+jB+rijFEFugTd3cwSObUSnUi88djgR5528Csl0uKlrI331kRqe56Ov2Ng==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.24.0"
-
-"@babel/plugin-transform-unicode-regex@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.24.1.tgz#57c3c191d68f998ac46b708380c1ce4d13536385"
-  integrity sha512-2A/94wgZgxfTsiLaQ2E36XAOdcZmGAaEEgVmxQWwZXWkGhvoHbaqXcKnU8zny4ycpu3vNqg0L/PcCiYtHtA13g==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.24.0"
-
-"@babel/plugin-transform-unicode-sets-regex@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.24.1.tgz#c1ea175b02afcffc9cf57a9c4658326625165b7f"
-  integrity sha512-fqj4WuzzS+ukpgerpAoOnMfQXwUHFxXUZUE84oL2Kao2N8uSlvcpnAidKASgsNgzZHBsHWvcm8s9FPWUhAb8fA==
-  dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.22.15"
-    "@babel/helper-plugin-utils" "^7.24.0"
-
-"@babel/preset-env@^7.12.11", "@babel/preset-env@^7.24.4":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.24.4.tgz#46dbbcd608771373b88f956ffb67d471dce0d23b"
-  integrity sha512-7Kl6cSmYkak0FK/FXjSEnLJ1N9T/WA2RkMhu17gZ/dsxKJUuTYNIylahPTzqpLyJN4WhDif8X0XK1R8Wsguo/A==
-  dependencies:
-    "@babel/compat-data" "^7.24.4"
-    "@babel/helper-compilation-targets" "^7.23.6"
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-validator-option" "^7.23.5"
-    "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.24.4"
-    "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.24.1"
-    "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.24.1"
-    "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly" "^7.24.1"
+    "@babel/helper-annotate-as-pure" "^7.24.7"
+    "@babel/helper-create-class-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/plugin-syntax-typescript" "^7.24.7"
+
+"@babel/plugin-transform-unicode-escapes@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.24.7.tgz#2023a82ced1fb4971630a2e079764502c4148e0e"
+  integrity sha512-U3ap1gm5+4edc2Q/P+9VrBNhGkfnf+8ZqppY71Bo/pzZmXhhLdqgaUl6cuB07O1+AQJtCLfaOmswiNbSQ9ivhw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.24.7"
+
+"@babel/plugin-transform-unicode-property-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.24.7.tgz#9073a4cd13b86ea71c3264659590ac086605bbcd"
+  integrity sha512-uH2O4OV5M9FZYQrwc7NdVmMxQJOCCzFeYudlZSzUAHRFeOujQefa92E74TQDVskNHCzOXoigEuoyzHDhaEaK5w==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+
+"@babel/plugin-transform-unicode-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.24.7.tgz#dfc3d4a51127108099b19817c0963be6a2adf19f"
+  integrity sha512-hlQ96MBZSAXUq7ltkjtu3FJCCSMx/j629ns3hA3pXnBXjanNP0LHi+JpPeA81zaWgVK1VGH95Xuy7u0RyQ8kMg==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+
+"@babel/plugin-transform-unicode-sets-regex@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.24.7.tgz#d40705d67523803a576e29c63cef6e516b858ed9"
+  integrity sha512-2G8aAvF4wy1w/AGZkemprdGMRg5o6zPNhbHVImRz3lss55TYCBd6xStN19rt8XJHq20sqV0JbyWjOWwQRwV/wg==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+
+"@babel/preset-env@^7.12.11", "@babel/preset-env@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.24.7.tgz#ff067b4e30ba4a72f225f12f123173e77b987f37"
+  integrity sha512-1YZNsc+y6cTvWlDHidMBsQZrZfEFjRIo/BZCT906PMdzOyXtSLTgqGdrpcuTDCXyd11Am5uQULtDIcCfnTc8fQ==
+  dependencies:
+    "@babel/compat-data" "^7.24.7"
+    "@babel/helper-compilation-targets" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-validator-option" "^7.24.7"
+    "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.24.7"
+    "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.24.7"
+    "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.24.7"
+    "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly" "^7.24.7"
     "@babel/plugin-proposal-private-property-in-object" "7.21.0-placeholder-for-preset-env.2"
     "@babel/plugin-syntax-async-generators" "^7.8.4"
     "@babel/plugin-syntax-class-properties" "^7.12.13"
     "@babel/plugin-syntax-class-static-block" "^7.14.5"
     "@babel/plugin-syntax-dynamic-import" "^7.8.3"
     "@babel/plugin-syntax-export-namespace-from" "^7.8.3"
-    "@babel/plugin-syntax-import-assertions" "^7.24.1"
-    "@babel/plugin-syntax-import-attributes" "^7.24.1"
+    "@babel/plugin-syntax-import-assertions" "^7.24.7"
+    "@babel/plugin-syntax-import-attributes" "^7.24.7"
     "@babel/plugin-syntax-import-meta" "^7.10.4"
     "@babel/plugin-syntax-json-strings" "^7.8.3"
     "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4"
@@ -1213,54 +1220,54 @@
     "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
     "@babel/plugin-syntax-top-level-await" "^7.14.5"
     "@babel/plugin-syntax-unicode-sets-regex" "^7.18.6"
-    "@babel/plugin-transform-arrow-functions" "^7.24.1"
-    "@babel/plugin-transform-async-generator-functions" "^7.24.3"
-    "@babel/plugin-transform-async-to-generator" "^7.24.1"
-    "@babel/plugin-transform-block-scoped-functions" "^7.24.1"
-    "@babel/plugin-transform-block-scoping" "^7.24.4"
-    "@babel/plugin-transform-class-properties" "^7.24.1"
-    "@babel/plugin-transform-class-static-block" "^7.24.4"
-    "@babel/plugin-transform-classes" "^7.24.1"
-    "@babel/plugin-transform-computed-properties" "^7.24.1"
-    "@babel/plugin-transform-destructuring" "^7.24.1"
-    "@babel/plugin-transform-dotall-regex" "^7.24.1"
-    "@babel/plugin-transform-duplicate-keys" "^7.24.1"
-    "@babel/plugin-transform-dynamic-import" "^7.24.1"
-    "@babel/plugin-transform-exponentiation-operator" "^7.24.1"
-    "@babel/plugin-transform-export-namespace-from" "^7.24.1"
-    "@babel/plugin-transform-for-of" "^7.24.1"
-    "@babel/plugin-transform-function-name" "^7.24.1"
-    "@babel/plugin-transform-json-strings" "^7.24.1"
-    "@babel/plugin-transform-literals" "^7.24.1"
-    "@babel/plugin-transform-logical-assignment-operators" "^7.24.1"
-    "@babel/plugin-transform-member-expression-literals" "^7.24.1"
-    "@babel/plugin-transform-modules-amd" "^7.24.1"
-    "@babel/plugin-transform-modules-commonjs" "^7.24.1"
-    "@babel/plugin-transform-modules-systemjs" "^7.24.1"
-    "@babel/plugin-transform-modules-umd" "^7.24.1"
-    "@babel/plugin-transform-named-capturing-groups-regex" "^7.22.5"
-    "@babel/plugin-transform-new-target" "^7.24.1"
-    "@babel/plugin-transform-nullish-coalescing-operator" "^7.24.1"
-    "@babel/plugin-transform-numeric-separator" "^7.24.1"
-    "@babel/plugin-transform-object-rest-spread" "^7.24.1"
-    "@babel/plugin-transform-object-super" "^7.24.1"
-    "@babel/plugin-transform-optional-catch-binding" "^7.24.1"
-    "@babel/plugin-transform-optional-chaining" "^7.24.1"
-    "@babel/plugin-transform-parameters" "^7.24.1"
-    "@babel/plugin-transform-private-methods" "^7.24.1"
-    "@babel/plugin-transform-private-property-in-object" "^7.24.1"
-    "@babel/plugin-transform-property-literals" "^7.24.1"
-    "@babel/plugin-transform-regenerator" "^7.24.1"
-    "@babel/plugin-transform-reserved-words" "^7.24.1"
-    "@babel/plugin-transform-shorthand-properties" "^7.24.1"
-    "@babel/plugin-transform-spread" "^7.24.1"
-    "@babel/plugin-transform-sticky-regex" "^7.24.1"
-    "@babel/plugin-transform-template-literals" "^7.24.1"
-    "@babel/plugin-transform-typeof-symbol" "^7.24.1"
-    "@babel/plugin-transform-unicode-escapes" "^7.24.1"
-    "@babel/plugin-transform-unicode-property-regex" "^7.24.1"
-    "@babel/plugin-transform-unicode-regex" "^7.24.1"
-    "@babel/plugin-transform-unicode-sets-regex" "^7.24.1"
+    "@babel/plugin-transform-arrow-functions" "^7.24.7"
+    "@babel/plugin-transform-async-generator-functions" "^7.24.7"
+    "@babel/plugin-transform-async-to-generator" "^7.24.7"
+    "@babel/plugin-transform-block-scoped-functions" "^7.24.7"
+    "@babel/plugin-transform-block-scoping" "^7.24.7"
+    "@babel/plugin-transform-class-properties" "^7.24.7"
+    "@babel/plugin-transform-class-static-block" "^7.24.7"
+    "@babel/plugin-transform-classes" "^7.24.7"
+    "@babel/plugin-transform-computed-properties" "^7.24.7"
+    "@babel/plugin-transform-destructuring" "^7.24.7"
+    "@babel/plugin-transform-dotall-regex" "^7.24.7"
+    "@babel/plugin-transform-duplicate-keys" "^7.24.7"
+    "@babel/plugin-transform-dynamic-import" "^7.24.7"
+    "@babel/plugin-transform-exponentiation-operator" "^7.24.7"
+    "@babel/plugin-transform-export-namespace-from" "^7.24.7"
+    "@babel/plugin-transform-for-of" "^7.24.7"
+    "@babel/plugin-transform-function-name" "^7.24.7"
+    "@babel/plugin-transform-json-strings" "^7.24.7"
+    "@babel/plugin-transform-literals" "^7.24.7"
+    "@babel/plugin-transform-logical-assignment-operators" "^7.24.7"
+    "@babel/plugin-transform-member-expression-literals" "^7.24.7"
+    "@babel/plugin-transform-modules-amd" "^7.24.7"
+    "@babel/plugin-transform-modules-commonjs" "^7.24.7"
+    "@babel/plugin-transform-modules-systemjs" "^7.24.7"
+    "@babel/plugin-transform-modules-umd" "^7.24.7"
+    "@babel/plugin-transform-named-capturing-groups-regex" "^7.24.7"
+    "@babel/plugin-transform-new-target" "^7.24.7"
+    "@babel/plugin-transform-nullish-coalescing-operator" "^7.24.7"
+    "@babel/plugin-transform-numeric-separator" "^7.24.7"
+    "@babel/plugin-transform-object-rest-spread" "^7.24.7"
+    "@babel/plugin-transform-object-super" "^7.24.7"
+    "@babel/plugin-transform-optional-catch-binding" "^7.24.7"
+    "@babel/plugin-transform-optional-chaining" "^7.24.7"
+    "@babel/plugin-transform-parameters" "^7.24.7"
+    "@babel/plugin-transform-private-methods" "^7.24.7"
+    "@babel/plugin-transform-private-property-in-object" "^7.24.7"
+    "@babel/plugin-transform-property-literals" "^7.24.7"
+    "@babel/plugin-transform-regenerator" "^7.24.7"
+    "@babel/plugin-transform-reserved-words" "^7.24.7"
+    "@babel/plugin-transform-shorthand-properties" "^7.24.7"
+    "@babel/plugin-transform-spread" "^7.24.7"
+    "@babel/plugin-transform-sticky-regex" "^7.24.7"
+    "@babel/plugin-transform-template-literals" "^7.24.7"
+    "@babel/plugin-transform-typeof-symbol" "^7.24.7"
+    "@babel/plugin-transform-unicode-escapes" "^7.24.7"
+    "@babel/plugin-transform-unicode-property-regex" "^7.24.7"
+    "@babel/plugin-transform-unicode-regex" "^7.24.7"
+    "@babel/plugin-transform-unicode-sets-regex" "^7.24.7"
     "@babel/preset-modules" "0.1.6-no-external-plugins"
     babel-plugin-polyfill-corejs2 "^0.4.10"
     babel-plugin-polyfill-corejs3 "^0.10.4"
@@ -1286,33 +1293,33 @@
     "@babel/types" "^7.4.4"
     esutils "^2.0.2"
 
-"@babel/preset-react@^7.12.10", "@babel/preset-react@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.24.1.tgz#2450c2ac5cc498ef6101a6ca5474de251e33aa95"
-  integrity sha512-eFa8up2/8cZXLIpkafhaADTXSnl7IsUFCYenRWrARBz0/qZwcT0RBXpys0LJU4+WfPoF2ZG6ew6s2V6izMCwRA==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-validator-option" "^7.23.5"
-    "@babel/plugin-transform-react-display-name" "^7.24.1"
-    "@babel/plugin-transform-react-jsx" "^7.23.4"
-    "@babel/plugin-transform-react-jsx-development" "^7.22.5"
-    "@babel/plugin-transform-react-pure-annotations" "^7.24.1"
-
-"@babel/preset-typescript@^7.12.7", "@babel/preset-typescript@^7.24.1":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.24.1.tgz#89bdf13a3149a17b3b2a2c9c62547f06db8845ec"
-  integrity sha512-1DBaMmRDpuYQBPWD8Pf/WEwCrtgRHxsZnP4mIy9G/X+hFfbI47Q2G4t1Paakld84+qsk2fSsUPMKg71jkoOOaQ==
-  dependencies:
-    "@babel/helper-plugin-utils" "^7.24.0"
-    "@babel/helper-validator-option" "^7.23.5"
-    "@babel/plugin-syntax-jsx" "^7.24.1"
-    "@babel/plugin-transform-modules-commonjs" "^7.24.1"
-    "@babel/plugin-transform-typescript" "^7.24.1"
-
-"@babel/register@^7.12.1", "@babel/register@^7.23.7":
-  version "7.23.7"
-  resolved "https://registry.yarnpkg.com/@babel/register/-/register-7.23.7.tgz#485a5e7951939d21304cae4af1719fdb887bc038"
-  integrity sha512-EjJeB6+kvpk+Y5DAkEAmbOBEFkh9OASx0huoEkqYTFxAZHzOAX2Oh5uwAUuL2rUddqfM0SA+KPXV2TbzoZ2kvQ==
+"@babel/preset-react@^7.12.10", "@babel/preset-react@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.24.7.tgz#480aeb389b2a798880bf1f889199e3641cbb22dc"
+  integrity sha512-AAH4lEkpmzFWrGVlHaxJB7RLH21uPQ9+He+eFLWHmF9IuFQVugz8eAsamaW0DXRrTfco5zj1wWtpdcXJUOfsag==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-validator-option" "^7.24.7"
+    "@babel/plugin-transform-react-display-name" "^7.24.7"
+    "@babel/plugin-transform-react-jsx" "^7.24.7"
+    "@babel/plugin-transform-react-jsx-development" "^7.24.7"
+    "@babel/plugin-transform-react-pure-annotations" "^7.24.7"
+
+"@babel/preset-typescript@^7.12.7", "@babel/preset-typescript@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.24.7.tgz#66cd86ea8f8c014855671d5ea9a737139cbbfef1"
+  integrity sha512-SyXRe3OdWwIwalxDg5UtJnJQO+YPcTfwiIY2B0Xlddh9o7jpWLvv8X1RthIeDOxQ+O1ML5BLPCONToObyVQVuQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-validator-option" "^7.24.7"
+    "@babel/plugin-syntax-jsx" "^7.24.7"
+    "@babel/plugin-transform-modules-commonjs" "^7.24.7"
+    "@babel/plugin-transform-typescript" "^7.24.7"
+
+"@babel/register@^7.12.1", "@babel/register@^7.24.6":
+  version "7.24.6"
+  resolved "https://registry.yarnpkg.com/@babel/register/-/register-7.24.6.tgz#59e21dcc79e1d04eed5377633b0f88029a6bef9e"
+  integrity sha512-WSuFCc2wCqMeXkz/i3yfAAsxwWflEgbVkZzivgAmXl/MxrXeoYFZOOPllbC8R8WTF7u61wSRQtDVZ1879cdu6w==
   dependencies:
     clone-deep "^4.0.1"
     find-cache-dir "^2.0.0"
@@ -1325,35 +1332,35 @@
   resolved "https://registry.yarnpkg.com/@babel/regjsgen/-/regjsgen-0.8.0.tgz#f0ba69b075e1f05fb2825b7fad991e7adbb18310"
   integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==
 
-"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.17.8", "@babel/runtime@^7.18.3", "@babel/runtime@^7.20.7", "@babel/runtime@^7.21.0", "@babel/runtime@^7.24.1", "@babel/runtime@^7.24.4", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2":
-  version "7.24.4"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.24.4.tgz#de795accd698007a66ba44add6cc86542aff1edd"
-  integrity sha512-dkxf7+hn8mFBwKjs9bvBlArzLVxVbS8usaPUDd5p2a9JCL9tB8OaOVN1isD4+Xyk4ns89/xeOmbQvgdK7IIVdA==
+"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.17.8", "@babel/runtime@^7.18.3", "@babel/runtime@^7.20.7", "@babel/runtime@^7.21.0", "@babel/runtime@^7.24.1", "@babel/runtime@^7.24.7", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.24.7.tgz#f4f0d5530e8dbdf59b3451b9b3e594b6ba082e12"
+  integrity sha512-UwgBRMjJP+xv857DCngvqXI3Iq6J4v0wXmwc6sapg+zyhbwmQX67LUEFrkK5tbyJ30jGuG3ZvWpBiB9LCy1kWw==
   dependencies:
     regenerator-runtime "^0.14.0"
 
-"@babel/template@^7.12.7", "@babel/template@^7.22.15", "@babel/template@^7.24.0", "@babel/template@^7.3.3":
-  version "7.24.0"
-  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.24.0.tgz#c6a524aa93a4a05d66aaf31654258fae69d87d50"
-  integrity sha512-Bkf2q8lMB0AFpX0NFEqSbx1OkTHf0f+0j82mkw+ZpzBnkk7e9Ql0891vlfgi+kHwOk8tQjiQHpqh4LaSa0fKEA==
-  dependencies:
-    "@babel/code-frame" "^7.23.5"
-    "@babel/parser" "^7.24.0"
-    "@babel/types" "^7.24.0"
-
-"@babel/traverse@^7.10.3", "@babel/traverse@^7.12.11", "@babel/traverse@^7.12.9", "@babel/traverse@^7.13.0", "@babel/traverse@^7.24.1", "@babel/traverse@^7.4.5":
-  version "7.24.1"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.24.1.tgz#d65c36ac9dd17282175d1e4a3c49d5b7988f530c"
-  integrity sha512-xuU6o9m68KeqZbQuDt2TcKSxUw/mrsvavlEqQ1leZ/B+C9tk6E4sRWy97WaXgvq5E+nU3cXMxv3WKOCanVMCmQ==
-  dependencies:
-    "@babel/code-frame" "^7.24.1"
-    "@babel/generator" "^7.24.1"
-    "@babel/helper-environment-visitor" "^7.22.20"
-    "@babel/helper-function-name" "^7.23.0"
-    "@babel/helper-hoist-variables" "^7.22.5"
-    "@babel/helper-split-export-declaration" "^7.22.6"
-    "@babel/parser" "^7.24.1"
-    "@babel/types" "^7.24.0"
+"@babel/template@^7.12.7", "@babel/template@^7.24.7", "@babel/template@^7.3.3":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.24.7.tgz#02efcee317d0609d2c07117cb70ef8fb17ab7315"
+  integrity sha512-jYqfPrU9JTF0PmPy1tLYHW4Mp4KlgxJD9l2nP9fD6yT/ICi554DmrWBAEYpIelzjHf1msDP3PxJIRt/nFNfBig==
+  dependencies:
+    "@babel/code-frame" "^7.24.7"
+    "@babel/parser" "^7.24.7"
+    "@babel/types" "^7.24.7"
+
+"@babel/traverse@^7.10.3", "@babel/traverse@^7.12.11", "@babel/traverse@^7.12.9", "@babel/traverse@^7.13.0", "@babel/traverse@^7.24.7", "@babel/traverse@^7.4.5":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.24.7.tgz#de2b900163fa741721ba382163fe46a936c40cf5"
+  integrity sha512-yb65Ed5S/QAcewNPh0nZczy9JdYXkkAbIsEo+P7BE7yO3txAY30Y/oPa3QkQ5It3xVG2kpKMg9MsdxZaO31uKA==
+  dependencies:
+    "@babel/code-frame" "^7.24.7"
+    "@babel/generator" "^7.24.7"
+    "@babel/helper-environment-visitor" "^7.24.7"
+    "@babel/helper-function-name" "^7.24.7"
+    "@babel/helper-hoist-variables" "^7.24.7"
+    "@babel/helper-split-export-declaration" "^7.24.7"
+    "@babel/parser" "^7.24.7"
+    "@babel/types" "^7.24.7"
     debug "^4.3.1"
     globals "^11.1.0"
 
@@ -1366,31 +1373,13 @@
     "@babel/helper-validator-identifier" "^7.19.1"
     to-fast-properties "^2.0.0"
 
-"@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.0":
-  version "7.23.0"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.0.tgz#8c1f020c9df0e737e4e247c0619f58c68458aaeb"
-  integrity sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==
+"@babel/types@^7.24.7":
+  version "7.24.7"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.24.7.tgz#6027fe12bc1aa724cd32ab113fb7f1988f1f66f2"
+  integrity sha512-XEFXSlxiG5td2EJRe8vOmRbaXVgfcBlszKujvVmWIK/UpywWljQCfzAv3RQCGujWQ1RD4YYWEAqDXfuJiy8f5Q==
   dependencies:
-    "@babel/helper-string-parser" "^7.22.5"
-    "@babel/helper-validator-identifier" "^7.22.20"
-    to-fast-properties "^2.0.0"
-
-"@babel/types@^7.22.19", "@babel/types@^7.23.4":
-  version "7.23.6"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.6.tgz#be33fdb151e1f5a56877d704492c240fc71c7ccd"
-  integrity sha512-+uarb83brBzPKN38NX1MkB6vb6+mwvR6amUulqAE7ccQw1pEl+bCia9TbdG1lsnFP7lZySvUn37CHyXQdfTwzg==
-  dependencies:
-    "@babel/helper-string-parser" "^7.23.4"
-    "@babel/helper-validator-identifier" "^7.22.20"
-    to-fast-properties "^2.0.0"
-
-"@babel/types@^7.24.0":
-  version "7.24.0"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.24.0.tgz#3b951f435a92e7333eba05b7566fd297960ea1bf"
-  integrity sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w==
-  dependencies:
-    "@babel/helper-string-parser" "^7.23.4"
-    "@babel/helper-validator-identifier" "^7.22.20"
+    "@babel/helper-string-parser" "^7.24.7"
+    "@babel/helper-validator-identifier" "^7.24.7"
     to-fast-properties "^2.0.0"
 
 "@base2/pretty-print-object@1.0.1":
@@ -1475,6 +1464,17 @@
   resolved "https://registry.yarnpkg.com/@cbor-extract/cbor-extract-win32-x64/-/cbor-extract-win32-x64-2.0.0.tgz#4d4ad91527a8313c3db1e2167a8821dfae9d6211"
   integrity sha512-XqVuJEnE0jpl/RkuSp04FF2UE73gY52Y4nZaIE6j9GAeSH2cHYU5CCd4TaVMDi2M18ZpZv7XhL/k+nneQzyJpQ==
 
+"@cfaester/enzyme-adapter-react-18@^0.8.0":
+  version "0.8.0"
+  resolved "https://registry.yarnpkg.com/@cfaester/enzyme-adapter-react-18/-/enzyme-adapter-react-18-0.8.0.tgz#313814eb79658a6e74209f9f1743bcefff14a46f"
+  integrity sha512-3Z3ThTUouHwz8oIyhTYQljEMNRFtlVyc3VOOHCbxs47U6cnXs8K9ygi/c1tv49s7MBlTXeIcuN+Ttd9aPtILFQ==
+  dependencies:
+    enzyme-shallow-equal "^1.0.0"
+    function.prototype.name "^1.1.6"
+    has "^1.0.4"
+    react-is "^18.2.0"
+    react-shallow-renderer "^16.15.0"
+
 "@cfworker/json-schema@^1.12.7":
   version "1.12.7"
   resolved "https://registry.yarnpkg.com/@cfworker/json-schema/-/json-schema-1.12.7.tgz#064d082a11881f684300bc7e6d3021e9d98f9a59"
@@ -1510,6 +1510,15 @@
   resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-2.0.1.tgz#b6b8d81780b9a9f6459f4bfe9226ac6aefaefe87"
   integrity sha512-aG20vknL4/YjQF9BSV7ts4EWm/yrjagAN7OWBNmlbEOUiu0llj4OGrFoOKK3g2vey4/p2omKCoHrWtPxSwV3HA==
 
+"@cypress/debugging-proxy@2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@cypress/debugging-proxy/-/debugging-proxy-2.0.1.tgz#c0ef569af4c2efb6ceb329e5813bc770b133ab9e"
+  integrity sha512-kUFQSNQfvZUO5yqtiir65FPPJZKPQaA68trYiKlHuWhDu9sopjIAXoZv/ff0GbLSNDHdxIuF0VyJhJIRRHuhAw==
+  dependencies:
+    debug "^4.1.1"
+    http-proxy "^1.17.0"
+    self-signed-cert "^1.0.1"
+
 "@cypress/grep@^4.0.1":
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/@cypress/grep/-/grep-4.0.1.tgz#bce679f85da286c4979bb9ffc79b2782dc5b75c6"
@@ -1618,29 +1627,29 @@
   dependencies:
     tslib "^2.0.0"
 
-"@elastic/apm-rum-core@^5.21.0":
-  version "5.21.0"
-  resolved "https://registry.yarnpkg.com/@elastic/apm-rum-core/-/apm-rum-core-5.21.0.tgz#0dc214b2c829c80a2cd07d37a250c89761fe8386"
-  integrity sha512-O2Sq1CPq2baG3z2RGtgyG+Hybli3rwq4oMOCMvUSiTiMKBPY1dRCfuebs6KpZsk3euoqykN+oTp0DPKeOI+XIg==
+"@elastic/apm-rum-core@^5.21.0", "@elastic/apm-rum-core@^5.21.1":
+  version "5.21.1"
+  resolved "https://registry.yarnpkg.com/@elastic/apm-rum-core/-/apm-rum-core-5.21.1.tgz#ea6f2268629193962c194ae1d29971e2c5b2e531"
+  integrity sha512-/LyLhVdJ+zcsKogwq2AEYARc//RDXOoTHWPERLay4sCsvvxc4/GkkhhOC40CqI0oMu4kUAoJInQWZuCM7zCZRQ==
   dependencies:
     error-stack-parser "^1.3.5"
     opentracing "^0.14.3"
     promise-polyfill "^8.1.3"
 
-"@elastic/apm-rum-react@^2.0.2":
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/@elastic/apm-rum-react/-/apm-rum-react-2.0.2.tgz#5f73d41d462941f4d073ffaa118723987379548b"
-  integrity sha512-m0l982fLiImSxtuy8kKVXTnNl5wSMG3/TD3QokFQiYnVap+wjEULVm1HbS+dE4hjh9eVqCkuBiPu450a8lUs8g==
+"@elastic/apm-rum-react@^2.0.3":
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@elastic/apm-rum-react/-/apm-rum-react-2.0.3.tgz#6193464943ea80a74682373de2242490623111f6"
+  integrity sha512-oDdNz1GEZvy7R1CPOJWkXFRRHY5yNO3vRhUttDXqvXvRBEd1m7HosskHs/R/LjtoYghpAVrG+yzJGvDI9TSuxQ==
   dependencies:
-    "@elastic/apm-rum" "^5.16.0"
+    "@elastic/apm-rum" "^5.16.1"
     hoist-non-react-statics "^3.3.0"
 
-"@elastic/apm-rum@^5.16.0":
-  version "5.16.0"
-  resolved "https://registry.yarnpkg.com/@elastic/apm-rum/-/apm-rum-5.16.0.tgz#bb9b00a866a48ec40c07ea742d241f835e8b5f9d"
-  integrity sha512-vNwRWDIccdu6iPDpCyrC3myRnpBzRH6wlAoOZjgSFJilQJMsymb8NzR1rkQmNEBca+frRuDCZabd+ylEZ47YBA==
+"@elastic/apm-rum@^5.16.1":
+  version "5.16.1"
+  resolved "https://registry.yarnpkg.com/@elastic/apm-rum/-/apm-rum-5.16.1.tgz#59767f587a31293c17497ff86e05754627182be4"
+  integrity sha512-hxmhjLqF4EqEl2wVwxKU5p88jiwHPF//zqk97bm09vj5CQQ6HBtWkwIxQ5dvEEOnRwJinFEf9V2JibpamgzUWA==
   dependencies:
-    "@elastic/apm-rum-core" "^5.21.0"
+    "@elastic/apm-rum-core" "^5.21.1"
 
 "@elastic/app-search-javascript@^8.1.2":
   version "8.1.2"
@@ -1649,10 +1658,10 @@
   dependencies:
     object-hash "^1.3.0"
 
-"@elastic/charts@65.2.0":
-  version "65.2.0"
-  resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-65.2.0.tgz#203496b6471e4845807cb70c48b0990676882ef4"
-  integrity sha512-yeqascGqvnDABvtYOHgd7sr6cEq5kivFWKaS3UWeb/GpOxk+O4Ef1PlbBxpchgDyInP957SWlhKDmhUFF1Ttzg==
+"@elastic/charts@66.0.4":
+  version "66.0.4"
+  resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-66.0.4.tgz#aabb145687805ca7f491df22c15d7d535ca80031"
+  integrity sha512-fxOivMRUtcTrSOKTqxxDN5XVCzaW0lVrydCxGGHg3NoYEBtOktnF8SWATO8EYfg5cSBDcVbLGOnscqM84Q2aDA==
   dependencies:
     "@popperjs/core" "^2.11.8"
     bezier-easing "^2.1.0"
@@ -1706,12 +1715,12 @@
     "@elastic/transport" "^8.3.1"
     tslib "^2.4.0"
 
-"@elastic/elasticsearch@^8.13.1":
-  version "8.13.1"
-  resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-8.13.1.tgz#0fbe8318cf7f21c599165bb901277428639d57ec"
-  integrity sha512-2G4Vu6OHw4+XTrp7AGIcOEezpPEoVrWg2JTK1v/exEKSLYquZkUdd+m4yOL3/UZ6bTj7hmXwrmYzW76BnLCkJQ==
+"@elastic/elasticsearch@^8.14.0":
+  version "8.14.0"
+  resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-8.14.0.tgz#93b1f2a7cb6cc5cd1ceebf5060576bc690432e0a"
+  integrity sha512-MGrgCI4y+Ozssf5Q2IkVJlqt5bUMnKIICG2qxeOfrJNrVugMCBCAQypyesmSSocAtNm8IX3LxfJ3jQlFHmKe2w==
   dependencies:
-    "@elastic/transport" "~8.4.1"
+    "@elastic/transport" "^8.6.0"
     tslib "^2.4.0"
 
 "@elastic/ems-client@8.5.1":
@@ -1734,10 +1743,10 @@
   resolved "https://registry.yarnpkg.com/@elastic/eslint-plugin-eui/-/eslint-plugin-eui-0.0.2.tgz#56b9ef03984a05cc213772ae3713ea8ef47b0314"
   integrity sha512-IoxURM5zraoQ7C8f+mJb9HYSENiZGgRVcG4tLQxE61yHNNRDXtGDWTZh8N1KIHcsqN1CEPETjuzBXkJYF/fDiQ==
 
-"@elastic/eui@95.0.0-backport.0":
-  version "95.0.0-backport.0"
-  resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-95.0.0-backport.0.tgz#6fdfbc813259cf82896f24641bb6e8a03587f3e8"
-  integrity sha512-aaCQYLdJ4/1uQUb8xsToa94HwUDN2HSjtZzrgh3iT3El7tieNk6TNzX9QtNePw9M57snpdt41wyg6QFM7Jhltg==
+"@elastic/eui@95.2.0":
+  version "95.2.0"
+  resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-95.2.0.tgz#12204f9206f1432e17276264e08e48cd026913bf"
+  integrity sha512-DVIAqZHox5esbmoxnG3McTw0ppbatvH+ymXYjr3PNNTTnXzmcAGadQAA0ZIpx1/c3/YOZmh2LJWWowLl4wodzw==
   dependencies:
     "@hello-pangea/dnd" "^16.6.0"
     "@types/lodash" "^4.14.202"
@@ -1886,17 +1895,17 @@
     undici "^5.21.2"
     yaml "^2.2.2"
 
-"@elastic/transport@^8.3.1", "@elastic/transport@~8.4.1":
-  version "8.4.1"
-  resolved "https://registry.yarnpkg.com/@elastic/transport/-/transport-8.4.1.tgz#f98c5a5e2156bcb3f01170b4aca7e7de4d8b61b8"
-  integrity sha512-/SXVuVnuU5b4dq8OFY4izG+dmGla185PcoqgK6+AJMpmOeY1QYVNbWtCwvSvoAANN5D/wV+EBU8+x7Vf9EphbA==
+"@elastic/transport@^8.3.1", "@elastic/transport@^8.6.0":
+  version "8.6.0"
+  resolved "https://registry.yarnpkg.com/@elastic/transport/-/transport-8.6.0.tgz#8de9794c87eb0fd2bdb2c6c1e32792aeb06b32bc"
+  integrity sha512-/Ucpztrc+urZK8yCtFBUu2LePYJNnukgZSUUApUzGH/SxejqkH526Nph7aru8I0vZwdW5wqgCHSOIq3J7tIxGg==
   dependencies:
     debug "^4.3.4"
     hpagent "^1.0.0"
     ms "^2.1.3"
     secure-json-parse "^2.4.0"
     tslib "^2.4.0"
-    undici "^5.22.1"
+    undici "^6.12.0"
 
 "@emotion/babel-plugin-jsx-pragmatic@^0.2.1":
   version "0.2.1"
@@ -2670,10 +2679,10 @@
     "@hapi/hoek" "9.x.x"
     "@hapi/validate" "1.x.x"
 
-"@hapi/hoek@9.x.x", "@hapi/hoek@^9.0.0", "@hapi/hoek@^9.0.4", "@hapi/hoek@^9.2.1":
-  version "9.2.1"
-  resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.2.1.tgz#9551142a1980503752536b5050fd99f4a7f13b17"
-  integrity sha512-gfta+H8aziZsm8pZa0vj04KO6biEiisppNgA1kbJvFrrWu9Vm7eaUEy76DIxsuTaWvti5fkJVhllWc6ZTE+Mdw==
+"@hapi/hoek@9.x.x", "@hapi/hoek@^9.0.0", "@hapi/hoek@^9.0.4", "@hapi/hoek@^9.2.1", "@hapi/hoek@^9.3.0":
+  version "9.3.0"
+  resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.3.0.tgz#8368869dcb735be2e7f5cb7647de78e167a251fb"
+  integrity sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==
 
 "@hapi/inert@^6.0.4":
   version "6.0.4"
@@ -2781,10 +2790,10 @@
   resolved "https://registry.yarnpkg.com/@hapi/teamwork/-/teamwork-5.1.1.tgz#4d2ba3cac19118a36c44bf49a3a47674de52e4e4"
   integrity sha512-1oPx9AE5TIv+V6Ih54RP9lTZBso3rP8j4Xhb6iSVwPXtAM+sDopl5TFMv5Paw73UnpZJ9gjcrTE1BXrWt9eQrg==
 
-"@hapi/topo@^5.0.0":
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/@hapi/topo/-/topo-5.0.0.tgz#c19af8577fa393a06e9c77b60995af959be721e7"
-  integrity sha512-tFJlT47db0kMqVm3H4nQYgn6Pwg10GTZHb1pwmSiv1K4ks6drQOtfEF5ZnPjkvC+y4/bUPHK+bc87QvLcL+WMw==
+"@hapi/topo@^5.0.0", "@hapi/topo@^5.1.0":
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/@hapi/topo/-/topo-5.1.0.tgz#dc448e332c6c6e37a4dc02fd84ba8d44b9afb012"
+  integrity sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==
   dependencies:
     "@hapi/hoek" "^9.0.0"
 
@@ -3205,12 +3214,12 @@
   resolved "https://registry.yarnpkg.com/@juggle/resize-observer/-/resize-observer-3.4.0.tgz#08d6c5e20cf7e4cc02fd181c4b0c225cd31dbb60"
   integrity sha512-dfLbk+PwWvFzSxwk3n5ySL0hfBog779o8h68wK/7/APo/7cgyWp5jcXockbxdk5kFRkbeXWm4Fbi9FrdN381sA==
 
-"@kayahr/text-encoding@^1.2.0":
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/@kayahr/text-encoding/-/text-encoding-1.2.0.tgz#9d75de6b40d7694e524c8ce39fc6e08994680746"
-  integrity sha512-61R84DjOQvO4bakOl4Vwuw0wU3FLbFtfUf4ApJquQ2+N3AY2VlN0j9te8rpGFHx2mzvhWKetyDgVZiLeU2/dhA==
+"@kayahr/text-encoding@^1.3.0":
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/@kayahr/text-encoding/-/text-encoding-1.3.0.tgz#90ae1007dc86d35a977cd709dfa9fe21cc2bc8c6"
+  integrity sha512-JjQVFXnN/ynXN+GDgpwNM+PJ4NwDFZwRolgSu4bYG1JKuRreVFY5uss5K/lsH6qY38+WgU7M40M2SHoiWQHKgQ==
   dependencies:
-    tslib "^2.5.2"
+    tslib "^2.6.2"
 
 "@kbn/aad-fixtures-plugin@link:x-pack/test/alerting_api_integration/common/plugins/aad":
   version "0.0.0"
@@ -3380,10 +3389,6 @@
   version "0.0.0"
   uid ""
 
-"@kbn/assetManager-plugin@link:x-pack/plugins/observability_solution/asset_manager":
-  version "0.0.0"
-  uid ""
-
 "@kbn/assets-data-access-plugin@link:x-pack/plugins/observability_solution/assets_data_access":
   version "0.0.0"
   uid ""
@@ -4756,6 +4761,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/entityManager-plugin@link:x-pack/plugins/observability_solution/entity_manager":
+  version "0.0.0"
+  uid ""
+
 "@kbn/error-boundary-example-plugin@link:examples/error_boundary":
   version "0.0.0"
   uid ""
@@ -5232,6 +5241,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/json-schemas@link:x-pack/packages/ml/json_schemas":
+  version "0.0.0"
+  uid ""
+
 "@kbn/kbn-health-gateway-status-plugin@link:test/health_gateway/plugins/status":
   version "0.0.0"
   uid ""
@@ -5928,6 +5941,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/rollup@link:x-pack/packages/rollup":
+  version "0.0.0"
+  uid ""
+
 "@kbn/router-to-openapispec@link:packages/kbn-router-to-openapispec":
   version "0.0.0"
   uid ""
@@ -6092,6 +6109,14 @@
   version "0.0.0"
   uid ""
 
+"@kbn/security-api-key-management@link:x-pack/packages/security/api_key_management":
+  version "0.0.0"
+  uid ""
+
+"@kbn/security-form-components@link:x-pack/packages/security/form_components":
+  version "0.0.0"
+  uid ""
+
 "@kbn/security-hardening@link:packages/kbn-security-hardening":
   version "0.0.0"
   uid ""
@@ -7022,20 +7047,20 @@
   resolved "https://registry.yarnpkg.com/@launchdarkly/js-sdk-common/-/js-sdk-common-2.5.0.tgz#d1dc595034bf6ee09b0313add5b8901fe9b82f26"
   integrity sha512-sVwwUpXwAZsQowdbNN4ckprzR9DMEkurYWFuLjpyaaHtUmB6g7WnIz3lGGIXz/nE3QoUlwtC+eR8Nqb+XdonKw==
 
-"@launchdarkly/js-server-sdk-common@2.4.3":
-  version "2.4.3"
-  resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.4.3.tgz#4d2a1bb71982dadecbadb0411d1068fb7945f54a"
-  integrity sha512-1YQ6fMpO0gcWt2Pme5XyUdokQxU5fMcoWAUpHJwxiHAt1+ygDqRD3wuUPCnbJ8KzJprcj51fpCG/9h3KSW9mHA==
+"@launchdarkly/js-server-sdk-common@2.4.4":
+  version "2.4.4"
+  resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.4.4.tgz#709f193202aeadee8389526bdc816009ba084891"
+  integrity sha512-Y1l570HxRtGdeoaylRHWemmEIvFR33JMX3MyO8PE9TqBkFBJsLIXb+A5hdgGaT/XhTWwce6IWXmHVMotqv0zeA==
   dependencies:
     "@launchdarkly/js-sdk-common" "2.5.0"
     semver "7.5.4"
 
-"@launchdarkly/node-server-sdk@^9.4.5":
-  version "9.4.5"
-  resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.4.5.tgz#4a64319de7917fc149e51a9e22c1a5243d76d849"
-  integrity sha512-GXYhvfFG7wGgeFoyWUa7Srso4CwMHo+c/WLQzoB1A5EPQ76oVkvYJbrgCym1ZLdIpm06bNRQ75NOn2hRn1SjfQ==
+"@launchdarkly/node-server-sdk@^9.4.6":
+  version "9.4.6"
+  resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.4.6.tgz#e1a1614e05eab2515090c7862764498a2f9b2b1e"
+  integrity sha512-IcQqiaYrAgmCvh1LsfjEVRa4Wk97PWirHnbVu6fRc97kt8WCKDlVo2O+IbOcC6scJVGDJU4aXVehTkfbhUq1Lg==
   dependencies:
-    "@launchdarkly/js-server-sdk-common" "2.4.3"
+    "@launchdarkly/js-server-sdk-common" "2.4.4"
     https-proxy-agent "^5.0.1"
     launchdarkly-eventsource "2.0.3"
 
@@ -8071,12 +8096,12 @@
     require-from-string "^2.0.2"
     uri-js "^4.2.2"
 
-"@redocly/cli@^1.12.0":
-  version "1.12.0"
-  resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.12.0.tgz#c2191e2d34161cdaf1fcb42d896fd4c5e3313ac8"
-  integrity sha512-k45WELRAvE0UbYPhEhUPq/T4WOCDx4zoCT3tLokCdnCyeUHgaDzNAzPM2qe5Y8m8k5FUYlNoPdND4PlvUhg9Wg==
+"@redocly/cli@^1.16.0":
+  version "1.16.0"
+  resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.16.0.tgz#c8885ad46bb9993792e4266535692ce0ceb3895f"
+  integrity sha512-REmwkNHOd4e50vPeL6mDgHVdyUQ8e+y0cggi/cNXQzGpkZEk17Z+WFL8UFlcM+WebMWDXulJE712jT2lGYS9Zg==
   dependencies:
-    "@redocly/openapi-core" "1.12.0"
+    "@redocly/openapi-core" "1.16.0"
     abort-controller "^3.0.0"
     chokidar "^3.5.1"
     colorette "^1.2.0"
@@ -8089,25 +8114,26 @@
     node-fetch "^2.6.1"
     react "^17.0.0 || ^18.2.0"
     react-dom "^17.0.0 || ^18.2.0"
-    redoc "~2.1.3"
+    redoc "~2.1.5"
     semver "^7.5.2"
     simple-websocket "^9.0.0"
     styled-components "^6.0.7"
     yargs "17.0.1"
 
-"@redocly/config@^0.2.0":
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.2.0.tgz#c61fd0a8ccac330de398e26e8cac1a3fedbf9165"
-  integrity sha512-r0TqTPVXrxdvhpbOntWnJofOx0rC7u+A+tfC0KFwMtw38QCNb3pwodVjeLa7MT5Uu+fcPxfO119yLBj0QHvBuQ==
+"@redocly/config@^0.6.0":
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.6.1.tgz#931da21d6cbf8e73a873ca12ae690902d848cbb5"
+  integrity sha512-p4mlj+CD3Byec3wOxDlDln0B0gOcNvEkpl4jn3/e9y8h11ogzXnWxnlJAtE5Kcr1ByujS/7Mbt01df9z1xfMbg==
 
-"@redocly/openapi-core@1.12.0", "@redocly/openapi-core@^1.0.0-rc.2":
-  version "1.12.0"
-  resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.12.0.tgz#82047a92a138362c7f411046d855fdcde3a946b8"
-  integrity sha512-2Jfxv3iIk1JUwLSnLyewJ8GAsoxubROVieg13Sjo79TjuWaUBuI49j8GZqC08ljENqyEIp0JHReDjhKs4Snrhg==
+"@redocly/openapi-core@1.16.0", "@redocly/openapi-core@^1.4.0":
+  version "1.16.0"
+  resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.16.0.tgz#95afcf822890af3fe8f1bde97018370b5cadb8ca"
+  integrity sha512-z06h+svyqbUcdAaePq8LPSwTPlm6Ig7j2VlL8skPBYnJvyaQ2IN7x/JkOvRL4ta+wcOCBdAex5JWnZbKaNktJg==
   dependencies:
     "@redocly/ajv" "^8.11.0"
-    "@redocly/config" "^0.2.0"
+    "@redocly/config" "^0.6.0"
     colorette "^1.2.0"
+    https-proxy-agent "^7.0.4"
     js-levenshtein "^1.1.6"
     js-yaml "^4.1.0"
     lodash.isequal "^4.5.0"
@@ -8184,10 +8210,10 @@
     agentkeepalive "^4.1.3"
     lodash "^4.17.21"
 
-"@sideway/address@^4.1.3":
-  version "4.1.4"
-  resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.4.tgz#03dccebc6ea47fdc226f7d3d1ad512955d4783f0"
-  integrity sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw==
+"@sideway/address@^4.1.5":
+  version "4.1.5"
+  resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.5.tgz#4bc149a0076623ced99ca8208ba780d65a99b9d5"
+  integrity sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==
   dependencies:
     "@hapi/hoek" "^9.0.0"
 
@@ -10607,10 +10633,10 @@
     "@types/node" "*"
     form-data "^3.0.0"
 
-"@types/node-forge@^1.3.10":
-  version "1.3.10"
-  resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.10.tgz#62a19d4f75a8b03290578c2b04f294b1a5a71b07"
-  integrity sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw==
+"@types/node-forge@^1.3.11":
+  version "1.3.11"
+  resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.11.tgz#0972ea538ddb0f4d9c2fa0ec5db5724773a604da"
+  integrity sha512-FQx220y22OKNTqaByeBGqHWYz4cl94tpcxeFdvBo3wjG6XPBuZ0BNgNZRV5J5TFmmcsJ4IzsLkmGRiQbnYsBEQ==
   dependencies:
     "@types/node" "*"
 
@@ -10958,11 +10984,12 @@
   resolved "https://registry.yarnpkg.com/@types/seedrandom/-/seedrandom-2.4.28.tgz#9ce8fa048c1e8c85cb71d7fe4d704e000226036f"
   integrity sha512-SMA+fUwULwK7sd/ZJicUztiPs8F1yCPwF3O23Z9uQ32ME5Ha0NmDK9+QTsYE4O2tHXChzXomSWWeIhCnoN1LqA==
 
-"@types/selenium-webdriver@^4.1.22":
-  version "4.1.22"
-  resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.1.22.tgz#344519b90727eb713e1ce6d2e0198eb0b4f8f316"
-  integrity sha512-MCL4l7q8dwxejr2Q2NXLyNwHWMPdlWE0Kpn6fFwJtvkJF7PTkG5jkvbH/X1IAAQxgt/L1dA8u2GtDeekvSKvOA==
+"@types/selenium-webdriver@^4.1.23":
+  version "4.1.23"
+  resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.1.23.tgz#05a2794927db661f075ab443d5504b679b32f7f7"
+  integrity sha512-PgreEfCfafYLyTwvJTZvOspCq3JABnS51e+NSFFL5yoiMO7h04lWgLfr10NA7nl/yZbz4m76rBfOOdDfleb7pQ==
   dependencies:
+    "@types/node" "*"
     "@types/ws" "*"
 
 "@types/semver@^7", "@types/semver@^7.3.12":
@@ -12132,7 +12159,7 @@ apidoc-light@^0.54.0:
     semver "^7.5.4"
     winston "^3.11.0"
 
-apidoc-markdown@^7.3.0:
+apidoc-markdown@^7.3.2:
   version "7.3.2"
   resolved "https://registry.yarnpkg.com/apidoc-markdown/-/apidoc-markdown-7.3.2.tgz#64c1ad45ba29dd57f376419a900cd59c786624a0"
   integrity sha512-0nOfTWSaFfbgJ673ztWiup5CKauuwmhg7hJ0jR7gb0TDK1RX3b0unl6soc8UVhdjYgrvRBRvujMUB/KUF5OG3Q==
@@ -12278,13 +12305,13 @@ arr-union@^3.1.0:
   resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
   integrity sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=
 
-array-buffer-byte-length@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz#fabe8bc193fea865f317fe7807085ee0dee5aead"
-  integrity sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==
+array-buffer-byte-length@^1.0.0, array-buffer-byte-length@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz#1e5583ec16763540a27ae52eed99ff899223568f"
+  integrity sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==
   dependencies:
-    call-bind "^1.0.2"
-    is-array-buffer "^3.0.1"
+    call-bind "^1.0.5"
+    is-array-buffer "^3.0.4"
 
 array-filter@^1.0.0:
   version "1.0.0"
@@ -12401,16 +12428,18 @@ array.prototype.tosorted@^1.1.1:
     es-shim-unscopables "^1.0.0"
     get-intrinsic "^1.1.3"
 
-arraybuffer.prototype.slice@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.1.tgz#9b5ea3868a6eebc30273da577eb888381c0044bb"
-  integrity sha512-09x0ZWFEjj4WD8PDbykUwo3t9arLn8NIzmmYEJFpYekOAQjpkGSyrQhNoRTcwwcFRu+ycWF78QZ63oWTqSjBcw==
+arraybuffer.prototype.slice@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.3.tgz#097972f4255e41bc3425e37dc3f6421cf9aefde6"
+  integrity sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A==
   dependencies:
-    array-buffer-byte-length "^1.0.0"
-    call-bind "^1.0.2"
-    define-properties "^1.2.0"
-    get-intrinsic "^1.2.1"
-    is-array-buffer "^3.0.2"
+    array-buffer-byte-length "^1.0.1"
+    call-bind "^1.0.5"
+    define-properties "^1.2.1"
+    es-abstract "^1.22.3"
+    es-errors "^1.2.1"
+    get-intrinsic "^1.2.3"
+    is-array-buffer "^3.0.4"
     is-shared-array-buffer "^1.0.2"
 
 arrify@^1.0.1:
@@ -12599,7 +12628,7 @@ autoprefixer@^9.8.6:
     postcss "^7.0.32"
     postcss-value-parser "^4.1.0"
 
-available-typed-arrays@^1.0.5, available-typed-arrays@^1.0.7:
+available-typed-arrays@^1.0.7:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz#a5cc375d6a03c2efc87a553f3e0b1522def14846"
   integrity sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==
@@ -13604,7 +13633,7 @@ caching-transform@^4.0.0:
     package-hash "^4.0.0"
     write-file-atomic "^3.0.0"
 
-call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7:
+call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.6, call-bind@^1.0.7:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9"
   integrity sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==
@@ -13920,10 +13949,10 @@ chrome-trace-event@^1.0.2:
   dependencies:
     tslib "^1.9.0"
 
-chromedriver@^125.0.2:
-  version "125.0.2"
-  resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-125.0.2.tgz#e8d399a8f45aa0958dd0a3662d9175d25520ec18"
-  integrity sha512-H2mIy3r//bIGVouQQrp2UzS93cjGCV2f+I6qNimAOyIiWkaKCiLEuDMQnuC21rewo/UuyOA8CDqa4a7RIT/8EQ==
+chromedriver@^126.0.3:
+  version "126.0.4"
+  resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-126.0.4.tgz#5c5e1f80c4269b55251c563cf47709154090135b"
+  integrity sha512-mIdJqdocfN/y9fl5BymIzM9WQLy64x078i5tS1jGFzbFAwXwXrj3zmA86Wf3R/hywPYpWqwXxFGBJHgqZTuGCA==
   dependencies:
     "@testim/chrome-version" "^1.1.4"
     axios "^1.6.7"
@@ -13986,7 +14015,7 @@ classnames@2.2.6:
   resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.2.6.tgz#43935bffdd291f326dad0a205309b38d00f650ce"
   integrity sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==
 
-classnames@^2.2.6, classnames@^2.3.1, classnames@^2.3.2, classnames@^2.5.1:
+classnames@^2.2.6, classnames@^2.3.2, classnames@^2.5.1:
   version "2.5.1"
   resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.5.1.tgz#ba774c614be0f016da105c858e7159eae8e7687b"
   integrity sha512-saHYOzhIQs6wy2sVxTM6bUDsQO4F50V9RQ22qBpEdCW+I+/Wmke2HOl6lS6dTpdxVhb88/I6+Hs+438c3lfUow==
@@ -14175,11 +14204,16 @@ cloneable-readable@^1.0.0:
     process-nextick-args "^2.0.0"
     readable-stream "^2.3.5"
 
-clsx@^1.0.4, clsx@^1.1.0, clsx@^1.1.1:
+clsx@^1.0.4, clsx@^1.1.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/clsx/-/clsx-1.2.1.tgz#0ddc4a20a549b59c93a4116bb26f5294ca17dc12"
   integrity sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==
 
+clsx@^2.0.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/clsx/-/clsx-2.1.1.tgz#eed397c9fd8bd882bfb18deab7102049a2f32999"
+  integrity sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==
+
 co@^4.6.0:
   version "4.6.0"
   resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"
@@ -14338,7 +14372,7 @@ commander@^10.0.1:
   resolved "https://registry.yarnpkg.com/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06"
   integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==
 
-commander@^4.0.1, commander@^4.1.1:
+commander@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/commander/-/commander-4.1.1.tgz#9fd602bd936294e9e9ef46a3f4d6964044b18068"
   integrity sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==
@@ -14348,7 +14382,7 @@ commander@^5.0.0, commander@^5.1.0:
   resolved "https://registry.yarnpkg.com/commander/-/commander-5.1.0.tgz#46abbd1652f8e059bddaef99bbdcb2ad9cf179ae"
   integrity sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==
 
-commander@^6.2.1:
+commander@^6.2.0, commander@^6.2.1:
   version "6.2.1"
   resolved "https://registry.yarnpkg.com/commander/-/commander-6.2.1.tgz#0792eb682dfbc325999bb2b84fddddba110ac73c"
   integrity sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==
@@ -14607,10 +14641,10 @@ core-js@^2.4.0, core-js@^2.5.0, core-js@^2.6.9:
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.9.tgz#6b4b214620c834152e179323727fc19741b084f2"
   integrity sha512-HOpZf6eXmnl7la+cUdMnLvUxKNqLUzJvgIziQ0DiF3JwSImNphIqdGqzj6hIKyX04MmV0poclQ7+wjWvxQyR2A==
 
-core-js@^3.0.4, core-js@^3.32.1, core-js@^3.36.0, core-js@^3.6.5, core-js@^3.8.2, core-js@^3.8.3:
-  version "3.36.0"
-  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.36.0.tgz#e752fa0b0b462a0787d56e9d73f80b0f7c0dde68"
-  integrity sha512-mt7+TUBbTFg5+GngsAxeKBTl5/VS0guFeJacYge9OmHb+m058UwwIm41SE9T4Den7ClatV57B6TYTuJ0CX1MAw==
+core-js@^3.0.4, core-js@^3.32.1, core-js@^3.37.1, core-js@^3.6.5, core-js@^3.8.2, core-js@^3.8.3:
+  version "3.37.1"
+  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.37.1.tgz#d21751ddb756518ac5a00e4d66499df981a62db9"
+  integrity sha512-Xn6qmxrQZyB0FFY8E3bgRXei3lWDJHhvI+u0q9TKIYM49G8pAr0FgnnrFRAmsbptZL1yxRADVXn+x5AGsbBfyw==
 
 core-util-is@1.0.2, core-util-is@^1.0.2, core-util-is@~1.0.0:
   version "1.0.2"
@@ -15407,6 +15441,33 @@ data-urls@^3.0.2:
     whatwg-mimetype "^3.0.0"
     whatwg-url "^11.0.0"
 
+data-view-buffer@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/data-view-buffer/-/data-view-buffer-1.0.1.tgz#8ea6326efec17a2e42620696e671d7d5a8bc66b2"
+  integrity sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA==
+  dependencies:
+    call-bind "^1.0.6"
+    es-errors "^1.3.0"
+    is-data-view "^1.0.1"
+
+data-view-byte-length@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/data-view-byte-length/-/data-view-byte-length-1.0.1.tgz#90721ca95ff280677eb793749fce1011347669e2"
+  integrity sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ==
+  dependencies:
+    call-bind "^1.0.7"
+    es-errors "^1.3.0"
+    is-data-view "^1.0.1"
+
+data-view-byte-offset@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/data-view-byte-offset/-/data-view-byte-offset-1.0.0.tgz#5e0bbfb4828ed2d1b9b400cd8a7d119bca0ff18a"
+  integrity sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA==
+  dependencies:
+    call-bind "^1.0.6"
+    es-errors "^1.3.0"
+    is-data-view "^1.0.1"
+
 date-fns@^1.30.1:
   version "1.30.1"
   resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-1.30.1.tgz#2e71bf0b119153dbb4cc4e88d9ea5acfb50dc05c"
@@ -15625,11 +15686,12 @@ define-lazy-prop@^2.0.0:
   resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f"
   integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==
 
-define-properties@^1.1.2, define-properties@^1.1.3, define-properties@^1.1.4, define-properties@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.0.tgz#52988570670c9eacedd8064f4a990f2405849bd5"
-  integrity sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA==
+define-properties@^1.1.2, define-properties@^1.1.3, define-properties@^1.1.4, define-properties@^1.2.0, define-properties@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c"
+  integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==
   dependencies:
+    define-data-property "^1.0.1"
     has-property-descriptors "^1.0.0"
     object-keys "^1.1.1"
 
@@ -16085,10 +16147,10 @@ domhandler@^5.0.1, domhandler@^5.0.2, domhandler@^5.0.3:
   dependencies:
     domelementtype "^2.3.0"
 
-dompurify@^2.2.8:
-  version "2.5.2"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.2.tgz#e02be61d621bea36a76eb2beb23b043f347aa9c7"
-  integrity sha512-5vSyvxRAb45EoWwAktUT3AYqAwXK4FL7si22Cgj46U6ICsj/YJczCN+Bk7WNABIQmpWRymGfslMhrRUZkQNnqA==
+dompurify@^3.0.6:
+  version "3.1.5"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.5.tgz#2c6a113fc728682a0f55684b1388c58ddb79dc38"
+  integrity sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA==
 
 domutils@^2.0.0, domutils@^2.5.2, domutils@^2.8.0:
   version "2.8.0"
@@ -16558,50 +16620,57 @@ error-stack-parser@^2.0.4, error-stack-parser@^2.0.6:
   dependencies:
     stackframe "^1.1.1"
 
-es-abstract@^1.17.0-next.1, es-abstract@^1.19.0, es-abstract@^1.20.4, es-abstract@^1.21.2, es-abstract@^1.4.3, es-abstract@^1.9.0:
-  version "1.22.1"
-  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.22.1.tgz#8b4e5fc5cefd7f1660f0f8e1a52900dfbc9d9ccc"
-  integrity sha512-ioRRcXMO6OFyRpyzV3kE1IIBd4WG5/kltnzdxSCqoP8CMGs/Li+M1uF5o7lOkZVFjDs+NLesthnF66Pg/0q0Lw==
+es-abstract@^1.17.0-next.1, es-abstract@^1.20.4, es-abstract@^1.21.2, es-abstract@^1.22.1, es-abstract@^1.22.3, es-abstract@^1.23.0, es-abstract@^1.4.3, es-abstract@^1.9.0:
+  version "1.23.3"
+  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.23.3.tgz#8f0c5a35cd215312573c5a27c87dfd6c881a0aa0"
+  integrity sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A==
   dependencies:
-    array-buffer-byte-length "^1.0.0"
-    arraybuffer.prototype.slice "^1.0.1"
-    available-typed-arrays "^1.0.5"
-    call-bind "^1.0.2"
-    es-set-tostringtag "^2.0.1"
+    array-buffer-byte-length "^1.0.1"
+    arraybuffer.prototype.slice "^1.0.3"
+    available-typed-arrays "^1.0.7"
+    call-bind "^1.0.7"
+    data-view-buffer "^1.0.1"
+    data-view-byte-length "^1.0.1"
+    data-view-byte-offset "^1.0.0"
+    es-define-property "^1.0.0"
+    es-errors "^1.3.0"
+    es-object-atoms "^1.0.0"
+    es-set-tostringtag "^2.0.3"
     es-to-primitive "^1.2.1"
-    function.prototype.name "^1.1.5"
-    get-intrinsic "^1.2.1"
-    get-symbol-description "^1.0.0"
+    function.prototype.name "^1.1.6"
+    get-intrinsic "^1.2.4"
+    get-symbol-description "^1.0.2"
     globalthis "^1.0.3"
     gopd "^1.0.1"
-    has "^1.0.3"
-    has-property-descriptors "^1.0.0"
-    has-proto "^1.0.1"
+    has-property-descriptors "^1.0.2"
+    has-proto "^1.0.3"
     has-symbols "^1.0.3"
-    internal-slot "^1.0.5"
-    is-array-buffer "^3.0.2"
+    hasown "^2.0.2"
+    internal-slot "^1.0.7"
+    is-array-buffer "^3.0.4"
     is-callable "^1.2.7"
-    is-negative-zero "^2.0.2"
+    is-data-view "^1.0.1"
+    is-negative-zero "^2.0.3"
     is-regex "^1.1.4"
-    is-shared-array-buffer "^1.0.2"
+    is-shared-array-buffer "^1.0.3"
     is-string "^1.0.7"
-    is-typed-array "^1.1.10"
+    is-typed-array "^1.1.13"
     is-weakref "^1.0.2"
-    object-inspect "^1.12.3"
+    object-inspect "^1.13.1"
     object-keys "^1.1.1"
-    object.assign "^4.1.4"
-    regexp.prototype.flags "^1.5.0"
-    safe-array-concat "^1.0.0"
-    safe-regex-test "^1.0.0"
-    string.prototype.trim "^1.2.7"
-    string.prototype.trimend "^1.0.6"
-    string.prototype.trimstart "^1.0.6"
-    typed-array-buffer "^1.0.0"
-    typed-array-byte-length "^1.0.0"
-    typed-array-byte-offset "^1.0.0"
-    typed-array-length "^1.0.4"
+    object.assign "^4.1.5"
+    regexp.prototype.flags "^1.5.2"
+    safe-array-concat "^1.1.2"
+    safe-regex-test "^1.0.3"
+    string.prototype.trim "^1.2.9"
+    string.prototype.trimend "^1.0.8"
+    string.prototype.trimstart "^1.0.8"
+    typed-array-buffer "^1.0.2"
+    typed-array-byte-length "^1.0.1"
+    typed-array-byte-offset "^1.0.2"
+    typed-array-length "^1.0.6"
     unbox-primitive "^1.0.2"
-    which-typed-array "^1.1.10"
+    which-typed-array "^1.1.15"
 
 es-array-method-boxes-properly@^1.0.0:
   version "1.0.0"
@@ -16615,7 +16684,7 @@ es-define-property@^1.0.0:
   dependencies:
     get-intrinsic "^1.2.4"
 
-es-errors@^1.3.0:
+es-errors@^1.2.1, es-errors@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
   integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
@@ -16640,14 +16709,21 @@ es-module-lexer@^1.2.1:
   resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.5.0.tgz#4878fee3789ad99e065f975fdd3c645529ff0236"
   integrity sha512-pqrTKmwEIgafsYZAGw9kszYzmagcE/n4dbgwGWLEXg7J4QFJVQRBld8j3Q3GNez79jzxZshq0bcT962QHOghjw==
 
-es-set-tostringtag@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.0.1.tgz#338d502f6f674301d710b80c8592de8a15f09cd8"
-  integrity sha512-g3OMbtlwY3QewlqAiMLI47KywjWZoEytKr8pf6iTC8uJq5bIAH52Z9pnQ8pVL6whrCto53JZDuUIsifGeLorTg==
+es-object-atoms@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.0.0.tgz#ddb55cd47ac2e240701260bc2a8e31ecb643d941"
+  integrity sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==
   dependencies:
-    get-intrinsic "^1.1.3"
-    has "^1.0.3"
-    has-tostringtag "^1.0.0"
+    es-errors "^1.3.0"
+
+es-set-tostringtag@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz#8bb60f0a440c2e4281962428438d58545af39777"
+  integrity sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==
+  dependencies:
+    get-intrinsic "^1.2.4"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.1"
 
 es-shim-unscopables@^1.0.0:
   version "1.0.0"
@@ -17251,7 +17327,7 @@ eventemitter2@6.4.7:
   resolved "https://registry.yarnpkg.com/eventemitter2/-/eventemitter2-6.4.7.tgz#a7f6c4d7abf28a14c1ef3442f21cb306a054271d"
   integrity sha512-tYUSVOGeQPKt/eC1ABfhHy5Xd96N3oIijJvN3O9+TsC28T5V9yX9oEfEK5faP0EFSNVOG97qtAS68GBrQB2hDg==
 
-eventemitter3@^4.0.0, eventemitter3@^4.0.4, eventemitter3@^4.0.7:
+eventemitter3@^4.0.0, eventemitter3@^4.0.4:
   version "4.0.7"
   resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
   integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
@@ -18099,10 +18175,10 @@ formidable@^3.5.1:
     hexoid "^1.0.0"
     once "^1.4.0"
 
-formik@^2.4.5:
-  version "2.4.5"
-  resolved "https://registry.yarnpkg.com/formik/-/formik-2.4.5.tgz#f899b5b7a6f103a8fabb679823e8fafc7e0ee1b4"
-  integrity sha512-Gxlht0TD3vVdzMDHwkiNZqJ7Mvg77xQNfmBRrNtvzcHZs72TJppSTDKHpImCMJZwcWPBJ8jSQQ95GJzXFf1nAQ==
+formik@^2.4.6:
+  version "2.4.6"
+  resolved "https://registry.yarnpkg.com/formik/-/formik-2.4.6.tgz#4da75ca80f1a827ab35b08fd98d5a76e928c9686"
+  integrity sha512-A+2EI7U7aG296q2TLGvNapDNTZp1khVt5Vk0Q/fyfSROss0V/V6+txt2aJnwEos44IxTCW/LYAi/zgWzlevj+g==
   dependencies:
     "@types/hoist-non-react-statics" "^3.3.1"
     deepmerge "^2.1.1"
@@ -18282,17 +18358,17 @@ function-bind@^1.0.2, function-bind@^1.1.1, function-bind@^1.1.2:
   resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c"
   integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
 
-function.prototype.name@^1.1.0, function.prototype.name@^1.1.2, function.prototype.name@^1.1.5:
-  version "1.1.5"
-  resolved "https://registry.yarnpkg.com/function.prototype.name/-/function.prototype.name-1.1.5.tgz#cce0505fe1ffb80503e6f9e46cc64e46a12a9621"
-  integrity sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==
+function.prototype.name@^1.1.0, function.prototype.name@^1.1.2, function.prototype.name@^1.1.6:
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/function.prototype.name/-/function.prototype.name-1.1.6.tgz#cdf315b7d90ee77a4c6ee216c3c3362da07533fd"
+  integrity sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==
   dependencies:
     call-bind "^1.0.2"
-    define-properties "^1.1.3"
-    es-abstract "^1.19.0"
-    functions-have-names "^1.2.2"
+    define-properties "^1.2.0"
+    es-abstract "^1.22.1"
+    functions-have-names "^1.2.3"
 
-functions-have-names@^1.2.2, functions-have-names@^1.2.3:
+functions-have-names@^1.2.3:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834"
   integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==
@@ -18386,7 +18462,7 @@ get-east-asian-width@^1.0.0:
   resolved "https://registry.yarnpkg.com/get-east-asian-width/-/get-east-asian-width-1.2.0.tgz#5e6ebd9baee6fb8b7b6bd505221065f0cd91f64e"
   integrity sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==
 
-get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.0, get-intrinsic@^1.2.1, get-intrinsic@^1.2.2, get-intrinsic@^1.2.4:
+get-intrinsic@^1.0.2, get-intrinsic@^1.1.3, get-intrinsic@^1.2.1, get-intrinsic@^1.2.2, get-intrinsic@^1.2.3, get-intrinsic@^1.2.4:
   version "1.2.4"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.4.tgz#e385f5a4b5227d449c3eabbad05494ef0abbeadd"
   integrity sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==
@@ -18456,13 +18532,14 @@ get-stream@^6.0.0, get-stream@^6.0.1:
   resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7"
   integrity sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==
 
-get-symbol-description@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/get-symbol-description/-/get-symbol-description-1.0.0.tgz#7fdb81c900101fbd564dd5f1a30af5aadc1e58d6"
-  integrity sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==
+get-symbol-description@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/get-symbol-description/-/get-symbol-description-1.0.2.tgz#533744d5aa20aca4e079c8e5daf7fd44202821f5"
+  integrity sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg==
   dependencies:
-    call-bind "^1.0.2"
-    get-intrinsic "^1.1.1"
+    call-bind "^1.0.5"
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.4"
 
 get-uri@^6.0.1:
   version "6.0.1"
@@ -18963,10 +19040,10 @@ has-property-descriptors@^1.0.0, has-property-descriptors@^1.0.2:
   dependencies:
     es-define-property "^1.0.0"
 
-has-proto@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.1.tgz#1885c1305538958aff469fef37937c22795408e0"
-  integrity sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==
+has-proto@^1.0.1, has-proto@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.3.tgz#b31ddfe9b0e6e9914536a6ab286426d0214f77fd"
+  integrity sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==
 
 has-symbols@^1.0.0, has-symbols@^1.0.1, has-symbols@^1.0.3:
   version "1.0.3"
@@ -19016,12 +19093,10 @@ has-values@^1.0.0:
     is-number "^3.0.0"
     kind-of "^4.0.0"
 
-has@^1.0.0, has@^1.0.1, has@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796"
-  integrity sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==
-  dependencies:
-    function-bind "^1.1.1"
+has@^1.0.0, has@^1.0.1, has@^1.0.3, has@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/has/-/has-1.0.4.tgz#2eb2860e000011dae4f1406a86fe80e530fb2ec6"
+  integrity sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ==
 
 hash-base@^2.0.0:
   version "2.0.2"
@@ -19054,10 +19129,10 @@ hasha@^5.0.0:
     is-stream "^2.0.0"
     type-fest "^0.8.0"
 
-hasown@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.0.tgz#f4c513d454a57b7c7e1650778de226b11700546c"
-  integrity sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==
+hasown@^2.0.0, hasown@^2.0.1, hasown@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
+  integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
   dependencies:
     function-bind "^1.1.2"
 
@@ -19489,7 +19564,7 @@ http-proxy-middleware@^2.0.3:
     is-plain-obj "^3.0.0"
     micromatch "^4.0.2"
 
-http-proxy@^1.18.1:
+http-proxy@^1.17.0, http-proxy@^1.18.1:
   version "1.18.1"
   resolved "https://registry.yarnpkg.com/http-proxy/-/http-proxy-1.18.1.tgz#401541f0534884bbf95260334e72f88ee3976549"
   integrity sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==
@@ -19798,12 +19873,12 @@ install-artifact-from-github@^1.3.5:
   resolved "https://registry.yarnpkg.com/install-artifact-from-github/-/install-artifact-from-github-1.3.5.tgz#88c96fe40e5eb21d45586d564208c648a1dbf38d"
   integrity sha512-gZHC7f/cJgXz7MXlHFBxPVMsvIbev1OQN1uKQYKVJDydGNm9oYf9JstbU4Atnh/eSvk41WtEovoRm+8IF686xg==
 
-internal-slot@^1.0.3, internal-slot@^1.0.4, internal-slot@^1.0.5:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.6.tgz#37e756098c4911c5e912b8edbf71ed3aa116f930"
-  integrity sha512-Xj6dv+PsbtwyPpEflsejS+oIZxmMlV44zAhG479uYu89MsjcYOhCFnNyKrkJrihbsiasQyY0afoCl/9BLR65bg==
+internal-slot@^1.0.3, internal-slot@^1.0.4, internal-slot@^1.0.7:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.7.tgz#c06dcca3ed874249881007b0a5523b172a190802"
+  integrity sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==
   dependencies:
-    get-intrinsic "^1.2.2"
+    es-errors "^1.3.0"
     hasown "^2.0.0"
     side-channel "^1.0.4"
 
@@ -19947,14 +20022,13 @@ is-arguments@^1.0.4, is-arguments@^1.1.1:
     call-bind "^1.0.2"
     has-tostringtag "^1.0.0"
 
-is-array-buffer@^3.0.1, is-array-buffer@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.2.tgz#f2653ced8412081638ecb0ebbd0c41c6e0aecbbe"
-  integrity sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==
+is-array-buffer@^3.0.2, is-array-buffer@^3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.4.tgz#7a1f92b3d61edd2bc65d24f130530ea93d7fae98"
+  integrity sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==
   dependencies:
     call-bind "^1.0.2"
-    get-intrinsic "^1.2.0"
-    is-typed-array "^1.1.10"
+    get-intrinsic "^1.2.1"
 
 is-arrayish@^0.2.1:
   version "0.2.1"
@@ -20035,6 +20109,13 @@ is-data-descriptor@^1.0.0:
   dependencies:
     kind-of "^6.0.0"
 
+is-data-view@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-data-view/-/is-data-view-1.0.1.tgz#4b4d3a511b70f3dc26d42c03ca9ca515d847759f"
+  integrity sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w==
+  dependencies:
+    is-typed-array "^1.1.13"
+
 is-date-object@^1.0.1, is-date-object@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f"
@@ -20203,10 +20284,10 @@ is-negated-glob@^1.0.0:
   resolved "https://registry.yarnpkg.com/is-negated-glob/-/is-negated-glob-1.0.0.tgz#6910bca5da8c95e784b5751b976cf5a10fee36d2"
   integrity sha1-aRC8pdqMleeEtXUbl2z1oQ/uNtI=
 
-is-negative-zero@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.2.tgz#7bf6f03a28003b8b3965de3ac26f664d765f3150"
-  integrity sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==
+is-negative-zero@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.3.tgz#ced903a027aca6381b777a5743069d7376a49747"
+  integrity sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==
 
 is-nil@^1.0.0:
   version "1.0.1"
@@ -20375,12 +20456,12 @@ is-set@^2.0.1, is-set@^2.0.2:
   resolved "https://registry.yarnpkg.com/is-set/-/is-set-2.0.2.tgz#90755fa4c2562dc1c5d4024760d6119b94ca18ec"
   integrity sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g==
 
-is-shared-array-buffer@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79"
-  integrity sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==
+is-shared-array-buffer@^1.0.2, is-shared-array-buffer@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz#1237f1cba059cdb62431d378dcc37d9680181688"
+  integrity sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==
   dependencies:
-    call-bind "^1.0.2"
+    call-bind "^1.0.7"
 
 is-stream@^1.1.0:
   version "1.1.0"
@@ -20411,7 +20492,7 @@ is-symbol@^1.0.2, is-symbol@^1.0.3:
   dependencies:
     has-symbols "^1.0.1"
 
-is-typed-array@^1.1.10, is-typed-array@^1.1.9:
+is-typed-array@^1.1.13:
   version "1.1.13"
   resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.13.tgz#d6c5ca56df62334959322d7d7dd1cca50debe229"
   integrity sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==
@@ -21229,23 +21310,23 @@ jest@^29.6.1:
     import-local "^3.0.2"
     jest-cli "^29.6.1"
 
-joi-to-json@^4.2.1:
-  version "4.2.1"
-  resolved "https://registry.yarnpkg.com/joi-to-json/-/joi-to-json-4.2.1.tgz#be275866fd617c63f1ae81eea428fa5de6e036a4"
-  integrity sha512-HIPyrmT9akm2C4zOZ3qR30GkQs7JBr3LX1/oXXWyC2E1NUnDHjTczqHT0H6l495B99xAyFaJ6LM6KRFTdkKoxQ==
+joi-to-json@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/joi-to-json/-/joi-to-json-4.3.0.tgz#c56131ecf8a772fce89fd98b7f81d7b0fac31dbc"
+  integrity sha512-j6wV/liW2CmPJBJCAsRHegS91JV2QQtg2J/Z/67VfdSvuE65njCx6DrYZY1cw0BXwlxHewpVtiDnY8W0aaNr+A==
   dependencies:
     combinations "^1.0.0"
     lodash "^4.17.21"
     semver-compare "^1.0.0"
 
-joi@^17.3.0, joi@^17.7.1:
-  version "17.7.1"
-  resolved "https://registry.yarnpkg.com/joi/-/joi-17.7.1.tgz#854fc85c7fa3cfc47c91124d30bffdbb58e06cec"
-  integrity sha512-teoLhIvWE298R6AeJywcjR4sX2hHjB3/xJX4qPjg+gTg+c0mzUDsziYlqPmLomq9gVsfaMcgPaGc7VxtD/9StA==
+joi@^17.13.3, joi@^17.3.0:
+  version "17.13.3"
+  resolved "https://registry.yarnpkg.com/joi/-/joi-17.13.3.tgz#0f5cc1169c999b30d344366d384b12d92558bcec"
+  integrity sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==
   dependencies:
-    "@hapi/hoek" "^9.0.0"
-    "@hapi/topo" "^5.0.0"
-    "@sideway/address" "^4.1.3"
+    "@hapi/hoek" "^9.3.0"
+    "@hapi/topo" "^5.1.0"
+    "@sideway/address" "^4.1.5"
     "@sideway/formula" "^3.0.1"
     "@sideway/pinpoint" "^2.0.0"
 
@@ -21760,18 +21841,18 @@ launchdarkly-eventsource@2.0.3:
   resolved "https://registry.yarnpkg.com/launchdarkly-eventsource/-/launchdarkly-eventsource-2.0.3.tgz#8a7b8da5538153f438f7d452b1c87643d900f984"
   integrity sha512-VhFjppK7jXlcEKaS7bxdoibB5j01NKyeDR7a8XfssdDGNWCTsbF0/5IExSmPi44eDncPhkoPNxlSZhEZvrbD5w==
 
-launchdarkly-js-client-sdk@^3.3.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/launchdarkly-js-client-sdk/-/launchdarkly-js-client-sdk-3.3.0.tgz#33573b884438b63f1501039c4bf0b174694a06d0"
-  integrity sha512-Hb+EF/5m43jsKrkXLPrdklX5g+XUJiwJQlVfa4y+ZPEqSnP4w4GrFp+Iv5ftWCcRhhpQuw/rygoNZlL1e1vmgg==
+launchdarkly-js-client-sdk@^3.4.0:
+  version "3.4.0"
+  resolved "https://registry.yarnpkg.com/launchdarkly-js-client-sdk/-/launchdarkly-js-client-sdk-3.4.0.tgz#5b5959b548edac8a0f368eb40b079d942573d37b"
+  integrity sha512-3v1jKy1RECT0SG/3SGlyRO32vweoNxvWiJuIChRh/Zhk98cHpANuwameXVhwJ4WEDNZJTur73baaKAyatSP46A==
   dependencies:
     escape-string-regexp "^4.0.0"
-    launchdarkly-js-sdk-common "5.2.0"
+    launchdarkly-js-sdk-common "5.3.0"
 
-launchdarkly-js-sdk-common@5.2.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/launchdarkly-js-sdk-common/-/launchdarkly-js-sdk-common-5.2.0.tgz#be9fadc59786c060087a3b818d15af700faf0fd2"
-  integrity sha512-aLv2ZrUv229RIwLtFhdILu2aJS/fqGSJzTk4L/bCDZA8RuIh7PutI3ui/AJeNnzPzjKzdEQZw6wVhkVc84baog==
+launchdarkly-js-sdk-common@5.3.0:
+  version "5.3.0"
+  resolved "https://registry.yarnpkg.com/launchdarkly-js-sdk-common/-/launchdarkly-js-sdk-common-5.3.0.tgz#336a54843f5ba3541632e10014e49dff45d41674"
+  integrity sha512-NI5wFF8qhjtpRb4KelGdnwNIOf/boLlbLiseV7uf1jxSeoM/L30DAz87RT8VhYCSGCo4LedGILQFednI/MKFkA==
   dependencies:
     base64-js "^1.3.0"
     fast-deep-equal "^2.0.1"
@@ -22502,7 +22583,7 @@ markdown-table@^2.0.0:
   dependencies:
     repeat-string "^1.0.0"
 
-marked@^4.0.15:
+marked@^4.3.0:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/marked/-/marked-4.3.0.tgz#796362821b019f734054582038b116481b456cf3"
   integrity sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A==
@@ -23172,17 +23253,19 @@ ml-tree-similarity@^1.0.0:
     binary-search "^1.3.5"
     num-sort "^2.0.0"
 
-mobx-react-lite@^3.4.0:
-  version "3.4.3"
-  resolved "https://registry.yarnpkg.com/mobx-react-lite/-/mobx-react-lite-3.4.3.tgz#3a4c22c30bfaa8b1b2aa48d12b2ba811c0947ab7"
-  integrity sha512-NkJREyFTSUXR772Qaai51BnE1voWx56LOL80xG7qkZr6vo8vEaLF3sz1JNUVh+rxmUzxYaqOhfuxTfqUh0FXUg==
+mobx-react-lite@^4.0.7:
+  version "4.0.7"
+  resolved "https://registry.yarnpkg.com/mobx-react-lite/-/mobx-react-lite-4.0.7.tgz#f4e21e18d05c811010dcb1d3007e797924c4d90b"
+  integrity sha512-RjwdseshK9Mg8On5tyJZHtGD+J78ZnCnRaxeQDSiciKVQDUbfZcXhmld0VMxAwvcTnPEHZySGGewm467Fcpreg==
+  dependencies:
+    use-sync-external-store "^1.2.0"
 
-mobx-react@^7.2.0:
-  version "7.6.0"
-  resolved "https://registry.yarnpkg.com/mobx-react/-/mobx-react-7.6.0.tgz#ebf0456728a9bd2e5c24fdcf9b36e285a222a7d6"
-  integrity sha512-+HQUNuh7AoQ9ZnU6c4rvbiVVl+wEkb9WqYsVDzGLng+Dqj1XntHu79PvEWKtSMoMj67vFp/ZPXcElosuJO8ckA==
+mobx-react@^9.1.1:
+  version "9.1.1"
+  resolved "https://registry.yarnpkg.com/mobx-react/-/mobx-react-9.1.1.tgz#b96e0d5d74a3d02fc62729fd344b2a3ad2a88aae"
+  integrity sha512-gVV7AdSrAAxqXOJ2bAbGa5TkPqvITSzaPiiEkzpW4rRsMhSec7C2NBCJYILADHKp2tzOAIETGRsIY0UaCV5aEw==
   dependencies:
-    mobx-react-lite "^3.4.0"
+    mobx-react-lite "^4.0.7"
 
 mobx@^6.0.4:
   version "6.12.0"
@@ -23895,10 +23978,10 @@ node-source-walk@^6.0.0, node-source-walk@^6.0.1, node-source-walk@^6.0.2:
   dependencies:
     "@babel/parser" "^7.21.8"
 
-nodemailer@^6.9.9:
-  version "6.9.9"
-  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.9.9.tgz#4549bfbf710cc6addec5064dd0f19874d24248d9"
-  integrity sha512-dexTll8zqQoVJEZPwQAKzxxtFn0qTnjdQTchoU6Re9BUUGBJiOy3YMn/0ShTW6J5M0dfQ1NeDeRTTl4oIWgQMA==
+nodemailer@^6.9.14:
+  version "6.9.14"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.9.14.tgz#845fda981f9fd5ac264f4446af908a7c78027f75"
+  integrity sha512-Dobp/ebDKBvz91sbtRKhcznLThrKxKt97GI2FAlAyy+fk19j73Uz3sBXolVtmcXjaorivqsbbbjDY+Jkt4/bQA==
 
 nopt@^4.0.1:
   version "4.0.3"
@@ -24157,10 +24240,10 @@ object-identity-map@^1.0.2:
   dependencies:
     object.entries "^1.1.0"
 
-object-inspect@^1.12.3, object-inspect@^1.6.0, object-inspect@^1.7.0, object-inspect@^1.9.0:
-  version "1.12.3"
-  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
-  integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
+object-inspect@^1.13.1, object-inspect@^1.6.0, object-inspect@^1.7.0, object-inspect@^1.9.0:
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.2.tgz#dea0088467fb991e67af4058147a24824a3043ff"
+  integrity sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==
 
 object-is@^1.0.1, object-is@^1.0.2, object-is@^1.1.2, object-is@^1.1.5:
   version "1.1.5"
@@ -24194,13 +24277,13 @@ object-visit@^1.0.0:
   dependencies:
     isobject "^3.0.0"
 
-object.assign@^4.1.0, object.assign@^4.1.4:
-  version "4.1.4"
-  resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f"
-  integrity sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==
+object.assign@^4.1.0, object.assign@^4.1.4, object.assign@^4.1.5:
+  version "4.1.5"
+  resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.5.tgz#3a833f9ab7fdb80fc9e8d2300c803d216d8fdbb0"
+  integrity sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==
   dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.4"
+    call-bind "^1.0.5"
+    define-properties "^1.2.1"
     has-symbols "^1.0.3"
     object-keys "^1.1.1"
 
@@ -24350,10 +24433,10 @@ openai@^4.24.1, openai@^4.41.1:
     node-fetch "^2.6.7"
     web-streams-polyfill "^3.2.1"
 
-openapi-sampler@^1.3.1:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/openapi-sampler/-/openapi-sampler-1.4.0.tgz#c133cad6250481f2ec7e48b16eb70062adb514c0"
-  integrity sha512-3FKJQCHAMG9T7RsRy9u5Ft4ERPq1QQmn77C8T3OSofYL9uur59AqychvQ0YQKijrqRwIkAbzkh+nQnAE3gjMVA==
+openapi-sampler@^1.5.0:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/openapi-sampler/-/openapi-sampler-1.5.1.tgz#2b0145179abb0d75eaf50c82b86ef044d22bd671"
+  integrity sha512-tIWIrZUKNAsbqf3bd9U1oH6JEXo8LNYuDlXw26By67EygpjT+ArFnsxxyTMjFWRfbqo5ozkvgSQDK69Gd8CddA==
   dependencies:
     "@types/json-schema" "^7.0.7"
     json-pointer "0.6.2"
@@ -25226,7 +25309,7 @@ polished@^3.7.2:
   dependencies:
     "@babel/runtime" "^7.12.5"
 
-polished@^4.1.3, polished@^4.2.2:
+polished@^4.2.2:
   version "4.2.2"
   resolved "https://registry.yarnpkg.com/polished/-/polished-4.2.2.tgz#2529bb7c3198945373c52e34618c8fe7b1aa84d1"
   integrity sha512-Sz2Lkdxz6F2Pgnpi9U5Ng/WdWAUZxmHrNPoVlm3aAemxoy2Qy7LGjQg4uf8qKelDAUW94F4np3iH2YPf2qefcQ==
@@ -25701,7 +25784,7 @@ printj@~1.1.0:
   resolved "https://registry.yarnpkg.com/printj/-/printj-1.1.2.tgz#d90deb2975a8b9f600fb3a1c94e3f4c53c78a222"
   integrity sha512-zA2SmoLaxZyArQTOPj5LXecR+RagfPSU5Kw1qP+jkWeNlrq+eJZyY2oS68SU1Z/7/myXM4lo9716laOFAVStCQ==
 
-prismjs@^1.22.0, prismjs@^1.27.0:
+prismjs@^1.22.0, prismjs@^1.29.0:
   version "1.29.0"
   resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.29.0.tgz#f113555a8fa9b57c35e637bba27509dcf802dd12"
   integrity sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==
@@ -26450,7 +26533,7 @@ react-is@17.0.2, react-is@^17.0.0, react-is@^17.0.1, react-is@^17.0.2:
   resolved "https://registry.yarnpkg.com/react-is/-/react-is-17.0.2.tgz#e691d4a8e9c789365655539ab372762b0efb54f0"
   integrity sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==
 
-react-is@18.1.0, "react-is@^16.12.0 || ^17.0.0 || ^18.0.0", react-is@^18.0.0:
+react-is@18.1.0:
   version "18.1.0"
   resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.1.0.tgz#61aaed3096d30eacf2a2127118b5b41387d32a67"
   integrity sha512-Fl7FuabXsJnV5Q1qIOQwx/sagGF18kogb4gpfcG4gjLBWO0WDiiz1ko/ExayuxE7InyQkBLkxRFG5oxY6Uu3Kg==
@@ -26460,6 +26543,11 @@ react-is@^16.12.0, react-is@^16.13.1, react-is@^16.6.0, react-is@^16.7.0, react-
   resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4"
   integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
 
+"react-is@^16.12.0 || ^17.0.0 || ^18.0.0", react-is@^18.0.0, react-is@^18.2.0:
+  version "18.3.1"
+  resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.3.1.tgz#e83557dc12eae63a99e003a46388b1dcbb44db7e"
+  integrity sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==
+
 react-lifecycles-compat@^3.0.4:
   version "3.0.4"
   resolved "https://registry.yarnpkg.com/react-lifecycles-compat/-/react-lifecycles-compat-3.0.4.tgz#4f1a273afdfc8f3488a8c516bfda78f872352362"
@@ -26657,7 +26745,7 @@ react-select@^5.0.0:
     prop-types "^15.6.0"
     react-transition-group "^4.3.0"
 
-react-shallow-renderer@^16.13.1:
+react-shallow-renderer@^16.13.1, react-shallow-renderer@^16.15.0:
   version "16.15.0"
   resolved "https://registry.yarnpkg.com/react-shallow-renderer/-/react-shallow-renderer-16.15.0.tgz#48fb2cf9b23d23cde96708fe5273a7d3446f4457"
   integrity sha512-oScf2FqQ9LFVQgA73vr86xl2NaOIX73rh+YFqcOp68CWj56tSfgtGKrEbyhCj0rSijyG9M1CYprTh39fBi5hzA==
@@ -26707,12 +26795,12 @@ react-syntax-highlighter@^15.3.1:
     prismjs "^1.22.0"
     refractor "^3.2.0"
 
-react-tabs@^4.3.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/react-tabs/-/react-tabs-4.3.0.tgz#9f4db0fd209ba4ab2c1e78993ff964435f84af62"
-  integrity sha512-2GfoG+f41kiBIIyd3gF+/GRCCYtamC8/2zlAcD8cqQmqI9Q+YVz7fJLHMmU9pXDVYYHpJeCgUSBJju85vu5q8Q==
+react-tabs@^6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/react-tabs/-/react-tabs-6.0.2.tgz#bc1065c3828561fee285a8fd045f22e0fcdde1eb"
+  integrity sha512-aQXTKolnM28k3KguGDBSAbJvcowOQr23A+CUJdzJtOSDOtTwzEaJA+1U4KwhNL9+Obe+jFS7geuvA7ICQPXOnQ==
   dependencies:
-    clsx "^1.1.0"
+    clsx "^2.0.0"
     prop-types "^15.5.0"
 
 "react-test-renderer@^16.8.0 || ^17.0.0", react-test-renderer@^17.0.0, react-test-renderer@^17.0.2:
@@ -26945,10 +27033,10 @@ real-require@^0.2.0:
   resolved "https://registry.yarnpkg.com/real-require/-/real-require-0.2.0.tgz#209632dea1810be2ae063a6ac084fee7e33fba78"
   integrity sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==
 
-recast@^0.23.7:
-  version "0.23.7"
-  resolved "https://registry.yarnpkg.com/recast/-/recast-0.23.7.tgz#1e08f164e10402b075c904a2b01022b3da039c72"
-  integrity sha512-MpQlLZVpqbbxYcqEjwpRWo88sGvjOYoXptySz710RuddNMHx+wPkoNX6YyLZJlXAh5VZr1qmPrTwcTuFMh0Lag==
+recast@^0.23.9:
+  version "0.23.9"
+  resolved "https://registry.yarnpkg.com/recast/-/recast-0.23.9.tgz#587c5d3a77c2cfcb0c18ccce6da4361528c2587b"
+  integrity sha512-Hx/BGIbwj+Des3+xy5uAtAbdCyqK9y9wbBcDFDYanLS9JnMqf7OeF87HQwUimE87OEc72mr6tkKUKMBBL+hF9Q==
   dependencies:
     ast-types "^0.16.1"
     esprima "~4.0.0"
@@ -26986,31 +27074,32 @@ redent@^3.0.0:
     indent-string "^4.0.0"
     strip-indent "^3.0.0"
 
-redoc@~2.1.3:
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/redoc/-/redoc-2.1.3.tgz#612c9fed744993d5fc99cbf39fe9056bd1034fa5"
-  integrity sha512-d7F9qLLxaiFW4GC03VkwlX9wuRIpx9aiIIf3o6mzMnqPfhxrn2IRKGndrkJeVdItgCfmg9jXZiFEowm60f1meQ==
+redoc@~2.1.5:
+  version "2.1.5"
+  resolved "https://registry.yarnpkg.com/redoc/-/redoc-2.1.5.tgz#421307b22036b244171095bfc7ea3cfd419563c8"
+  integrity sha512-POSbVg+7WLf+/5/c6GWLxL7+9t2D+1WlZdLN0a6qaCQc+ih3XYzteRBkXEN5kjrYrRNjdspfxTZkDLN5WV3Tzg==
   dependencies:
-    "@redocly/openapi-core" "^1.0.0-rc.2"
-    classnames "^2.3.1"
+    "@cfaester/enzyme-adapter-react-18" "^0.8.0"
+    "@redocly/openapi-core" "^1.4.0"
+    classnames "^2.3.2"
     decko "^1.2.0"
-    dompurify "^2.2.8"
-    eventemitter3 "^4.0.7"
+    dompurify "^3.0.6"
+    eventemitter3 "^5.0.1"
     json-pointer "^0.6.2"
     lunr "^2.3.9"
     mark.js "^8.11.1"
-    marked "^4.0.15"
-    mobx-react "^7.2.0"
-    openapi-sampler "^1.3.1"
+    marked "^4.3.0"
+    mobx-react "^9.1.1"
+    openapi-sampler "^1.5.0"
     path-browserify "^1.0.1"
     perfect-scrollbar "^1.5.5"
-    polished "^4.1.3"
-    prismjs "^1.27.0"
-    prop-types "^15.7.2"
-    react-tabs "^4.3.0"
+    polished "^4.2.2"
+    prismjs "^1.29.0"
+    prop-types "^15.8.1"
+    react-tabs "^6.0.2"
     slugify "~1.4.7"
     stickyfill "^1.1.1"
-    swagger2openapi "^7.0.6"
+    swagger2openapi "^7.0.8"
     url-template "^2.0.8"
 
 reduce-reducers@^0.4.3:
@@ -27139,14 +27228,15 @@ regex-not@^1.0.0, regex-not@^1.0.2:
     extend-shallow "^3.0.2"
     safe-regex "^1.1.0"
 
-regexp.prototype.flags@^1.2.0, regexp.prototype.flags@^1.4.3, regexp.prototype.flags@^1.5.0, regexp.prototype.flags@^1.5.1:
-  version "1.5.1"
-  resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz#90ce989138db209f81492edd734183ce99f9677e"
-  integrity sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg==
+regexp.prototype.flags@^1.2.0, regexp.prototype.flags@^1.4.3, regexp.prototype.flags@^1.5.1, regexp.prototype.flags@^1.5.2:
+  version "1.5.2"
+  resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz#138f644a3350f981a858c44f6bb1a61ff59be334"
+  integrity sha512-NcDiDkTLuPR+++OCKB0nWafEmhg/Da8aUPLPMQbK+bxKKCm1/S5he+AqYa4PlMCVBalb4/yxIRub6qkEx5yJbw==
   dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.2.0"
-    set-function-name "^2.0.0"
+    call-bind "^1.0.6"
+    define-properties "^1.2.1"
+    es-errors "^1.3.0"
+    set-function-name "^2.0.1"
 
 regexpp@^3.0.0:
   version "3.2.0"
@@ -27451,10 +27541,10 @@ require-from-string@^2.0.2:
   resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909"
   integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==
 
-require-in-the-middle@^7.0.1, require-in-the-middle@^7.1.1, require-in-the-middle@^7.2.1:
-  version "7.2.1"
-  resolved "https://registry.yarnpkg.com/require-in-the-middle/-/require-in-the-middle-7.2.1.tgz#0d1f5e86a69aa14322f5951b924f02ad75f70b6b"
-  integrity sha512-u5XngygsJ+XV2dBV/Pl4SrcNpUXQfmYmXtuFeHDXfzk4i4NnGnret6xKWkkJHjMHS/16yMV9pEAlAunqmjllkA==
+require-in-the-middle@^7.0.1, require-in-the-middle@^7.1.1, require-in-the-middle@^7.3.0:
+  version "7.3.0"
+  resolved "https://registry.yarnpkg.com/require-in-the-middle/-/require-in-the-middle-7.3.0.tgz#ce64a1083647dc07b3273b348357efac8a9945c9"
+  integrity sha512-nQFEv9gRw6SJAwWD2LrL0NmQvAcO7FBwJbwmr2ttPAacfy0xuiOjE5zt+zM4xDyuyvUaxBi/9gb2SoCyNEVJcw==
   dependencies:
     debug "^4.1.1"
     module-details-from-path "^1.0.3"
@@ -27770,13 +27860,13 @@ rxjs@^7.4.0, rxjs@^7.5.5:
   dependencies:
     tslib "^2.1.0"
 
-safe-array-concat@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/safe-array-concat/-/safe-array-concat-1.0.0.tgz#2064223cba3c08d2ee05148eedbc563cd6d84060"
-  integrity sha512-9dVEFruWIsnie89yym+xWTAYASdpw3CJV7Li/6zBewGf9z2i1j31rP6jnY0pHEO4QZh6N0K11bFjWmdR8UGdPQ==
+safe-array-concat@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/safe-array-concat/-/safe-array-concat-1.1.2.tgz#81d77ee0c4e8b863635227c721278dd524c20edb"
+  integrity sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q==
   dependencies:
-    call-bind "^1.0.2"
-    get-intrinsic "^1.2.0"
+    call-bind "^1.0.7"
+    get-intrinsic "^1.2.4"
     has-symbols "^1.0.3"
     isarray "^2.0.5"
 
@@ -27800,13 +27890,13 @@ safe-json-stringify@^1.2.0:
   resolved "https://registry.yarnpkg.com/safe-json-stringify/-/safe-json-stringify-1.2.0.tgz#356e44bc98f1f93ce45df14bcd7c01cda86e0afd"
   integrity sha512-gH8eh2nZudPQO6TytOvbxnuhYBOvDBBLW52tz5q6X58lJcd/tkmqFR+5Z9adS8aJtURSXWThWy/xJtJwixErvg==
 
-safe-regex-test@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.0.tgz#793b874d524eb3640d1873aad03596db2d4f2295"
-  integrity sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==
+safe-regex-test@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.3.tgz#a5b4c0f06e0ab50ea2c395c14d8371232924c377"
+  integrity sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw==
   dependencies:
-    call-bind "^1.0.2"
-    get-intrinsic "^1.1.3"
+    call-bind "^1.0.6"
+    es-errors "^1.3.0"
     is-regex "^1.1.4"
 
 safe-regex@^1.1.0:
@@ -27848,90 +27938,95 @@ sane@^4.0.3:
     minimist "^1.1.1"
     walker "~1.0.5"
 
-sass-embedded-android-arm64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-android-arm64/-/sass-embedded-android-arm64-1.71.1.tgz#9967153e36ec2e605d6679bd03356a1f222071c6"
-  integrity sha512-a7wJ1MM6sBwcM/8vIvvnwc9spoeNimNeXZpN9baSV4Ylthmr4GkTYYtf96Z/XYLdG5KBgYlxMs5T3OgqafdUMg==
-
-sass-embedded-android-arm@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-android-arm/-/sass-embedded-android-arm-1.71.1.tgz#3fdcdd7abad4e3605a8cd9def2e3a2224b582b6a"
-  integrity sha512-Pq6TlRg9lIYsZDo9XNQZnSg6grQKzBG3ssdv0W1SnYS1BzGKwbg8XnlUA/pVxK76BKEm8i+0DA4y8cZ8A3tmpw==
-
-sass-embedded-android-ia32@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-android-ia32/-/sass-embedded-android-ia32-1.71.1.tgz#c4d132a8315394c1246e7561edec20d4b5084598"
-  integrity sha512-tn3WZNdKQtr/DSzl4cQIDZkTO3JuuMxPvM/T+U7gBFyhU62NyF5wvwBnuh+BN3iaMowfkSknzCZCjyJDwnkDjw==
-
-sass-embedded-android-x64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-android-x64/-/sass-embedded-android-x64-1.71.1.tgz#e46c58622e74146d789f2e7241f2d22276aa46aa"
-  integrity sha512-l72Pqxfb/pArpOLyWsuL9s8ODWupRGATWTPwUT/GjVdSQJO/lQL5DopXb55Cwh2T7t2G10e+uXTEMKz0qngoWQ==
-
-sass-embedded-darwin-arm64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-darwin-arm64/-/sass-embedded-darwin-arm64-1.71.1.tgz#613836f73fe646df26577154295561d17b05f958"
-  integrity sha512-3eZDAcJBwoG0Kyasa/EbaKt1Jn2y0GHvCd0Oas/VtMsYL+/6abiCO1l8YltdxER4jvuHUKE2Ow7J6T6sC+vVQQ==
-
-sass-embedded-darwin-x64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.71.1.tgz#7b4aea4597f5cfc106998f1154f873bcb349c3da"
-  integrity sha512-/9FtMPVdQalhsRCD9opNIlZqJKe7veCjWsdj0J9utbc2bNCTYswXNQtC/jWJTjE9/gQ0+w5zwg9+fQzltdYh1w==
-
-sass-embedded-linux-arm64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-arm64/-/sass-embedded-linux-arm64-1.71.1.tgz#fbeebfbeb3594a6b1e085bd3c9d07156a35264f1"
-  integrity sha512-zUSmqeqcgTb3VjZggk9a9xB2ZGaAe/TYAi/vYRPNLY/f7dZSrsa9Ejo+LUm2aNl6V8hFzMz7BpoKsaRQJnb9GQ==
-
-sass-embedded-linux-arm@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-arm/-/sass-embedded-linux-arm-1.71.1.tgz#2381c077785d5977031e90e5d983e33e6a8c52b4"
-  integrity sha512-l7NEn0gji6GTN+p00DP2zZl9SE501Zy5obTA3beiD6+vQy7lCEC6vpNi/ZrlC6eRmgY2OKSBB2lfW7KSej9Hkg==
-
-sass-embedded-linux-ia32@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-ia32/-/sass-embedded-linux-ia32-1.71.1.tgz#7651382b8ec406de6408c1ff8d54fb20e79c9a54"
-  integrity sha512-NvzSljfc/Kw9/0CSn91AsINV2nh8vxhFe2cKexPMwvAqv/etU84dJMfJejxPJ39PmMqT1KvC4G+Qt2+6Mpe7oQ==
-
-sass-embedded-linux-musl-arm64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-arm64/-/sass-embedded-linux-musl-arm64-1.71.1.tgz#0eac007de358cc4a6de6deed102c76a2b50fd938"
-  integrity sha512-Agtf6BcYQ0mt+jVDcRcN7bDPrMAQOWMeX15NTlQH1rO8voObLo6ThVl2NUkiZyyVmu7a6YOrCxpGBVAK1cLGOg==
-
-sass-embedded-linux-musl-arm@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-arm/-/sass-embedded-linux-musl-arm-1.71.1.tgz#95af523da89e9713d915b3a8cab539fe360174e7"
-  integrity sha512-1O37K5EgSeQjCBizIF9xdZJw3mh5XYHOnsB4+65CLZg4ac84ragjFv9d9rYhwGs9QSgg1MoOv7VWnEIxQ8Pp9Q==
-
-sass-embedded-linux-musl-ia32@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-ia32/-/sass-embedded-linux-musl-ia32-1.71.1.tgz#e40f3e5a98efb197523c6c8e060aaa7f4c55c683"
-  integrity sha512-Cd5sJkt70bSlYEXUSj9mPMKZLzDL8LGcBKUIfQRrcBKjmzD2Va2eLq4Zati9Xzt54unuDp4bAUUTyvQmjLzFmA==
-
-sass-embedded-linux-musl-x64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-x64/-/sass-embedded-linux-musl-x64-1.71.1.tgz#3f21a68cb3e059f2eeae57cd3ff2b68e8f6bb1d6"
-  integrity sha512-uVfYms/lf4QVSvtQXkSm+Bq3wVsvkRMI30ca82rRwpwebxSaTbUr+uLnskh8QvbyfsbMyrzZQU0SCrO3uCua1A==
-
-sass-embedded-linux-x64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-linux-x64/-/sass-embedded-linux-x64-1.71.1.tgz#664c1d81506c36f87bc0dbdf2fe9ee9a457f6c95"
-  integrity sha512-7BXniYic16+MQx0InyH8OXburLPGMRYRWf0l/t/fRkNkUHWFl7NQPAX0yvj73c/PKOdaYEUY6isNB4OGUGtZHQ==
-
-sass-embedded-win32-ia32@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-win32-ia32/-/sass-embedded-win32-ia32-1.71.1.tgz#60ea5d4b54f4c6f1a073c1af60cff091459fbda9"
-  integrity sha512-ZDhL6hvekeKDkZ1wUj6wN0thrB/7wOO8HaQoagk+pKaHoa0Py7OLR/m9mQM8S13mZpUQduNsznmXV1fOss4GOg==
-
-sass-embedded-win32-x64@1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded-win32-x64/-/sass-embedded-win32-x64-1.71.1.tgz#ee18bb830303e28f4d0db284f7a87656de3d2610"
-  integrity sha512-ecWP1TFUA9ujOuOTJfWC1iZsSZOdQy5OxIEHqoERxunyjwzkiTxfN8J7Y4bNQ5uwb4K0brxWyIM8Fq+UgDqcZA==
-
-sass-embedded@^1.71.1:
-  version "1.71.1"
-  resolved "https://registry.yarnpkg.com/sass-embedded/-/sass-embedded-1.71.1.tgz#566f800026edbc3a56c5fff9b61f4bc88eacb464"
-  integrity sha512-nOmqErO1zd1wjvTbDscLZZ3fv5JPeQfaKuo0UCjYm7qPbpQcycp0l3nFZHxovjLjCetJ9IrLOADdznFYKV0f1A==
+sass-embedded-android-arm64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-android-arm64/-/sass-embedded-android-arm64-1.77.5.tgz#72247e760d3e765d184822cc8d970b77171c8e83"
+  integrity sha512-t4yIhK5OUpg1coZxFpDo3BhI2YVj21JxEd5SVI6FfcWD2ESroQWsC4cbq3ejw5aun8R1Kx6xH1EKxO8bSMvn1g==
+
+sass-embedded-android-arm@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-android-arm/-/sass-embedded-android-arm-1.77.5.tgz#df864165351efd6dd94703791e7d553c0405c46d"
+  integrity sha512-/DfNYoykqwMFduecqa8n0NH+cS6oLdCPFjwhe92efsOOt5WDYEOlolnhoOENZxqdzvSV+8axL+mHQ1Ypl4MLtg==
+
+sass-embedded-android-ia32@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-android-ia32/-/sass-embedded-android-ia32-1.77.5.tgz#7ba5d2567c28ddecaed34d8c7ae60aa8bda2d086"
+  integrity sha512-92dWhEbR0Z2kpjbpfOx4LM9wlNBSnDsRtwpkMUK8udQIE7uF3E4/Fsf/88IJk0MrRkk4iwrsxxiCb1bz2tWnHQ==
+
+sass-embedded-android-x64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-android-x64/-/sass-embedded-android-x64-1.77.5.tgz#d35af64ff83931c3fe135f1ffebf15bb5ffa2fcb"
+  integrity sha512-lFnXz9lRnjRLJ8Y28ONJViID3rDq4p6LJ/9ByPk2ZnSpx5ouUjsu4AfrXKJ0jgHWBaDvSKSxq2fPpt5aMQAEZA==
+
+sass-embedded-darwin-arm64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-darwin-arm64/-/sass-embedded-darwin-arm64-1.77.5.tgz#40bbb6b5df6817955bc2804c2b067a6ce85954ea"
+  integrity sha512-J3yP6w+xqPrGQE0+sO4Gam6kBDJL5ivgkFNxR0fVlvKeN5qVFYhymp/xGRRMxBrKjohEQtBGP431EzrtvUMFow==
+
+sass-embedded-darwin-x64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.77.5.tgz#5c6741aa7b96e422b689d7dc0ebb68d6ea7b74fe"
+  integrity sha512-A9fh5tg4s0FidMTG31Vs8TzYZ3Mam/I/tfqvN0g512OhBajp/p2DJvBY+0Br2r+TNH1yGUXf2ZfULuTBFj5u8w==
+
+sass-embedded-linux-arm64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-arm64/-/sass-embedded-linux-arm64-1.77.5.tgz#74b5beaf48d2644eeb133d7b0242fcd714dddb4e"
+  integrity sha512-LoN804X7QsyvT/h8UGcgBMfV1SdT4JRRNV+slBICxoXPKBLXbZm9KyLRCBQcMLLdlXSZdOfZilxUN1Bd2az6OA==
+
+sass-embedded-linux-arm@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-arm/-/sass-embedded-linux-arm-1.77.5.tgz#ee1d4e4bcfb5eac37a9c39c917ba9ff6b3a71245"
+  integrity sha512-O7gbOWJloxITBZNkpwChFltxofsnDUf+3pz7+q2ETQKvZQ3kUfFENAF37slo0bsHJ7IEpwJK3ZJlnhZvIgfhgw==
+
+sass-embedded-linux-ia32@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-ia32/-/sass-embedded-linux-ia32-1.77.5.tgz#9c00f8d2070183bc932048a4a32609e9a960c812"
+  integrity sha512-KHNJymlEmjyJbhGfB34zowohjgMvv/qKVsDX5hPlar+qMh+cxJwfgPln1Zl9bfe9qLObmEV2zFA1rpVBWy4xGQ==
+
+sass-embedded-linux-musl-arm64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-arm64/-/sass-embedded-linux-musl-arm64-1.77.5.tgz#42dde205238796b16235ee9de8c538b7cba242f7"
+  integrity sha512-ZWl8K8rCL4/phm3IPWDADwjnYAiohoaKg7BKjGo+36zv8P0ocoA0A3j4xx7/kjUJWagOmmoTyYxoOu+lo1NaKw==
+
+sass-embedded-linux-musl-arm@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-arm/-/sass-embedded-linux-musl-arm-1.77.5.tgz#7bbfddddbbd115ead551b57065381e7a19b3b3e2"
+  integrity sha512-TLhJzd1TJ0oX1oULobkWLMDLeErD27WbhdZqxtFvIqzyO+1TZPMwojhRX4YNWmHdmmYhIuXTR9foWxwL3Xjgsg==
+
+sass-embedded-linux-musl-ia32@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-ia32/-/sass-embedded-linux-musl-ia32-1.77.5.tgz#d2eea17321204be89cee85cb57edc2850a28c7a2"
+  integrity sha512-83zNSgsIIc+tYQFKepFIlvAvAHnbWSpZ824MjqXJLeCbfzcMO8SZ/q6OA0Zd2SIrf79lCWI4OfPHqp1PI6M7HQ==
+
+sass-embedded-linux-musl-x64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-musl-x64/-/sass-embedded-linux-musl-x64-1.77.5.tgz#009dec64fb5a7b1849e7b3b5f45e8903c5643d63"
+  integrity sha512-/SW9ggXZJilbRbKvRHAxEuQM6Yr9piEpvK7/aDevFL2XFvBW9x+dTzpH5jPVEmM0qWdJisS1r5mEv8AXUUdQZg==
+
+sass-embedded-linux-x64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-linux-x64/-/sass-embedded-linux-x64-1.77.5.tgz#396b55654a4a107277d46675fc5ba68c74f9abb3"
+  integrity sha512-3EmYeY+K8nMwIy1El9C+mPuONMQyXSCD6Yyztn3G7moPdZTqXrTL7kTJIl+SRq1tCcnOMMGXnBRE7Kpou1wd+w==
+
+sass-embedded-win32-arm64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-win32-arm64/-/sass-embedded-win32-arm64-1.77.5.tgz#5152fe180dd65eab012dc3e91a0fd64511540187"
+  integrity sha512-dwVFOqkyfCRQgQB8CByH+MG93fp7IsfFaPDDCQVzVFAT00+HXk/dWFPMnv65XDDndGwsUE1KlZnjg8iOBDlRdw==
+
+sass-embedded-win32-ia32@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-win32-ia32/-/sass-embedded-win32-ia32-1.77.5.tgz#e4835703cf958788765df0751b8282a7beca3898"
+  integrity sha512-1ij/K5d2sHPJkytWiPJLoUOVHJOB6cSWXq7jmedeuGooWnBmqnWycmGkhBAEK/t6t1XgzMPsiJMGiHKh7fnBuA==
+
+sass-embedded-win32-x64@1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded-win32-x64/-/sass-embedded-win32-x64-1.77.5.tgz#5588366daf0cfe910926a4a45d9bf9c4470f4c14"
+  integrity sha512-Pn6j0jDGeEAhuuVY0CaZaBa7yNkqimEsbUDYYuQ9xh+XdGvZ86SZf6HXHUVIyQUjHORLwQ5f0XoKYYzKfC0y9w==
+
+sass-embedded@^1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass-embedded/-/sass-embedded-1.77.5.tgz#c21da62af45b56a3ffb2e4e9a663389efb56b77a"
+  integrity sha512-JQI8aprHDRSNK5exXsbusswTENQPJxW1QWUcLdwuyESoJClT1zo8e+4cmaV5OAU4abcRC6Av4/RmLocPdjcR3A==
   dependencies:
     "@bufbuild/protobuf" "^1.0.0"
     buffer-builder "^0.2.0"
@@ -27940,22 +28035,23 @@ sass-embedded@^1.71.1:
     supports-color "^8.1.1"
     varint "^6.0.0"
   optionalDependencies:
-    sass-embedded-android-arm "1.71.1"
-    sass-embedded-android-arm64 "1.71.1"
-    sass-embedded-android-ia32 "1.71.1"
-    sass-embedded-android-x64 "1.71.1"
-    sass-embedded-darwin-arm64 "1.71.1"
-    sass-embedded-darwin-x64 "1.71.1"
-    sass-embedded-linux-arm "1.71.1"
-    sass-embedded-linux-arm64 "1.71.1"
-    sass-embedded-linux-ia32 "1.71.1"
-    sass-embedded-linux-musl-arm "1.71.1"
-    sass-embedded-linux-musl-arm64 "1.71.1"
-    sass-embedded-linux-musl-ia32 "1.71.1"
-    sass-embedded-linux-musl-x64 "1.71.1"
-    sass-embedded-linux-x64 "1.71.1"
-    sass-embedded-win32-ia32 "1.71.1"
-    sass-embedded-win32-x64 "1.71.1"
+    sass-embedded-android-arm "1.77.5"
+    sass-embedded-android-arm64 "1.77.5"
+    sass-embedded-android-ia32 "1.77.5"
+    sass-embedded-android-x64 "1.77.5"
+    sass-embedded-darwin-arm64 "1.77.5"
+    sass-embedded-darwin-x64 "1.77.5"
+    sass-embedded-linux-arm "1.77.5"
+    sass-embedded-linux-arm64 "1.77.5"
+    sass-embedded-linux-ia32 "1.77.5"
+    sass-embedded-linux-musl-arm "1.77.5"
+    sass-embedded-linux-musl-arm64 "1.77.5"
+    sass-embedded-linux-musl-ia32 "1.77.5"
+    sass-embedded-linux-musl-x64 "1.77.5"
+    sass-embedded-linux-x64 "1.77.5"
+    sass-embedded-win32-arm64 "1.77.5"
+    sass-embedded-win32-ia32 "1.77.5"
+    sass-embedded-win32-x64 "1.77.5"
 
 sass-loader@^10.5.1:
   version "10.5.1"
@@ -28080,15 +28176,20 @@ select-hose@^2.0.0:
   resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca"
   integrity sha1-Yl2GWPhlr0Psliv8N2o3NZpJlMo=
 
-selenium-webdriver@^4.21.0:
-  version "4.21.0"
-  resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.21.0.tgz#d38aebfc34770421a880afcfdb7bd8fe85ce9174"
-  integrity sha512-WaEJHZjOWNth1QG5FEpxpREER0qptZBMonFU6GtAqdCNLJVxbtC3E7oS/I/+Q1sf1W032Wg0Ebk+m46lANOXyQ==
+selenium-webdriver@^4.22.0:
+  version "4.22.0"
+  resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.22.0.tgz#da9426aed5004ef16532010224b41a3a8b8dd132"
+  integrity sha512-GNbrkCHmy249ai885wgXqTfqL2lZnclUH/P8pwTDIqzyFxU3YhDiN7p/c9tMFA4NhgRdEBO2QCG+CWmG7xr/Mw==
   dependencies:
     jszip "^3.10.1"
     tmp "^0.2.3"
     ws ">=8.16.0"
 
+self-signed-cert@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/self-signed-cert/-/self-signed-cert-1.0.1.tgz#9e2fae07503f84fb910f4a87c5c5c6becc207bf6"
+  integrity sha512-86d1jYydqaRdUEyR9tj5nQ0d059RUWB9gdZrzDy2MJaUHii1h9EyzbAepkV1rOLO2AkSkQbXtUrqWRH4FDYWHA==
+
 selfsigned@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.0.1.tgz#8b2df7fa56bf014d19b6007655fff209c0ef0a56"
@@ -28240,14 +28341,15 @@ set-function-length@^1.2.1:
     gopd "^1.0.1"
     has-property-descriptors "^1.0.2"
 
-set-function-name@^2.0.0:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/set-function-name/-/set-function-name-2.0.1.tgz#12ce38b7954310b9f61faa12701620a0c882793a"
-  integrity sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA==
+set-function-name@^2.0.1:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/set-function-name/-/set-function-name-2.0.2.tgz#16a705c5a0dc2f5e638ca96d8a8cd4e1c2b90985"
+  integrity sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==
   dependencies:
-    define-data-property "^1.0.1"
+    define-data-property "^1.1.4"
+    es-errors "^1.3.0"
     functions-have-names "^1.2.3"
-    has-property-descriptors "^1.0.0"
+    has-property-descriptors "^1.0.2"
 
 set-getter@^0.1.0:
   version "0.1.1"
@@ -29293,32 +29395,33 @@ string.prototype.padstart@^3.0.0:
     es-abstract "^1.4.3"
     function-bind "^1.0.2"
 
-string.prototype.trim@^1.2.1, string.prototype.trim@^1.2.7:
-  version "1.2.7"
-  resolved "https://registry.yarnpkg.com/string.prototype.trim/-/string.prototype.trim-1.2.7.tgz#a68352740859f6893f14ce3ef1bb3037f7a90533"
-  integrity sha512-p6TmeT1T3411M8Cgg9wBTMRtY2q9+PNy9EV1i2lIXUN/btt763oIfxwN3RR8VU6wHX8j/1CFy0L+YuThm6bgOg==
+string.prototype.trim@^1.2.1, string.prototype.trim@^1.2.9:
+  version "1.2.9"
+  resolved "https://registry.yarnpkg.com/string.prototype.trim/-/string.prototype.trim-1.2.9.tgz#b6fa326d72d2c78b6df02f7759c73f8f6274faa4"
+  integrity sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw==
   dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.4"
-    es-abstract "^1.20.4"
+    call-bind "^1.0.7"
+    define-properties "^1.2.1"
+    es-abstract "^1.23.0"
+    es-object-atoms "^1.0.0"
 
-string.prototype.trimend@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz#c4a27fa026d979d79c04f17397f250a462944533"
-  integrity sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==
+string.prototype.trimend@^1.0.8:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.8.tgz#3651b8513719e8a9f48de7f2f77640b26652b229"
+  integrity sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ==
   dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.4"
-    es-abstract "^1.20.4"
+    call-bind "^1.0.7"
+    define-properties "^1.2.1"
+    es-object-atoms "^1.0.0"
 
-string.prototype.trimstart@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz#e90ab66aa8e4007d92ef591bbf3cd422c56bdcf4"
-  integrity sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==
+string.prototype.trimstart@^1.0.8:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.8.tgz#7ee834dda8c7c17eff3118472bb35bfedaa34dde"
+  integrity sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==
   dependencies:
-    call-bind "^1.0.2"
-    define-properties "^1.1.4"
-    es-abstract "^1.20.4"
+    call-bind "^1.0.7"
+    define-properties "^1.2.1"
+    es-object-atoms "^1.0.0"
 
 string_decoder@^1.0.0, string_decoder@^1.1.1, string_decoder@~1.1.1:
   version "1.1.1"
@@ -29668,7 +29771,7 @@ svgo@^2.7.0, svgo@^2.8.0:
     picocolors "^1.0.0"
     stable "^0.1.8"
 
-swagger2openapi@^7.0.6:
+swagger2openapi@^7.0.8:
   version "7.0.8"
   resolved "https://registry.yarnpkg.com/swagger2openapi/-/swagger2openapi-7.0.8.tgz#12c88d5de776cb1cbba758994930f40ad0afac59"
   integrity sha512-upi/0ZGkYgEcLeGieoz8gT74oWHA0E7JivX7aN9mAf+Tc7BQoRBvnIGHoPDw+f9TXTW4s6kGYCZJtauP6OYp7g==
@@ -29956,10 +30059,10 @@ terser@^4.1.2, terser@^4.6.3:
     source-map "~0.6.1"
     source-map-support "~0.5.12"
 
-terser@^5.26.0, terser@^5.29.1, terser@^5.3.4, terser@^5.9.0:
-  version "5.30.0"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.30.0.tgz#64cb2af71e16ea3d32153f84d990f9be0cdc22bf"
-  integrity sha512-Y/SblUl5kEyEFzhMAQdsxVHh+utAxd4IuRNJzKywY/4uzSogh3G219jqbDDxYu4MXO9CzY3tSEqmZvW6AoEDJw==
+terser@^5.26.0, terser@^5.3.4, terser@^5.31.1, terser@^5.9.0:
+  version "5.31.1"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.31.1.tgz#735de3c987dd671e95190e6b98cfe2f07f3cf0d4"
+  integrity sha512-37upzU1+viGvuFtBo9NPufCb9dwM0+l9hMxYyWfBA+fbwrPqNJAhbZ6W47bBFnZHKHTUBnMvi87434qq+qnxOg==
   dependencies:
     "@jridgewell/source-map" "^0.3.3"
     acorn "^8.8.2"
@@ -30224,10 +30327,10 @@ totalist@^1.0.0:
   resolved "https://registry.yarnpkg.com/totalist/-/totalist-1.1.0.tgz#a4d65a3e546517701e3e5c37a47a70ac97fe56df"
   integrity sha512-gduQwd1rOdDMGxFG1gEvhV88Oirdo2p+KjoYFU7k2g+i7n6AFFbDQ5kMPUsW0pNbfQsB/cwXvT1i4Bue0s9g5g==
 
-tough-cookie@^4.1.2, tough-cookie@^4.1.3:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.3.tgz#97b9adb0728b42280aa3d814b6b999b2ff0318bf"
-  integrity sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==
+tough-cookie@^4.1.2, tough-cookie@^4.1.3, tough-cookie@^4.1.4:
+  version "4.1.4"
+  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.4.tgz#945f1461b45b5a8c76821c33ea49c3ac192c1b36"
+  integrity sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==
   dependencies:
     psl "^1.1.33"
     punycode "^2.1.1"
@@ -30391,7 +30494,7 @@ tslib@2.5.0:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.5.0.tgz#42bfed86f5787aeb41d031866c8f402429e0fddf"
   integrity sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==
 
-tslib@2.6.2, tslib@^2.0.0, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.3.1, tslib@^2.4.0, tslib@^2.5.0, tslib@^2.5.2, tslib@^2.6.2:
+tslib@2.6.2, tslib@^2.0.0, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.3.1, tslib@^2.4.0, tslib@^2.5.0, tslib@^2.6.2:
   version "2.6.2"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae"
   integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==
@@ -30507,44 +30610,49 @@ type@^2.7.2:
   resolved "https://registry.yarnpkg.com/type/-/type-2.7.2.tgz#2376a15a3a28b1efa0f5350dcf72d24df6ef98d0"
   integrity sha512-dzlvlNlt6AXU7EBSfpAscydQ7gXB+pPGsPnfJnZpiNJBDj7IaJzQlBZYGdEi4R9HmPdBv2XmWJ6YUtoTa7lmCw==
 
-typed-array-buffer@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz#18de3e7ed7974b0a729d3feecb94338d1472cd60"
-  integrity sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw==
+typed-array-buffer@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/typed-array-buffer/-/typed-array-buffer-1.0.2.tgz#1867c5d83b20fcb5ccf32649e5e2fc7424474ff3"
+  integrity sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ==
   dependencies:
-    call-bind "^1.0.2"
-    get-intrinsic "^1.2.1"
-    is-typed-array "^1.1.10"
+    call-bind "^1.0.7"
+    es-errors "^1.3.0"
+    is-typed-array "^1.1.13"
 
-typed-array-byte-length@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz#d787a24a995711611fb2b87a4052799517b230d0"
-  integrity sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA==
+typed-array-byte-length@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/typed-array-byte-length/-/typed-array-byte-length-1.0.1.tgz#d92972d3cff99a3fa2e765a28fcdc0f1d89dec67"
+  integrity sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw==
   dependencies:
-    call-bind "^1.0.2"
+    call-bind "^1.0.7"
     for-each "^0.3.3"
-    has-proto "^1.0.1"
-    is-typed-array "^1.1.10"
+    gopd "^1.0.1"
+    has-proto "^1.0.3"
+    is-typed-array "^1.1.13"
 
-typed-array-byte-offset@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz#cbbe89b51fdef9cd6aaf07ad4707340abbc4ea0b"
-  integrity sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg==
+typed-array-byte-offset@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/typed-array-byte-offset/-/typed-array-byte-offset-1.0.2.tgz#f9ec1acb9259f395093e4567eb3c28a580d02063"
+  integrity sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA==
   dependencies:
-    available-typed-arrays "^1.0.5"
-    call-bind "^1.0.2"
+    available-typed-arrays "^1.0.7"
+    call-bind "^1.0.7"
     for-each "^0.3.3"
-    has-proto "^1.0.1"
-    is-typed-array "^1.1.10"
+    gopd "^1.0.1"
+    has-proto "^1.0.3"
+    is-typed-array "^1.1.13"
 
-typed-array-length@^1.0.4:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/typed-array-length/-/typed-array-length-1.0.4.tgz#89d83785e5c4098bec72e08b319651f0eac9c1bb"
-  integrity sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==
+typed-array-length@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/typed-array-length/-/typed-array-length-1.0.6.tgz#57155207c76e64a3457482dfdc1c9d1d3c4c73a3"
+  integrity sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g==
   dependencies:
-    call-bind "^1.0.2"
+    call-bind "^1.0.7"
     for-each "^0.3.3"
-    is-typed-array "^1.1.9"
+    gopd "^1.0.1"
+    has-proto "^1.0.3"
+    is-typed-array "^1.1.13"
+    possible-typed-array-names "^1.0.0"
 
 typedarray-to-buffer@^3.1.5:
   version "3.1.5"
@@ -30642,13 +30750,18 @@ undici-types@~5.26.4:
   resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617"
   integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==
 
-undici@^5.21.2, undici@^5.22.1:
+undici@^5.21.2:
   version "5.28.4"
   resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068"
   integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==
   dependencies:
     "@fastify/busboy" "^2.0.0"
 
+undici@^6.12.0:
+  version "6.19.2"
+  resolved "https://registry.yarnpkg.com/undici/-/undici-6.19.2.tgz#231bc5de78d0dafb6260cf454b294576c2f3cd31"
+  integrity sha512-JfjKqIauur3Q6biAtHJ564e3bWa8VvT+7cSiOJHFbX4Erv6CLGDpg8z+Fmg/1OI/47RA+GI2QZaF48SSaLvyBA==
+
 unfetch@^4.2.0:
   version "4.2.0"
   resolved "https://registry.yarnpkg.com/unfetch/-/unfetch-4.2.0.tgz#7e21b0ef7d363d8d9af0fb929a5555f6ef97a3be"
@@ -32113,7 +32226,7 @@ which-module@^2.0.0:
   resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a"
   integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=
 
-which-typed-array@^1.1.10, which-typed-array@^1.1.13, which-typed-array@^1.1.14:
+which-typed-array@^1.1.13, which-typed-array@^1.1.14, which-typed-array@^1.1.15:
   version "1.1.15"
   resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.15.tgz#264859e9b11a649b388bfaaf4f767df1f779b38d"
   integrity sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==